Nestajanje memorije na hard discu

1

Nestajanje memorije na hard discu

offline
  • Pridružio: 10 Mar 2008
  • Poruke: 9

Ovo je nevjerovatno..u zadnjih nekoliko dana stalno mi nestaje memorija na tvrdom disku.ne znam što učiniti.na početku sam mislio da je možda zbog nekog downloadiranja,al u zadnjih 5-6 dana ništa ne downloadiram,a memorija nestaje.npr. danas sam na disku oslobodio 350 mb,prije 3-4 sata međutim,sad je memorija na 13 mb.katastrofa.što mi je raditi? i pc je vidno sporiji u zadnje vrijeme. HELP!!!

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Detaljno i pazljivo isprati ovo uputstvo ->
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 10 Mar 2008
  • Poruke: 9

Logfile of HijackThis v1.99.1
Scan saved at 23:08:04, on 10.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608-)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\gmilogof.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Ares\Ares.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\xx\Local Settings\Application Data\Microsoft\Messenger\galinjo25@hotmail.com\Sharing Folders\HijackThis.exe

O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - D:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SymantecFilterCheck] D:\WINDOWS\system32\gmilogof.exe
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Dodaj u Protiv reklama - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistika mrežnog Anti-Virusa - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Dopuna: 10 Mar 2008 23:13

sorry,jako je spor pc,pa se tek javljam

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Preuzmi ATF Cleaner.

- Dvoklikom pokreni program
- Čekiraj opciju Select All a zatim klikni Empty Selected



-------------------------------------------------------------------------------------


Isključi Spybot S&D's Teatimer


Pokrenite Spybot S&D
Kliknite Mode stavku u meniju
Odaberite Advance Mode
Na traci levo kliknite na Tools
Kliknite na Resident
Destiklirajte Resident Tea-Timer
Zatvorite Spybot S&D
Restartujte kompjuter.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.


-------------------------------------------------------------------------------------



Privremeno isključi antivirus, a zatim...

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.

Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 10 Mar 2008
  • Poruke: 9

pozdrav i unaprijed zahvaljujem!

ComboFix 08-03-10.1 - xx 2008-03-11 10:56:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.225 [GMT 1:00]
Running from: D:\Documents and Settings\xx\Desktop\Atf cleaner\ComboFix1.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\All Users\Application Data\microsoft\pctools
D:\Documents and Settings\xx\Application Data\ShoppingReport
D:\Documents and Settings\xx\Application Data\ShoppingReport\cs\db\Aliases.dbs
D:\Documents and Settings\xx\Application Data\ShoppingReport\cs\db\Sites.dbs
D:\Documents and Settings\xx\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
D:\Documents and Settings\xx\Application Data\ShoppingReport\cs\report\aggr_storage.xml
D:\Documents and Settings\xx\Application Data\ShoppingReport\cs\report\send_storage.xml
D:\Documents and Settings\xx\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
D:\Documents and Settings\xx\ravmonlog
D:\Documents and Settings\xx\ResErrors.log
D:\Program Files\ShoppingReport
D:\WINDOWS\recover.reg
D:\WINDOWS\system32\d3d1caps.srg
D:\WINDOWS\system32\xbox.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_ACPIDISK
-------\LEGACY_DHLP
-------\LEGACY_POWERMANAGER
-------\acpidisk


((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))
.

