MyCity » Ambulanta -> Arhiva Ambulante » shvost.exe Problem !!

shvost.exe Problem !!

Napisano na dan: 4.3.2009

Strana:
1
2
3
4
5

shvost.exe Problem !!

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4
5

Z.Ziska Poslao: 04 Mar 2009 22:40 Idi na vrh
offline Z.Ziska Građanin Pridružio: 04 Mar 2009 Poruke: 54 Gde živiš: Vojvodina Serbia Selenca	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:24:39, on 04/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\NetSupport\NetSupport Manager\client32.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ClocX\ClocX.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\GIGABYTE\Common\GNConfig.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Gigabyte Wireless Utility.lnk = C:\Program Files\GIGABYTE\Common\GNConfig.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE8778D-1AE7-46C0-98F0-93CB5E6CF7BC}: NameServer = 195.252.122.154 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Client32 - NetSupport Ltd - C:\Program Files\NetSupport\NetSupport Manager\client32.exe O23 - Service: microsoft install le (msile) - Unknown owner - C:\WINDOWS\system\msile.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5315 bytes Izbacuje mi neki shvost win32 problems i posel 2 min ne mogu vise da se konkt na net?

Profil

dr_Bora Poslao: 04 Mar 2009 22:41 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Aktiviraj prikaz skrivenih file-ova: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html Upload-uj file: C:\WINDOWS\system\msile.exe preko ovog linka: http://www.mycity.rs/ambulanta-upload.php ------------------------------------------------------------------------------------- Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana. * Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu. * U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Z.Ziska Poslao: 04 Mar 2009 23:00 Idi na vrh
offline Z.Ziska Građanin Pridružio: 04 Mar 2009 Poruke: 54 Gde živiš: Vojvodina Serbia Selenca	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploduvano ! Dopuna: 04 Mar 2009 23:00 Z.Ziska ::Uploduvano ! Bio sam pogresno upload sad sam nasao sta treba i upludovao sam !

Profil

dr_Bora Poslao: 04 Mar 2009 23:10 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Doista nema potrebe da mi šalješ pp-ove. Piši u temi. O kakvom skeniranju pišeš? Potrebno je da isključiš AVG po datom uputstvu i dvoklikom pokreneš ComboFix. Na kraju postupka treba da iskopiraš log koji dobiješ ovde u temu i sačekaš dalja uputstva.

