Možda tražite i:
virus win32/heur kako se resiti
Kako da se resim virusa

MyCity » Ambulanta -> Arhiva Ambulante » Kako se rešiti virusa...

Kako se rešiti virusa...

Napisano na dan: 19.4.2009

Strana:
1
2

Kako se rešiti virusa...

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Predox Poslao: 19 Apr 2009 10:14 Idi na vrh
offline Predox Novi MyCity građanin Pridružio: 10 Apr 2009 Poruke: 19 Gde živiš: Doboj	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ja sam ovde novi,pa sam poslušao savjete koje ste dali... Imam virus (ili moždaviše) ali nemogu da ga izbrišem....Antivirus nađe infekciju ali nemože da je obriše...Pokušavao sam ja to da obrišem sa 2 antivirusa ali piše da je obrisano a nakon nekoliko vremena on opet izbaci upozorenje da ima virus...Kada upalim računar sve die normalno ali neće da uđe na mozilu a ni na explorer...Kada pokušam na mozilu piše stalno da pokušajem ponovo ili da izađem..i koliko god pokušavao džabe...A na explorer kada oću da uđem piše mi uvjek greška i moram a idem na dont send...Ja sam našao jedan način preko kojeg ulazim...Pritisnem Alt+Ctrl+Delete i izbaci mi Windows task menager... Onda idem na prozor procesora i izbrišem explorer.exe pa ga kasnije dodam i onda hoće...Ali tako stalno moram da radim kada god ugasim comp...Pomozite molim vas:D Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:58:29, on 19.4.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\vsnpstd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Garena\Garena.exe C:\Documents and Settings\Korisnik\Desktop\New Folder\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60207 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60207 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file) O3 - Toolbar: Sonerie Toolbar - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - C:\DOCUME~1\Korisnik\Desktop\SONNER~1\toolbar.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe O4 - HKLM\..\Run: [qtkrthabiozh] C:\WINDOWS\System32\qtkrthabiozh.exe O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Miro] C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [nvd32_r] rundll32.exe "C:\Documents and Settings\Korisnik\Application Data\unobi.dll" s O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\Documents and Settings\All Users\proto.dll" run O4 - HKLM\..\Policies\Explorer\Run: [Internet Explorer] C:\Documents and Settings\Korisnik\Application Data\iexplorer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file) O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{03376FE4-C880-430D-9B93-7A555395C305}: NameServer = 79.143.168.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{03376FE4-C880-430D-9B93-7A555395C305}: NameServer = 79.143.168.2 O20 - Winlogon Notify: crypt - crypts.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Print Spooler Service (eowtkaoui6yy) - Unknown owner - C:\WINDOWS\System32\gy.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Seekeen Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Seekeen\seekeen140.exe (file missing) O24 - Desktop Component 0: (no name) - img.neogen.ro/common/foto/star_off1.gif -- End of file - 10465 bytes

Profil

dr_Bora Poslao: 19 Apr 2009 10:30 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Predox Poslao: 19 Apr 2009 11:01 Idi na vrh
offline Predox Novi MyCity građanin Pridružio: 10 Apr 2009 Poruke: 19 Gde živiš: Doboj	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Restarovalo mi je comp posle scana pa je malo i usporilo.... C:\Documents and Settings\Korisnik\Application\Data\Unobi.di Jesi li na ovo mislio drugo mi ni[ta nije otvorilo posle... I da cestitam svim Pravoslavcima VASKRS....

Profil

dr_Bora Poslao: 19 Apr 2009 11:13 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Log je C:\ComboFix.txt - iskopiraj ga u temu. Ako ne postoji, ponovo pokreni program ComboFix i postavi log koji dobiješ na kraju postupka.

Profil

Predox Poslao: 19 Apr 2009 11:16 Idi na vrh
offline Predox Novi MyCity građanin Pridružio: 10 Apr 2009 Poruke: 19 Gde živiš: Doboj	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Možda je to i bilo ali comp mi se restartovao...Tako da nisam uspio da vidim...Pokušaću ponovo...Jel te mogu dodati na msn...

