Nod blokira IP adresu!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nod mi blokira neku IP adresu kad odem na net...zanima me kako to otkloniti da mi se sledeci put to ne desi. Kad se info o blokiranju pojavio danas, ja sam iskljucila net i isla na search and destroy pa kad sam opet ukljucila net,nije se pojavljivalo ali me zanima sta je uopste to i kako je doslo do toga, da li je to virus ili sta....hvala unaprijed na pomoci!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozzz

Mozemo da proverimo dal ima malware-a :

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kako to mozete provjeriti,tj.sta trebam da uradim na ovoj stranici?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Lepo pise na citkom Srpskom jeziku... Objasnjeno i za one koji su slabijeg informatickog znanja. otvori stranicu i pazljivo citaj..I videces.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 18 Mar 2010 18:15

Dobro,shvatila sam, ne moras potcjenjivati...


DDS (Ver_10-03-17.01) - NTFSx86
Run by Nikola at 18:10:40.96 on Thu 03/18/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.637 [GMT 1:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Novi Programi\AdAware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Novi Programi\NetWorx\networx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AirLive\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\My Documents\Download\CryptLoad_1[1].1.6\CryptLoad_1.1.6\CryptLoad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nikola\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: Taskman=c:\documents and settings\nikola\csrss.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\novipr~1\networx\deskband.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Washer] c:\program files\washer\washer.exe /0
uRun: [AdobeBridge]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SW20] c:\windows\system32\sw20.exe
mRun: [SW24] c:\windows\system32\sw24.exe
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\novi programi\quicktime\QTTask.exe" -atboottime
mRun: [NetWorx] "c:\novi programi\networx\networx.exe" /auto
mRunServicesOnce: [washindex] c:\program files\washer\washidx.exe "Nikola"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\airlive\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\airlive\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: {A17D0446-139D-44FE-80C0-A9346DCDEA8D} = 217.23.192.9 217.23.192.14
Handler: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - c:\windows\system32\ebkp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nikola\applic~1\mozilla\firefox\profiles\9ozk9k0x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/webhp?hl=bs&output=html
FF - plugin: c:\novi programi\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\novi programi\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\novi programi\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\novi programi\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\novi programi\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\novi programi\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\novi programi\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\novi programi\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\novi programi\quicktime\plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 aawservice;Lavasoft Ad-Aware Service;c:\novi programi\adaware\aawservice.exe [2008-6-2 611664]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2009-2-20 462212]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2010-03-17 12:06:24 0 d-----w- c:\docume~1\nikola\applic~1\Auslogics
2010-03-15 20:46:41 4096 ----a-w- c:\windows\d3dx.dat
2010-03-14 11:44:44 0 ----a-w- c:\documents and settings\nikola\Desktop.ini
2010-03-13 18:31:32 8486 ----a-w- C:\XIN-A.$HS
2010-03-13 13:25:38 143872 --sh--r- c:\documents and settings\nikola\csrss.exe
2010-03-09 15:30:34 0 d-----w- c:\windows\system32\appmgmt
2010-02-28 15:33:55 38 ----a-w- c:\windows\avisplitter.INI
2010-02-28 15:11:13 0 d-----w- c:\docume~1\alluse~1\applic~1\SoftPerfect
2010-02-25 21:19:21 0 d-----w- c:\docume~1\nikola\applic~1\EbkReader
2010-02-25 21:19:20 25088 ----a-w- c:\windows\system32\ebkp.dll
2010-02-25 20:51:14 0 d-----w- c:\windows\Downloaded Installations
2010-02-23 13:36:05 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-22 23:15:59 545 ----a-w- c:\windows\UC.PIF
2010-02-22 23:15:59 545 ----a-w- c:\windows\RAR.PIF
2010-02-22 23:15:59 545 ----a-w- c:\windows\PKZIP.PIF
2010-02-22 23:15:59 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-02-22 23:15:59 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-02-22 23:15:59 545 ----a-w- c:\windows\LHA.PIF
2010-02-22 23:15:59 545 ----a-w- c:\windows\ARJ.PIF
2010-02-22 23:15:59 0 d-----w- c:\docume~1\nikola\applic~1\GHISLER

==================== Find3M ====================

2010-03-05 11:57:56 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-27 22:24:25 411368 ----a-w- c:\windows\system32\deploytk.dll

============= FINISH: 18:11:08.32 ===============

mycity.rs/must-login.png

Dopuna: 18 Mar 2010 18:17

Eto,nadam se da cete naci problem..i izvinjavam se sto sam pitala ono pitanje...Hvala

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Gde su gmer ili rootrepeal logovi

i ne potcenjujem te...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 18 Mar 2010 19:01

Evo evo, sporo ide pa reko mozda se nesto i moze od ovog procitati...nego dok stignu gmerovi, morala sam restartovati rac i ponovo mi se pojavio ovaj problem, dakle nisam ga rijesila sa search and destroy. Nista onda, kad stavim podatke, nadam se da ce biti kakvo rjesenje, i da, sporo mi podize sistem, pa i ako tu nesto moze da se rijesi iz ovih silnih podata:)...pozz

Dopuna: 18 Mar 2010 20:54

Evo konacno i Gmerovi...

ps. moram da napomenem da mi je nakon svakog skena zablokirao komp a i net mi je malo usporio...
mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 18 Mar 2010 21:48

ComboFix 10-03-17.07 - Nikola 03/18/2010 21:33:47.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.654 [GMT 1:00]
Running from: c:\documents and settings\Nikola\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nikola\csrss.exe
c:\windows\jestertb.dll
c:\windows\system32\vb6ko.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SKYNET
-------\Service_SKYNET


((((((((((((((((((((((((( Files Created from 2010-02-18 to 2010-03-18 )))))))))))))))))))))))))))))))
.

