Hitno potrebna pomoc

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

fajla comp.exe nema u NetMeeting. Sta sad?

Dopuna: 18 Mar 2009 16:16

lanmi1983 ::fajla comp.exe nema u NetMeeting. Sta sad?

mada mi pokazuje da ima 22 fajla a prikazano je 21

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izvini na cekanju, imam neka posla
Je si ukljucio prikazivanje hidden fajlova

Na explorer ides Tools\ folder options\ view\ show hidden files and folders

Dopuna: 18 Mar 2009 16:30

Ili ga zapakuj u rar pa ga posalji nama na http://www.mycity.rs/ambulanta-upload.php
Ali ako je veci od 10mb onda mora na VT

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ma nema problema. Ukljucena mi je ta opcija,ali i dalje isto,21 fajl

Dopuna: 18 Mar 2009 16:32

lanmi1983 ::Ma nema problema. Ukljucena mi je ta opcija,ali i dalje isto,21 fajl

ali tog comp.exe fajla nema

Dopuna: 18 Mar 2009 16:42

lanmi1983 ::Ma nema problema. Ukljucena mi je ta opcija,ali i dalje isto,21 fajl

Dopuna: 18 Mar 2009 16:32

lanmi1983 ::Ma nema problema. Ukljucena mi je ta opcija,ali i dalje isto,21 fajl

ali tog comp.exe fajla nema

ovi fajlovi su mi u NetMeeting:
Blip
conf
h323cc.dll
nac.dll
nmasnt.dll
nmft.dll
vrcm.dll
callcont.dll
confmrsl.dll
MST120DLL
netmeet
nmchat.dll
nmoldwb.dll
Testsnd
cb32
dcap32.dll
MST123DLL
nmas.dll
nmcom.dll
nmwb.dll
wb32

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ukljuci skrivene falove po ovom uputstvu, moraces da ga vidis. http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

analisis/f35236b40de078e1d1719433a2ca2834

Dopuna: 18 Mar 2009 17:20

lanmi1983 ::analisis/f35236b40de078e1d1719433a2ca2834

dobio sam ovo. kako da postavim izvestaj?

Dopuna: 18 Mar 2009 17:22

File comp.exe received on 03.12.2009 21:05:12 (CET)
Current status: finished

Result: 6/39 (15.38%)
Compact Print results
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.12 -
AhnLab-V3 5.0.0.2 2009.03.12 -
AntiVir 7.9.0.109 2009.03.12 -
Authentium 5.1.0.4 2009.03.12 -
Avast 4.8.1335.0 2009.03.11 -
AVG 8.0.0.237 2009.03.12 -
BitDefender 7.2 2009.03.12 -
CAT-QuickHeal 10.00 2009.03.12 -
ClamAV 0.94.1 2009.03.12 -
Comodo 1051 2009.03.12 -
DrWeb 4.44.0.09170 2009.03.12 -
eSafe 7.0.17.0 2009.03.12 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.12 -
F-Secure 8.0.14470.0 2009.03.12 -
Fortinet 3.117.0.0 2009.03.12 -
GData 19 2009.03.12 -
Ikarus T3.1.1.45.0 2009.03.12 -
K7AntiVirus 7.10.668 2009.03.12 -
Kaspersky 7.0.0.125 2009.03.12 -
McAfee 5551 2009.03.12 New Malware.ix
McAfee+Artemis 5551 2009.03.12 New Malware.ix
Microsoft 1.4405 2009.03.12 Backdoor:Win32/Mestys.A
NOD32 3931 2009.03.12 -
Norman 6.00.06 2009.03.11 -
nProtect 2009.1.8.0 2009.03.12 -
Panda 10.0.0.10 2009.03.12 -
PCTools 4.4.2.0 2009.03.12 -
Prevx1 V2 2009.03.12 -
Rising 21.20.32.00 2009.03.12 -
SecureWeb-Gateway 6.7.6 2009.03.12 -
Sophos 4.39.0 2009.03.12 Sus/Behav-1021
Sunbelt 3.2.1858.2 2009.03.12 VIPRE.Suspicious
Symantec 1.4.4.12 2009.03.12 -
TheHacker 6.3.3.0.280 2009.03.12 -
TrendMicro 8.700.0.1004 2009.03.12 -
VBA32 3.12.10.1 2009.03.11 suspected of Win32.BrokenEmbeddedSignature (paranoid heuristics)
ViRobot 2009.3.12.1647 2009.03.12 -
VirusBuster 4.5.11.0 2009.03.12 -
Additional information
File size: 12798152 bytes
MD5...: e196546c20eedb2bc01abd736689a6be
SHA1..: b9918c0e06ed736261f15ffd68fa654eb8e891e6
SHA256: fb6d72e965ebcc77618723f392c1047520495d0a0a1bf2f95c17646ce67cc5dd
SHA512: 046649a29bdd910f54825b2054fe95fd89335348a90846051bcce56acdc59e31
aa78a26666acc7f448e59a555071e471219069f48cfc2843ae6b5efa8724795f
ssdeep: 393216:dT6JPsp5bwJAp682JX27sdYbdcWUuP17PX:Z687p68wdYxchY17f

