MyCity » Ambulanta -> Arhiva Ambulante » Ne otvara mi particije C,D i flash

Ne otvara mi particije C,D i flash

Napisano na dan: 30.3.2009

Strana:
1
2

Ne otvara mi particije C,D i flash

Sledeća strana

Pagination

Odgovori

Strana:
1
2

vujkovicb Poslao: 30 Mar 2009 15:30 Idi na vrh
offline vujkovicb Novi MyCity građanin Pridružio: 14 Mar 2009 Poruke: 19 Gde živiš: Subotica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imao sam problem sa jednim virusom, ali izbrisao sam ga. Ali sad kada sam ga obrisao pojavio se drugi problem, kada kliknem na particiju pojavi mi se onaj prozor da biram u kom programu da se otvori "Open with , Choose the program you want to use to open this file" "File: D:\" (kao kada hocu da pokrenem neki file bez extenzije) !!!

Profil

helen1 Poslao: 30 Mar 2009 15:31 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

vujkovicb Poslao: 30 Mar 2009 15:33 Idi na vrh
offline vujkovicb Novi MyCity građanin Pridružio: 14 Mar 2009 Poruke: 19 Gde živiš: Subotica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:31:58, on 30.3.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\WINDOWS\SYSTEM32\SRPSKEY.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\totalcmd\TOTALCMD.EXE C:\WINDOWS\regedit.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\Koljini Documenti\Zaštita\majstor.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [srpskey] C:\WINDOWS\SYSTEM32\SRPSKEY.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Instalirano\Tuneup\WinStylerThemeSvc.exe O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing) -- End of file - 4873 bytes Imao sam problem sa jednim virusom, ali izbrisao sam ga. Ali sad kada sam ga obrisao pojavio se drugi problem, kada kliknem na particiju pojavi mi se onaj prozor da biram u kom programu da se otvori "Open with , Choose the program you want to use to open this file" "File: D:\" (kao kada hocu da pokrenem neki file bez extenzije) !!!

Profil

helen1 Poslao: 30 Mar 2009 15:42 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

