Možda tražite i:
virus,virusi ili....
mbam i sas nasli viruse dali su to stvarno virusi?
Problem sa pretraživačima - virusi

MyCity » Ambulanta -> Arhiva Ambulante » virusi :(

virusi :(

Napisano na dan: 28.3.2009

virusi :(

Sledeća strana

Pagination

Odgovori

daisyca Poslao: 28 Mar 2009 19:49 Idi na vrh
offline daisyca Novi MyCity građanin Pridružio: 05 Feb 2009 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! AV mi nalazi viruse, stalno iste, ali ih ne brise! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:27:53, on 28.3.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Admin\Desktop\New Folder\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites O1 - Hosts: 82.98.235.133 browser-security.microsoft.com O1 - Hosts: 82.98.235.133 securityresponse.symantec.com O1 - Hosts: 82.98.235.133 speed-runner.com O1 - Hosts: 82.98.235.133 url.adtrgt.com O1 - Hosts: 82.98.235.133 us.mcafee.com O1 - Hosts: 82.98.235.133 kaspersky.com O1 - Hosts: 82.98.235.133 my-etrust.com O1 - Hosts: 82.98.235.133 symantec.com O1 - Hosts: 82.98.235.133 winmx.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: {6a12f791-8b8e-b6ea-35b4-b84565511cf1} - {1fc11556-548b-4b53-ae6b-e8b8197f21a6} - C:\WINDOWS\system32\nxouzq.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {4F17F47D-3654-43CE-AD3E-6DA391302A0C} - C:\WINDOWS\system32\urqQkIcY.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\tuvTlkJd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {77E3A287-6CF0-4D1D-80F5-65DDDC08A989} - C:\WINDOWS\system32\vtUlMfeB.dll (file missing) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [000000af] rundll32.exe "C:\WINDOWS\system32\ornfclic.dll",b O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [80076990] rundll32.exe "C:\WINDOWS\system32\hlnrcvac.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-3631314825-6003125954-292844613-4047\service.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: nxouzq.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: tuvTlkJd - C:\WINDOWS\SYSTEM32\tuvTlkJd.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- End of file - 7026 bytes

Profil

diarno Poslao: 28 Mar 2009 19:55 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvori AVG 8 Control Center (desni klik na AVG ikonicu ( ) u donjem, desnom uglu ekrana, stavka Open AVG User Interface). * Kada se pokrene AVG Control Center, dvoklikni na Resident Shield komponentu. * U prozoru koji se otvori, deštikliraj opciju Resident Shield active i klikni Save changes. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

