MyCity » Ambulanta -> Arhiva Ambulante » Virusi - komp zablokirao

Virusi - komp zablokirao

Napisano na dan: 27.6.2009

Strana:
1
2
3
4

Virusi - komp zablokirao

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

draganela Poslao: 28 Jun 2009 15:35 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 28 Jun 2009 15:25 ComboFix 09-06-26.02 - Sandra 28.06.2009 15:09.1 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.834 [GMT 2:00] Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\15881874 c:\documents and settings\All Users\Application Data\15881874\15881874 c:\documents and settings\All Users\Application Data\15881874\15881874.exe c:\program files\sys c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\windows\admintxt.txt c:\windows\system32\drivers\SKYNETqbiqjovm.sys c:\windows\system32\SKYNETltkkdqbl.dat c:\windows\system32\SKYNETooboeyfi.dat c:\windows\system32\SKYNETtboppfak.dll c:\windows\system32\SKYNETxecxpqhb.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SKYNETvyxumlto -------\Legacy_SYS -------\Legacy_SYSDRV -------\Service_sys -------\Service_sysdrv ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 ))))))))))))))))))))))))))))))) . 2009-06-27 18:26 . 2009-06-27 18:26 4608 --sha-r- c:\windows\system32\drivers\blazedworm.sys 2009-06-27 18:26 . 2009-06-27 18:26 4608 --sh--r- c:\documents and settings\Sandra\blazedworm.sys 2009-06-27 15:42 . 2009-06-27 15:43 -------- d-----w- c:\documents and settings\Sandra\DoctorWeb 2009-06-25 21:36 . 2009-06-25 21:36 2 ----a-w- c:\windows\010112010146118114.dat 2009-06-25 21:35 . 2009-06-27 15:43 -------- d-sh--r- c:\program files\Manson 2009-06-25 17:52 . 2009-06-25 17:52 -------- d--h--w- c:\documents and settings\Sandra\Application Data\WinNT 2009-06-25 16:29 . 2009-06-25 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\163D8 2009-06-24 15:38 . 2009-06-24 15:38 40498 --sh--r- c:\windows\dllcache.exe 2009-06-17 00:09 . 2009-06-17 00:09 -------- d-----w- c:\documents and settings\Sandra\Local Settings\Application Data\Help . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-28 13:17 . 2009-02-26 18:42 -------- d-----w- c:\documents and settings\Sandra\Application Data\Skype 2009-06-28 13:17 . 2009-02-26 18:51 -------- d-----w- c:\documents and settings\Sandra\Application Data\skypePM 2009-06-27 16:06 . 2009-02-23 15:17 -------- d-----w- c:\program files\Mv2Player 2009-05-15 18:30 . 2009-05-15 18:30 -------- d-----w- c:\program files\iMesh Applications 2009-05-03 20:38 . 2009-02-23 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-05-03 10:54 . 2009-05-03 10:52 -------- d-----w- c:\program files\Easy MP3 Cutter 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-03-07 16:15 . 2009-03-07 16:15 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] 2009-05-04 10:54 398768 ----a-w- c:\program files\iMesh Applications\iMesh\iMeshIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432] "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-07 30192] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16861184] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8085:TCP"= 8085:TCP:sys R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 18:24 41456] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7.3.2009 18:15 30192] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [26.2.2009 23:55 250240] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [26.2.2009 23:55 476160] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4175C5F3-D47F-143B-DD4D-E67A0EB4E773}] "c:\documents and settings\Sandra\Application Data\WinNT\winlogon.exe" . - - - - ORPHANS REMOVED - - - - HKLM-Run-15881874 - c:\documents and settings\All Users\Application Data\15881874\15881874.exe Notify-WgaLogon - (no file) . ------- Supplementary Scan ------- . uStart Page = uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-06-28 15:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1085031214-1220945662-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{178BA037-E4FD-9BB8-98F1-1EB44879AD54}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iacapkhdpfpigldomj"=hex:69,61,62,6c,6c,65,67,63,6c,61,64,65,70,69,62,62,6f,66, 00,00 "haiajipcaghiflej"=hex:6a,61,6f,6c,66,66,6c,62,61,63,6e,6c,6b,70,61,6f,6c,68, 6c,6b,00,f2 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3124) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\igfxsrvc.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\windows\system32\wscntfy.exe . ************************************************************************* . Completion time: 2009-06-28 15:18 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-28 13:18 Pre-Run: 30.240.423.936 bytes free Post-Run: 29.293.973.504 bytes free 145 Nestalo mi je sve ono sa ekrana sad cu da restartujem komp da vidim da se nece ponovo pojaviti Dopuna: 28 Jun 2009 15:35 Druze sve radi, izgleda da si uspeo, cestitam i hvala ti, jel treba nesto da deinstaliram ili uklonim.

