Možda tražite i:
s vremena na vreme
bilo je samo pitanje vremena . . .
S vremena na vreme
S vremena na vreme

MyCity » Ambulanta -> Arhiva Ambulante » par pitanja ako neko ima vremena

par pitanja ako neko ima vremena

Napisano na dan: 19.12.2008

Strana:
1
2
3

par pitanja ako neko ima vremena

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

Registar Poslao: 19 Dec 2008 23:44 Idi na vrh
offline Registar Novi MyCity građanin Pridružio: 19 Dec 2008 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imam relativno ograniceno znanje vezano za kompjutere, pa ako neko ima malo strpljenja, znacilo bi mi malo pomoci. Dakle, pre par dana avast mi je detektovao neke trojance, dao sam instrukciju da se brisu, od tada sam vise puta pokretao pun scan, ali informacija je da virusa vise nema. Medjutim, nekako u isto vreme USB flash-ovi su poceli cudno da se ponasaju. Zabranjuju ulaz ili se ponekad sami otvore, nekad opet pitaju da li zelim da pokrenem programom koji je na njima... Udjem na Explore, zatim obrisem sve, formatiram... Posle toga naizgled su prazni, medjutim cak i kada uradim format u Properties se prikazuje da imaju nekih 4kB, ali ne prikazuje nikakav fajl ili folder. Ima li neko ideju da li je ovo sve povezano i sta mi je ciniti. U nastavku je HT info. Pozdrav Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:38:22, on 19/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\D\Desktop\New Folder (2)\sd5.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\Hewlett-Packard\Smart Web Printing\SmartWebPrinting.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 3957 bytes

Profil

helen1 Poslao: 20 Dec 2008 09:46 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8628 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, samo polako, sve cemo resiti. Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ----------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati. Odgovor od mene ocekuj u ponedeljak.

Profil

Registar Poslao: 20 Dec 2008 10:44 Idi na vrh
offline Registar Novi MyCity građanin Pridružio: 19 Dec 2008 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo i report-a. Hvala ComboFix 08-12-18.03 - D 2008-12-20 10:34:33.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.41 [GMT 1:00] Running from: c:\documents and settings\D\Desktop\New Folder (3)\ComboFix.exe Command switches used :: c:\documents and settings\D\Desktop\New Folder (3)\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - svchost.exe: deleted 88 bytes in 2 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\video activex object c:\windows\system32\6COfLD6O.exe.a_a . ((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 ))))))))))))))))))))))))))))))) . 2008-12-19 22:58 . 2008-12-19 22:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP 2008-12-19 22:23 . 2008-12-19 22:44 <DIR> d-------- c:\program files\USB Disk Security 2008-12-19 22:10 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys 2008-12-19 22:10 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-12-19 22:08 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-12-19 22:08 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-12-19 22:08 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-12-19 22:08 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-12-19 22:07 . 2008-12-19 22:50 <DIR> d--h----- c:\windows\$hf_mig$ 2008-12-19 22:04 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui 2008-12-19 22:04 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui 2008-12-19 22:04 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2008-12-19 22:04 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui 2008-12-19 22:00 . 2008-12-19 22:00 <DIR> d-------- c:\program files\Trend Micro 2008-12-11 21:05 . 2008-12-11 21:05 1,606,064 --a------ c:\program files\googletalk-setup.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-20 09:38 22,716,448 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-12-20 07:26 268,604 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-12-19 18:51 --------- d-----w c:\program files\Opera 2008-12-11 20:05 --------- d-----w c:\program files\Google 2008-11-14 19:12 --------- d-----w c:\program files\Ahead 2008-11-14 12:01 --------- d-----w c:\documents and settings\D\Application Data\Image Zone Express 2008-11-09 19:34 10,667,655 ----a-w c:\windows\Internet Logs\tvDebug.zip 2008-10-25 15:45 1,851,544 ----a-w c:\program files\install_flash_player.exe 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll 2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll 2006-12-03 13:36 1,917,607 ----a-w c:\program files\PictureAce.exe 2006-12-03 13:23 5,900,416 ----a-w c:\program files\Firefox Setup 2.0.exe 2006-12-03 13:23 1,440,683 ----a-w c:\program files\removeit_pro.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-01 111184] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-01 20560] S3 efipsk;efipsk;\??\c:\docume~1\D\LOCALS~1\Temp\efipsk.sys [] S3 Srenurver;Srenurver; [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fa77657-c2f4-11dd-809a-000ea634fb91}] \Shell\Auto\command - Cn911.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-12-19 c:\windows\Tasks\At1.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-11 c:\windows\Tasks\At10.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-20 c:\windows\Tasks\At11.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-15 c:\windows\Tasks\At12.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At13.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At14.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At15.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At16.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At17.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At18.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-15 c:\windows\Tasks\At19.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-20 c:\windows\Tasks\At2.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At20.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At21.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At22.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At23.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At24.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-20 c:\windows\Tasks\At3.job - c:\windows\system32\6COfLD6O.exe [] 2008-07-17 c:\windows\Tasks\At4.job - c:\windows\system32\6COfLD6O.exe [] 2008-07-17 c:\windows\Tasks\At5.job - c:\windows\system32\6COfLD6O.exe [] 2008-07-17 c:\windows\Tasks\At6.job - c:\windows\system32\6COfLD6O.exe [] 2008-07-17 c:\windows\Tasks\At7.job - c:\windows\system32\6COfLD6O.exe [] 2008-08-27 c:\windows\Tasks\At8.job - c:\windows\system32\6COfLD6O.exe [] 2008-10-18 c:\windows\Tasks\At9.job - c:\windows\system32\6COfLD6O.exe [] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll FF - ProfilePath - c:\documents and settings\D\Application Data\Mozilla\Firefox\Profiles\nm6vty6k.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll FF - plugin: c:\program files\Opera\Program\Plugins\np32dsw.dll FF - plugin: c:\program files\Opera\Program\Plugins\npdrmv2.dll FF - plugin: c:\program files\Opera\Program\Plugins\nppdf32.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-12-20 10:38:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(508-) c:\windows\system32\Ati2evxx.dll . Completion time: 2008-12-20 10:40:20 ComboFix-quarantined-files.txt 2008-12-20 09:40:16 Pre-Run: 1,946,136,576 bytes free Post-Run: 2,223,505,408 bytes free 183 --- E O F --- 2008-12-19 21:50:46

