MyCity » Ambulanta -> Arhiva Ambulante » Zaražen PC

Zaražen PC

Napisano na dan: 16.2.2009

Strana:
1
2

Zaražen PC

Sledeća strana

Pagination

Odgovori

Strana:
1
2

vr7600 Poslao: 16 Feb 2009 10:51 Idi na vrh
offline vr7600 Novi MyCity građanin Pridružio: 25 Jan 2008 Poruke: 26	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! PC mi je (bio) umrežen sa drugim PC-em. Kada pošaljem printati na 2. PC javlja da ne postoji mrežna veza. Kada ubodem USB stik ne prepoznaje ga, ili ga prepozna, a umjesto njegove ikone stavi mi ikonu foldera. AV mi nalazi nekakve malware koje ne mogu skinuti i sl. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 10:44:36, on 16.2.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Stardock\ThinkDesk\Multiplicity\MultiSrv32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\EPSON\ESM2\eEBAgent.exe C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\BeautifulEarth\Beautiful-Earth.exe C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\soffice.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\WINDOWS\System32\TuneUpDefragService.exe C:\PROGRA~1\FLOCK\FLOCK.EXE C:\Documents and Settings\Računalo 2\Desktop\HijackThis 2.0.0 Beta\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ponuda-jn.nn.hr/Login.aspx O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [GGWallpaper] C:\Program Files\BeautifulEarth\Beautiful-Earth.exe O4 - HKCU\..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\preload.exe C:\DOCUME~1\RAUNAL~1\IBM\Lotus\Symphony\.sodc\ O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll O9 - Extra 'Tools' menuitem: &Postavke Gearsa - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - catalog.update.microsoft.com/v7/site/Client.....4167314281 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\ESM2\eEBAgent.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe O23 - Service: Google Update Service (gupdate1c98795f66c459c) (gupdate1c98795f66c459c) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InCD Helper (InCDSrv) - Nero AG - C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Stardock Multiplicity (Multiplicity) - Unknown owner - C:\PROGRA~1\Stardock\ThinkDesk\Multiplicity\MultiSrv32.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 9600 bytes

Profil

dr_Bora Poslao: 16 Feb 2009 16:58 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Citat:AV mi nalazi nekakve malware koje ne mogu skinuti i sl. Može li ovo malo preciznije? Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings.... U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK. Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

