Usporen rad kompa i stalno zauzeće neta

2

Usporen rad kompa i stalno zauzeće neta

offline
  • Pridružio: 07 Nov 2007
  • Poruke: 80
  • Gde živiš: Bgd; Address: +44° 48' 54.62", +20° 29' 50.96"

Pa promeni zauzeše u zauzeće.

Misliš da će sve da radi kako treba kad ga reinstaliram? Da li prvo da ga deinstaliram, pa da uradim instalaciju ili samo reinstaliram?

Iz onoga što sam proćitao i nije nešto dobar za brisanje virusa. Bolji je Nod, barem po karekteristikama. Tako bar piše na stranicama ComboFix-a.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Ajde prvo uradi ovo:

Iskljuci Antivirus ponovo.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\documents and settings\All Users\Application Data\A7F6EE1827.sys

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3be4117-f3bd-11dd-b373-0016363dc76c}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 07 Nov 2007
  • Poruke: 80
  • Gde živiš: Bgd; Address: +44° 48' 54.62", +20° 29' 50.96"

Da li to mogu da uradim iz drugog Windowsa, imam instalirana 2 XP na c i d particiji. Tamo me davi.

Dopuna: 14 Mar 2009 11:37

Mogu li? molim te odgovori.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Pa to moras da uradis na onom racunaru koji lecimo. Onom ciji je ovo log.

offline
  • Pridružio: 07 Nov 2007
  • Poruke: 80
  • Gde živiš: Bgd; Address: +44° 48' 54.62", +20° 29' 50.96"

Napravio sam. Nadam se da je dobro jer sam u poslednjem trenu isključio avast.
mycity.rs/must-login.png

ComboFix 09-03-12.01 - Administrator 2009-03-14 11:47:25.2 - NTFSx86
Running from: c:\documents and settings\Administrator\Desktop\HiJack\New Folder\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\HiJack\New Folder\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090313-0] *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\documents and settings\All Users\Application Data\A7F6EE1827.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\A7F6EE1827.sys

.
((((((((((((((((((((((((( Files Created from 2009-02-14 to 2009-03-14 )))))))))))))))))))))))))))))))
.