Profil

helen1 Poslao: 22 Dec 2008 09:44 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8628 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini na cekanju, ponovo iskljuci antivirus i uradi sledece: Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe c:\windows\system32\6COfLD6O.exe Driver:: Srenurver Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Registar Poslao: 22 Dec 2008 21:27 Idi na vrh
offline Registar Novi MyCity građanin Pridružio: 19 Dec 2008 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pretpostavljam da nesto nisam uradio kako treba. Dva puta sam pokusavao. Oba puta sam formirao notepad dokument sa ovim nazivom i ubacio podatke iz oivicenog dela poruke, iskljucio antivirus, a zatim prevlacio dokument u Combofix. Prvi put je dobro krenulo, nestali su svi shortcut-ovi sa Desktop-a kao i kada sam to prethodno u petak radio, obrisani fajlovi koje si napisao, odradjeno sve ono sto je trebalo i pojavio se prozor Rebooting Windows - Please wait.... Medjutim ovaj prozor je ostao jos oko dva sata (u petak je trebalo samo par minuta) i apsolutno se nista nije desavalo, pa sam zatim iskljucio i restartovao kompjuter. Pokusao sam sve to i drugi put se desilo isto, samo bez onog brisanja fajlova, pa sam pretpostavio da je mozda bolje da ne pokusavam vise nego da proverim sta dalje. Uzgred, ne znam koliko je vazno, ali samo da napomenem sta se sve desava dok radi Combofix, nije bas da od pocetka do kraja radi samostalno. Prvo se trazi da prihvatim Uslove sto sam potvrdjivao, zatim se konstatuje da nemam neku platformu za Windows restore i nudi da to formiram na sta sam kliktao No. Takodje, nisam ni u jednom trenutku iskljucivao internet, pretpostavljam da nije ni potrebno. Pozdrav

Profil

helen1 Poslao: 23 Dec 2008 08:03 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8628 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK. Trebalo bi da je obavio posao iako se zaglupeo. Mozes li da pronadjes log? Trebalo bi da je u C:\Qoobox\ folderu, pod imenom: Combofix.txt , Combofix2.txt itd.

