MyCity » Ambulanta -> Arhiva Ambulante » Pomoc oko virusa!!!! Help..

Pomoc oko virusa!!!! Help..

Napisano na dan: 26.4.2009

Strana:
1
2
3

Pomoc oko virusa!!!! Help..

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

raskee Poslao: 26 Apr 2009 21:15 Idi na vrh
offline raskee Građanin Pridružio: 26 Apr 2009 Poruke: 42 Gde živiš: Bijeljina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 26 Apr 2009 19:13 Upload-ova sam.. Nisam znao da trebam da skinem kvachicu sa Hide protected operating system files..tj. nisam ni obracao pazhnju na to..a uradio sam pre toga za show hidden files and folders. =) Dopuna: 26 Apr 2009 19:14 Hehe..btw, ja igram Ogame Dopuna: 26 Apr 2009 21:13 ???????????????????????????? Dopuna: 26 Apr 2009 21:15 Izvini shto smaram..al' et'..

Profil

helen1 Poslao: 26 Apr 2009 22:31 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 26 Apr 2009 21:16 Javljam se u toku veceri.... Dopuna: 26 Apr 2009 22:31 Ugasi zastitu ponovo. Otvoriti Notepad i iskopirati sledeci tekst: File:: d:\windows\system\stm.exe D:\Sys.exe d:\documents and settings\drummer\Start Menu\Programs\Startup\090C8.exe.exe d:\documents and settings\drummer\Start Menu\Programs\Startup\6D5DA.exe.exe d:\documents and settings\drummer\Start Menu\Programs\Startup\85550.exe.exe d:\documents and settings\drummer\Start Menu\Programs\Startup\AA9C0.exe.exe d:\documents and settings\drummer\Start Menu\Programs\Startup\ mel.bat110316 AM.bat d:\documents and settings\drummer\Start Menu\Programs\Startup\mel.bat112919 PM.bat d:\windows\system\taksmrg.exe Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