2009-03-14 11:47 . 2009-03-14 11:47 179,712 --a--c--- c:\windows\system32\mscdexnt.dll
2009-03-13 22:41 . 2009-03-13 22:41 179,712 --a--c--- c:\windows\system32\krnl386.dll
2009-03-13 03:20 . 2009-03-13 03:20 <DIR> d----c--- c:\program files\Nitro PDF
2009-03-13 03:20 . 2009-03-13 03:20 <DIR> d----c--- c:\program files\Common Files\Nitro PDF
2009-03-13 03:20 . 2009-03-13 03:20 <DIR> d----c--- c:\program files\Common Files\BCL Technologies
2009-03-13 02:00 . 2008-12-21 00:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-13 02:00 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-13 02:00 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-13 02:00 . 2008-12-21 00:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-13 02:00 . 2008-12-21 00:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-13 02:00 . 2008-12-21 00:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-13 02:00 . 2008-12-21 00:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-13 02:00 . 2008-12-21 00:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-13 02:00 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-13 01:31 . 2009-03-13 02:00 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\BSplayer PRO
2009-03-13 01:24 . 2009-03-13 01:24 179,712 --a--c--- c:\windows\system32\getmac.dll
2009-03-13 00:40 . 2009-03-13 00:40 67 --a--c--- C:\1.bat
2009-03-10 16:37 . 2009-03-12 23:29 1,167 --a--c--- c:\windows\wincmd.ini
2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\UC.PIF
2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\RAR.PIF
2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\PKZIP.PIF
2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\PKUNZIP.PIF
2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\NOCLOSE.PIF
2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\LHA.PIF
2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\ARJ.PIF
2009-03-10 12:34 . 2009-03-10 12:34 <DIR> d----c--- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-03-10 12:34 . 2009-03-10 12:43 <DIR> d----c--- c:\documents and settings\All Users\Application Data\DriverCure
2009-03-10 12:34 . 2009-03-10 12:35 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\DriverCure
2009-03-10 12:22 . 2009-03-10 12:22 <DIR> d----c--- c:\program files\Gabest
2009-03-10 12:21 . 2009-03-10 12:21 <DIR> d----c--- c:\program files\DivXCodec
2009-03-10 12:21 . 2009-03-10 12:21 196,608 --a--c--- c:\windows\system32\avisynth.dll
2009-03-10 12:20 . 2009-03-10 12:21 <DIR> d----c--- c:\program files\GordianKnot-kodeci za -win11
2009-03-10 12:20 . 2009-03-10 12:20 414,272 --a--c--- c:\windows\system32\DivXc32f.dll
2009-03-10 12:20 . 2009-03-10 12:20 414,272 --a--c--- c:\windows\system32\DivXc32.dll
2009-03-10 12:20 . 2009-03-10 12:20 291,408 --a--c--- c:\windows\system32\DivXa32.acm
2009-03-10 12:20 . 2009-03-10 12:20 240,400 --a--c--- c:\windows\system32\DivX_c32.ax
2009-03-10 12:20 . 2009-03-10 12:20 33,280 --a--c--- c:\windows\system32\HUFFYUV.DLL
2009-03-10 11:26 . 2009-03-10 11:26 <DIR> d----c--- c:\program files\Real
2009-03-10 11:26 . 2009-03-10 11:26 <DIR> d----c--- c:\program files\Common Files\xing shared
2009-03-10 11:26 . 2009-03-10 11:26 <DIR> d----c--- c:\program files\Common Files\Real
2009-03-10 11:02 . 2004-08-04 02:07 221,184 --a--c--- c:\windows\system32\wmpns.dll
2009-03-10 11:02 . 2009-03-10 14:59 23,392 --a--c--- c:\windows\system32\nscompat.tlb
2009-03-10 11:02 . 2009-03-10 14:59 16,832 --a--c--- c:\windows\system32\amcompat.tlb
2009-03-09 17:14 . 2009-03-09 17:14 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-03-09 15:56 . 2009-03-09 15:56 <DIR> d----c--- c:\program files\QuickTime
2009-03-09 15:56 . 2009-03-09 15:56 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-09 15:55 . 2009-03-09 15:55 <DIR> d----c--- c:\program files\Apple Software Update
2009-03-09 15:55 . 2009-03-09 15:55 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Apple
2009-03-08 23:21 . 2009-03-08 23:21 <DIR> d----c--- c:\program files\MSBuild
2009-03-08 23:18 . 2009-03-08 23:18 <DIR> d----c--- c:\windows\system32\XPSViewer
2009-03-08 23:17 . 2009-03-08 23:17 <DIR> d----c--- c:\program files\Reference Assemblies
2009-03-08 23:17 . 2006-06-29 13:07 14,048 -----c--- c:\windows\system32\spmsg2.dll
2009-03-04 16:43 . 2009-03-04 16:43 508,200 --a--c--- c:\windows\system32\ICCProfiles.dll
2009-03-04 16:25 . 2009-03-04 16:25 45 ---h-c--- c:\windows\dsez4072.dat
2009-03-03 22:13 . 2009-03-03 22:13 <DIR> d----c--- c:\documents and settings\All Users\Application Data\GARMIN
2009-03-03 01:11 . 2009-03-03 22:13 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\GARMIN
2009-03-03 01:05 . 2009-03-03 22:13 <DIR> d----c--- C:\Garmin
2009-02-26 00:15 . 2009-03-04 14:51 30 --a--c--- c:\windows\Iedit_.INI
2009-02-26 00:09 . 2009-02-26 00:09 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Ulead Systems
2009-02-26 00:06 . 2009-02-26 00:06 <DIR> d----c--- c:\program files\Ulead Systems
2009-02-26 00:06 . 2009-03-02 01:41 <DIR> d--h-c--- c:\program files\InstallShield Installation Information
2009-02-26 00:06 . 2009-02-26 00:06 <DIR> d----c--- c:\program files\Common Files\Ulead Systems
2009-02-26 00:06 . 2009-02-26 00:06 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-02-26 00:06 . 1999-10-15 12:50 1,056,768 -----c--- c:\windows\system32\ROBOEX32.DLL
2009-02-26 00:06 . 2006-07-22 19:37 49,152 -----c--- c:\windows\system32\INETWH32.dll
2009-02-26 00:05 . 2009-02-26 00:06 <DIR> d----c--- c:\program files\Common Files\InstallShield
2009-02-24 01:35 . 2009-03-13 03:13 <DIR> d----c--- c:\windows\Downloaded Installations
2009-02-21 20:05 . 2009-02-21 20:05 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\BWMeterPro
2009-02-17 19:47 . 2009-02-17 19:47 <DIR> d----c--- c:\windows\Sun
2009-02-17 17:47 . 2009-02-17 17:47 <DIR> d----c--- c:\program files\Java
2009-02-17 17:47 . 2009-02-17 17:47 410,984 --a--c--- c:\windows\system32\deploytk.dll
2009-02-17 17:47 . 2009-02-17 17:47 73,728 --a--c--- c:\windows\system32\javacpl.cpl
2009-02-17 14:38 . 2009-02-17 14:38 <DIR> d----c--- c:\program files\Bome's Image Resizer
2009-02-16 07:26 . 2009-02-16 07:26 <DIR> d----c--- C:\Sadrzaji
2009-02-15 15:15 . 2009-02-15 18:07 <DIR> d----c--- c:\program files\PhotoFiltre
2009-02-14 02:00 . 2009-02-14 02:00 <DIR> d----c--- c:\documents and settings\FC Portables\Impostazioni locali
2009-02-14 02:00 . 2009-02-14 02:00 <DIR> d----c--- c:\documents and settings\FC Portables

