Možda tražite i:
Nepoznat modem
Nepoznat problem
nepoznat program(za pravljenje muzike)
Odgovornost - autor nepoznat

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc! Nepoznat MBR ili sl.

Pomoc! Nepoznat MBR ili sl.

Napisano na dan: 28.7.2009

Pomoc! Nepoznat MBR ili sl.

Sledeća strana

Pagination

Zaključano

zrdesing Poslao: 28 Jul 2009 17:16 Idi na vrh
offline zrdesing Građanin Pridružio: 21 Apr 2008 Poruke: 102 Gde živiš: Maklosevac, Nasice, Hrvatska	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav svima! Imam problem koji se prvenstveno javlja pri uporabi gmer.exe. Nemogu napraviti scan. Kad kliknem na scan samo se restartira komp. Skenirao sam s Avastom, Spybotom, Mbamom, Dr. Web Cure it i ComboFixom. Molim Vas za pomoc jer stvarno neznam vise o cemu se radi. Svi programi su Up to Date. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:41:22, on 28.7.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\gmer\rs.exe C:\WINDOWS\regedit.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\RS.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.hr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 4290 bytes Evo da Vas ne zamaram previse, ja cu "bubnit" ovdje logove, a ako itko zna kako rjesiti ovaj problem, svaki savjet dobrodoso. GMER 1.0.15.14972 - gmer.net Rootkit scan 2009-07-28 16:01:57 Windows 5.1.2600 Service Pack 2 ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 01: copy of MBR Disk \Device\Harddisk0\DR0 sector 02: copy of MBR Disk \Device\Harddisk0\DR0 sector 03: copy of MBR Disk \Device\Harddisk0\DR0 sector 04: copy of MBR Disk \Device\Harddisk0\DR0 sector 05: copy of MBR Disk \Device\Harddisk0\DR0 sector 06: copy of MBR Disk \Device\Harddisk0\DR0 sector 07: copy of MBR Disk \Device\Harddisk0\DR0 sector 08: copy of MBR Disk \Device\Harddisk0\DR0 sector 09: copy of MBR Disk \Device\Harddisk0\DR0 sector 10: copy of MBR Disk \Device\Harddisk0\DR0 sector 11: copy of MBR Disk \Device\Harddisk0\DR0 sector 12: copy of MBR Disk \Device\Harddisk0\DR0 sector 13: copy of MBR Disk \Device\Harddisk0\DR0 sector 14: copy of MBR Disk \Device\Harddisk0\DR0 sector 15: copy of MBR Disk \Device\Harddisk0\DR0 sector 16: copy of MBR Disk \Device\Harddisk0\DR0 sector 17: copy of MBR Disk \Device\Harddisk0\DR0 sector 18: copy of MBR Disk \Device\Harddisk0\DR0 sector 19: copy of MBR Disk \Device\Harddisk0\DR0 sector 20: copy of MBR Disk \Device\Harddisk0\DR0 sector 21: copy of MBR Disk \Device\Harddisk0\DR0 sector 22: copy of MBR Disk \Device\Harddisk0\DR0 sector 23: copy of MBR Disk \Device\Harddisk0\DR0 sector 24: copy of MBR Disk \Device\Harddisk0\DR0 sector 25: copy of MBR Disk \Device\Harddisk0\DR0 sector 26: copy of MBR Disk \Device\Harddisk0\DR0 sector 27: copy of MBR Disk \Device\Harddisk0\DR0 sector 28: copy of MBR Disk \Device\Harddisk0\DR0 sector 29: copy of MBR Disk \Device\Harddisk0\DR0 sector 30: copy of MBR Disk \Device\Harddisk0\DR0 sector 31: copy of MBR Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 33: copy of MBR Disk \Device\Harddisk0\DR0 sector 34: copy of MBR Disk \Device\Harddisk0\DR0 sector 35: copy of MBR Disk \Device\Harddisk0\DR0 sector 36: copy of MBR Disk \Device\Harddisk0\DR0 sector 37: copy of MBR Disk \Device\Harddisk0\DR0 sector 38: copy of MBR Disk \Device\Harddisk0\DR0 sector 39: copy of MBR Disk \Device\Harddisk0\DR0 sector 40: copy of MBR Disk \Device\Harddisk0\DR0 sector 41: copy of MBR Disk \Device\Harddisk0\DR0 sector 42: copy of MBR Disk \Device\Harddisk0\DR0 sector 43: copy of MBR Disk \Device\Harddisk0\DR0 sector 44: copy of MBR Disk \Device\Harddisk0\DR0 sector 45: copy of MBR Disk \Device\Harddisk0\DR0 sector 46: copy of MBR Disk \Device\Harddisk0\DR0 sector 47: copy of MBR Disk \Device\Harddisk0\DR0 sector 48: copy of MBR Disk \Device\Harddisk0\DR0 sector 49: copy of MBR Disk \Device\Harddisk0\DR0 sector 50: copy of MBR Disk \Device\Harddisk0\DR0 sector 51: copy of MBR Disk \Device\Harddisk0\DR0 sector 52: copy of MBR Disk \Device\Harddisk0\DR0 sector 53: copy of MBR Disk \Device\Harddisk0\DR0 sector 54: copy of MBR Disk \Device\Harddisk0\DR0 sector 55: copy of MBR Disk \Device\Harddisk0\DR0 sector 56: copy of MBR Disk \Device\Harddisk0\DR0 sector 57: copy of MBR Disk \Device\Harddisk0\DR0 sector 58: copy of MBR Disk \Device\Harddisk0\DR0 sector 59: copy of MBR Disk \Device\Harddisk0\DR0 sector 60: copy of MBR Disk \Device\Harddisk0\DR0 sector 61: copy of MBR Disk \Device\Harddisk0\DR0 sector 62: copy of MBR Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR ---- System - GMER 1.0.15 ---- SSDT sptd.sys ZwEnumerateKey [0xF8431FB2] SSDT sptd.sys ZwEnumerateValueKey [0xF8432340] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 823671E8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- EOF - GMER 1.0.15 ---- Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK Norman SinowalMBR Cleaner Copyright © 1990 - 2008, Norman ASA. Built 2008/05/13 16:21:18 Norman Scanner Engine Version: 5.92.04 Nvcbin.def Version: 5.92.00, Date: 2008/05/13 16:21:18, Variants: 0 Running pre-scan cleanup routine: Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2 Logged on user: SRDJO\Srdjan Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "00 00 00 00 20 25 2A 00 " -> "" Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000 Scan started: 28/07/2009 14:07:49 Scanning bootsectors... No SinowalMBR hooks found Number of sectors found: 1 Number of sectors scanned: 1 Number of sectors not scanned: 0 Number of infections found: 0 Number of infections removed: 0 Total scanning time: 0s 531ms Scanning running processes and process memory... Number of processes/threads found: 1518 Number of processes/threads scanned: 1517 Number of processes/threads not scanned: 1 Number of infected processes/threads terminated: 0 Total scanning time: 34s Scanning file system... Scanning: C:\. Scanning: D:\. Scanning: E:\. E:\Nestopia139\Nestopia139\Dark_Lord_(J).rar/CMT (Error whilst scanning file: I/O Error) E:\Nestopia139\Nestopia139\King_of_Fighters_96,_The_(Unl).rar/CMT (Error whilst scanning file: I/O Error) E:\Nestopia139\Nestopia139\Metal_Gear_(E)_[!].rar/CMT (Error whilst scanning file: I/O Error) E:\Nestopia139\Nestopia139\Prince_of_Persia_(U)_[!].rar/CMT (Error whilst scanning file: I/O Error) E:\Nestopia139\Nestopia139\Teenage_Mutant_Ninja_Turtles_(U)_[!].rar/CMT (Error whilst scanning file: I/O Error) E:\Nestopia139\Nestopia139\Teenage_Mutant_Ninja_Turtles_-_Tournament_Fighters_(U)_[!p].rar/CMT (Error whilst scanning file: I/O Error) E:\Nestopia139\Nestopia139\Teenage_Mutant_Ninja_Turtles_III_-_The_Manhattan_Project_(U)_[!].rar/CMT (Error whilst scanning file: I/O