Zarazen sajt i racunar


Zarazen sajt i racunar

  • Pridružio: 07 Jun 2008
  • Poruke: 46

Računar ne reaguje i neće da se restartuje iako sam čekao desetak minuta. Da li treba biti strpljiv ili je nešto drugo u pitanju?

  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Nakon dvoklika na file se pojavilo obaveštenje? I ti si kliknuo OK?

Postoji li ovaj file na disku: C:\mark1.123

  • Pridružio: 07 Jun 2008
  • Poruke: 46

Da, kliknuo sam OK ali se ništa nije desilo. Na disku ne postoji C:\mark1.123

Izvinjavam se zbog kašnjenja ali imam i blagih problema oko internet konekcije. Samo napominjem da ne ispadnem neozbiljan.

  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Hajde da ponovim pitanje: imaš li Windows 7 instalacioni DVD?

Da pojasnim: problem koji si opisao oko sajta nema veze sa malware-om na tvom kompjuteru.

No, sudeći po logovima, moguće je da tu postoji malware (ali, kao što rekoh, to nema veze sa sajtom).

Uradi i sledeće: otvori google i odradi neku pretragu (traži bilo šta).

Kad klikneš na neki od rezultata, dolazi li do redirekcija (otvori li se neki drugi sajt umesto onoga koji bi trebao da se otvori)?

  • Pridružio: 07 Jun 2008
  • Poruke: 46

Napisano: 25 Dec 2009 10:51

Imam instalacioni DVD Windows 7
Uradio pretraživanje u Google i uvek mi otvori pravu stranicu, tj. sajt koji sam i tražio.
Dok ovo pišem na svakih pet minuta mi Avast alarmira pojavu virusa a u prilogu Vam šaljem slike.

Dopuna: 25 Dec 2009 10:55

a ovo mi se pojavljuje kad hoću da otvorim sajt

  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ponovo pokreni ComboFix i postavi log koji dobiješ.

  • Pridružio: 07 Jun 2008
  • Poruke: 46

ComboFix 09-12-24.02 - Aca 25.12.2009 12:12:26.3.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.1024.604 [GMT 1:00]
Running from: c:\users\Aca\Desktop\ComboFix.exe

((((((((((((((((((((((((( Files Created from 2009-11-25 to 2009-12-25 )))))))))))))))))))))))))))))))

