MyCity » Ambulanta -> Arhiva Ambulante » Mnogo problema

Mnogo problema

Napisano na dan: 2.8.2008

Strana:
1
2
3

Mnogo problema

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

rada km Poslao: 02 Avg 2008 00:11 Idi na vrh
offline rada km Građanin Pridružio: 07 Apr 2008 Poruke: 85 Gde živiš: Kos.Mitrovica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 23:57:51, on 1.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\PEKO\Desktop\folder.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing) Odmah na pocetku da se zahvalim svima koji zele da pomognu posto ja nisam neki poznavalac kompjutera. Citala sam po forumima i odjednom je kasperski odreagovao, medjutim ja nisam znala da se snadjem i onda je krenulo naopalo. Bez kontrole su iskakali neki prozori da je kompjuter u opasnosti i istovremeno se ucitavao IE koji je pokazivao neku gresku. Sve je jednostavno blokiralo i instaliralo se na desktopu sve i sva bez kontrole. Uspela sam jedino da pokrenem Malwarebyton i to je na neki nacin sredilo kompjuter, ali kav mi prijavljuje jos mnogo virusa koji ne mogu da se resim. Evo ja sam procitala kako se postavlja tema i ako sam pogresila nadam se da mi necete zameriti. Hvala unapred

Profil

dr_Bora Poslao: 02 Avg 2008 13:48 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Postavljeni logfile izgleda čist. Šta tačno detektuje KAV? Daj mi tačnu putanju detektovanog file-a (ili file-ova, ako ih je više).

Profil

rada km Poslao: 03 Avg 2008 22:03 Idi na vrh
offline rada km Građanin Pridružio: 07 Apr 2008 Poruke: 85 Gde živiš: Kos.Mitrovica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav veliki, i izvinjenje jer nisam mogla da se javim zbog probllema sa inretnetom. Ovo su slike koje je detektovao kasperski. Inace imam jos jedan problem na slici ispod ja stikliram trecu stavku odzdo, ali kada ponovo udjem u perfomance ta stavka opet nije stiklirana iako kliknem na apply pa OK. I jos ovo, ako nesto znaci, imam ADSL konekciju. Hvala unapred

Profil

dr_Bora Poslao: 03 Avg 2008 23:32 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskreno, ja ovde ne vidim problem. Sudeći po trećoj slici, sve što je detektovano, to je i blokirano. Što se tiče poslednje slike, tu doista nemam ideju o čemu se radi (vidim da koristiš nestandardne ikonice. Možda te promene ili neke slične imaju veze sa nemogućnošću promene tog setovanja - no, samo nagađam...). Ako želiš, možemo izvršiti još jednu dodatnu proveru (neće škoditi)... * Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection. * U prozoru koji se otvori, izaberi By User Request. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

rada km Poslao: 04 Avg 2008 01:20 Idi na vrh
offline rada km Građanin Pridružio: 07 Apr 2008 Poruke: 85 Gde živiš: Kos.Mitrovica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradila sam za kaspesrski, no sada prvi i treci link ne radi, a ja neumem da se snadjem sa ovim linkom koji radi, zapravo sta da skinem. Dopuna: 03 Avg 2008 23:52 Da jos da dodam, ikonice sam promenila sa programom TuneUp i nije bilo problema, dok se nije desilo sve ono sto sam ranije navela. Od tada ne mogu da vratim opciju u kompjuteru, recimo kada otvorim Moj kompjuter, pojavi se normalno sve ali sa leve strane monitora ne stoje standardno one ikonice, my compjuter, desktop...vec se dokumenta pojave na celom monitoru. Uf ne znam da li ste me bar delic razumeli. Dopuna: 04 Avg 2008 1:20 R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56] S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 09:32] S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07] S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 14:54] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 14:54] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 14:54] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 14:54] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 14:54] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-01 19:10] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 12:31] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a76bb0d-2f10-11dd-85c4-000b6af24e10}] \Shell\Auto\command - G:\Config.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Config.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e80d3c5d-98dd-11db-9018-806d6172696f}] \Shell\AutoRun\command - E:\autorun.exe \Shell\readme\command - notepad readme.txt \Shell\Setup\command - E:\install.exe . Contents of the 'Scheduled Tasks' folder 2008-08-03 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09] 2008-07-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-08-03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2008-08-03 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe [2008-04-21 23:21] 2008-07-12 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe [2008-04-21 23:21] . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\PEKO\Application Data\Mozilla\Firefox\Profiles\njl61eyh.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.rs/ FF -: plugin - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava11.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava12.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava13.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava14.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava32.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npoji610.dll FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-08-04 01:02:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\WINDOWS\explorer.exe [1580] 0x818576A0 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************ . Completion time: 2008-08-04 1:12:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-03 23:12:34 Pre-Run: 2,035,453,952 bytes free Post-Run: 2,007,838,720 bytes free 247 --- E O F --- 2008-01-13 17:02:48 Evo to je to, nadam se da sam dobro uradila.

Profil

dr_Bora Poslao: 04 Avg 2008 16:49 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Log nije kompletan - iskopiraj ga ponovo. Lokacija je C:\ComboFix.txt.

