MyCity » Ambulanta -> Arhiva Ambulante » opet problemi...

opet problemi...

Napisano na dan: 5.5.2008

Strana:
1
2

opet problemi...

Sledeća strana

Pagination

Odgovori

Strana:
1
2

smz Poslao: 05 Maj 2008 09:00 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nije proslo ni dva meseca i opet problemi. U potrazi za dokumentacijom jednog TouchScreen TFT monitora windows me je upozorio da je detektovao spyware infekciju i to u istom trenutku kada sam kliknuo na link koji me je sa neke HPove stranice trebao odvesti do trazenog monitora otvorila se reklama za neke (film-za-odrasle)-o kasete...i tako dva puta.AD-Aware2007 koliko sam ja shvatio izbrise sve sto je pronasao ali kada restartujem comp opet je sve tamo gde je i bilo dok mi windows stalno nudi da skinem neki remover program, sto ja odbijam. Evo i rezultata koje je odradio Hijack. Logfile of HijackThis v1.99.1 Scan saved at 08:41:36, on 05.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\shell.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\AOL\1198000098\ee\AOLSoftware.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AOL 9.0\aoltray.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe C:\DATEV\SYSTEM\PSNTSERV.EXE C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft SQL Server\MSSQL$DATEV_CL_DE01\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Common Files\Aol\aoltpspd.exe C:\Documents and Settings\Administrator\Desktop\New Folder (3)\HijackThis1.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1198000098\ee\AOLSoftware.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe O4 - Startup: findfast.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: autorun.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .3gp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - lizardtech.com/download/files/win/djvup....._de_DE.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{821CF5A8-6EFE-472C-9CF0-977E1825ED79}: NameServer = 205.188.146.145 O17 - HKLM\System\CCS\Services\Tcpip\..\{DCE93D17-A689-4B6F-B3A0-8BB79EAFCBBD}: NameServer = 213.191.92.87 62.109.123.6 O17 - HKLM\System\CS1\Services\Tcpip\..\{821CF5A8-6EFE-472C-9CF0-977E1825ED79}: NameServer = 205.188.146.145 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: DATEV Druckservice (DatevPrintService) - DATEV eG - C:\DATEV\SYSTEM\PSNTSERV.EXE O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Profil

dr_Bora Poslao: 05 Maj 2008 16:33 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

