Možda tražite i:
Šta je Malwarebytes Anti-Malware

MyCity » Ambulanta -> Arhiva Ambulante » Novi malware ili sta je vec . Hitna pomoc

Novi malware ili sta je vec . Hitna pomoc

Napisano na dan: 25.12.2009

Novi malware ili sta je vec . Hitna pomoc

Sledeća strana

Pagination

Odgovori

djordjesl Poslao: 25 Dec 2009 01:48 Idi na vrh
offline djordjesl Građanin Pridružio: 27 Apr 2009 Poruke: 30	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dalke upalio sam racunar posle surforvanja , jedno 20min je proslo odjednom iskoci neki internet security 10 i pocne neko skeniranje ja se zacudih otkud mi to na kompu on za 20s preskenira komp i nadje kao 40 infekcija , vidim sumnjivo mi . lepo upalim combofix , on preskenira i obrise ovo internet security , samo sam skenirao on je sam obrisao , evo loga pa ako moze hitna pomoc u jednom trenutku pre paljenja combo fix na ekranu se pojavila slika kao your computer is infected preko pozadine evo loga molim hitnu i strucnu pomoc , unapred zahvalan Djordje ComboFix 09-12-24.02 - Djordje 25.12.2009 1:27.7.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2559.2068 [GMT 1:00] Running from: c:\documents and settings\Djordje\Desktop\ComboFix.exe AV: ESET Smart Security 3.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall enabled {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Djordje\Application Data\avdrn.dat c:\documents and settings\Djordje\Start Menu\Internet Security 2010.lnk c:\documents and settings\Djordje\Start Menu\Programs\Startup\siszyd32.exe c:\program files\InternetSecurity2010 c:\program files\InternetSecurity2010\IS2010.exe c:\windows\system32\11478.exe c:\windows\system32\15724.exe c:\windows\system32\18150.exe c:\windows\system32\18467.exe c:\windows\system32\19169.exe c:\windows\system32\26500.exe c:\windows\system32\26962.exe c:\windows\system32\29358.exe c:\windows\system32\41.exe c:\windows\system32\6334.exe c:\windows\system32\critical_warning.html c:\windows\system32\winhelper86.dll c:\windows\system32\winlogon86.exe c:\windows\system32\winupdate86.exe . ((((((((((((((((((((((((( Files Created from 2009-11-25 to 2009-12-25 ))))))))))))))))))))))))))))))) . 2009-12-24 18:05 . 2009-12-25 00:36 714752 ----a-w- c:\windows\system32\drivers\moglzw.sys 2009-12-24 18:04 . 2009-12-24 18:04 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat 2009-12-24 15:37 . 2009-12-24 15:37 -------- d-----w- c:\program files\FileZilla FTP Client 2009-12-22 12:19 . 2009-12-23 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-22 12:19 . 2009-12-22 12:21 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-19 19:02 . 2009-12-19 19:04 -------- d-----w- c:\program files\Travian Assistant 2009-12-09 19:46 . 2009-12-09 19:47 -------- d-----w- c:\documents and settings\Djordje\Local Settings\Application Data\Deployment 2009-12-08 19:37 . 2009-12-08 19:37 -------- d-----w- c:\program files\Common Files\Skype 2009-12-08 19:37 . 2009-12-08 19:38 -------- d-----r- c:\program files\Skype 2009-12-06 12:40 . 2009-12-21 19:54 -------- d-----w- c:\program files\TMbot . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-25 00:36 . 2008-06-09 16:54 -------- d-----w- c:\documents and settings\Djordje\Application Data\Hamachi 2009-12-24 23:48 . 2009-12-24 23:48 16 ----a-w- c:\documents and settings\Djordje\Application Data\fvgqad.dat 2009-12-24 18:10 . 2008-09-08 15:21 -------- d-----w- c:\documents and settings\Djordje\Application Data\Skype 2009-12-24 18:04 . 2009-12-24 18:04 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat 2009-12-24 16:53 . 2008-09-08 15:23 -------- d-----w- c:\documents and settings\Djordje\Application Data\skypePM 2009-12-24 16:00 . 