Profil

dr_Bora Poslao: 19 Apr 2009 11:23 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ako ćeš da pitaš bilo šta u vezi ove teme (ili bilo čega vezanog za forum), onda me nemoj dodavati u kontakte (sve vezano za forum ide na forum). Ako log ne postoji, ponovi postupak.

Profil

Predox Poslao: 19 Apr 2009 11:38 Idi na vrh
offline Predox Novi MyCity građanin Pridružio: 10 Apr 2009 Poruke: 19 Gde živiš: Doboj	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U jbt jedva nađe... ComboFix 09-04-19.04 - Korisnik 19.04.2009 11:17.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.511.119 [GMT 2:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition On-access scanning disabled (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Korisnik\Application Data\unobi.dll c:\windows\clofghls.dll c:\windows\IE4 Error Log.txt c:\windows\kbdnsr.dll c:\windows\system32\ntos.exe c:\windows\system32\wsnpoem c:\windows\system32\wsnpoem\audio.dll c:\windows\system32\wsnpoem\audio.dll.cla c:\windows\system32\wsnpoem\video.dll . ((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 ))))))))))))))))))))))))))))))) . 2009-04-18 15:45 . 2009-04-18 15:45 -------- d-----w c:\documents and settings\All Users\Application Data\0271 2009-04-18 13:05 . 2009-04-18 13:05 122880 --sh--w c:\documents and settings\Korisnik\Application Data\iexplorer.exe 2009-04-16 15:43 . 2009-04-16 15:43 26624 ----a-w c:\windows\cmsing40.dll 2009-04-16 15:39 . 2008-04-14 00:12 26624 ----a-w c:\documents and settings\All Users\proto.dll 2009-04-12 19:27 . 2009-04-12 19:27 -------- d-----w c:\documents and settings\All Users\Application Data\62E 2009-04-05 17:12 . 2009-04-05 17:12 4444 ----a-w c:\windows\system32\pid.PNF 2009-03-21 18:19 . 2009-03-21 18:19 -------- d-----w c:\documents and settings\All Users\Application Data\1336B 2009-03-21 11:37 . 2009-03-21 11:37 -------- d-----w c:\documents and settings\All Users\Application Data\2B177 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-19 09:24 . 2009-02-03 21:13 -------- d-----w c:\program files\Steam 2009-04-19 09:23 . 2008-05-16 14:20 -------- d-----w c:\program files\DNA 2009-04-19 09:23 . 2008-05-16 14:20 -------- d-----w c:\documents and settings\Korisnik\Application Data\DNA 2009-04-19 06:56 . 2008-11-21 08:14 -------- d-----w c:\program files\Garena 2009-04-19 06:56 . 2008-04-29 13:50 -------- d-----w c:\program files\ICQToolbar 2009-04-18 21:55 . 2007-12-29 16:52 -------- d-----w c:\program files\3D Amazing Clouds 2009-04-18 20:16 . 2008-05-04 15:06 -------- d-----w c:\program files\Warcraft III 2009-04-18 16:11 . 2007-12-27 21:50 -------- d-----w c:\documents and settings\Korisnik\Application Data\BearShare 2009-04-16 09:35 . 2007-11-22 13:32 -------- d-----w c:\program files\AdVantage 2009-04-12 18:37 . 2007-11-17 19:04 -------- d-----w c:\documents and settings\Korisnik\Application Data\MSN6 2009-04-11 07:31 . 2009-04-11 07:31 -------- d-----w c:\program files\Google 2009-04-01 13:33 . 2008-07-20 12:13 -------- d-----w c:\program files\GRETECH 2009-04-01 13:32 . 2007-11-21 21:15 -------- d-----w c:\program files\DVDVideoSoft 2009-04-01 13:19 . 2007-10-29 22:26 -------- d-----w c:\program files\ASUSTeK 2009-04-01 13:18 . 2007-10-29 22:26 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-01 13:16 . 2007-11-17 10:19 -------- d-----w c:\program files\Ovislink 2009-03-29 18:31 . 2008-08-22 16:25 -------- d-----w c:\program files\ElcomSoft 2009-03-27 21:23 . 2008-05-17 14:11 98678 ----a-w c:\windows\War3Unin.dat 2009-03-08 18:20 . 2008-02-16 19:54 -------- d-----w c:\program files\Valve 2009-03-05 19:54 . 2007-11-19 20:26 91144 ----a-w c:\documents and settings\Korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-05 19:31 . 2008-01-08 12:42 -------- d-----w c:\program files\Windows Live 2009-03-05 19:31 . 2009-03-05 19:31 -------- d-----w c:\program files\Microsoft Sync Framework 2009-03-05 19:29 . 2009-03-05 19:29 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-03-05 19:26 . 2009-03-05 19:26 -------- d-----w c:\program files\Microsoft 2009-03-05 19:25 . 2009-03-05 19:25 -------- d-----w c:\program files\Windows Live SkyDrive 2009-03-05 18:49 . 2009-03-05 18:49 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-02 20:16 . 2008-05-16 14:20 -------- d-----w c:\documents and settings\Korisnik\Application Data\BitTorrent 2009-02-23 18:04 . 2009-02-23 18:04 -------- d-----w c:\program files\Circle Deveopement 2009-02-21 22:05 . 2009-02-21 22:05 -------- d-----w c:\documents and settings\All Users\Application Data\1C128 2009-02-21 22:04 . 2009-02-21 22:04 -------- d-----w c:\documents and settings\All Users\Application Data\15CB 2009-02-21 14:23 . 