Profil

Z.Ziska Poslao: 05 Mar 2009 17:03 Idi na vrh
offline Z.Ziska Građanin Pridružio: 04 Mar 2009 Poruke: 54 Gde živiš: Vojvodina Serbia Selenca	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa napisao si to za AVG da sacekam da se ocisti resident shield i meni pise tu neko vreme?Kao da cisti nesto 55min i ide na gore jos vece vreme ! Dopuna: 04 Mar 2009 23:31 ComboFix 09-03-03.01 - Ziska 2009-03-04 23:18:59.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.63 [GMT 1:00] Running from: c:\documents and settings\Ziska\Desktop\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning enabled (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\sysdrv32.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SYSDRV32 -------\Service_sysdrv32 ((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 ))))))))))))))))))))))))))))))) . 2009-03-04 22:11 . 2009-03-04 22:11 41,987 --a------ c:\windows\system32\07.scr 2009-03-04 22:09 . 2009-03-04 22:09 41,987 --a------ c:\windows\system32\38.scr 2009-03-04 21:52 . 2009-03-04 21:52 <DIR> d-------- c:\program files\Trend Micro 2009-03-04 20:58 . 2009-03-04 20:58 41,987 --a------ c:\windows\system32\17.scr 2009-03-04 20:42 . 2009-03-04 20:42 41,987 --a------ c:\windows\system32\80.scr 2009-03-04 20:42 . 2009-03-04 20:44 41,987 --a------ c:\windows\system32\42.scr 2009-03-04 20:41 . 2009-03-04 20:41 41,987 --a------ c:\windows\system32\30.scr 2009-03-04 20:40 . 2009-03-04 20:40 41,987 --a------ c:\windows\system32\76.scr 2009-03-04 20:28 . 2009-03-04 20:28 41,987 --a------ c:\windows\system32\67.scr 2009-03-04 20:19 . 2009-03-04 20:19 41,987 --a------ c:\windows\system32\84.scr 2009-03-04 20:09 . 2009-03-04 20:09 41,987 --a------ c:\windows\system32\24.scr 2009-03-04 20:09 . 2009-03-04 20:09 41,987 --a------ c:\windows\system32\13.scr 2009-03-04 20:05 . 2009-03-04 20:05 41,987 --a------ c:\windows\system32\43.scr 2009-03-04 20:04 . 2009-03-04 20:04 41,987 --a------ c:\windows\system32\72.scr 2009-03-04 19:41 . 2009-03-04 19:41 41,987 --a------ c:\windows\system32\04.scr 2009-03-04 19:34 . 2009-03-04 19:34 <DIR> d-------- c:\program files\Stardock 2009-03-04 19:34 . 2009-03-04 19:34 <DIR> d-------- c:\program files\Common Files\Stardock 2009-03-04 19:30 . 2009-03-04 20:43 41,987 --a------ c:\windows\system32\54.scr 2009-03-04 19:17 . 2009-03-04 19:17 2,560 --a------ c:\windows\_MSRSTRT.EXE 2009-03-04 19:15 . 2009-03-04 19:15 41,987 --a------ c:\windows\system32\74.scr 2009-03-04 19:11 . 2009-03-04 21:31 41,987 --a------ c:\windows\system32\37.scr 2009-03-04 18:42 . 2009-03-04 20:28 41,987 --a------ c:\windows\system32\16.scr 2009-03-04 18:41 . 2009-03-04 18:41 41,987 --a------ c:\windows\system32\83.scr 2009-03-04 18:10 . 2009-03-04 21:19 41,987 --a------ c:\windows\system32\45.scr 2009-03-04 18:05 . 2009-03-04 18:05 41,987 --a------ c:\windows\system32\60.scr 2009-03-04 17:44 . 2009-03-04 17:44 41,987 --a------ c:\windows\system32\18.scr 2009-03-04 17:35 . 2009-03-04 21:30 41,987 --a------ c:\windows\system32\36.scr 2009-03-04 16:36 . 2009-03-04 16:36 41,987 --a------ c:\windows\system32\57.scr 2009-03-04 00:05 . 2009-03-04 00:05 41,987 --a------ c:\windows\system32\48.scr 2009-03-04 00:05 . 2009-03-04 00:05 41,987 --a------ c:\windows\system32\22.scr 2009-03-04 00:02 . 2009-03-04 20:03 41,987 --a------ c:\windows\system32\88.scr 2009-03-03 23:58 . 2009-03-04 19:13 41,987 --a------ c:\windows\system32\71.scr 2009-03-03 23:58 . 2009-03-04 20:43 41,987 --a------ c:\windows\system32\14.scr 2009-03-03 23:50 . 2009-03-04 19:16 41,987 --a------ c:\windows\system32\02.scr 2009-03-03 23:45 . 2009-03-04 18:40 41,987 --a------ c:\windows\system32\55.scr 2009-03-03 23:25 . 