MyCity » Ambulanta -> Arhiva Ambulante » nemogu se aktivirati spybot i slicne alatke

nemogu se aktivirati spybot i slicne alatke

Napisano na dan: 22.1.2009

Strana:
1
2

nemogu se aktivirati spybot i slicne alatke

Sledeća strana

Pagination

Odgovori

Strana:
1
2

orkabitola Poslao: 22 Jan 2009 21:31 Idi na vrh
offline orkabitola Novi MyCity građanin ljupco Pridružio: 22 Jan 2009 Poruke: 18 Gde živiš: bitola	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:57:39, on 22.01.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\r_server.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\csrcs.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Di recnik\Di.exe C:\WINDOWS\System32\rs32net.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\rs32net.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Di dictionary] "C:\Program Files\Di recnik\Di.exe" O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe O4 - HKLM\..\Run: [Pjoxusuyanamisu] rundll32.exe "C:\WINDOWS\Fjosobesit.dll",e O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: prevedi sa di recnikom - C:\Program Files\Di recnik\diie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - O17 - HKLM\System\CCS\Services\Tcpip\..\{59B1FFBD-5C10-44C5-A4F5-45F0E9F0F528}: NameServer = 62.162.32.5 62.162.32.6 O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: VNC Server (winvnc) - AT&T Research Labs Cambridge - C:\Program Files\ORL\VNC\WinVNC.exe -- End of file - 5475 bytes ------------------------------------------------------------------ nemogu se aktivirati spybot i slicne alatke...cak i njihove WEB stranice se isklucuju...postoecki antivirus ( AVG ) nemoze updatovati .... cak i u safe mode nista ne radi

Profil

dr_Bora Poslao: 22 Jan 2009 22:24 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana. * Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu. * U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

orkabitola Poslao: 23 Jan 2009 09:50 Idi na vrh
offline orkabitola Novi MyCity građanin ljupco Pridružio: 22 Jan 2009 Poruke: 18 Gde živiš: bitola	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! nijedna od ovih stranica se ne ukljucuje...pojavise ovo The page cannot be displayed The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings. ------------- ovo se desava sa svakom stranicom koja sadrzi nesto ciscenje Dopuna: 23 Jan 2009 9:50 da naglasim da imam ISDN konekciu....

Profil

dr_Bora Poslao: 23 Jan 2009 18:54 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini sa ovog linka: http://amf.mycity.rs/programs/mirrored/C-F.exe