vujkovicb Poslao: 30 Mar 2009 17:26 Idi na vrh
offline vujkovicb Novi MyCity građanin Pridružio: 14 Mar 2009 Poruke: 19 Gde živiš: Subotica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sada kada kliknem na particiju pojavi mi se sarch prozor ! Dopuna: 30 Mar 2009 17:26 ComboFix 09-03-29.04 - Koki 2009-03-30 17:14:59.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.230 [GMT 2:00] Running from: G:\ComboFix.exe AV: Avira AntiVir PersonalEdition On-access scanning disabled (Updated) FW: Kerio Personal Firewall disabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\windows\system32\drivers\str.sys D:\Autorun.inf G:\autorun.inf G:\em8tqm.cmd G:\gyn.cmd G:\jm3cx96.bat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TCPSR ((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 ))))))))))))))))))))))))))))))) . 2009-03-30 17:17 . 2009-03-30 17:17 <DIR> d-------- c:\windows\system32\xircom 2009-03-30 17:17 . 2009-03-30 17:17 <DIR> d-------- c:\program files\microsoft frontpage 2009-03-30 12:19 . 2009-03-30 12:19 <DIR> d-------- c:\program files\Avira 2009-03-30 12:19 . 2009-03-30 12:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-03-18 22:38 . 2009-03-18 22:38 <DIR> d-------- c:\documents and settings\Koki\Application Data\River Past G4 2009-03-18 22:31 . 2009-03-18 22:31 <DIR> d-------- c:\program files\Common Files\River Past 2009-03-18 22:31 . 2009-03-18 22:31 <DIR> d-------- c:\documents and settings\Koki\Application Data\RiverPast G4 2009-03-18 22:31 . 2009-03-18 22:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\River Past G4 2009-03-18 22:31 . 2009-03-18 22:31 160,235 --a------ c:\windows\Wave@MP3 Uninstaller.exe 2009-03-16 23:30 . 2009-03-16 23:37 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-03-16 21:59 . 2009-03-16 21:59 115,239 --a------ c:\windows\GXTranscoder v2 Uninstaller.exe 2009-03-09 14:24 . 2009-03-09 14:24 122 --a------ c:\windows\system32\drivers\fwdrv.err 2009-03-04 17:28 . 2009-03-04 17:28 <DIR> d---s---- c:\documents and settings\Koki\UserData 2009-03-01 20:51 . 2009-03-06 19:24 276 --a------ c:\windows\system\cmicnfg.ini 2009-03-01 11:45 . 2009-03-01 21:26 <DIR> d-------- c:\documents and settings\Koki\Application Data\Any Video Converter 2009-02-28 17:25 . 2009-02-28 23:11 <DIR> d-------- c:\documents and settings\Koki\Application Data\IObit 2009-02-24 12:04 . 2009-02-24 12:04 <DIR> d-------- c:\documents and settings\Koki\Application Data\Talkback 2009-02-23 11:25 . 2009-03-23 13:09 40 --a------ c:\windows\nero.INI 2009-02-22 16:21 . 2009-02-22 16:21 <DIR> d-------- c:\windows\Sun 2009-02-21 16:08 . 2009-03-30 09:58 4,126 --a------ c:\windows\wcx_ftp.ini 2009-02-20 18:03 . 2000-01-01 00:00 89,184 --------- c:\windows\system32\drivers\imagedrv.sys 2009-02-20 18:03 . 2000-01-01 00:00 57,344 --------- c:\windows\system32\ImageDrive.cpl 2009-02-20 18:02 . 2000-01-01 00:00 38,912 -ra------ c:\windows\system32\picn20.dll 2009-02-20 18:01 . 2009-02-20 18:01 <DIR> d-------- c:\program files\Common Files\Ahead 2009-02-20 18:01 . 2000-01-01 00:00 569,344 -ra------ c:\windows\system32\imagr5.dll 2009-02-20 18:01 . 2000-01-01 00:00 544,768 -ra------ c:\windows\system32\imagx5.dll 2009-02-20 18:01 . 2000-01-01 00:00 283,920 -ra------ c:\windows\system32\ImagXpr5.dll 2009-02-20 18:01 . 2000-01-01 00:00 155,648 -ra------ c:\windows\system32\NeroCheck.exe 2009-02-20 17:24 . 2009-02-20 17:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-02-20 17:12 . 2009-02-20 17:12 <DIR> d-------- c:\documents and settings\Koki\Application Data\Malwarebytes 2009-02-20 17:12 . 2009-02-20 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-20 17:12 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-20 17:12 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-19 16:57 . 2009-02-19 16:57 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-02-19 16:57 . 2009-01-18 23:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-02-19 16:55 . 2009-02-20 16:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-02-17 12:40 . 2009-02-17 12:40 518 --a------ c:\windows\system32\wul.cfg 2009-02-16 21:58 . 