MyCity » Ambulanta -> Arhiva Ambulante » Izgleda kao dobro, a da li je?

Izgleda kao dobro, a da li je?

Napisano na dan: 3.4.2009

Strana:
1
2

Izgleda kao dobro, a da li je?

Sledeća strana

Pagination

Odgovori

Strana:
1
2

nesomis Poslao: 03 Apr 2009 01:53 Idi na vrh
offline nesomis Novi MyCity građanin Pridružio: 03 Avg 2005 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:01:02, on 3.4.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\xampp\apache\bin\apache.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\xampp\mysql\bin\mysqld.exe C:\WINDOWS\system32\svchost.exe C:\xampp\apache\bin\apache.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file) O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {F5D950BF-B747-43E7-AB88-888D1EEDA4A3} - (no file) O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AutorunsDisabled O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Append Link Target to Existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{1C894D62-DB6F-4730-89E6-4DB00F056FA3}: NameServer = 212.200.191.166,212.200.190.166 O17 - HKLM\System\CS5\Services\Tcpip\..\{1C894D62-DB6F-4730-89E6-4DB00F056FA3}: NameServer = 212.200.191.166,212.200.190.166 O17 - HKLM\System\CS7\Services\Tcpip\..\{1C894D62-DB6F-4730-89E6-4DB00F056FA3}: NameServer = 212.200.191.166,212.200.190.166 O17 - HKLM\System\CS8\Services\Tcpip\..\{1C894D62-DB6F-4730-89E6-4DB00F056FA3}: NameServer = 212.200.191.166,212.200.190.166 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 8278 bytes [Link mogu videti samo ulogovani korisnici] Dopuna: 03 Apr 2009 0:55 ComboFix log file ComboFix 09-04-01.01 - Kosovo i Metohija 2009-04-03 0:33:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.2559.1991 [GMT 2:00] Running from: C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Programs\ComboFix.exe AV: Kaspersky Internet Security On-access scanning disabled (Updated) FW: Kaspersky Internet Security disabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\Kosovo i Metohija\Application Data\inst.exe C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini C:\WINDOWS\system32\1.htm C:\WINDOWS\system32\ABCD.exe C:\WINDOWS\system32\cbXRHwtr.dll.vir C:\WINDOWS\system32\pbdbc09.dll C:\WINDOWS\system32\pthreadGC2.dll H:\autorun.inf ----- BITS: Possible infected sites ----- [Link mogu videti samo ulogovani korisnici] . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ISODRIVE -------\Legacy_TDSSSERV.SYS -------\Service_ISODrive -------\Service_TDSSserv.sys ((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 ))))))))))))))))))))))))))))))) . 2009-04-03 00:31 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe 2009-04-02 23:20 . 2009-04-02 23:21 <DIR> d-------- C:\Program Files\Realtek AC97 2009-04-02 20:24 . 2009-04-02 20:24 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2009-04-02 19:42 . 2009-04-02 19:54 101,287 --a------ C:\WINDOWS\system32\drivers\klin.dat 2009-04-02 19:42 . 2009-04-02 19:54 89,601 --a------ C:\WINDOWS\system32\drivers\klick.dat 2009-04-02 19:41 . 2009-04-03 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-04-02 19:41 . 2009-04-03 00:35 8,422,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2009-04-02 19:41 . 2009-04-03 00:38 606,240 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2009-04-02 19:41 . 2009-04-03 00:35 68,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2009-04-02 19:41 . 2009-04-03 00:38 4,200 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2009-04-02 19:29 . 2009-04-02 19:29 <DIR> d-------- C:\Program Files\Trend Micro 2009-03-31 02:17 . 2009-03-31 02:23 <DIR> d-------- C:\WINDOWS\Flash Menu Factory 2009-03-30 17:06 . 2009-03-30 17:06 <DIR> d-------- C:\Documents and Settings\Kosovo i Metohija\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-03-29 21:28 . 2009-03-29 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM 2009-03-29 20:50 . 2009-03-29 20:50 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2009-03-29 13:35 . 2009-03-29 13:35 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2009-03-29 13:30 . 2009-03-29 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS 2009-03-28 13:01 . 2009-03-28 13:01 <DIR> d-------- C:\Documents and Settings\Kosovo i Metohija\Application Data\living-e 2009-03-25 22:50 . 2009-03-25 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DriverScanner 2009-03-25 22:48 . 2009-03-25 22:49 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2009-03-21 21:57 . 2009-03-21 22:01 <DIR> d-------- C:\Documents and Settings\Kosovo i Metohija\Application Data\WallpaperSSPro 2009-03-21 18:56 . 2009-03-21 18:56 <DIR> d-------- C:\Program Files\Microsoft WSE 2009-03-14 12:27 . 2009-03-14 12:27 <DIR> d-------- C:\Program Files\Vimicro 2009-03-14 12:27 . 2007-12-05 12:00 1,537,024 --a------ C:\WINDOWS\system32\drivers\ZS211.sys 2009-03-14 12:27 . 