MyCity » Ambulanta -> Arhiva Ambulante » virus!!!Neophodna mi je pomoc!!!

virus!!!Neophodna mi je pomoc!!!

Napisano na dan: 1.2.2009

Strana:
1
2

virus!!!Neophodna mi je pomoc!!!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

pinklady Poslao: 01 Feb 2009 01:40 Idi na vrh
offline pinklady Novi MyCity građanin Pridružio: 01 Feb 2009 Poruke: 28	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:35:37 AM, on 2/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Intelinet] C:\Program Files\Intelinet\Intelinet.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c90749cda4b949aeb3bca2d323ea8c8f O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c90749cda4b949aeb3bca2d323ea8c8f O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe (file missing) O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) -- End of file - 5953 bytes

Profil

dr_Bora Poslao: 01 Feb 2009 08:36 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Koji virus? Naziv detekcije i file-ova koji su detektovani? Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings.... U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK. Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

pinklady Poslao: 01 Feb 2009 13:01 Idi na vrh
offline pinklady Novi MyCity građanin Pridružio: 01 Feb 2009 Poruke: 28	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-31.02 - Administrator 2009-02-01 12:53:12.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.135 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\Sa Interneta\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090131-0] On-access scanning disabled (Updated) * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 ))))))))))))))))))))))))))))))) . 2009-01-31 23:23 . 2009-01-31 23:23 <DIR> d-------- c:\program files\Alwil Software 2009-01-30 21:01 . 2009-01-30 21:01 <DIR> d-------- c:\program files\Google 2009-01-30 21:01 . 2009-01-31 23:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater 2009-01-27 21:47 . 2009-01-27 21:47 249,592 --a------ c:\windows\system32\cssdll32.dll 2009-01-27 15:45 . 2009-01-27 15:45 <DIR> d--h----- c:\windows\$hf_mig$ 2009-01-10 12:19 . 2009-01-30 23:43 <DIR> d-------- c:\program files\Common Files\System Internals 32bits 2009-01-09 18:49 . 2009-01-09 18:49 0 --a------ c:\windows\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-31 21:55 --------- d-----w c:\program files\mama 2009-01-31 21:46 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-01-30 23:25 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype 2009-01-30 23:05 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM 2009-01-30 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-01-30 21:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-30 20:49 --------- d-----w c:\program files\BitComet 2009-01-30 17:04 --------- d-----w c:\program files\XoftSpySE 2009-01-28 12:06 --------- d-----w c:\program files\SpywareBlaster 2008-12-24 13:53 --------- d-----w c:\program files\FLV Player 2008-12-24 13:33 --------- d-----w c:\program files\RegCleaner 2008-12-24 12:27 --------- d-----w c:\program files\CCleaner 2008-12-24 12:16 --------- d-----w c:\program files\XP AntiSpy 2008-12-24 12:03 --------- d-----w c:\program files\Trend Micro 2008-12-18 10:03 --------- d-----w c:\documents and settings\Administrator\Application Data\DNA 2008-12-18 10:02 --------- d-----w c:\program files\DNA 2008-12-06 20:58 --------- d-----w c:\program files\Common Files\Adobe 2008-12-05 15:43 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-12-05 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar 2008-12-05 14:16 --------- d-----w c:\program files\Winamp 2008-04-22 19:35 18,480 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= divxa32.acm "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 02:07 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\ApexDC++_Gusari_XY6\\ApexDC.exe"= "c:\\Program Files\\K-Lite Codec Pack\\3ivxConfig.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7315:TCP"= 7315:TCP:DC++TCP "2206:UDP"= 2206:UDP:DC++UDP "20645:TCP"= 20645:TCP:BitComet 20645 TCP "20645:UDP"= 20645:UDP:BitComet 20645 UDP R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-31 111184] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-31 20560] S1 is-H8IDHdrv;is-H8IDHdrv;c:\windows\system32\DRIVERS\37792908.sys --> c:\windows\system32\DRIVERS\37792908.sys [?] S3 IntelinetSecure;IntelinetSecure;c:\program files\Intelinet\intelin2.exe --> c:\program files\Intelinet\intelin2.exe [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e25f30a-df29-11dc-ab05-001a4d632f28}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bb5f4e9-accb-11dd-b583-001a4d632f28}] \Shell\AutoRun\command - gg.exe 0o \Shell\explore\Command - gg.exe 0e \Shell\open\Command - gg.exe 0o [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adc52ed4-cb7a-11dd-b64d-001a4d632f28}] \Shell\AutoRun\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe \Shell\open\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c459cb7a-f4f5-11dc-ab4a-c52b40cd5321}] \Shell\AutoRun\command - E:\Setup.exe . Contents of the 'Scheduled Tasks' folder 2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [] 2008-12-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39] 2009-02-01 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-30 21:01] 2008-12-24 c:\windows\Tasks\XoftSpySE 2.job - c:\program files\XoftSpySE\XoftSpy.exe [2009-01-14 15:42] 2008-12-24 c:\windows\Tasks\XoftSpySE.job - c:\program files\XoftSpySE\XoftSpy.exe [2009-01-14 15:42] . - - - - ORPHANS REMOVED - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKCU-Run-Intelinet - c:\program files\Intelinet\Intelinet.exe MSConfigStartUp-TuneUp - c:\program files\Common Files\System Internals 32bits\TuneUp.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.msn.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.msn.com uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c90749cda4b949aeb3bca2d323ea8c8f IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c90749cda4b949aeb3bca2d323ea8c8f FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eyyd22kf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - IMDB FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q= FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eyyd22kf.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-01 12:54:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(520) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-01 12:55:23 ComboFix-quarantined-files.txt 2009-02-01 11:55:21 Pre-Run: 69,989,957,632 bytes free Post-Run: 70,107,398,144 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 164 --- E O F --- 2008-12-12 11:11:28 avast je detektovao trojanac win 32u fajlu-program files-sistem internal 32bits

