MyCity » Ambulanta -> Arhiva Ambulante » Nemogu pristupiti D particiji na HD

Nemogu pristupiti D particiji na HD

Napisano na dan: 11.12.2007

Strana:
1
2

Nemogu pristupiti D particiji na HD

Pagination

Prethodna strana

Odgovori

Strana:
1
2

Mixelotti Poslao: 11 Dec 2007 20:45 Idi na vrh
offline Mixelotti Moderator foruma zidam zgrade i fasade ........... i armiram-betoniram, utovaram-istovaram i nikad se ne odmaram Pridružio: 14 Dec 2005 Poruke: 2482 Gde živiš: na istoj lokaciji ali promenih četiri države	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jeste Allow change je bilo levo dugme. Sledio sam instrukcije za dodatna pitanja iz poruke iznad ove restartovao kompjuter i još jednom uradio HijackThis log. Sada sve Ok. hvala na pomoći, stručnosti i brzini u odgovorima

Profil

dr_Bora Poslao: 11 Dec 2007 20:49 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Molim. Poštovanje...

Profil

Mixelotti Poslao: 13 Dec 2007 18:09 Idi na vrh
offline Mixelotti Moderator foruma zidam zgrade i fasade ........... i armiram-betoniram, utovaram-istovaram i nikad se ne odmaram Pridružio: 14 Dec 2005 Poruke: 2482 Gde živiš: na istoj lokaciji ali promenih četiri države	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Po gornjim postovima sam zaključio da je problem bio u : O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe evo ih opet Logfile of HijackThis v1.99.1 Scan saved at 5:57:18 PM, on 12/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\SYSTEM32\SRPSKEY.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\RFA Platinum\rfagent.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\BOINC\boincmgr.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\BOINC\boinc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\BOINC\projects\einstein.phys.uwm.edu\einstein_S5R3_4.15_windows_intelx86.exe C:\Program Files\BOINC\projects\einstein.phys.uwm.edu\einstein_S5R3_4.15_windows_intelx86.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Mixelotti\Desktop\ \TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [srpskey] C:\WINDOWS\SYSTEM32\SRPSKEY.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe" O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Con.....7768785363 O17 - HKLM\System\CCS\Services\Tcpip\..\{29235EB4-0B81-4859-8909-0391535A38FF}: NameServer = 212.124.160.1 212.124.160.2 O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8-) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe Dopuna: 13 Dec 2007 18:09 mislim da su se vratili sa USB fleša

Profil

dr_Bora Poslao: 13 Dec 2007 18:16 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK... Rešićemo... Preuzmi program Flash_Disinfector. program se pokreće dvoklikom na Flash_Disinfector.exe kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay) kliknuti na OK i sačekati da se proces završi kada se pojavi poruka Done !!, kliknuti na OK. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

