MyCity » Ambulanta -> Arhiva Ambulante » Imam virus koji ne mogu da sklonim

Imam virus koji ne mogu da sklonim

Napisano na dan: 21.7.2008

Strana:
1
2

Imam virus koji ne mogu da sklonim

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Silija Poslao: 21 Jul 2008 18:23 Idi na vrh
offline Silija Prijatelj foruma Pridružio: 18 Feb 2008 Poruke: 987 Gde živiš: na putu za jedno ostrvo	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Danas mi je utrcao AntiVirusXP2008 i blokira sve zivo. Avast ne moze da ga skloni (i njega je zaustavio), SpyBot ga ne registruje kao pretnju. Prakticno je nemoguce zatvoriti ga osim izlaska na net pa onda zatvaranje tog prozora preko close jer ukida x u desnom gornjem uglu. Nece da se skloni iz add/remove programs. Promenio je desktop i preko sredine stoji upozorenje da imam viruse. Koje ne moze da se skloni. Posle restarta internet je proradio. Sta predlazete? Da radim scan koji se ovde uobicajeno predlaze ili nesto drugo? Imam i AVG varijantu, razmisljam da skinem avast i instaliram njega i probam da ga sklonim , ali mi se cini da od toga nema vajde. Hvala.

Profil

Piksi Poslao: 21 Jul 2008 18:31 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! @Silija Isprati ovo uputstvo -> http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

Silija Poslao: 21 Jul 2008 18:42 Idi na vrh
offline Silija Prijatelj foruma Pridružio: 18 Feb 2008 Poruke: 987 Gde živiš: na putu za jedno ostrvo	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 18:40:29, on 21.7.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\spoolsv.exe D:\ZA CUVANJE\NetLimiter 2 Monitor\nlsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\svchost.exe D:\ZA CUVANJE\NetLimiter 2 Monitor\NLClient.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Administrator\Desktop\MC\TR3.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\ZA CUVANJE\NetLimiter 2 Monitor\nlsvc.exe

Profil

dr_Bora Poslao: 21 Jul 2008 21:07 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Potrebno je privremeno isključiti Spybot S&D's Teatimer Pokrenite Spybot S&D Kliknite Mode stavku u meniju Odaberite Advance Mode Na traci levo kliknite na Tools Kliknite na Resident Destiklirajte Resident Tea-Timer Zatvorite Spybot S&D Restartujte kompjuter. Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje. ------------------------------------------------------------------------------------- Zatim klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings.... U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK. Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Silija Poslao: 21 Jul 2008 21:46 Idi na vrh
offline Silija Prijatelj foruma Pridružio: 18 Feb 2008 Poruke: 987 Gde živiš: na putu za jedno ostrvo	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-07-20.A0 - Administrator 2008-07-21 21:40:13.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.263 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\MC\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Application Data\rhcc7jj0eccn C:\Program Files\rhcc7jj0eccn C:\WINDOWS\system32\blphc97jj0eccn.scr C:\WINDOWS\system32\lphc97jj0eccn.exe C:\WINDOWS\system32\phc97jj0eccn.bmp C:\WINDOWS\system32\pphc97jj0eccn.exe C:\WINDOWS\system32\WinCtrl32.dll . ((((((((((((((((((((((((( Files Created from 2008-06-21 to 2008-07-21 ))))))))))))))))))))))))))))))) . 2008-07-21 15:59 . 2008-07-21 15:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-21 15:59 . 2008-07-21 15:59 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-09 13:56 . 2008-07-09 13:56 <DIR> d-------- C:\Program Files\Alwil Software 2008-07-08 21:17 . 2008-07-08 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-07-08 21:05 . 2008-07-08 21:05 <DIR> d-------- C:\Program Files\ACD Systems 2008-07-08 21:05 . 2008-07-08 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-07-08 21:04 . 2008-07-08 21:04 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-07-08 18:42 . 2008-07-08 18:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-08 18:42 . 2008-07-08 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-08 18:35 . 2008-07-08 20:12 <DIR> d-------- C:\Program Files\Yahoo! 2008-07-08 15:09 . 2003-08-19 13:36 65,536 --a------ C:\WINDOWS\system32\dllcache\a3d.dll 2008-07-08 15:09 . 2003-08-19 13:36 65,536 -ra------ C:\WINDOWS\system32\Audio3D.dll 2008-07-08 15:09 . 2003-08-19 13:36 65,536 -ra------ C:\WINDOWS\system32\a3d.dll 2008-07-05 14:25 . 2008-07-13 18:20 32 --a------ C:\WINDOWS\hip 2008-07-05 09:46 . 2008-07-05 09:46 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-07-05 09:46 . 2008-07-05 09:46 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-07-04 12:54 . 2008-07-04 12:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Locktime 2008-07-04 12:52 . 2008-07-04 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Locktime 2008-06-30 17:28 . 2008-06-30 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-30 17:27 . 2008-06-30 17:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-26 10:04 . 2008-06-26 10:04 268 --ah----- C:\sqmdata00.sqm 2008-06-26 10:04 . 2008-06-26 10:04 244 --ah----- C:\sqmnoopt00.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-19 09:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\mIRC 2008-07-19 09:13 --------- d-----w C:\Program Files\mIRC 2008-07-16 21:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype 2008-07-16 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-07-15 10:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead 2008-07-08 19:05 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-07-08 18:50 --------- d-----w C:\Program Files\Common Files\Ahead 2008-06-30 15:29 --------- d-----w C:\Program Files\Lavasoft 2008-06-30 15:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft 2008-06-18 16:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-18 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-16 19:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MSNInstaller 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-03-14 18:51 0 ----a-w C:\Program Files\temp01 . ------- Sigcheck ------- 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\SP2GDR\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\SP2QFE\tcpip.sys 2004-06-17 11:00 360448 65c34c093e839505636954ead50fa315 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-06-17 11:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] "SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 67584 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll "VIDC.X264"= x264vfw.dll "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winek06.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2005-01-12 04:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-12-18 18:32 25365032 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 18:08] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] S0 Winek06;Winek06;C:\WINDOWS\system32\Drivers\Winek06.sys [] S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f95a11-c830-11dc-9a01-806d6172696f}] \Shell\AutoRun\command - E:\Setup.exe . - - - - ORPHANS REMOVED - - - - HKLM-Run-Device Detector - DevDetect.exe MSConfigStartUp-NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-21 21:42:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-07-21 21:44:22 ComboFix-quarantined-files.txt 2008-07-21 19:43:55 Pre-Run: 15,412,994,048 bytes free Post-Run: 15,604,768,768 bytes free 138