daisyca Poslao: 28 Mar 2009 20:14 Idi na vrh
offline daisyca Novi MyCity građanin Pridružio: 05 Feb 2009 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-27.02 - Admin 2009-03-28 20:01:38.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.564 [GMT 1:00] Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) AV: ESET NOD32 Antivirus 4.0 On-access scanning enabled (Outdated) FW: ESET Personal firewall enabled . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\afrwogjp.dll c:\windows\system32\BefMlUtv.ini c:\windows\system32\BefMlUtv.ini2 c:\windows\system32\bnahwxta.ini c:\windows\system32\bxehasvk.ini c:\windows\system32\cavcrnlh.ini c:\windows\system32\cilcfnro.ini c:\windows\system32\drivers\seneka.sys c:\windows\system32\drivers\senekawossfthx.sys c:\windows\system32\dvtdupwx.ini c:\windows\system32\fjsfvg.dll c:\windows\system32\fqbgkmqp.dll c:\windows\system32\gaopdxcounter c:\windows\system32\gniijuqx.ini c:\windows\system32\gsokaeof.dll c:\windows\system32\hyndrqbb.ini c:\windows\system32\iaawmc.dll c:\windows\system32\imenknkc.ini c:\windows\system32\jbblpxkh.ini c:\windows\system32\kdryaogp.dll c:\windows\system32\lhccengr.dll c:\windows\system32\mqduruie.ini c:\windows\system32\nflxilxh.ini c:\windows\system32\nxouzq.dll c:\windows\system32\qqvnhp.dll c:\windows\system32\rrvuto.dll c:\windows\system32\rwilsamw.dll c:\windows\system32\senekafdkfrgln.dll c:\windows\system32\senekaivfmxewk.dll c:\windows\system32\senekarridmwbw.dll c:\windows\system32\senekautfmvuii.dat c:\windows\system32\senekawevpixly.dat c:\windows\system32\tggldwdy.dll c:\windows\system32\trthsukh.dll c:\windows\system32\tuvTlkJd.dll c:\windows\system32\urqQkIcY.dll c:\windows\system32\uxfbmdhm.ini c:\windows\system32\uzizzi.dll c:\windows\system32\vrbuibmw.ini c:\windows\system32\vwkjebmh.ini c:\windows\system32\xgagytvo.ini c:\windows\system32\xydatz.dll c:\windows\system32\YcIkQqru.ini c:\windows\system32\YcIkQqru.ini2 c:\windows\system32\yjzdfy.dll c:\windows\system32\ymceymjx.dll c:\windows\system32\ytwzud.dll ----- BITS: Possible infected sites ----- hxxp://bondsoul.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SENEKA -------\Service_PCIDump ((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 ))))))))))))))))))))))))))))))) . 2009-03-26 18:08 . 2009-03-26 18:08 61,440 --a------ c:\windows\system32\voofucaq.exe 2009-03-22 21:55 . 2009-03-22 21:56 <DIR> d-------- c:\program files\BearShare 2009-03-20 19:52 . 2009-03-20 19:52 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-03-18 19:00 . 2009-03-28 19:02 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-03-18 17:44 . 2009-03-28 12:28 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-03-18 17:44 . 2009-03-18 17:44 <DIR> d-------- c:\program files\AVG 2009-03-18 17:44 . 2009-03-28 20:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-18 17:44 . 2009-03-18 17:44 <DIR> d-------- c:\documents and settings\Admin\Application Data\AVGTOOLBAR 2009-03-18 17:44 . 2009-03-18 17:44 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-18 17:44 . 2009-03-18 17:44 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-18 17:44 . 2009-03-18 17:44 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-15 15:02 . 2009-03-15 15:02 116,736 --a------ C:\sbndleh.exe 2009-03-15 15:02 . 2009-03-15 15:02 81,920 --a------ C:\rnjbnms.exe 2009-03-15 15:02 . 2009-03-15 15:02 80,896 --a------ C:\uslns.exe 2009-03-15 15:02 . 2009-03-15 15:02 0 --a------ C:\ibvrae.exe 2009-03-15 15:02 . 2009-03-15 15:02 0 --a------ C:\bfah.exe 2009-03-15 15:01 . 2009-03-15 15:02 116,736 --a------ C:\owdyulrx.exe 2009-03-15 15:01 . 2009-03-15 15:02 2 --a------ C:\-2146997953 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-28 18:26 --------- d-----w c:\documents and settings\Admin\Application Data\FrostWire 2009-03-28 17:59 --------- d-----w c:\documents and settings\Admin\Application Data\uTorrent 2009-03-20 18:53 --------- d-----w c:\program files\Lavasoft 2009-03-20 18:51 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-18 15:44 --------- d-----w c:\program files\Eset 2009-03-18 15:44 --------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-02-22 16:48 --------- d-----w c:\documents and settings\Admin\Application Data\Nokia 2009-02-22 11:23 --------- d-----w c:\documents and settings\Admin\Application Data\Datalayer 2009-02-22 11:16 --------- d-----w c:\program files\Nokia 2009-02-22 11:14 --------- d-----w c:\program files\DIFX 2009-02-22 11:14 --------- d-----w c:\program files\Common Files\PCSuite 2009-02-22 11:14 --------- d-----w c:\program files\Common Files\Nokia 2009-02-22 11:14 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite 2009-02-22 11:13 --------- d-----w c:\documents and settings\Admin\Application Data\PC Suite 2009-02-22 10:58 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations 2009-02-21 19:37 --------- d-----w c:\documents and settings\Admin\Application Data\Any Video Converter 2009-02-21 11:19 --------- d-----w c:\program files\SuperAVConverter 2009-02-21 09:33 --------- d-----w c:\program files\Google 2009-02-21 09:25 348,160 ----a-w c:\windows\system32\msvcr71.dll 2009-02-21 09:25 --------- d-----w c:\program files\Real 2009-02-21 09:25 --------- d-----w c:\program files\Common Files\xing shared 2009-02-21 09:25 --------- d-----w c:\program files\Common Files\Real 2009-02-13 11:32 --------- d-----w c:\program files\Common Files\Adobe 2009-02-13 11:29 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems 2009-02-13 11:28 --------- d-----w c:\program files\Common Files\Adobe Systems Shared 2009-02-13 10:56 --------- d-----w c:\program files\uTorrent 2009-02-04 10:51 54,784 ----a-w c:\windows\system32\drivers\CDAC11BA.EXE 2009-02-04 10:51 12,464 ----a-w c:\windows\system32\drivers\CdaC15BA.SYS 2009-02-04 10:51 --------- d-----w c:\program files\Common Files\Macrovision Shared 2009-02-04 10:51 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision 2009-02-04 10:51 --------- d-----w c:\documents and settings\Admin\Application Data\Ldoce 2009-02-04 10:46 --------- d-----w c:\program files\Longman 2009-02-04 09:30 --------- d-----w c:\program files\URUSoft 2009-02-04 08:52 --------- d-----w c:\program files\FrostWire 2009-02-03 16:52 --------- d-----w c:\program files\PDFCreator 2009-02-02 19:52 --------- d-----w c:\documents and settings\Admin\Application Data\Wildfire 2009-02-01 20:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-28 16:16 --------- d-----w c:\documents and settings\Admin\Application Data\Move Networks 2009-01-28 15:48 --------- d-----w c:\documents and settings\All Users\Application Data\BlazeVideo 2009-01-13 21:05 720,896 ----a-w c:\windows\iun6002.exe . ------- Sigcheck ------- 2002-12-31 13:00 360832 ce3ec03c9f65302e44af5c452d20a86f c:\windows\system32\drivers\tcpip.sys 2002-12-31 13:00 502272 6225f14b8ce08ccba8b25ad27843c674 c:\windows\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-21 198160] "PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-18 1932568] "BearShare"="c:\program files\BearShare\BearShare.exe" [2005-11-17 3223552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] c:\documents and settings\Admin\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-18 17:44 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=nxouzq.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2002-12-31 119808] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-18 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-18 107912] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-18 298264] S2 ydeqo;ydeqo;c:\windows\System32\svchost.exe -k netsvcs [2002-12-31 14336] S3 Osfw160u;Osfw160u; [x] --- Other Services/Drivers In Memory --- NewlyCreated - ASPI32 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ydeqo . - - - - ORPHANS REMOVED - - - - BHO-{1fc11556-548b-4b53-ae6b-e8b8197f21a6} - c:\windows\system32\nxouzq.dll BHO-{5F740864-A5AF-408E-A26C-39F68C110B8C} - c:\windows\system32\urqQkIcY.dll BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\tuvTlkJd.dll BHO-{77E3A287-6CF0-4D1D-80F5-65DDDC08A989} - c:\windows\system32\vtUlMfeB.dll HKCU-Run-12ZFG94-F641-2SF-K31P-5N1ER6H6L2 - c:\recycler\S-1-5-21-3631314825-6003125954-292844613-4047\service.exe HKLM-Run-000000af - c:\windows\system32\ornfclic.dll HKLM-Run-80076990 - c:\windows\system32\hlnrcvac.dll ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\tuvTlkJd.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.rs/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-28 20:05:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\AVG\AVG8\avgtray.exe c:\program files\Lexmark 1200 Series\lxczbmon.exe c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe . ************************************************************************ . Completion time: 2009-03-28 20:06:55 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-28 19:06:53 Pre-Run: 17,526,177,792 bytes free Post-Run: 32,137,703,424 bytes free 244

