Kompjuter spor

2

Kompjuter spor

offline
  • Pridružio: 26 Maj 2009
  • Poruke: 46

uH.. mucim se pola sata.. al nema veze..Smile

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8434
  • Gde živiš: Novi Beograd

Idi ovde:

http://www.microsoft.com/downloads/details.aspx?Fa.....laylang=en

klikni Download, i kad skines, prevuci na ikonicu ComboFixa.

Postavi nam log koji se pojavi.

offline
  • Pridružio: 26 Maj 2009
  • Poruke: 46

ComboFix 09-11-07.02 - kasalica 08.11.2009 0:22.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.510.125 [GMT 1:00]
Running from: c:\documents and settings\kasalica\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\kasalica\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KAVSYS


((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2010-03-25 11:45 . 2010-03-25 11:45 -------- d-----w- C:\hlds
2010-03-25 07:21 . 2009-10-03 10:52 -------- d-----w- c:\documents and settings\kasalica\Application Data\uTorrent
2010-03-21 10:51 . 2009-06-19 12:59 -------- d-----w- c:\program files\VirtualDJ
2010-03-18 11:10 . 2010-03-18 11:10 -------- d-----w- c:\program files\Guitar Pro 5
2010-03-14 12:55 . 2010-03-14 12:55 -------- d-----w- c:\documents and settings\vuk\Local Settings\Application Data\Ahead
2010-03-12 19:09 . 2010-03-12 19:09 -------- d-----w- c:\windows\Sun
2010-03-06 11:09 . 2010-03-06 11:09 503808 -c--a-w- c:\documents and settings\kasalica\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-3efdf175-n\msvcp71.dll
2010-03-06 11:09 . 2010-03-06 11:09 499712 -c--a-w- c:\documents and settings\kasalica\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-3efdf175-n\jmc.dll
2010-03-06 11:09 . 2010-03-06 11:09 348160 -c--a-w- c:\documents and settings\kasalica\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-3efdf175-n\msvcr71.dll
2010-03-06 11:09 . 2009-09-17 11:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-02 15:24 . 2009-05-18 11:53 -------- d-----w- c:\documents and settings\kasalica\Local Settings\Application Data\Aspyr
2010-03-02 15:24 . 2010-03-02 15:24 -------- d-----w- c:\documents and settings\kasalica\Application Data\DAEMON Tools
2010-03-02 15:22 . 2010-03-02 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-03-02 15:22 . 2010-03-02 15:22 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-03-02 15:22 . 2010-03-03 10:00 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-02 15:22 . 2010-03-02 15:24 -------- d-----w- c:\documents and settings\kasalica\Application Data\DAEMON Tools Lite
2010-03-02 12:19 . 2010-03-02 15:20 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-03-02 12:19 . 2010-03-02 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-03-02 12:14 . 2010-03-02 12:14 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-02 12:14 . 2010-03-02 15:24 -------- d-----w- c:\documents and settings\kasalica\Application Data\DAEMON Tools Pro
2010-02-28 21:55 . 2010-02-28 21:55 -------- d-----w- c:\program files\Robster Productions
2010-02-27 15:06 . 2010-02-27 15:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-27 10:11 . 2010-02-27 10:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-27 10:11 . 2009-09-14 08:47 -------- d-----w- c:\program files\Google
2010-02-24 20:37 . 2010-03-01 20:04 -------- d-----w- c:\program files\ExitReality
2010-02-23 17:55 . 2010-02-23 17:56 -------- d-----w- c:\documents and settings\kasalica\Application Data\Winamp
2010-02-23 14:28 . 2010-02-23 14:31 -------- d-----w- c:\documents and settings\kasalica\Application Data\Winampa
2010-02-23 14:28 . 2010-02-23 14:29 -------- d-----w- c:\program files\Winampa
2010-02-23 14:08 . 2007-03-07 23:51 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-02-23 14:08 . 2007-03-07 23:51 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-02-23 14:08 . 2007-03-07 23:51 129784 ------w- c:\windows\system32\pxafs.dll
2010-02-23 12:17 . 2009-05-10 15:48 -------- d-sh--w- c:\documents and settings\kasalica\UserData
2009-11-06 13:43 . 2009-11-06 13:43 -------- d-----w- c:\program files\iEvony
2009-11-01 12:47 . 2003-06-25 15:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2009-10-23 14:21 . 2009-10-24 08:17 -------- d-----w- c:\program files\Carambis
2009-10-20 20:20 . 2009-10-20 20:20 -------- d-----w- c:\program files\Direct MIDI to MP3 Converter
2009-10-20 20:12 . 2009-10-20 20:12 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-10-18 09:08 . 2009-10-18 09:08 -------- d-----w- c:\documents and settings\kasalica\Application Data\Sports Interactive
2009-10-18 09:06 . 2009-10-18 09:06 -------- d--h--r- c:\documents and settings\kasalica\Application Data\SecuROM
2009-10-18 09:03 . 2009-10-18 09:05 -------- d--h--w- c:\program files\Zero G Registry
2009-10-18 09:03 . 2009-10-18 09:03 -------- d-----w- c:\program files\Sports Interactive
2009-10-18 09:02 . 2009-10-18 09:02 -------- d--h--w- c:\documents and settings\kasalica\InstallAnywhere
2009-10-12 20:22 . 2009-10-12 20:22 -------- d-----w- C:\DriveKey

