MyCity » Ambulanta -> Arhiva Ambulante » Virus1?

Virus1?

Napisano na dan: 4.4.2009

Virus1?

Odgovori

branka.dj Poslao: 04 Apr 2009 19:46 Idi na vrh
offline branka.dj Novi MyCity građanin Pridružio: 02 Apr 2009 Poruke: 28	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:36:57, on 4.4.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Launch Manager\WisLMSvc.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Korisnik\Desktop\help1\sestra.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Link mogu videti samo ulogovani korisnici] O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe -- End of file - 6934 bytes Dopuna: 04 Apr 2009 19:46 Ovo je sken sa laptopa za koji ste mi preporucili da otvorim novu temu posto je bio u kontaktu sa zarazenim kompijuterom(tema Virus?) i fles memorijama. Hvala puno na pomoci!

Profil

argus Poslao: 04 Apr 2009 20:16 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

branka.dj Poslao: 04 Apr 2009 20:28 Idi na vrh
offline branka.dj Novi MyCity građanin Pridružio: 02 Apr 2009 Poruke: 28	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-04-03.01 - Korisnik 2009-04-04 20:24:35.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2629 [GMT 2:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090404-0] On-access scanning disabled (Updated) * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 ))))))))))))))))))))))))))))))) . 2009-03-23 17:28 . 2009-04-04 19:26 <DIR> d-------- c:\documents and settings\Korisnik\Tracing 2009-03-23 17:27 . 2009-03-23 17:27 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-03-23 17:27 . 2009-03-23 17:27 <DIR> d-------- c:\program files\Windows Live 2009-03-23 17:27 . 2009-03-23 17:27 <DIR> d-------- c:\program files\Microsoft 2009-03-23 17:20 . 2009-03-23 17:20 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-23 16:42 . 2009-03-23 16:42 <DIR> d-------- c:\program files\Alwil Software 2009-03-23 16:42 . 2003-03-18 22:20 1,060,864 --a------ c:\windows\system32\MFC71.dll 2009-03-23 16:42 . 2003-03-18 21:14 499,712 --a------ c:\windows\system32\MSVCP71.dll 2009-03-23 16:42 . 2003-02-21 05:42 348,160 --a------ c:\windows\system32\MSVCR71.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-19 18:23 --------- d-----w c:\documents and settings\Korisnik\Application Data\Autodesk 2009-02-17 16:46 --------- d-----w c:\program files\Common Files\Adobe 2009-02-17 16:09 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk 2009-02-17 16:02 --------- d-----w c:\program files\Turbo Squid Tentacles 2009-02-17 16:01 --------- d-----w c:\program files\Microsoft WSE 2009-02-17 15:59 --------- d-----w c:\program files\Common Files\Autodesk Shared 2009-02-17 15:58 --------- d-----w c:\program files\Autodesk 2009-02-17 15:54 --------- d-----w c:\documents and settings\Korisnik\Application Data\Graphisoft 2009-02-17 15:50 --------- d-----w c:\program files\WIBUKEY 2009-02-17 15:48 --------- d-----w c:\program files\Graphisoft 2009-02-16 19:06 --------- d-----w c:\program files\PDFCreator 2009-02-16 19:06 --------- d-----w c:\documents and settings\Korisnik\Application Data\PDFCreator 2009-02-16 19:03 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-16 19:03 --------- d-----w c:\program files\Google 2009-02-16 18:09 --------- d-----w c:\program files\WIBU-SYSTEMS 2009-02-16 18:09 --------- d-----w c:\program files\QuickTime 2009-02-16 18:08 --------- d-----w c:\program files\Apple Software Update 2009-02-16 18:08 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-02-16 18:08 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2009-02-16 18:04 --------- d-----w c:\program files\Java 2009-02-16 18:04 --------- d-----w c:\program files\Common Files\Java 2009-02-16 16:15 --------- d-----w c:\program files\AutoCAD 2009 2009-02-16 16:12 --------- d-----w c:\program files\MSBuild 2009-02-16 16:09 --------- d-----w c:\program files\Reference Assemblies 2009-02-14 08:13 --------- d-----w c:\documents and settings\Korisnik\Application Data\DivX 2009-02-13 01:44 --------- d-----w c:\documents and settings\Korisnik\Application Data\BSplayer PRO 2009-02-13 01:42 --------- d-----w c:\documents and settings\Korisnik\Application Data\ACD Systems 2009-02-13 01:25 --------- d-----w c:\program files\Common Files\Ahead 2009-02-13 01:25 --------- d-----w c:\program files\Ahead 2009-02-13 01:17 --------- d-----w c:\program files\DVD Shrink 2009-02-13 01:17 --------- d-----w c:\program files\DVD Region-Free 2009-02-13 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2009-02-13 01:13 --------- d-----w c:\program files\CyberLink 2009-02-13 01:09 --------- d-----w c:\program files\Webteh 2009-02-13 01:08 --------- d-----w c:\program files\DivX 2009-02-13 01:07 --------- d-----w c:\program files\Audiograbber 2009-02-13 01:06 --------- d-----w c:\program files\Common