Profil

diarno Poslao: 28 Mar 2009 20:47 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\voofucaq.exe C:\rnjbnms.exe C:\sbndleh.exe C:\uslns.exe C:\ibvrae.exe C:\bfah.exe C:\owdyulrx.exe C:\-2146997953 Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"="" Driver:: ydeqo NetSvc:: ydeqo` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

daisyca Poslao: 28 Mar 2009 21:05 Idi na vrh
offline daisyca Novi MyCity građanin Pridružio: 05 Feb 2009 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-27.02 - Admin 2009-03-28 20:56:12.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.508 [GMT 1:00] Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt AV: AVG Anti-Virus Free On-access scanning disabled (Updated) AV: ESET NOD32 Antivirus 4.0 On-access scanning enabled (Outdated) FW: ESET Personal firewall enabled * Created a new restore point FILE :: C:\-2146997953 C:\bfah.exe C:\ibvrae.exe C:\owdyulrx.exe C:\rnjbnms.exe C:\sbndleh.exe C:\uslns.exe c:\windows\system32\voofucaq.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\-2146997953 C:\bfah.exe C:\ibvrae.exe C:\owdyulrx.exe C:\rnjbnms.exe C:\sbndleh.exe C:\uslns.exe c:\windows\system32\voofucaq.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_YDEQO -------\Service_ydeqo ((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 ))))))))))))))))))))))))))))))) . 2009-03-22 21:55 . 2009-03-22 21:56 <DIR> d-------- c:\program files\BearShare 2009-03-20 19:52 . 2009-03-20 19:52 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-03-18 19:00 . 2009-03-28 19:02 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-03-18 17:44 . 2009-03-28 12:28 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-03-18 17:44 . 2009-03-18 17:44 <DIR> d-------- c:\program files\AVG 2009-03-18 17:44 . 2009-03-28 20:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-18 17:44 . 2009-03-18 17:44 <DIR> d-------- c:\documents and settings\Admin\Application Data\AVGTOOLBAR 2009-03-18 17:44 . 2009-03-18 17:44 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-18 17:44 . 2009-03-18 17:44 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-18 17:44 . 2009-03-18 17:44 10,520 --a------ c:\windows\system32\avgrsstx.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-28 18:26 --------- d-----w c:\documents and settings\Admin\Application Data\FrostWire 2009-03-28 17:59 --------- d-----w c:\documents and settings\Admin\Application Data\uTorrent 2009-03-20 18:53 --------- d-----w c:\program files\Lavasoft 2009-03-20 18:51 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-18 15:44 --------- d-----w c:\program files\Eset 2009-03-18 15:44 --------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-02-22 16:48 --------- d-----w c:\documents and settings\Admin\Application Data\Nokia 2009-02-22 11:23 --------- d-----w c:\documents and settings\Admin\Application Data\Datalayer 2009-02-22 11:16 --------- d-----w c:\program files\Nokia 2009-02-22 11:14 --------- d-----w c:\program files\DIFX 2009-02-22 11:14 --------- d-----w c:\program files\Common Files\PCSuite 2009-02-22 11:14 --------- d-----w c:\program files\Common Files\Nokia 2009-02-22 11:14 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite 2009-02-22 11:13 --------- d-----w c:\documents and settings\Admin\Application Data\PC Suite 2009-02-22 10:58 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations 2009-02-21 19:37 --------- d-----w c:\documents and settings\Admin\Application Data\Any Video Converter 2009-02-21 11:19 --------- d-----w c:\program files\SuperAVConverter 2009-02-21 09:33 --------- d-----w c:\program files\Google 2009-02-21 09:25 348,160 ----a-w c:\windows\system32\msvcr71.dll 2009-02-21 09:25 --------- d-----w c:\program files\Real 2009-02-21 09:25 --------- d-----w c:\program files\Common Files\xing shared 2009-02-21 09:25 --------- d-----w c:\program files\Common Files\Real 2009-02-13 11:32 --------- d-----w c:\program files\Common Files\Adobe 2009-02-13 11:29 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems 2009-02-13 11:28 --------- d-----w c:\program files\Common Files\Adobe Systems Shared 2009-02-13 10:56 --------- d-----w c:\program files\uTorrent 2009-02-04 10:51 54,784 ----a-w c:\windows\system32\drivers\CDAC11BA.EXE 2009-02-04 10:51 12,464 ----a-w c:\windows\system32\drivers\CdaC15BA.SYS 2009-02-04 10:51 --------- d-----w c:\program files\Common Files\Macrovision Shared 2009-02-04 10:51 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision 2009-02-04 10:51 --------- d-----w c:\documents and settings\Admin\Application Data\Ldoce 2009-02-04 10:46 --------- d-----w c:\program files\Longman 2009-02-04 09:30 --------- d-----w c:\program files\URUSoft 2009-02-04 08:52 --------- d-----w c:\program files\FrostWire 2009-02-03 16:52 --------- d-----w c:\program files\PDFCreator 2009-02-02 19:52 --------- d-----w c:\documents and settings\Admin\Application Data\Wildfire 2009-02-01 20:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-28 16:16 --------- d-----w c:\documents and settings\Admin\Application Data\Move Networks 2009-01-28 15:48 --------- d-----w c:\documents and settings\All Users\Application Data\BlazeVideo 2009-01-13 21:05 720,896 ----a-w c:\windows\iun6002.exe . ------- Sigcheck ------- 2002-12-31 13:00 360832 ce3ec03c9f65302e44af5c452d20a86f c:\windows\system32\drivers\tcpip.sys 2002-12-31 13:00 502272 6225f14b8ce08ccba8b25ad27843c674 c:\windows\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-21 198160] "PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-18 1932568] "BearShare"="c:\program files\BearShare\BearShare.exe" [2005-11-17 3223552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] c:\documents and settings\Admin\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-18 17:44 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2002-12-31 119808] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-18 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-18 107912] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-18 298264] S3 Osfw160u;Osfw160u; [x] --- Other Services/Drivers In Memory --- NewlyCreated - ASPI32 . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.rs/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-28 20:58:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\AVG\AVG8\avgtray.exe c:\program files\Lexmark 1200 Series\lxczbmon.exe c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe . ************************************************************************ . Completion time: 2009-03-28 20:59:57 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-28 19:59:55 ComboFix2.txt 2009-03-28 19:06:56 Pre-Run: 32.106.123.264 bytes free Post-Run: 32,097,456,128 bytes free 191