Profil

Mixelotti Poslao: 13 Dec 2007 18:31 Idi na vrh
offline Mixelotti Moderator foruma zidam zgrade i fasade ........... i armiram-betoniram, utovaram-istovaram i nikad se ne odmaram Pridružio: 14 Dec 2005 Poruke: 2482 Gde živiš: na istoj lokaciji ali promenih četiri države	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 07-12-12.3 - Mixelotti 2007-12-13 18:25:41.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.501 [GMT 1:00] Running from: C:\Documents and Settings\Mixelotti\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))) . 2007-12-12 22:23 . 2007-12-13 16:30 45,595 --------- C:\WINDOWS\system32\amvo0.dll 2007-12-12 15:47 . 2007-12-12 15:47 <DIR> d-------- C:\WINDOWS\LastGood 2007-12-12 15:47 . 2007-12-12 15:47 44,208 -r-hs---- C:\WINDOWS\system32\amvo3.dll 2007-12-11 22:35 . 2007-12-13 16:30 123,960 -r-hs---- C:\n1deiect.com 2007-12-11 22:34 . 2007-12-13 17:58 123,960 -r-hs---- C:\WINDOWS\system32\amvo.exe 2007-12-11 22:34 . 2007-12-06 15:49 98,703 -r-hs---- C:\utdetect.com 2007-12-11 22:33 . 2007-12-06 15:49 98,703 -r-hs---- C:\WINDOWS\system32\avpo.exe 2007-12-11 22:33 . 2007-12-11 22:33 31,619 -r-hs---- C:\WINDOWS\system32\avpo0.dll 2007-11-29 09:57 . 2007-11-29 09:57 <DIR> d-------- C:\WINDOWS\system32\oodag . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-13 17:25 --------- d-----r C:\Program Files\BOINC 2007-12-13 11:27 --------- d-----w C:\Documents and Settings\Mixelotti\Application Data\MysteryStudio 2007-12-11 19:33 --------- d-----r C:\Program Files\SpeedFan 2007-12-11 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-05 17:21 --------- d-----w C:\Documents and Settings\Mixelotti\Application Data\PlayFirst 2007-11-28 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups 2007-11-24 13:35 --------- d-----r C:\Program Files\Lavalys 2007-11-24 13:35 --------- d-----r C:\Program Files\Kerio 2007-11-08 14:45 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-04 11:47 5,120 ----a-w C:\WINDOWS\system32\drivers\Stdsys.SYS 2007-10-29 19:41 --------- d-----r C:\Program Files\Macromedia 2007-10-29 19:39 --------- d-----r C:\Program Files\SAGEM 2007-10-29 19:38 --------- d-----r C:\Program Files\URUSoft 2007-10-29 19:38 --------- d-----r C:\Program Files\RFA Platinum 2007-10-29 19:37 --------- d-----r C:\Program Files\OO Software 2007-10-29 19:35 --------- d-----r C:\Program Files\Canon 2007-10-29 19:34 --------- d-----r C:\Program Files\K-Lite Codec Pack 2007-10-29 18:02 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-23 15:22 282,624 ----a-r C:\WINDOWS\Setup1.exe 2007-04-16 21:06 87,608 ----a-w C:\Documents and Settings\Mixelotti\Application Data\ezpinst.exe 2007-04-16 21:06 47,360 ----a-w C:\Documents and Settings\Mixelotti\Application Data\pcouffin.sys 2007-02-25 19:03 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] "avpa"="C:\WINDOWS\system32\avpo.exe" [2007-12-06 15:49] "amva"="C:\WINDOWS\system32\amvo.exe" [2007-12-13 17:58] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SystemGuardAlerter"="C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe" [2005-11-08 12:04] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-02-11 12:08] "srpskey"="C:\WINDOWS\SYSTEM32\SRPSKEY.EXE" [2006-04-24 11:10] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 08:33] "rfagent"="C:\Program Files\RFA Platinum\rfagent.exe" [2007-04-14 15:40] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "amva"="C:\WINDOWS\system32\amvo.exe" [2007-12-13 17:58] C:\Documents and Settings\Mixelotti\Start Menu\Programs\Startup\ BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2006-08-03 00:26:30] SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2006-02-08 22:38:36] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-10-13 03:44:25] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] C:\Program Files\Common Files\Stardock\mcpstub.dll 2003-08-25 10:25 139264 C:\Program Files\Common Files\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobemgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] Logi_MwX.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] c:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer] 2005-11-08 12:04 545280 --a------ C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PhotoshopElementsDeviceConnect"=3 (0x3) "AdobeActiveFileMonitor"=3 (0x3) "Adobe LM Service"=3 (0x3) "ose"=3 (0x3) "IDriverT"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bb751c1-b9aa-11db-baa9-4d6564696130}] \Shell\AutoRun\command - C:\Program Files\Alleysoft\AutoRun Design Specialty\CDROM\autorun.exe . ************************************************************************ catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-13 18:26:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\WINDOWS\SYSTEM32\srpskeyh3.dll . Completion time: 2007-12-13 18:27:04 C:\ComboFix2.txt ... 2007-12-13 18:24 C:\ComboFix3.txt ... 2007-12-11 19:04 . 2007-12-06 15:32:41 --- E O F ---

Profil

dr_Bora Poslao: 13 Dec 2007 18:44 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Isključi TeaTimer... Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\amvo0.dll C:\WINDOWS\system32\amvo3.dll C:\n1deiect.com C:\WINDOWS\system32\amvo.exe C:\utdetect.com C:\WINDOWS\system32\avpo.exe C:\WINDOWS\system32\avpo0.dll Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avpa"=- "amva"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "amva"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravaljen na kraju ciscenja/skeniranja.