2007-12-10 19:15 480,128 --a------ C:\WINDOWS\system32\drivers\vvftav211.sys 2009-03-14 12:27 . 2006-03-14 15:28 172,032 --a------ C:\WINDOWS\amcap.exe 2009-03-14 12:27 . 2006-08-09 18:37 81,920 --a------ C:\WINDOWS\system32\ZS211STI.dll 2009-03-14 12:27 . 2007-04-06 15:21 77,824 --a------ C:\WINDOWS\ZS211Cap.exe 2009-03-14 12:27 . 2007-04-06 12:06 57,344 --a------ C:\WINDOWS\ZSSnp211.exe 2009-03-14 12:27 . 2006-08-18 17:58 49,152 --a------ C:\WINDOWS\Domino.exe 2009-03-12 00:23 . 2009-03-27 16:59 <DIR> d-------- C:\MIR 2009-03-12 00:20 . 2009-03-12 00:20 <DIR> d-------- C:\Program Files\Multiple Image Resizer .NET 2009-03-11 18:08 . 2009-03-11 18:29 21,496 --a------ C:\Documents and Settings\Kosovo i Metohija\Application Data\usrstats.dat 2009-03-07 17:26 . 2009-01-27 01:55 2,299 --a------ C:\ForumW.org.nfo 2009-03-07 17:26 . 2009-01-27 01:55 218 --a------ C:\Latest Downloads.html 2009-03-03 12:46 . 2009-03-29 19:31 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2009-03-02 21:01 . 2009-03-06 17:05 <DIR> d-------- C:\Documents and Settings\Kosovo i Metohija\Application Data\Samsung 2009-03-02 20:58 . 2006-05-03 23:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2009-03-02 20:57 . 2009-03-02 20:57 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2009-03-02 20:56 . 2006-07-24 17:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2009-03-02 20:56 . 2005-08-28 21:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-02 22:35 --------- d-----w C:\Documents and Settings\Kosovo i Metohija\Application Data\DMCache 2009-04-02 18:56 --------- d-----w C:\Documents and Settings\Kosovo i Metohija\Application Data\Skype 2009-04-02 18:38 --------- d-----w C:\Program Files\Winamp 2009-04-02 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-04-02 17:54 33,808 ----a-w C:\WINDOWS\system32\drivers\klbg.sys 2009-04-02 17:41 --------- d-----w C:\Program Files\Kaspersky Lab 2009-04-02 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-04-02 17:28 --------- d-----w C:\Documents and Settings\Kosovo i Metohija\Application Data\skypePM 2009-03-29 19:35 --------- d-----w C:\Program Files\Common Files\Adobe 2009-03-28 10:52 --------- d-----w C:\Program Files\Java 2009-03-25 20:53 --------- d-----w C:\Documents and Settings\Kosovo i Metohija\Application Data\Uniblue 2009-03-23 20:47 --------- d-----w C:\Program Files\Easy CD-DA Extractor 12 2009-03-22 08:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2009-03-22 08:31 --------- d-----w C:\Documents and Settings\Kosovo i Metohija\Application Data\phpDesigner 2009-03-21 16:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2009-03-19 01:37 --------- d-----w C:\Program Files\Internet Download Manager 2009-03-16 22:33 --------- d-----w C:\Program Files\NeuroTran 2009-03-02 19:18 --------- d-----w C:\Documents and Settings\Kosovo i Metohija\Application Data\IDM 2009-02-25 19:48 --------- d-----w C:\Program Files\Hewlett-Packard 2009-02-25 13:12 --------- d-----w C:\Program Files\UltraISO 2009-02-23 19:48 --------- d-----w C:\Documents and Settings\Kosovo i Metohija\Application Data\Winamp 2009-02-23 14:40 --------- d-----w C:\Program Files\RegCure 2009-02-23 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel 2009-02-21 16:33 --------- d-----w C:\Program Files\HP 2009-02-20 22:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2009-02-20 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-18 10:25 3,140 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys 2009-02-16 08:47 --------- d-----w C:\Documents and Settings\Kosovo i Metohija\Application Data\Sony 2009-02-15 22:28 --------- d-----w C:\Program Files\Common Files\Sony Shared 2009-02-15 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony 2009-02-10 18:32 --------- d-----w C:\Documents and Settings\Kosovo i Metohija\Application Data\uTorrent 2009-02-10 12:24 --------- d-----w C:\Documents and Settings\Kosovo i Metohija\Application Data\com.adobe.ExMan 2009-02-06 19:19 --------- d-----w C:\Program Files\bombjack 2009-02-05 00:17 --------- d-----w C:\Program Files\Common Files\Skype 2009-02-05 00:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2009-02-05 00:17 --------- d-----r C:\Program Files\Skype 2009-01-26 00:47 47,360 ----a-w C:\Documents and Settings\Kosovo i Metohija\Application Data\pcouffin.sys 2009-01-24 19:29 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2009-01-24 19:29 249,856 ------w C:\WINDOWS\Setup1.exe 2009-01-18 00:16 1,033,728 ----a-w C:\WINDOWS\explorer1.exe 2008-12-15 12:15 8 --sh--r C:\Documents and Settings\All Users\Application Data\2F19126F02.sys 2006-07-30 13:20 959 --sha-r C:\WINDOWS\system32\autorun.