raskee Poslao: 26 Apr 2009 22:54 Idi na vrh
offline raskee Građanin Pridružio: 26 Apr 2009 Poruke: 42 Gde živiš: Bijeljina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-04-25.A3 - drummer 04/26/2009 22:47.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.905 [GMT 2:00] Running from: d:\documents and settings\drummer\Desktop\ComboFix.exe Command switches used :: d:\documents and settings\drummer\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: d:\documents and settings\drummer\Start Menu\Programs\Startup\090C8.exe.exe d:\documents and settings\drummer\Start Menu\Programs\Startup\6D5DA.exe.exe d:\documents and settings\drummer\Start Menu\Programs\Startup\85550.exe.exe d:\documents and settings\drummer\Start Menu\Programs\Startup\AA9C0.exe.exe D:\Sys.exe d:\windows\system\stm.exe d:\documents and settings\drummer\Start Menu\Programs\Startup\ :#: . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . d:\documents and settings\drummer\Start Menu\Programs\Startup\090C8.exe.exe d:\documents and settings\drummer\Start Menu\Programs\Startup\6D5DA.exe.exe d:\documents and settings\drummer\Start Menu\Programs\Startup\85550.exe.exe d:\documents and settings\drummer\Start Menu\Programs\Startup\AA9C0.exe.exe D:\Sys.exe . ((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 ))))))))))))))))))))))))))))))) . 2009-04-26 13:38 . 2009-04-26 13:39 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\Google 2009-04-26 13:38 . 2009-04-26 13:38 -------- d-----w d:\program files\Google 2009-04-26 09:09 . 2009-04-26 10:02 1199928 ----a-w d:\windows\system\Updateor.exe 2009-04-25 17:28 . 2009-04-25 17:28 -------- d-----w d:\documents and settings\drummer\dwhelper 2009-04-25 14:33 . 2009-04-25 14:33 205 ----a-w d:\windows\wininit.ini 2009-04-25 14:16 . 2009-04-25 14:22 -------- d-----w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-25 09:06 . 2009-04-25 09:06 -------- d-----w d:\documents and settings\drummer\Application Data\AdobeUM 2009-04-25 09:06 . 2009-04-25 09:06 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\Adobe 2009-04-25 09:05 . 2009-04-25 09:05 -------- d-----w d:\program files\Common Files\Adobe 2009-04-24 15:51 . 2009-04-24 15:51 -------- d-----w d:\documents and settings\All Users\Application Data\Last.fm 2009-04-24 15:08 . 2009-04-24 15:08 128000 ----a-w d:\windows\system\ChromePass.exe 2009-04-24 15:08 . 2009-04-24 15:08 132597 ----a-w d:\windows\system\chromepass.zip 2009-04-24 15:08 . 2009-04-25 16:33 30720 ----a-w d:\windows\system\VNCPassView.exe 2009-04-24 15:08 . 2009-04-25 16:33 33553 ----a-w d:\windows\system\vncpassview.zip 2009-04-24 15:08 . 2009-04-25 16:33 42496 ----a-w d:\windows\system\iepv.exe 2009-04-24 15:07 . 2009-04-25 16:33 49799 ----a-w d:\windows\system\ipw.zip 2009-04-24 12:34 . 2009-04-24 12:34 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\DFX 2009-04-24 12:25 . 2009-04-24 12:25 -------- d-----w d:\documents and settings\All Users\Application Data\DFX 2009-04-24 12:25 . 2009-04-24 12:25 -------- d-----w d:\program files\DFX 2009-04-23 23:21 . 2009-04-23 23:21 -------- d-----w d:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-04-23 23:20 . 2009-04-23 23:22 -------- d-----w d:\documents and settings\drummer\Application Data\DAEMON Tools Lite 2009-04-23 23:15 . 2009-04-23 23:15 -------- d-----w d:\program files\DAEMON Tools Toolbar 2009-04-23 23:14 . 2009-04-23 23:22 -------- d-----w d:\documents and settings\drummer\Application Data\DAEMON Tools 2009-04-23 23:13 . 1997-06-02 10:32 314880 ----a-w d:\windows\IsUninst.exe 2009-04-23 23:13 . 