MyCity » Ambulanta -> Arhiva Ambulante » usporen pc i virusi koji se ne mogu izbrisati

usporen pc i virusi koji se ne mogu izbrisati

Napisano na dan: 1.7.2008

usporen pc i virusi koji se ne mogu izbrisati

Sledeća strana

Pagination

Odgovori

Jasmin_5 Poslao: 01 Jul 2008 22:59 Idi na vrh
offline Jasmin_5 Građanin Pridružio: 13 Maj 2007 Poruke: 163 Gde živiš: Gracanica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! avira mi pronajde dva virusa:system 32/khffcstj.dll i system32/rqRJBQkk.dll i ne moze ni jedan da izbrise,a evo kako mi izgleda logfile od hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 10:54:48 PM, on 7/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe D:\Program files\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Program files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\WLAN\ACU.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\rundll32.exe D:\Program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe C:\Program Files\Codebox\BitMeter\BitMeter2.exe D:\Program files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Program files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE C:\Documents and Settings\Jasmin\Desktop\TSD\TR3.exe..exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {18C6BA00-F4CC-4CEF-84EE-0BF530C0D45C} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll (file missing) O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: (no name) - {71C53EE1-BCD9-46C4-84FA-85933AF96873} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B2BAC412-99EC-471A-BD37-63C2327C97A3} - C:\WINDOWS\system32\ruwfciim.dll (file missing) O2 - BHO: (no name) - {C9F315B0-F86C-40B8-B593-CF21C81EE1C6} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll (file missing) O2 - BHO: (no name) - {CCEA4202-06DC-4552-AA26-CA6D7E36E30F} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll (file missing) O2 - BHO: (no name) - {D6258CA6-2028-4CDD-B496-CACC18721A60} - C:\WINDOWS\system32\rqRJBQkK.dll O2 - BHO: (no name) - {D81C6A1E-82B2-4E92-9CE9-9533155834D8} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll (file missing) O2 - BHO: (no name) - {E9DA74DB-27B6-4A75-8A28-F44524401435} - C:\WINDOWS\system32\khffCsTj.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ACU] "C:\Program Files\WLAN\ACU.exe" -nogui O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [8cf8a9f2] rundll32.exe "C:\WINDOWS\system32\nnhojuvd.dll",b O4 - HKLM\..\Run: [avgnt] "D:\Program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: rqRJBQkK - C:\WINDOWS\SYSTEM32\rqRJBQkK.dll O23 - Service: WLAN Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Profil