Profil

helen1 Poslao: 28 Jun 2009 15:40 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Polako, tek smo poceli, ajde probaj sada da skeniras sa Combo Fixom u normalnom rezimu, ima jos ovde da se brise.

Profil

draganela Poslao: 28 Jun 2009 15:48 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK! Uradio sam ComboFix 09-06-26.02 - Sandra 28.06.2009 15:42.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.598 [GMT 2:00] Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 ))))))))))))))))))))))))))))))) . 2009-06-28 13:18 . 2009-06-28 13:18 -------- dc----w- c:\windows\system32\dllcache\cache 2009-06-27 18:26 . 2009-06-27 18:26 4608 --sha-r- c:\windows\system32\drivers\blazedworm.sys 2009-06-27 18:26 . 2009-06-27 18:26 4608 --sh--r- c:\documents and settings\Sandra\blazedworm.sys 2009-06-27 15:42 . 2009-06-27 15:43 -------- d-----w- c:\documents and settings\Sandra\DoctorWeb 2009-06-25 21:36 . 2009-06-25 21:36 2 ----a-w- c:\windows\010112010146118114.dat 2009-06-25 21:35 . 2009-06-27 15:43 -------- d-sh--r- c:\program files\Manson 2009-06-25 17:52 . 2009-06-25 17:52 -------- d--h--w- c:\documents and settings\Sandra\Application Data\WinNT 2009-06-25 16:29 . 2009-06-25 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\163D8 2009-06-24 15:38 . 2009-06-24 15:38 40498 --sh--r- c:\windows\dllcache.exe 2009-06-17 00:09 . 2009-06-17 00:09 -------- d-----w- c:\documents and settings\Sandra\Local Settings\Application Data\Help . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-28 13:41 . 2009-02-26 18:42 -------- d-----w- c:\documents and settings\Sandra\Application Data\Skype 2009-06-28 13:17 . 2009-02-26 18:51 -------- d-----w- c:\documents and settings\Sandra\Application Data\skypePM 2009-06-27 16:06 . 2009-02-23 15:17 -------- d-----w- c:\program files\Mv2Player 2009-05-15 18:30 . 2009-05-15 18:30 -------- d-----w- c:\program files\iMesh Applications 2009-05-03 20:38 . 2009-02-23 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-05-03 10:54 . 2009-05-03 10:52 -------- d-----w- c:\program files\Easy MP3 Cutter 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-03-07 16:15 . 2009-03-07 16:15 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-28_13.17.43 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-14 12:00 . 2009-06-28 13:32 41238 c:\windows\system32\perfc009.dat + 2009-06-28 13:18 . 2008-01-23 16:34 53592 c:\windows\system32\dllcache\cache\wuauclt.exe + 2009-06-28 13:18 . 2008-04-14 12:00 82432 c:\windows\system32\dllcache\cache\ws2_32.dll + 2009-06-28 13:18 . 2008-04-14 12:00 26112 c:\windows\system32\dllcache\cache\userinit.exe + 2009-06-28 13:18 . 2008-04-14 12:00 14336 c:\windows\system32\dllcache\cache\svchost.exe + 2009-06-28 13:18 . 2008-04-14 12:00 57856 c:\windows\system32\dllcache\cache\spoolsv.exe + 2009-06-28 13:18 . 2008-04-14 12:00 17408 c:\windows\system32\dllcache\cache\powrprof.dll + 2009-06-28 13:18 . 2008-04-14 12:00 13312 c:\windows\system32\dllcache\cache\lsass.exe + 2009-06-28 13:18 . 2008-04-14 12:00 24576 c:\windows\system32\dllcache\cache\kbdclass.sys + 2009-06-28 13:18 . 2008-04-14 12:00 36608 c:\windows\system32\dllcache\cache\ip6fw.sys + 2009-06-28 13:18 . 