MyCity » Ambulanta -> Arhiva Ambulante » Da li sam se zarazila?!

Da li sam se zarazila?!

Napisano na dan: 15.3.2009
2

Da li sam se zarazila?!
Pagination Prethodna strana
Sledeća strana Pagination

Idi na vrh

Poslao: 15 Mar 2009 12:57
Idi na vrh
offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

ComboFix 09-03-14.01 - Sandra 2009-03-15 12:41:02.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2372 [GMT 1:00]
Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sandra\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

FILE ::
c:\windows\system\msile.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\msile.exe
c:\windows\system32\drivers\sysdrv32.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSILE
-------\Legacy_SYSDRV32
-------\Service_msile
-------\Service_sysdrv32


((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-15 11:46 . 2009-03-15 11:46 51,715 --a------ c:\windows\system32\04.scr
2009-03-06 21:10 . 2009-03-06 21:10 <DIR> d-------- c:\windows\system32\NtmsData
2009-03-06 16:25 . 2008-04-14 00:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-03-06 16:25 . 2008-04-14 00:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-03-04 22:54 . 2009-03-04 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Phenomedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 11:44 18,507,808 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-15 11:44 1,002,784 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-15 11:43 96,056 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-15 11:43 250,988 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-15 10:03 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-06 20:25 --------- d-----w c:\documents and settings\Sandra\Application Data\POP Peeper
2009-02-16 09:28 --------- d-----w c:\program files\POP Peeper
2009-02-03 22:49 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 22:49 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-02 22:36 --------- d-----w c:\documents and settings\Sandra\Application Data\ACD Systems
2009-02-02 22:35 9,856 ----a-w c:\windows\system32\drivers\pfc.sys
2009-02-02 22:35 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-02 22:35 --------- d-----w c:\program files\ACD Systems
2009-02-02 22:35 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-23 10:28 --------- d-----w c:\program files\UltraSnap
2008-12-15 00:45 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-14 22:57 1,851,544 ----a-w c:\program files\install_flash_player.exe
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-15 10:09:16 58,998 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-15 11:04:10 58,998 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-15 10:09:16 392,864 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-15 11:04:10 392,864 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-15 11:44:18 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_32c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2008-03-12 1429504]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-10-20 166456]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13545472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-07-21 450649]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 227856]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-18 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-09-19 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Sandra\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM 113664]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [1/8/2009 2:06:03 PM 20992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [4/14/2008 2:03:54 PM 596584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\progra~1\ASUS\ATKHOT~1\ASNDIS5.SYS [5/27/2004 6:13:04 PM 16269]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [12/13/2007 1:28:40 PM 24592]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/14/2008 12:18:09 AM 41376]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [12/14/2008 12:34:03 AM 57408]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [10/18/2007 11:31:54 AM 98328]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MSILE
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\9bo71q6s.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-03-15 12:44:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(316)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(372)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\acs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\system32\wscntfy.exe
c:\windows\system\msile.exe
.
**************************************************************************
.
Completion time: 2009-03-15 12:46:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-15 11:46:39
ComboFix2.txt 2009-03-15 10:44:08

Pre-Run: 13.527.900.160 bytes free
Post-Run: 13,516,169,216 bytes free

182



Poslao: 15 Mar 2009 13:06
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

E, sad je moguce da ce nam trebati zivci.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\04.scr

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Poslao: 15 Mar 2009 13:31
Idi na vrh
offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

Opet mi izbacuje one porukice sto sam uradila print screen Sad

Imam ja zivaca... sutra pocinjem da radim tj imam neku obuku i laptop mi je must have tako da ako treba da trcim sa njim 15km na glavi nije problem Wink

Sad cu opet da to uradim pa ti postavljam za par minuta...

Dopuna: 15 Mar 2009 13:31

ComboFix 09-03-14.01 - Sandra 2009-03-15 13:13:31.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2371 [GMT 1:00]
Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sandra\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\04.scr
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\sysdrv32.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32
-------\Service_sysdrv32