Files\Adobe AIR 2009-02-13 01:03 --------- d-----w c:\program files\Common Files\ACD Systems 2009-02-13 01:03 --------- d-----w c:\program files\ACD Systems 2009-02-13 01:03 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2009-02-13 01:02 --------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-02-13 00:58 --------- d-----w c:\program files\Microsoft.NET 2009-02-13 00:58 --------- d-----w c:\program files\Microsoft ActiveSync 2009-02-13 00:54 --------- d-----w c:\program files\Winamp 2009-02-13 00:54 --------- d-----w c:\documents and settings\Korisnik\Application Data\Winamp 2009-02-13 00:45 --------- d-----w c:\program files\Launch Manager 2009-02-13 00:44 --------- d-----w c:\documents and settings\Korisnik\Application Data\InstallShield 2009-02-13 00:43 --------- d-----w c:\program files\Synaptics 2009-02-13 00:43 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-13 00:41 315,392 ----a-w c:\windows\HideWin.exe 2009-02-13 00:41 --------- d-----w c:\program files\Realtek 2009-02-13 00:41 --------- d-----w c:\program files\Motorola 2009-02-13 00:39 --------- d-----w c:\program files\Intel 2009-02-13 00:29 --------- d-----w c:\program files\microsoft frontpage 2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe" [2009-02-16 165304] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-10-26 671744] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1105920] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] "RTHDCPL"="RTHDCPL.EXE" [2008-03-26 c:\windows\RTHDCPL.exe] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/17/2009 6:46:18 PM 113664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2003-10-29 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"= "c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/23/2009 4:42:57 PM 114768] R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2/13/2009 2:45:19 AM 9867] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/23/2009 4:42:57 PM 20560] R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/10/2008 1:04:52 AM 65536] R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2/13/2009 2:39:07 AM 84240] R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2/13/2009 2:45:19 AM 118784] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45698cc9-1ef3-11de-b24c-001644f459b5}] \Shell\AutoRun\command - G:\abk.bat \Shell\explore\Command - G:\abk.bat \Shell\open\Command - G:\abk.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71b51c88-fc17-11dd-b1fe-000df057a41e}] \Shell\AutoRun\command - driver\usb\driver.exe \Shell\open\command - driver\usb\driver.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc07eef6-1f04-11de-b24d-001644f459b5}] \Shell\AutoRun\command - G:\gg.exe 0o \Shell\explore\Command - G:\gg.exe 0e \Shell\open\Command - G:\gg.exe 0o . Contents of the 'Scheduled Tasks' folder 2009-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57] . - - - - ORPHANS REMOVED - - - - HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe HKLM-Run-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe HKLM-Run-Wbutton - c:\program files\Launch Manager\WButton.exe . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\023k8hn5.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-04-04 20:25:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?x???0???\???????0??????????????\|???\|???????\|????????L????????J????F?????????????h?????????????B????????\|@??\|????=??\|??A???????????A?x?????????????B~?h@???????????????A???????????A???@??J??vs@??J????????@??J????? LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????0???\???????0??????????????\|???\|???????\|????????L????????J????F?????????????h?????????????B????????\|@??\|????=??\|??A???????????A?x?????????????B~?h@???????????????A???????????A???@??J??vs@??J????????@??J????? Wbutton = c:\program files\Launch Manager\WButton.exe?????0???\???????0??????????????\|???\|???????\|????????L????????J????F?????????????h?????????????B????????\|@??\|????=??\|??A???????????A?x?????????????B~?h@???????????????A???????????A???@??J??vs@??J????????@??J????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-04-04 20:26:15 ComboFix-quarantined-files.txt 2009-04-04 18:26:13 Pre-Run: 13.326.233.600 bytes free Post-Run: 13,514,469,376 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 187

Profil

argus Poslao: 05 Apr 2009 00:00 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45698cc9-1ef3-11de-b24c-001644f459b5}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71b51c88-fc17-11dd-b1fe-000df057a41e}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc07eef6-1f04-11de-b24d-001644f459b5}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd. Onda pusti USBnoRisk i na drugom racunaru i postavi i taj log. Na jednom od ta dva racunara postoji neki fajl koji inficira usb stick, moramo da otkrijemo gde je.