2008-04-14 12:00 15360 c:\windows\system32\dllcache\cache\ctfmon.exe + 2008-04-14 12:00 . 2009-06-28 13:32 315076 c:\windows\system32\perfh009.dat + 2009-06-28 13:18 . 2008-04-24 13:33 507904 c:\windows\system32\dllcache\cache\winlogon.exe + 2009-06-28 13:18 . 2008-04-23 03:35 827392 c:\windows\system32\dllcache\cache\wininet.dll + 2009-06-28 13:18 . 2008-04-14 12:00 578560 c:\windows\system32\dllcache\cache\user32.dll + 2009-06-28 13:18 . 2008-04-14 12:00 295424 c:\windows\system32\dllcache\cache\termsrv.dll + 2009-06-28 13:18 . 2008-06-20 11:59 361600 c:\windows\system32\dllcache\cache\tcpip.sys + 2009-06-28 13:18 . 2008-04-14 12:00 108544 c:\windows\system32\dllcache\cache\services.exe + 2009-06-28 13:18 . 2008-04-25 11:36 182912 c:\windows\system32\dllcache\cache\ndis.sys + 2009-06-28 13:18 . 2008-04-14 12:00 989696 c:\windows\system32\dllcache\cache\kernel32.dll + 2009-06-28 13:18 . 2008-04-14 12:00 110080 c:\windows\system32\dllcache\cache\imm32.dll + 2009-06-28 13:18 . 2008-04-14 12:00 167936 c:\windows\system32\dllcache\cache\appmgmts.dll + 2009-06-28 13:18 . 2008-04-14 12:00 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll + 2009-06-28 13:18 . 2008-04-23 11:49 2189184 c:\windows\system32\dllcache\cache\ntoskrnl.exe + 2009-06-28 13:18 . 2008-04-14 12:00 2066048 c:\windows\system32\dllcache\cache\ntkrnlpa.exe + 2009-06-28 13:18 . 2008-04-14 12:00 1033728 c:\windows\system32\dllcache\cache\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] 2009-05-04 10:54 398768 ----a-w- c:\program files\iMesh Applications\iMesh\iMeshIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432] "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-07 30192] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16861184] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8085:TCP"= 8085:TCP:sys R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 18:24 41456] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7.3.2009 18:15 30192] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [26.2.2009 23:55 250240] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [26.2.2009 23:55 476160] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4175C5F3-D47F-143B-DD4D-E67A0EB4E773}] "c:\documents and settings\Sandra\Application Data\WinNT\winlogon.exe" . . ------- Supplementary Scan ------- . uStart Page = uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-06-28 15:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1085031214-1220945662-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{178BA037-E4FD-9BB8-98F1-1EB44879AD54}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iacapkhdpfpigldomj"=hex:69,61,62,6c,6c,65,67,63,6c,61,64,65,70,69,62,62,6f,66, 00,00 "haiajipcaghiflej"=hex:6a,61,6f,6c,66,66,6c,62,61,63,6e,6c,6b,70,61,6f,6c,68, 6c,6b,00,f2 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2896) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-06-28 15:44 ComboFix-quarantined-files.txt 2009-06-28 13:44 ComboFix2.txt 2009-06-28 13:18 Pre-Run: 29.285.490.688 bytes free Post-Run: 29.278.904.320 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 150