2009-12-25 11:32 . 2009-12-25 11:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-25 11:32 . 2009-12-25 11:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-23 21:19 . 2009-12-25 11:32 -------- d-----w- c:\users\Aca\AppData\Local\temp
2009-12-16 17:59 . 2009-12-16 17:59 686080 ----a-w- c:\users\Aca\AppData\Roaming\\3\user\uno_packages\cache\uno_packages\84AC.tmp_\sun-pdfimport.oxt\
2009-12-16 17:59 . 2009-12-16 17:59 568832 ----a-w- c:\users\Aca\AppData\Roaming\\3\user\uno_packages\cache\uno_packages\84AC.tmp_\sun-pdfimport.oxt\msvcp90.dll
2009-12-16 17:59 . 2009-12-16 17:59 655872 ----a-w- c:\users\Aca\AppData\Roaming\\3\user\uno_packages\cache\uno_packages\84AC.tmp_\sun-pdfimport.oxt\msvcr90.dll
2009-12-16 17:59 . 2009-12-16 17:59 583168 ----a-w- c:\users\Aca\AppData\Roaming\\3\user\uno_packages\cache\uno_packages\84AC.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2009-12-16 17:59 . 2009-12-16 17:59 224768 ----a-w- c:\users\Aca\AppData\Roaming\\3\user\uno_packages\cache\uno_packages\84AC.tmp_\sun-pdfimport.oxt\msvcm90.dll
2009-12-16 17:53 . 2009-12-23 20:10 1 ----a-w- c:\users\Aca\AppData\Roaming\\3\user\uno_packages\cache\stamp.sys
2009-12-16 17:50 . 2009-12-16 17:50 -------- d-----w- c:\users\Aca\AppData\Roaming\
2009-12-16 17:14 . 2009-12-16 17:14 -------- d-----w- c:\program files\JRE
2009-12-16 17:14 . 2009-12-16 17:14 -------- d-----w- c:\program files\ 3
2009-12-14 14:15 . 2009-12-14 14:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-14 14:13 . 2009-12-14 14:13 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-11 11:01 . 2009-12-11 11:01 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8E9F.tmp.exe
2009-12-10 15:48 . 2009-12-10 15:48 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-05 23:02 . 2009-12-05 23:02 -------- d-----w- c:\users\Aca\AppData\Local\Cooliris
2009-12-05 23:02 . 2009-10-06 12:40 103424 ----a-w- c:\users\Aca\AppData\Roaming\Mozilla\Firefox\Profiles\6i7hkchi.default\extensions\\libs\pixomatic.dll
2009-12-05 23:02 . 2009-10-06 12:40 545280 ----a-w- c:\users\Aca\AppData\Roaming\Mozilla\Firefox\Profiles\6i7hkchi.default\extensions\\libs\PicLensHelper.exe
2009-12-05 23:02 . 2009-10-06 12:40 153600 ----a-w- c:\users\Aca\AppData\Roaming\Mozilla\Firefox\Profiles\6i7hkchi.default\extensions\\plugins\npcoolirisplugin.dll