2009-03-04 20:26 41,987 --a------ c:\windows\system32\81.scr 2009-03-03 23:25 . 2009-03-03 23:25 41,987 --a------ c:\windows\system32\25.scr 2009-03-03 23:23 . 2009-03-04 20:03 41,987 --a------ c:\windows\system32\64.scr 2009-03-03 23:22 . 2009-03-04 19:28 41,987 --a------ c:\windows\system32\06.scr 2009-03-03 23:21 . 2009-03-04 20:29 41,987 --a------ c:\windows\system32\82.scr 2009-03-03 22:56 . 2009-03-03 22:56 41,987 --a------ c:\windows\system32\73.scr 2009-03-03 22:34 . 2009-03-03 22:34 41,987 --a------ c:\windows\system32\03.scr 2009-03-03 22:32 . 2009-03-04 20:10 41,987 --a------ c:\windows\system32\51.scr 2009-03-03 22:32 . 2009-03-04 20:05 41,987 --a------ c:\windows\system32\34.scr 2009-03-03 21:43 . 2009-03-03 21:43 41,987 --a------ c:\windows\system32\47.scr 2009-03-03 21:32 . 2009-03-03 21:32 41,987 --a------ c:\windows\system32\05.scr 2009-03-03 20:51 . 2009-03-03 20:51 41,987 --a------ c:\windows\system32\56.scr 2009-03-03 20:49 . 2009-03-03 20:49 41,987 --a------ c:\windows\system32\50.scr 2009-03-03 20:47 . 2009-03-04 19:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-03 20:47 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-03 20:47 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-03 19:41 . 2009-03-03 23:25 41,987 --a------ c:\windows\system32\35.scr 2009-03-03 19:39 . 2009-03-04 20:09 41,987 --a------ c:\windows\system32\33.scr 2009-03-03 19:38 . 2009-03-04 19:30 41,987 --a------ c:\windows\system32\21.scr 2009-03-03 19:25 . 2009-03-03 19:25 41,987 --a------ c:\windows\system32\68.scr 2009-03-03 19:23 . 2009-03-03 20:11 41,987 -r-hs---- c:\windows\system\msile.exe 2009-03-02 23:41 . 2009-03-04 20:40 41,987 --a------ c:\windows\system32\87.scr 2009-03-01 14:22 . 2009-03-01 14:22 <DIR> d---s---- c:\documents and settings\Ziska\UserData 2009-03-01 13:23 . 2009-03-04 22:47 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-03-01 12:40 . 2009-03-04 12:09 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-03-01 12:40 . 2009-03-01 14:22 <DIR> d-------- c:\documents and settings\Ziska\Application Data\AVGTOOLBAR 2009-03-01 12:40 . 2009-03-01 12:40 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-01 12:40 . 2009-03-01 12:40 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-01 12:40 . 2009-03-01 12:40 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-01 12:39 . 2009-03-01 12:39 <DIR> d-------- c:\program files\AVG 2009-03-01 12:39 . 2009-03-01 12:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-01 02:24 . 2009-03-01 23:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-27 20:56 . 2009-03-01 01:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware(2) 2009-02-26 22:02 . 2009-02-26 22:02 <DIR> d-------- c:\documents and settings\Ziska\Application Data\Malwarebytes 2009-02-26 22:02 . 2009-02-26 22:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-14 18:46 . 2009-03-03 17:37 238 --a------ c:\windows\mafosav.INI 2009-02-14 15:55 . 2009-02-14 15:55 <DIR> d-------- c:\program files\Google 2009-02-04 18:06 . 2004-07-15 08:14 57,344 --a------ c:\windows\system32\Prop713x.dll 2009-02-04 17:11 . 2009-02-04 17:13 <DIR> d-------- c:\windows\system32\NtmsData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-04 21:14 --------- d-----w c:\program files\FlashGet 2009-02-07 15:22 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-07 12:02 --------- d-----w c:\program files\Messenger Plus! Live 2009-01-25 18:12 --------- d-----w c:\program files\Common Files\Real 2009-01-24 11:34 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-01-23 21:31 --------- d-----w c:\documents and settings\Ziska\Application Data\HLSW 2009-01-16 22:24 