Profil

helen1 Poslao: 28 Jun 2009 15:59 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\drivers\blazedworm.sys c:\documents and settings\Sandra\blazedworm.sys Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8085:TCP"=- [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4175C5F3-D47F-143B-DD4D-E67A0EB4E773}] Folder:: c:\documents and settings\Sandra\Application Data\WinNT DirLook:: c:\program files\Manson c:\documents and settings\All Users\Application Data\163D8` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

draganela Poslao: 28 Jun 2009 16:07 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-06-26.02 - Sandra 28.06.2009 16:01.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.562 [GMT 2:00] Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Sandra\Desktop\CFScript.txt * Created a new restore point FILE :: "c:\documents and settings\Sandra\blazedworm.sys" "c:\windows\system32\drivers\blazedworm.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Sandra\Application Data\WinNT c:\documents and settings\Sandra\Application Data\WinNT\winlogon.exe c:\documents and settings\Sandra\blazedworm.sys c:\windows\system32\drivers\blazedworm.sys . ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 ))))))))))))))))))))))))))))))) . 2009-06-28 13:18 . 2009-06-28 13:18 -------- dc----w- c:\windows\system32\dllcache\cache 2009-06-27 15:42 . 2009-06-27 15:43 -------- d-----w- c:\documents and settings\Sandra\DoctorWeb 2009-06-25 21:36 . 2009-06-25 21:36 2 ----a-w- c:\windows\010112010146118114.dat 2009-06-25 21:35 . 2009-06-27 15:43 -------- d-sh--r- c:\program files\Manson 2009-06-25 16:29 . 2009-06-25 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\163D8 2009-06-24 15:38 . 2009-06-24 15:38 40498 --sh--r- c:\windows\dllcache.exe 2009-06-17 00:09 . 2009-06-17 00:09 -------- d-----w- c:\documents and settings\Sandra\Local Settings\Application Data\Help . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-28 14:03 . 2009-02-26 18:42 -------- d-----w- c:\documents and settings\Sandra\Application Data\Skype 2009-06-28 14:02 . 2009-02-26 18:51 -------- d-----w- c:\documents and settings\Sandra\Application Data\skypePM 2009-06-27 16:06 . 2009-02-23 15:17 -------- d-----w- c:\program files\Mv2Player 2009-05-15 18:30 . 2009-05-15 18:30 -------- d-----w- c:\program files\iMesh Applications 2009-05-03 20:38 . 2009-02-23 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-05-03 10:54 . 2009-05-03 10:52 -------- d-----w- c:\program files\Easy MP3 Cutter 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-03-07 16:15 . 2009-03-07 16:15 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\All Users\Application Data\163D8 ---- 2009-06-25 16:29 . 2009-02-17 16:14 2329 ----a-w- c:\documents and settings\All Users\Application Data\163D8\{EE59EE25-432A-4923-B32E-5F022EF95DDA}.swf ---- Directory of c:\program files\Manson ---- ((((((((((((((((((((((((((((( SnapShot@2009-06-28_13.17.43 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-14 12:00 . 2009-06-28 13:32 41238 c:\windows\system32\perfc009.dat + 2009-06-28 13:18 . 2008-01-23 16:34 53592 c:\windows\system32\dllcache\cache\wuauclt.exe + 2009-06-28 13:18 . 2008-04-14 12:00 82432 c:\windows\system32\dllcache\cache\ws2_32.dll + 2009-06-28 13:18 . 2008-04-14 12:00 26112 c:\windows\system32\dllcache\cache\userinit.exe + 2009-06-28 13:18 . 