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 06:42 1695232] "Skype"="C:\Program Files\Skype\\Phone\Skype.exe" [2009-03-16 18:47 24095528] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 06:42 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-10-07 14:33 13574144] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 16:09 413696] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 17:46 172032] "ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2007-04-06 12:06 57344] "Domino"="C:\WINDOWS\Domino.exe" [2006-08-18 17:58 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-09 06:19 148888] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 17:10 35696] "AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 07:58 611712] "Adobe_ID0ENQBO"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2008-08-15 05:46 378224] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-02 19:54 206088] "nwiz"="nwiz.exe" [2008-10-07 14:33 1630208 C:\WINDOWS\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 06:42 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 2:06:58 AM 28672] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [4/6/2003 2:17:18 AM 147456] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 2:06:58 AM 28672] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2799:UDP"= 2799:UDP:Altova License Metering Port (UDP) "2799:TCP"= 2799:TCP:Altova License Metering Port (TCP) "8000:TCP"= 8000:TCP:Http "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [1/29/2008 5:29:38 PM 33808] R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [12/10/2008 1:10:14 AM 24636] R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\drivers\klfltdev.sys [3/13/2008 6:02:46 PM 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [4/30/2008 5:06:48 PM 24592] R3 vvftav211;vvftav211;C:\WINDOWS\system32\drivers\vvftav211.sys [3/14/2009 12:27:35 PM 480128] R3 ZSMC30x;USB PC Camera Service ZSMC30x;C:\WINDOWS\system32\drivers\ZS211.sys [3/14/2009 12:27:35 PM 1537024] S2 ioloFileInfoList;iolo FileInfoList Service; [x] S2 ioloSystemService;iolo System Service; [x] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46:20 AM 284016] S4 BlackfishSQL;BlackfishSQL; [x] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53fe8f36-0896-11de-903f-000c6ecb4a81}] \Shell\AutoRun\command - v.cmd \Shell\explore\Command - v.cmd \Shell\open\Command - v.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54d3d8f3-0d51-11de-904c-000c6ecb4a81}] \Shell\AutoRun\command - v.cmd \Shell\explore\Command - v.cmd \Shell\open\Command - v.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70b6a9d0-d0f7-11dd-8f41-000c6ecb4a81}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs . Contents of the 'Scheduled Tasks' folder 2009-04-01 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1226746481.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 01:52] . - - - - ORPHANS REMOVED - - - - BHO-{F5D950BF-B747-43E7-AB88-888D1EEDA4A3} - (no file) HKCU-Run-AdobeBridge - (no file) HKLM-Run-Adobe Acrobat Speed Launcher - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe Notify-AtiExtEvent - (no file) . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = <local> IE: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm IE: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {1C894D62-DB6F-4730-89E6-4DB00F056FA3} = 212.200.191.166,212.200.190.166 FF - ProfilePath - C:\Documents and Settings\Kosovo i Metohija\Application Data\Mozilla\Firefox\Profiles\b8jmxg7e.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici](zabranjeno)-bb.org/search.php FF - prefs.js: network.proxy.type - 4 FF - component: C:\Documents and Settings\Kosovo i Metohija\Application Data\IDM\idmmzcc2\components\idmmzcc.dll FF - plugin: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . [Link mogu videti samo ulogovani korisnici] Dopuna: 03 Apr 2009 1:07 Ovo je log file posle ComboFix-a Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:04, on 2009-04-03 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\xampp\apache\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\xampp\apache\bin\apache.exe C:\xampp\mysql\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\Domino.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {F5D950BF-B747-43E7-AB88-888D1EEDA4A3} - (no file) O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AutorunsDisabled O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Append Link Target to Existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{1C894D62-DB6F-4730-89E6-4DB00F056FA3}: NameServer = 212.200.191.166,212.200.190.166 O17 - HKLM\System\CS5\Services\Tcpip\..\{1C894D62-DB6F-4730-89E6-4DB00F056FA3}: NameServer = 212.200.191.166,212.200.190.166 O17 - HKLM\System\CS7\Services\Tcpip\..\{1C894D62-DB6F-4730-89E6-4DB00F056FA3}: NameServer = 212.200.191.166,212.200.190.166 O17 - HKLM\System\CS8\Services\Tcpip\..\{1C894D62-DB6F-4730-89E6-4DB00F056FA3}: NameServer = 212.200.191.166,212.200.190.166 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 8785 bytes [Link mogu videti samo ulogovani korisnici] Dopuna: 03 Apr 2009 1:53 Katastrofa kako sporo radi. Pomagajte sa savetima