2008-03-08 23:56 . 2008-03-08 23:56 8 --a------ D:\WINDOWS\LHM_info.dat
2008-03-08 23:51 . 2008-03-10 20:48 <DIR> d-------- D:\Program Files\LHM2006
2008-03-07 19:26 . 2008-03-07 19:28 <DIR> d-------- D:\WINDOWS\uninstall\Handball Manager
2008-03-07 19:26 . 2008-03-07 19:29 <DIR> d-------- D:\Program Files\HandballManager
2008-03-02 18:06 . 2008-03-03 19:41 <DIR> d-------- D:\Program Files\Common Files\Symantec Shared
2008-03-01 23:25 . 2008-03-08 03:46 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2008-03-01 17:58 . 2008-03-11 11:13 4,440,608 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2008-03-01 17:58 . 2008-03-11 11:09 139,040 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-01 17:58 . 2008-03-11 11:09 61,544 --ahs---- D:\WINDOWS\system32\drivers\fidbox.idx
2008-03-01 17:58 . 2008-03-11 11:09 15,128 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-01 17:50 . 2008-03-06 17:40 91,700 --a------ D:\WINDOWS\system32\drivers\klin.dat
2008-03-01 17:50 . 2008-03-01 17:50 85,860 --a------ D:\WINDOWS\system32\drivers\klick.dat
2008-03-01 17:46 . 2008-03-01 17:46 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-23 18:25 . 2008-02-23 18:25 <DIR> d-------- D:\Documents and Settings\xx\Application Data\Talkback
2008-02-23 18:25 . 2008-02-23 18:25 0 --a------ D:\WINDOWS\nsreg.dat
2008-02-23 18:21 . 2008-02-23 18:21 <DIR> d-------- D:\Program Files\Common Files\xing shared
2008-02-23 18:20 . 2008-02-23 18:20 <DIR> d-------- D:\Program Files\Real
2008-02-23 18:18 . 2008-02-23 18:20 <DIR> d-------- D:\Program Files\Common Files\Real
2008-02-23 16:29 . 2008-02-23 16:29 <DIR> d-------- D:\Documents and Settings\xx\Application Data\BSplayer Pro
2008-02-23 16:29 . 2008-02-25 22:46 <DIR> d-------- D:\Documents and Settings\xx\Application Data\BSplayer
2008-02-23 12:03 . 2008-02-23 12:08 <DIR> d-------- D:\Program Files\Moyea
2008-02-23 12:03 . 2008-03-05 17:31 <DIR> d-------- D:\Documents and Settings\xx\Application Data\Moyea
2008-02-23 03:22 . 2008-02-23 03:22 <DIR> d-------- D:\Program Files\FLVPlayer
2008-02-23 03:19 . 2008-02-23 03:19 <DIR> d-------- D:\Program Files\Riva
2008-02-23 03:19 . 2008-02-23 03:19 <DIR> d-------- D:\Program Files\Common Files\SWF Studio
2008-02-12 22:28 . 2008-02-24 17:09 189 --a------ D:\WINDOWS\wininit.ini
2008-02-12 14:13 . 2008-02-12 14:14 <DIR> d-------- D:\Program Files\Spybot - Search & Destroy
2008-02-12 14:13 . 2008-02-13 18:26 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-12 13:21 . 2008-03-10 17:59 <DIR> d-------- D:\Program Files\XoftSpySE
2008-02-11 23:27 . 2008-02-11 23:27 <DIR> d-------- D:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-11 10:14 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-10 17:13 --------- d-----w D:\Documents and Settings\xx\Application Data\MegauploadToolbar
2008-03-08 22:52 --------- d-----w D:\Documents and Settings\xx\Application Data\GetRightToGo
2008-03-01 18:56 --------- d-----w D:\Program Files\MSN Messenger
2008-03-01 18:53 306,688 ----a-w D:\WINDOWS\IsUninst.exe
2008-03-01 18:52 314,368 ----a-w D:\WINDOWS\uninst.exe
2008-03-01 17:35 --------- d-----w D:\Program Files\bfgclient
2008-03-01 16:52 --------- d-----w D:\Program Files\Kaspersky Lab
2008-02-13 14:05 --------- d-----w D:\Program Files\Winamp
2008-02-10 00:47 --------- d-----w D:\Documents and Settings\xx\Application Data\CyberLink
2008-02-07 15:40 --------- d-----w D:\Program Files\Soccerland2001
2008-02-05 15:38 --------- d-----w D:\Program Files\MegauploadToolbar
2008-01-18 20:09 --------- d-----w D:\Program Files\ProtectDisc Driver Installer
2008-01-04 13:20 73,216 ----a-w D:\WINDOWS\ST6UNST.EXE
2007-11-03 14:45 13 ----a-w D:\Documents and Settings\xx\Verinfo.dat
2007-11-03 14:44 1,024 ----a-w D:\Documents and Settings\xx\Config.dat
2007-12-07 18:36 718,088 --sh--w D:\WINDOWS\system32\gmilogof.exe
2007-12-07 18:36 226,056 --sh--w D:\WINDOWS\system32\msnmssgs.exe
.

------- Sigcheck -------

2004-08-03 23:56 14336 8f078ae4ed187aaabc0a305146de6716 D:\WINDOWS\system32\svchost.exe
2004-08-03 23:56 14336 8f078ae4ed187aaabc0a305146de6716 D:\WINDOWS\system32\dllcache\svchost.exe

2007-03-08 16:36 577536 b409909f6e2e8a7067076ed748abf1e7 D:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
2007-03-08 16:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b D:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll
2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 D:\WINDOWS\system32\user32.dll
2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 D:\WINDOWS\system32\dllcache\user32.dll

2004-08-03 23:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 D:\WINDOWS\system32\ws2_32.dll
2004-08-03 23:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 D:\WINDOWS\system32\dllcache\ws2_32.dll

2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\system32\drivers\tcpip.sys

2004-08-03 23:56 502272 01c3346c241652f43aed8e2149881bfe D:\WINDOWS\system32\winlogon.exe
2004-08-03 23:56 502272 01c3346c241652f43aed8e2149881bfe D:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e D:\WINDOWS\system32\dllcache\ndis.sys
2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e D:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 D:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 D:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 01:34 2056832 81013f36b21c7f72cf784cc6731e0002 D:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 D:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrnlpa.exe
2007-02-28 10:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba D:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntkrnlpa.exe
2005-03-02 01:34 2056832 81013f36b21c7f72cf784cc6731e0002 D:\WINDOWS\system32\ntkrnlpa.exe