Profil

dr_Bora Poslao: 01 Feb 2009 13:17 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upload-uj file: c:\windows\system32\cssdll32.dll preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

Profil

pinklady Poslao: 01 Feb 2009 13:35 Idi na vrh
offline pinklady Novi MyCity građanin Pridružio: 01 Feb 2009 Poruke: 28	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo upload je zavrsen-uspesno Dopuna: 01 Feb 2009 13:34 i jos jedno pitanje-vec 2 puta me banuju sa haba zbog virusa ali avast mi to ne detektuje rekli su mi da je to 2.dcf32.avi.avi.exe-nariyh worm pa mozda i to moze pomoci-hvala unapred Dopuna: 01 Feb 2009 13:35 narith worm-malopre sam pogresno napisala

Profil

dr_Bora Poslao: 01 Feb 2009 14:09 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: Folder:: c:\program files\Common Files\System Internals 32bits c:\program files\Intelinet Driver:: is-H8IDHdrv IntelinetSecure Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e25f30a-df29-11dc-ab05-001a4d632f28}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bb5f4e9-accb-11dd-b583-001a4d632f28}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adc52ed4-cb7a-11dd-b64d-001a4d632f28}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

pinklady Poslao: 01 Feb 2009 15:08 Idi na vrh
offline pinklady Novi MyCity građanin Pridružio: 01 Feb 2009 Poruke: 28	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ima li nade za mene Dopuna: 01 Feb 2009 14:20 ja ne razumem koji notepad da otvorim Dopuna: 01 Feb 2009 14:40 ne mogu da snimim kao SFCript Dopuna: 01 Feb 2009 14:47 ComboFix 09-01-31.03 - Administrator 2009-02-01 14:40:13.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.111 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\Sa Interneta\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: avast! antivirus 4.8.1296 [VPS 090131-0] On-access scanning disabled (Updated) * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 ))))))))))))))))))))))))))))))) . 2009-01-31 23:23 . 2009-01-31 23:23 <DIR> d-------- c:\program files\Alwil Software 2009-01-30 21:01 . 2009-01-30 21:01 <DIR> d-------- c:\program files\Google 2009-01-30 21:01 . 2009-01-31 23:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater 2009-01-27 21:47 . 2009-01-27 21:47 249,592 --a------ c:\windows\system32\cssdll32.dll 2009-01-27 15:45 . 2009-01-27 15:45 <DIR> d--h----- c:\windows\$hf_mig$ 2009-01-10 12:19 . 2009-01-30 23:43 <DIR> d-------- c:\program files\Common Files\System Internals 32bits 2009-01-09 18:49 . 2009-01-09 18:49 0 --a------ c:\windows\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-31 21:55 --------- d-----w c:\program files\mama 2009-01-31 21:46 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-01-30 23:25 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype 2009-01-30 23:05 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM 2009-01-30 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-01-30 21:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-30 20:49 --------- d-----w c:\program files\BitComet 2009-01-30 17:04 --------- d-----w c:\program files\XoftSpySE 2009-01-28 12:06 --------- d-----w c:\program files\SpywareBlaster 2008-12-24 13:53 --------- d-----w c:\program files\FLV Player 2008-12-24 13:33 --------- d-----w c:\program files\RegCleaner 2008-12-24 12:27 --------- d-----w c:\program files\CCleaner 2008-12-24 12:16 --------- d-----w