2008-04-14 12:00 14336 c:\windows\system32\dllcache\cache\svchost.exe + 2009-06-28 13:18 . 2008-04-14 12:00 57856 c:\windows\system32\dllcache\cache\spoolsv.exe + 2009-06-28 13:18 . 2008-04-14 12:00 17408 c:\windows\system32\dllcache\cache\powrprof.dll + 2009-06-28 13:18 . 2008-04-14 12:00 13312 c:\windows\system32\dllcache\cache\lsass.exe + 2009-06-28 13:18 . 2008-04-14 12:00 24576 c:\windows\system32\dllcache\cache\kbdclass.sys + 2009-06-28 13:18 . 2008-04-14 12:00 36608 c:\windows\system32\dllcache\cache\ip6fw.sys + 2009-06-28 13:18 . 2008-04-14 12:00 15360 c:\windows\system32\dllcache\cache\ctfmon.exe + 2008-04-14 12:00 . 2009-06-28 13:32 315076 c:\windows\system32\perfh009.dat + 2009-06-28 13:18 . 2008-04-24 13:33 507904 c:\windows\system32\dllcache\cache\winlogon.exe + 2009-06-28 13:18 . 2008-04-23 03:35 827392 c:\windows\system32\dllcache\cache\wininet.dll + 2009-06-28 13:18 . 2008-04-14 12:00 578560 c:\windows\system32\dllcache\cache\user32.dll + 2009-06-28 13:18 . 2008-04-14 12:00 295424 c:\windows\system32\dllcache\cache\termsrv.dll + 2009-06-28 13:18 . 2008-06-20 11:59 361600 c:\windows\system32\dllcache\cache\tcpip.sys + 2009-06-28 13:18 . 2008-04-14 12:00 108544 c:\windows\system32\dllcache\cache\services.exe + 2009-06-28 13:18 . 2008-04-25 11:36 182912 c:\windows\system32\dllcache\cache\ndis.sys + 2009-06-28 13:18 . 2008-04-14 12:00 989696 c:\windows\system32\dllcache\cache\kernel32.dll + 2009-06-28 13:18 . 2008-04-14 12:00 110080 c:\windows\system32\dllcache\cache\imm32.dll + 2009-06-28 13:18 . 2008-04-14 12:00 167936 c:\windows\system32\dllcache\cache\appmgmts.dll + 2009-06-28 13:18 . 2008-04-14 12:00 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll + 2009-06-28 13:18 . 2008-04-23 11:49 2189184 c:\windows\system32\dllcache\cache\ntoskrnl.exe + 2009-06-28 13:18 . 2008-04-14 12:00 2066048 c:\windows\system32\dllcache\cache\ntkrnlpa.exe + 2009-06-28 13:18 . 2008-04-14 12:00 1033728 c:\windows\system32\dllcache\cache\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] 2009-05-04 10:54 398768 ----a-w- c:\program files\iMesh Applications\iMesh\iMeshIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432] "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-07 30192] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16861184] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 18:24 41456] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7.3.2009 18:15 30192] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [26.2.2009 23:55 250240] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [26.2.2009 23:55 476160] . . ------- Supplementary Scan ------- . uStart Page = uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-06-28 16:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1085031214-1220945662-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{178BA037-E4FD-9BB8-98F1-1EB44879AD54}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iacapkhdpfpigldomj"=hex:69,61,62,6c,6c,65,67,63,6c,61,64,65,70,69,62,62,6f,66, 00,00 "haiajipcaghiflej"=hex:6a,61,6f,6c,66,66,6c,62,61,63,6e,6c,6b,70,61,6f,6c,68, 6c,6b,00,f2 . Completion time: 2009-06-28 16:04 ComboFix-quarantined-files.txt 2009-06-28 14:04 ComboFix2.txt 2009-06-28 13:44 ComboFix3.txt 2009-06-28 13:18 Pre-Run: 29.271.633.920 bytes free Post-Run: 29.264.203.776 bytes free 147