PEiD..: ASProtect 1.33 - 2.1 Registered -> Alexey Solodovnikov
TrID..: File type identification
InstallShield setup (68.1%)
Win32 Executable Generic (13.4%)
Win32 Dynamic Link Library (generic) (12.0%)
Generic Win/DOS Executable (3.1%)
DOS Executable Generic (3.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x495e3580 (Fri Jan 02 15:40:48 2009)
machinetype.......: 0x14c (I386)

( 12 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x9c000 0x42800 8.00 c9c85541a3253a6d2dc5d83915e61784
0x9d000 0x7000 0x3a00 7.99 7669be49e88c94282c193b96cbc28e46
0xa4000 0x5000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
0xa9000 0x3000 0xa00 7.93 f7d5ad81180bf38cd8d0aaf16db409e0
0xac000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
0xad000 0x1000 0x200 0.27 31ef9254dd63547c7f8fe9fd7eb8f35b
0xae000 0x9000 0x5c00 7.99 cf89ed6b2486f54c30205499d9a35757
.rsrc 0xb7000 0x1000 0xc00 4.46 3d8918526abf971aa77e870ac75f98e1
0xb8000 0x3000 0x2200 7.98 180c534dbc6a4673bb991ce49fb0a6a0
.data 0xbb000 0x27000 0x26c00 7.87 e13cdebd977beb70e2267a2e4b086395
.adata 0xe2000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
Heud 0xe3000 0xbbbc00 0xbbbc00 7.43 ce0272d1fec9b9410bb233796dba2f7d

( 17 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> wsock32.dll: WSACleanup
> oleaut32.dll: SysFreeString
> advapi32.dll: SetTokenInformation
> version.dll: VerQueryValueA
> user32.dll: CreateWindowExA
> ole32.dll: OleSaveToStream
> user32.dll: GetKeyboardType
> oleaut32.dll: GetErrorInfo
> gdi32.dll: UnrealizeObject
> comctl32.dll: ImageList_SetIconSize
> shell32.dll: Shell_NotifyIconA
> quartz.dll: AMGetErrorTextA
> oleaut32.dll: SafeArrayPtrOfIndex
> advapi32.dll: RegQueryValueExA
> oleaut32.dll: VariantChangeTypeEx
> kernel32.dll: RaiseException

( 0 exports )

packers (Kaspersky): PE_Patch
packers (F-Prot): Aspack

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\program files\NetMeeting\comp.exe

Driver::
RPCER

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-03-15.01 - Milan 2009-03-18 18:53:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.434 [GMT 1:00]
Running from: c:\documents and settings\Milan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Milan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\program files\NetMeeting\comp.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\NetMeeting\comp.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RPCER
-------\Service_RPCER


