MyCity » Ambulanta -> Arhiva Ambulante » dali je jos kompjuter zarazen

dali je jos kompjuter zarazen

Napisano na dan: 7.5.2008

dali je jos kompjuter zarazen

Sledeća strana

Pagination

Odgovori

MAKEDONAC Poslao: 07 Maj 2008 18:26 Idi na vrh
offline MAKEDONAC Ugledni građanin Pridružio: 22 Avg 2006 Poruke: 425 Gde živiš: Kranj	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imam dva osa na kom , na c je vista a na D je xp sp2 . xp mi je juce celi dan samo restartirao i nisam mogao u safe mode da uđem pa sam preko viste pregledao kom sa nod32 i nasao je nekih 28 virusa 20 -tak komada je izbrisao a 8 nije mogao u safe mode sam ga skenirao , onda sam koristoo spybot i on je nekoliko unistio . Samo sada mi se vise ne pojavljuje onaj plavi ekran posle kojeg je uvek sledio restart ali sada nemogu kis nikako da podignem javi mi neku gresku . Logfile of HijackThis v1.99.1 Scan saved at 18:16:48, on 7.5.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\Messenger\msmsgs.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe D:\WINDOWS\system32\IoctlSvc.exe D:\WINDOWS\system32\PnkBstrA.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\PC Connectivity Solution\ServiceLayer.exe D:\Program Files\iPod\bin\iPodService.exe D:\WINDOWS\system32\drivers\downld\67359.exe D:\Program Files\Windows Live\Messenger\usnsvc.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe D:\Documents and Settings\trajce\Desktop\HijackTik.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.si/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live - Pomoc pri vpisu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [SkinClock] D:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe O4 - HKCU\..\Run: [IncrediMail] D:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - Startup: Microsoft Office Groove.lnk = D:\Program Files\Microsoft Office\Office12\GROOVE.EXE O8 - Extra context menu item: Dodaj u Protiv reklama - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Statistika mrežnog Anti-Virusa - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Pošlji v OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: P&ošlji v OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe

Profil

dr_Bora Poslao: 07 Maj 2008 18:42 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (D:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

MAKEDONAC Poslao: 07 Maj 2008 18:58 Idi na vrh
offline MAKEDONAC Ugledni građanin Pridružio: 22 Avg 2006 Poruke: 425 Gde živiš: Kranj	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nemogu da ga pokrenem nedozvoljava mi . Dopuna: 07 Maj 2008 18:56 Ni jedan program nemoze da se pokrene ni spybot ni kasperski ,probao sam da ocistim i registar sa cclener i on ne radi javi mi greska u win 32 program ni validan . Dopuna: 07 Maj 2008 18:58 ComboFix pokusava da se pokrene , ali bez uspeha .

Profil

dr_Bora Poslao: 07 Maj 2008 19:07 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obriši tu verziju ComboFix-a koju trenutno imaš. Klikni desnim tasterom na neki od sledećih linkova: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe i izaberi opciju Save as (Save target as... ili sličnu) i u prozoru koji se otvori snimi file kao ElCrappo.exe. Znači, preimenuj ComboFix.exe u ElCrappo.exe još pri download-u. Probaj da li nakon toga radi...