Profil

rada km Poslao: 04 Avg 2008 19:44 Idi na vrh
offline rada km Građanin Pridružio: 07 Apr 2008 Poruke: 85 Gde živiš: Kos.Mitrovica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-08-01.04 - PEKO 2008-08-04 0:55:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.72 [GMT 2:00] Running from: C:\Documents and Settings\PEKO\Desktop\CF.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\PEKO\Application Data\FunWebProducts C:\Documents and Settings\PEKO\Application Data\FunWebProducts\Data\PEKO\avatar.dat C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\qpfnhaxy.ini . ((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 ))))))))))))))))))))))))))))))) . 2008-07-31 14:47 . 2008-07-31 14:47 <DIR> d-------- C:\Documents and Settings\PEKO\Application Data\GRETECH 2008-07-31 14:47 . 2008-07-31 14:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH 2008-07-31 14:46 . 2008-07-31 14:46 <DIR> d-------- C:\Program Files\GRETECH 2008-07-31 00:22 . 2008-07-31 00:24 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-07-28 21:20 . 2008-07-28 21:20 <DIR> d-------- C:\Documents and Settings\PEKO\Application Data\Malwarebytes 2008-07-28 21:18 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-28 21:14 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-28 21:12 . 2008-07-28 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-28 21:10 . 2008-07-28 21:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-28 01:21 . 2008-07-27 23:45 294 --ahs---- C:\WINDOWS\system32\dosairqi.ini 2008-07-27 23:38 . 2008-07-27 23:38 1,532,032 ---hs---- C:\WINDOWS\system32\dosairqi.tmp 2008-07-25 18:21 . 2004-08-04 00:56 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup 2008-07-25 18:20 . 2008-08-03 17:36 <DIR> d--h----- C:\WINDOWS\FlyakiteOSX 2008-07-21 21:24 . 2008-07-21 21:24 <DIR> d-------- C:\Program Files\iMesh Applications 2008-07-21 21:24 . 2008-07-23 00:17 <DIR> d-------- C:\Documents and Settings\PEKO\Application Data\iMesh 2008-07-21 21:24 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx 2008-07-20 21:38 . 2008-07-20 21:38 <DIR> d-------- C:\Program Files\MSECache 2008-07-19 21:36 . 2008-07-19 21:36 <DIR> d-------- C:\Program Files\iPod 2008-07-19 21:35 . 2008-07-19 21:36 <DIR> d-------- C:\Program Files\iTunes 2008-07-19 18:18 . 2008-07-19 18:18 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-07-19 18:12 . 2008-07-19 18:12 <DIR> d-------- C:\Documents and Settings\PEKO\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-07-17 20:34 . 2008-07-17 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-17 13:10 . 2008-07-27 22:34 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-07-17 13:10 . 2008-07-27 22:34 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-07-17 13:09 . 2008-07-17 13:09 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-07-17 13:09 . 2008-08-03 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-07-17 13:09 . 2008-08-04 01:01 2,809,888 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-07-17 13:09 . 2008-08-04 01:01 614,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-07-17 13:09 . 2008-08-04 01:01 23,032 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-07-17 13:09 . 2008-08-04 01:01 3,180 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-07-17 13:06 . 2008-07-17 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-07-12 22:11 . 2008-07-12 22:11 <DIR> d-------- C:\Program Files\RegCure 2008-07-12 20:07 . 2008-07-12 20:07 <DIR> d-------- C:\Program Files\Lavasoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-03 21:14 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-08-03 15:33 --------- d-----w C:\Documents and Settings\PEKO\Application Data\SlimBrowser 2008-07-31 09:52 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-28 11:50 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-07-26 15:26 --------- d-----w C:\Program Files\IncrediMail 2008-07-26 15:10 442,880 ----a-w C:\WINDOWS\rapidui.exe 2008-07-19 15:46 --------- d-----w C:\Documents and Settings\PEKO\Application Data\Skype 2008-07-19 15:40 --------- d-----w C:\Documents and Settings\PEKO\Application Data\skypePM 2008-07-17 11:12 --------- d-----w C:\Documents and Settings\PEKO\Application Data\The Bat! 2008-07-13 12:08 --------- d-----w C:\Program Files\Viewpoint 2008-07-13 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-07-13 11:59 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-07-12 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-12 18:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-07-12 13:00 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE 2008-07-01 14:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-29 18:33 --------- d-----w C:\Documents and Settings\PEKO\Application Data\Qualcomm 2008-06-29 18:30 --------- d-----w C:\Documents and Settings\PEKO\Application Data\PocoMail 2008-06-29 18:27 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-21 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP 2008-06-21 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2008-06-21 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-06-21 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\acccore 2008-06-19 16:21 --------- d-----w C:\Program Files\QuickTime 2008-06-19 16:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-18 14:55 --------- d-----w C:\Program Files\Ahead 2008-06-18 12:14 --------- d-----w C:\Program Files\Common Files\Nero 2008-06-18 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-06-16 16:33 --------- d-----w C:\Documents and Settings\PEKO\Application Data\TuneUp Software 2008-06-16 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-06-16 16:31 --------- d-----w C:\Program Files\Bonjour 2008-06-14 19:41 --------- d-----w C:\Program Files\Photo! 