Profil

Registar Poslao: 23 Dec 2008 21:44 Idi na vrh
offline Registar Novi MyCity građanin Pridružio: 19 Dec 2008 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nazalost ne ide. U ovom folderu nalazi se samo log koji sam postavio par poruka ranije i to pod nazivom ComboFix2. U folderu C:Combofix sam nasao log koji se odnosi na novo skeniranje pod nazivom Combofix, ali on sadrzi samo sledece: ComboFix 08-12-18.03 - D 2008-12-23 19:34:59.6 - NTFSx86 Running from: C:\Documents and Settings\D\Desktop\New Folder (3)\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . Ovo je inace vreme kada sam zapoceo poslednje skeniranje. Danas sam pokusao jos dva puta da pokrenem ComboFix i oba puta je odradio sve, ali zastao kod Rebooting Windows.... Please wait. Drugi put sam pustio vise od sat vremena. Cak ni ne zaglupi, kada zatvorim prozor sve normalno funkcionise, jedino ne moze da se izradi log. Doduse, vidim da se ovaj program nesto igra sa vremenom pa evo i sadrzaja ComboFix2 ako je meni nesto promaklo. Ucinilo mi se da je isti kao i ovaj gore. Pozdrav ComboFix 08-12-18.03 - D 2008-12-20 10:34:33.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.41 [GMT 1:00] Running from: c:\documents and settings\D\Desktop\New Folder (3)\ComboFix.exe Command switches used :: c:\documents and settings\D\Desktop\New Folder (3)\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - svchost.exe: deleted 88 bytes in 2 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\video activex object c:\windows\system32\6COfLD6O.exe.a_a . ((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 ))))))))))))))))))))))))))))))) . 2008-12-19 22:58 . 2008-12-19 22:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP 2008-12-19 22:23 . 2008-12-19 22:44 <DIR> d-------- c:\program files\USB Disk Security 2008-12-19 22:10 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys 2008-12-19 22:10 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-12-19 22:08 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-12-19 22:08 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-12-19 22:08 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-12-19 22:08 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-12-19 22:07 . 2008-12-19 22:50 <DIR> d--h----- c:\windows\$hf_mig$ 2008-12-19 22:04 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui 2008-12-19 22:04 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui 2008-12-19 22:04 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2008-12-19 22:04 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui 2008-12-19 22:00 . 2008-12-19 22:00 <DIR> d-------- c:\program files\Trend Micro 2008-12-11 21:05 . 2008-12-11 21:05 1,606,064 --a------ c:\program files\googletalk-setup.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-20 09:38 22,716,448 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-12-20 07:26 268,604 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-12-19 18:51 --------- d-----w c:\program files\Opera 2008-12-11 20:05 --------- d-----w c:\program files\Google 2008-11-14 19:12 --------- d-----w c:\program files\Ahead 2008-11-14 12:01 --------- d-----w c:\documents and settings\D\Application Data\Image Zone Express 2008-11-09 19:34 10,667,655 ----a-w c:\windows\Internet Logs\tvDebug.zip 2008-10-25 15:45 1,851,544 ----a-w c:\program files\install_flash_player.exe 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll 2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll 2006-12-03 13:36 1,917,607 ----a-w c:\program files\PictureAce.exe 2006-12-03 13:23 5,900,416 ----a-w c:\program files\Firefox Setup 2.0.exe 2006-12-03 13:23 1,440,683 ----a-w c:\program files\removeit_pro.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-01 111184] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-01 20560] S3 efipsk;efipsk;\??\c:\docume~1\D\LOCALS~1\Temp\efipsk.sys [] S3 Srenurver;Srenurver; [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fa77657-c2f4-11dd-809a-000ea634fb91}] \Shell\Auto\command - Cn911.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-12-19 c:\windows\Tasks\At1.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-11 c:\windows\Tasks\At10.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-20 c:\windows\Tasks\At11.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-15 c:\windows\Tasks\At12.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At13.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At14.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At15.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At16.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At17.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At18.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-15 c:\windows\Tasks\At19.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-20 c:\windows\Tasks\At2.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At20.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At21.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At22.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At23.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-19 c:\windows\Tasks\At24.job - c:\windows\system32\6COfLD6O.exe [] 2008-12-20 c:\windows\Tasks\At3.job - c:\windows\system32\6COfLD6O.exe [] 2008-07-17 c:\windows\Tasks\At4.job - c:\windows\system32\6COfLD6O.exe [] 2008-07-17 c:\windows\Tasks\At5.job - c:\windows\system32\6COfLD6O.exe [] 2008-07-17 c:\windows\Tasks\At6.job - c:\windows\system32\6COfLD6O.exe [] 2008-07-17 c:\windows\Tasks\At7.job - c:\windows\system32\6COfLD6O.exe [] 2008-08-27 c:\windows\Tasks\At8.job - c:\windows\system32\6COfLD6O.exe [] 2008-10-18 c:\windows\Tasks\At9.job - c:\windows\system32\6COfLD6O.exe [] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll FF - ProfilePath - c:\documents and settings\D\Application Data\Mozilla\Firefox\Profiles\nm6vty6k.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll FF - plugin: c:\program files\Opera\Program\Plugins\np32dsw.dll FF - plugin: c:\program files\Opera\Program\Plugins\npdrmv2.dll FF - plugin: c:\program files\Opera\Program\Plugins\nppdf32.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-12-20 10:38:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(508-) c:\windows\system32\Ati2evxx.dll . Completion time: 2008-12-20 10:40:20 ComboFix-quarantined-files.txt 2008-12-20 09:40:16 Pre-Run: 1,946,136,576 bytes free Post-Run: 2,223,505,408 bytes free 183 --- E O F --- 2008-12-19 21:50:46