c:\program files\XP AntiSpy 2008-12-24 12:03 --------- d-----w c:\program files\Trend Micro 2008-12-18 10:03 --------- d-----w c:\documents and settings\Administrator\Application Data\DNA 2008-12-18 10:02 --------- d-----w c:\program files\DNA 2008-12-06 20:58 --------- d-----w c:\program files\Common Files\Adobe 2008-12-05 15:43 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-12-05 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar 2008-12-05 14:16 --------- d-----w c:\program files\Winamp 2008-04-22 19:35 18,480 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= divxa32.acm "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 02:07 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\ApexDC++_Gusari_XY6\\ApexDC.exe"= "c:\\Program Files\\K-Lite Codec Pack\\3ivxConfig.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7315:TCP"= 7315:TCP:DC++TCP "2206:UDP"= 2206:UDP:DC++UDP "20645:TCP"= 20645:TCP:BitComet 20645 TCP "20645:UDP"= 20645:UDP:BitComet 20645 UDP R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-31 111184] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-31 20560] S1 is-H8IDHdrv;is-H8IDHdrv;c:\windows\system32\DRIVERS\37792908.sys --> c:\windows\system32\DRIVERS\37792908.sys [?] S3 IntelinetSecure;IntelinetSecure;c:\program files\Intelinet\intelin2.exe --> c:\program files\Intelinet\intelin2.exe [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e25f30a-df29-11dc-ab05-001a4d632f28}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bb5f4e9-accb-11dd-b583-001a4d632f28}] \Shell\AutoRun\command - gg.exe 0o \Shell\explore\Command - gg.exe 0e \Shell\open\Command - gg.exe 0o [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adc52ed4-cb7a-11dd-b64d-001a4d632f28}] \Shell\AutoRun\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe \Shell\open\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c459cb7a-f4f5-11dc-ab4a-c52b40cd5321}] \Shell\AutoRun\command - E:\Setup.exe . Contents of the 'Scheduled Tasks' folder 2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [] 2008-12-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39] 2009-02-01 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-30 21:01] 2008-12-24 c:\windows\Tasks\XoftSpySE 2.job - c:\program files\XoftSpySE\XoftSpy.exe [2009-01-14 15:42] 2008-12-24 c:\windows\Tasks\XoftSpySE.job - c:\program files\XoftSpySE\XoftSpy.exe [2009-01-14 15:42] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.msn.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.msn.com uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c90749cda4b949aeb3bca2d323ea8c8f IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c90749cda4b949aeb3bca2d323ea8c8f FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eyyd22kf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - IMDB FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q= FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eyyd22kf.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-01 14:41:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(520) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-01 14:42:20 ComboFix-quarantined-files.txt 2009-02-01 13:42:18 ComboFix2.txt 2009-02-01 11:55:24 Pre-Run: 70,138,867,712 bytes free Post-Run: 70,125,498,368 bytes free 155 --- E O F --- 2008-12-12 11:11:28 uspela sam Dopuna: 01 Feb 2009 15:08 malo je potrajalo ali sta da se radi-mozak stao