2005-03-02 01:59 2179328 4d4cf2c14550a4b7718e94a6e581856e D:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c D:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe
2007-02-28 10:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 D:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
2005-03-02 01:59 2179328 4d4cf2c14550a4b7718e94a6e581856e D:\WINDOWS\system32\ntoskrnl.exe

2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 D:\WINDOWS\explorer.exe
2008-03-01 18:10 1033216 97bd6515465659ff8f3b7be375b2ea87 D:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
2008-03-01 20:00 1033216 7712df0cdde3a5ac89843e61cd5b3658 D:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 D:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-03-01 19:48 5674352]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-23 20:38 68856]
"ares"="D:\Program Files\Ares\Ares.exe" [2007-07-16 22:54 961536]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 11:51 218376]
"DAEMON Tools-1033"="D:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-23 18:18 185896]
"SymantecFilterCheck"="D:\WINDOWS\system32\gmilogof.exe" [2007-12-07 19:36 718088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 09:50 155648 D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"D:\\Program Files\\Ares\\Ares.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17380:TCP"= 17380:TCP:NortonAV
"13806:TCP"= 13806:TCP:NortonAV
"15789:TCP"= 15789:TCP:NortonAV

R2 acedrv10;acedrv10;D:\WINDOWS\system32\drivers\acedrv10.sys [2007-07-24 08:45]
R2 acehlp10;acehlp10;D:\WINDOWS\system32\drivers\acehlp10.sys [2007-07-11 09:20]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 13:58]
R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;D:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 22:04]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"D:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0693c984-53cc-11dc-97c0-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c66ad34-5006-11dc-9bda-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b0244f4-55f5-11dc-bcb3-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aa86754-5574-11dc-b7bc-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{693805c0-65fd-11dc-8ec8-a8783cb692d6}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9b802e4-6c38-11dc-8921-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9b802e5-6c38-11dc-8921-806d6172696f}]
\Shell\AutoRun\command - H:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddb9ccf0-4f1f-11dc-a32d-c62ea26f04d2}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e72a6ba4-5394-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed8d4574-5175-11dc-a4e0-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee1772d0-813a-11dc-ac9b-cb6bcd068dd0}]
\Shell\AutoOpen\command - J:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2abfc4-56b2-11dc-b76a-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-11 09:59:19 D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-02 18:15:20 D:\WINDOWS\Tasks\Norton Security Scan.job"
- D:\Program Files\Norton Security Scan\Nss.exe
"2008-03-11 10:10:47 D:\WINDOWS\Tasks\XoftSpySE 2.job"
- D:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-23 02:00:01 D:\WINDOWS\Tasks\XoftSpySE.job"
- D:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-03-11 11:15:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-11 11:19:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-11 10:19:28
.
2008-03-11 00:14:25 --- E O F ---

Dopuna: 11 Mar 2008 11:25

Prijatelju,vratila su mi se 2,2 gb memorije na particiju D:.hvala ti,hvala,hvala,hvala,hvala puuuno.i pc puno brže radi.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ukoliko imaš neki USB flash drive, priključi ga u toku idućeg postupka...




Preuzmi program Flash_Disinfector.

program se pokreće dvoklikom na Flash_Disinfector.exe
kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay)
kliknuti na OK i sačekati da se proces završi
kada se pojavi poruka Done !!, kliknuti na OK.



-------------------------------------------------------------------------------------



Zatim otvoriti Notepad i iskopirati sledeci tekst:

File::
D:\WINDOWS\system32\gmilogof.exe
D:\WINDOWS\system32\msnmssgs.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SymantecFilterCheck"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee1772d0-813a-11dc-ac9b-cb6bcd068dd0}]




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.

Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 10 Mar 2008
  • Poruke: 9

ComboFix 08-03-13.4 - xx 2008-03-14 14:50:18.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.271 [GMT 1:00]
Running from: D:\Documents and Settings\xx\Desktop\ATF CLEANER\ComboFix1.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.