2009-12-05 23:02 . 2009-10-06 12:40 4716544 ----a-w- c:\users\Aca\AppData\Roaming\Mozilla\Firefox\Profiles\6i7hkchi.default\extensions\\components\cooliris.dll
2009-12-05 23:02 . 2009-10-06 12:40 344064 ----a-w- c:\users\Aca\AppData\Roaming\Mozilla\Firefox\Profiles\6i7hkchi.default\extensions\\libs\LaunchCooliris.exe
2009-12-03 17:52 . 2006-09-13 04:00 42496 ----a-w- c:\programdata\CanonBJ\IJPrinter\CNMWindows\Canon iP4200\LanguageModules\0411\CNMsr78.dll
2009-12-03 17:52 . 2006-09-13 04:00 74240 ----a-w- c:\programdata\CanonBJ\IJPrinter\CNMWindows\Canon iP4200\LanguageModules\0409\CNMsr78.dll
2009-12-03 17:52 . 2006-09-13 04:00 73216 ----a-w- c:\programdata\CanonBJ\IJPrinter\CNMWindows\Canon iP4200\LanguageModules\0411\CNMlr78.dll
2009-12-03 17:52 . 2006-09-13 04:00 334848 ----a-w- c:\programdata\CanonBJ\IJPrinter\CNMWindows\Canon iP4200\LanguageModules\0409\CNMur78.dll
2009-12-03 17:52 . 2006-09-13 04:00 249344 ----a-w- c:\programdata\CanonBJ\IJPrinter\CNMWindows\Canon iP4200\LanguageModules\0411\CNMur78.dll
2009-12-03 17:52 . 2006-09-13 04:00 130048 ----a-w- c:\programdata\CanonBJ\IJPrinter\CNMWindows\Canon iP4200\LanguageModules\0409\CNMlr78.dll
2009-12-03 14:19 . 2006-09-13 04:00 197632 ----a-w- c:\windows\system32\CNMLM78.DLL
2009-12-03 14:19 . 2009-12-03 14:19 -------- d--h--w- c:\program files\CanonBJ
2009-12-03 11:53 . 2009-12-03 11:53 -------- d-----w- c:\programdata\CanonCP
2009-12-03 11:53 . 2009-07-29 11:51 112664 ----a-w- c:\programdata\CanonCP\CNYSELPHYCP\CNYWindows\CNYCanon SELPHY CP720\CNYCPUIN.EXE
2009-12-03 11:53 . 2009-07-13 12:55 102400 ----a-w- c:\programdata\CanonCP\CNYSELPHYCP\CNYWindows\CNYCanon SELPHY CP720\CNY04091.DLL
2009-12-03 11:16 . 2009-12-03 11:17 -------- d-----w- c:\users\Aca\AppData\Roaming\GetRightToGo
2009-12-03 10:28 . 2009-12-03 12:27 -------- d-----w- c:\program files\Common Files\Canon
2009-12-02 09:37 . 2009-12-02 09:37 -------- d-----w- c:\program files\NRadioBox 1.2
2009-12-01 17:51 . 2009-12-13 10:03 -------- d-----w- c:\users\Aca\AppData\Local\Google
2009-12-01 17:49 . 2009-12-01 17:51 -------- d-----w- c:\program files\Google
2009-11-30 06:49 . 2009-11-30 20:11 -------- d-----w- C:\NRadioBoxData
2009-11-29 19:52 . 2009-11-29 19:52 -------- d-----w- c:\program files\Microsoft