2009-04-23 23:13 -------- d-----w d:\documents and settings\drummer\WINDOWS 2009-04-23 22:54 . 2009-04-23 23:15 47104 ----a-w d:\windows\system32\KMVIDC32.DLL 2009-04-22 23:58 . 2001-08-17 20:36 8704 -c--a-w d:\windows\system32\dllcache\kbdjpn.dll 2009-04-22 23:58 . 2001-08-17 20:36 8704 ----a-w d:\windows\system32\kbdjpn.dll 2009-04-22 23:58 . 2001-08-17 20:36 8192 -c--a-w d:\windows\system32\dllcache\kbdkor.dll 2009-04-22 23:58 . 2001-08-17 20:36 8192 ----a-w d:\windows\system32\kbdkor.dll 2009-04-22 23:58 . 2001-08-17 12:55 6144 -c--a-w d:\windows\system32\dllcache\kbd106.dll 2009-04-22 23:58 . 2001-08-17 12:55 6144 -c--a-w d:\windows\system32\dllcache\kbd101c.dll 2009-04-22 23:58 . 2001-08-17 12:55 6144 ----a-w d:\windows\system32\kbd106.dll 2009-04-22 23:58 . 2001-08-17 12:55 6144 ----a-w d:\windows\system32\kbd101c.dll 2009-04-22 23:58 . 2001-08-17 12:55 5632 -c--a-w d:\windows\system32\dllcache\kbd103.dll 2009-04-22 23:58 . 2001-08-17 12:55 5632 ----a-w d:\windows\system32\kbd103.dll 2009-04-22 23:58 . 2001-08-17 12:55 6144 -c--a-w d:\windows\system32\dllcache\kbd101b.dll 2009-04-22 23:58 . 2001-08-17 12:55 6144 ----a-w d:\windows\system32\kbd101b.dll 2009-04-22 23:09 . 2009-04-22 23:16 -------- d-----w d:\documents and settings\drummer\Application Data\Red Alert 3 2009-04-22 21:29 . 2009-04-22 21:29 192512 ----a-w d:\windows\system\ICSharpCode.SharpZipLib.dll 2009-04-22 21:29 . 2009-04-22 21:29 271360 ----a-w d:\windows\system\MonoTorrent.dll 2009-04-22 21:29 . 2009-04-22 21:29 57344 ----a-w d:\windows\system\MSNMessengerAPI.dll 2009-04-22 21:28 . 2009-04-22 21:29 915832 ----a-w d:\windows\system\taksmrg.exe 2009-04-22 20:23 . 2009-04-23 23:23 -------- d-----w d:\documents and settings\drummer\Application Data\Hamachi 2009-04-22 20:23 . 2009-04-22 20:23 25280 ----a-w d:\windows\system32\drivers\hamachi.sys 2009-04-22 16:29 . 2005-05-26 13:34 2297552 ----a-w d:\windows\system32\d3dx9_26.dll 2009-04-22 16:17 . 2009-04-22 16:17 -------- d-----w d:\windows\Logs 2009-04-21 19:06 . 2009-04-26 12:24 69 ----a-w d:\windows\NeroDigital.ini 2009-04-21 19:01 . 2009-04-21 19:01 -------- d-----w d:\program files\ASIO4ALL v2 2009-04-21 19:01 . 2006-06-20 08:56 225280 ----a-w d:\windows\system32\rewire.dll 2009-04-21 19:00 . 2002-07-07 22:14 1294336 ----a-w d:\windows\system32\vorbis.acm 2009-04-21 18:59 . 2009-04-21 19:01 -------- d-----w d:\program files\Image-Line 2009-04-21 18:59 . 2009-04-21 18:59 -------- d-----w d:\program files\Outsim 2009-04-21 18:57 . 2009-04-21 18:57 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\ESET 2009-04-21 18:33 . 2004-03-02 15:37 125184 ------w d:\windows\system32\drivers\imagesrv.sys 2009-04-21 18:33 . 2004-03-02 15:37 5504 ------w d:\windows\system32\drivers\imagedrv.sys 2009-04-21 18:33 . 2000-06-26 09:45 106496 ----a-w d:\windows\system32\TwnLib20.dll 2009-04-21 18:33 . 2004-07-26 15:16 476320 ------w d:\windows\system32\ImagXpr7.dll 2009-04-21 18:33 . 2004-07-26 15:16 471040 ------w d:\windows\system32\ImagXRA7.dll 2009-04-21 18:33 . 2004-07-26 15:16 262144 ------w d:\windows\system32\ImagXR7.dll 2009-04-21 18:33 . 2004-07-26 15:16 1568768 ------w d:\windows\system32\ImagX7.dll 2009-04-21 18:32 . 2001-07-09 09:50 155648 ----a-w d:\windows\system32\NeroCheck.exe 2009-04-21 18:31 . 2009-04-21 18:31 -------- d-----w d:\program files\Common Files\Ahead 2009-04-21 13:01 . 2009-04-21 13:01 376 ----a-w d:\windows\ODBC.INI 2009-04-21 13:00 . 2009-04-21 13:00 -------- d-----w d:\program files\Microsoft ActiveSync 2009-04-21 12:56 . 