2008-03-13 13:21 . 2008-03-13 13:56 <DIR> d-------- D:\WINDOWS\uninstall\Handball Manager 2007 Demo
2008-03-13 00:53 . 2008-03-13 00:53 <DIR> d-------- D:\Documents and Settings\xx\EurekaLog
2008-03-13 00:32 . 2008-03-13 00:53 <DIR> d-------- D:\Program Files\GISConverter
2008-03-13 00:32 . 2008-03-13 00:32 <DIR> d-------- D:\Documents and Settings\xx\Application Data\Softplicity
2008-03-11 13:44 . 2008-03-11 13:44 <DIR> d-------- D:\Program Files\Creative
2008-03-11 13:44 . 2002-06-06 14:38 139,264 --a------ D:\WINDOWS\system32\eax.dll
2008-03-11 12:06 . 2002-08-08 05:11 319,488 -ra------ D:\WINDOWS\system32\MafiaSetup.exe
2008-03-08 23:56 . 2008-03-08 23:56 8 --a------ D:\WINDOWS\LHM_info.dat
2008-03-08 23:51 . 2008-03-10 20:48 <DIR> d-------- D:\Program Files\LHM2006
2008-03-07 19:26 . 2008-03-07 19:28 <DIR> d-------- D:\WINDOWS\uninstall\Handball Manager
2008-03-07 19:26 . 2008-03-07 19:29 <DIR> d-------- D:\Program Files\HandballManager
2008-03-02 18:06 . 2008-03-03 19:41 <DIR> d-------- D:\Program Files\Common Files\Symantec Shared
2008-03-01 23:25 . 2008-03-08 03:46 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2008-03-01 17:58 . 2008-03-14 14:55 5,653,792 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2008-03-01 17:58 . 2008-03-14 14:55 219,424 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-01 17:58 . 2008-03-14 14:36 78,356 --ahs---- D:\WINDOWS\system32\drivers\fidbox.idx
2008-03-01 17:58 . 2008-03-14 14:36 22,376 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-01 17:50 . 2008-03-06 17:40 91,700 --a------ D:\WINDOWS\system32\drivers\klin.dat
2008-03-01 17:50 . 2008-03-01 17:50 85,860 --a------ D:\WINDOWS\system32\drivers\klick.dat
2008-03-01 17:46 . 2008-03-01 17:46 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-23 18:25 . 2008-02-23 18:25 <DIR> d-------- D:\Documents and Settings\xx\Application Data\Talkback
2008-02-23 18:25 . 2008-02-23 18:25 0 --a------ D:\WINDOWS\nsreg.dat
2008-02-23 18:21 . 2008-02-23 18:21 <DIR> d-------- D:\Program Files\Common Files\xing shared
2008-02-23 18:20 . 2008-02-23 18:20 <DIR> d-------- D:\Program Files\Real
2008-02-23 18:18 . 2008-02-23 18:20 <DIR> d-------- D:\Program Files\Common Files\Real
2008-02-23 16:29 . 2008-02-23 16:29 <DIR> d-------- D:\Documents and Settings\xx\Application Data\BSplayer Pro
2008-02-23 16:29 . 2008-02-25 22:46 <DIR> d-------- D:\Documents and Settings\xx\Application Data\BSplayer
2008-02-23 12:03 . 2008-02-23 12:08 <DIR> d-------- D:\Program Files\Moyea
2008-02-23 12:03 . 2008-03-13 00:55 <DIR> d-------- D:\Documents and Settings\xx\Application Data\Moyea
2008-02-23 03:22 . 2008-02-23 03:22 <DIR> d-------- D:\Program Files\FLVPlayer
2008-02-23 03:19 . 2008-02-23 03:19 <DIR> d-------- D:\Program Files\Riva
2008-02-23 03:19 . 2008-02-23 03:19 <DIR> d-------- D:\Program Files\Common Files\SWF Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 13:39 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-12 22:46 --------- d-----w D:\Program Files\MSN Messenger
2008-03-10 17:13 --------- d-----w D:\Documents and Settings\xx\Application Data\MegauploadToolbar
2008-03-10 16:59 --------- d-----w D:\Program Files\XoftSpySE
2008-03-08 22:52 --------- d-----w D:\Documents and Settings\xx\Application Data\GetRightToGo
2008-03-01 18:52 314,368 ----a-w D:\WINDOWS\uninst.exe
2008-03-01 17:35 --------- d-----w D:\Program Files\bfgclient
2008-03-01 16:52 --------- d-----w D:\Program Files\Kaspersky Lab
2008-02-23 17:18 499,712 ----a-w D:\WINDOWS\system32\msvcp71.dll
2008-02-23 17:18 348,160 ----a-w D:\WINDOWS\system32\msvcr71.dll
2008-02-13 17:26 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 14:05 --------- d-----w D:\Program Files\Winamp
2008-02-12 13:14 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-02-11 22:27 --------- d-----w D:\Program Files\MSXML 4.0
2008-02-10 00:47 --------- d-----w D:\Documents and Settings\xx\Application Data\CyberLink
2008-02-07 15:40 --------- d-----w D:\Program Files\Soccerland2001
2008-02-05 15:38 --------- d-----w D:\Program Files\MegauploadToolbar
2008-01-18 20:09 --------- d-----w D:\Program Files\ProtectDisc Driver Installer
2008-01-04 13:20 73,216 ----a-w D:\WINDOWS\ST6UNST.EXE
2007-11-03 14:45 13 ----a-w D:\Documents and Settings\xx\Verinfo.dat
2007-11-03 14:44 1,024 ----a-w D:\Documents and Settings\xx\Config.dat
.