vr7600 Poslao: 17 Feb 2009 07:46 Idi na vrh
offline vr7600 Novi MyCity građanin Pridružio: 25 Jan 2008 Poruke: 26	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-02-15.01 - Računalo 2 2009-02-17 7:31:06.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1033.18.1023.569 [GMT 1:00] Running from: c:\documents and settings\Računalo 2\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090216-1] On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF ((((((((((((((((((((((((( Files Created from 2009-01-17 to 2009-02-17 ))))))))))))))))))))))))))))))) . 2009-02-16 09:23 . 2009-02-16 09:23 <DIR> d--h----- c:\program files\Zenographics 2009-02-16 09:23 . 2006-07-28 11:00 143,360 -ra------ c:\windows\apptune1018.exe 2009-02-16 09:23 . 2006-07-28 11:00 106,496 -ra------ c:\windows\system32\vshp1018.dll 2009-02-16 09:23 . 2006-07-28 11:00 28,672 -ra------ c:\windows\system32\zlm.dll 2009-02-16 09:23 . 2006-07-28 11:00 28,672 -ra------ c:\windows\system32\IMF32.DLL 2009-02-16 09:23 . 2006-07-28 11:00 24,576 -ra------ c:\windows\system32\ZTAG32.DLL 2009-02-16 09:23 . 2006-07-28 11:00 7,280 -ra------ c:\windows\system32\ZSHP1018.HLP 2009-02-16 09:21 . 2009-02-16 09:22 <DIR> d-------- C:\hp_LJ1018_Full_Solution 2009-02-16 08:45 . 2007-12-10 08:00 430,080 --a------ c:\windows\system32\ZSHP1018.EXE 2009-02-16 08:45 . 2007-12-10 08:00 128,380 --a------ c:\windows\system32\hp1018.img 2009-02-16 08:45 . 2007-12-10 08:00 106,496 --a------ c:\windows\system32\ZSPOOL.DLL 2009-02-16 08:45 . 2007-12-10 08:00 102,400 --a------ c:\windows\system32\ZLhp1018.DLL 2009-02-16 08:45 . 2007-12-10 08:00 61,440 --a------ c:\windows\system32\ZIMF.DLL 2009-02-16 08:45 . 2007-12-10 08:00 53,248 --a------ c:\windows\system32\ZTAG.DLL 2009-02-16 08:45 . 2007-12-10 08:00 10,632 --a------ c:\windows\system32\ZSHP1018.CHM 2009-02-16 08:29 . 2008-04-13 20:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-02-16 08:29 . 2008-04-13 20:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2009-02-11 10:47 . 2009-02-13 07:37 127 --a------ c:\windows\wininit.ini 2009-02-11 07:05 . 2009-02-11 07:05 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-02-09 14:11 . 2009-02-09 14:11 <DIR> d-------- c:\documents and settings\Administrator.RACUNALO2 2009-02-04 15:15 . 2009-02-04 15:25 <DIR> d-------- c:\program files\Stardock 2009-02-04 15:15 . 2009-02-04 15:15 <DIR> d-------- c:\program files\Common Files\stardock 2009-02-04 15:15 . 2003-03-18 15:05 89,088 --a------ c:\windows\system32\atl71.dll 2009-02-04 15:15 . 2000-10-20 01:05 25,088 --a------ c:\windows\system32\msxml3a.dll 2009-02-04 11:45 . 2009-02-04 11:45 <DIR> d-------- c:\documents and settings\Računalo 2\IBM 2009-02-04 11:45 . 2009-02-04 11:45 <DIR> d-------- c:\documents and settings\Računalo 2\IBM 2009-02-04 11:44 . 2009-02-04 11:44 <DIR> d-------- c:\program files\IBM 2009-02-04 10:53 . 2009-02-04 10:53 <DIR> d-------- c:\documents and settings\Računalo 2\DownloadDirector 2009-02-04 10:53 . 2009-02-04 10:53 <DIR> d-------- c:\documents and settings\Računalo 2\DownloadDirector 2009-02-04 10:53 . 2009-02-04 10:53 <DIR> d-------- c:\documents and settings\Ra_unalo 2\DownloadDirector 2009-02-04 10:53 . 2009-02-04 10:53 <DIR> d-------- c:\documents and settings\Ra_unalo 2 2009-02-04 08:18 . 2009-02-04 08:32 <DIR> d-------- c:\documents and settings\Računalo 2\Application Data\IObit 2009-02-04 08:15 . 2009-02-05 09:40 <DIR> d-a------ c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2009-01-30 12:47 . 2009-01-30 12:50 <DIR> d-------- c:\program files\WhiteSmoke 2009-01-30 12:47 . 2009-01-30 12:50 23 --a------ c:\windows\settings.ini 2009-01-23 09:52 . 2009-01-23 09:53 250 --a------ c:\windows\gmer.ini 2009-01-22 10:05 . 2009-01-22 10:05 <DIR> d-------- c:\windows\system32\hr-HR 2009-01-22 09:11 . 2009-01-22 10:35 <DIR> d-------- C:\dc245d67aca233770e0567461b 2009-01-22 07:58 . 2009-02-04 11:43 <DIR> d-------- c:\windows\Downloaded Installations 2009-01-19 09:57 . 2009-01-19 09:58 <DIR> d-------- c:\documents and settings\Računalo 2\dwhelper 2009-01-19 09:57 . 2009-01-19 09:58 <DIR> d-------- c:\documents and settings\Računalo 2\dwhelper . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-17 06:35 --------- d-----w c:\documents and settings\Računalo 2\Application Data\BeautifulEarth 2009-02-17 06:29 --------- d-----w c:\program files\Flock 2009-02-16 08:23 --------- d-----w c:\program files\Hewlett-Packard 2009-02-13 09:15 --------- d-----w c:\documents and settings\Računalo 2\Application Data\Canon 2009-02-13 06:14 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-13 06:14 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-02-12 11:06 --------- d-----w c:\program files\Google 2009-02-11 15:04 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2009-02-10 09:23 --------- d-----w c:\program files\Defraggler 2009-02-05 14:27 --------- d-----w c:\program files\Common Files\ArcSoft 2009-02-05 14:27 --------- d-----w