2009-11-12 22:44 -------- d-----w- c:\documents and settings\Djordje\Application Data\FileZilla 2009-12-21 20:34 . 2008-03-10 08:38 -------- d-----w- c:\documents and settings\Djordje\Application Data\LimeWire 2009-12-21 20:28 . 2008-03-24 20:53 -------- d-----w- c:\documents and settings\Djordje\Application Data\uTorrent 2009-12-20 11:53 . 2009-04-20 17:20 -------- d-----w- c:\documents and settings\Djordje\Application Data\HLSW 2009-12-17 21:06 . 2008-02-22 21:53 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-14 19:48 . 2009-04-11 19:18 3140 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-12-14 19:48 . 2009-04-11 19:18 3140 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-12-08 19:37 . 2008-09-08 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-11-30 23:36 . 2008-02-24 17:31 -------- d-----w- c:\program files\SpeedFan 2009-11-20 00:10 . 2008-10-07 19:49 -------- d-----w- c:\program files\The Logo Creator v5 2009-11-19 10:48 . 2009-11-26 23:40 872960 ----a-w- c:\documents and settings\Djordje\Application Data\Mozilla\Firefox\Profiles\nlcfbnsc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-11-19 10:48 . 2009-11-26 23:40 43008 ----a-w- c:\documents and settings\Djordje\Application Data\Mozilla\Firefox\Profiles\nlcfbnsc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-11-19 10:48 . 2009-11-26 23:40 340480 ----a-w- c:\documents and settings\Djordje\Application Data\Mozilla\Firefox\Profiles\nlcfbnsc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-11-19 10:48 . 2009-11-26 23:40 346624 ----a-w- c:\documents and settings\Djordje\Application Data\Mozilla\Firefox\Profiles\nlcfbnsc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-11-16 11:37 . 2008-05-14 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2003-11-03 15:07 . 2004-04-23 15:06 499712 ----a-w- c:\program files\msvcp71.dll 2003-11-03 15:07 . 2004-04-23 15:06 348160 ----a-w- c:\program files\msvcr71.dll 2003-05-30 07:22 . 2003-09-08 07:09 344064 ----a-r- c:\program files\msvcr70.dll 2002-01-05 01:40 . 2003-09-08 07:09 487424 ----a-w- c:\program files\msvcp70.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VoipStunt"="c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe" [2007-12-13 8824112] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-06-20 2887680] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-02 258048] "snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840] "RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-06-20 90112] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376] c:\documents and settings\Djordje\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-9-5 625952] OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-09-20 14:35 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-03 23:56 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 22:47 31016 ----a-w- d:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2006-04-13 09:09 49152 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-09-20 08:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-12-05 00:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-12-05 00:41 81920 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-12-05 00:41 1626112 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] 2006-02-13 16:33 214648 ----a-w- c:\program files\Octoshape Streaming Services\Djordje\OctoshapeClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] 2006-03-21 11:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2005-12-07 20:57 30208 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-05-18 06:27 16207872 ------r- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2003-09-29 22:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20] 2006-05-18 01:15 208896 ----a-r- c:\windows\system32\sw20.