Profil

dr_Bora Poslao: 21 Jul 2008 22:28 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zaštitni softver opet treba deaktivirati... Zatim otvoriti Notepad i iskopirati sledeci tekst: `Driver:: Winek06 Registry:: [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winek06.sys]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Silija Poslao: 22 Jul 2008 11:58 Idi na vrh
offline Silija Prijatelj foruma Pridružio: 18 Feb 2008 Poruke: 987 Gde živiš: na putu za jedno ostrvo	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Prilikom ponovnog aktiviranja SpyBota pitao me je da li dozvoljavam neku promenu. Prst je bio bio brzi od mozga, ne znam sta sam kliknula. Usledilo je drugo pitanje koje sam shvatila kao da li dozvoljavam promenu preko desktopa i skrinsejvera (sve se desavalo preko desktopa - promena boje, sklanjanje moje slike...), pa sam rekla NE. Kad sam uradila novi scan combom, pitao je da li dozvoljavam sklanjanje promene sa desktopa - rekla sam da. Ako sam ovde bilo sta pogresila.... Kod aktiviranja avasta, kad mu opet dozvolim da bude able, treba li da kliknem i ikonicu i ponovo kliknem na stop on-acess...? Skeniranja koja sam radila u prethodna 2 posta odnela su mi 70 mb. Da li je to normalno? Najzad, evo novog skena. ComboFix 08-07-20.A0 - Administrator 2008-07-22 11:47:10.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.254 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\MC\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))) . 2008-07-21 15:59 . 2008-07-21 15:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-21 15:59 . 2008-07-21 15:59 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-09 13:56 . 2008-07-09 13:56 <DIR> d-------- C:\Program Files\Alwil Software 2008-07-08 21:17 . 2008-07-08 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-07-08 21:05 . 2008-07-08 21:05 <DIR> d-------- C:\Program Files\ACD Systems 2008-07-08 21:05 . 2008-07-08 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-07-08 21:04 . 2008-07-08 21:04 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-07-08 18:42 . 2008-07-08 18:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-08 18:42 . 2008-07-08 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-08 18:35 . 2008-07-08 20:12 <DIR> d-------- C:\Program Files\Yahoo! 2008-07-08 15:09 . 2003-08-19 13:36 65,536 --a------ C:\WINDOWS\system32\dllcache\a3d.dll 2008-07-08 15:09 . 2003-08-19 13:36 65,536 -ra------ C:\WINDOWS\system32\Audio3D.dll 2008-07-08 15:09 . 2003-08-19 13:36 65,536 -ra------ C:\WINDOWS\system32\a3d.dll 2008-07-05 14:25 . 2008-07-13 18:20 32 --a------ C:\WINDOWS\hip 2008-07-05 09:46 . 2008-07-05 09:46 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-07-05 09:46 . 2008-07-05 09:46 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-07-04 12:54 . 2008-07-04 12:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Locktime 2008-07-04 12:52 . 2008-07-04 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Locktime 2008-06-30 17:28 . 2008-06-30 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-30 17:27 . 2008-06-30 17:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-26 10:04 . 2008-06-26 10:04 268 --ah----- C:\sqmdata00.sqm 2008-06-26 10:04 . 2008-06-26 10:04 244 --ah----- C:\sqmnoopt00.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-19 09:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\mIRC 2008-07-19 09:13 --------- d-----w C:\Program Files\mIRC 2008-07-16 21:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype 2008-07-16 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-07-15 10:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead 2008-07-08 19:05 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-07-08 18:50 --------- d-----w C:\Program Files\Common Files\Ahead 2008-06-30 15:29 --------- d-----w C:\Program Files\Lavasoft 2008-06-30 15:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft 2008-06-18 16:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-18 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-16 19:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MSNInstaller 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-03-14 18:51 0 ----a-w C:\Program Files\temp01 . ------- Sigcheck ------- 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\SP2GDR\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\SP2QFE\tcpip.sys 2004-06-17 11:00 360448 65c34c093e839505636954ead50fa315 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-07-21_21.43.45.10 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-21 19:30:57 32,768 ----a-w C:\WINDOWS\TEMP\Cookies\index.dat + 2008-07-22 09:36:04 32,768 ----a-w C:\WINDOWS\TEMP\Cookies\index.dat - 2008-07-21 19:30:57 32,768 ----a-w C:\WINDOWS\TEMP\History\History.IE5\index.dat + 2008-07-22 09:36:04 32,768 ----a-w C:\WINDOWS\TEMP\History\History.IE5\index.dat + 2008-07-22 09:35:44 32,768 ----a-w C:\WINDOWS\TEMP\History\History.IE5\MSHist012008072220080723\index.dat + 2008-07-22 09:35:54 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_688.dat - 2008-07-21 19:30:57 32,768 ----a-w C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat + 2008-07-22 09:36:04 32,768 ----a-w C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-06-17 11:00 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] "SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 67584 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll "VIDC.X264"= x264vfw.dll "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winek06.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2005-01-12 04:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-12-18 18:32 25365032 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 18:08] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] S0 Winek06;Winek06;C:\WINDOWS\system32\Drivers\Winek06.sys [] S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f95a11-c830-11dc-9a01-806d6172696f}] \Shell\AutoRun\command - E:\Setup.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-22 11:48:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-07-22 11:50:55 ComboFix-quarantined-files.txt 2008-07-22 09:50:19 ComboFix2.txt 2008-07-21 19:44:23 Pre-Run: 15,588,962,304 bytes free Post-Run: 15,581,757,440 bytes free 134