dr_Bora Poslao: 01 Jul 2008 23:22 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Jasmin_5 Poslao: 02 Jul 2008 00:14 Idi na vrh
offline Jasmin_5 Građanin Pridružio: 13 Maj 2007 Poruke: 163 Gde živiš: Gracanica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo ga,nisam mogao brze ComboFix 08-06-30.2 - Jasmin 2008-07-01 23:44:40.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.115 [GMT 2:00] Running from: C:\Documents and Settings\Jasmin\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\axffosbu.ini C:\WINDOWS\system32\bqcmsauj.ini C:\WINDOWS\system32\cgnxtcye.ini C:\WINDOWS\system32\cjeqouay.ini C:\WINDOWS\system32\dvujohnn.ini C:\WINDOWS\system32\ejgirgtx.dll C:\WINDOWS\system32\fpxnawaf.ini C:\WINDOWS\system32\hxybckki.ini C:\WINDOWS\system32\jTsCffhk.ini C:\WINDOWS\system32\jTsCffhk.ini2 C:\WINDOWS\system32\khffCsTj.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\msssc.dll C:\WINDOWS\system32\nnhojuvd.dll C:\WINDOWS\system32\pgiqkwcx.ini C:\WINDOWS\system32\rqRJBQkK.dll C:\WINDOWS\system32\rvkxeakl.ini C:\WINDOWS\system32\skykqgjk.ini . ((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))) . 2008-07-01 14:36 . 2008-07-01 14:36 <DIR> d-------- C:\Program Files\OGPlanet 2008-07-01 13:28 . 2008-07-01 13:28 <DIR> d-------- C:\Program Files\Games-Masters.com 2008-06-29 01:13 . 2008-06-29 01:13 <DIR> d-------- C:\Documents and Settings\Jasmin\Logs 2008-06-29 01:05 . 2008-06-29 01:05 <DIR> d-------- C:\Logs 2008-06-26 16:42 . 2008-06-26 16:42 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-06-25 17:19 . 2008-06-25 17:19 4,096 --a------ C:\WINDOWS\d3dx.dat 2008-06-25 17:18 . 2008-06-25 17:18 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-06-25 16:35 . 2008-06-25 16:35 <DIR> d-------- C:\Program Files\DAEMON Tools 2008-06-25 16:35 . 2008-06-25 16:35 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2008-06-25 16:31 . 2008-06-25 16:31 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-06-25 16:31 . 2008-06-25 16:31 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6397.sys 2008-06-23 23:57 . 2008-06-25 15:45 <DIR> d-------- C:\Program Files\BearShare Applications 2008-06-23 23:57 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx 2008-06-20 23:56 . 2008-06-20 23:56 <DIR> d-------- C:\Documents and Settings\Jasmin\Application Data\atitray 2008-06-20 16:49 . 2008-06-20 16:49 <DIR> d-------- C:\ATI 2008-06-20 16:47 . 2008-06-20 16:47 <DIR> d-------- C:\Program Files\Ray Adams 2008-06-20 10:57 . 2008-06-20 10:57 761 --a------ C:\WINDOWS\system32\tutgfppp.dll 2008-06-20 00:17 . 2008-06-20 00:17 376 --a------ C:\WINDOWS\ODBC.INI 2008-06-20 00:09 . 2008-06-20 00:09 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-06-20 00:07 . 2008-06-20 00:10 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-06-20 00:06 . 2008-06-20 00:06 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-06-19 16:56 . 2008-06-19 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-06-19 13:42 . 2008-06-19 13:42 900 --a------ C:\WINDOWS\system32\ixhfrpcc.dll 2008-06-19 01:14 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-06-18 15:23 . 2008-06-20 11:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-06-18 14:47 . 2008-06-30 22:30 <DIR> d-------- C:\Documents and Settings\Jasmin\amsn 2008-06-18 14:45 . 2008-06-18 14:46 <DIR> d-------- C:\Program Files\aMSN 2008-06-18 14:39 . 2008-06-18 14:39 <DIR> d-------- C:\Documents and Settings\Jasmin\Application Data\GRETECH 2008-06-18 14:35 . 2008-06-18 14:35 900 --a------ C:\WINDOWS\system32\oqgnfykb.dll 2008-06-18 14:32 . 2008-06-18 14:32 761 --a------ C:\WINDOWS\system32\epgjsdbe.dll 2008-06-18 08:28 . 2008-06-22 00:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-18 04:10 . 2008-06-17 19:36 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-06-18 04:05 . 2008-07-02 00:00 7,991,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-18 04:05 . 2008-07-02 00:00 95,696 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-18 04:02 . 2008-06-18 04:02 <DIR> d-------- C:\Program Files\ZoneAlarmSB 2008-06-18 04:02 . 2008-07-01 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-18 04:00 . 2008-06-18 04:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-06-18 03:59 . 2008-07-01 23:41 <DIR> d-------- C:\WINDOWS\Internet Logs 2008-06-18 03:59 . 2008-06-18 03:59 <DIR> d-------- C:\Program Files\Zone Labs 2008-06-18 03:58 . 2008-06-18 03:58 <DIR> d-------- C:\Program Files\WLAN 2008-06-18 03:57 . 2008-06-18 03:57 <DIR> d-------- C:\temp 2008-06-18 03:29 . 2008-06-18 03:29 <DIR> d-------- C:\DAIBLO 2008-06-18 03:28 . 2007-12-23 15:34 39 --a------ C:\realmlist.wtf 2008-06-18 03:16 . 2008-06-18 03:16 <DIR> d-------- C:\Program Files\Intel 2008-06-18 03:16 . 2002-10-15 09:00 101,431 --a------ C:\WINDOWS\system32\drivers\IdeChnDr.sys 2008-06-18 03:16 . 2002-10-15 09:00 44,875 --a------ C:\WINDOWS\system32\IPrtCnst.dll 2008-06-18 03:16 . 2002-10-15 09:00 13,891 --a------ C:\WINDOWS\system32\drivers\IdeBusDr.sys 2008-06-18 03:14 . 2004-08-04 08:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2008-06-18 03:13 . 2008-06-18 03:13 <DIR> d-------- C:\WINDOWS\VirtualEar 2008-06-18 03:13 . 2008-06-18 03:13 <DIR> d-------- C:\Program Files\Analog Devices 2008-06-18 03:12 . 2000-03-29 08:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2008-06-18 03:12 . 2008-06-18 03:12 2,961 --a------ C:\WINDOWS\Ascd_tmp.ini 2008-06-18 03:10 . 2005-02-22 21:05 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe 2008-06-18 03:10 . 2005-02-23 05:46 299,008 --a------ C:\WINDOWS\system32\atiiiexx.dll 2008-06-18 03:09 . 2008-06-17 22:09 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-06-18 03:09 . 2008-06-18 03:57 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-06-18 03:09 . 2008-06-18 03:11 <DIR> d-------- C:\Program Files\ATI Technologies 2008-06-18 03:07 . 