2009-02-21 14:23 -------- d-----w c:\documents and settings\All Users\Application Data\2C8C 2009-02-15 18:12 . 2009-02-02 13:08 0 ----a-w C:\testwma.raw 2009-02-06 18:20 . 2009-02-06 18:20 308088 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-03 19:38 . 2009-02-03 19:38 7168 --sha-w C:\Thumbs.db 2008-11-25 22:13 . 2008-11-25 22:13 2272 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2008-06-13 16:26 . 2008-06-13 16:04 952 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-09-23 07:39 . 2008-09-23 07:39 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092320080924\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WebcastTuner"="0 (0x0)" [X] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-18 342848] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Steam"="c:\program files\Steam\Steam.exe" [2009-02-03 1410296] "DiskChk help"="c:\documents and settings\All Users\proto.dll" [2008-04-14 26624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-28 8466432] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-28 81920] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497] "AttuneClientEngine"="c:\progra~1\Aveo\Attune\bin\attune_ce.exe" [2000-07-24 356728] "SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-13 185896] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-12 16264192] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "Internet Explorer"="c:\documents and settings\Korisnik\Application Data\iexplorer.exe" [2009-04-18 122880] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli kbdnsr.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Valve\\hlds.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R2 eowtkaoui6yy;Print Spooler Service; [x] R2 Seekeen Service;Seekeen Service; [x] R3 fsssvc;Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] R3 GarenaPEngine;GarenaPEngine; [x] S0 avgntmgr;avgntmgr;c:\windows\SYSTEM32\DRIVERS\avgntmgr.sys [2008-04-17 22336] S1 avgntdd;avgntdd;c:\windows\system32\DRIVERS\avgntdd.sys [2008-07-20 45376] S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152] S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ab46930-91eb-11dd-90c0-00196634b3f6}] \Shell\AutoRun\command - E:\xpbkh.com \Shell\explore\Command - E:\xpbkh.com \Shell\open\Command - E:\xpbkh.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9399f742-2b2f-11dd-8f66-004f6a021f49}] \Shell\AutoRun\command - E:\m1t8ta.com \Shell\explore\Command - E:\m1t8ta.com \Shell\open\Command - E:\m1t8ta.com . Contents of the 'Scheduled Tasks' folder 2009-04-19 c:\windows\Tasks\RegPowerClean.job - c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2009-01-26 13:48] 2009-04-19 c:\windows\Tasks\RPCReminder.job - c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2009-01-26 13:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe HKCU-Run-Miro - c:\program files\Participatory Culture Foundation\Miro\Miro.exe HKCU-Run-nvd32_r - c:\documents and settings\Korisnik\Application Data\unobi.dll HKLM-Run-qtkrthabiozh - c:\windows\System32\qtkrthabiozh.exe HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe . ------- Supplementary Scan ------- . uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=ev14h7ZIjS9L_c._Xzrjig&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms} mStart Page = hxxp://home.sweetim.com IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\flo5e0g4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLC\npvlc.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-19 11:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Internet Explorer = c:\documents and settings\Korisnik\Application Data\iexplorer.exe?????????????????????????????????????????????????????????????? HKCU\Software\Microsoft\Windows\CurrentVersion\Run WebcastTuner = 63 scanning hidden files ... ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\Korisnik\LOCALS~1\Temp\TSK10.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1409082233-926492609-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:65,2f,af,e6,6e,9a,a5,77,00,2d,08,be,90,df,bc,01,ec,64,72,a5,dd,43,1c, 54,85,49,ef,99,a9,07,91,5e,3c,4a,77,bb,d7,34,e4,bf,36,f3,47,67,91,50,c5,c3,\ "??"=hex:aa,ed,a4,c8,3a,0a,22,f4,49,6f,48,97,46,75,28,94 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2932) c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\WgaTray.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\windows\system32\rundll32.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe . ************************************************************************* . Completion time: 2009-04-19 11:33 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-19 09:32 ComboFix2.txt 2008-06-17 22:52 Pre-Run: 3.609.018.368 bytes free Post-Run: 3.596.517.376 bytes free 215 --- E O F --- 2008-12-24 10:27