Profil

dr_Bora Poslao: 03 Apr 2009 20:38 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Drago mi je da si ispratio uputstvo za otvaranje teme. Upload-uj sledeće file-ove: C:\pv.exe C:\WINDOWS\explorer1.exe Upload link: [Link mogu videti samo ulogovani korisnici] Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Profil

nesomis Poslao: 03 Apr 2009 21:34 Idi na vrh
offline nesomis Novi MyCity građanin Pridružio: 03 Avg 2005 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala na brzom odgovoru. Kao prvo upload-ovao sam: C:\WINDOWS\explorer1.exe i PV.exe sa druge lokacije C:\xampp\apache\bin i nisam siguran da li je to tražena datoteka. Takođe u folderu C:\ComboFix nalazi se datoteka PV.cfexe koju nisam upload-ovao. Ako treba i nju ću. Kao drugo, nema trika da skinem sa moje mašine [Link mogu videti samo ulogovani korisnici] . Šta da radim dalje?

Profil

dr_Bora Poslao: 03 Apr 2009 21:55 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Probaj ovaj link: [Link mogu videti samo ulogovani korisnici]

Profil

nesomis Poslao: 04 Apr 2009 08:45 Idi na vrh
offline nesomis Novi MyCity građanin Pridružio: 03 Avg 2005 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

dr_Bora Poslao: 04 Apr 2009 10:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini sledeći file na Desktop: [Link mogu videti samo ulogovani korisnici] Pokreni ga dvoklikom i iskopiraj ovde tekst koji će biti prikazan u Notepad-u.

Profil

nesomis Poslao: 04 Apr 2009 20:50 Idi na vrh
offline nesomis Novi MyCity građanin Pridružio: 03 Avg 2005 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\Select] "Current"=dword:00000007 "Default"=dword:00000007 "Failed"=dword:00000005 "LastKnownGood"=dword:00000008 牅潲⁴敲摡湩⁧敫⹹⸮ഠ

Profil

dr_Bora Poslao: 05 Apr 2009 00:32 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Čini se kao da ovde nema aktivnog malware-a. Hajde da odradimo jedan AV scan... Preuzmi Dr.Web CureIt (~13 MB). Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode) Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i, u meniju koji se otvori, klikni Move incurable: Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