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 17:03 . 2009-02-13 13:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-17 17:00 . 2009-02-13 13:42 -------- d-----w- c:\program files\Norton Security Scan
2010-03-01 20:06 . 2009-02-05 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-02-24 10:23 . 2009-02-20 11:27 -------- d-----w- c:\program files\Sprite Explorer
2010-02-23 17:55 . 2009-01-31 07:38 -------- d-----w- c:\program files\Winamp
2009-11-07 23:37 . 2009-01-31 21:04 -------- d-----w- c:\documents and settings\kasalica\Application Data\Skype
2009-11-07 23:07 . 2009-01-31 21:08 -------- d-----w- c:\documents and settings\kasalica\Application Data\skypePM
2009-11-06 21:29 . 2009-09-06 11:33 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MPK
2009-11-05 21:57 . 2009-08-21 12:30 -------- d-----w- c:\program files\Valve
2009-10-24 08:17 . 2009-01-31 07:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-23 21:17 . 2009-09-25 23:20 156384 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-23 14:05 . 2009-09-23 14:17 -------- d-----w- c:\documents and settings\kasalica\Application Data\Audacity
2009-10-03 22:57 . 2009-10-03 22:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-10-03 22:57 . 2009-10-03 22:57 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-03 22:52 . 2009-10-03 22:52 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-09-29 09:51 . 2009-04-17 12:42 -------- d-----w- c:\program files\Dofus
2009-09-25 23:06 . 2009-09-25 21:13 -------- d-----w- c:\documents and settings\kasalica\Application Data\Uniblue
2009-09-25 22:53 . 2009-09-25 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-09-25 22:16 . 2009-09-25 22:16 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{9DF77379-A83D-46CF-968D-03CBC652096D}
2009-09-25 22:16 . 2009-09-25 21:13 -------- d-----w- c:\program files\Uniblue
2009-09-25 22:16 . 2009-09-25 22:16 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{942E4254-C25C-44BA-94FC-8777923F9E7B}
2009-09-25 22:14 . 2009-09-25 22:14 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2009-09-21 15:46 . 2009-09-21 15:46 200704 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\8BF7B6507D32426F8EC9FCF43520397D\PluginLauncher.exe
2009-09-20 12:44 . 2009-09-20 12:44 323584 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\39725A2B354444EF9747FDB782032EA5\swt-win32-3232.dll
2009-09-17 20:59 . 2009-09-17 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-17 15:14 . 2009-09-17 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-17 14:45 . 2009-09-17 14:45 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-09-17 14:45 . 2009-09-17 14:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-17 14:45 . 2009-09-17 14:45 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-17 14:45 . 2009-09-17 14:45 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-17 14:45 . 2009-09-17 14:45 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-17 14:44 . 2009-09-17 14:44 -------- d-----w- c:\program files\AVG
2009-09-17 11:54 . 2009-09-16 16:36 -------- d-----w- c:\program files\Windows Live
2009-09-17 11:45 . 2009-09-17 11:45 152576 ----a-w- c:\documents and settings\kasalica\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-16 16:39 . 2009-01-31 07:10 66160 ----a-w- c:\documents and settings\kasalica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-16 16:36 . 2009-09-16 16:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-16 13:02 . 2009-09-16 13:02 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-15 13:57 . 2009-09-15 13:57 -------- d-----w- c:\program files\MSI