Profil

dr_Bora Poslao: 19 Apr 2009 12:07 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Opet deaktiviraj antivirus i isprati sledeće uputstvo. Otvoriti Notepad i iskopirati sledeci tekst (sve što se nalazi unutar Kod polja): KillAll:: File:: c:\documents and settings\Korisnik\Application Data\iexplorer.exe c:\windows\cmsing40.dll c:\documents and settings\All Users\proto.dll c:\windows\Tasks\RegPowerClean.job c:\windows\Tasks\RPCReminder.job C:\WINDOWS\System32\gy.exe C:\Documents and Settings\All Users\Application Data\Seekeen\seekeen140.exe Folder:: c:\program files\AdVantage c:\program files\Winferno DDS:: uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=ev14h7ZIjS9L_c._Xzrjig&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms} IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 DirLook:: c:\documents and settings\All Users\Application Data\0271 c:\documents and settings\All Users\Application Data\62E Driver:: eowtkaoui6yy Seekeen Service Registry:: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DiskChk help"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "Internet Explorer"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ab46930-91eb-11dd-90c0-00196634b3f6}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9399f742-2b2f-11dd-8f66-004f6a021f49}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Predox Poslao: 19 Apr 2009 12:41 Idi na vrh
offline Predox Novi MyCity građanin Pridružio: 10 Apr 2009 Poruke: 19 Gde živiš: Doboj	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo uradio sam i to... ComboFix 09-04-19.05 - Korisnik 19.04.2009 12:15.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.511.132 [GMT 2:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\documents and settings\All Users\Application Data\Seekeen\seekeen140.exe c:\documents and settings\All Users\proto.dll c:\documents and settings\Korisnik\Application Data\iexplorer.exe c:\windows\cmsing40.dll c:\windows\System32\gy.exe c:\windows\Tasks\RegPowerClean.job c:\windows\Tasks\RPCReminder.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\proto.dll c:\documents and settings\Korisnik\Application Data\iexplorer.exe c:\program files\AdVantage c:\program files\AdVantage\AdVantageupdate.exe c:\program files\AdVantage\user.db c:\program files\Winferno c:\program files\Winferno\PC Confidential\h323log.txt c:\program files\Winferno\RegistryPowerCleaner\CHives.dll c:\program files\Winferno\RegistryPowerCleaner\regpowerclean.chm c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe c:\program files\Winferno\RegistryPowerCleaner\RPCL.DLL c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe c:\program files\Winferno\RegistryPowerCleaner\SysRst.exe c:\program files\Winferno\RegistryPowerCleaner\unins000.dat c:\program files\Winferno\RegistryPowerCleaner\unins000.exe c:\program files\Winferno\RegistryPowerCleaner\WinCMR.dll c:\windows\cmsing40.dll c:\windows\Tasks\RegPowerClean.job c:\windows\Tasks\RPCReminder.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_EOWTKAOUI6YY -------\Legacy_SEEKEEN_SERVICE -------\Service_eowtkaoui6yy -------\Service_Seekeen Service ((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 ))))))))))))))))))))))))))))))) . 2009-04-18 15:45 . 2009-04-18 15:45 -------- d-----w c:\documents and settings\All Users\Application Data\0271 2009-04-12 19:27 . 2009-04-12 19:27 -------- d-----w c:\documents and settings\All Users\Application Data\62E 2009-04-05 17:12 . 2009-04-05 17:12 4444 ----a-w c:\windows\system32\pid.PNF 2009-03-21 18:19 . 2009-03-21 18:19 -------- d-----w c:\documents and settings\All Users\Application Data\1336B 2009-03-21 11:37 . 2009-03-21 11:37 -------- d-----w c:\documents and settings\All Users\Application Data\2B177 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-19 10:27 . 