2009-04-21 13:00 -------- d-----w d:\windows\ShellNew 2009-04-20 21:25 . 2009-04-20 21:25 -------- d-----w d:\documents and settings\All Users\Application Data\TEMP 2009-04-20 21:15 . 2009-04-20 21:15 321144 --sh--w d:\windows\system\taksmgr.exe 2009-04-20 20:55 . 2009-04-20 20:55 -------- d-----w d:\documents and settings\LocalService\Local Settings\Application Data\ESET 2009-04-20 20:17 . 2009-04-20 20:17 -------- d-----w d:\documents and settings\drummer\Application Data\Media Player Classic 2009-04-20 16:11 . 2009-04-20 16:11 3932214 ----a-w d:\windows\BricoPack Wallpaper.bmp 2009-04-20 16:09 . 2009-04-20 16:10 -------- d-----w d:\windows\Packs 2009-04-19 13:56 . 2009-04-19 13:56 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\Identities 2009-04-19 12:55 . 2009-04-19 12:55 83 ----a-w d:\windows\wwp.INI 2009-04-18 22:15 . 2009-04-20 22:20 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\BS_Player 2009-04-18 22:15 . 2009-04-18 22:15 -------- d-----w d:\program files\Conduit 2009-04-18 22:15 . 2009-04-18 22:15 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\Conduit 2009-04-18 22:15 . 2009-04-18 22:15 -------- d-----w d:\program files\BS_Player 2009-04-18 22:15 . 2009-04-18 22:17 -------- d-----w d:\documents and settings\drummer\Application Data\BSplayer 2009-04-18 22:15 . 2009-04-18 22:15 -------- d-----w d:\documents and settings\drummer\Application Data\BSplayer Pro 2009-04-18 22:08 . 2004-08-03 21:08 26496 -c--a-w d:\windows\system32\dllcache\usbstor.sys 2009-04-18 21:52 . 2009-04-18 21:52 -------- d-----w d:\documents and settings\drummer\Application Data\Thinking Minds Budiling Bytes 2009-04-18 17:21 . 2009-04-26 12:45 -------- d-----w d:\documents and settings\drummer\Application Data\uTorrent 2009-04-18 16:59 . 2009-04-26 13:10 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\Last.fm 2009-04-18 16:02 . 2009-04-18 16:02 -------- d-s---w d:\documents and settings\drummer\UserData 2009-04-18 10:58 . 2009-04-18 10:58 721904 ----a-w d:\windows\system32\drivers\sptd.sys 2009-04-18 10:58 . 2009-04-18 10:58 -------- d-----w d:\documents and settings\drummer\Application Data\DAEMON Tools Pro 2009-04-18 10:25 . 2009-04-26 11:57 -------- d-----w d:\documents and settings\drummer\Tracing 2009-04-18 10:19 . 2009-04-18 10:19 -------- d-----w d:\program files\Microsoft 2009-04-18 10:19 . 2009-04-18 10:19 -------- d-----w d:\program files\Windows Live SkyDrive 2009-04-18 10:18 . 2009-04-18 10:23 -------- d-----w d:\program files\Windows Live 2009-04-18 10:07 . 2009-04-26 20:31 -------- d-----w d:\documents and settings\drummer\Application Data\Skype 2009-04-18 10:07 . 2009-04-18 10:07 -------- d-----w d:\program files\Skype 2009-04-18 10:07 . 2009-04-18 10:07 -------- d-----w d:\program files\Common Files\Skype 2009-04-18 10:07 . 2009-04-18 10:07 -------- d-----w d:\documents and settings\All Users\Application Data\Skype 2009-04-18 10:06 . 2009-04-18 10:06 0 ----a-w d:\windows\nsreg.dat 2009-04-18 10:06 . 2009-04-18 10:06 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\Mozilla 2009-04-18 10:05 . 2009-04-18 10:05 -------- d-----w d:\program files\Common Files\Windows Live 2009-04-18 10:04 . 2009-04-18 10:04 -------- d-----w d:\program files\ESET 2009-04-18 10:04 . 2009-04-18 10:04 -------- d-----w d:\documents and settings\All Users\Application Data\ESET 2009-04-18 09:55 . 2009-02-20 19:13 111544 ----a-w d:\windows\system32\nvapps.xml 2009-04-18 09:54 . 2009-04-18 09:54 -------- d-----w d:\windows\nview 2009-04-18 09:54 . 