MyCity » Ambulanta -> Arhiva Ambulante » Prekid inte

Prekid inte

Napisano na dan: 15.12.2010

Strana:
1
2
3
4

Prekid inte

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

backatopola Poslao: 15 Dec 2010 23:30 Idi na vrh
offline backatopola Građanin Pridružio: 29 Nov 2009 Poruke: 77	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! pre ove tvoje zadnje poruke sam ga restartovo i ievo na fotou ipet antivir detektuje trojanca!

Profil

argus Poslao: 16 Dec 2010 08:38 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da nisi mozda prikacen ne neku mrezu, ako jesi iskljuci se sa mreze. Skini ovu zakrpu pa instaliraj; http://www.microsoft.com/downloads/en/details.aspx.....laylang=en Ako si deinstalirao Combofix, skini novu verziju, pokreni ga ponovo pa mi postavi novi log. Iskljuci AV obavezno, kod Avire je to bar lako. Ne prikljucuj flash drive dok ti ja ne kazem.

Profil

backatopola Poslao: 16 Dec 2010 10:45 Idi na vrh
offline backatopola Građanin Pridružio: 29 Nov 2009 Poruke: 77	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Neznam na kakvu mrežu misliš, sem na kablovski internet nisam ninašta prikopčan, instaliro sam zakrpu i evo log ComboFix 10-12-15.06 - KOKI 16.12.2010 10:38:43.9.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.511.299 [GMT 1:00] Running from: c:\documents and settings\KOKI\Desktop\ComboFix.exe AV: AntiVir Desktop Enabled/Updated {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 ))))))))))))))))))))))))))))))) . 2010-12-16 09:35 . 2010-12-16 09:35 164209 ----a-w- c:\windows\system32\x . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-13 16:01 . 2010-03-27 18:08 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-11-27 19:45 . 2010-03-27 13:46 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys . ------- Sigcheck ------- [-] 2006-02-25 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- d:\program files\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 1999-12-31 22:00 155648 ----a-r- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-04-06 00:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\Program Files\\Blutut\\BlueSoleil.exe"= "d:\\Program Files\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3267:TCP"= 3267:TCP:hgmmkwp R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.3.2010 19:08 135336] S2 zqlotch;Center Server;c:\windows\system32\svchost.exe -k netsvcs [3.8.2004 23:56 14336] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs zqlotch qcyjnbts . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: bancaintesabeograd.com\online FF - ProfilePath - c:\documents and settings\KOKI\Application Data\Mozilla\Firefox\Profiles\x3kgijhn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-12-16 10:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\hjamff.dll 160578 bytes executable scan completed successfully hidden files: 1 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qcyjnbts] "ServiceDll"="c:\windows\system32\hjamff.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zqlotch] "ServiceDll"="c:\windows\system32\hjamff.dll" . Completion time: 2010-12-16 10:43:30 ComboFix-quarantined-files.txt 2010-12-16 09:43 ComboFix2.txt 2010-12-15 22:01 Pre-Run: 16.399.831.040 bytes free Post-Run: 16.427.098.112 bytes free - - End Of File - - 9DE023109673FDDEF8C6FF44A450B377

Profil

argus Poslao: 16 Dec 2010 10:56 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ugasi Aviru pre nego pustis skriptu. Ukljuci Windows Firewall Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\hjamff.dll Driver:: zqlotch NetSvc:: zqlotch qcyjnbts Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3267:TCP"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

backatopola Poslao: 16 Dec 2010 11:21 Idi na vrh
offline backatopola Građanin Pridružio: 29 Nov 2009 Poruke: 77	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-12-15.06 - KOKI 16.12.2010 11:14:41.10.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.511.312 [GMT 1:00] Running from: c:\documents and settings\KOKI\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\KOKI\Desktop\CFScript.txt AV: AntiVir Desktop Enabled/Updated {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\hjamff.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\hjamff.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ZQLOTCH -------\Service_zqlotch -------\Service_qcyjnbts ((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-13 16:01 . 2010-03-27 18:08 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-11-27 19:45 . 2010-03-27 13:46 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys . ------- Sigcheck ------- [-] 2006-02-25 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2010-12-16_09.41.47 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-16 10:19 . 2010-12-16 10:19 16384 c:\windows\Temp\Perflib_Perfdata_3cc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- d:\program files\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 1999-12-31 22:00 155648 ----a-r- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-04-06 00:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\Program Files\\Blutut\\BlueSoleil.exe"= "d:\\Program Files\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.3.2010 19:08 135336] S2 qcyjnbts;Installer Server;c:\windows\system32\svchost.exe -k netsvcs [3.8.2004 23:56 14336] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: bancaintesabeograd.com\online FF - ProfilePath - c:\documents and settings\KOKI\Application Data\Mozilla\Firefox\Profiles\x3kgijhn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-12-16 11:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qcyjnbts] "ServiceDll"="c:\windows\system32\hjamff.dll" . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\rundll32.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2010-12-16 11:21:17 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-16 10:21 ComboFix2.txt 2010-12-16 09:43 ComboFix3.txt 2010-12-15 22:01 Pre-Run: 16.407.257.088 bytes free Post-Run: 16.375.062.528 bytes free - - End Of File - - 021E90ABC854E0EB7CA19521F3A835B5