((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-18 00:05 . 2009-03-18 00:05 <DIR> d-------- c:\documents and settings\Milan\Application Data\MxBoost
2009-03-18 00:04 . 2009-03-18 00:06 <DIR> d-------- c:\program files\Maxthon2
2009-03-18 00:03 . 2009-03-18 00:03 <DIR> d-------- c:\program files\Maxton
2009-03-16 19:41 . 2009-03-16 19:41 <DIR> d-------- c:\program files\Readon Technology
2009-03-16 16:02 . 2009-03-16 16:04 <DIR> d-------- c:\program files\Eggiz
2009-03-15 20:59 . 2009-03-15 17:51 33,556 --a------ C:\midnightexpress.jpg
2009-03-15 20:50 . 2009-03-15 18:17 35,551 --a------ C:\1234024115_me_myself_and_irene_posters.jpg
2009-03-15 20:47 . 2009-03-15 18:10 22,696 --a------ C:\Mean_Machine_poster.jpg
2009-03-15 20:44 . 2009-03-15 17:54 18,844 --a------ C:\Theoneposter.jpg
2009-03-15 20:38 . 2009-03-15 20:38 37,860 --a------ C:\1172603115_city_of_angels.jpg
2009-03-15 20:32 . 2009-03-15 15:29 502,803 --a------ C:\Sahara.jpg
2009-03-15 15:07 . 2009-03-15 14:52 91,640 --a------ C:\legally_blonde.jpg
2009-03-15 15:07 . 2009-03-15 15:01 78,739 --a------ C:\legally_blonde_two.jpg
2009-03-13 01:16 . 2009-03-13 01:16 <DIR> d-------- c:\program files\SubMagic
2009-03-13 01:16 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2009-03-13 00:44 . 2009-03-13 00:44 <DIR> d-------- c:\documents and settings\Milan\Application Data\GRETECH
2009-03-13 00:43 . 2009-03-13 00:43 <DIR> d-------- c:\program files\GRETECH
2009-03-13 00:42 . 2009-03-13 00:42 <DIR> d-------- c:\program files\GOM Player
2009-03-11 14:14 . 2009-03-11 14:14 <DIR> d--h----- c:\windows\$hf_mig$
2009-03-11 14:14 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-03-11 10:48 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-03-11 10:48 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-03-11 10:48 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-03-11 10:48 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-03-11 10:48 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2009-02-27 20:15 . 2009-02-28 15:35 <DIR> d-------- c:\program files\Opera
2009-02-27 19:37 . 2009-03-17 10:03 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-27 19:37 . 2009-02-27 20:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-27 14:24 . 2009-02-27 14:24 <DIR> d-------- c:\program files\Magentic
2009-02-27 14:24 . 2008-08-04 09:51 750,984 --a------ c:\windows\system32\Magentic Screensaver.scr
2009-02-24 21:40 . 2009-02-24 21:40 <DIR> d-------- c:\program files\AskBarDis
2009-02-19 17:33 . 2009-02-19 17:33 <DIR> d-------- c:\documents and settings\Milan\Application Data\Uniblue
2009-02-18 18:24 . 2009-02-18 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\PMB Files
2009-02-18 18:23 . 2009-02-18 18:23 204 --a------ C:\Plugins
2009-02-18 18:22 . 2009-02-18 18:22 <DIR> d-------- c:\program files\Pando Networks
2009-02-18 17:12 . 2009-02-23 22:05 <DIR> d-------- c:\documents and settings\Milan\Application Data\X3mE Yamb
2009-02-18 17:12 . 2009-02-23 22:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\X3mE Yamb
2009-02-18 16:01 . 2009-02-18 16:01 <DIR> d-------- c:\program files\Adobe Media Player
2009-02-18 16:00 . 2009-02-18 16:00 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-18 00:10 . 2009-02-18 01:00 <DIR> d-------- c:\program files\SMS Free Sender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 15:17 4,955 ----a-w c:\program files\Yurecnik.ini
2009-03-16 23:26 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-12 22:22 --------- d-----w c:\program files\Winamp
2009-03-12 20:22 --------- d-----w c:\program files\Mv2Player
2009-03-10 14:21 --------- d-----w c:\program files\ToggleEN
2009-03-08 00:23 --------- d-----w c:\documents and settings\Milan\Application Data\uTorrent
2009-02-22 12:22 --------- d-----w c:\program files\Google
2009-02-19 15:45 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-18 16:15 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 12:49 --------- d-----w c:\program files\uTorrent
2009-02-17 12:04 --------- d-----w c:\program files\Conduit
2009-02-16 17:25 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-02-16 14:17 --------- d-----w c:\program files\IncrediMail
2009-02-16 14:17 --------- d-----w c:\documents and settings\All Users\Application Data\IM
2009-02-16 14:16 --------- d-----w c:\documents and settings\All Users\Application Data\IncrediMail
2009-02-16 13:33 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-16 13:33 --------- d-----w c:\program files\Windows Live
2009-02-16 13:33 --------- d-----w c:\program files\Microsoft