((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-15 13:04 . 2009-03-15 13:04 51,715 --a------ c:\windows\system32\86.scr
2009-03-15 13:03 . 2009-03-15 13:03 51,715 --a------ c:\windows\system32\77.scr
2009-03-15 13:00 . 2009-03-15 13:09 51,715 --a------ c:\windows\system32\72.scr
2009-03-15 12:45 . 2009-03-15 13:02 51,715 -r-hs---- c:\windows\system\msile.exe
2009-03-06 21:10 . 2009-03-06 21:10 <DIR> d-------- c:\windows\system32\NtmsData
2009-03-06 16:25 . 2008-04-14 00:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-03-06 16:25 . 2008-04-14 00:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-03-04 22:54 . 2009-03-04 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Phenomedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 12:17 18,588,448 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-15 12:17 1,009,440 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-15 12:15 96,680 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-15 12:15 252,044 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-15 10:03 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-06 20:25 --------- d-----w c:\documents and settings\Sandra\Application Data\POP Peeper
2009-02-16 09:28 --------- d-----w c:\program files\POP Peeper
2009-02-03 22:49 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 22:49 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-02 22:36 --------- d-----w c:\documents and settings\Sandra\Application Data\ACD Systems
2009-02-02 22:35 9,856 ----a-w c:\windows\system32\drivers\pfc.sys
2009-02-02 22:35 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-02 22:35 --------- d-----w c:\program files\ACD Systems
2009-02-02 22:35 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-23 10:28 --------- d-----w c:\program files\UltraSnap
2008-12-15 00:45 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-14 22:57 1,851,544 ----a-w c:\program files\install_flash_player.exe
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-15 10:09:16 58,998 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-15 12:14:39 58,998 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-15 10:09:16 392,864 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-15 12:14:39 392,864 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2008-03-12 1429504]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-10-20 166456]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13545472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-07-21 450649]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 227856]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-18 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-09-19 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Sandra\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM 113664]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [1/8/2009 2:06:03 PM 20992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [4/14/2008 2:03:54 PM 596584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\progra~1\ASUS\ATKHOT~1\ASNDIS5.SYS [5/27/2004 6:13:04 PM 16269]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [12/13/2007 1:28:40 PM 24592]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/14/2008 12:18:09 AM 41376]
R3 sysdrv32;Play Port I/O Driver;\??\c:\windows\system32\drivers\sysdrv32.sys --> c:\windows\system32\drivers\sysdrv32.sys [?]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [10/18/2007 11:31:54 AM 98328]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [12/14/2008 12:34:03 AM 57408]
S2 msile;microsoft install le;c:\windows\system\msile.exe [3/15/2009 12:45:59 PM 51715]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SYSDRV32
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\9bo71q6s.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-03-15 13:17:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(316)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(388-)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\acs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2009-03-15 13:19:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-15 12:19:20
ComboFix2.txt 2009-03-15 11:46:43
ComboFix3.txt 2009-03-15 10:44:08

Pre-Run: 13.470.318.592 bytes free
Post-Run: 13,422,100,480 bytes free

184

Poslao: 15 Mar 2009 13:45
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

E, do.... gde bas danas nasla tako da se zarazis Sad
Marfi, bas kad ti je lap-top najpotrebniji, nesto se sjebe. Neutral

probacemo jos jednom, ako ne uspe, moracu da konsultujem nekog od visih rangova.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\86.scr
c:\windows\system32\77.scr
c:\windows\system32\72.scr
c:\windows\system\msile.exe
c:\windows\system32\drivers\sysdrv32.sys

KillAll::

Driver::
sysdrv32
msile

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 15 Mar 2009 14:01
Idi na vrh
offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

ComboFix 09-03-14.01 - Sandra 2009-03-15 13:47:38.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2332 [GMT 1:00]
Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sandra\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

FILE ::
c:\windows\system\msile.exe
c:\windows\system32\72.scr
c:\windows\system32\77.scr
c:\windows\system32\86.scr
c:\windows\system32\drivers\sysdrv32.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\msile.exe
c:\windows\system32\72.scr
c:\windows\system32\77.scr
c:\windows\system32\86.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSILE
-------\Legacy_SYSDRV32
-------\Service_msile


((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-15 13:18 . 2009-03-15 13:18 51,715 --a------ c:\windows\system32\13.scr
2009-03-06 21:10 . 2009-03-06 21:10 <DIR> d-------- c:\windows\system32\NtmsData
2009-03-06 16:25 . 2008-04-14 00:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-03-06 16:25 . 2008-04-14 00:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-03-04 22:54 . 2009-03-04 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Phenomedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 12:51 1,014,560 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-15 12:50 18,661,920 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-15 12:49 97,136 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-15 12:49 253,052 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-15 10:03 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-06 20:25 --------- d-----w c:\documents and settings\Sandra\Application Data\POP Peeper
2009-02-16 09:28 --------- d-----w c:\program files\POP Peeper
2009-02-03 22:49 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 22:49 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-02 22:36 --------- d-----w c:\documents and settings\Sandra\Application Data\ACD Systems
2009-02-02 22:35 9,856 ----a-w c:\windows\system32\drivers\pfc.sys
2009-02-02 22:35 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-02 22:35 --------- d-----w c:\program files\ACD Systems
2009-02-02 22:35 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-23 10:28 --------- d-----w c:\program files\UltraSnap
2008-12-15 00:45 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-14 22:57 1,851,544 ----a-w c:\program files\install_flash_player.exe
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-15 10:09:16 58,998 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-15 12:31:48 58,998 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-15 10:09:16 392,864 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-15 12:31:48 392,864 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-15 12:50:41 16,384 ----atw c:\windows\temp\Perflib_Perfdata_33c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2008-03-12 1429504]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-10-20 166456]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13545472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-07-21 450649]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 227856]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-18 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-09-19 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Sandra\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM 113664]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [1/8/2009 2:06:03 PM 20992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [4/14/2008 2:03:54 PM 596584]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\progra~1\ASUS\ATKHOT~1\ASNDIS5.SYS [5/27/2004 6:13:04 PM 16269]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [12/13/2007 1:28:40 PM 24592]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/14/2008 12:18:09 AM 41376]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [10/18/2007 11:31:54 AM 98328]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [12/14/2008 12:34:03 AM 57408]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\9bo71q6s.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-03-15 13:51:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(316)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(372)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\acs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-15 13:53:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-15 12:53:04
ComboFix2.txt 2009-03-15 12:19:25
ComboFix3.txt 2009-03-15 11:46:43
ComboFix4.txt 2009-03-15 10:44:08

Pre-Run: 13.425.520.640 bytes free
Post-Run: 13,415,464,960 bytes free

184

Dopuna: 15 Mar 2009 14:01

I opet je izbacio onaj prozorcic Aplication error i to cim je zavrsio sa combofixom.