Profil

orkabitola Poslao: 24 Jan 2009 11:15 Idi na vrh
offline orkabitola Novi MyCity građanin ljupco Pridružio: 22 Jan 2009 Poruke: 18 Gde živiš: bitola	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-21.04 - USER 2009-01-24 11:05:53.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.503.269 [GMT 1:00] Running from: c:\documents and settings\USER\Desktop\C-F.exe AV: AVG 7.5.549 On-access scanning disabled (Outdated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - svchost.exe: deleted 25600 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Internet Explorer\setupapi.dll c:\program files\Mozilla Firefox\setupapi.dll c:\windows\system32\AutoRun.inf c:\windows\system32\crypts.dll c:\windows\system32\csrcs.exe c:\windows\system32\drivers\65cbc041.sys c:\windows\system32\drivers\ati0msxx.sys c:\windows\system32\drivers\TDSSpaxt.sys c:\windows\system32\rs32net.exe c:\windows\system32\TDSScfum.dll c:\windows\system32\TDSSfxwp.dll c:\windows\system32\TDSSnmxh.log c:\windows\system32\TDSSnrsr.dll c:\windows\system32\TDSSofxh.dll c:\windows\system32\TDSSosvd.dat c:\windows\system32\TDSSrhym.log c:\windows\system32\TDSSriqp.dll c:\windows\system32\TDSSsbhc.dll c:\windows\system32\TDSStkdv.log c:\windows\system32\xadzlfus.dll c:\windows\system32\xadzlfus32.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TDSSserv.sys -------\Legacy_TDSSserv.sys -------\Legacy_ati0msxx -------\Legacy_icf -------\Legacy_R_SERVER -------\Service_ati0msxx -------\Service_icf -------\Service_r_server ((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))) . 2009-01-23 17:53 . 2009-01-23 17:53 <DIR> d-------- c:\program files\Universal Math Solver 2009-01-22 18:54 . 2009-01-22 18:54 <DIR> d-------- c:\program files\Trend Micro 2009-01-22 18:52 . 2009-01-22 18:52 41,984 --a------ c:\windows\Fjosobesit.dll 2009-01-22 18:52 . 2009-01-22 18:52 41,984 --a------ C:\goygfvyr.exe 2009-01-22 18:52 . 2009-01-22 18:52 705 --a------ C:\nhjib.exe 2009-01-22 18:49 . 2009-01-22 18:52 91,736 --a------ C:\tsdl.exe 2009-01-22 18:48 . 2009-01-22 18:48 2 --a------ C:\1422989061 2009-01-22 18:47 . 2009-01-22 18:47 82,432 --a------ C:\iicj.exe 2009-01-21 19:24 . 2009-01-21 19:25 <DIR> d-------- c:\program files\Spyware Terminator 2009-01-21 19:24 . 2009-01-23 17:36 <DIR> d-------- c:\documents and settings\USER\Application Data\Spyware Terminator 2009-01-21 19:24 . 2009-01-21 19:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator 2009-01-21 19:24 . 2009-01-21 19:24 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys 2009-01-20 19:35 . 2009-01-23 17:38 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-14 10:12 . 2009-01-14 10:13 248,488 --a------ c:\windows\system32\ht7x.exe 2009-01-13 17:10 . 2009-01-13 17:10 <DIR> d-------- c:\program files\Parsons Technology 2009-01-13 17:10 . 1995-01-13 14:10 108,032 --a------ c:\windows\system\Mfcuia32.dll 2009-01-13 17:10 . 1996-09-13 09:49 76,765 --a------ c:\windows\DANN5032.EXE 2009-01-09 18:21 . 2009-01-09 18:21 0 -rahs---- C:\khs 2009-01-09 18:17 . 2009-01-09 18:17 100,588 --a------ c:\windows\system32\drivers\2081d44c.sys 2009-01-09 11:21 . 2009-01-09 11:21 102,439 --a------ c:\windows\system32\msvcrt2.dll 2009-01-08 17:49 . 2009-01-09 17:57 <DIR> d-------- c:\program files\Glary Utilities 2009-01-08 08:51 . 