2009-02-16 21:58 <DIR> d-------- c:\documents and settings\Administrator 2009-02-16 12:42 . 2009-03-30 15:57 4,152 --a------ c:\windows\WINCMD.INI 2009-02-16 00:02 . 2009-02-16 00:02 <DIR> d-------- c:\documents and settings\Koki\Application Data\Ahead 2009-02-15 18:51 . 2009-02-15 18:51 <DIR> d-------- c:\program files\Skype 2009-02-15 18:51 . 2009-03-10 22:20 <DIR> d-------- c:\documents and settings\Koki\Application Data\Skype 2009-02-15 18:51 . 2009-02-15 18:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2009-02-15 17:12 . 2009-02-16 10:57 10 --a------ c:\windows\popcinfo.dat 2009-02-14 21:54 . 2009-02-14 21:54 <DIR> d-------- c:\documents and settings\Koki\Application Data\TuneUp Software 2009-02-14 21:53 . 2009-02-14 21:53 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-02-14 21:53 . 2009-02-14 21:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-02-14 18:01 . 2009-02-14 18:01 <DIR> d-------- c:\documents and settings\Koki\Application Data\PDFCreator 2009-02-13 20:36 . 2009-02-13 20:36 <DIR> d-------- c:\documents and settings\Koki\Application Data\CyberLink 2009-02-13 13:44 . 2009-03-27 09:59 <DIR> d-------- C:\QUARANTINE 2009-02-13 13:01 . 2003-06-18 18:31 17,920 --a------ c:\windows\system32\mdimon.dll 2009-02-13 12:59 . 2009-02-13 12:59 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-02-13 12:59 . 2009-02-13 12:59 <DIR> d-------- c:\program files\Common Files\L&H 2009-02-13 12:58 . 2009-02-13 12:58 <DIR> d-------- c:\program files\Microsoft Works 2009-02-13 12:57 . 2009-02-13 12:59 <DIR> d-------- c:\windows\SHELLNEW 2009-02-13 12:56 . 2009-02-13 12:56 <DIR> d-------- c:\program files\Microsoft.NET 2009-02-13 09:16 . 2009-02-13 09:16 0 --a------ c:\windows\nsreg.dat 2009-02-12 23:19 . 2006-04-24 13:10 34,304 --a------ c:\windows\system32\srpskey.exe 2009-02-12 23:19 . 2009-02-12 23:19 3,072 --a------ c:\windows\system32\srpskeyh3.dll 2009-02-12 22:32 . 2009-02-12 22:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bluetooth 2009-02-12 22:30 . 2009-02-12 22:31 32 --a------ c:\windows\0 2009-02-12 22:30 . 2009-02-12 22:30 0 --a------ c:\windows\system32\0 2009-02-12 22:27 . 2009-03-18 18:08 5,632 --ahs---- c:\windows\Thumbs.db 2009-02-12 21:12 . 2009-02-12 21:12 <DIR> d-------- c:\program files\Teamspeak2_RC2 2009-02-12 21:12 . 2009-02-12 21:12 34,064 --a------ c:\windows\system32\lhacm.acm 2009-02-12 21:02 . 2009-02-12 21:02 <DIR> d-------- c:\documents and settings\Koki\Application Data\teamspeak2 2009-02-12 20:51 . 2009-02-12 20:51 <DIR> d-------- c:\program files\Kerio 2009-02-12 20:37 . 2009-02-12 20:37 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2009-02-12 20:37 . 2009-02-12 20:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems 2009-02-12 20:27 . 2009-02-12 20:27 <DIR> d-------- c:\program files\PowerISO 2009-02-12 20:15 . 2009-02-12 20:15 <DIR> d-------- c:\windows\system32\QuickTime 2009-02-12 20:14 . 2009-02-12 20:16 <DIR> d-------- c:\program files\Common Files\Macromedia 2009-02-12 20:13 . 2009-02-12 20:13 <DIR> d-------- c:\windows\Downloaded Installations 2009-02-12 13:53 . 2009-02-12 13:53 <DIR> d-------- c:\documents and settings\Koki\WINDOWS 2009-02-12 13:53 . 2009-02-12 13:53 <DIR> d-------- c:\documents and settings\Koki\Application Data\WinPatrol 2009-02-12 13:36 . 2007-03-23 07:07 1,683,280 --------- c:\windows\system32\dllcache\XpsSvcs.dll 2009-02-12 13:36 . 2007-03-23 07:07 583,504 --------- c:\windows\system32\dllcache\XPSSHHDR.dll 2009-02-12 13:36 . 2007-03-22 21:24 28,160 --------- c:\windows\system32\dllcache\FilterPipelinePrintProc.dll 2009-02-12 13:35 . 2007-03-22 21:25 677,376 --------- c:\windows\system32\dllcache\PrintFilterPipelineSvc.