2009-02-20 19:13 356352 ----a-w d:\windows\system32\nvudisp.exe 2009-04-18 09:54 . 2009-02-20 19:13 17463 ----a-w d:\windows\system32\nvdisp.nvu 2009-04-18 09:53 . 2009-04-21 22:52 18128 ----a-w d:\documents and settings\drummer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-18 09:51 . 2009-04-18 09:51 940794 ----a-w d:\windows\system32\LoopyMusic.wav 2009-04-18 09:51 . 2009-04-18 09:51 146650 ----a-w d:\windows\system32\BuzzingBee.wav 2009-04-18 09:51 . 2009-04-18 09:51 -------- d-----w d:\windows\system32\Lang 2009-04-18 09:45 . 2004-11-18 08:42 22752 ----a-w d:\windows\system32\spupdsvc.exe 2009-04-18 09:44 . 2009-04-18 09:44 -------- d-----w d:\documents and settings\LocalService\Local Settings\Application Data\NVIDIA Corporation 2009-04-18 09:44 . 2009-04-18 09:44 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\NVIDIA Corporation 2009-04-18 09:44 . 2009-04-18 09:44 -------- d-----w d:\program files\NVIDIA Corporation 2009-04-18 09:42 . 2009-04-18 09:42 -------- d-----w D:\NVIDIA 2009-04-18 09:41 . 2009-04-18 09:41 -------- d-----w d:\program files\Acer 2009-04-18 09:40 . 2009-04-18 09:40 -------- d-----w d:\program files\Launch Manager 2009-04-18 09:40 . 2009-04-18 09:40 -------- d-----w d:\windows\Options 2009-04-18 09:40 . 2009-04-18 09:40 -------- d-----w d:\program files\Atheros 2009-04-18 09:40 . 2007-06-25 01:37 21936 ----a-w d:\windows\system32\net5211.cat 2009-04-18 09:40 . 2007-06-21 20:58 547072 ----a-w d:\windows\system32\drivers\ar5211.sys 2009-04-18 09:40 . 2007-06-21 20:58 547072 ----a-w d:\windows\system32\ar5211.sys 2009-04-18 09:40 . 2007-06-21 20:58 93138 ----a-w d:\windows\system32\net5211.inf 2009-04-18 09:40 . 2007-01-09 07:25 8 --sha-r d:\windows\system32\Desktop_.ini 2009-04-18 09:39 . 2009-04-18 09:39 -------- d-----w d:\documents and settings\All Users\Application Data\Atheros 2009-04-18 09:39 . 2009-04-18 09:40 83 ----a-w d:\windows\LManager.UNI 2009-04-18 09:34 . 2007-03-21 20:02 37376 ----a-w d:\windows\system32\drivers\rixdptsk.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-26 14:06 . 2009-04-18 10:08 -------- d-----w d:\documents and settings\drummer\Application Data\skypePM 2009-04-24 12:45 . 2009-04-24 12:24 -------- d-----w d:\documents and settings\drummer\Application Data\Winamp 2009-04-20 16:10 . 2004-08-03 22:56 218624 ----a-w d:\windows\system32\uxtheme.dll 2009-04-20 09:35 . 2009-04-17 23:30 86327 ----a-w d:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-18 10:09 . 2009-04-18 10:08 -------- d-----w d:\program files\K-Lite Codec Pack 2009-04-18 09:45 . 2009-04-18 09:45 -------- d-----w d:\program files\Realtek 2009-04-18 09:45 . 2009-04-18 09:45 319488 ----a-w d:\windows\HideWin.exe 2009-04-17 23:31 . 2009-04-17 23:31 -------- d-----w d:\program files\microsoft frontpage 2009-04-17 23:27 . 2009-04-17 23:27 21640 ----a-w d:\windows\system32\emptyregdb.dat 2009-03-16 12:18 . 2009-04-22 16:30 69448 ----a-w d:\windows\system32\XAPOFX1_3.dll 2009-03-16 12:18 . 2009-04-22 16:30 517448 ----a-w d:\windows\system32\XAudio2_4.dll 2009-03-16 12:18 . 2009-04-22 16:30 235352 ----a-w d:\windows\system32\xactengine3_4.dll 2009-03-16 12:18 . 2009-04-22 16:30 22360 ----a-w d:\windows\system32\X3DAudio1_6.dll 2009-03-09 13:27 . 2009-04-22 16:30 453456 ----a-w d:\windows\system32\d3dx10_41.dll 2009-03-09 13:27 . 2009-04-22 16:30 1846632 ----a-w d:\windows\system32\D3DCompiler_41.dll 2009-03-09 13:27 . 2009-04-22 16:30 4178264 ----a-w d:\windows\system32\D3DX9_41.dll 2009-02-20 19:13 . 