smz Poslao: 06 Maj 2008 14:04 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo druze odradio sam... ComboFix 08-05-01.3 - Administrator 2008-05-06 13:58:15.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.707 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Application Data\pcpriv.exe C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe C:\WINDOWS\inf\ultra.inf C:\WINDOWS\shell.exe C:\WINDOWS\system32\cmnocfg.xml C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\qviexio3.dat C:\WINDOWS\system32\spoolvs.exe . ((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 ))))))))))))))))))))))))))))))) . 2008-04-30 15:47 . 2008-04-30 15:47 <DIR> d-------- C:\Program Files\syscmd 2008-04-14 13:02 . 2008-04-14 13:05 453 --a------ C:\WINDOWS\brwmark.ini 2008-04-14 13:02 . 2008-04-14 13:02 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi 2008-04-14 13:02 . 2008-04-14 13:02 58 --a------ C:\WINDOWS\brmx2001.ini 2008-04-14 13:02 . 2008-04-14 13:02 52 --a------ C:\WINDOWS\BRPP2KA.INI 2008-04-14 13:02 . 2008-04-14 13:02 40 --a------ C:\WINDOWS\opt_1440.ini 2008-04-14 13:02 . 2008-04-14 13:02 30 --a------ C:\WINDOWS\system32\brss01a.ini 2008-04-14 13:01 . 2001-07-19 00:00 217,088 --a------ C:\WINDOWS\system32\BRSPL01A.DLL 2008-04-14 13:01 . 2002-01-15 00:01 94,208 --a------ C:\WINDOWS\system32\BRSPL01A.EXE 2008-04-14 13:01 . 2001-11-01 00:01 81,920 --a------ C:\WINDOWS\system32\BRSPLWMK.DLL 2008-04-14 13:01 . 2001-11-23 00:00 57,344 --a------ C:\WINDOWS\system32\BRSVC01A.EXE 2008-04-14 13:01 . 2000-12-18 01:02 53,248 --a------ C:\WINDOWS\system32\BRSPL2KB.DLL 2008-04-14 13:01 . 2001-12-13 00:01 45,056 --a------ C:\WINDOWS\system32\BRSS01A.EXE 2008-04-14 12:43 . 2008-04-14 12:43 <DIR> d-------- C:\hl1400er 2008-04-09 13:04 . 2008-04-09 13:04 630,838 --a------ C:\WINDOWS\ACD Wallpaper.bmp 2008-04-07 16:48 . 2008-04-07 16:48 17,144 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-04 17:28 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-04-04 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-03-27 13:28 --------- d-----w C:\Program Files\SmartDraw 2008 2008-03-27 12:31 --------- d-----w C:\Program Files\ibf 2008-03-27 12:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ibf 2008-03-27 12:07 --------- d-----w C:\Program Files\Hutson Systems 2008-03-26 10:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8 2008-03-26 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-26 09:20 --------- d-----w C:\Program Files\Lavasoft 2008-03-26 09:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-26 09:16 --------- d-----w C:\Program Files\i-Sound Pro 2008-03-19 09:03 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-17 09:07 --------- d-----w C:\Program Files\Common Files\Nero 2008-03-17 09:06 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-03-17 09:05 --------- d-----w C:\Program Files\Ahead 2008-03-17 09:04 --------- d-----w C:\Program Files\Common Files\Ahead 2008-03-14 11:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR 2008-03-14 11:21 --------- d-----w C:\Program Files\AVG 2008-03-14 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-02-25 07:46 39,993 ----a-w C:\WINDOWS\system32\msratnit.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:21 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-17 09:44 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-06-21 14:42 70952] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-18 15:34 98304] "HostManager"="C:\Program Files\Common Files\AOL\1198000098\ee\AOLSoftware.exe" [2006-09-26 02:52 50736] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 17:16 37376] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe] "RegistryMechanic"="" [] "Device Detector"="DevDetect.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] AOL 9.0 Tray-Symbol.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-12-18 15:33:27 156784] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\AOL 9.0\\waol.exe"= "C:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe"= "C:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe"= "C:\\Program Files\\Common Files\\aol\\1198000098\\ee\\aolsoftware.exe"= "C:\\DATEV\\PROGRAMM\\Install\\ExecDll\\ExecDllExe.exe"= "C:\\DATEV\\PROGRAMM\\Install\\Uninstal.exe"= "C:\\DATEV\\PROGRAMM\\B0000005\\CDBTool.exe"= "C:\\DATEV\\PROGRAMM\\SRVTOOL\\srvtool.exe"= C:\\DATEV\\PROGRAMM\\SRVTOOL\\srvtool "C:\\DATEV\\PROGRAMM\\DBMSTool\\dvpcdbcockpit.exe"= "C:\\DATEV\\PROGRAMM\\DDM\\DMT.exe"= "C:\\DATEV\\PROGRAMM\\DDM\\DMTUtil.exe"= "C:\\DATEV\\PROGRAMM\\DService\\LayDBAdm.exe"= "C:\\DATEV\\PROGRAMM\\NesyMand\\NesyMand.exe"= R2 DatevPrintService;DATEV Druckservice;C:\DATEV\SYSTEM\PSNTSERV.EXE [2003-11-06 18:00] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 02:05] R2 MSSQL$DATEV_CL_DE01;MSSQL$DATEV_CL_DE01;C:\Program Files\Microsoft SQL Server\MSSQL$DATEV_CL_DE01\Binn\sqlservr.exe [2003-12-05 18:10] R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29] R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-10-31 07:50] R3 AVMUNET;AVM FRITZ!Box;C:\WINDOWS\system32\DRIVERS\avmunet.sys [2004-11-24 03:00] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 02:05] S3 SQLAgent$DATEV_CL_DE01;SQLAgent$DATEV_CL_DE01;C:\Program Files\Microsoft SQL Server\MSSQL$DATEV_CL_DE01\Binn\sqlagent.EXE [2002-12-17 18:23] Newly Created Service - ATWPKT2 Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-06 14:00:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-06 14:01:42 ComboFix-quarantined-files.txt 2008-05-06 12:01:26 ComboFix2.txt 2008-04-03 10:25:50 Pre-Run: 6,849,462,272 bytes free Post-Run: 6,881,103,872 bytes free 143