Profil

Mixelotti Poslao: 13 Dec 2007 18:56 Idi na vrh
offline Mixelotti Moderator foruma zidam zgrade i fasade ........... i armiram-betoniram, utovaram-istovaram i nikad se ne odmaram Pridružio: 14 Dec 2005 Poruke: 2482 Gde živiš: na istoj lokaciji ali promenih četiri države	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Isključen Tea Timer i nakon toga restartovan kompjuter ComboFix 07-12-12.3 - Mixelotti 2007-12-13 18:50:42.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.609 [GMT 1:00] Running from: C:\Documents and Settings\Mixelotti\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Mixelotti\Desktop\CFScript.txt * Created a new restore point FILE C:\n1deiect.com C:\utdetect.com C:\WINDOWS\system32\amvo.exe C:\WINDOWS\system32\amvo0.dll C:\WINDOWS\system32\amvo3.dll C:\WINDOWS\system32\avpo.exe C:\WINDOWS\system32\avpo0.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\n1deiect.com C:\utdetect.com C:\WINDOWS\system32\amvo.exe C:\WINDOWS\system32\amvo0.dll C:\WINDOWS\system32\amvo3.dll C:\WINDOWS\system32\avpo.exe C:\WINDOWS\system32\avpo0.dll D:\Autorun.inf E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))) . 2007-11-29 09:57 . 2007-11-29 09:57 <DIR> d-------- C:\WINDOWS\system32\oodag . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-13 17:49 --------- d-----r C:\Program Files\SpeedFan 2007-12-13 17:49 --------- d-----r C:\Program Files\BOINC 2007-12-13 11:27 --------- d-----w C:\Documents and Settings\Mixelotti\Application Data\MysteryStudio 2007-12-11 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-05 17:21 --------- d-----w C:\Documents and Settings\Mixelotti\Application Data\PlayFirst 2007-11-28 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups 2007-11-24 13:35 --------- d-----r C:\Program Files\Lavalys 2007-11-24 13:35 --------- d-----r C:\Program Files\Kerio 2007-11-08 14:45 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-04 11:47 5,120 ----a-w C:\WINDOWS\system32\drivers\Stdsys.SYS 2007-10-29 19:41 --------- d-----r C:\Program Files\Macromedia 2007-10-29 19:39 --------- d-----r C:\Program Files\SAGEM 2007-10-29 19:38 --------- d-----r C:\Program Files\URUSoft 2007-10-29 19:38 --------- d-----r C:\Program Files\RFA Platinum 2007-10-29 19:37 --------- d-----r C:\Program Files\OO Software 2007-10-29 19:35 --------- d-----r C:\Program Files\Canon 2007-10-29 19:34 --------- d-----r C:\Program Files\K-Lite Codec Pack 2007-10-29 18:02 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-23 15:22 282,624 ----a-r C:\WINDOWS\Setup1.exe 2007-04-16 21:06 87,608 ----a-w C:\Documents and Settings\Mixelotti\Application Data\ezpinst.exe 2007-04-16 21:06 47,360 ----a-w C:\Documents and Settings\Mixelotti\Application Data\pcouffin.sys 2007-02-25 19:03 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2007-12-13_18.23.53.03 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-11 19:36:05 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-12-13 17:51:45 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-12-11 19:36:05 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-12-13 17:51:45 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SystemGuardAlerter"="C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe" [2005-11-08 12:04] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-02-11 12:08] "srpskey"="C:\WINDOWS\SYSTEM32\SRPSKEY.EXE" [2006-04-24 11:10] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 08:33] "rfagent"="C:\Program Files\RFA Platinum\rfagent.exe" [2007-04-14 15:40] C:\Documents and Settings\Mixelotti\Start Menu\Programs\Startup\ BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2006-08-03 00:26:30] SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2006-02-08 22:38:36] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-10-13 03:44:25] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] C:\Program Files\Common Files\Stardock\mcpstub.dll 2003-08-25 10:25 139264 C:\Program Files\Common Files\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobemgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] Logi_MwX.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] c:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer] 2005-11-08 12:04 545280 --a------ C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PhotoshopElementsDeviceConnect"=3 (0x3) "AdobeActiveFileMonitor"=3 (0x3) "Adobe LM Service"=3 (0x3) "ose"=3 (0x3) "IDriverT"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bb751c1-b9aa-11db-baa9-4d6564696130}] \Shell\AutoRun\command - C:\Program Files\Alleysoft\AutoRun Design Specialty\CDROM\autorun.exe . ************************************************************************ catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-13 18:51:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-12-13 18:52:18 C:\ComboFix2.txt ... 2007-12-13 18:27 C:\ComboFix3.txt ... 2007-12-13 18:24 . 2007-12-06 15:32:41 --- E O F ---