2007-07-24 07:12 3620864 ----a-w d:\windows\system32\nvvitvsr.dll 2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w d:\windows\system32\sirenacm.dll . ------- Sigcheck ------- [-] 2004-08-03 22:56 1134080 0657A5B234A9ABB3F0B63E2F422220B5 d:\windows\system32\WININET.DLL [-] 2004-08-03 22:56 1134080 0657A5B234A9ABB3F0B63E2F422220B5 d:\windows\system32\dllcache\wininet.dll [-] 2004-08-03 22:56 2710528 8A5CD5A66652EF0C3A1DA80E1BBD13AA d:\windows\explorer.exe [-] 2004-08-03 22:56 2710528 8A5CD5A66652EF0C3A1DA80E1BBD13AA d:\windows\system32\dllcache\explorer.exe [-] 2004-08-03 22:56 247808 90F22357BDE642442720A09BBCF8031E d:\windows\system32\wuauclt.exe [-] 2004-08-03 22:56 247808 90F22357BDE642442720A09BBCF8031E d:\windows\system32\dllcache\wuauclt.exe . ((((((((((((((((((((((((((((( SnapShot@2009-04-26_11.52.31 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-05 22:33 . 2009-01-05 22:33 3751995 d:\windows\system32\GPhotos.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 2009-03-10 09:47 2079256 ----a-w d:\program files\BS_Player\tbBS_P.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "d:\program files\BS_Player\tbBS_P.dll" [2009-03-10 2079256] [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "d:\program files\BS_Player\tbBS_P.dll" [2009-03-10 2079256] [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-20 81920] "Skype"="d:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320] "msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LManager"="d:\progra~1\LAUNCH~1\LManager.exe" [2007-07-23 752136] "NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-20 8433664] "NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-20 81920] "egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "WinampAgent"="e:\program files\Winamp\winampa.exe" [2009-04-10 37888] "RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2008-09-30 16864768] "nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2009-02-20 1626112] d:\documents and settings\drummer\Start Menu\Programs\Startup\ mel.bat110316 AM.bat [2009-4-26 128] mel.bat112919 PM.bat [2009-4-26 128] Y'z Toolbar.lnk - d:\windows\Packs\Crystal XP\YzToolbar\YzToolbar.exe [2009-4-20 90112] d:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - e:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-7 83360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "e:\\Program Files\\Valve\\hl.exe"= "e:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\worms\\WWP\\wwp.exe"= "d:\\Program Files\\Skype\\Phone\\Skype.exe"= S1 epfwtdir;epfwtdir;d:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800] S2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = login.live.com/ppsecure/sha1auth.srf?lc=1033 FF - ProfilePath - d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - component: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll FF - component: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: e:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-26 22:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1644491937-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D652261-5448-9EDE-3CCB-097AABB7C6BF}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "hanffdagmghdhjno"=hex:61,61,00,7c "janffdagmghdhjnoamen"=hex:63,61,6d,70,64,67,00,7c "pafhiebijaefgmnlkidbdklaeknimjij"=hex:64,61,65,6a,61,69,6e,64,00,00 . Completion time: 2009-04-26 22:50 ComboFix-quarantined-files.txt 2009-04-26 20:50 ComboFix2.txt 2009-04-26 11:53 Pre-Run: 7,527,022,592 bytes free Post-Run: 7,519,019,008 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe 272