Profil

branka.dj Poslao: 05 Apr 2009 03:45 Idi na vrh
offline branka.dj Novi MyCity građanin Pridružio: 02 Apr 2009 Poruke: 28	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-04-03.01 - Korisnik 2009-04-05 3:30:36.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2630 [GMT 2:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090404-0] On-access scanning disabled (Updated) * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-03-05 to 2009-04-05 ))))))))))))))))))))))))))))))) . 2009-04-05 03:22 . 2009-04-05 03:22 <DIR> d-------- c:\windows\LastGood 2009-03-23 17:28 . 2009-04-05 03:20 <DIR> d-------- c:\documents and settings\Korisnik\Tracing 2009-03-23 17:27 . 2009-03-23 17:27 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-03-23 17:27 . 2009-03-23 17:27 <DIR> d-------- c:\program files\Windows Live 2009-03-23 17:27 . 2009-03-23 17:27 <DIR> d-------- c:\program files\Microsoft 2009-03-23 17:20 . 2009-03-23 17:20 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-23 16:42 . 2009-03-23 16:42 <DIR> d-------- c:\program files\Alwil Software 2009-03-23 16:42 . 2003-03-18 22:20 1,060,864 --a------ c:\windows\system32\MFC71.dll 2009-03-23 16:42 . 2003-03-18 21:14 499,712 --a------ c:\windows\system32\MSVCP71.dll 2009-03-23 16:42 . 2003-02-21 05:42 348,160 --a------ c:\windows\system32\MSVCR71.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-19 18:23 --------- d-----w c:\documents and settings\Korisnik\Application Data\Autodesk 2009-02-17 16:46 --------- d-----w c:\program files\Common Files\Adobe 2009-02-17 16:09 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk 2009-02-17 16:02 --------- d-----w c:\program files\Turbo Squid Tentacles 2009-02-17 16:01 --------- d-----w c:\program files\Microsoft WSE 2009-02-17 15:59 --------- d-----w c:\program files\Common Files\Autodesk Shared 2009-02-17 15:58 --------- d-----w c:\program files\Autodesk 2009-02-17 15:54 --------- d-----w c:\documents and settings\Korisnik\Application Data\Graphisoft 2009-02-17 15:50 --------- d-----w c:\program files\WIBUKEY 2009-02-17 15:48 --------- d-----w c:\program files\Graphisoft 2009-02-16 19:06 --------- d-----w c:\program files\PDFCreator 2009-02-16 19:06 --------- d-----w c:\documents and settings\Korisnik\Application Data\PDFCreator 2009-02-16 19:03 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-16 19:03 --------- d-----w c:\program files\Google 2009-02-16 18:09 --------- d-----w c:\program files\WIBU-SYSTEMS 2009-02-16 18:09 --------- d-----w c:\program files\QuickTime 2009-02-16 18:08 --------- d-----w c:\program files\Apple Software Update 2009-02-16 18:08 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-02-16 18:08 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2009-02-16 18:04 --------- d-----w c:\program files\Java 2009-02-16 18:04 --------- d-----w c:\program files\Common Files\Java 2009-02-16 16:15 --------- d-----w c:\program files\AutoCAD 2009 2009-02-16 16:12 --------- d-----w c:\program files\MSBuild 2009-02-16 16:09 --------- d-----w c:\program files\Reference Assemblies 2009-02-14 08:13 --------- d-----w c:\documents and settings\Korisnik\Application Data\DivX 2009-02-13 01:44 --------- d-----w c:\documents and settings\Korisnik\Application Data\BSplayer PRO 2009-02-13 01:42 --------- d-----w c:\documents and settings\Korisnik\Application Data\ACD Systems 2009-02-13 01:25 --------- d-----w c:\program files\Common Files\Ahead 2009-02-13 01:25 --------- d-----w c:\program files\Ahead 2009-02-13 01:17 --------- d-----w c:\program files\DVD Shrink 2009-02-13 01:17 --------- d-----w c:\program files\DVD Region-Free 2009-02-13 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2009-02-13 01:13 --------- d-----w c:\program files\CyberLink 2009-02-13 01:09 --------- d-----w c:\program files\Webteh 2009-02-13 01:08 --------- d-----w c:\program files\DivX 2009-02-13 01:07 --------- d-----w c:\program files\Audiograbber 2009-02-13 01:06 --------- d-----w c:\program files\Common Files\Adobe AIR 2009-02-13 01:03 --------- d-----w c:\program files\Common Files\ACD Systems 2009-02-13 01:03 --------- d-----w c:\program files\ACD Systems 2009-02-13 01:03 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2009-02-13 01:02 --------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-02-13 00:58 --------- d-----w c:\program files\Microsoft.NET 2009-02-13 00:58 --------- d-----w c:\program files\Microsoft ActiveSync 2009-02-13 00:54 --------- d-----w c:\program files\Winamp 2009-02-13 00:54 --------- d-----w c:\documents and settings\Korisnik\Application Data\Winamp 2009-02-13 00:45 --------- d-----w c:\program files\Launch Manager 2009-02-13 00:44 --------- d-----w c:\documents and settings\Korisnik\Application Data\InstallShield 2009-02-13 00:43 --------- d-----w c:\program files\Synaptics 2009-02-13 00:43 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-13 00:41 315,392 ----a-w c:\windows\HideWin.exe 2009-02-13 00:41 --------- d-----w c:\program files\Realtek 2009-02-13 00:41 --------- d-----w c:\program files\Motorola 2009-02-13 00:39 --------- d-----w c:\program files\Intel 2009-02-13 00:29 --------- d-----w c:\program files\microsoft frontpage 2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici],46 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-14 09:41:52 66,560 ----a-w c:\windows\LastGood\system32\cdm.dll + 2008-04-14 09:42:12 