Profil

MAKEDONAC Poslao: 07 Maj 2008 19:44 Idi na vrh
offline MAKEDONAC Ugledni građanin Pridružio: 22 Avg 2006 Poruke: 425 Gde živiš: Kranj	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-01.3 - trajce 2008-05-07 19:24:05.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.81 [GMT 2:00] Running from: D:\Documents and Settings\trajce\Desktop\ElCrappo.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\WINDOWS\system32\ban_list.txt D:\WINDOWS\system32\drivers\downld D:\WINDOWS\system32\drivers\downld\108453.exe D:\WINDOWS\system32\drivers\downld\108812.exe D:\WINDOWS\system32\drivers\downld\111640.exe D:\WINDOWS\system32\drivers\downld\122718.exe D:\WINDOWS\system32\drivers\downld\137656.exe D:\WINDOWS\system32\drivers\downld\147531.exe D:\WINDOWS\system32\drivers\downld\157203.exe D:\WINDOWS\system32\drivers\downld\165062.exe D:\WINDOWS\system32\drivers\downld\184156.exe D:\WINDOWS\system32\drivers\downld\204375.exe D:\WINDOWS\system32\drivers\downld\207718.exe D:\WINDOWS\system32\drivers\downld\214937.exe D:\WINDOWS\system32\drivers\downld\222015.exe D:\WINDOWS\system32\drivers\downld\229421.exe D:\WINDOWS\system32\drivers\downld\58296.exe D:\WINDOWS\system32\drivers\downld\62390.exe D:\WINDOWS\system32\drivers\downld\67359.exe D:\WINDOWS\system32\drivers\downld\68250.exe D:\WINDOWS\system32\drivers\downld\77171.exe D:\WINDOWS\system32\drivers\downld\91000.exe D:\WINDOWS\system32\drivers\hldrrr.exe D:\WINDOWS\system32\drivers\mdelk.exe D:\WINDOWS\system32\drivers\srosa.sys D:\WINDOWS\system32\mdelk.exe D:\WINDOWS\system32\wintems.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))) . 2008-05-04 13:14 . 2008-05-04 13:14 <DIR> d-------- D:\Program Files\Generalia Software 2008-04-30 19:01 . 2002-02-12 14:00 61,440 --a------ D:\WINDOWS\system32\WMErrSLV.dll 2008-04-30 19:01 . 2002-02-12 14:00 34,638 --a------ D:\WINDOWS\WMPrfSLV.prx 2008-04-30 15:55 . 2008-04-30 15:55 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-04-29 22:30 . 2008-04-30 18:42 <DIR> d-------- D:\Program Files\Alawar 2008-04-29 22:03 . 2006-06-27 05:40 12,800 --a------ D:\WINDOWS\system32\wgatray.exe.bak 2008-04-29 22:03 . 2006-06-27 05:40 12,800 -----c--- D:\WINDOWS\system32\dllcache\WgaTray.exe 2008-04-29 22:03 . 2006-06-27 05:40 3,584 -----c--- D:\WINDOWS\system32\dllcache\WgaLogon.dll 2008-04-29 21:57 . 2006-06-27 05:40 3,584 --a------ D:\WINDOWS\system32\wgalogon.dll.bak 2008-04-29 15:27 . 2008-04-29 15:27 <DIR> d-------- D:\WINDOWS\system32\CatRoot_bak 2008-04-19 10:44 . 2008-04-19 10:44 <DIR> d-------- D:\Program Files\Arjaloc 2008-04-18 16:28 . 2008-04-18 16:28 <DIR> d-------- D:\Program Files\NovaLogic 2008-04-18 16:28 . 2008-04-18 16:28 <DIR> d-------- D:\Documents and Settings\trajce\WINDOWS 2008-04-18 16:28 . 1997-08-26 12:06 315,904 --a------ D:\WINDOWS\IsUninst.exe 2008-04-18 15:47 . 2008-04-18 15:47 <DIR> d-------- D:\Program Files\Croteam 2008-04-16 18:16 . 2008-05-07 19:35 54,156 --ah----- D:\WINDOWS\QTFont.qfn 2008-04-16 18:16 . 2008-04-16 18:16 1,409 --a------ D:\WINDOWS\QTFont.for 2008-04-16 18:15 . 2008-04-16 18:15 <DIR> d-------- D:\Program Files\iTunes 2008-04-16 18:15 . 2008-04-16 18:15 <DIR> d-------- D:\Program Files\iPod 2008-04-16 18:12 . 2008-04-16 18:13 <DIR> d-------- D:\Program Files\QuickTime 2008-04-16 17:40 . 2008-04-16 17:40 <DIR> d-------- D:\Program Files\Apple Software Update 2008-04-14 19:29 . 2008-04-30 18:41 <DIR> d-------- D:\Program Files\City Interactive 2008-04-13 08:36 . 2008-04-13 08:36 <DIR> d-------- D:\WINDOWS\system32\Adobe 2008-04-13 06:17 . 2008-04-18 15:51 96,645 --a------ D:\WINDOWS\system32\drivers\klin.dat 2008-04-13 06:17 . 2008-04-18 15:51 87,941 --a------ D:\WINDOWS\system32\drivers\klick.dat 2008-04-13 06:16 . 2008-04-13 06:16 <DIR> d-------- D:\Program Files\Kaspersky Lab 2008-04-13 06:16 . 2008-05-06 22:00 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-13 06:16 . 2008-05-06 22:03 23,036,192 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat 2008-04-13 06:16 . 2008-05-06 22:03 397,856 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-13 06:16 . 2008-05-06 22:03 309,332 --ahs---- D:\WINDOWS\system32\drivers\fidbox.idx 2008-04-13 06:16 . 2008-05-06 22:03 40,100 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.idx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-06 19:55 --------- d-----w D:\Program Files\eMule 2008-04-30 19:03 --------- d-----w D:\Documents and Settings\trajce\Application Data\uTorrent 2008-04-30 16:54 --------- d-----w D:\Documents and Settings\trajce\Application Data\Yahoo! 2008-04-30 16:54 --------- d-----w D:\Documents and Settings\All Users\Application Data\Yahoo! 2008-04-30 16:47 --------- d-----w D:\Program Files\Yahoo! 2008-04-30 16:45 --------- d--h--w D:\Program Files\InstallShield Installation Information 2008-04-30 16:45 --------- d-----w D:\Program Files\Real 2008-04-30 16:13 --------- d-----w D:\Program Files\TuneUp Utilities 2008 2008-04-21 14:15 --------- d-----w D:\Documents and Settings\trajce\Application Data\Skype 2008-04-21 13:24 --------- d-----w D:\Documents and Settings\trajce\Application Data\skypePM 2008-04-19 18:08 --------- d-----w D:\Program Files\Safari 2008-04-10 14:31 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-05 05:03 --------- d-----w D:\Program Files\Opera 2008-04-05 04:56 --------- d-----w D:\Program Files\Mozilla Firefox 3 Beta 4 2008-04-03 21:06 --------- d-----w D:\Program Files\PartyGaming 2008-04-03 07:05 --------- d-----w D:\Documents and Settings\trajce\Application Data\Nokia Multimedia Player 2008-04-03 06:44 22,328 ----a-w D:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-04-02 20:09 --------- d-----w D:\Program Files\Common Files\Adobe 2008-04-02 17:14 --------- d-----w D:\Program Files\USB Vibration Joystick 2008-04-02 04:55 --------- d-----w D:\Program Files\YouTube Downloader 2008-03-26 17:39 --------- d-----w D:\Documents and Settings\trajce\Application Data\Apple Computer 2008-03-25 10:10 --------- d-----w D:\Program Files\Common Files\Ahead 2008-03-25 10:10 --------- d-----w D:\Program Files\Ahead 2008-03-24 09:44 --------- d-----w D:\Program Files\NeroInstall.bak 2008-03-24 09:43 --------- d-----w D:\Documents and Settings\trajce\Application Data\Nero 2008-03-24 09:40 --------- d-----w D:\Program