2009-02-03 21:13 -------- d-----w c:\program files\Steam 2009-04-19 10:27 . 2008-05-16 14:20 -------- d-----w c:\program files\DNA 2009-04-19 10:27 . 2008-05-16 14:20 -------- d-----w c:\documents and settings\Korisnik\Application Data\DNA 2009-04-19 06:56 . 2008-11-21 08:14 -------- d-----w c:\program files\Garena 2009-04-19 06:56 . 2008-04-29 13:50 -------- d-----w c:\program files\ICQToolbar 2009-04-18 21:55 . 2007-12-29 16:52 -------- d-----w c:\program files\3D Amazing Clouds 2009-04-18 20:16 . 2008-05-04 15:06 -------- d-----w c:\program files\Warcraft III 2009-04-18 16:11 . 2007-12-27 21:50 -------- d-----w c:\documents and settings\Korisnik\Application Data\BearShare 2009-04-12 18:37 . 2007-11-17 19:04 -------- d-----w c:\documents and settings\Korisnik\Application Data\MSN6 2009-04-11 07:31 . 2009-04-11 07:31 -------- d-----w c:\program files\Google 2009-04-01 13:33 . 2008-07-20 12:13 -------- d-----w c:\program files\GRETECH 2009-04-01 13:32 . 2007-11-21 21:15 -------- d-----w c:\program files\DVDVideoSoft 2009-04-01 13:19 . 2007-10-29 22:26 -------- d-----w c:\program files\ASUSTeK 2009-04-01 13:18 . 2007-10-29 22:26 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-01 13:16 . 2007-11-17 10:19 -------- d-----w c:\program files\Ovislink 2009-03-29 18:31 . 2008-08-22 16:25 -------- d-----w c:\program files\ElcomSoft 2009-03-27 21:23 . 2008-05-17 14:11 98678 ----a-w c:\windows\War3Unin.dat 2009-03-08 18:20 . 2008-02-16 19:54 -------- d-----w c:\program files\Valve 2009-03-05 19:54 . 2007-11-19 20:26 91144 ----a-w c:\documents and settings\Korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-05 19:31 . 2008-01-08 12:42 -------- d-----w c:\program files\Windows Live 2009-03-05 19:31 . 2009-03-05 19:31 -------- d-----w c:\program files\Microsoft Sync Framework 2009-03-05 19:29 . 2009-03-05 19:29 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-03-05 19:26 . 2009-03-05 19:26 -------- d-----w c:\program files\Microsoft 2009-03-05 19:25 . 2009-03-05 19:25 -------- d-----w c:\program files\Windows Live SkyDrive 2009-03-05 18:49 . 2009-03-05 18:49 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-02 20:16 . 2008-05-16 14:20 -------- d-----w c:\documents and settings\Korisnik\Application Data\BitTorrent 2009-02-23 18:04 . 2009-02-23 18:04 -------- d-----w c:\program files\Circle Deveopement 2009-02-21 22:05 . 2009-02-21 22:05 -------- d-----w c:\documents and settings\All Users\Application Data\1C128 2009-02-21 22:04 . 2009-02-21 22:04 -------- d-----w c:\documents and settings\All Users\Application Data\15CB 2009-02-21 14:23 . 2009-02-21 14:23 -------- d-----w c:\documents and settings\All Users\Application Data\2C8C 2009-02-15 18:12 . 2009-02-02 13:08 0 ----a-w C:\testwma.raw 2009-02-06 18:20 . 2009-02-06 18:20 308088 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-03 19:38 . 2009-02-03 19:38 7168 --sha-w C:\Thumbs.db 2008-11-25 22:13 . 2008-11-25 22:13 2272 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2008-06-13 16:26 . 2008-06-13 16:04 952 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-09-23 07:39 . 2008-09-23 07:39 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092320080924\index.dat . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\All Users\Application Data\0271 ---- 2009-04-18 15:45 . 2009-04-12 19:31 4983 ----a-w c:\documents and settings\All Users\Application Data\0271\{693F6BA9-C7CF-4F65-8F44-5C780336E4B6}.swf ---- Directory of c:\documents and settings\All Users\Application Data\62E ---- 2009-04-12 19:27 . 2009-02-16 09:29 4501 ----a-w c:\documents and settings\All Users\Application Data\62E\{07DD167B-AED1-4F5F-BDA6-DBAA636620F9}.swf ((((((((((((((((((((((((((((( SnapShot@2009-04-19_09.25.38 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-19 10:20 . 