Profil

dr_Bora Poslao: 22 Jul 2008 17:08 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Citat:Skeniranja koja sam radila u prethodna 2 posta odnela su mi 70 mb. Da li je to normalno? 70 MB čega? Prostora na disku? Trenutno na C disku imaš 15,581,757,440 byte-a slobodno. Pre prvog skeniranja je bilo 15,412,994,048 byte-a slobodno. U svakom slučaju, sve je pod kontrolom. Po ranije datom uputstvu isključi TeaTimer i avast! i nemoj bilo šta dodatno da podešavaš ili uključuješ dok ti ne kažem da to uradiš. Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: Winek06 Registry:: [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winek06.sys]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Silija Poslao: 22 Jul 2008 19:02 Idi na vrh
offline Silija Prijatelj foruma Pridružio: 18 Feb 2008 Poruke: 987 Gde živiš: na putu za jedno ostrvo	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Negde usput sam shvatila da je trebalo da ponovo ukljucim zastitu. Dakle, evo novog skena bez zastite. MB su megabajti interneta, 70 mb za kratko vreme sto sam citala sta da uradim i to uradila, sto nije ni pola sata. U add/remove programs kaze da ga nema vise. Pre ovog skena koji sad saljem. Ikonice su ostale i promene na desktopu, ali mi je dozvoljeno da sve to posklanjam i vratim desktop na staro. ComboFix 08-07-20.A0 - Administrator 2008-07-22 18:46:06.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.244 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\MC\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))) . 2008-07-21 15:59 . 2008-07-21 15:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-21 15:59 . 2008-07-21 15:59 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-09 13:56 . 2008-07-09 13:56 <DIR> d-------- C:\Program Files\Alwil Software 2008-07-08 21:17 . 2008-07-08 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-07-08 21:05 . 2008-07-08 21:05 <DIR> d-------- C:\Program Files\ACD Systems 2008-07-08 21:05 . 2008-07-08 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-07-08 21:04 . 2008-07-08 21:04 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-07-08 18:42 . 2008-07-08 18:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-08 18:42 . 2008-07-08 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-08 18:35 . 2008-07-08 20:12 <DIR> d-------- C:\Program Files\Yahoo! 2008-07-08 15:09 . 2003-08-19 13:36 65,536 --a------ C:\WINDOWS\system32\dllcache\a3d.dll 2008-07-08 15:09 . 2003-08-19 13:36 65,536 -ra------ C:\WINDOWS\system32\Audio3D.dll 2008-07-08 15:09 . 2003-08-19 13:36 65,536 -ra------ C:\WINDOWS\system32\a3d.dll 2008-07-05 14:25 . 2008-07-13 18:20 32 --a------ C:\WINDOWS\hip 2008-07-05 09:46 . 2008-07-05 09:46 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-07-05 09:46 . 2008-07-05 09:46 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-07-04 12:54 . 2008-07-04 12:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Locktime 2008-07-04 12:52 . 2008-07-04 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Locktime 2008-06-30 17:28 . 2008-06-30 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-30 17:27 . 2008-06-30 17:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-26 10:04 . 2008-06-26 10:04 268 --ah----- C:\sqmdata00.sqm 2008-06-26 10:04 . 2008-06-26 10:04 244 --ah----- C:\sqmnoopt00.