Profil

argus Poslao: 16 Dec 2010 11:30 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ja bih te zamolio da iskljucis Aviru jer se umesa i ne mozemo da obrisemo malware. Takodje bilo bi pozeljno da je azuriras. Idemo jos jednom. Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\hjamff.dll Driver:: qcyjnbts NetSvc:: qcyjnbts` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

backatopola Poslao: 16 Dec 2010 11:46 Idi na vrh
offline backatopola Građanin Pridružio: 29 Nov 2009 Poruke: 77	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sad sam antiwiru odčekiro da mi se nediže ako combo fiks restartuje kompjuter i nadam se da je u redu. ComboFix 10-12-15.06 - KOKI 16.12.2010 11:38:00.11.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.511.336 [GMT 1:00] Running from: c:\documents and settings\KOKI\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\KOKI\Desktop\CFScript.txt AV: AntiVir Desktop Disabled/Updated {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\hjamff.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_qcyjnbts ((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-13 16:01 . 2010-03-27 18:08 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-11-27 19:45 . 2010-03-27 13:46 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys . ------- Sigcheck ------- [-] 2006-02-25 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2010-12-16_09.41.47 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-16 10:42 . 2010-12-16 10:42 16384 c:\windows\Temp\Perflib_Perfdata_740.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- d:\program files\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2010-11-06 18:48 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 1999-12-31 22:00 155648 ----a-r- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-04-06 00:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\Program Files\\Blutut\\BlueSoleil.exe"= "d:\\Program Files\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.3.2010 19:08 135336] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: bancaintesabeograd.com\online FF - ProfilePath - c:\documents and settings\KOKI\Application Data\Mozilla\Firefox\Profiles\x3kgijhn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-12-16 11:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(956) c:\windows\system32\browselc.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\rundll32.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2010-12-16 11:44:27 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-16 10:44 ComboFix2.txt 2010-12-16 10:21 ComboFix3.txt 2010-12-16 09:43 ComboFix4.txt 2010-12-15 22:01 Pre-Run: 16.374.288.384 bytes free Post-Run: 16.367.124.480 bytes free - - End Of File - - 5AF26FAD566D472C44C8098C557AC67F

Profil

argus Poslao: 16 Dec 2010 11:48 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izgleda ok. Hajde restartuj racunar, pa pokreni ponovo Combofix i postavi mi novi log, da vidim da li se Conficker vraca ili smo ga sredili.

Profil

backatopola Poslao: 16 Dec 2010 11:58 Idi na vrh
offline backatopola Građanin Pridružio: 29 Nov 2009 Poruke: 77	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-12-15.06 - KOKI 16.12.2010 11:53:07.12.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.511.336 [GMT 1:00] Running from: c:\documents and settings\KOKI\Desktop\ComboFix.exe AV: AntiVir Desktop Disabled/Updated {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-13 16:01 . 2010-03-27 18:08 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-11-27 19:45 . 2010-03-27 13:46 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys . ------- Sigcheck ------- [-] 2006-02-25 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2010-12-16_09.41.47 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-16 10:49 . 2010-12-16 10:49 16384 c:\windows\Temp\Perflib_Perfdata_708.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- d:\program files\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2010-11-06 18:48 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 1999-12-31 22:00 155648 ----a-r- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-04-06 00:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\Program Files\\Blutut\\BlueSoleil.exe"= "d:\\Program Files\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.3.2010 19:08 135336] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: bancaintesabeograd.com\online FF - ProfilePath - c:\documents and settings\KOKI\Application Data\Mozilla\Firefox\Profiles\x3kgijhn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-12-16 11:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2010-12-16 11:57:35 ComboFix-quarantined-files.txt 2010-12-16 10:57 ComboFix2.txt 2010-12-16 10:44 ComboFix3.txt 2010-12-16 10:21 ComboFix4.txt 2010-12-16 09:43 ComboFix5.txt 2010-12-16 10:52 Pre-Run: 16.364.654.592 bytes free Post-Run: 16.357.150.720 bytes free - - End Of File - - 2F3FF12CB88C9101BFDDC6572AE0A356

Profil

argus Poslao: 16 Dec 2010 12:03 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sada je u redu. Imas li USB flash drive ili neku drugu memorisku karticu da proverimo. - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Prekid inte

Ko je trenutno na forumu

Ukupno su 926 korisnika na forumu :: 11 registrovanih, 1 sakriven i 914 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, comi_pfc, Dorcolac, indja, ladro, Mi lao shu, Milos ZA, Mixelotti, Oscar2, procesor

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by