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 16:22 --------- dc----w c:\documents and settings\Administrator\Application Data\Skype
2009-03-13 16:01 --------- dc----w c:\documents and settings\Administrator\Application Data\skypePM
2009-03-13 00:24 360,320 -c--a-w c:\windows\system32\drivers\tcpip.sys
2009-03-12 23:40 140,288 -c--a-w c:\windows\system32\sfc_os.dll
2009-03-12 23:40 1,134,596 -c--a-w c:\windows\explorer.exe
2009-03-12 17:35 --------- dc----w c:\program files\Planplus
2009-03-10 11:08 --------- dc----w c:\program files\AVS4YOU
2009-03-10 10:55 --------- dc----w c:\program files\Windows Media Connect 2
2009-03-07 23:05 2,516 -csha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-03-03 14:08 --------- dc----w c:\documents and settings\Administrator\Application Data\Thinstall
2009-03-02 00:38 --------- dc----w c:\program files\Corel
2009-02-16 17:27 --------- dc----w c:\program files\Alwil Software
2009-02-13 22:18 --------- dc----w c:\program files\Common Files\IngPro
2009-02-13 22:08 --------- dc----w c:\program files\Microsoft.NET
2009-02-13 09:59 --------- dc----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-12 08:08 --------- dc----w c:\program files\MSECache
2009-02-10 09:33 --------- dc----w c:\documents and settings\All Users\Application Data\Bitstream
2009-02-09 23:51 --------- dc----w c:\documents and settings\Administrator\Application Data\Corel
2009-02-09 23:49 --------- dc----w c:\program files\Common Files\Protexis
2009-02-09 23:49 --------- dc----w c:\documents and settings\All Users\Application Data\Corel
2009-02-09 23:47 --------- dc----w c:\program files\Common Files\Corel
2009-02-09 14:53 --------- dc----w c:\program files\Microsoft
2009-02-09 10:19 1,846,272 -c--a-w c:\windows\system32\win32k.sys
2009-02-08 18:58 --------- dc----w c:\program files\TeleTRADER 4
2009-02-06 19:02 --------- dc----w c:\program files\Common Files\AVSMedia
2009-02-06 19:02 --------- dc----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-02-06 18:59 0 -c-ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-06 18:59 0 -c-ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-06 18:59 --------- dc----w c:\documents and settings\Administrator\Application Data\PC Suite
2009-02-06 18:59 --------- dc----w c:\documents and settings\Administrator\Application Data\Nokia
2009-02-06 18:58 --------- dc----w c:\program files\Nokia
2009-02-06 18:58 --------- dc----w c:\program files\Common Files\PCSuite
2009-02-06 18:58 --------- dc----w c:\program files\Common Files\Nokia
2009-02-06 18:57 --------- dc----w c:\program files\PC Connectivity Solution
2009-02-06 18:57 --------- dc----w c:\program files\DIFX
2009-02-06 18:56 --------- dc----w c:\documents and settings\All Users\Application Data\Installations
2009-02-06 11:01 --------- dc----w c:\documents and settings\Administrator\Application Data\Ing-Pro
2009-02-05 23:44 --------- dc----w c:\documents and settings\Administrator\Application Data\Nitro PDF
2009-02-05 23:37 --------- dc----w c:\documents and settings\All Users\Application Data\Nitro PDF
2009-02-05 23:06 --------- dc----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-02-05 22:58 --------- dc----w c:\program files\Common Files\Adobe
2009-02-05 22:58 --------- dc----w c:\program files\Bonjour
2009-02-05 22:49 --------- dc----w c:\program files\Common Files\Macrovision Shared
2009-02-05 22:37 --------- dc----w c:\program files\Skype
2009-02-05 22:37 --------- dc----w c:\program files\Common Files\Skype
2009-02-05 22:37 --------- dc----w c:\documents and settings\All Users\Application Data\Skype
2009-02-05 22:34 --------- dc----w c:\program files\Common Files\Ahead
2009-02-05 22:34 --------- dc----w c:\program files\Ahead
2009-02-03 21:33 --------- dc----w c:\program files\Microsoft ActiveSync
2009-02-03 20:34 --------- dc----w c:\program files\CONEXANT
2009-02-03 20:20 --------- dc----w c:\program files\microsoft frontpage
2008-12-20 23:15 826,368 -c--a-w c:\windows\system32\wininet.dll
.