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2009-01-16 22:24 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2009-01-16 22:12 --------- d-----w c:\program files\Windows Live 2009-01-12 19:58 --------- d-----w c:\documents and settings\Ziska\Application Data\NetSupport 2009-01-12 19:53 --------- d-----w c:\program files\NetSupport 2009-01-12 19:53 --------- d-----w c:\documents and settings\All Users\Application Data\NetSupport 2009-01-11 21:19 --------- d-----w c:\program files\MessengerDiscovery 2008-12-28 12:05 218,624 ----a-w c:\windows\system32\uxtheme.dll 2008-12-28 12:05 111,110 ----a-w c:\windows\BricoPackUninst.cmd . ------- Sigcheck ------- 2008-04-14 04:42 699904 8a513e79e7980018daedca586b866bc3 c:\windows\system32\wininet.dll 2008-04-14 04:42 699904 8a513e79e7980018daedca586b866bc3 c:\windows\system32\dllcache\wininet.dll 2008-04-14 04:42 975872 561a50497324f378e30f55d09b4e1258 c:\windows\explorer.exe 2008-04-14 04:42 975872 088a0cd3d4cd3b584f3a4150d6cf941e c:\windows\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016] "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088] "ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-01 1601304] "SoundMan"="SOUNDMAN.EXE" [2004-12-01 c:\windows\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Gigabyte Wireless Utility.lnk - c:\program files\GIGABYTE\Common\GNConfig.exe [12/26/2008 10:59:24 AM 753664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-01 12:40 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\NetSupport\\NetSupport Manager\\client32.exe"= "c:\\Program Files\\NetSupport\\NetSupport Manager\\PCICTLUI.EXE"= "c:\\Program Files\\NetSupport\\NetSupport Manager\\pcideply.exe"= "c:\\Program Files\\NetSupport\\NetSupport Manager\\PCISA.EXE"= "c:\\Program Files\\NetSupport\\NetSupport Manager\\pciscrui.exe"= "c:\\Program Files\\NetSupport\\NetSupport Manager\\runscrip.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "139:TCP"= 139:TCP:@xpsp2res.dll,-22004 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/1/2009 12:40:10 PM 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/1/2009 12:40:18 PM 107272] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/1/2009 12:39:44 PM 298264] S2 msile;microsoft install le;c:\windows\system\msile.exe [3/3/2009 7:23:04 PM 41987] S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [12/26/2008 11:23:14 AM 670592] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] --- Other Services/Drivers In Memory --- NewlyCreated - SYSDRV32 . . ------- Supplementary Scan ------- . IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {BCE8778D-1AE7-46C0-98F0-93CB5E6CF7BC} = 195.252.122.154 FF - ProfilePath - c:\documents and settings\Ziska\Application Data\Mozilla\Firefox\Profiles\nhsg24iv.default\ FF - prefs.js: browser.startup.homepage - abakusbp.net . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-04 23:23:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\Nf815c75f] @Denied: (4) (Everyone) @Denied: (4) (Administrators) @Allowed: (A B C D Full GENERIC_EXECUTE GENERIC_WRITE Read 1 2 3 4 5 6) (LocalSystem) "a"="M" "InternetCode"="U52LDJMC37ONPGW35EG4SPJX45LFAJ6ESRKK7IY8" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'csrss.exe'(544) c:\program files\NetSupport\NetSupport Manager\pcihooks.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\NetSupport\NetSupport Manager\client32.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-03-04 23:25:49 - machine was rebooted [Ziska] ComboFix-quarantined-files.txt 2009-03-04 22:25:45 Pre-Run: 5,684,174,848 bytes free Post-Run: 5,675,335,680 bytes free 213 Ewo jel to to? Dopuna: 05 Mar 2009 17:03 Sta sad da radim Dr.Bora?