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2009-12-22 23:20 . 2009-11-10 08:42 -------- d-----w- c:\program files\Winamp
2009-12-22 22:05 . 2009-11-11 09:02 -------- d-----w- c:\users\Aca\AppData\Roaming\uTorrent
2009-12-18 21:51 . 2009-11-20 19:11 -------- d-----w- c:\users\Aca\AppData\Roaming\Skype
2009-12-16 18:11 . 2009-11-08 19:38 113136 ----a-w- c:\users\Aca\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-16 17:12 . 2009-11-08 23:44 -------- d-----w- c:\program files\Java
2009-12-16 14:12 . 2009-11-08 22:57 -------- d-----w- c:\programdata\Microsoft Help
2009-12-16 14:08 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-12-15 20:59 . 2009-11-16 04:33 -------- d-----w- c:\program files\RegCleaner
2009-12-13 16:31 . 2009-11-08 23:24 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2009-12-13 16:31 . 2009-11-08 23:24 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2009-12-11 10:01 . 2009-11-08 22:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-03 15:14 . 2009-11-08 22:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-11-08 22:15 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-30 16:01 . 2009-11-08 20:15 -------- d-----w- c:\users\Aca\AppData\Roaming\GHISLER
2009-11-30 16:01 . 2009-11-20 23:46 -------- d-----w- c:\program files\NRadioBox
2009-11-30 16:01 . 2009-11-15 08:57 -------- d--h--w- c:\programdata\CanonIJScan
2009-11-30 16:01 . 2009-11-09 11:17 -------- d--h--w- c:\programdata\CanonBJ
2009-11-30 14:12 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-28 08:39 . 2009-11-08 21:19 -------- d-----w- c:\program files\ xatshow
2009-11-27 15:16 . 2009-11-09 18:25 -------- d-----w- c:\program files\Media Convert Master
2009-11-25 19:49 . 2009-11-09 16:21 -------- d-----w- c:\program files\Opera
2009-11-25 11:31 . 2009-11-08 23:24 88 --sh--r- c:\programdata\51B02670CC.sys
2009-11-25 11:31 . 2009-11-08 23:24 88 --sh--r- c:\programdata\51B02670CC.sys
2009-11-25 11:22 . 2009-11-08 23:24 -------- d-----w- c:\users\Aca\AppData\Roaming\Corel
2009-11-25 11:21 . 2009-11-08 23:21 -------- d-----w- c:\programdata\Corel
2009-11-25 11:21 . 2009-11-25 11:21 -------- d-----w- c:\program files\Common Files\Protexis
2009-11-25 11:17 . 2009-11-25 11:17 -------- d-----w- c:\program files\Common Files\Corel
2009-11-25 11:17 . 2009-11-25 11:17 -------- d-----w- c:\program files\Corel
2009-11-24 23:54 . 2009-11-08 20:47 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:49 . 2009-11-08 20:48 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-08 20:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-08 20:48 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-23 11:40 . 2009-11-21 07:25 -------- d-----w- c:\programdata\ABBYY
2009-11-23 11:25 . 2009-11-23 11:18 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2009-11-23 10:47 . 2009-11-21 07:25 -------- d-----w- c:\program files\ABBYY FineReader 10
2009-11-21 07:33 . 2009-11-21 07:33 -------- d-----w- c:\users\Aca\AppData\Roaming\ABBYY
2009-11-20 19:19 . 2009-11-20 19:19 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-11-20 19:11 . 2009-11-20 19:11 -------- d-----r- c:\program files\Skype
2009-11-20 19:11 . 2009-11-20 19:11 -------- d-----w- c:\program files\Common Files\Skype
2009-11-20 19:11 . 2009-11-20 19:10 -------- d-----w- c:\programdata\Skype
2009-11-20 12:39 . 2009-11-09 18:26 -------- d-----w- c:\programdata\Apple Computer
2009-11-20 12:38 . 2009-11-20 12:38 -------- d-----w- c:\program files\Common Files\Apple
2009-11-20 12:38 . 2009-11-20 12:38 -------- d-----w- c:\program files\Apple Software Update
2009-11-20 12:38 . 2009-11-20 12:38 -------- d-----w- c:\programdata\Apple
2009-11-19 20:37 . 2009-11-19 20:37 -------- d-----w- c:\users\Aca\AppData\Roaming\CD-LabelPrint
2009-11-16 04:53 . 2009-11-16 04:53 -------- d-----w- c:\program files\TempCleaner
2009-11-16 04:52 . 2009-11-08 22:50 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-11-15 22:10 . 2009-11-08 21:10 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-15 17:52 . 2009-11-15 17:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2009-11-15 08:57 . 2009-11-15 08:57 -------- d-----w- c:\users\Aca\AppData\Roaming\Canon