2003-01-29 09:29 8,703 -r------- C:\WINDOWS\system32\drivers\EIO.sys 2008-06-18 03:05 . 2008-07-01 18:26 <DIR> d-------- C:\Documents and Settings\Jasmin 2008-06-18 03:01 . 2008-06-18 03:01 <DIR> d---s---- C:\WINDOWS\system32\Microsoft 2008-06-18 03:01 . 2008-06-18 03:01 <DIR> d--hs---- C:\Documents and Settings\NetworkService 2008-06-18 03:01 . 2008-07-01 22:21 <DIR> d--hs---- C:\Documents and Settings\LocalService 2008-06-18 01:31 . 2008-06-19 18:50 <DIR> d-------- C:\Program Files\Uniblue 2008-06-18 01:31 . 2008-06-19 18:50 <DIR> d-------- C:\Documents and Settings\Jasmin\Application Data\Uniblue 2008-06-18 00:53 . 2008-06-18 00:54 164 --a------ C:\install.dat 2008-06-17 23:24 . 2008-06-17 23:25 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-06-17 17:56 . 2008-06-17 17:57 <DIR> d-------- C:\Program Files\Messenger Plus! Live 2008-06-17 17:52 . 2008-06-17 17:52 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2008-06-17 17:28 . 2008-06-17 17:28 <DIR> d-------- C:\Program Files\Comodo 2008-06-17 17:28 . 2008-06-17 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2008-06-17 17:28 . 2008-06-17 17:28 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2008-06-17 17:28 . 2008-06-17 17:28 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-06-17 17:28 . 2008-06-17 17:28 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL 2008-06-17 17:28 . 2008-06-17 17:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-06-17 17:28 . 2008-06-17 17:28 216,576 --a------ C:\WINDOWS\system32\monln.dll 2008-06-17 17:24 . 2008-06-17 17:24 <DIR> d-------- C:\Program Files\Codebox 2008-06-17 17:16 . 2008-06-17 17:47 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-06-17 17:16 . 2005-02-25 05:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-06-17 17:12 . 2008-06-17 17:12 <DIR> d-------- C:\Program Files\GRETECH . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-01 16:23 2,638,848 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-06-23 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-06-18 01:58 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-06-18 00:57 --------- d-----w C:\Program Files\microsoft frontpage 2008-06-17 17:36 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-17 17:36 --------- d-----w C:\Program Files\Windows Live 2008-06-17 17:33 --------- d-----w C:\Program Files\TuneUp Utilities 2006 2008-06-17 17:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-17 17:32 --------- d-----w C:\Documents and Settings\Jasmin\Application Data\TuneUp Software 2008-06-17 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-06-17 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-05-19 13:33 4,445,184 ----a-w C:\WINDOWS\system32\msi.dll 2008-05-19 13:33 332,800 ----a-w C:\WINDOWS\system32\msihnd.dll 2008-05-19 13:33 18,944 ----a-w C:\WINDOWS\system32\msisip.dll 2008-05-19 08:57 95,744 ----a-w C:\WINDOWS\system32\msiexec.exe 2008-04-17 08:43 2,560 ----a-w C:\WINDOWS\system32\msimsg.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}] 2008-04-17 09:44 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 20:34 5724184] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 12:22 1923352] "Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 09:50 9442584] "AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2006-12-06 15:00 516608] "Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 09:50 1424648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 21:05 339968] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 17:57 143360] "ACU"="C:\Program Files\WLAN\ACU.exe" [2006-01-06 01:47 303104] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 08:11 919016] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920] "avgnt"="D:\Program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bitmeter2.lnk - C:\Program Files\Codebox\BitMeter\BitMeter2.exe [2006-02-11 17:35:08 1359872] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2006-11-30 10:05] R3 AR5523;WLAN USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-06 01:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e57bb4e5-3c8f-11dd-a300-806d6172696f}] \Shell\AutoRun\command - E:\Bin\asusqfe.exe . Contents of the 'Scheduled Tasks' folder "2008-06-27 15:15:56 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe "2008-06-29 16:50:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2008-06-19 16:50:48 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2008-06-29 16:37:04 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2008-06-21 22:31:16 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . - - - - ORPHANS REMOVED - - - - BHO-{18C6BA00-F4CC-4CEF-84EE-0BF530C0D45C} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll BHO-{71C53EE1-BCD9-46C4-84FA-85933AF96873} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll BHO-{B2BAC412-99EC-471A-BD37-63C2327C97A3} - C:\WINDOWS\system32\ruwfciim.dll BHO-{C9F315B0-F86C-40B8-B593-CF21C81EE1C6} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll BHO-{CCEA4202-06DC-4552-AA26-CA6D7E36E30F} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll BHO-{D81C6A1E-82B2-4E92-9CE9-9533155834D8} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll HKLM-Run-8cf8a9f2 - C:\WINDOWS\system32\nnhojuvd.dll ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-07-02 00:01:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\acs.exe D:\Program files\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Program files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\SoftwareDistribution\Download\07fc28da31fb67510471389f08fbbe93\update\update.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************ . Completion time: 2008-07-02 0:07:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-01 22:07:39 Pre-Run: 23,207,968,768 bytes free Post-Run: 23,095,652,352 bytes free 225 --- E O F --- 2008-06-17 15:16:07