Profil

dr_Bora Poslao: 05 Mar 2009 17:11 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pisalo je da isključiš AVG Resident Shield. Ovaj put to i uradi (po datom uputstvu). Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\07.scr c:\windows\system32\38.scr c:\windows\system32\17.scr c:\windows\system32\80.scr c:\windows\system32\42.scr c:\windows\system32\30.scr c:\windows\system32\76.scr c:\windows\system32\67.scr c:\windows\system32\84.scr c:\windows\system32\24.scr c:\windows\system32\13.scr c:\windows\system32\43.scr c:\windows\system32\72.scr c:\windows\system32\04.scr c:\windows\system32\54.scr c:\windows\system32\74.scr c:\windows\system32\37.scr c:\windows\system32\16.scr c:\windows\system32\83.scr c:\windows\system32\45.scr c:\windows\system32\60.scr c:\windows\system32\18.scr c:\windows\system32\36.scr c:\windows\system32\57.scr c:\windows\system32\48.scr c:\windows\system32\22.scr c:\windows\system32\88.scr c:\windows\system32\71.scr c:\windows\system32\14.scr c:\windows\system32\02.scr c:\windows\system32\55.scr c:\windows\system32\81.scr c:\windows\system32\25.scr c:\windows\system32\64.scr c:\windows\system32\06.scr c:\windows\system32\82.scr c:\windows\system32\73.scr c:\windows\system32\03.scr c:\windows\system32\51.scr c:\windows\system32\34.scr c:\windows\system32\47.scr c:\windows\system32\05.scr c:\windows\system32\56.scr c:\windows\system32\50.scr c:\windows\system32\35.scr c:\windows\system32\33.scr c:\windows\system32\21.scr c:\windows\system32\68.scr c:\windows\system\msile.exe c:\windows\system32\87.scr Driver:: msile Registry:: [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Z.Ziska Poslao: 05 Mar 2009 17:50 Idi na vrh
offline Z.Ziska Građanin Pridružio: 04 Mar 2009 Poruke: 54 Gde živiš: Vojvodina Serbia Selenca	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Al nzm kak oda iskljucim avg nema toga kako ste na pisali?