430,592 ----a-w c:\windows\LastGood\system32\wuapi.dll + 2008-04-14 09:42:42 111,104 ----a-w c:\windows\LastGood\system32\wuauclt.exe + 2008-04-14 09:42:12 1,135,616 ----a-w c:\windows\LastGood\system32\wuaueng.dll + 2008-04-14 09:42:12 112,640 ----a-w c:\windows\LastGood\system32\wucltui.dll + 2008-04-14 09:42:12 32,256 ----a-w c:\windows\LastGood\system32\wups.dll + 2008-04-14 09:42:12 120,320 ----a-w c:\windows\LastGood\system32\wuweb.dll - 2008-04-14 09:41:52 66,560 ----a-w c:\windows\system32\cdm.dll + 2008-10-16 12:09:44 92,696 ----a-w c:\windows\system32\cdm.dll - 2008-04-14 09:41:52 66,560 -c--a-w c:\windows\system32\dllcache\cdm.dll + 2008-10-16 12:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll - 2008-04-14 09:42:12 430,592 -c--a-w c:\windows\system32\dllcache\wuapi.dll + 2008-10-16 12:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll - 2008-04-14 09:42:42 111,104 -c--a-w c:\windows\system32\dllcache\wuauclt.exe + 2008-10-16 12:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe - 2008-04-14 09:42:12 1,135,616 -c--a-w c:\windows\system32\dllcache\wuaueng.dll + 2008-10-16 12:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll - 2008-04-14 09:42:12 112,640 -c--a-w c:\windows\system32\dllcache\wucltui.dll + 2008-10-16 12:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll - 2008-04-14 09:42:12 120,320 -c--a-w c:\windows\system32\dllcache\wuweb.dll + 2008-10-16 12:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll - 2009-04-04 17:30:26 66,778 ----a-w c:\windows\system32\perfc009.dat + 2009-04-05 01:25:04 66,778 ----a-w c:\windows\system32\perfc009.dat - 2009-04-04 17:30:26 428,160 ----a-w c:\windows\system32\perfh009.dat + 2009-04-05 01:25:04 428,160 ----a-w c:\windows\system32\perfh009.dat + 2008-10-16 12:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll - 2008-04-14 09:42:12 430,592 ----a-w c:\windows\system32\wuapi.dll + 2008-10-16 12:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll - 2008-04-14 09:42:42 111,104 ----a-w c:\windows\system32\wuauclt.exe + 2008-10-16 12:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe - 2008-04-14 09:42:12 1,135,616 ----a-w c:\windows\system32\wuaueng.dll + 2008-10-16 12:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll - 2008-04-14 09:42:12 112,640 ----a-w c:\windows\system32\wucltui.dll + 2008-10-16 12:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll + 2008-10-16 12:09:44 43,544 ----a-w c:\windows\system32\wups2.dll - 2008-04-14 09:42:12 120,320 ----a-w c:\windows\system32\wuweb.dll + 2008-10-16 12:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll + 2009-04-05 01:20:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_608.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe" [2009-02-16 165304] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-10-26 671744] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1105920] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [BU] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [BU] "Wbutton"="c:\program files\Launch Manager\WButton.exe" [BU] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] "RTHDCPL"="RTHDCPL.EXE" [2008-03-26 c:\windows\RTHDCPL.exe] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/17/2009 6:46:18 PM 113664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2003-10-29 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"= "c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/23/2009 4:42:57 PM 114768] R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2/13/2009 2:45:19 AM 9867] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/23/2009 4:42:57 PM 20560] R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/10/2008 1:04:52 AM 65536] R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2/13/2009 2:39:07 AM 84240] R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2/13/2009 2:45:19 AM 118784] --- Other Services/Drivers In Memory --- NewlyCreated - BITS . Contents of the 'Scheduled Tasks' folder 2009-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\023k8hn5.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-04-05 03:31:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????0???\???????0??????????????\|???\|???????\|????????L????????&????F?????????????h?????????????B????????\|@??\|????=??\|??A???????????A??)????????????B~?h@???????????????A???????????A???@??&??vs@??&???)????@??&????? LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????0???\???????0??????????????\|???\|???????\|????????L????????&????F?????????????h?????????????B????????\|@??\|????=??\|??A???????????A??)????????????B~?h@???????????????A???????????A???@??&??vs@??&???)????@??&????? Wbutton = c:\program files\Launch Manager\WButton.exe?????0???\???????0??????????????\|???\|???????\|????????L????????&????F?????????????h?????????????B????????\|@??\|????=??\|??A???????????A??)????????????B~?h@???????????????A???????????A???@??&??vs@??&???)????@??&????