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-30 09:33 --------- d-----w c:\program files\PowerArchiver 2009-02-28 15:09 --------- d-----w c:\program files\totalcmd 2009-02-26 11:15 --------- d-----w c:\program files\The KMPlayer 2009-02-16 15:40 --------- d-----w c:\program files\LClock 2009-02-14 11:41 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-14 09:43 11,973 ----a-w c:\windows\system32\drivers\secdrv.sys 2009-02-12 19:09 --------- d-----w c:\program files\Unlocker 2009-02-12 18:40 --------- d-----w c:\program files\Common Files\Adobe 2009-02-12 18:14 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-12 11:53 --------- d-----w c:\program files\BillP Studios 2009-02-12 11:51 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink 2009-02-12 11:50 --------- d-----w c:\program files\CyberLink 2009-02-12 11:49 --------- d-----w c:\documents and settings\All Users\Application Data\ConeXware 2009-02-12 11:35 --------- d-----w c:\program files\Java 2009-02-12 11:35 --------- d-----w c:\program files\Common Files\Java 2009-02-12 11:20 --------- d-----w c:\program files\Common Files\Cisco Systems 2009-02-12 10:52 --------- d-----w c:\program files\Windows Media Connect 2 2009-02-12 10:51 --------- d-----w c:\program files\Microsoft PowerToys 2009-02-12 10:51 --------- d-----w c:\program files\HashTab Shell Extension . ------- Sigcheck ------- 2007-11-20 01:00 577536 7a540726ca75e1e988d56ab69925ba79 c:\windows\system32\user32.dll 2007-11-20 01:00 775680 8edf4adb83f61a351cbbbd2fd88433ae c:\windows\system32\wininet.dll 2007-11-20 01:00 2223616 95e8b55443bd91dab5632924d2616a1e c:\windows\system32\ntkrnlpa.exe 2007-11-20 01:00 2346752 24fcd8fb0c6bd0e5f3b1203769948336 c:\windows\system32\ntoskrnl.exe 2007-11-20 01:00 1647616 3d8a3ba32663082a2256f0eb986c3025 c:\windows\explorer.exe 2007-11-20 01:00 40448 e00dfa816fa5521eb44c5d63109de2a9 c:\windows\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-11-20 40448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-04-12 230592] "srpskey"="c:\windows\SYSTEM32\SRPSKEY.EXE" [2006-04-24 34304] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-11-20 40448] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-11-20 c:\windows\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0waxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] -ra------ 2000-01-01 00:00 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-05-22 14:43 20440616 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "VistaDrive"=c:\windows\VistaDrive\VistaDrive.exe "UnlockerAssistant"=c:\program files\Unlocker\UnlockerAssistant.exe -H "PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"= "d:\\Instalirano\\Blutut\\BlueSoleil.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-19 64160] R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2004-11-02 262144] S0 ati0waxx;ati0waxx;c:\windows\system32\Drivers\ati0waxx.sys --> c:\windows\system32\Drivers\ati0waxx.sys [?] S2 mknpyfmgb;mknpyfmgb;\??\c:\windows\system32\drivers\njjuonkhxfpqh.sys --> c:\windows\system32\drivers\njjuonkhxfpqh.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00 . Contents of the 'Scheduled Tasks' folder 2009-03-27 c:\windows\Tasks\1-Click Maintenance.job - d:\instalirano\Tuneup\SystemOptimizer.exe [2005-09-21 23:35] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.rs/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Koki\Application Data\Mozilla\Firefox\Profiles\baq9704u.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: nglayout.initialpaint.delay - 300 FF - user.js: content.switch.threshold - 650000 . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-30 17:17:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc] "ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00" "ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc] "ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc] "ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00" "ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(520) c:\windows\system32\SETUPAPI.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(576) c:\windows\system32\SETUPAPI.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Kerio\Personal Firewall 4\kpf4ss.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe c:\windows\system32\rundll32.exe c:\windows\system32\wscntfy.exe c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe . ************************************************************************ . Completion time: 2009-03-30 17:20:17 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-30 15:20:13 Pre-Run: 16.345.948.160 bytes free Post-Run: 16,290,766,848 bytes free 253