Profil

dr_Bora Poslao: 06 Maj 2008 16:21 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\msratnit.dll DirLook:: C:\Program Files\syscmd C:\hl1400er` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

smz Poslao: 07 Maj 2008 09:41 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradjeno... ComboFix 08-05-01.3 - Administrator 2008-05-07 9:38:14.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.669 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\msratnit.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\msratnit.dll . ((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))) . 2008-04-30 15:47 . 2008-04-30 15:47 <DIR> d-------- C:\Program Files\syscmd 2008-04-14 13:02 . 2008-04-14 13:05 453 --a------ C:\WINDOWS\brwmark.ini 2008-04-14 13:02 . 2008-04-14 13:02 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi 2008-04-14 13:02 . 2008-04-14 13:02 58 --a------ C:\WINDOWS\brmx2001.ini 2008-04-14 13:02 . 2008-04-14 13:02 52 --a------ C:\WINDOWS\BRPP2KA.INI 2008-04-14 13:02 . 2008-04-14 13:02 40 --a------ C:\WINDOWS\opt_1440.ini 2008-04-14 13:02 . 2008-04-14 13:02 30 --a------ C:\WINDOWS\system32\brss01a.ini 2008-04-14 13:01 . 2001-07-19 00:00 217,088 --a------ C:\WINDOWS\system32\BRSPL01A.DLL 2008-04-14 13:01 . 2002-01-15 00:01 94,208 --a------ C:\WINDOWS\system32\BRSPL01A.EXE 2008-04-14 13:01 . 2001-11-01 00:01 81,920 --a------ C:\WINDOWS\system32\BRSPLWMK.DLL 2008-04-14 13:01 . 2001-11-23 00:00 57,344 --a------ C:\WINDOWS\system32\BRSVC01A.EXE 2008-04-14 13:01 . 2000-12-18 01:02 53,248 --a------ C:\WINDOWS\system32\BRSPL2KB.DLL 2008-04-14 13:01 . 2001-12-13 00:01 45,056 --a------ C:\WINDOWS\system32\BRSS01A.EXE 2008-04-14 12:43 . 2008-04-14 12:43 <DIR> d-------- C:\hl1400er 2008-04-09 13:04 . 2008-04-09 13:04 630,838 --a------ C:\WINDOWS\ACD Wallpaper.bmp 2008-04-07 16:48 . 2008-04-07 16:48 17,144 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-04 17:28 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-04-04 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-03-27 13:28 --------- d-----w C:\Program Files\SmartDraw 2008 2008-03-27 12:31 --------- d-----w C:\Program Files\ibf 2008-03-27 12:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ibf 2008-03-27 12:07 --------- d-----w C:\Program Files\Hutson Systems 2008-03-26 10:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8 2008-03-26 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-26 09:20 --------- d-----w C:\Program Files\Lavasoft 2008-03-26 09:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-26 09:16 --------- d-----w C:\Program Files\i-Sound Pro 2008-03-19 09:03 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-17 09:07 --------- d-----w C:\Program Files\Common Files\Nero 2008-03-17 09:06 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-03-17 09:05 --------- d-----w C:\Program Files\Ahead 2008-03-17 09:04 --------- d-----w C:\Program Files\Common Files\Ahead 2008-03-14 11:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR 2008-03-14 11:21 --------- d-----w C:\Program Files\AVG 2008-03-14 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\hl1400er ---- 2002-01-15 09:01 52240 --a------ C:\hl1400er\pcl\GERMAN\BRSPL01A.EX_ 2001-12-13 09:01 20556 --a------ C:\hl1400er\pcl\GERMAN\BRSS01A.EX_ 2001-12-13 09:01 16888 --a------ C:\hl1400er\pcl\GERMAN\BRPP2KA.DL_ 2001-11-23 09:00 29852 --a------ C:\hl1400er\pcl\GERMAN\BRSVC01A.EX_ 2001-11-01 09:01 41194 --a------ C:\hl1400er\pcl\GERMAN\BRSPLWMK.DL_ 2001-09-28 01:11 2719 --a------ C:\hl1400er\pcl\GERMAN\OEMHL01A.INF 2001-09-27 09:00 173 --a------ C:\hl1400er\pcl\GERMAN\BRSVC01A.BS_ 2001-05-15 00:28 17651 --a------ C:\hl1400er\pcl\GERMAN\OEMHL01A.CAT 2001-04-23 10:22 91178 --a------ C:\hl1400er\pcl\GERMAN\B06HL01A.DL_ 2001-04-23 10:22 91178 --a------ C:\hl1400er\pcl\GERMAN\B05HL01A.DL_ 2001-04-23 10:22 91171 --a------ C:\hl1400er\pcl\GERMAN\B04HL01A.DL_ 2001-04-23 10:22 91162 --a------ C:\hl1400er\pcl\GERMAN\B03HL01A.DL_ 2001-04-23 10:22 40111 --a------ C:\hl1400er\pcl\GERMAN\BRLHL01A.DL_ 2001-04-23 10:22 264660 --a------ C:\hl1400er\pcl\GERMAN\BRUHL01A.DL_ 2001-04-23 10:22 110893 --a------ C:\hl1400er\pcl\GERMAN\BROHL01A.DL_ 2001-04-23 10:22 10669 --a------ C:\hl1400er\pcl\GERMAN\BROHL144.PPD 