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-04-05 3:32:44 ComboFix-quarantined-files.txt 2009-04-05 01:32:42 ComboFix2.txt 2009-04-04 18:26:16 Pre-Run: 13.499.715.584 bytes free Post-Run: 13,486,694,400 bytes free 216 Dopuna: 05 Apr 2009 3:37 Prvo cu da postavim sken sa laptopa pa sa kompijutera Dopuna: 05 Apr 2009 3:40 USBNoRisk 1.6 by bobby Started at 5.4.2009 3:38:15 Scanning for connected USB Mass storage... ---------------------------------------- ======================================== Scanning for other storage... ---------------------------------------- C: {d829255a-f96b-11dd-964a-806d6172696f} D: {d829255b-f96b-11dd-964a-806d6172696f} E: {d829255c-f96b-11dd-964a-806d6172696f} ======================================== Scanning fixed storage for autorun.inf files... ---------------------------------------- Autorun.inf on C: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for C: No key found for d829255a-f96b-11dd-964a-806d6172696f ======================================== Autorun.inf on D: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for D: No key found for d829255b-f96b-11dd-964a-806d6172696f ======================================== Autorun.inf on E: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for E: No key found for d829255c-f96b-11dd-964a-806d6172696f ======================================== New device connected at 5.4.2009 3:38:43 Scanning for connected USB mass storage... ---------------------------------------- G: {71b51c91-fc17-11dd-b1fe-000df057a41e} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on G: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 71b51c91-fc17-11dd-b1fe-000df057a41e ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== ======================================== Removed G: ======================================== New device connected at 5.4.2009 3:39:19 Scanning for connected USB mass storage... ---------------------------------------- H: {71b51c88-fc17-11dd-b1fe-000df057a41e} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on H: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 71b51c88-fc17-11dd-b1fe-000df057a41e ======================================== ---------------------------------------- Desktop.ini on H: - None ---------------------------------------- ======================================== ======================================== Removed H: ======================================== Dopuna: 05 Apr 2009 3:45 USBNoRisk 1.6 by bobby Started at 5.4.2009 3:43:21 Scanning for connected USB Mass storage... ---------------------------------------- ======================================== Scanning for other storage... ---------------------------------------- C: {4a09361b-7cf7-11dc-b9df-806d6172696f} D: {4a09361c-7cf7-11dc-b9df-806d6172696f} E: {4a09361d-7cf7-11dc-b9df-806d6172696f} ======================================== Scanning fixed storage for autorun.inf files... ---------------------------------------- Autorun.inf on C: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for C: No key found for 4a09361b-7cf7-11dc-b9df-806d6172696f ======================================== Autorun.inf on D: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for D: No key found for 4a09361c-7cf7-11dc-b9df-806d6172696f ======================================== Autorun.inf on E: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for E: No key found for 4a09361d-7cf7-11dc-b9df-806d6172696f ======================================== autorun.inf found in Qoobox ---------------------------------------- Content of C:\QooBox\Quarantine\C\autorun.inf.vir ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ňżŞ(&O) shell\open\Command=gg.exe 0o shell\explore=×ĘÔ´ąÜŔíĆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- Content of C:\QooBox\Quarantine\D\autorun.inf.vir ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ňżŞ(&O) shell\open\Command=gg.exe 0o shell\explore=×ĘÔ´ąÜŔíĆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- Content of C:\QooBox\Quarantine\E\autorun.inf.vir ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ňżŞ(&O) shell\open\Command=gg.exe 0o shell\explore=×ĘÔ´ąÜŔíĆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- New device connected at 5.4.2009 3:43:53 Scanning for connected USB mass storage... ---------------------------------------- H: {c30f56e7-87e6-11dc-878f-0019dbd0b9c2} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on H: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for c30f56e7-87e6-11dc-878f-0019dbd0b9c2 ======================================== ---------------------------------------- Desktop.ini on H: - None ---------------------------------------- ======================================== ======================================== Removed H: ======================================== New device connected at 5.4.2009 3:43:57 Scanning for connected USB mass storage... ---------------------------------------- H: {c30f56e7-87e6-11dc-878f-0019dbd0b9c2} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on H: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for c30f56e7-87e6-11dc-878f-0019dbd0b9c2 ======================================== ---------------------------------------- Desktop.ini on H: - None ---------------------------------------- ======================================== ======================================== Removed H: ======================================== New device connected at 5.4.2009 3:44:28 Scanning for connected USB mass storage... ---------------------------------------- G: {f2cfc787-19c3-11dd-889f-0019dbd0b9c2} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on G: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for f2cfc787-19c3-11dd-889f-0019dbd0b9c2 ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== ======================================== Removed G: ========================================