------- Sigcheck -------

2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 02:07 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\dllcache\tcpip.sys
2009-03-13 01:24 360320 a8a6c5b80cb4b619d1a41892eee69e11 c:\windows\system32\drivers\tcpip.sys

2009-03-13 00:40 1134596 083e59f847d11f4af9d4d57d4ad51be3 c:\windows\explorer.exe
2009-03-13 00:40 1134596 083e59f847d11f4af9d4d57d4ad51be3 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-13_22.43.24,29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-14 10:43:19 16,384 -c--atw c:\windows\Temp\Perflib_Perfdata_4f4.dat
+ 2009-03-14 10:43:32 16,384 -c--atw c:\windows\Temp\Perflib_Perfdata_f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]
--a--c--- 2009-03-04 16:43 209216 c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2009-02-17 17:47 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
--a--c--- 2007-08-02 21:08 95504 c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Wsc i Sve za njega\\WSC-CDMS\\udrive\\usr\\local\\apache2\\bin\\Apache_21.exe"=
"f:\\Wsc i Sve za njega\\WSC-CDMS\\udrive\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-11-29 225792]


--- Other Services/Drivers In Memory ---

*Deregistered* - Aavmker4
*Deregistered* - AFD
*Deregistered* - Alerter
*Deregistered* - ALG
*Deregistered* - aswFsBlk
*Deregistered* - aswMon2
*Deregistered* - aswRdr
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - aswUpdSv
*Deregistered* - Ati HotKey Poller
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - Beep
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - COMSysApp
*Deregistered* - CryptSvc
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netlogon
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - PSI_SVC_2
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - Themes
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
cscript //B "c:\program files\Nitro PDF\Professional\RemoveOldAddins.vbs"
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.computers.toshiba-europe.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5qo5u03u.default\
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-14 11:48:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-14 11:49:54
ComboFix-quarantined-files.txt 2009-03-14 10:49:46
ComboFix2.txt 2009-03-13 21:44:19

Pre-Run: 7.769.886.720 bytes free
Post-Run: 7,751,172,096 bytes free

338 --- E O F --- 2009-03-13 02:42:18

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Uploaduj mi jos ovo, pa da privodimo kraju:

C:\1.bat

preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 07 Nov 2007
  • Poruke: 80
  • Gde živiš: Bgd; Address: +44° 48' 54.62", +20° 29' 50.96"

Unešeno, Podigao sam na link koji si postavio

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Moram priznati, ali se malo zakomplikovalo.

Uploaduj mi sledece fajlove:

c:\windows\explorer.exe
c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\mscdexnt.dll

preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 07 Nov 2007
  • Poruke: 80
  • Gde živiš: Bgd; Address: +44° 48' 54.62", +20° 29' 50.96"

Da li si pogledao Uploadovan fail?
Da li ima neki problem. Ja primećujem da mi explorer još vuče net jer sam u međuvremenu instalirao i comodo. Takovidim i koji programi komuniciraju preko neta bez mog znanja.
Ne znam kako da vam dostavim listu istih? Račumar se smirio i ne zakucava više što je dobro ali me stalna veza sa netom uznemirava.

Usput dok sam preuzimao Comodo freewall nešto mi nije dozvolilo da preuzmem, i kada je preuzeo instalacioni fajl prilikom pokretanja je dao poruku da nije ispravan.

Preuzeo sam ga iz drugog wina sa pareticije D. Prilikom podizanja Wina sa particije C, usporeno je podigao a instalacija Comoda je protekla ok sa tim što nisam instalirao antivirus, imam već Avast, koji sam isključio. Comodo je ipak na kraju pretražio ceo disk i sve particije, nije isčekirao linux particije i pronašao tri fajla na particiji E u , nije korpa za otpad već neki sličan ali je našao na C/Windows NIRCMD.exe i tražio da je izbrišem. Ja sam mu dozvolio ali sam pre toga je zapakovao u rar datoteku i izbrisao tačku ispred exe. Mogu da je nakačim ako vam treba da je pregledate.

Dopuna: 15 Mar 2009 1:26

Sadd ću da ti nakačim i ove koje si tražio.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Uploaduj ti ono sto sam ti rekao. I ne brini za to sto Comodo javlja za Explorer.exe, to je normalno.

Ko je trenutno na forumu
 

Ukupno su 504 korisnika na forumu :: 4 registrovanih, 3 sakrivenih i 497 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Fog of War, havoc995, Ognjen D., Oluj2.1