Profil

diarno Poslao: 28 Mar 2009 21:59 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje?

Profil

daisyca Poslao: 28 Mar 2009 22:31 Idi na vrh
offline daisyca Novi MyCity građanin Pridružio: 05 Feb 2009 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo sad sam skenirala i pemestio je viruse u c:\qoobox\quarantine... Pretpostavljam da to znaci da je sad ok. Ili ne?

Profil

diarno Poslao: 28 Mar 2009 22:33 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hoces reci da je detektovao viruse u tom folderu... To je normalno.. Oni su neutralisani Postavi mi svez HijackThis log.

Profil

daisyca Poslao: 28 Mar 2009 22:36 Idi na vrh
offline daisyca Novi MyCity građanin Pridružio: 05 Feb 2009 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da. Na to sam mislila... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:30:32, on 28.3.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Admin\Desktop\New Folder\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- End of file - 5712 bytes

Profil

diarno Poslao: 28 Mar 2009 23:05 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok ovde je sve cisto... Uradi sledece : Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore To je to... PozZz

Profil

MyCity » Ambulanta -> Arhiva Ambulante » virusi :(

Ko je trenutno na forumu

Ukupno su 859 korisnika na forumu :: 47 registrovanih, 7 sakrivenih i 805 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: ajo baba, babaroga, bato, Battlehammer, Bobrock1, Bojan5150, brundo65, dankisha, darkojbn, doktor123, doktor1964, DonRumataEstorski, GORDI, Istman, ivicasimo, Joja, kikisp, Kriglord, kybonacci, Lazarus, mačković, mgolub, Mi lao shu, mile23, milenko crazy north, MiroslavD, nemkea71, nextyamb, NoOneEver Dreams, opt1, pacika, Panter, panzerwaffe, saputnik plavetnila, Sićko, Srle993, theNedjeljko, Tvrtko I, vaso1, vlad4, Vlada1389, vobo, Wrangler, xaver, zlaya011, Žrnov, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by