Profil

nesomis Poslao: 05 Apr 2009 21:42 Idi na vrh
offline nesomis Novi MyCity građanin Pridružio: 03 Avg 2005 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! psexesvc.exe c:\windows Program.PsExec.170 Incurable.Moved. psexec.cfexe C:\ComboFix Program.PsExec.171 Incurable.Moved. FlashMenuFactory-DEMO-Setup.exe\data300 C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Compressed\Flash_Menu_Factory_1.1\Flash Menu Factory 1.1\Fla Trojan.DownLoader.30503 FlashMenuFactory-DEMO-Setup.exe C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Compressed\Flash_Menu_Factory_1.1\Flash Menu Factory 1.1 Container contains infected objects Moved. ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Programs\ComboFix.exe/data002 Program.PsExec.171 data002 C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Programs Archive contains infected objects ComboFix.exe C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Programs Container contains infected objects Moved. (zabranjeno)erskit.2.0-ICU.exe\data063 C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Programs\(zabranjeno)ing Software & Tutorials\(zabranjeno)erskit.v2.00-icu Trojan.DownLoad.14786 (zabranjeno)erskit.2.0-ICU.exe\data125 C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Programs\(zabranjeno)ing Software & Tutorials\(zabranjeno)erskit.v2.00-icu Tool.Topo.12 (zabranjeno)erskit.2.0-ICU.exe\data136 C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Programs\(zabranjeno)ing Software & Tutorials\(zabranjeno)erskit.v2.00-icu Dialer.MediaSwitch.4 (zabranjeno)erskit.2.0-ICU.exe\data137 C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Programs\(zabranjeno)ing Software & Tutorials\(zabranjeno)erskit.v2.00-icu Dialer.MediaSwitch.4 (zabranjeno)erskit.2.0-ICU.exe\data138 C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Programs\(zabranjeno)ing Software & Tutorials\(zabranjeno)erskit.v2.00-icu Dialer.MediaSwitch.4 (zabranjeno)erskit.2.0-ICU.exe\data139 C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Programs\(zabranjeno)ing Software & Tutorials\(zabranjeno)erskit.v2.00-icu Dialer.MediaSwitch.4 (zabranjeno)erskit.2.0-ICU.exe\data140 C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Programs\(zabranjeno)ing Software & Tutorials\(zabranjeno)erskit.v2.00-icu Dialer.MediaSwitch.4 (zabranjeno)erskit.2.0-ICU.exe\data141 C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Programs\(zabranjeno)ing Software & Tutorials\(zabranjeno)erskit.v2.00-icu Dialer.MediaSwitch.4 (zabranjeno)erskit.2.0-ICU.exe\data173 C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Programs\(zabranjeno)ing Software & Tutorials\(zabranjeno)erskit.v2.00-icu Tool.Regpatch (zabranjeno)erskit.2.0-ICU.exe\data177 C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Programs\(zabranjeno)ing Software & Tutorials\(zabranjeno)erskit.v2.00-icu Tool.ASEye.2 (zabranjeno)erskit.2.0-ICU.exe C:\Documents and Settings\Kosovo i Metohija\My Documents\Downloads\Programs\(zabranjeno)ing Software & Tutorials\(zabranjeno)erskit.v2.00-icu Archive contains infected objects Moved.

Profil

dr_Bora Poslao: 06 Apr 2009 17:27 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovde stvarno nema ni traga od aktivnog malware-a. Preostaje ti samo da isključiš System Restore i da ga zatim ponovo uključiš: [Link mogu videti samo ulogovani korisnici] Što se tiče brzine rada... Standardani koraci; brisanje privremenih file-ova, deinstalacija nepotrebnog softvera i defragmentacija diska (eventualno i sprečavanje određenih programa da se startuju sa Windows-om, sve u zavisnosti od potreba i načina na koji koristiš PC).

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Izgleda kao dobro, a da li je?

Ko je trenutno na forumu

Ukupno su 1391 korisnika na forumu :: 70 registrovanih, 2 sakrivenih i 1319 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, Aleksandar Tomić, Andrija357, ant120, Aska, bigfoot, Bojan198527, Bojke549, Bubimir, ccoogg123, Clouseau, crazydkure, crnogorac, dejan1972, Dejan_vw, DejvTroter, Djokislav, djordje132, dzoni19, ElvisP, fijufijukrozkapiju55, Goran_, goranvas, Hemi, ivran064, jalos, Jeremiah, JK, JOntra, Još malo pa deda, Kajzer Soze, Kanader, Knovakov, kreker, Kudun, Leonov, Ljusa, luka1978, Magarac, MaschinenPistole, milanpb, milenko crazy north, milutin134, naki011, neko iz mase, nesa1962, Nikoletina Bursac, ostoja, Paklenica, pceklic, pein, probisic, radoznao, ruma, sale76, sasovsky, Sharpshooter, sslay, sspp, tamno.nebo, Tihi86, tomo2, ujke, Uros Cuore Sportivo, Vanderx, vathra, VJ, Zeljo980, ZetaMan, ZZZ

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by