Files\Common Files\Nero 2008-03-24 09:37 --------- d-----w D:\Program Files\Nero 2008-03-24 09:37 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nero 2008-03-24 09:15 --------- d-----w D:\Program Files\Windows Live 2008-03-22 18:58 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-22 18:56 --------- d-----w D:\Program Files\Skype 2008-03-22 18:56 --------- d-----w D:\Program Files\Common Files\Skype 2008-03-22 18:56 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype 2008-03-12 17:03 --------- d-----w D:\Documents and Settings\trajce\Application Data\Nokia 2008-03-11 17:01 --------- d-----w D:\Documents and Settings\trajce\Application Data\Samsung 2008-03-11 15:32 --------- d-----w D:\Documents and Settings\All Users\Application Data\PC Suite 2008-03-11 14:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-11 14:02 --------- d-----w D:\Program Files\Common Files\Apple 2008-03-11 14:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple 2008-03-10 19:08 --------- d-----w D:\Program Files\Common Files\Teleca Shared 2008-03-10 19:08 --------- d-----w D:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-03-10 18:46 --------- d-----w D:\Program Files\DIFX 2008-03-10 18:45 --------- d-----w D:\Program Files\PC Connectivity Solution 2008-03-10 18:45 --------- d-----w D:\Program Files\Nokia 2008-03-10 18:45 --------- d-----w D:\Program Files\Common Files\PCSuite 2008-03-10 18:45 --------- d-----w D:\Program Files\Common Files\Nokia 2008-03-10 18:45 --------- d-----w D:\Documents and Settings\trajce\Application Data\PC Suite 2008-03-10 18:44 --------- d-----w D:\Documents and Settings\All Users\Application Data\Installations 2008-03-10 18:37 --------- d-----w D:\Program Files\Samsung 2008-03-07 15:54 --------- d-----w D:\Program Files\Hasbro 2008-02-28 16:38 972,072 ----a-w D:\WINDOWS\UNNeroMediaHome.exe 2008-02-26 15:14 972,072 ----a-w D:\WINDOWS\UNRecode.exe 2008-01-17 22:22 22,328 ----a-w D:\Documents and Settings\trajce\Application Data\PnkBstrK.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="D:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [ ] "IncrediMail"="D:\Program Files\IncrediMail\bin\IncMail.exe" [2008-01-16 14:20 204843] "msnmsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-05-07 19:27 218376] "TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-16 02:14 185896] "QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 14:20 227328] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:56 15360] "Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 16:58 1744896] D:\Documents and Settings\trajce\Start Menu\Programs\Startup\ Microsoft Office Groove.lnk - D:\Program Files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 16:37:44 338216] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe "SweetIM"=D:\Program Files\Macrogaming\SweetIM\SweetIM.exe "Yahoo! Pager"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet "MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" /background "VoipDiscount"="D:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized "SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "Skype"="D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime "SoundMan"=SOUNDMAN.EXE "Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "NeroFilterCheck"=D:\WINDOWS\system32\NeroCheck.exe "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" "GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "RemoveWGA"=F:\trajce\Priporočeni programi\WGA_kill\RemoveWGA.exe -startup "LogitechVideoRepair"=D:\Program Files\Logitech\Video\ISStart.exe "LogitechVideoTray"=D:\Program Files\Logitech\Video\LogiTray.exe "LVCOMSX"=D:\WINDOWS\system32\LVCOMSX.EXE "SweetIM"=D:\Program Files\Macrogaming\SweetIM\SweetIM.exe "QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" "PCSuiteTrayApplication"=D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup "NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\uTorrent\\uTorrent.exe"= "D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "D:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "D:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "D:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "D:\\WINDOWS\\system32\\PnkBstrA.exe"= "D:\\WINDOWS\\system32\\PnkBstrB.exe"= "D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "D:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"= "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "D:\\Program Files\\iTunes\\iTunes.exe"= "D:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 UxTuneUp;TuneUp Theme Extension;D:\WINDOWS\System32\svchost.exe [2004-08-04 06:56] S3 k600bus;Sony Ericsson 600i driver (WDM);D:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 20:08] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 20:11] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;D:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 20:11] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;D:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 20:13] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;D:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 20:15] S3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\system32\DRIVERS\klim5.sys [] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;D:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-04 07:37] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2008-04-18 16:11:38 D:\WINDOWS\Tasks\1-Click Maintenance.job" - D:\Program Files\TuneUp Utilities 2008\OneClick.exe "2008-04-26 17:59:05 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - D:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-07 19:35:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 484 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe D:\WINDOWS\system32\IoctlSvc.exe D:\WINDOWS\system32\PnkBstrA.exe D:\Program Files\PC Connectivity Solution\ServiceLayer.exe D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\Windows Live\Messenger\usnsvc.exe D:\WINDOWS\system32\verclsid.exe . ************************************************************************ . Completion time: 2008-05-07 19:43:05 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-07 17:42:57 Pre-Run: 6,113,013,760 bytes free Post-Run: 20,380,622,848 bytes free 245 --- E O F --- 2008-05-07 17:41:43