2001-04-23 10:22 10543 --a------ C:\hl1400er\pcl\GERMAN\BROHL147.PPD 2001-04-23 10:22 10522 --a------ C:\hl1400er\pcl\GERMAN\BROHL123.PPD 2001-04-23 10:22 10497 --a------ C:\hl1400er\pcl\GERMAN\BROHL145.PPD 2001-03-30 10:10 13927 --a------ C:\hl1400er\pcl\GERMAN\BRQIKMON.HL_ 2001-03-30 10:00 3795 --a------ C:\hl1400er\pcl\GERMAN\BROHL147.IN_ 2001-03-30 10:00 3795 --a------ C:\hl1400er\pcl\GERMAN\BROHL145.IN_ 2001-03-30 10:00 3739 --a------ C:\hl1400er\pcl\GERMAN\BROHL144.IN_ 2001-03-30 10:00 3739 --a------ C:\hl1400er\pcl\GERMAN\BROHL123.IN_ 2001-03-28 10:00 57340 --a------ C:\hl1400er\pcl\GERMAN\BROHL01A.HL_ 2001-03-22 09:03 66459 --a------ C:\hl1400er\pcl\GERMAN\BRSPL01A.DL_ 2000-12-18 10:02 29723 --a------ C:\hl1400er\pcl\GERMAN\BRSPL2KB.DL_ 2000-12-12 11:06 39368 --a------ C:\hl1400er\pcl\GERMAN\BRQIKMON.EX_ 1999-03-06 10:00 212 --a------ C:\hl1400er\pcl\GERMAN\BRWMARK.IN_ ---- Directory of C:\Program Files\syscmd ---- 2005-09-03 18:56 68608 --a------ C:\Program Files\syscmd\mscmp32.dll 2005-09-03 18:56 124 --a------ C:\Program Files\syscmd\uninstall.bat 2005-09-03 18:56 1112 --a------ C:\Program Files\syscmd\mscmp.inf ((((((((((((((((((((((((((((( snapshot@2008-05-06_14.01.19,29 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-06 11:49:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-07 07:11:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-03-24 17:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe + 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe + 2008-05-06 12:32:43 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe + 2008-05-07 07:13:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_650.dat + 2008-05-07 07:11:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_720.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:21 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-17 09:44 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-06-21 14:42 70952] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-18 15:34 98304] "HostManager"="C:\Program Files\Common Files\AOL\1198000098\ee\AOLSoftware.exe" [2006-09-26 02:52 50736] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 17:16 37376] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe] "RegistryMechanic"="" [] "Device Detector"="DevDetect.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] AOL 9.0 Tray-Symbol.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-12-18 15:33:27 156784] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\AOL 9.0\\waol.exe"= "C:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe"= "C:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe"= "C:\\Program Files\\Common Files\\aol\\1198000098\\ee\\aolsoftware.exe"= "C:\\DATEV\\PROGRAMM\\Install\\ExecDll\\ExecDllExe.exe"= "C:\\DATEV\\PROGRAMM\\Install\\Uninstal.exe"= "C:\\DATEV\\PROGRAMM\\B0000005\\CDBTool.exe"= "C:\\DATEV\\PROGRAMM\\SRVTOOL\\srvtool.exe"= C:\\DATEV\\PROGRAMM\\SRVTOOL\\srvtool "C:\\DATEV\\PROGRAMM\\DBMSTool\\dvpcdbcockpit.exe"= "C:\\DATEV\\PROGRAMM\\DDM\\DMT.exe"= "C:\\DATEV\\PROGRAMM\\DDM\\DMTUtil.exe"= "C:\\DATEV\\PROGRAMM\\DService\\LayDBAdm.exe"= "C:\\DATEV\\PROGRAMM\\NesyMand\\NesyMand.exe"= R2 DatevPrintService;DATEV Druckservice;C:\DATEV\SYSTEM\PSNTSERV.EXE [2003-11-06 18:00] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 02:05] R2 MSSQL$DATEV_CL_DE01;MSSQL$DATEV_CL_DE01;C:\Program Files\Microsoft SQL Server\MSSQL$DATEV_CL_DE01\Binn\sqlservr.exe [2003-12-05 18:10] R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29] R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-10-31 07:50] R3 AVMUNET;AVM FRITZ!Box;C:\WINDOWS\system32\DRIVERS\avmunet.sys [2004-11-24 03:00] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 02:05] S3 SQLAgent$DATEV_CL_DE01;SQLAgent$DATEV_CL_DE01;C:\Program Files\Microsoft SQL Server\MSSQL$DATEV_CL_DE01\Binn\sqlagent.EXE [2002-12-17 18:23] Newly Created Service - ATWPKT2 . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-07 09:39:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-07 9:40:07 ComboFix-quarantined-files.txt 2008-05-07 07:39:57 ComboFix2.txt 2008-05-06 12:01:43 ComboFix3.txt 2008-04-03 10:25:50 Pre-Run: 6,845,734,912 bytes free Post-Run: 6,855,098,368 bytes free 183