2009-02-16 13:24 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-16 13:23 --------- d-----w c:\documents and settings\Milan\Application Data\MSNInstaller
2009-02-13 21:44 --------- d-----w c:\program files\Phenomedia AG
2009-02-13 21:36 --------- d-----w c:\program files\Tripper-IT
2009-02-13 17:46 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-13 17:46 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-11 15:37 --------- d-----w c:\documents and settings\Milan\Application Data\SlipStream
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-06 13:41 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-29 17:18 --------- d-----w c:\program files\GordianKnot
2009-01-29 17:15 --------- d-----w c:\program files\DVD Shrink
2009-01-29 17:11 --------- d-----w c:\program files\Gabest
2009-01-29 17:11 --------- d-----w c:\program files\AviSynth 2.5
2009-01-17 16:03 258 ----a-w c:\program files\Mini-YuRecnik.ini
2009-01-17 15:59 28,702 ----a-w c:\program files\Uninstal.exe
2009-01-17 15:59 1,998 ----a-w c:\program files\uninstal.log
1999-08-02 09:47 387,072 ----a-w c:\program files\YuRecnik.exe
1999-08-02 09:40 219,648 ----a-w c:\program files\MiniYuRecnik.exe
1999-08-02 09:35 9,559 ----a-w c:\program files\YURECNIK.HLP
1999-08-02 09:35 57 ----a-w c:\program files\Yurecnik.CNT
1999-07-29 09:43 2,447,472 ----a-w c:\program files\Reci.dat
1996-09-06 12:08 30,070 ----a-w c:\program files\Fb_deflt.dic
1996-02-23 15:26 469,504 ----a-w c:\program files\Fb_11k8.dll
1996-02-23 14:59 34,816 ----a-w c:\program files\Fb_spch.dll
1996-02-23 14:48 4,608 ----a-w c:\program files\Fb_timer.dll
1996-02-23 14:46 29,184 ----a-w c:\program files\Fb_ngn.exe
1996-02-23 14:21 16,896 ----a-w c:\program files\Uraspec.exe
1996-02-23 14:17 18,432 ----a-w c:\program files\Dictmgr.exe
1993-11-29 08:32 16,896 ----a-w c:\program files\Monologw.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-03-18_14.08.22.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-02-17 1882136]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2009-02-17 13:33 1882136 --a------ c:\program files\ToggleEN\tbTog1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 20:25 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-02-17 1882136]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-02-17 1882136]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-02-02 251264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-12 39408]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-13 1601304]
"SlipStream"="c:\program files\Raketa Krstarice\raketa-core.exe" [2007-09-25 344064]
"Raketa-veza"="c:\program files\Raketa Krstarice\raketa-veza.exe" [2007-09-11 69800]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Raketa Krstarice.lnk - c:\program files\Raketa Krstarice\raketa.exe [2008-12-03 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-13 18:46 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58459:TCP"= 58459:TCP:Pando Media Booster
"58459:UDP"= 58459:UDP:Pando Media Booster

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-02 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-02 107272]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-02-24 464264]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-28 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-28 298264]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-02-24 234888]
S2 gupdate1c98d25e3423983;Google Update Service (gupdate1c98d25e3423983);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-12 16:21]

2009-03-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 16:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.krstarica.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\progra~1\RAKETA~1\sliplsp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-18 18:56:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\HPZipm12.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\progra~1\Magentic\bin\MgApp.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-03-18 18:58:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-18 17:58:43
ComboFix2.txt 2009-03-18 13:09:03

Pre-Run: 45,568,405,504 bytes free
Post-Run: 45,483,438,080 bytes free

246

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Na racunaru nema vise znakova infekcije, ako je sve u redu, a trebalo bi, odradi sledece:


Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Svaka cast, majstore!!! Sad je sve ok Ne znam kako da ti se oduzim

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Placas pice kad se vidimo