Profil

helen1 Poslao: 30 Mar 2009 18:15 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovo iskljuci Antivirus. Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\Drivers\ati0waxx.sys c:\windows\system32\drivers\njjuonkhxfpqh.sys Driver:: ati0waxx mknpyfmgb` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

vujkovicb Poslao: 30 Mar 2009 18:33 Idi na vrh
offline vujkovicb Novi MyCity građanin Pridružio: 14 Mar 2009 Poruke: 19 Gde živiš: Subotica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png ComboFix 09-03-29.04 - Koki 2009-03-30 18:26:32.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.251 [GMT 2:00] Running from: d:\koljini documenti\ComboFix.exe Command switches used :: c:\documents and settings\Koki\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition On-access scanning disabled (Updated) FW: Kerio Personal Firewall disabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\windows\system32\Drivers\ati0waxx.sys c:\windows\system32\drivers\njjuonkhxfpqh.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MKNPYFMGB -------\Service_ati0waxx -------\Service_mknpyfmgb ((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 ))))))))))))))))))))))))))))))) . 2009-03-30 17:17 . 2009-03-30 17:17 <DIR> d-------- c:\windows\system32\xircom 2009-03-30 17:17 . 2009-03-30 17:17 <DIR> d-------- c:\program files\microsoft frontpage 2009-03-30 12:19 . 2009-03-30 12:19 <DIR> d-------- c:\program files\Avira 2009-03-30 12:19 . 2009-03-30 12:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-03-18 22:38 . 2009-03-18 22:38 <DIR> d-------- c:\documents and settings\Koki\Application Data\River Past G4 2009-03-18 22:31 . 2009-03-18 22:31 <DIR> d-------- c:\program files\Common Files\River Past 2009-03-18 22:31 . 2009-03-18 22:31 <DIR> d-------- c:\documents and settings\Koki\Application Data\RiverPast G4 2009-03-18 22:31 . 2009-03-18 22:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\River Past G4 2009-03-18 22:31 . 2009-03-18 22:31 160,235 --a------ c:\windows\Wave@MP3 Uninstaller.exe 2009-03-16 23:30 . 2009-03-16 23:37 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-03-16 21:59 . 2009-03-16 21:59 115,239 --a------ c:\windows\GXTranscoder v2 Uninstaller.exe 2009-03-09 14:24 . 2009-03-09 14:24 122 --a------ c:\windows\system32\drivers\fwdrv.err 2009-03-04 17:28 . 2009-03-04 17:28 <DIR> d---s---- c:\documents and settings\Koki\UserData 2009-03-01 20:51 . 2009-03-06 19:24 276 --a------ c:\windows\system\cmicnfg.ini 2009-03-01 11:45 . 2009-03-01 21:26 <DIR> d-------- c:\documents and settings\Koki\Application Data\Any Video Converter 2009-02-28 17:25 . 2009-02-28 23:11 <DIR> d-------- c:\documents and settings\Koki\Application Data\IObit 2009-02-24 12:04 . 2009-02-24 12:04 <DIR> d-------- c:\documents and settings\Koki\Application Data\Talkback 2009-02-23 11:25 . 2009-03-23 13:09 40 --a------ c:\windows\nero.INI 2009-02-22 16:21 . 2009-02-22 16:21 <DIR> d-------- c:\windows\Sun 2009-02-21 16:08 . 2009-03-30 09:58 4,126 --a------ c:\windows\wcx_ftp.ini 2009-02-20 18:03 . 2000-01-01 00:00 89,184 --------- c:\windows\system32\drivers\imagedrv.sys 2009-02-20 18:03 . 2000-01-01 00:00 57,344 --------- c:\windows\system32\ImageDrive.cpl 2009-02-20 18:02 . 2000-01-01 00:00 38,912 -ra------ c:\windows\system32\picn20.dll 2009-02-20 18:01 . 2009-02-20 18:01 <DIR> d-------- c:\program files\Common Files\Ahead 2009-02-20 18:01 . 2000-01-01 00:00 569,344 -ra------ c:\windows\system32\imagr5.dll 2009-02-20 18:01 . 2000-01-01 00:00 544,768 -ra------ c:\windows\system32\imagx5.dll 2009-02-20 18:01 . 2000-01-01 00:00 283,920 -ra------ c:\windows\system32\ImagXpr5.dll 2009-02-20 18:01 . 2000-01-01 00:00 155,648 -ra------ c:\windows\system32\NeroCheck.exe 2009-02-20 17:24 . 2009-02-20 17:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-02-20 17:12 . 2009-02-20 17:12 <DIR> d-------- c:\documents and settings\Koki\Application Data\Malwarebytes 2009-02-20 17:12 . 2009-02-20 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-20 17:12 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-20 17:12 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-19 16:57 . 2009-02-19 16:57 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-02-19 16:57 . 2009-01-18 23:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-02-19 16:55 . 2009-02-20 16:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-02-17 12:40 . 2009-02-17 12:40 518 --a------ c:\windows\system32\wul.cfg 2009-02-16 21:58 . 2009-02-16 21:58 <DIR> d-------- c:\documents and settings\Administrator 2009-02-16 12:42 . 