2010-03-17 12:06 . 2010-03-17 12:06 -------- d-----w- c:\documents and settings\Nikola\Application Data\Auslogics
2010-03-16 13:43 . 2010-03-16 13:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-03-15 20:46 . 2010-03-15 20:46 4096 ----a-w- c:\windows\d3dx.dat
2010-02-28 15:11 . 2010-02-28 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SoftPerfect
2010-02-25 21:19 . 2010-02-25 21:19 -------- d-----w- c:\documents and settings\Nikola\Application Data\EbkReader
2010-02-25 21:19 . 2010-02-25 21:19 25088 ----a-w- c:\windows\system32\ebkp.dll
2010-02-25 20:51 . 2010-02-25 20:51 -------- d-----w- c:\windows\Downloaded Installations
2010-02-23 15:26 . 2010-02-23 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-23 15:24 . 2010-02-23 15:24 -------- d-----w- c:\program files\Common Files\Apple
2010-02-23 15:23 . 2010-02-23 15:23 -------- d-----w- c:\program files\Apple Software Update
2010-02-23 15:23 . 2010-02-23 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-23 13:36 . 2010-02-23 13:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-22 23:15 . 2010-02-24 15:49 -------- d-----w- c:\documents and settings\Nikola\Application Data\GHISLER
2010-02-22 23:15 . 2009-04-30 06:50 545 ----a-w- c:\windows\UC.PIF
2010-02-22 23:15 . 2009-04-30 06:50 545 ----a-w- c:\windows\RAR.PIF
2010-02-22 23:15 . 2009-04-30 06:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-02-22 23:15 . 2009-04-30 06:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-02-22 23:15 . 2009-04-30 06:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-02-22 23:15 . 2009-04-30 06:50 545 ----a-w- c:\windows\LHA.PIF
2010-02-22 23:15 . 2009-04-30 06:50 545 ----a-w- c:\windows\ARJ.PIF
2010-02-22 00:17 . 2010-02-22 00:17 -------- d-----w- c:\documents and settings\Nikola\Application Data\Apple Computer
2010-02-22 00:02 . 2010-02-22 00:02 -------- d-----w- c:\documents and settings\Nikola\Local Settings\Application Data\Apple
2010-02-22 00:01 . 2010-02-22 00:01 -------- d-----w- c:\documents and settings\Nikola\Local Settings\Application Data\Apple Computer
2010-02-21 22:25 . 2010-02-21 22:25 -------- d-----w- c:\documents and settings\Nikola\Local Settings\Application Data\WMTools Downloaded Files
2010-02-17 20:36 . 2010-03-08 10:02 -------- d-----w- c:\documents and settings\Nikola\Application Data\Skype
2010-02-17 20:35 . 2010-02-17 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 23:39 . 2009-02-20 17:09 -------- d-----w- c:\documents and settings\Nikola\Application Data\BSplayer Pro
2010-03-16 12:45 . 2009-02-20 12:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 11:57 . 2009-02-22 15:47 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-05 11:52 . 2009-02-21 11:37 -------- d-----w- c:\documents and settings\Nikola\Application Data\Canon
2010-02-23 13:36 . 2009-07-11 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-27 22:24 . 2010-01-27 22:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-21 16:16 . 2009-02-20 16:21 -------- d-----w- c:\documents and settings\Nikola\Application Data\Ahead
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"SW20"="c:\windows\system32\sw20.exe" [2006-12-15 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-12-15 69632]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-12-15 217088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"QuickTime Task"="c:\novi programi\QuickTime\QTTask.exe" [2010-02-15 417792]
"NetWorx"="c:\novi programi\NetWorx\networx.exe" [2009-02-14 1411584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\TechniSat DVB\\bin\\Server4PC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"d:\\My Documents\\bilja\\totalcmd\\TOTALCMD.EXE"=
"c:\\Novi Programi\\Skype\\Phone\\Skype.exe"=
"d:\\My Documents\\bilja\\games\\setups\\European Street Racing\\European Street Racing.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
Handler: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - c:\windows\system32\ebkp.dll
FF - ProfilePath - c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\9ozk9k0x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/webhp?hl=bs&output=html
FF - plugin: c:\novi programi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\novi programi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\novi programi\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\novi programi\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\novi programi\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\novi programi\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\novi programi\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\novi programi\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\novi programi\QuickTime\Plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Washer - c:\program files\Washer\washer.exe
HKCU-Run-AdobeBridge - (no file)
HKLM-RunServicesOnce-washindex - c:\program files\Washer\washidx.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-03-18 21:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1660)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\novi programi\AdAware\aawservice.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AirLive\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-18 21:45:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-18 20:45

Pre-Run: 8,038,387,712 bytes free
Post-Run: 7,919,931,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - A83FEC4D77253C99FBE90AC37BC386AD

Dopuna: 19 Mar 2010 0:47

Takodje, moram da napomenem da imam na usb-u fajl autorun.txt. Citala sam sta je to zapravo, pa me zanima poslije ciscenja kompa kako da se zastitim od toga da mi se ponovo prenese ovaj autorun u komp. Da li to moze da se izvede na sledeci nacin:da isljucim opciju autorun putem gpedit.msc, pa da programom USB Disk Security pokusam obrisati sve na USB?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zipuj sledeci folder :

C:\qoobox

I posalji mi preko sledeceg linka :

http://www.mycity.rs/ambulanta-upload.php