Profil

dr_Bora Poslao: 13 Dec 2007 19:16 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK... PC je sada čist... Ali... Potrebno je ''srediti'' flash drive(-ove) koji su bili izvor infekcije. Flash_Disinfector je samo uklonio file autorun.inf - ostale maliciozne file-ove moraš sam obrisati. Ako nemaš nešto bitno da flashu, najprostije je da ga formatiraš. Ako imaš, onda ćeš morati ''ručno'' brisati file-ove. Znači, aktiviraš prikaz skrivenih file-ova: http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-videti-skrivene-fajlove.html i tražiš: n1deiect.com utdetect.com amvo.exe amvo0.dll avpo.exe avpo0.dll ... i varijacije ovoga gore (neki drugi broj u nazivu i slično). Uz ovo gore, potrebno je i da ponoviš postupak za resetovanje System Restore-a. Ako trebaju dodatna pojašnjenja, reci...

Profil

Mixelotti Poslao: 13 Dec 2007 20:05 Idi na vrh
offline Mixelotti Moderator foruma zidam zgrade i fasade ........... i armiram-betoniram, utovaram-istovaram i nikad se ne odmaram Pridružio: 14 Dec 2005 Poruke: 2482 Gde živiš: na istoj lokaciji ali promenih četiri države	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zanimljivo da ih pored aktiviranja opcije za prikaz skrivenih fajlova ipak nisam pronašao na USB flash ... Ipak sam ga formatirao, nema frke Ponovio sam postupak za resetovanje System Restore-a proverio komp nakon ponovnog uključenja TeaTimer-a i System Restore, HijackThis log kaže da je sve ok. hvala još jednom

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Nemogu pristupiti D particiji na HD

Ko je trenutno na forumu

Ukupno su 1137 korisnika na forumu :: 54 registrovanih, 10 sakrivenih i 1073 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, ajo baba, Aleksa 3215, aleksmajstor, Apok, bojank, bokisha253, brundo65, cenejac111, dankisha, DejanCG, dekir, Denaya, djboj, djordje92sm, dolinalima, Dorcolac, draganl, Excalibur13, havoc995, ivicasimo, JimmyNapoli, Koridor, Krusarac, Kubovac, kybonacci, laki_bb, Leonov, LUDI, M1los, mercedesamg, Metanoja, mgolub, mikki jons, mikrimaus, miodrag, MiroslavD, Miškić, Nemanja.M, pein, Raso75, royst33, Shinobi, Stanlio, Tragač, Tvrtko I, vaso1, vathra, Vlada1389, vladas87, voja64, Wrangler, Žrnov, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by