2009-01-21 17:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVG7 2009-01-08 08:48 . 2009-01-22 18:42 <DIR> d-------- c:\documents and settings\Administrator 2009-01-06 10:42 . 2009-01-24 11:09 100,588 --a------ c:\windows\system32\drivers\4e221b4f.sys 2008-12-31 10:47 . 2008-12-31 10:47 883 -rahs---- c:\windows\system32\autorun.i 2008-12-31 10:47 . 2008-12-31 10:47 859 -rahs---- c:\windows\system32\autorun.in . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-23 19:12 14,336 ----a-w c:\windows\system32\svchost.exe 2009-01-23 08:37 --------- d-----w c:\program files\Weather Watcher 2009-01-22 17:54 --------- d-----w c:\program files\Di recnik 2009-01-21 12:29 --------- d-----w c:\documents and settings\USER\Application Data\AVG7 2009-01-13 17:27 --------- d-----w c:\documents and settings\USER\Application Data\BSplayer 2008-12-26 07:00 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7 2004-08-03 22:56 171,362 --sha-r c:\windows\system32\ipwelf.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-11-07 590848] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 155648] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 131072] "WinVNC"="c:\program files\ORL\VNC\WinVNC.exe" [2000-05-23 208896] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016] "Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656] "Pjoxusuyanamisu"="c:\windows\Fjosobesit.dll" [2009-01-22 41984] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "nwiz"="nwiz.exe" [2006-03-09 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-12-18 219136] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-18 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list] "3775:TCP"= 3775:TCP:xjjnstdg R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2006-09-18 13696] R3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2007-12-17 61648] S1 65cbc041;65cbc041;c:\windows\system32\drivers\65cbc041.sys --> c:\windows\system32\drivers\65cbc041.sys [?] S3 vmdmc;ELCON VCOMM Port Driver;c:\windows\system32\drivers\vmdmc.sys [2007-12-17 326688] S4 vytkxhmcu;Server Network;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs vytkxhmcu . - - - - ORPHANS REMOVED - - - - HKCU-Run-rs32net - c:\windows\System32\rs32net.exe HKLM-Explorer_Run-csrcs - c:\windows\system32\csrcs.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: prevedi sa di recnikom - c:\program files\Di recnik\diie.htm IE: translate with di dictionary - FF - ProfilePath - . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-24 11:08:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\4e221b4f] "ImagePath"="\SystemRoot\System32\drivers\4e221b4f.sys" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vytkxhmcu] "ServiceDll"="c:\windows\system32\ipwelf.dll" . ------------------------ Other Running Processes ------------------------ . c:\progra~1\Grisoft\AVG7\avgamsvr.exe c:\progra~1\Grisoft\AVG7\avgupsvc.exe c:\progra~1\Grisoft\AVG7\avgemc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Spyware Terminator\sp_rsser.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\rundll32.exe c:\windows\system32\ntvdm.exe . ************************************************************************ . Completion time: 2009-01-24 11:10:15 - machine was rebooted [USER] ComboFix-quarantined-files.txt 2009-01-24 10:10:12 Pre-Run: 37,858,254,848 bytes free Post-Run: 37,802,602,496 bytes free 171