2009-11-11 21:36 . 2009-11-11 21:36 -------- d-----w- c:\users\Aca\AppData\Roaming\GRETECH
2009-11-11 18:53 . 2009-11-11 18:53 -------- d-----w- c:\program files\GRETECH
2009-11-11 09:04 . 2009-11-11 09:04 -------- d-----w- c:\program files\uTorrent
2009-11-10 23:44 . 2009-11-09 11:16 -------- d-----w- c:\program files\Canon
2009-11-10 12:25 . 2009-11-10 08:42 -------- d-----w- c:\users\Aca\AppData\Roaming\Winamp
2009-11-10 08:42 . 2009-11-10 08:42 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-09 18:26 . 2009-11-08 21:45 -------- d-----w- c:\users\Aca\AppData\Roaming\Vso
2009-11-09 18:25 . 2009-11-09 18:25 81920 ----a-w- c:\users\Aca\AppData\Roaming\ezpinst.exe
2009-11-09 18:25 . 2009-11-09 18:25 81920 ----a-w- c:\users\Aca\AppData\Roaming\ezpinst.exe
2009-11-09 18:25 . 2009-11-09 18:25 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-09 18:25 . 2009-11-09 18:25 47360 ----a-w- c:\users\Aca\AppData\Roaming\pcouffin.sys
2009-11-09 18:25 . 2009-11-09 18:25 47360 ----a-w- c:\users\Aca\AppData\Roaming\pcouffin.sys
2009-11-09 17:01 . 2009-11-09 17:01 -------- d-----w- c:\users\Aca\AppData\Roaming\Nero
2009-11-09 17:00 . 2009-11-09 16:59 -------- d-----w- c:\program files\Common Files\Nero
2009-11-09 17:00 . 2009-11-09 16:57 -------- d-----w- c:\program files\Nero
2009-11-09 16:59 . 2009-11-09 16:59 -------- d-----w- c:\programdata\Nero
2009-11-09 16:31 . 2009-11-09 16:31 -------- d-----w- c:\program files\WinWatermark 2
2009-11-09 13:54 . 2009-11-09 13:54 -------- d-----w- c:\users\Aca\AppData\Roaming\Publish Providers
2009-11-09 09:44 . 2009-11-09 09:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-11-09 04:18 . 2009-11-09 04:18 0 ----a-w- c:\windows\system32\atiicdxx.dat
2009-11-09 04:18 . 2009-11-09 04:18 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-09 01:03 . 2009-11-09 01:03 -------- d-----w- c:\program files\Microsoft CAPICOM
2009-11-09 00:55 . 2009-11-09 00:55 -------- d-----w- c:\users\Aca\AppData\Roaming\Sony
2009-11-09 00:44 . 2009-11-09 00:44 -------- d-----w- c:\program files\Vstplugins
2009-11-09 00:44 . 2009-11-09 00:39 -------- d-----w- c:\program files\Sony
2009-11-09 00:40 . 2009-11-09 00:40 -------- d-----w- c:\program files\Sony Setup
2009-11-09 00:36 . 2009-11-08 23:27 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-11-08 23:45 . 2009-11-08 23:45 -------- d-----w- c:\users\Aca\AppData\Roaming\VitySoft
2009-11-08 23:44 . 2009-11-08 23:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-08 23:31 . 2009-11-08 23:31 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-08 23:29 . 2009-11-08 23:29 -------- d-----w- c:\users\Aca\AppData\Roaming\FastStone
2009-11-08 23:29 . 2009-11-08 23:29 -------- d-----w- c:\program files\FastStone Capture
2009-11-08 23:28 . 2009-11-08 23:28 -------- d-----w- c:\users\Aca\AppData\Roaming\ACD Systems
2009-11-08 23:27 . 2009-11-08 23:27 -------- d-----w- c:\programdata\ACD Systems
2009-11-08 23:27 . 2009-11-08 23:27 -------- d-----w- c:\program files\ACD Systems
2009-11-08 23:02 . 2009-11-08 23:02 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-11-08 22:55 . 2009-11-08 22:49 -------- d-----w- c:\users\Aca\AppData\Roaming\DAEMON Tools Lite
2009-11-08 22:50 . 2009-11-08 22:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-11-08 22:50 . 2009-11-08 22:50 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-08 22:49 . 2009-11-08 22:49 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-11-08 22:15 . 2009-11-08 22:15 -------- d-----w- c:\users\Aca\AppData\Roaming\Malwarebytes
2009-11-08 22:15 . 2009-11-08 22:15 -------- d-----w- c:\programdata\Malwarebytes
2009-11-08 21:45 . 2009-11-08 21:45 -------- d-----w- c:\program files\VSO
2009-11-08 21:36 . 2009-11-08 21:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-08 20:57 . 2009-11-08 20:57 -------- d-----w- c:\program files\CamStudio
2009-11-08 20:47 . 2009-11-08 20:47 -------- d-----w- c:\program files\Alwil Software
2009-11-02 19:42 . 2009-11-08 19:46 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:22 . 2009-11-25 08:01 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-02 04:06 . 2009-11-08 19:33 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-01 39408]