Profil

helen1 Poslao: 24 Dec 2008 07:54 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8628 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uhh, sto bi rekao Dragojlo:"Zajebalo veka". Ajde probaj samo da skeniras, ako vec nisi, bez dodavanja skripte. Znaci iskljuci AV pa skeniraj. To bi trebalo da nam da vise info o problemu.

Profil

Registar Poslao: 24 Dec 2008 10:23 Idi na vrh
offline Registar Novi MyCity građanin Pridružio: 19 Dec 2008 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Juče sam to uradio. Oba puta sam pokušao da skeniram bez dodavanja skripte, ali je rezultat bio isti kao i prekjuče kod dodavanja skripte - dođe do Rebooting Windows ... Please wait i to je to. Dalje neće. Oba puta sam isključivao AV, prvi put sam bio na internetu, drugi put sam i internet isključio. Oba puta sam prvo restartovao računar da nema neke druge aktivnosti... Jedino što mi pad na pamet je možda da obrišem ComboFix, pa da ga ponovo instaliram i pokušam da pustim? Imaš li možda neku drugu ideju? Pozdrav

Profil

helen1 Poslao: 24 Dec 2008 11:00 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8628 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upravo to cemo uraditi. Znaci, iskljuci Avast, skini ComboFix sa nekog od gornjih linkova, skeniraj. Postavi mi log. Ukoliko uspe skeniranje znacemo da je sam Avast ubio ComboFix kada si ga ukljucio prosli put posle skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » par pitanja ako neko ima vremena

Ko je trenutno na forumu

Ukupno su 1527 korisnika na forumu :: 70 registrovanih, 9 sakrivenih i 1448 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 5253 - dana 09 Dec 2025 16:26

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., AF-1, Agape, Aleksandar Tomić, Aquarius73, Atomski čoban, bakovaca, Bobrock1, Boxy, Bubimir, Buzdovan, Car89, dankisha, dunavzed, dushan, Electron, ElvisP, Ercomero, Fabius, FOX, Foxdie, goxin, GT, ikan, istina, jodzula, Jose, Kajzer Soze, Kamov, Klonfer83, Kubovac, ljuba.b, Marko1238, markolopin, maxim_von_burdengate, menges, Mickey91, misa2, mkukoleca, moldway, morava_01, Mrav Obrad, Natuzzi, Ne doznajem se u oružje, nerislav2025, Nmr, orah, paja69, pceklic, pein, Petar25, pristinski korpus, S-lash, Semberija, tajvankanasta, tritonus, TRZH92, uljmanac, Vaske8990, Veless, vlad4, vojnik švejk, Volkhov-M, vukan0799, Walkers, Wehicle, ZetaMan, zile.obr, zubri

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by