------- Sigcheck -------

2004-08-03 23:56 14336 8f078ae4ed187aaabc0a305146de6716 D:\WINDOWS\system32\svchost.exe
2004-08-03 23:56 14336 8f078ae4ed187aaabc0a305146de6716 D:\WINDOWS\system32\dllcache\svchost.exe

2007-03-08 16:36 577536 b409909f6e2e8a7067076ed748abf1e7 D:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
2007-03-08 16:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b D:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll
2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 D:\WINDOWS\system32\user32.dll
2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 D:\WINDOWS\system32\dllcache\user32.dll

2004-08-03 23:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 D:\WINDOWS\system32\ws2_32.dll
2004-08-03 23:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 D:\WINDOWS\system32\dllcache\ws2_32.dll

2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\system32\drivers\tcpip.sys

2004-08-03 23:56 502272 01c3346c241652f43aed8e2149881bfe D:\WINDOWS\system32\winlogon.exe
2004-08-03 23:56 502272 01c3346c241652f43aed8e2149881bfe D:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e D:\WINDOWS\system32\dllcache\ndis.sys
2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e D:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 D:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 D:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 01:34 2056832 81013f36b21c7f72cf784cc6731e0002 D:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 D:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrnlpa.exe
2007-02-28 10:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba D:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntkrnlpa.exe
2005-03-02 01:34 2056832 81013f36b21c7f72cf784cc6731e0002 D:\WINDOWS\system32\ntkrnlpa.exe

2005-03-02 01:59 2179328 4d4cf2c14550a4b7718e94a6e581856e D:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c D:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe
2007-02-28 10:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 D:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
2005-03-02 01:59 2179328 4d4cf2c14550a4b7718e94a6e581856e D:\WINDOWS\system32\ntoskrnl.exe

2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 D:\WINDOWS\explorer.exe
2008-03-01 18:10 1033216 97bd6515465659ff8f3b7be375b2ea87 D:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
2008-03-01 20:00 1033216 7712df0cdde3a5ac89843e61cd5b3658 D:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 D:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-11_11.18.37.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-01 18:53:07 306,688 ----a-w D:\WINDOWS\IsUninst.exe
+ 1998-10-29 15:45:06 306,688 ----a-w D:\WINDOWS\IsUninst.exe
+ 2007-04-30 09:50:30 417,792 ----a-w D:\WINDOWS\uninstall\Handball Manager 2007 Demo\setup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-23 20:38 68856]
"ares"="D:\Program Files\Ares\Ares.exe" [2007-07-16 22:54 961536]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 11:51 218376]
"DAEMON Tools-1033"="D:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-23 18:18 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 09:50 155648 D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"D:\\Program Files\\Ares\\Ares.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17380:TCP"= 17380:TCP:NortonAV
"13806:TCP"= 13806:TCP:NortonAV
"15789:TCP"= 15789:TCP:NortonAV

R2 acedrv10;acedrv10;D:\WINDOWS\system32\drivers\acedrv10.sys [2007-07-24 08:45]
R2 acehlp10;acehlp10;D:\WINDOWS\system32\drivers\acehlp10.sys [2007-07-11 09:20]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 13:58]
R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;D:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 22:04]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"D:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0693c984-53cc-11dc-97c0-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c66ad34-5006-11dc-9bda-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b0244f4-55f5-11dc-bcb3-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aa86754-5574-11dc-b7bc-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{693805c0-65fd-11dc-8ec8-a8783cb692d6}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9b802e4-6c38-11dc-8921-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9b802e5-6c38-11dc-8921-806d6172696f}]
\Shell\AutoRun\command - H:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddb9ccf0-4f1f-11dc-a32d-c62ea26f04d2}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e72a6ba4-5394-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed8d4574-5175-11dc-a4e0-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2abfc4-56b2-11dc-b76a-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-13 18:59:14 D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-12 17:00:00 D:\WINDOWS\Tasks\Norton Security Scan.job"
- D:\Program Files\Norton Security Scan\Nss.exe
"2008-03-14 13:37:59 D:\WINDOWS\Tasks\XoftSpySE 2.job"
- D:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-23 02:00:01 D:\WINDOWS\Tasks\XoftSpySE.job"
- D:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-03-14 14:55:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-14 14:58:13
ComboFix-quarantined-files.txt 2008-03-14 13:57:43
ComboFix2.txt 2008-03-11 19:21:57
ComboFix3.txt 2008-03-11 18:47:32
ComboFix4.txt 2008-03-11 10:19:57
.
2008-03-11 15:32:03 --- E O F ---

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

offline
  • Pridružio: 10 Mar 2008
  • Poruke: 9

Hvala puno!pozdrav!