"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-08 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-11 122880]
"QuickTime Task"="c:\program files\Media Convert Master\codec\quicktime\QTTask.exe" [2009-11-10 417792]

c:\users\Aca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TempCleaner.lnk - c:\program files\TempCleaner\TempCleaner.exe [2004-3-26 346624]

"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

[HKLM\~\startupfolder\C:^Users^Aca^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-12-11 11:07 122880 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\Media Convert Master\codec\quicktime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2004-06-10 11:48 286720 ----a-w- c:\windows\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 06:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-01 17:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [8.11.2009 21:48 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [8.11.2009 21:48 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [8.11.2009 21:47 53328]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [8.11.2009 23:50 691696]
------- Supplementary Scan -------
uStart Page = hxxp://
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: S&end to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Aca\AppData\Roaming\Mozilla\Firefox\Profiles\6i7hkchi.default\
FF - prefs.js: browser.startup.homepage - hxxp://
FF - plugin: c:\program files\Media Convert Master\codec\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Media Convert Master\codec\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8536D2F6]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x846a94e0
QueryNameProcedure -> 0x846a9670
user & kernel MBR OK

--------------------- LOCKED REGISTRY KEYS ---------------------

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.032"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.amc"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.amr"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.apd"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.arw"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bay"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bmp"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bwf"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cdda"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cel"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cs1"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcx"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dif"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djv"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djvu"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dv"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.eps"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fff"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.flc"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fli"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.gif"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.gsm"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icn"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ico"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iff"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ilbm"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.inta"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iw4"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2c"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2k"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jbr"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jif"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jp2"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpc"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpe"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpeg"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpg"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpk"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpx"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kdc"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.lbm"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.m15"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.m1a"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.m2a"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.m4b"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.m4p"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.m75"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mef"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mos"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mpv"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbm"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbr"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcd"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pct"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcx"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pgm"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pic"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pict"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pix"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.png"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ppm"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psd"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psp"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspbrush"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspimage"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.qcp"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.qt"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.qtpf"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ras"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raw"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgb"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgba"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rsb"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rw2"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sdv"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sfil"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sgi"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.smf"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sml"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sr2"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.srf"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.swa"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tga"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.thm"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tif"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tiff"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ulw"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.vfw"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbm"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbmp"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xbm"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xif"

@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xpm"

[HKEY_USERS\S-1-5-21-2211027839-4248864363-3108305393-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E67D0C84-D678-1911-5749-DDC78972ADEB}*]

@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)

@Denied: (Full) (Everyone)
Completion time: 2009-12-25 12:40:27
ComboFix-quarantined-files.txt 2009-12-25 11:40
ComboFix2.txt 2009-12-25 11:04
ComboFix3.txt 2009-12-23 21:18

Pre-Run: bytes free
Post-Run: 7.122.354.176 bytes free

- - End Of File - - BEBF8D3D2ACC6BDAAD31350A2CF79927

  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Potrebno je da bootuješ sa Win7 DVD-a i da napraviš kopiju jednog file-a.
Uputstvo sledi...

1. Ubacite instalacioni disk Windowsa 7 u Računar, i restartujte ga

2. U uputstvu proizvođača, ili na internetu proverite kako namestiti da CD uređaj bude podrazumevani za boot u biosu ili pri dizanju računara

3. Izaberite CD kao boot uređaj (ako koristite opciju izbora boot uređaja pri paljenju računara)

4. Sačekajte da se učita instalacija (Pojaviće se tekst Windows is loading files. Nakon njega, aktiviraće se grafičko okruženje)

5. Na prvom ekranu izaberite "Language", "Time", i "Keyboard Input" po želji i pritisnite next

6. Kliknite na "Repair Your Computer"

7. Izaberite particiju na kojoj se nalazi Windows, zatim na sledećem ekranu odaberite "Command Prompt"

Nakon što je pokrenut Command Prompt potrebno je da ukucaš sledeću komandu (i potvrdiš sa Enter):

copy C:\Windows\system32\drivers\atapi.sys C:\atapi.bak

Uslediće obaveštenje da je jedan file kopiran. Nakon toga možeš restartovati računar i normalno pokrenuti Windows.

Uploaduj file C:\atapi.bak


  • Pridružio: 07 Jun 2008
  • Poruke: 46

File atapi.bak je poslat!

  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

1. Otvori Start meni i u Search programs and files polje ukucaj:


Otvoriće se konzola. Ukucaj sledeću komandu:

copy C:\Windows\system32\drivers\atapi.sys C:\atapi.sys

Ovime treba da je kreiran file C:\atapi.sys - uveri se da jeste.

2. Restartuj računar i bootuj sa Windows7 DVD-a, pokreni Command Prompt i ukucaj sledeće:

copy C:\atapi.sys C:\Windows\system32\drivers\atapi.sys

Pojaviće se upit:

Overwrite C:\Windows\system32\drivers\atapi.sys? (Yes/No/All):

Kucaj Y i pritisni Enter. Treba da se pojavi obaveštenje da je file kopiran.

Restartuj računar i nakon pokretanja Windowsa postavi svež ComboFix log.

Ko je trenutno na forumu

Ukupno su 892 korisnika na forumu :: 14 registrovanih, 1 sakriven i 877 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bata19801, darios, djordje92sm, dragoljub11987, havoc995, kybonacci, mane123, mercedesamg, milenko crazy north, Nikolaa11, sabros, sap, sombrero, Zvrk