2009-09-14 14:08 . 2009-09-14 14:08 -------- d-----w- c:\program files\Ask.com
2009-09-14 14:07 . 2009-09-14 14:07 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-09-14 14:07 . 2009-09-14 14:07 -------- d-----w- c:\program files\DVDVideoSoft
2009-09-14 13:41 . 2009-09-12 15:01 -------- d-----w- c:\program files\ASIO4ALL v2
2009-09-13 22:19 . 2009-02-03 13:21 -------- d-----w- c:\program files\Cheat Engine
2009-09-13 22:00 . 2009-09-12 14:56 -------- d-----w- c:\program files\Image-Line
2009-09-13 21:59 . 2009-07-08 13:20 -------- d-----w- c:\program files\Super Mario All-Stars & World
2009-09-13 21:59 . 2009-05-27 09:37 -------- d-----w- c:\program files\AtomixMP3
2009-09-13 21:56 . 2009-09-12 15:01 -------- d-----w- c:\program files\VstPlugins
2009-09-12 15:37 . 2009-09-12 15:37 -------- d-----w- c:\documents and settings\kasalica\Application Data\Deckadance
2009-09-12 14:59 . 2009-09-12 14:59 -------- d-----w- c:\program files\Outsim
2009-09-11 14:33 . 2004-08-03 23:56 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 14:52 . 2009-09-03 14:52 148 ----a-w- c:\windows\tmp.tmp.tmp
2009-08-29 07:36 . 2004-08-03 23:56 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-03 23:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-03 23:56 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-27 09:51 . 2009-08-27 09:51 656088 ----a-w- c:\documents and settings\kasalica\Application Data\PowerChallenge\loader.dll
2009-08-27 09:51 . 2009-08-27 09:51 266968 ----a-w- c:\documents and settings\kasalica\Application Data\PowerChallenge\axpowerloader.dll
2009-08-27 09:51 . 2009-08-27 09:51 217816 ----a-w- c:\documents and settings\kasalica\Application Data\PowerChallenge\nppowerloader.dll
2009-08-26 08:16 . 2004-08-03 23:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 14:49 . 2009-09-25 22:16 2842613 -c--a-w- c:\documents and settings\All Users\Application Data\{9DF77379-A83D-46CF-968D-03CBC652096D}\PowerSuite2009.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-11-06_21.30.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-07 23:34 . 2009-11-07 23:34 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-16 15:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 159744]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-17 149280]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-02 2025752]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-14 16050176]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-31 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-17 14:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Documents and Settings\\kasalica\\Local Settings\\Application Data\\Chat Republic Games\\Superstar Racing\\ChatRepublicPlayer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\drivers\\etc\\mirc.exe"=
"c:\\Program Files\\mirc\\mirc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [17.9.2009 15:45 12552]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [31.1.2009 8:13 11264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17.9.2009 15:45 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17.9.2009 15:45 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [17.9.2009 15:44 297752]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [26.9.2009 0:02 2831232]
S3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [31.1.2009 8:40 751104]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2010-03-21 c:\windows\Tasks\Norton Security Scan for kasalica.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 19:20]