U principu sve mi radi normalno samo sto stalno izbacuje taj prozorcic, tako da mislim da cu uspeti sutra da radim na lapicu samo da ne zarazim i ostale posto cemo biti umrezeni.

Imas li pojma koji je virus i od cega je to?!

Poslao: 15 Mar 2009 14:15
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Nije valjda da odustajes? Smile

Ne znam da li si videla ovu temu:
[Link mogu videti samo ulogovani korisnici]
Imas i odgovarajucu u Shadow Boardu.

Ako sad ne uspemo, idemo radikalnije. Mr. Green

Otvoriti Notepad i iskopirati sledeci tekst:

KILLALL::

File::
c:\windows\system32\13.scr


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 15 Mar 2009 15:51
Idi na vrh
offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

Evo mene opet ali sa drugog kompa.... Da li je normalno ovoliko dugo da on nesto skenra ili sta vec radi?!
Komp se restartovao i stoji prozor gde pise da ne pokrecem druge programe dok ne zavrsi da sacekam par minuta da izbaci log file.

Inace pokrenula sam ga negde oko 2i20 tj cim si ti ispisao ovaj poslednji post.

Poslao: 15 Mar 2009 15:53
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Resetuj ga, tada bi trebalo da se vrati u normalu.

Poslao: 15 Mar 2009 16:17
Idi na vrh
offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

Resetovala sam i ovo mi se pojavilo na pocetku.
Gledala sam u c i nemam nikakav log file od combofix-a. Da li treba ovo poslednje opet da ponovim ili ne?!
I da, opet se pojavio onaj aplication error

Poslao: 15 Mar 2009 16:22
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

hmm, sta li to Kaspersky zeli da dezinfikuje?

MyCity » Ambulanta -> Arhiva Ambulante » Da li sam se zarazila?!

Ko je trenutno na forumu
 

Ukupno su 1306 korisnika na forumu :: 182 registrovanih, 11 sakrivenih i 1113 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., Agape, Alooo, alternator, amstel, armor, Arsenije, Asteker, Avalon015, babaroga, bbogdan, bbrasnjo3, Betty25, Blair, Bojan198527, bojankrstc, bokisha253, bolenbgd, Boris90, bpvl, ccoogg123, cemix, Centauro, Cicumile, cifra, Clouseau, csipetcsapat, cvrle312, Dambi, darcaud, Dare, DeerHunter, Dejan_vw, dejanbenkovic, dendrit86, denisnapast2015, Django777, djboj, Djokislav, DJUNTA, Djuro2000, Doca, Dogma21, drale12, Drugsparrow, dule10savic, Dungorth, Electron, Ezbuck, feanor, Feller, Frunze, g_g, gagidjuric, galico, Gerila015, gomago, goran.vvv, hyla, Ice, iceburn, Igritelj, ikan, istina, ivan979, Jakonjveliki, JankoS, Jeremiah, Jerry Drake, Joksss, Jomini, kikisp, Kobrim, Koridor, Koridor 11, Krusarac, Kubovac, kybonacci, Lelemood, Lieutenant, Lucije Kvint, M74AB3, marko.markovic, markoni.slo, Martin543, mačković, mercedesamg, Metanoja, Mi lao shu, miki kv, Miki01, Miki281, milanpb, milenko crazy north, milenko1980, Millennium, Milos1389, mir, mir juzni, MiroslavD, Mićko, mnn2, moldway, momcilob55, N.e.m.a.nj.a., neko iz mase, Nemanja.M, nemkea71, novator, padamacki, Pale2025, panzerwaffe, Papadubi, Petarvu, Phalanx, Pilence, pisac12, Plavi Jadran, Podljub, Povratak1912, prashinar, PrincipL, proka89, promajauglavi, raf87, rakivan, raso7, rebro1974, repac, Resad76, RJ, ruso, S-lash, sap, sasovsky, share00, Shinobi, silikon, Simulink11000, Sir Budimir, Sićko, strelac07, synergia, tanakadzo, TBoy, tenkiasta71, TheBeastOfMG, UAV operator, uruk, Username1000, varda, vathra, vazduh, vensla, Vica1958, VJ, Vlad000, Vlado82, Voice1, voja64, vojnik švejk, VOŽD, Vrač, vuk77, vukovi, vuksa72, Vzor50, Wrangler, x011, x9, XBMC, XRF_d, ZetaMan, Zoca, zokilivac, zokizemun, Zoran1959, Zvone, zziko, |_MeD_|, Žrnov