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24] 2006-05-17 02:37 69632 ----a-r- c:\windows\system32\sw24.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Octoshape Streaming Services\\Djordje\\OctoshapeClient.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Opera\\Opera.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"= "c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre1.6.0_02\\bin\\java.exe"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Valve\\hlds.exe"= "c:\\Program Files\\Visicom Media\\AceFTP 3\\aceftp3.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\Java\\jre1.6.0_02\\launch4j-tmp\\JDownloader.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Valve\\hltv.exe"= "c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"= "c:\\Program Files\\HLSW\\hlsw.exe"= "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\TravianManager1.9.5\\TM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [26.2.2008 20:36 5248] R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744] R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 7:21 468224] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16.9.2009 9:41 54752] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088] S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 21:48 704864] S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [16.2.2009 20:44 30336] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248] S3 rockusb;Driver for rockusb Device;c:\windows\system32\drivers\rockusb.sys [24.6.2008 14:19 73984] S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?] S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [26.2.2008 20:36 160640] --- Other Services/Drivers In Memory --- Deregistered - moglzw . ------- Supplementary Scan ------- . uStart Page = hxxp://home.sweetim.com mStart Page = hxxp://home.sweetim.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Djordje\Application Data\Mozilla\Firefox\Profiles\nlcfbnsc.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query= FF - prefs.js: browser.search.selectedEngine - Winamp Search FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query= FF - component: c:\documents and settings\Djordje\Application Data\Mozilla\Firefox\Profiles\nlcfbnsc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\documents and settings\Djordje\Application Data\Mozilla\plugins\npoctoshape.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Octoshape Streaming Services\Djordje\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . - - - - ORPHANS REMOVED - - - - HKCU-Run-Internet Security 2010 - c:\program files\InternetSecurity2010\IS2010.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-12-25 01:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\moglzw] . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-682003330-1078081533-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:ae,38,4a,66,b0,30,dd,87,0f,2f,7a,3a,66,d1,17,bc,51,13,d0,52,24,a2,9e, 68,2f,dd,b8,0f,1c,66,df,f1,5c,14,2f,ed,e5,4e,5f,77,42,fa,4f,45,b3,6a,41,5b,\ "??"=hex:3d,f5,f8,5b,1f,7e,0c,51,e3,7c,75,2b,5b,45,c4,83 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2292) c:\windows\System32\shdoclc.dll c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\Microsoft ActiveSync\Wcescomm.exe c:\progra~1\MICROS~4\rapimgr.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\NOTEPAD.EXE . ************************************************************************* . Completion time: 2009-12-25 01:42:44 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-25 00:42 ComboFix2.txt 2009-12-22 17:32 Pre-Run: 2.300.887.040 bytes free Post-Run: 2.516.930.560 bytes free - - End Of File - - 8E310E5AFFFBD186FA547DA1A9B5D8EA