2009-11-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-06-16 15:22]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Visit in &3D using ExitReality - 3d.exitreality.com/TransmogrifyPage.htm
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\kasalica\Application Data\Mozilla\Firefox\Profiles\6irdwhxp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15015&l=dis
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=en_US&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-11-08 00:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll >>UNKNOWN [0x82DDD1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x82ddd1f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1604221776-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B485DBD7-FE3C-8363-952E-1581A2A0DE0C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oabjeaagkimkichilckeacohjeghog"=hex:64,61,6f,67,6a,6a,70,69,00,7c
"oankmofmhglnpnifdpohbjchognncp"=hex:6b,61,62,68,61,70,62,6a,65,6b,6d,67,69,6f,
6c,65,63,6a,61,66,6d,64,00,7c
"nadjclhlpeboeodgbjhinekblhjp"=hex:6b,61,62,68,70,6f,61,67,6a,6c,6a,6c,66,65,
6f,65,62,6f,6a,6a,62,6c,00,7c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1772)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\javaw.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-11-07 0:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-07 23:40
ComboFix2.txt 2009-11-07 15:52
ComboFix3.txt 2009-11-06 21:35

Pre-Run: 11.775.959.040 bytes free
Post-Run: 11.745.878.016 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B6282877450FFEC79D40FED48FF5F318

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8434
  • Gde živiš: Novi Beograd

Sada kada je Recovery Console instalirana, primetićeš da ti se pri paljenju računara nakratko pojavljuje ekran na kome možeš izabrati da li želiš pokrenuti Windows ili Recovery console (kao na [url=https://www.mycity.rs/must-login.png slici[/url]).


Trebaćeš zapisati donje komande na papir. Obrati pažnju na razmake koji postoje.

Restartuj računar i korišćenjem strelica na tastaturi izaberi stavku (da bela linija bude na njoj):

Microsoft Windows Recovery Console

Zatim pritisni Enter. Da ne bi zakasnio sa pritiskanjem strelice (na dole), možeš je odmah početi lagano pritiskati čim se računar upali (čim vidiš prvu sliku na monitoru).

Nakon ovoga će započeti pokretanje Recovery Console (potrajaće do pola minuta).

Zatim će se pojaviti sledeći upit:

Citat:1: C:\Windows

Which Windows installation would you like to log onto
(To cancel, press ENTER)?


Sada treba da ukucaš:

1

i pritisneš Enter.

Zatim se može pojaviti sledeći upit:

Citat:Type the Administrator password:

Ako koristiš šifru za logovanje u Windows, ukucaj je i pritisni Enter. Ako ne koristiš šifru, samo pritisni Enter.

Zatim će na ekranu biti prikazano sledeće:


C:\Windows>

Sada kucaj redom (jednu po jednu) sledeće komande i potvrdi svaku sa Enter:

cd system32

cd drivers

copy atapi.sys atapi.bad

Nakon ovoga će se pojaviti obaveštenje da je file kopiran: 1 file(s) copied.

Sad još treba da ukucaš

exit

kako bi se računar restartovao.


Sve ovo će tebi da izgleda otprilike ovako:






Znači, ti kucaš ono što je podvučeno žutim linijama i svaku komandu potvrdiš sa Enter.



Nakon što se Windows normalno pokrene, upload-uj file:

C:\WINDOWS\system32\drivers\atapi.bad


preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 26 Maj 2009
  • Poruke: 46

mycity.rs/must-login.png
...

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8434
  • Gde živiš: Novi Beograd

Kako sad radi?

offline
  • Pridružio: 26 Maj 2009
  • Poruke: 46

Znacajno bolje..(prije dok se otvori start>programs,, trebalo pola sata,, sad mnogoo brze,,) al nije kao prije.. U svakom slucaju hvala..Smile.. Probacu da skeniram AVGom pa ce mo vidjeti..
Znate li neki program za sredjivanje regystrija.. Mislim da sam tamo nesto zajebao..Smile

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8434
  • Gde živiš: Novi Beograd

Svaki put kad sam sredjivao nesto po registru, napravio sam problem sebi. Tako da ih ne koristim.

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

offline
  • Pridružio: 26 Maj 2009
  • Poruke: 46

Obrisao sam ja prije ComboFix... Zar ne znas nijedan program za sredjivanje registrya...??

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8434
  • Gde živiš: Novi Beograd

Vuk0125 ::Obrisao sam ja prije ComboFix... Zar ne znas nijedan program za sredjivanje registrya...??

Ne.

Ko je trenutno na forumu
 

Ukupno su 758 korisnika na forumu :: 20 registrovanih, 7 sakrivenih i 731 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ArmyBoss, Belac91, cropape, darkangel, djboj, Doca, doom83, dr_grof, goxin, ILGromovnik, Marko Marković, Mixelotti, panonski mornar, StefanNBG90, vasa.93, vlvl, x9, zlaya011, Šraf