Profil

helen1 Poslao: 28 Jun 2009 16:17 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo bi trebalo da zavrsi posao: Otvoriti Notepad i iskopirati sledeci tekst: `Folder:: c:\program files\Manson c:\documents and settings\All Users\Application Data\163D8 File:: c:\windows\dllcache.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

draganela Poslao: 28 Jun 2009 16:27 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-06-26.02 - Sandra 28.06.2009 16:20.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.565 [GMT 2:00] Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Sandra\Desktop\CFScript.txt FILE :: "c:\windows\dllcache.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\163D8 c:\documents and settings\All Users\Application Data\163D8\{EE59EE25-432A-4923-B32E-5F022EF95DDA}.swf c:\program files\Manson c:\windows\dllcache.exe . ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 ))))))))))))))))))))))))))))))) . 2009-06-28 13:18 . 2009-06-28 13:18 -------- dc----w- c:\windows\system32\dllcache\cache 2009-06-27 15:42 . 2009-06-27 15:43 -------- d-----w- c:\documents and settings\Sandra\DoctorWeb 2009-06-25 21:36 . 2009-06-25 21:36 2 ----a-w- c:\windows\010112010146118114.dat 2009-06-17 00:09 . 2009-06-17 00:09 -------- d-----w- c:\documents and settings\Sandra\Local Settings\Application Data\Help . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-28 14:03 . 2009-02-26 18:42 -------- d-----w- c:\documents and settings\Sandra\Application Data\Skype 2009-06-28 14:02 . 2009-02-26 18:51 -------- d-----w- c:\documents and settings\Sandra\Application Data\skypePM 2009-06-27 16:06 . 2009-02-23 15:17 -------- d-----w- c:\program files\Mv2Player 2009-05-15 18:30 . 2009-05-15 18:30 -------- d-----w- c:\program files\iMesh Applications 2009-05-03 20:38 . 2009-02-23 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-05-03 10:54 . 2009-05-03 10:52 -------- d-----w- c:\program files\Easy MP3 Cutter 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-03-07 16:15 . 2009-03-07 16:15 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-28_13.17.43 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-14 12:00 . 2009-06-28 13:32 41238 c:\windows\system32\perfc009.dat + 2009-06-28 13:18 . 2008-01-23 16:34 53592 c:\windows\system32\dllcache\cache\wuauclt.exe + 2009-06-28 13:18 . 2008-04-14 12:00 82432 c:\windows\system32\dllcache\cache\ws2_32.dll + 2009-06-28 13:18 . 2008-04-14 12:00 26112 c:\windows\system32\dllcache\cache\userinit.exe + 2009-06-28 13:18 . 2008-04-14 12:00 14336 c:\windows\system32\dllcache\cache\svchost.exe + 2009-06-28 13:18 . 2008-04-14 12:00 57856 c:\windows\system32\dllcache\cache\spoolsv.exe + 2009-06-28 13:18 . 2008-04-14 12:00 17408 c:\windows\system32\dllcache\cache\powrprof.dll + 2009-06-28 13:18 . 2008-04-14 12:00 13312 c:\windows\system32\dllcache\cache\lsass.exe + 2009-06-28 13:18 . 2008-04-14 12:00 24576 c:\windows\system32\dllcache\cache\kbdclass.sys + 2009-06-28 13:18 . 2008-04-14 12:00 36608 c:\windows\system32\dllcache\cache\ip6fw.sys + 2009-06-28 13:18 . 2008-04-14 12:00 15360 c:\windows\system32\dllcache\cache\ctfmon.exe + 2008-04-14 12:00 . 2009-06-28 13:32 315076 c:\windows\system32\perfh009.dat + 2009-06-28 13:18 . 2008-04-24 13:33 507904 c:\windows\system32\dllcache\cache\winlogon.exe + 2009-06-28 13:18 . 2008-04-23 03:35 827392 c:\windows\system32\dllcache\cache\wininet.dll + 2009-06-28 13:18 . 2008-04-14 12:00 578560 c:\windows\system32\dllcache\cache\user32.dll + 2009-06-28 13:18 . 2008-04-14 12:00 295424 c:\windows\system32\dllcache\cache\termsrv.dll + 2009-06-28 13:18 . 2008-06-20 11:59 361600 c:\windows\system32\dllcache\cache\tcpip.sys + 2009-06-28 13:18 . 2008-04-14 12:00 108544 c:\windows\system32\dllcache\cache\services.exe + 2009-06-28 13:18 . 2008-04-25 11:36 182912 c:\windows\system32\dllcache\cache\ndis.sys + 2009-06-28 13:18 . 2008-04-14 12:00 989696 c:\windows\system32\dllcache\cache\kernel32.dll + 2009-06-28 13:18 . 2008-04-14 12:00 110080 c:\windows\system32\dllcache\cache\imm32.dll + 2009-06-28 13:18 . 2008-04-14 12:00 167936 c:\windows\system32\dllcache\cache\appmgmts.dll + 2009-06-28 13:18 . 2008-04-14 12:00 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll + 2009-06-28 13:18 . 2008-04-23 11:49 2189184 c:\windows\system32\dllcache\cache\ntoskrnl.exe + 2009-06-28 13:18 . 2008-04-14 12:00 2066048 c:\windows\system32\dllcache\cache\ntkrnlpa.exe + 2009-06-28 13:18 . 2008-04-14 12:00 1033728 c:\windows\system32\dllcache\cache\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] 2009-05-04 10:54 398768 ----a-w- c:\program files\iMesh Applications\iMesh\iMeshIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432] "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-07 30192] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16861184] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 18:24 41456] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7.3.2009 18:15 30192] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [26.2.2009 23:55 250240] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [26.2.2009 23:55 476160] . . ------- Supplementary Scan ------- . uStart Page = uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-06-28 16:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1085031214-1220945662-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{178BA037-E4FD-9BB8-98F1-1EB44879AD54}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iacapkhdpfpigldomj"=hex:69,61,62,6c,6c,65,67,63,6c,61,64,65,70,69,62,62,6f,66, 00,00 "haiajipcaghiflej"=hex:6a,61,6f,6c,66,66,6c,62,61,63,6e,6c,6b,70,61,6f,6c,68, 6c,6b,00,f2 . Completion time: 2009-06-28 16:22 ComboFix-quarantined-files.txt 2009-06-28 14:22 ComboFix2.txt 2009-06-28 14:04 ComboFix3.txt 2009-06-28 13:44 ComboFix4.txt 2009-06-28 13:18 Pre-Run: 29.270.114.304 bytes free Post-Run: 29.260.828.672 bytes free 138