Profil

helen1 Poslao: 25 Dec 2009 08:31 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kad se pre zarazi? Ko ti je rekao da odmah das CF? Koristis Travian Bot, cccc Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\drivers\moglzw.sys c:\windows\system32\fjhdyfhsn.bat c:\documents and settings\Djordje\Application Data\fvgqad.dat c:\documents and settings\NetworkService\Application Data\fvgqad.dat Registry:: [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\moglzw]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

djordjesl Poslao: 25 Dec 2009 09:26 Idi na vrh
offline djordjesl Građanin Pridružio: 27 Apr 2009 Poruke: 30	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ma tog traviana igra brat ne mogu da sednem na komp od njega samo bulje u onaj krs . Evo loga i zahvaljujem n pomoci , sta dalje da radim ? ComboFix 09-12-24.02 - Djordje 25.12.2009 9:09.8.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2559.2081 [GMT 1:00] Running from: c:\documents and settings\Djordje\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Djordje\Desktop\CFScript.txt AV: ESET Smart Security 3.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall enabled {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FILE :: "c:\documents and settings\Djordje\Application Data\fvgqad.dat" "c:\documents and settings\NetworkService\Application Data\fvgqad.dat" "c:\windows\system32\drivers\moglzw.sys" "c:\windows\system32\fjhdyfhsn.bat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Djordje\Application Data\fvgqad.dat c:\documents and settings\NetworkService\Application Data\fvgqad.dat c:\windows\system32\drivers\moglzw.sys c:\windows\system32\fjhdyfhsn.bat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_moglzw -------\Service_moglzw ((((((((((((((((((((((((( Files Created from 2009-11-25 to 2009-12-25 ))))))))))))))))))))))))))))))) . 2009-12-24 15:37 . 2009-12-24 15:37 -------- d-----w- c:\program files\FileZilla FTP Client 2009-12-22 12:19 . 2009-12-23 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-22 12:19 . 2009-12-22 12:21 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-19 19:02 . 2009-12-19 19:04 -------- d-----w- c:\program files\Travian Assistant 2009-12-09 19:46 . 2009-12-09 19:47 -------- d-----w- c:\documents and settings\Djordje\Local Settings\Application Data\Deployment 2009-12-08 19:37 . 2009-12-08 19:37 -------- d-----w- c:\program files\Common Files\Skype 2009-12-08 19:37 . 2009-12-08 19:38 -------- d-----r- c:\program files\Skype 2009-12-06 12:40 . 2009-12-21 19:54 -------- d-----w- c:\program files\TMbot 2009-11-26 23:40 . 2009-11-19 10:48 43008 ----a-w- c:\documents and settings\Djordje\Application Data\Mozilla\Firefox\Profiles\nlcfbnsc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-11-26 23:40 . 2009-11-19 10:48 340480 ----a-w- c:\documents and settings\Djordje\Application Data\Mozilla\Firefox\Profiles\nlcfbnsc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-11-26 23:40 . 2009-11-19 10:48 872960 ----a-w- c:\documents and settings\Djordje\Application Data\Mozilla\Firefox\Profiles\nlcfbnsc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-11-26 23:40 . 2009-11-19 10:48 346624 ----a-w- c:\documents and settings\Djordje\Application Data\Mozilla\Firefox\Profiles\nlcfbnsc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-25 08:18 . 2008-06-09 16:54 -------- d-----w- c:\documents and settings\Djordje\Application Data\Hamachi 2009-12-24 18:10 . 2008-09-08 15:21 -------- d-----w- c:\documents and settings\Djordje\Application Data\Skype 2009-12-24 16:53 . 2008-09-08 15:23 -------- d-----w- c:\documents and settings\Djordje\Application Data\skypePM 2009-12-24 16:00 . 2009-11-12 22:44 -------- d-----w- c:\documents and settings\Djordje\Application Data\FileZilla 2009-12-21 20:34 . 2008-03-10 08:38 -------- d-----w- c:\documents and settings\Djordje\Application Data\LimeWire 2009-12-21 20:28 . 2008-03-24 20:53 -------- d-----w- c:\documents and settings\Djordje\Application Data\uTorrent 2009-12-20 11:53 . 2009-04-20 17:20 -------- d-----w- c:\documents and settings\Djordje\Application Data\HLSW 2009-12-17 21:06 . 2008-02-22 21:53 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-14 19:48 . 2009-04-11 19:18 3140 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-12-14 19:48 . 2009-04-11 19:18 3140 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-12-08 19:37 . 2008-09-08 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-11-30 23:36 . 2008-02-24 17:31 -------- d-----w- c:\program files\SpeedFan 2009-11-20 00:10 . 2008-10-07 19:49 -------- d-----w- c:\program files\The Logo Creator v5 2009-11-16 11:37 . 2008-05-14 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2003-11-03 15:07 . 2004-04-23 15:06 499712 ----a-w- c:\program files\msvcp71.dll 2003-11-03 15:07 . 2004-04-23 15:06 348160 ----a-w- c:\program files\msvcr71.dll 2003-05-30 07:22 . 2003-09-08 07:09 344064 ----a-r- c:\program files\msvcr70.dll 2002-01-05 01:40 . 2003-09-08 07:09 487424 ----a-w- c:\program files\msvcp70.