Profil

dr_Bora Poslao: 02 Jul 2008 17:58 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\tutgfppp.dll C:\WINDOWS\system32\ixhfrpcc.dll C:\WINDOWS\system32\oqgnfykb.dll C:\WINDOWS\system32\epgjsdbe.dll` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Jasmin_5 Poslao: 02 Jul 2008 18:59 Idi na vrh
offline Jasmin_5 Građanin Pridružio: 13 Maj 2007 Poruke: 163 Gde živiš: Gracanica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo ga : ComboFix 08-06-30.2 - Jasmin 2008-07-02 18:51:58.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.173 [GMT 2:00] Running from: C:\Documents and Settings\Jasmin\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Jasmin\Desktop\CFScript.txt

Profil

dr_Bora Poslao: 02 Jul 2008 20:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile nije kompletan. Priloži ga uz poruku korišćenjem opcije Prikači fajl.

Profil

Jasmin_5 Poslao: 02 Jul 2008 21:11 Idi na vrh
offline Jasmin_5 Građanin Pridružio: 13 Maj 2007 Poruke: 163 Gde živiš: Gracanica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: koliko sam ja shvatio,ovo si trazio [Link mogu videti samo ulogovani korisnici]

Profil

dr_Bora Poslao: 02 Jul 2008 21:32 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

Jasmin_5 Poslao: 02 Jul 2008 22:17 Idi na vrh
offline Jasmin_5 Građanin Pridružio: 13 Maj 2007 Poruke: 163 Gde živiš: Gracanica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uradio sam,hvala ti puno

Profil

MyCity » Ambulanta -> Arhiva Ambulante » usporen pc i virusi koji se ne mogu izbrisati

Ko je trenutno na forumu

Ukupno su 912 korisnika na forumu :: 56 registrovanih, 6 sakrivenih i 850 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: babaroga, Boris BM, brause, coaaco, darkangel, Dežurni_Automatičar, divison, Djota1, dzoni19, gasha, goflja76, goran.vvv, goxin, GrobarPovratak, jackreacher011011, Jakonjveliki, jalos, janezek67, Kaplar2, KimiMR, kovinacc, Kubovac, ljubisha76 2, Magistar78, markoni.slo, metallac777, mile33, Mirage 2000N, MiroslavD, niksa517, Nobunaga, ozzy, pceklic, perkanidja1, Petarvu, pipanova, Qvazimodo, royst33, sistem22, stegonosa, suton, Teodor60, Tibor, Toper, Tvrtko I, vathra, Velizar Laro, vladas87, Vlado82, volimpivuvolimrakiju, x011, XBMC, yrraf, zbazin, ZetaMan, 787

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by