Profil

dr_Bora Poslao: 01 Feb 2009 15:19 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Idemo još jednom, pošto ovo nije bilo dobro. Klikneš Start, Run i ukucaš: notepad Klikneš OK. Time će se otvoriti Notepad. Zatim u Notepad iskopiraš sve što se nalazi unutar Kod polja (sve ono što je zeleno). Onda u Notepad-u klikneš File, Save; kada se otvori dijalog za snimanje file-a, pod File name upišeš: CFScript File snimiš u isti folder u kome je i ComboFix. Zatim prevučeš CFScript na ComboFix i ispratiš postupak do kraja...

Profil

pinklady Poslao: 01 Feb 2009 16:17 Idi na vrh
offline pinklady Novi MyCity građanin Pridružio: 01 Feb 2009 Poruke: 28	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-31.03 - Administrator 2009-02-01 15:25:25.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.142 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\Sa Interneta\ComboFix.exe Command switches used :: C:\CFScript.txt AV: avast! antivirus 4.8.1296 [VPS 090131-0] On-access scanning disabled (Updated) * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 ))))))))))))))))))))))))))))))) . 2009-01-31 23:23 . 2009-01-31 23:23 <DIR> d-------- c:\program files\Alwil Software 2009-01-30 21:01 . 2009-01-30 21:01 <DIR> d-------- c:\program files\Google 2009-01-30 21:01 . 2009-01-31 23:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater 2009-01-27 21:47 . 2009-01-27 21:47 249,592 --a------ c:\windows\system32\cssdll32.dll 2009-01-27 15:45 . 2009-01-27 15:45 <DIR> d--h----- c:\windows\$hf_mig$ 2009-01-10 12:19 . 2009-01-30 23:43 <DIR> d-------- c:\program files\Common Files\System Internals 32bits 2009-01-09 18:49 . 2009-01-09 18:49 0 --a------ c:\windows\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-31 21:55 --------- d-----w c:\program files\mama 2009-01-31 21:46 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-01-30 23:25 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype 2009-01-30 23:05 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM 2009-01-30 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-01-30 21:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-30 20:49 --------- d-----w c:\program files\BitComet 2009-01-30 17:04 --------- d-----w c:\program files\XoftSpySE 2009-01-28 12:06 --------- d-----w c:\program files\SpywareBlaster 2008-12-24 13:53 --------- d-----w c:\program files\FLV Player 2008-12-24 13:33 --------- d-----w c:\program files\RegCleaner 2008-12-24 12:27 --------- d-----w c:\program files\CCleaner 2008-12-24 12:16 --------- d-----w c:\program files\XP AntiSpy 2008-12-24 12:03 --------- d-----w c:\program files\Trend Micro 2008-12-18 10:03 --------- d-----w c:\documents and settings\Administrator\Application Data\DNA 2008-12-18 10:02 --------- d-----w c:\program files\DNA 2008-12-06 20:58 --------- d-----w c:\program files\Common Files\Adobe 2008-12-05 15:43 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-12-05 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar 2008-12-05 14:16 --------- d-----w c:\program files\Winamp 2008-04-22 19:35 18,480 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= divxa32.acm "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 02:07 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\ApexDC++_Gusari_XY6\\ApexDC.exe"= "c:\\Program Files\\K-Lite Codec Pack\\3ivxConfig.