Profil

dr_Bora Poslao: 07 Maj 2008 16:23 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zipuj/raruj kompletan folder: C:\Program Files\syscmd i pošalji ga preko ovog linka: http://www.mycity.rs/ambulanta-upload.php Javi kada si odradio upload i reci mi kakvo je sada stanje.

Profil

smz Poslao: 08 Maj 2008 13:20 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Druze odradjeno sve, poslao sam ti u RARu kako si trazio sada mi se cini da je ok no AD-Aware2007 mi javi za neka 4 objekta koja ne izbrise no probacu ponovo pa u sledecoj poruci cu te obavestiti .

Profil

dr_Bora Poslao: 08 Maj 2008 16:50 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obriši i ovaj folder: C:\Program Files\syscmd

Profil

smz Poslao: 09 Maj 2008 12:22 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! obrisano...izgleda da je sve drugo u redu...mozem mi predloziti sta da instaliram jos osim ovoG AD-Aware 2007 da bi se bolje zastitio jer sam prinudjen da zbog kojekakvih shema i uputstava zavirim svukuda po netu ...naravno da to bude po mogucnosti besplatno...

Profil

dr_Bora Poslao: 09 Maj 2008 16:10 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » opet problemi...

Ko je trenutno na forumu

Ukupno su 1114 korisnika na forumu :: 42 registrovanih, 6 sakrivenih i 1066 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: amaterSRB, Boris90, cenejac111, cuculo, debeli, djboj, DPera, draganca, DragoslavS, esx66, HogarStrashni, Kibice, Kubovac, laki_bb, Litostroton, loon123, maiden6657, MB120mm, mercedesamg, Mercury, Millennium, Milos ZA, milutin134, mrav pesadinac, nuke92, operniki, Pikac-47, proka89, raketaš, Romibrat, studentbgd, Tragač, vathra, Vlad000, Vlada1389, Vladko, vladulns, vukovi, zlaya011, šumar bk2, 1107, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by