Dopuna: 15 Mar 2008 20:43

Iako sam mislio da sam riješio problem,opet mi nest6aje memorija.ne znam što činiti. pa sam opet odlučio uraditi odo što si mi prvi put rekao dr. Bora.međutim,ništa nije pomoglo. evo loga koji mi je combo maloprije izbacio.

ComboFix 08-03-14.4 - xx 2008-03-15 20:31:12.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.297 [GMT 1:00]
Running from: D:\Documents and Settings\xx\Desktop\ATF CLEANER\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.

2008-03-15 13:13 . 2008-03-15 13:13 <DIR> d-------- D:\Documents and Settings\xx\Application Data\The Complete Genealogy Reporter - FTB
2008-03-15 13:13 . 2002-03-07 01:19 454,656 --a------ D:\WINDOWS\system32\PaintX.dll
2008-03-15 13:13 . 2003-07-06 14:07 372,736 --a------ D:\WINDOWS\system32\ijl15.dll
2008-03-15 13:13 . 1998-06-24 00:00 137,000 --a------ D:\WINDOWS\system32\msmapi32.ocx
2008-03-15 13:13 . 2008-03-15 13:21 250 --a------ D:\WINDOWS\MyHeritage.INI
2008-03-15 13:12 . 2008-03-15 13:13 <DIR> d-------- D:\Program Files\MyHeritage
2008-03-15 11:16 . 2006-12-19 20:33 61,440 --a------ D:\WINDOWS\system32\google.dll
2008-03-15 11:16 . 2008-03-15 11:16 26,112 --a------ D:\WINDOWS\system32\msnserv.exe
2008-03-15 10:45 . 2008-03-15 11:03 <DIR> d-------- D:\Program Files\Navilog1
2008-03-13 13:21 . 2008-03-13 13:56 <DIR> d-------- D:\WINDOWS\uninstall\Handball Manager 2007 Demo
2008-03-13 00:53 . 2008-03-13 00:53 <DIR> d-------- D:\Documents and Settings\xx\EurekaLog
2008-03-13 00:32 . 2008-03-13 00:53 <DIR> d-------- D:\Program Files\GISConverter
2008-03-13 00:32 . 2008-03-13 00:32 <DIR> d-------- D:\Documents and Settings\xx\Application Data\Softplicity
2008-03-11 13:44 . 2008-03-11 13:44 <DIR> d-------- D:\Program Files\Creative
2008-03-11 13:44 . 2002-06-06 14:38 139,264 --a------ D:\WINDOWS\system32\eax.dll
2008-03-11 12:06 . 2002-08-08 05:11 319,488 -ra------ D:\WINDOWS\system32\MafiaSetup.exe
2008-03-08 23:56 . 2008-03-08 23:56 8 --a------ D:\WINDOWS\LHM_info.dat
2008-03-08 23:51 . 2008-03-10 20:48 <DIR> d-------- D:\Program Files\LHM2006
2008-03-07 19:26 . 2008-03-07 19:28 <DIR> d-------- D:\WINDOWS\uninstall\Handball Manager
2008-03-07 19:26 . 2008-03-07 19:29 <DIR> d-------- D:\Program Files\HandballManager
2008-03-02 18:06 . 2008-03-03 19:41 <DIR> d-------- D:\Program Files\Common Files\Symantec Shared
2008-03-01 23:25 . 2008-03-08 03:46 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2008-03-01 17:58 . 2008-03-15 20:36 6,039,072 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2008-03-01 17:58 . 2008-03-15 20:36 241,696 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-01 17:58 . 2008-03-15 20:25 83,732 --ahs---- D:\WINDOWS\system32\drivers\fidbox.idx
2008-03-01 17:58 . 2008-03-15 20:25 24,632 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-01 17:50 . 2008-03-06 17:40 91,700 --a------ D:\WINDOWS\system32\drivers\klin.dat
2008-03-01 17:50 . 2008-03-01 17:50 85,860 --a------ D:\WINDOWS\system32\drivers\klick.dat
2008-03-01 17:46 . 2008-03-01 17:46 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-23 18:25 . 2008-02-23 18:25 <DIR> d-------- D:\Documents and Settings\xx\Application Data\Talkback
2008-02-23 18:25 . 2008-02-23 18:25 0 --a------ D:\WINDOWS\nsreg.dat
2008-02-23 18:21 . 2008-02-23 18:21 <DIR> d-------- D:\Program Files\Common Files\xing shared
2008-02-23 18:20 . 2008-02-23 18:20 <DIR> d-------- D:\Program Files\Real
2008-02-23 18:18 . 2008-02-23 18:20 <DIR> d-------- D:\Program Files\Common Files\Real
2008-02-23 16:29 . 2008-02-23 16:29 <DIR> d-------- D:\Documents and Settings\xx\Application Data\BSplayer Pro
2008-02-23 16:29 . 2008-02-25 22:46 <DIR> d-------- D:\Documents and Settings\xx\Application Data\BSplayer
2008-02-23 12:03 . 2008-02-23 12:08 <DIR> d-------- D:\Program Files\Moyea
2008-02-23 12:03 . 2008-03-13 00:55 <DIR> d-------- D:\Documents and Settings\xx\Application Data\Moyea
2008-02-23 03:22 . 2008-02-23 03:22 <DIR> d-------- D:\Program Files\FLVPlayer
2008-02-23 03:19 . 2008-02-23 03:19 <DIR> d-------- D:\Program Files\Riva
2008-02-23 03:19 . 2008-02-23 03:19 <DIR> d-------- D:\Program Files\Common Files\SWF Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 19:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-12 22:46 --------- d-----w D:\Program Files\MSN Messenger
2008-03-10 17:13 --------- d-----w D:\Documents and Settings\xx\Application Data\MegauploadToolbar
2008-03-10 16:59 --------- d-----w D:\Program Files\XoftSpySE
2008-03-08 22:52 --------- d-----w D:\Documents and Settings\xx\Application Data\GetRightToGo
2008-03-01 18:52 314,368 ----a-w D:\WINDOWS\uninst.exe
2008-03-01 17:35 --------- d-----w D:\Program Files\bfgclient
2008-03-01 16:52 --------- d-----w D:\Program Files\Kaspersky Lab
2008-02-23 17:18 499,712 ----a-w D:\WINDOWS\system32\msvcp71.dll
2008-02-23 17:18 348,160 ----a-w D:\WINDOWS\system32\msvcr71.dll
2008-02-13 17:26 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 14:05 --------- d-----w D:\Program Files\Winamp
2008-02-12 13:14 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-02-11 22:27 --------- d-----w D:\Program Files\MSXML 4.0
2008-02-10 00:47 --------- d-----w D:\Documents and Settings\xx\Application Data\CyberLink
2008-02-07 15:40 --------- d-----w D:\Program Files\Soccerland2001
2008-02-05 15:38 --------- d-----w D:\Program Files\MegauploadToolbar
2008-01-18 20:09 --------- d-----w D:\Program Files\ProtectDisc Driver Installer
2008-01-04 13:20 73,216 ----a-w D:\WINDOWS\ST6UNST.EXE
2007-11-03 14:45 13 ----a-w D:\Documents and Settings\xx\Verinfo.dat
2007-11-03 14:44 1,024 ----a-w D:\Documents and Settings\xx\Config.dat
.