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7315:TCP"= 7315:TCP:DC++TCP "2206:UDP"= 2206:UDP:DC++UDP "20645:TCP"= 20645:TCP:BitComet 20645 TCP "20645:UDP"= 20645:UDP:BitComet 20645 UDP R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-31 111184] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-31 20560] S1 is-H8IDHdrv;is-H8IDHdrv;c:\windows\system32\DRIVERS\37792908.sys --> c:\windows\system32\DRIVERS\37792908.sys [?] S3 IntelinetSecure;IntelinetSecure;c:\program files\Intelinet\intelin2.exe --> c:\program files\Intelinet\intelin2.exe [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e25f30a-df29-11dc-ab05-001a4d632f28}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bb5f4e9-accb-11dd-b583-001a4d632f28}] \Shell\AutoRun\command - gg.exe 0o \Shell\explore\Command - gg.exe 0e \Shell\open\Command - gg.exe 0o [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adc52ed4-cb7a-11dd-b64d-001a4d632f28}] \Shell\AutoRun\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe \Shell\open\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c459cb7a-f4f5-11dc-ab4a-c52b40cd5321}] \Shell\AutoRun\command - E:\Setup.exe . Contents of the 'Scheduled Tasks' folder 2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [] 2008-12-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39] 2009-02-01 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-30 21:01] 2008-12-24 c:\windows\Tasks\XoftSpySE 2.job - c:\program files\XoftSpySE\XoftSpy.exe [2009-01-14 15:42] 2008-12-24 c:\windows\Tasks\XoftSpySE.job - c:\program files\XoftSpySE\XoftSpy.exe [2009-01-14 15:42] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.msn.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.msn.com uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c90749cda4b949aeb3bca2d323ea8c8f IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c90749cda4b949aeb3bca2d323ea8c8f FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eyyd22kf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - IMDB FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q= FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eyyd22kf.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-01 15:26:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(520) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-01 15:27:35 ComboFix-quarantined-files.txt 2009-02-01 14:27:33 ComboFix2.txt 2009-02-01 13:42:21 ComboFix3.txt 2009-02-01 11:55:24 Pre-Run: 70,115,373,056 bytes free Post-Run: 70,100,238,336 bytes free 156 --- E O F --- 2008-12-12 11:11:28 valja li sad Dopuna: 01 Feb 2009 15:55 jesi li tu Dopuna: 01 Feb 2009 16:08 molim te obraduj me i reci da je ok Dopuna: 01 Feb 2009 16:17 mozda sam malo dosadna ,izvini ali bas bi mi znacilo da resim ovaj problem

Profil

dr_Bora Poslao: 01 Feb 2009 16:32 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pa i nije ok. Negde postoji greška. Nisam siguran u čemu, no... Odradimo ovo na drugi način. Obriši sledeće foldere: c:\program files\Common Files\System Internals 32bits c:\program files\Intelinet Skini i pokreni ovaj file: https://www.mycity.rs/must-login.png Nakon toga restartuj kompjuter i dvoklikom pokreni ComboFix - postavi ovde log koji dobiješ.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » virus!!!Neophodna mi je pomoc!!!

Ko je trenutno na forumu

Ukupno su 793 korisnika na forumu :: 41 registrovanih, 8 sakrivenih i 744 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, Bubimir, ccoogg123, Denaya, djboj, flash12, FOX, Griffon vulture, ikan, ivica976, Karla, Koridor, ksyyaj, ladro, laurusri, Lucije Kvint, mikki jons, milenko crazy north, milos97, mkukoleca, nemkea71, nenad81, nikoladim, operniki, opt1, Oscar, pedjolino76, pein, raptorsi, S1Mk3, Sass Drake, savaskytec, Shinobi, Sirius, Srle993, Stoilkovic, suton, theNedjeljko, trajkoni018, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by