Profil

dr_Bora Poslao: 07 Maj 2008 20:08 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi Dr.Web CureIt (~9 MB). Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode) Dvoklikom pokreni cureit.exe, nakon čega će se pojaviti uvodni prozor - klikni Start Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i, u meniju koji se otvori, klikni Move incurable: Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu. ------------------------------------------------------------------------------------- Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Save ... dugme ispod - sačuvaj negde taj file. Priloži Gmer log uz poruku (opcija Prikači fajl).

Profil

MAKEDONAC Poslao: 08 Maj 2008 19:23 Idi na vrh
offline MAKEDONAC Ugledni građanin Pridružio: 22 Avg 2006 Poruke: 425 Gde živiš: Kranj	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: A0106960.exe C:\System Volume Information\_restore{3D5F196F-B8F0-4A1B-B47A-072B136CB4E0}\RP144 Program.mIRC.623 Incurable.Moved. A0106961.exe E:\System Volume Information\_restore{3D5F196F-B8F0-4A1B-B47A-072B136CB4E0}\RP144 Tool.Game(zabranjeno) Incurable.Moved. Preko noci sam skenirao u safe mode ali mi nije uspelo da sacuvam fajl ,izvini moja greska vise ih je nasao i obrisao .Ovo je u drugo sto sam skenirao, ali jos uvek ne mogu da pokrenem kis ,dali treba da ga ponovo instaliram . https://www.mycity.rs/must-login.png

Profil

dr_Bora Poslao: 08 Maj 2008 19:33 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MAKEDONAC Poslao: 08 Maj 2008 20:15 Idi na vrh
offline MAKEDONAC Ugledni građanin Pridružio: 22 Avg 2006 Poruke: 425 Gde živiš: Kranj	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Problem je resen hvala .

Profil

MyCity » Ambulanta -> Arhiva Ambulante » dali je jos kompjuter zarazen

Ko je trenutno na forumu

Ukupno su 810 korisnika na forumu :: 42 registrovanih, 3 sakrivenih i 765 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Apok, bobomicek, Boris BM, ccoogg123, darkangel, doktor123, doktor1964, dzoni19, GandorCC, Georgius, hyla, JOntra, Kubovac, ladro, Leonov, madza, MB120mm, mercedesamg, mikrimaus, mile23, Milos ZA, milutin134, MiroslavD, Misirac, MrNo, nemkea71, opt1, panzerwaffe, Recce, RJ, robertino, ruger357, Smiljke, Srle993, styg, vathra, Vlada1389, ZetaMan, |_MeD_|, šumar bk2, 1107

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by