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VoipStunt"="c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe" [2007-12-13 8824112] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-06-20 2887680] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-02 258048] "snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840] "RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-06-20 90112] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376] c:\documents and settings\Djordje\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-9-5 625952] OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-09-20 14:35 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-03 23:56 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 22:47 31016 ----a-w- d:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2006-04-13 09:09 49152 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-09-20 08:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-12-05 00:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-12-05 00:41 81920 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-12-05 00:41 1626112 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] 2006-02-13 16:33 214648 ----a-w- c:\program files\Octoshape Streaming Services\Djordje\OctoshapeClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] 2006-03-21 11:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2005-12-07 20:57 30208 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-05-18 06:27 16207872 ------r- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2003-09-29 22:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20] 2006-05-18 01:15 208896 ----a-r- c:\windows\system32\sw20.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24] 2006-05-17 02:37 69632 ----a-r- c:\windows\system32\sw24.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Octoshape Streaming Services\\Djordje\\OctoshapeClient.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Opera\\Opera.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"= "c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre1.6.0_02\\bin\\java.exe"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Valve\\hlds.exe"= "c:\\Program Files\\Visicom Media\\AceFTP 3\\aceftp3.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\Java\\jre1.6.0_02\\launch4j-tmp\\JDownloader.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Valve\\hltv.exe"= "c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"= "c:\\Program Files\\HLSW\\hlsw.exe"= "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\TravianManager1.9.5\\TM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [26.2.2008 20:36 5248] R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744] R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 7:21 468224] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16.9.2009 9:41 54752] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088] S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 21:48 704864] S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [16.2.2009 20:44 30336] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248] S3 rockusb;Driver for rockusb Device;c:\windows\system32\drivers\rockusb.sys [24.6.2008 14:19 73984] S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?] S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [26.2.2008 20:36 160640] . ------- Supplementary Scan ------- . uStart Page = hxxp://home.sweetim.com mStart Page = hxxp://home.sweetim.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Djordje\Application Data\Mozilla\Firefox\Profiles\nlcfbnsc.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query= FF - prefs.js: browser.search.selectedEngine - Winamp Search FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query= FF - component: c:\documents and settings\Djordje\Application Data\Mozilla\Firefox\Profiles\nlcfbnsc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\documents and settings\Djordje\Application Data\Mozilla\plugins\npoctoshape.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Octoshape Streaming Services\Djordje\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************ scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s scanning hidden files ... scan completed successfully hidden files: ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-682003330-1078081533-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:ae,38,4a,66,b0,30,dd,87,0f,2f,7a,3a,66,d1,17,bc,51,13,d0,52,24,a2,9e, 68,2f,dd,b8,0f,1c,66,df,f1,5c,14,2f,ed,e5,4e,5f,77,42,fa,4f,45,b3,6a,41,5b,\ "??"=hex:3d,f5,f8,5b,1f,7e,0c,51,e3,7c,75,2b,5b,45,c4,83 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2476) c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\windows\system32\Msi.dll c:\windows\System32\shdoclc.dll c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll c:\program files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wdfmgr.exe c:\program files\Microsoft ActiveSync\Wcescomm.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac c:\progra~1\MICROS~4\rapimgr.exe c:\windows\system32\wscntfy.exe . ************************************************************************* . Completion time: 2009-12-25 09:22:49 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-25 08:22 ComboFix2.txt 2009-12-25 00:42 ComboFix3.txt 2009-12-22 17:32 Pre-Run: 2.525.949.952 bytes free Post-Run: 2.421.571.584 bytes free - - End Of File - - E234EAC858ED6282557605BBEE19AB37

Profil

helen1 Poslao: 25 Dec 2009 09:29 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jel ima problema?

Profil

djordjesl Poslao: 25 Dec 2009 15:59 Idi na vrh
offline djordjesl Građanin Pridružio: 27 Apr 2009 Poruke: 30	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! NEsto ne primecujem da ih ima Sta dalje da radim

Profil

helen1 Poslao: 25 Dec 2009 16:15 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Novi malware ili sta je vec . Hitna pomoc

Ko je trenutno na forumu

Ukupno su 942 korisnika na forumu :: 27 registrovanih, 3 sakrivenih i 912 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., babaroga, Ben Roj, Brana01, ccoogg123, cuculo, Dorcolac, dule10savic, HogarStrashni, kolle.the.kid, mikrimaus, milos97, mkukoleca, mnn2, novator, Penzula, Povratak1912, Prašinar, royst33, S-lash, Sančo, Sir Budimir, sombrero, Srki94, Vajat, 1107

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by