2009-03-30 17:42 4,068 --a------ c:\windows\WINCMD.INI 2009-02-16 00:02 . 2009-02-16 00:02 <DIR> d-------- c:\documents and settings\Koki\Application Data\Ahead 2009-02-15 18:51 . 2009-02-15 18:51 <DIR> d-------- c:\program files\Skype 2009-02-15 18:51 . 2009-03-10 22:20 <DIR> d-------- c:\documents and settings\Koki\Application Data\Skype 2009-02-15 18:51 . 2009-02-15 18:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2009-02-15 17:12 . 2009-02-16 10:57 10 --a------ c:\windows\popcinfo.dat 2009-02-14 21:54 . 2009-02-14 21:54 <DIR> d-------- c:\documents and settings\Koki\Application Data\TuneUp Software 2009-02-14 21:53 . 2009-02-14 21:53 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-02-14 21:53 . 2009-02-14 21:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-02-14 18:01 . 2009-02-14 18:01 <DIR> d-------- c:\documents and settings\Koki\Application Data\PDFCreator 2009-02-13 20:36 . 2009-02-13 20:36 <DIR> d-------- c:\documents and settings\Koki\Application Data\CyberLink 2009-02-13 13:44 . 2009-03-27 09:59 <DIR> d-------- C:\QUARANTINE 2009-02-13 13:01 . 2003-06-18 18:31 17,920 --a------ c:\windows\system32\mdimon.dll 2009-02-13 12:59 . 2009-02-13 12:59 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-02-13 12:59 . 2009-02-13 12:59 <DIR> d-------- c:\program files\Common Files\L&H 2009-02-13 12:58 . 2009-02-13 12:58 <DIR> d-------- c:\program files\Microsoft Works 2009-02-13 12:57 . 2009-02-13 12:59 <DIR> d-------- c:\windows\SHELLNEW 2009-02-13 12:56 . 2009-02-13 12:56 <DIR> d-------- c:\program files\Microsoft.NET 2009-02-13 09:16 . 2009-02-13 09:16 0 --a------ c:\windows\nsreg.dat 2009-02-12 23:19 . 2006-04-24 13:10 34,304 --a------ c:\windows\system32\srpskey.exe 2009-02-12 23:19 . 2009-02-12 23:19 3,072 --a------ c:\windows\system32\srpskeyh3.dll 2009-02-12 22:32 . 2009-02-12 22:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bluetooth 2009-02-12 22:30 . 2009-02-12 22:31 32 --a------ c:\windows\0 2009-02-12 22:30 . 2009-02-12 22:30 0 --a------ c:\windows\system32\0 2009-02-12 22:27 . 2009-03-18 18:08 5,632 --ahs---- c:\windows\Thumbs.db 2009-02-12 21:12 . 2009-02-12 21:12 <DIR> d-------- c:\program files\Teamspeak2_RC2 2009-02-12 21:12 . 2009-02-12 21:12 34,064 --a------ c:\windows\system32\lhacm.acm 2009-02-12 21:02 . 2009-02-12 21:02 <DIR> d-------- c:\documents and settings\Koki\Application Data\teamspeak2 2009-02-12 20:51 . 2009-02-12 20:51 <DIR> d-------- c:\program files\Kerio 2009-02-12 20:37 . 2009-02-12 20:37 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2009-02-12 20:37 . 2009-02-12 20:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems 2009-02-12 20:27 . 2009-02-12 20:27 <DIR> d-------- c:\program files\PowerISO 2009-02-12 20:15 . 2009-02-12 20:15 <DIR> d-------- c:\windows\system32\QuickTime 2009-02-12 20:14 . 2009-02-12 20:16 <DIR> d-------- c:\program files\Common Files\Macromedia 2009-02-12 20:13 . 2009-02-12 20:13 <DIR> d-------- c:\windows\Downloaded Installations 2009-02-12 13:53 . 2009-02-12 13:53 <DIR> d-------- c:\documents and settings\Koki\WINDOWS 2009-02-12 13:53 . 2009-02-12 13:53 <DIR> d-------- c:\documents and settings\Koki\Application Data\WinPatrol 2009-02-12 13:36 . 2007-03-23 07:07 1,683,280 --------- c:\windows\system32\dllcache\XpsSvcs.dll 2009-02-12 13:36 . 2007-03-23 07:07 583,504 --------- c:\windows\system32\dllcache\XPSSHHDR.dll 2009-02-12 13:36 . 2007-03-22 21:24 28,160 --------- c:\windows\system32\dllcache\FilterPipelinePrintProc.dll 2009-02-12 13:35 . 2007-03-22 21:25 677,376 --------- c:\windows\system32\dllcache\PrintFilterPipelineSvc.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-30 15:33 --------- d-----w c:\program files\PowerArchiver 2009-02-28 15:09 --------- d-----w c:\program files\totalcmd 2009-02-26 11:15 --------- d-----w c:\program files\The KMPlayer 2009-02-16 15:40 --------- d-----w c:\program files\LClock 2009-02-14 11:41 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-14 09:43 11,973 ----a-w c:\windows\system32\drivers\secdrv.sys 2009-02-12 19:09 --------- d-----w c:\program files\Unlocker 2009-02-12 18:40 --------- d-----w c:\program files\Common Files\Adobe 2009-02-12 18:14 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-12 11:53 --------- d-----w c:\program files\BillP Studios 2009-02-12 11:51 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink 2009-02-12 11:50 --------- d-----w c:\program files\CyberLink 2009-02-12 11:49 --------- d-----w c:\documents and settings\All