Profil

dr_Bora Poslao: 24 Jan 2009 12:00 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\Fjosobesit.dll C:\goygfvyr.exe C:\nhjib.exe C:\tsdl.exe C:\1422989061 C:\iicj.exe c:\windows\system32\ht7x.exe c:\windows\system32\drivers\2081d44c.sys c:\windows\system32\drivers\4e221b4f.sys c:\windows\system32\autorun.i c:\windows\system32\autorun.in c:\windows\system32\ipwelf.dll FileLook:: c:\windows\DANN5032.EXE Driver:: 65cbc041 vytkxhmcu 4e221b4f NetSvc:: vytkxhmcu Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pjoxusuyanamisu"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list] "3775:TCP"=- Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

orkabitola Poslao: 24 Jan 2009 12:38 Idi na vrh
offline orkabitola Novi MyCity građanin ljupco Pridružio: 22 Jan 2009 Poruke: 18 Gde živiš: bitola	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-21.04 - USER 2009-01-24 12:30:53.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.503.207 [GMT 1:00] Running from: c:\documents and settings\USER\Desktop\C-F.exe Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt AV: AVG 7.5.549 On-access scanning disabled (Outdated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\1422989061 C:\goygfvyr.exe C:\iicj.exe C:\nhjib.exe C:\tsdl.exe c:\windows\Fjosobesit.dll c:\windows\system32\autorun.i c:\windows\system32\autorun.in c:\windows\system32\drivers\2081d44c.sys c:\windows\system32\drivers\4e221b4f.sys c:\windows\system32\ht7x.exe c:\windows\system32\ipwelf.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1422989061 C:\goygfvyr.exe C:\iicj.exe C:\nhjib.exe C:\tsdl.exe c:\windows\Fjosobesit.dll c:\windows\system32\autorun.i c:\windows\system32\autorun.in c:\windows\system32\drivers\2081d44c.sys c:\windows\system32\drivers\4e221b4f.sys c:\windows\system32\ht7x.exe c:\windows\system32\ipwelf.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VYTKXHMCU -------\Service_4e221b4f -------\Service_65cbc041 -------\Service_vytkxhmcu ((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))) . 2009-01-23 17:53 . 2009-01-23 17:53 <DIR> d-------- c:\program files\Universal Math Solver 2009-01-22 18:54 . 2009-01-22 18:54 <DIR> d-------- c:\program files\Trend Micro 2009-01-21 19:24 . 2009-01-21 19:25 <DIR> d-------- c:\program files\Spyware Terminator 2009-01-21 19:24 . 2009-01-23 17:36 <DIR> d-------- c:\documents and settings\USER\Application Data\Spyware Terminator 2009-01-21 19:24 . 2009-01-21 19:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator 2009-01-21 19:24 . 2009-01-21 19:24 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys 2009-01-20 19:35 . 2009-01-23 17:38 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-13 17:10 . 2009-01-13 17:10 <DIR> d-------- c:\program files\Parsons Technology 2009-01-13 17:10 . 1995-01-13 14:10 108,032 --a------ c:\windows\system\Mfcuia32.dll 2009-01-13 17:10 . 1996-09-13 09:49 76,765 --a------ c:\windows\DANN5032.EXE 2009-01-09 18:21 . 2009-01-09 18:21 0 -rahs---- C:\khs 2009-01-09 11:21 . 2009-01-09 11:21 102,439 --a------ c:\windows\system32\msvcrt2.dll 2009-01-08 17:49 . 2009-01-09 17:57 <DIR> d-------- c:\program files\Glary Utilities 2009-01-08 08:51 . 2009-01-21 17:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVG7 2009-01-08 08:48 . 2009-01-22 18:42 <DIR> d-------- c:\documents and settings\Administrator . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-23 19:12 14,336 ----a-w c:\windows\system32\svchost.exe 2009-01-23 08:37 --------- d-----w c:\program files\Weather Watcher 2009-01-22 17:54 --------- d-----w c:\program files\Di recnik 2009-01-21 12:29 --------- d-----w c:\documents and settings\USER\Application Data\AVG7 2009-01-13 17:27 --------- d-----w c:\documents and settings\USER\Application Data\BSplayer 2008-12-26 07:00 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7 . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\DANN5032.EXE -- 16-bit executable. Not a PE file. MD5: 2228283ba0ac4e765ddd486c9071fa1a ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-11-07 590848] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 155648] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 131072] "WinVNC"="c:\program files\ORL\VNC\WinVNC.exe" [2000-05-23 208896] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016] "Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "nwiz"="nwiz.exe" [2006-03-09 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-12-18 219136] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-18 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"= R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2006-09-18 13696] R3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2007-12-17 61648] S3 vmdmc;ELCON VCOMM Port Driver;c:\windows\system32\drivers\vmdmc.sys [2007-12-17 326688] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm IE: Translate with Di dictionary - TCP: {59B1FFBD-5C10-44C5-A4F5-45F0E9F0F528} = 62.162.32.5 62.162.32.6 FF - ProfilePath - . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-24 12:33:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\progra~1\Grisoft\AVG7\avgamsvr.exe c:\progra~1\Grisoft\AVG7\avgupsvc.exe c:\progra~1\Grisoft\AVG7\avgemc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Spyware Terminator\sp_rsser.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\igfxsrvc.exe . ************************************************************************ . Completion time: 2009-01-24 12:34:26 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-24 11:34:21 ComboFix2.txt 2009-01-24 10:10:16 Pre-Run: 37.789.560.832 bytes free Post-Run: 37,777,932,288 bytes free 149

Profil

dr_Bora Poslao: 24 Jan 2009 17:09 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje?

Profil

orkabitola Poslao: 25 Jan 2009 22:53 Idi na vrh
offline orkabitola Novi MyCity građanin ljupco Pridružio: 22 Jan 2009 Poruke: 18 Gde živiš: bitola	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! AVG update ...radi spybot ..radi za ostale stvari sam u teku..videcu

Profil

dr_Bora Poslao: 25 Jan 2009 22:59 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok. Ovde više ne bi trebalo biti malware-a. Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore To je sve...

Profil

MyCity » Ambulanta -> Arhiva Ambulante » nemogu se aktivirati spybot i slicne alatke

Ko je trenutno na forumu

Ukupno su 826 korisnika na forumu :: 36 registrovanih, 5 sakrivenih i 785 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksmajstor, amaterSRB, babaroga, bladesu, BlekMen, Boris Bosiljčić, BRATORIII, cavatina, Centauro, doloress, goxin, hyla, Karla, kihot, Krusarac, Kubovac, Leonov, Levi, mercedesamg, milenko crazy north, MilosKop, milutin134, moldway, novator, opt1, Oscar, panzerwaffe, Rogan33, S2M, styg, Vatreni Zmaj, VJ, voja64, VP6919, wizzardone

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by