Profil

helen1 Poslao: 26 Apr 2009 23:00 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Aj probaj rucno da obrises: d:\documents and settings\drummer\Start Menu\Programs\Startup\ mel.bat110316 AM.bat d:\documents and settings\drummer\Start Menu\Programs\Startup\mel.bat112919 PM.bat

Profil

raskee Poslao: 26 Apr 2009 23:02 Idi na vrh
offline raskee Građanin Pridružio: 26 Apr 2009 Poruke: 42 Gde živiš: Bijeljina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obrisao sam... >>next??

Profil

helen1 Poslao: 26 Apr 2009 23:06 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kad smo vec tu da pogledamo i fleske: - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

raskee Poslao: 26 Apr 2009 23:11 Idi na vrh
offline raskee Građanin Pridružio: 26 Apr 2009 Poruke: 42 Gde živiš: Bijeljina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 26 Apr 2009 23:08 a shta ako nemam ni jedan od ovih uredjaja?? =( Dopuna: 26 Apr 2009 23:09 Shalim se bre Reko da se ne smorish :p Dopuna: 26 Apr 2009 23:11 USBNoRisk 2.1 by bobby Started at 4/26/2009 11:08:32 PM Scanning for connected USB Mass storage... ---------------------------------------- ======================================== Scanning for other storage... ---------------------------------------- C: {3a2fbe7f-2b8f-11de-8789-806d6172696f} D: {3a2fbe80-2b8f-11de-8789-806d6172696f} E: {3a2fbe81-2b8f-11de-8789-806d6172696f} ======================================== Scanning fixed storage for autorun.inf files... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 3a2fbe7f-2b8f-11de-8789-806d6172696f ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 3a2fbe80-2b8f-11de-8789-806d6172696f ---------------------------------------- No blocked files found on E: No Autorun.inf files found on E: No mountpoint found for E: No mountpoint found for 3a2fbe81-2b8f-11de-8789-806d6172696f ---------------------------------------- autorun.inf found in Qoobox ---------------------------------------- Content of D:\QooBox\Quarantine\C\autorun.inf.vir ---------------------------------------- [autorun] shellexecute=sys.exe ---------------------------------------- Content of D:\QooBox\Quarantine\D\autorun.inf.vir ---------------------------------------- [autorun] shellexecute=sys.exe ---------------------------------------- Content of D:\QooBox\Quarantine\E\autorun.inf.vir ---------------------------------------- [autorun] shellexecute=sys.exe ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 4/26/2009 11:08:45 PM Scanning for connected USB mass storage... ---------------------------------------- H: {19c1830e-2c3a-11de-850c-001f3a094f5c} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on H: ---------------------------------------- No Autorun.inf files found on H: Sanitized mountpoint for 19c1830e-2c3a-11de-850c-001f3a094f5c ---------------------------------------- No Desktop.ini files found on H: ---------------------------------------- No mimics found on drive H: ======================================== ======================================== Removed H: ======================================== New device connected at 4/26/2009 11:08:58 PM Scanning for connected USB mass storage... ---------------------------------------- H: {19c1830e-2c3a-11de-850c-001f3a094f5c} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on H: ---------------------------------------- No Autorun.inf files found on H: No mountpoint found for 19c1830e-2c3a-11de-850c-001f3a094f5c ---------------------------------------- No Desktop.ini files found on H: ---------------------------------------- No mimics found on drive H: ======================================== ======================================== Removed H: ======================================== New device connected at 4/26/2009 11:09:12 PM Scanning for connected USB mass storage... ---------------------------------------- H: {19c1830e-2c3a-11de-850c-001f3a094f5c} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on H: ---------------------------------------- No Autorun.inf files found on H: No mountpoint found for 19c1830e-2c3a-11de-850c-001f3a094f5c ---------------------------------------- No Desktop.ini files found on H: ---------------------------------------- No mimics found on drive H: ======================================== ======================================== Removed H: ======================================== New device connected at 4/26/2009 11:09:26 PM Scanning for connected USB mass storage... ---------------------------------------- H: {19c1830e-2c3a-11de-850c-001f3a094f5c} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on H: ---------------------------------------- No Autorun.inf files found on H: No mountpoint found for 19c1830e-2c3a-11de-850c-001f3a094f5c ---------------------------------------- No Desktop.ini files found on H: ---------------------------------------- No mimics found on drive H: ======================================== ======================================== Removed H: ========================================

Profil

helen1 Poslao: 26 Apr 2009 23:56 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvori Notepad i iskopiraj sledece: `dir c:\.exe > c:\log.txt dir /A:SH c:\.exe >> c:\log.txt dir d:\.exe >> c:\log.txt dir /A:SH d:\.exe >> c:\log.txt dir e:\.exe >> c:\log.txt dir /A:SH e:\.exe >> c:\log.txt notepad c:\log.txt` sacuvaj kao pogledaj.bat, pokreni ga i okaci mi log koji ce se pojaviti.

Profil

raskee Poslao: 27 Apr 2009 00:05 Idi na vrh
offline raskee Građanin Pridružio: 26 Apr 2009 Poruke: 42 Gde živiš: Bijeljina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Volume in drive C is Media Volume Serial Number is 2A55-96BC Directory of c:\ Volume in drive C is Media Volume Serial Number is 2A55-96BC Directory of c:\ 04/25/2009 06:24 PM 915,832 Sys.exe 1 File(s) 915,832 bytes 0 Dir(s) 17,416,601,600 bytes free Volume in drive D is System Volume Serial Number is E013-595D Directory of d:\ Volume in drive D is System Volume Serial Number is E013-595D Directory of d:\ Volume in drive E is Installs Volume Serial Number is 38A5-9EF1 Directory of e:\ Volume in drive E is Installs Volume Serial Number is 38A5-9EF1 Directory of e:\ 04/25/2009 06:24 PM 915,832 Sys.exe 1 File(s) 915,832 bytes 0 Dir(s) 74,515,533,824 bytes free

Profil

helen1 Poslao: 27 Apr 2009 00:17 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvori Notepad i iskopiraj: `del /A:HS c:\sys.exe del /A:HS e:\sys.exe dir /A:SH c:\.exe > c:\log.txt dir /A:SH e:\.exe >> c:\log.txt notepad c:\log.txt` i savuvaj kao bla.bat i postavi mi novi log koji ces dobiti.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc oko virusa!!!! Help..

Ko je trenutno na forumu

Ukupno su 943 korisnika na forumu :: 17 registrovanih, 1 sakriven i 925 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., Aleksandar Tomić, banebeograd, ccoogg123, Dannyboy, Djokislav, esx66, Ksh037, Lazarus, Milos82, Mixelotti, S2M, stagezin, Trpe Grozni, VJ, vladulns

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by