c:\program files\ASCII Art Studio 2009-02-05 14:27 --------- d-----w c:\program files\ArcSoft 2009-02-05 14:27 --------- d-----w c:\documents and settings\Računalo 2\Application Data\ArcSoft 2009-02-05 14:27 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ArcSoft 2009-02-05 11:26 --------- d-----w c:\program files\eMule 2009-02-05 08:39 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-04 07:18 --------- d-----w c:\program files\IObit 2009-02-03 12:15 --------- d-----w c:\program files\Canon 2009-01-29 11:00 --------- d-----w c:\program files\TuneUp Utilities 2008 2009-01-28 08:50 --------- d-----w c:\program files\MSECache 2009-01-16 11:50 --------- d-----w c:\program files\Cucusoft 2009-01-08 07:41 --------- dc----w c:\documents and settings\All Users.WINDOWS\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2009-01-08 06:51 --------- d-----w c:\program files\Java 2008-12-23 09:47 --------- d-----w c:\documents and settings\Računalo 2\Application Data\Ahead 2008-12-23 09:44 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Nero 2008-12-22 08:56 --------- d-----w c:\program files\SSC Service Utility . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2008-09-19 15:53 98328 --a------ c:\program files\Nero\Nero 9\InCD\NBHshx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "GGWallpaper"="c:\program files\BeautifulEarth\Beautiful-Earth.exe" [2008-08-05 774656] "SODCPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\preload.exe" [2009-02-04 40960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000] "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] 2005-01-31 15:13 49152 c:\progra~1\COMMON~1\stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Multi] 2008-04-09 17:10 90112 c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder] -ra------ 2006-07-30 11:00 98304 c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "Vip Communicator"="c:\program files\Vip\Vip Communicator\Vip Communicator.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "InCD"=c:\program files\Nero\Nero 9\InCD\InCD.exe "NBHGui"=c:\program files\Nero\Nero 9\InCD\NBHGui.exe "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "RTHDCPL"=RTHDCPL.EXE "Alcmtr"=ALCMTR.EXE "SkyTel"=SkyTel.EXE "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "nwiz"=nwiz.exe /install "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\Google\\Google SketchUp 7\\SketchUp.exe"= "c:\\Program Files\\Vip\\Vip Communicator\\Vip Communicator.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\IBM\\Lotus\\Symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.0.200810171336\\win32\\x86\\symphony.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1055:TCP"= 1055:TCP:Discreet BrowseD "1066:TCP"= 1066:TCP:Discreet Slave Render [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-10-10 11264] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-14 114768] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-14 20560] R2 Multiplicity;Stardock Multiplicity;c:\progra~1\Stardock\ThinkDesk\Multiplicity\MultiSrv32.exe [2009-02-04 242936] R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [2008-09-19 108568] S2 gupdate1c98795f66c459c;Google Update Service (gupdate1c98795f66c459c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 133104] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe [2008-10-20 98488] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f72f5b3-9900-11dd-bb5e-0019661222f3}] \Shell\AutoRun\command - F:\AutoTransfer.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8feaf030-ede7-11dd-bbd3-0019661222f3}] \Shell\AutoRun\command - F:\ \Shell\open\Command - rundll32.exe .\desktop.dll,InstallM . Contents of the 'Scheduled Tasks' folder 2009-02-17 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09] 2009-02-16 c:\windows\Tasks\Defraggler Volume C Task.job - c:\program files\Defraggler\df.exe [2009-02-03 12:22] 2009-02-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 14:30] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ponuda-jn.nn.hr/Login.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-17 07:35:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(740) c:\progra~1\COMMON~1\Stardock\mcpstub.dll c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\EPSON\ESM2\eEBSvc.exe c:\progra~1\COMMON~1\stardock\SDMCP.exe c:\program files\EPSON\ESM2\eEBAgent.exe c:\program files\Nero\Nero 9\InCD\InCDSrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\searchindexer.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\soffice.exe . ************************************************************************ . Completion time: 2009-02-17 7:38:56 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-17 06:38:54 Pre-Run: 28.578.623.488 bytes free Post-Run: 28,500,213,760 bytes free 225 --- E O F --- 2009-02-11 15:05:22 Dopuna: 17 Feb 2009 7:46 što se tiče malwarea, otprilike takve poruke dobivam. Svako malo nekakav win32 klon. Ko da mi je AV niš koristi!