Users\Application Data\ConeXware 2009-02-12 11:35 --------- d-----w c:\program files\Java 2009-02-12 11:35 --------- d-----w c:\program files\Common Files\Java 2009-02-12 11:20 --------- d-----w c:\program files\Common Files\Cisco Systems 2009-02-12 10:52 --------- d-----w c:\program files\Windows Media Connect 2 2009-02-12 10:51 --------- d-----w c:\program files\Microsoft PowerToys 2009-02-12 10:51 --------- d-----w c:\program files\HashTab Shell Extension . ------- Sigcheck ------- 2007-11-20 01:00 577536 7a540726ca75e1e988d56ab69925ba79 c:\windows\system32\user32.dll 2007-11-20 01:00 775680 8edf4adb83f61a351cbbbd2fd88433ae c:\windows\system32\wininet.dll 2007-11-20 01:00 2223616 95e8b55443bd91dab5632924d2616a1e c:\windows\system32\ntkrnlpa.exe 2007-11-20 01:00 2346752 24fcd8fb0c6bd0e5f3b1203769948336 c:\windows\system32\ntoskrnl.exe 2007-11-20 01:00 1647616 3d8a3ba32663082a2256f0eb986c3025 c:\windows\explorer.exe 2007-11-20 01:00 40448 e00dfa816fa5521eb44c5d63109de2a9 c:\windows\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-11-20 40448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-04-12 230592] "srpskey"="c:\windows\SYSTEM32\SRPSKEY.EXE" [2006-04-24 34304] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-11-20 40448] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-11-20 c:\windows\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] -ra------ 2000-01-01 00:00 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-05-22 14:43 20440616 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "VistaDrive"=c:\windows\VistaDrive\VistaDrive.exe "UnlockerAssistant"=c:\program files\Unlocker\UnlockerAssistant.exe -H "PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"= "d:\\Instalirano\\Blutut\\BlueSoleil.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-19 64160] R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2004-11-02 262144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00 . Contents of the 'Scheduled Tasks' folder 2009-03-27 c:\windows\Tasks\1-Click Maintenance.job - d:\instalirano\Tuneup\SystemOptimizer.exe [2005-09-21 23:35] . - - - - ORPHANS REMOVED - - - - SafeBoot-ati0waxx.sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.rs/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Koki\Application Data\Mozilla\Firefox\Profiles\baq9704u.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: nglayout.initialpaint.delay - 300 FF - user.js: content.switch.threshold - 650000 . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-30 18:29:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc] "ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00" "ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc] "ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc] "ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00" "ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(520) c:\windows\system32\SETUPAPI.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(576) c:\windows\system32\SETUPAPI.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Kerio\Personal Firewall 4\kpf4ss.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe c:\windows\system32\wscntfy.exe c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe . ************************************************************************ . Completion time: 2009-03-30 18:31:48 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-30 16:31:42 Pre-Run: 16.299.012.096 bytes free Post-Run: 16,289,964,032 bytes free 247

Profil

helen1 Poslao: 30 Mar 2009 18:41 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje?

Profil

vujkovicb Poslao: 30 Mar 2009 18:43 Idi na vrh
offline vujkovicb Novi MyCity građanin Pridružio: 14 Mar 2009 Poruke: 19 Gde živiš: Subotica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jos mi otvara search prozor!

Profil

helen1 Poslao: 30 Mar 2009 18:47 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Ne otvara mi particije C,D i flash

Ko je trenutno na forumu

Ukupno su 1101 korisnika na forumu :: 38 registrovanih, 8 sakrivenih i 1055 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, AK - 230, bobomicek, Bobrock1, bokisha253, ccoogg123, Dežurni pod palubom, djboj, draganl, Dzoni90, Excalibur13, Fog of War, Georgius, grenadir, HogarStrashni, kolle.the.kid, Kriglord, krkalon, Krusarac, kubura91, Lucije Kvint, Mad Serb, Metanoja, milenko crazy north, milutin134, miodrag, moldway, RJ, solic, stegonosa, styg, Suva planina, Tandrkalo, VJ, vladulns, voja64, zhuki8, zziko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by