2009-04-19 10:20 16384 c:\windows\temp\Perflib_Perfdata_128.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WebcastTuner"="0 (0x0)" [X] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-18 342848] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Steam"="c:\program files\Steam\Steam.exe" [2009-02-03 1410296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-28 8466432] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-28 81920] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497] "AttuneClientEngine"="c:\progra~1\Aveo\Attune\bin\attune_ce.exe" [2000-07-24 356728] "SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-13 185896] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-12 16264192] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Valve\\hlds.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R3 fsssvc;Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] R3 GarenaPEngine;GarenaPEngine; [x] S0 avgntmgr;avgntmgr;c:\windows\SYSTEM32\DRIVERS\avgntmgr.sys [2008-04-17 22336] S1 avgntdd;avgntdd;c:\windows\system32\DRIVERS\avgntdd.sys [2008-07-20 45376] S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152] S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=ev14h7ZIjS9L_c._Xzrjig&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms} mStart Page = hxxp://home.sweetim.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {03376FE4-C880-430D-9B93-7A555395C305} = 79.143.168.2 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\flo5e0g4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLC\npvlc.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-19 12:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run WebcastTuner = 63 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\eowtkaoui6yy] "ImagePath"="c:\windows\System32\gy.exe /service" -- [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Seekeen Service] "ImagePath"="\"c:\documents and settings\All Users\Application Data\Seekeen\seekeen140.exe\" \"c:\program files\Seekeen\seekeen.dll\" Service" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\Korisnik\LOCALS~1\Temp\TSK10.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1409082233-926492609-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:65,2f,af,e6,6e,9a,a5,77,00,2d,08,be,90,df,bc,01,ec,64,72,a5,dd,43,1c, 54,85,49,ef,99,a9,07,91,5e,3c,4a,77,bb,d7,34,e4,bf,36,f3,47,67,91,50,c5,c3,\ "??"=hex:aa,ed,a4,c8,3a,0a,22,f4,49,6f,48,97,46,75,28,94 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1180) c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\WgaTray.exe c:\windows\system32\rundll32.exe . ************************************************************************* . Completion time: 2009-04-19 12:36 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-19 10:35 ComboFix2.txt 2009-04-19 09:33 ComboFix3.txt 2008-06-17 22:52 Pre-Run: 3.575.697.408 bytes free Post-Run: 3.550.937.088 bytes free 222 --- E O F --- 2008-12-24 10:27

Profil

dr_Bora Poslao: 19 Apr 2009 12:54 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Aktiviraj prikaz skrivenih file-ova: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html Obriši sledeće foldere (ukoliko postoje): c:\documents and settings\All Users\Application Data\Seekeen c:\program files\Seekeen Nakon toga deaktiviraj prikaz skrivenih file-ova. Kakvo je sada stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Kako se rešiti virusa...

Ko je trenutno na forumu

Ukupno su 513 korisnika na forumu :: 5 registrovanih, 0 sakrivenih i 508 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Litostroton, MikeHammer, mrav pesadinac, nenad81, sasa76

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by