2008-06-14 19:00 --------- d-----w C:\Program Files\Jasc Software Inc 2008-06-14 19:00 --------- d-----w C:\Documents and Settings\PEKO\Application Data\Jasc Software Inc 2008-06-14 17:16 --------- d-----w C:\Program Files\PhotoFiltre 2008-06-14 17:14 --------- d-----w C:\Program Files\Paint.NET 2008-06-13 18:18 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-06-13 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-06-13 17:28 9,856 ----a-w C:\WINDOWS\system32\drivers\pfc.sys 2008-06-12 19:35 --------- d-----w C:\Documents and Settings\PEKO\Application Data\gtk-2.0 2008-06-12 16:56 --------- d-----w C:\Documents and Settings\PEKO\Application Data\XnView 2008-06-11 20:49 --------- d-----w C:\Program Files\AskTBar 2008-06-11 19:22 --------- d-----w C:\Program Files\Yahoo! 2008-06-11 18:24 --------- d-----w C:\Documents and Settings\PEKO\Application Data\ACD Systems 2008-06-11 10:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir 2008-06-11 10:00 --------- d-----w C:\Program Files\Common Files\Real 2008-06-08 14:09 --------- d-----w C:\Documents and Settings\PEKO\Application Data\MxBoost 2008-06-07 19:46 --------- d-----w C:\Program Files\Barbie(TM) 2008-06-06 09:52 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-06-05 11:30 --------- d-----w C:\Documents and Settings\PEKO\Application Data\Leadertech 2008-06-05 11:12 --------- d-----w C:\Documents and Settings\PEKO\Application Data\AdobeUM 2008-06-05 11:09 --------- d-----w C:\Documents and Settings\PEKO\Application Data\AdobeAUM 2008-06-03 18:13 --------- d-----w C:\Program Files\Google 2008-06-03 17:34 --------- d-----w C:\Program Files\Windows Live 2008-02-11 15:41 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:35 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 01:41 118485] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "VIDC.VP31"= vp31vfw.dll "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\Valve\\hl.exe"= "D:\\Program Files\\Valve\\hltv.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Program Files\\Magentic\\bin\\MgImp.exe"= "C:\\Program Files\\Magentic\\bin\\Magentic.exe"= "C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\ooVoo\\ooVoo.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImPackr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP::Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP::Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP::Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP::Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP::Disabled:ooVoo UDP port 37675 R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56] S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 09:32] S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07] S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 14:54] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 14:54] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 14:54] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 14:54] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 14:54] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-01 19:10] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 12:31] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a76bb0d-2f10-11dd-85c4-000b6af24e10}] \Shell\Auto\command - G:\Config.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Config.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e80d3c5d-98dd-11db-9018-806d6172696f}] \Shell\AutoRun\command - E:\autorun.exe \Shell\readme\command - notepad readme.txt \Shell\Setup\command - E:\install.exe . Contents of the 'Scheduled Tasks' folder 2008-08-03 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09] 2008-07-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-08-03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2008-08-03 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe [2008-04-21 23:21] 2008-07-12 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe [2008-04-21 23:21] . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\PEKO\Application Data\Mozilla\Firefox\Profiles\njl61eyh.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.rs/ FF -: plugin - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava11.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava12.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava13.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava14.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava32.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npoji610.dll FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll *********************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-08-04 01:02:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\WINDOWS\explorer.exe [1580] 0x818576A0 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************ . Completion time: 2008-08-04 1:12:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-03 23:12:34 Pre-Run: 2,035,453,952 bytes free Post-Run: 2,007,838,720 bytes free 247 --- E O F --- 2008-01-13 17:02:48 Nadam se da je sada dobro, i jos da vam kazem da je opcija koju nisam mogla da stikliram nikako, posle skeniranja proradila.

Profil

dr_Bora Poslao: 04 Avg 2008 20:13 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\dosairqi.ini C:\WINDOWS\system32\dosairqi.tmp Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a76bb0d-2f10-11dd-85c4-000b6af24e10}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

rada km Poslao: 04 Avg 2008 23:56 Idi na vrh
offline rada km Građanin Pridružio: 07 Apr 2008 Poruke: 85 Gde živiš: Kos.Mitrovica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ja sam pokusala , ali nazalost nikako neumem da napravim CFSScript. Otvorim Notepad i iskopiram kod ali ne znam kako da podesim da bude CFSscript, jer uopste ne mogu da nadjem tu opciju.

Profil

dr_Bora Poslao: 05 Avg 2008 16:06 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne postoji ta opcija - u pitanju je naziv file-a. Znači, kao da snimaš bilo koji tekstualni file, samo što ćeš da ga nazoveš CFScript.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Mnogo problema

Ko je trenutno na forumu

Ukupno su 678 korisnika na forumu :: 4 registrovanih, 1 sakriven i 673 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: anta, hyla, Koridor, Smiljke

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by