Profil

dr_Bora Poslao: 05 Mar 2009 17:54 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Onda isprati ostatak uputstva.

Profil

Z.Ziska Poslao: 05 Mar 2009 18:18 Idi na vrh
offline Z.Ziska Građanin Pridružio: 04 Mar 2009 Poruke: 54 Gde živiš: Vojvodina Serbia Selenca	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-04.01 - Ziska 2009-03-05 18:00:11.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.63 [GMT 1:00] Running from: c:\documents and settings\Ziska\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Ziska\Desktop\CFScript.txt AV: AVG Anti-Virus Free On-access scanning enabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\windows\system\msile.exe c:\windows\system32\02.scr c:\windows\system32\03.scr c:\windows\system32\04.scr c:\windows\system32\05.scr c:\windows\system32\06.scr c:\windows\system32\07.scr c:\windows\system32\13.scr c:\windows\system32\14.scr c:\windows\system32\16.scr c:\windows\system32\17.scr c:\windows\system32\18.scr c:\windows\system32\21.scr c:\windows\system32\22.scr c:\windows\system32\24.scr c:\windows\system32\25.scr c:\windows\system32\30.scr c:\windows\system32\33.scr c:\windows\system32\34.scr c:\windows\system32\35.scr c:\windows\system32\36.scr c:\windows\system32\37.scr c:\windows\system32\38.scr c:\windows\system32\42.scr c:\windows\system32\43.scr c:\windows\system32\45.scr c:\windows\system32\47.scr c:\windows\system32\48.scr c:\windows\system32\50.scr c:\windows\system32\51.scr c:\windows\system32\54.scr c:\windows\system32\55.scr c:\windows\system32\56.scr c:\windows\system32\57.scr c:\windows\system32\60.scr c:\windows\system32\64.scr c:\windows\system32\67.scr c:\windows\system32\68.scr c:\windows\system32\71.scr c:\windows\system32\72.scr c:\windows\system32\73.scr c:\windows\system32\74.scr c:\windows\system32\76.scr c:\windows\system32\80.scr c:\windows\system32\81.scr c:\windows\system32\82.scr c:\windows\system32\83.scr c:\windows\system32\84.scr c:\windows\system32\87.scr c:\windows\system32\88.scr . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system\msile.exe c:\windows\system32\02.scr c:\windows\system32\05.scr c:\windows\system32\06.scr c:\windows\system32\07.scr c:\windows\system32\13.scr c:\windows\system32\14.scr c:\windows\system32\16.scr c:\windows\system32\17.scr c:\windows\system32\24.scr c:\windows\system32\25.scr c:\windows\system32\30.scr c:\windows\system32\33.scr c:\windows\system32\34.scr c:\windows\system32\36.scr c:\windows\system32\37.scr c:\windows\system32\38.scr c:\windows\system32\42.scr c:\windows\system32\43.scr c:\windows\system32\45.scr c:\windows\system32\48.scr c:\windows\system32\50.scr c:\windows\system32\51.scr c:\windows\system32\54.scr c:\windows\system32\64.scr c:\windows\system32\67.scr c:\windows\system32\71.scr c:\windows\system32\72.scr c:\windows\system32\76.scr c:\windows\system32\80.scr c:\windows\system32\81.scr c:\windows\system32\82.scr c:\windows\system32\84.scr c:\windows\system32\87.scr c:\windows\system32\88.scr . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSILE -------\Legacy_SYSDRV32 -------\Service_msile ((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 ))))))))))))))))))))))))))))))) . 2009-03-05 17:48 . 2009-03-05 17:48 41,987 --a------ c:\windows\system32\86.scr 2009-03-05 17:26 . 2009-03-05 17:26 41,987 --a------ c:\windows\system32\26.scr 2009-03-05 16:47 . 2009-03-05 16:47 41,987 --a------ c:\windows\system32\23.scr 2009-03-05 14:53 . 2009-03-05 14:53 41,987 --a------ c:\windows\system32\46.scr 2009-03-05 14:43 . 2009-03-05 14:43 41,987 --a------ c:\windows\system32\75.scr 2009-03-05 14:42 . 2009-03-05 14:42 41,987 --a------ c:\windows\system32\32.scr 2009-03-05 13:50 . 2009-03-05 14:41 41,987 --a------ c:\windows\system32\41.scr 2009-03-05 13:49 . 2009-03-05 13:49 41,987 --a------ c:\windows\system32\40.scr 2009-03-05 13:29 . 2009-03-05 13:29 41,987 --a------ c:\windows\system32\28.scr 2009-03-05 12:51 . 2009-03-05 13:50 41,987 --a------ c:\windows\system32\53.scr 2009-03-05 12:36 . 2009-03-05 12:36 <DIR> d-------- c:\program files\Prevx 2009-03-05 12:36 . 2009-03-05 12:36 22,536 --a------ c:\windows\system32\drivers\pxscan.sys 2009-03-05 12:35 . 2009-03-05 12:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI 2009-03-05 12:35 . 2009-03-05 12:35 63 --a------ c:\windows\wininit.ini 2009-03-04 21:52 . 2009-03-04 21:52 <DIR> d-------- c:\program files\Trend Micro 2009-03-04 19:34 . 2009-03-04 19:34 <DIR> d-------- c:\program files\Stardock 2009-03-04 19:34 . 2009-03-04 19:34 <DIR> d-------- c:\program files\Common Files\Stardock 2009-03-04 19:17 . 2009-03-04 19:17 2,560 --a------ c:\windows\_MSRSTRT.EXE 2009-03-03 20:47 . 2009-03-04 19:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-03 20:47 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-03 20:47 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-01 14:22 . 2009-03-01 14:22 <DIR> d---s---- c:\documents and settings\Ziska\UserData 2009-03-01 13:23 . 2009-03-05 17:46 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-03-01 12:40 . 2009-03-05 12:29 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-03-01 12:40 . 2009-03-01 14:22 <DIR> d-------- c:\documents and settings\Ziska\Application Data\AVGTOOLBAR 2009-03-01 12:40 . 2009-03-01 12:40 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-01 12:40 . 2009-03-01 12:40 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-01 12:40 . 2009-03-01 12:40 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-01 12:39 . 2009-03-01 12:39 <DIR> d-------- c:\program files\AVG 2009-03-01 12:39 . 2009-03-01 12:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-01 02:24 . 2009-03-01 23:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-27 20:56 . 