------- Sigcheck -------

2004-08-03 23:56 14336 8f078ae4ed187aaabc0a305146de6716 D:\WINDOWS\system32\svchost.exe
2004-08-03 23:56 14336 8f078ae4ed187aaabc0a305146de6716 D:\WINDOWS\system32\dllcache\svchost.exe

2007-03-08 16:36 577536 b409909f6e2e8a7067076ed748abf1e7 D:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
2007-03-08 16:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b D:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll
2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 D:\WINDOWS\system32\user32.dll
2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 D:\WINDOWS\system32\dllcache\user32.dll

2004-08-03 23:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 D:\WINDOWS\system32\ws2_32.dll
2004-08-03 23:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 D:\WINDOWS\system32\dllcache\ws2_32.dll

2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\system32\drivers\tcpip.sys

2004-08-03 23:56 502272 01c3346c241652f43aed8e2149881bfe D:\WINDOWS\system32\winlogon.exe
2004-08-03 23:56 502272 01c3346c241652f43aed8e2149881bfe D:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e D:\WINDOWS\system32\dllcache\ndis.sys
2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e D:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 D:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 D:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 01:34 2056832 81013f36b21c7f72cf784cc6731e0002 D:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 D:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrnlpa.exe
2007-02-28 10:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba D:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntkrnlpa.exe
2005-03-02 01:34 2056832 81013f36b21c7f72cf784cc6731e0002 D:\WINDOWS\system32\ntkrnlpa.exe

2005-03-02 01:59 2179328 4d4cf2c14550a4b7718e94a6e581856e D:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c D:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe
2007-02-28 10:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 D:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
2005-03-02 01:59 2179328 4d4cf2c14550a4b7718e94a6e581856e D:\WINDOWS\system32\ntoskrnl.exe