Profil

helen1 Poslao: 28 Jun 2009 16:33 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ima li sada nekih problema?

Profil

draganela Poslao: 28 Jun 2009 16:36 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ja koliko vidim, radi odlicno!

Profil

helen1 Poslao: 28 Jun 2009 16:37 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sada nabavi neki antivirus, pod hitno, ako ga nemas.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virusi - komp zablokirao

Ko je trenutno na forumu

Ukupno su 1258 korisnika na forumu :: 55 registrovanih, 8 sakrivenih i 1195 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., ajo baba, amaterSRB, Apok, armor, Atomski čoban, bojank, Bubimir, cenejac111, cinoeye, darcaud, Dorcolac, dragoljub11987, Futurama, Istman, Ivan Campo, JimmyNapoli, Kaplar2, Karla, kokodakalo, kolle.the.kid, Krusarac, Krvava Devetka, kuntalo, Lieutenant, Luka1998, Marko Marković, Metanoja, mile23, milenko crazy north, milimoj, miodrag, moldway, Nemanja.M, Oscar, ozzy, panzerwaffe, Rakenica, raketaš, raso7, Regrut Boskica, royst33, SR-3m, Srki94, Srle993, stankolich, VP6919, wolf431, wolverined4, Wrangler, zdrebac, Živković, Žrnov, žeks62

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by