2009-03-01 01:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware(2) 2009-02-26 22:02 . 2009-02-26 22:02 <DIR> d-------- c:\documents and settings\Ziska\Application Data\Malwarebytes 2009-02-26 22:02 . 2009-02-26 22:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-14 18:46 . 2009-03-03 17:37 238 --a------ c:\windows\mafosav.INI 2009-02-14 15:55 . 2009-02-14 15:55 <DIR> d-------- c:\program files\Google . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-05 11:26 --------- d-----w c:\program files\FlashGet 2009-02-07 15:22 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-07 12:02 --------- d-----w c:\program files\Messenger Plus! Live 2009-01-25 18:12 --------- d-----w c:\program files\Common Files\Real 2009-01-24 11:34 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-01-23 21:31 --------- d-----w c:\documents and settings\Ziska\Application Data\HLSW 2009-01-16 22:24 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2009-01-16 22:24 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2009-01-16 22:12 --------- d-----w c:\program files\Windows Live 2009-01-12 19:58 --------- d-----w c:\documents and settings\Ziska\Application Data\NetSupport 2009-01-12 19:53 --------- d-----w c:\program files\NetSupport 2009-01-12 19:53 --------- d-----w c:\documents and settings\All Users\Application Data\NetSupport 2009-01-11 21:19 --------- d-----w c:\program files\MessengerDiscovery 2008-12-28 12:05 218,624 ----a-w c:\windows\system32\uxtheme.dll 2008-12-28 12:05 111,110 ----a-w c:\windows\BricoPackUninst.cmd . ------- Sigcheck ------- 2008-04-14 04:42 699904 8a513e79e7980018daedca586b866bc3 c:\windows\system32\wininet.dll 2008-04-14 04:42 699904 8a513e79e7980018daedca586b866bc3 c:\windows\system32\dllcache\wininet.dll 2008-04-14 04:42 975872 561a50497324f378e30f55d09b4e1258 c:\windows\explorer.exe 2008-04-14 04:42 975872 088a0cd3d4cd3b584f3a4150d6cf941e c:\windows\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016] "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088] "ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-01 1601304] "SoundMan"="SOUNDMAN.EXE" [2004-12-01 c:\windows\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Gigabyte Wireless Utility.lnk - c:\program files\GIGABYTE\Common\GNConfig.exe [12/26/2008 10:59:24 AM 753664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-01 12:40 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\NetSupport\\NetSupport Manager\\client32.exe"= "c:\\Program Files\\NetSupport\\NetSupport Manager\\PCICTLUI.EXE"= "c:\\Program Files\\NetSupport\\NetSupport Manager\\pcideply.exe"= "c:\\Program Files\\NetSupport\\NetSupport Manager\\PCISA.EXE"= "c:\\Program Files\\NetSupport\\NetSupport Manager\\pciscrui.exe"= "c:\\Program Files\\NetSupport\\NetSupport Manager\\runscrip.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "139:TCP"= 139:TCP:@xpsp2res.dll,-22004 R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [3/5/2009 12:36:03 PM 22536] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/1/2009 12:40:10 PM 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/1/2009 12:40:18 PM 107272] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/1/2009 12:39:44 PM 298264] R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [3/5/2009 12:36:02 PM 4150840] S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [12/26/2008 11:23:14 AM 670592] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] . . ------- Supplementary Scan ------- . IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {BCE8778D-1AE7-46C0-98F0-93CB5E6CF7BC} = 195.252.122.154 FF - ProfilePath - c:\documents and settings\Ziska\Application Data\Mozilla\Firefox\Profiles\nhsg24iv.default\ FF - prefs.js: browser.startup.homepage - abakusbp.net . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-05 18:04:35 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\Nf815c75f] @Denied: (4) (Everyone) @Denied: (4) (Administrators) @Allowed: (A B C D Full GENERIC_EXECUTE GENERIC_WRITE Read 1 2 3 4 5 6) (LocalSystem) "a"="M" "InternetCode"="U52LDJMC37ONPGW35EG4SPJX45LFAJ6ESRKK7IY8" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'csrss.exe'(532) c:\program files\NetSupport\NetSupport Manager\pcihooks.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\NetSupport\NetSupport Manager\client32.exe c:\windows\system32\nvsvc32.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-03-05 18:06:45 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-05 17:06:40 ComboFix2.txt 2009-03-04 22:25:51 Pre-Run: 5,607,002,112 bytes free Post-Run: 5,599,375,360 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe 263 Dopuna: 05 Mar 2009 18:18 Ewo !!!!!!!

Profil

dr_Bora Poslao: 05 Mar 2009 18:42 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\86.scr c:\windows\system32\26.scr c:\windows\system32\23.scr c:\windows\system32\46.scr c:\windows\system32\75.scr c:\windows\system32\32.scr c:\windows\system32\41.scr c:\windows\system32\40.scr c:\windows\system32\28.scr c:\windows\system32\53.scr` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » shvost.exe Problem !!

Ko je trenutno na forumu

Ukupno su 1119 korisnika na forumu :: 36 registrovanih, 10 sakrivenih i 1073 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Bojadin Strumski, bokisha253, Bubimir, bufanje, cavatina, comi_pfc, Dr.Strangelove, draganl, DragoslavS, Kubovac, kybonacci, M1los, milan.vukovic, mile23, milenko crazy north, milutin134, moldway, Nemanja.M, nick79, Nikolaa11, Polemarchoi, procesor, raptorsi, RED4G-304, Sirius, SlaKoj, tmanda323, Trpe Grozni, Tvrtko I, virked, W123, Wrangler, YU-UKI, YugoSlav, Žoržo

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by