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-19 09:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\mIRC 2008-07-19 09:13 --------- d-----w C:\Program Files\mIRC 2008-07-16 21:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype 2008-07-16 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-07-15 10:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead 2008-07-08 19:05 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-07-08 18:50 --------- d-----w C:\Program Files\Common Files\Ahead 2008-06-30 15:29 --------- d-----w C:\Program Files\Lavasoft 2008-06-30 15:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft 2008-06-18 16:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-18 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-16 19:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MSNInstaller 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-03-14 18:51 0 ----a-w C:\Program Files\temp01 . ------- Sigcheck ------- 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\SP2GDR\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\SP2QFE\tcpip.sys 2004-06-17 11:00 360448 65c34c093e839505636954ead50fa315 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-07-21_21.43.45.10 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-21 19:30:57 32,768 ----a-w C:\WINDOWS\TEMP\Cookies\index.dat + 2008-07-22 16:31:12 32,768 ----a-w C:\WINDOWS\TEMP\Cookies\index.dat - 2008-07-21 19:30:57 32,768 ----a-w C:\WINDOWS\TEMP\History\History.IE5\index.dat + 2008-07-22 16:31:12 32,768 ----a-w C:\WINDOWS\TEMP\History\History.IE5\index.dat + 2008-07-22 16:30:47 32,768 ----a-w C:\WINDOWS\TEMP\History\History.IE5\MSHist012008072220080723\index.dat + 2008-07-22 16:30:56 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_6a0.dat - 2008-07-21 19:30:57 32,768 ----a-w C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat + 2008-07-22 16:31:12 32,768 ----a-w C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-06-17 11:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] "SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 67584 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll "VIDC.X264"= x264vfw.dll "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winek06.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2005-01-12 04:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-12-18 18:32 25365032 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 18:08] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] S0 Winek06;Winek06;C:\WINDOWS\system32\Drivers\Winek06.sys [] S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f95a11-c830-11dc-9a01-806d6172696f}] \Shell\AutoRun\command - E:\Setup.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-22 18:47:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-07-22 18:49:43 ComboFix-quarantined-files.txt 2008-07-22 16:49:37 ComboFix2.txt 2008-07-22 09:50:56 ComboFix3.txt 2008-07-21 19:44:23 Pre-Run: 15,577,796,608 bytes free Post-Run: 15,570,194,432 bytes free 134

Profil

dr_Bora Poslao: 22 Jul 2008 20:43 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Skeniranja nemaju bilo kakve veze sa internet protokom (korišćeni programi ne pristupaju netu a ComboFix čak i prekida internet konekciju u toku rada - znači, jedini utrošak oko ovoga je bio download programa a to je manje od 3 MB). Verovatno je neki program ili Windows vršio update. No... Ni prethodni postupak nije odradio šta je trebalo. Probaćemo na drugi način. Skini file sa [url=https://www.mycity.rs/must-login.png linka[/url] na Desktop. Dvoklikni na njega - kada se pojavi upit, klikni Yes. Restartuj kompjuter a zatim dvoklikom pokreni ComboFix i postavi ovde logfile koji on napravi.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Imam virus koji ne mogu da sklonim

Ko je trenutno na forumu

Ukupno su 836 korisnika na forumu :: 32 registrovanih, 7 sakrivenih i 797 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksandar Tomić, Apok, Ben Roj, comi_pfc, doloress, draggan, HrcAk47, ILGromovnik, JOntra, Krvava Devetka, kunktator, milenko crazy north, mkukoleca, ostoja, Parker, Romibrat, royst33, saputnik plavetnila, sasa87, Sir Budimir, Sićko, slonic_tonic, sovanova95, SR-3m, stalja, tubular, uruk, vaso1, VojvodaMisic, zlaya011, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by