Profil

dr_Bora Poslao: 17 Feb 2009 16:42 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

vr7600 Poslao: 19 Feb 2009 10:50 Idi na vrh
offline vr7600 Novi MyCity građanin Pridružio: 25 Jan 2008 Poruke: 26	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napravio sam kako si rekao. Kada sam ubacio 1. stik ništa se nije događalo. prozor na programčiću bio je bijel preko min. pa sam ga ugasio (Ctrl+shift+esc) i restartao PC. kada se sustav digao, zabunom sam ubacio stik, a da nisam uključio tvoj program. Čim sam to skužio odmah sam ga odspojio. Upalio sam tvoj program i ubacio 2 stika. Za oboje se javio AV sa porukom, (slike prilažem), te sam ih stavio u karantenu. Evo isvještaja: USBNoRisk by bobby Started at 19.2.2009 10:37:41 Scanning for connected USB Mass storage... ---------------------------------------- ======================================== Scanning for other storage... ---------------------------------------- C: {9ca6ffd6-96a9-11dd-9f77-806d6172696f} D: {9ca6ffd7-96a9-11dd-9f77-806d6172696f} ======================================== Scanning fixed storage for autorun.inf files... ---------------------------------------- Autorun.inf on C: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for C: No key found for 9ca6ffd6-96a9-11dd-9f77-806d6172696f ======================================== Autorun.inf on D: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for D: No key found for 9ca6ffd7-96a9-11dd-9f77-806d6172696f ======================================== ======================================== New device connected at 19.2.2009 10:37:47 Scanning for connected USB mass storage... ---------------------------------------- F: {0634bb40-a0cb-11dd-bb6e-0019661222f3} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- autorun.inf found on F: ---------------------------------------- File F:\autorun.inf renamed successfully Content of F:\autorun.inf.blocked ---------------------------------------- ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- Sanitized 0634bb40-a0cb-11dd-bb6e-0019661222f3 ======================================== ---------------------------------------- Desktop.ini on F: - None ---------------------------------------- ======================================== ======================================== Removed F: ======================================== New device connected at 19.2.2009 10:39:38 Scanning for connected USB mass storage... ---------------------------------------- F: {d5a6f127-990e-11dd-bb5f-0019661222f3} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- autorun.inf found on F: ---------------------------------------- File F:\autorun.inf renamed successfully Content of F:\autorun.inf.blocked ---------------------------------------- ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for d5a6f127-990e-11dd-bb5f-0019661222f3 ======================================== ---------------------------------------- Desktop.ini on F: - None ---------------------------------------- ========================================

Profil

dr_Bora Poslao: 19 Feb 2009 17:08 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje? Detektuje li AV nešto, prikazuju li se usb drive-ovi kako treba?

Profil

vr7600 Poslao: 20 Feb 2009 07:12 Idi na vrh
offline vr7600 Novi MyCity građanin Pridružio: 25 Jan 2008 Poruke: 26	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! AV ništa ne detektira, i USBovi se prikazuju u win. ex. kako treba, ali nema SAMO POKRENI (auto play ili kako se već zove) izbornika!

Profil

dr_Bora Poslao: 20 Feb 2009 21:17 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradi sledeće: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore Što se tiče autorun-a... ComboFIx ga je deaktivirao kako bi ''zatvorio vrata'' USB infektorima. Preporučio bih da autorun ostane isključen, no ako baš želiš, možemo ga aktivirati.

Profil

vr7600 Poslao: 24 Feb 2009 12:21 Idi na vrh
offline vr7600 Novi MyCity građanin Pridružio: 25 Jan 2008 Poruke: 26	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Učinjeno! I to je to, ili...? PS Kako se aktivira AUTORUN (čisto informativno)?

Profil

dr_Bora Poslao: 24 Feb 2009 18:56 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: To je to. Dvoklikom na ovaj file aktiviraš autoplay (biće potreban restart): https://www.mycity.rs/must-login.png

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Zaražen PC

Ko je trenutno na forumu

Ukupno su 500 korisnika na forumu :: 6 registrovanih, 2 sakrivenih i 492 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: dulleo, lord sir giga, opt1, sasa76, vathra, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by