2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 D:\WINDOWS\explorer.exe
2008-03-01 18:10 1033216 97bd6515465659ff8f3b7be375b2ea87 D:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
2008-03-01 20:00 1033216 7712df0cdde3a5ac89843e61cd5b3658 D:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 D:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-11_11.18.37.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-01 18:53:07 306,688 ----a-w D:\WINDOWS\IsUninst.exe
+ 1998-10-29 15:45:06 306,688 ----a-w D:\WINDOWS\IsUninst.exe
- 2004-08-03 22:56:44 1,392,671 ----a-w D:\WINDOWS\system32\msvbvm60.dll
+ 2004-02-23 19:42:40 1,386,496 ----a-w D:\WINDOWS\system32\msvbvm60.dll
+ 2007-04-30 09:50:30 417,792 ----a-w D:\WINDOWS\uninstall\Handball Manager 2007 Demo\setup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-23 20:38 68856]
"ares"="D:\Program Files\Ares\Ares.exe" [2007-07-16 22:54 961536]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 11:51 218376]
"DAEMON Tools-1033"="D:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-23 18:18 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 09:50 155648 D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"D:\\Program Files\\Ares\\Ares.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17380:TCP"= 17380:TCP:NortonAV
"13806:TCP"= 13806:TCP:NortonAV
"15789:TCP"= 15789:TCP:NortonAV

R2 acedrv10;acedrv10;D:\WINDOWS\system32\drivers\acedrv10.sys [2007-07-24 08:45]
R2 acehlp10;acehlp10;D:\WINDOWS\system32\drivers\acehlp10.sys [2007-07-11 09:20]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 13:58]
R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;D:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 22:04]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"D:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0693c984-53cc-11dc-97c0-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c66ad34-5006-11dc-9bda-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b0244f4-55f5-11dc-bcb3-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aa86754-5574-11dc-b7bc-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{693805c0-65fd-11dc-8ec8-a8783cb692d6}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9b802e4-6c38-11dc-8921-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9b802e5-6c38-11dc-8921-806d6172696f}]
\Shell\AutoRun\command - H:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddb9ccf0-4f1f-11dc-a32d-c62ea26f04d2}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e72a6ba4-5394-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed8d4574-5175-11dc-a4e0-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee1772d0-813a-11dc-ac9b-cb6bcd068dd0}]
\Shell\AutoOpen\command - J:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2abfc4-56b2-11dc-b76a-806d6172696f}]
\Shell\AutoRun\command - G:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 18:59:07 D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-12 17:00:00 D:\WINDOWS\Tasks\Norton Security Scan.job"
- D:\Program Files\Norton Security Scan\Nss.exe
"2008-03-15 19:26:36 D:\WINDOWS\Tasks\XoftSpySE 2.job"
- D:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-23 02:00:01 D:\WINDOWS\Tasks\XoftSpySE.job"
- D:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-03-15 20:36:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-15 20:38:57
ComboFix-quarantined-files.txt 2008-03-15 19:38:39
ComboFix2.txt 2008-03-14 13:58:15
ComboFix3.txt 2008-03-11 19:21:57
ComboFix4.txt 2008-03-11 18:47:32
ComboFix5.txt 2008-03-11 10:19:57
.
2008-03-11 15:32:03 --- E O F ---

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Za početak, obriši privremene file-ov korišćenjem programa ATF Cleaner.

Malware ne mora imati bilo kakve veze sa tim problemom - kada surfaš, sve otvorene stranice ostaju na disku i zauzimaju prostor, kada nešto downloaduješ, to nešto zauzima neki prostor na disku...



U svakom slučaju, ovde su opet primetni tragovi nekih infekcija.

Imaš li neki flash drive? Ako imaš, drži pritisnut Shift taster, priključi ga i formatiraj (desni klik na njega u Windows Exploreru i Format).


Zatim isprati sledeće uputstvo, ali ga ovaj put isprati, a ne kao prošli put kad si pokretao CF 3 puta. Takođe, vidim da si koristio Navilog1 - zašto?

Ukratko, prati uputstva i nemoj da radiš bilo šta na svoju ruku (možeš samo sebi napraviti štetu).


-------------------------------------------------------------------------------------



Otvoriti Notepad i iskopirati sledeci tekst:

File::
D:\WINDOWS\system32\google.dll
D:\WINDOWS\system32\msnserv.exe

DirLook::
C:\MSOCache
D:\MSOCache

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee1772d0-813a-11dc-ac9b-cb6bcd068dd0}]




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 894 korisnika na forumu :: 60 registrovanih, 4 sakrivenih i 830 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amonsrb, babaroga, Boter, branko7, BSD, dankisha, darios, Darkhunter, Duh sa sekirom, FileFinder, geo.dule, goran.vvv, goxin, gzoki, Ivan Campo, ivica976, JOntra, kairos, Klecaviks, KonstantinR, kreza, Krusarac, loon123, Mercury, messerschmitt, Miki01, Mikulino, mile23, milimoj, Milos ZA, miodrag, misa1xx, nenad81, niksa517, Nixon, nuke92, pein, procesor, proka89, promajauglavi, raf87, Romibrat, S2M, Shinobi, Steeeefan, tesa, Toni, Trpe Grozni, Tschetschen, Van, vasa.93, vathra, VJ, vlad the impaler, vladas87, vobo, wolf431, zillbg, 1107