Profil

argus Poslao: 06 Apr 2009 08:54 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! @branka.dj racunari su cisti, ostaje da uradis sledece na oba racunara. Deinstalacija ComboFix-a: Klikni START a zatim RUN. U liniju za unos teksta ukucaj (iskopiraj) sledeće: Combofix /u a zatim klikni OK. Sačekaj da se proces deinstalacije završi.

Profil

branka.dj Poslao: 06 Apr 2009 11:53 Idi na vrh
offline branka.dj Novi MyCity građanin Pridružio: 02 Apr 2009 Poruke: 28	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok. Hvala puno! Stvarno ste mi puno pomogli!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virus1?

Ko je trenutno na forumu

Ukupno su 748 korisnika na forumu :: 68 registrovanih, 10 sakrivenih i 670 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, AirSremac, aleph_one, baltazar01, Bo96, Bojan198527, BORUTUS, cenejac111, Ciri1994, Colt D, cuvarkuca, dekan.m, DENIRO, Djota1, DJUNTA, Dogma21, dolinalima, dukajov, dzada, Electron, Glauber, Goxy1, Gradjanin, Grandmaster1, Grebostrek, Hans Gajger, helen1, iceburn, ikan, ivran064, Jeremiah, king111, larix, leopard83, Lieutenant, Lubenica303, MadMike, MaschinenPistole, mat, mile.ilic75, MilosM, mmelezovic, moldway, Mzee, niksa517, OKT, Paki, Pekman, Pururin, ruma, Sami_1ali, Sase, Siti2, Sićko, SKYLINE, stegonosa, Tas011, Teodor60, TheDictator, tooooom, tubular, vathra, Vojkan Petrovic, Zanimljivo, Zoca, Zoran1959, Zrcalo, Zvlade

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by