Error) E:\Nestopia139\Nestopia139\Teenage_Mutant_Ninja_Turtles_II_-_The_Arcade_Game_(U)_[!].rar/CMT (Error whilst scanning file: I/O Error) E:\Nestopia139\Nestopia139\Tennis_(E)_[!].rar/CMT (Error whilst scanning file: I/O Error) E:\Nestopia139\Nestopia139\Terminator,_The_(U)_[!p].rar/CMT (Error whilst scanning file: I/O Error) E:\Nestopia139\Nestopia139\Terminator_2_-_Judgment_Day_(E)_[!].rar/CMT (Error whilst scanning file: I/O Error) E:\Nestopia139\Nestopia139\Top_Gun_(E)_[!].rar/CMT (Error whilst scanning file: I/O Error) E:\Nestopia139\Nestopia139\Top_Gun_-_Dual_Fighters_(J).rar/CMT (Error whilst scanning file: I/O Error) E:\Nestopia139\Nestopia139\Top_Gun_-_The_Second_Mission_(E).rar/CMT (Error whilst scanning file: I/O Error) E:\Nestopia139\Nestopia139\Top_Gun_III_(Unl).rar/CMT (Error whilst scanning file: I/O Error) E:\Nestopia139\Nestopia139\World_Super_Tennis_(J)_[!].rar/CMT (Error whilst scanning file: I/O Error) Number of files found: 176465 Number of archives unpacked: 456 Number of files scanned: 176421 Number of files not scanned: 44 Number of files skipped due to exclude list: 0 Number of infected files found: 0 Number of infected files repaired/deleted: 0 Number of infections removed: 0 Total scanning time: 57m 40s (I jos je Norman_Sinowal_Cleaner nasao more hostova koje je izbrisao, posto sam sumnjao na Sinowal, ali pretpostavljam da su svi ti hostovi zapravo pasivna protekcija Spybota.) ComboFix 09-07-26.01 - Srdjan 27.07.2009 14:24.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.511.278 [GMT 2:00] Running from: c:\documents and settings\Srdjan\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090725-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-06-27 to 2009-07-27 ))))))))))))))))))))))))))))))) . 2009-07-27 12:10 . 2004-08-03 20:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2009-07-27 12:10 . 2004-08-03 20:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-07-27 12:09 . 2001-08-17 12:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-07-27 12:09 . 2001-08-17 12:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-07-26 14:50 . 2009-07-26 14:50 -------- d-----w- c:\documents and settings\Srdjan\DoctorWeb 2009-07-26 13:38 . 2009-07-26 13:38 71680 ----a-w- C:\mbr.exe 2009-07-18 11:36 . 2009-07-18 11:36 3775176 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-07-09 19:27 . 2009-07-09 19:27 -------- d-----w- c:\documents and settings\Srdjan\Application Data\Malwarebytes 2009-07-09 19:27 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-09 19:27 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-09 18:41 . 2009-07-09 18:41 -------- d-----w- c:\documents and settings\Srdjan\presets 2009-07-08 15:30 . 2009-07-27 12:12 -------- d-----w- c:\program files\gmer 2009-07-05 17:42 . 2009-07-05 17:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FarmFrenzy-PizzaParty 2009-07-03 22:03 . 2009-07-03 22:03 -------- d-----w- c:\documents and settings\Srdjan\Local Settings\Application Data\WMTools Downloaded Files 2009-07-02 16:03 . 2009-07-02 16:04 -------- d-----w- c:\documents and settings\Srdjan\Application Data\Mind Control Software 2009-07-02 14:56 . 2009-07-02 14:56 -------- d-----w- C:\GameRival 2009-07-01 19:39 . 2009-07-01 20:19 -------- d-----w- C:\output 2009-07-01 19:39 . 2009-07-01 19:39 -------- d-----w- C:\tmp 2009-06-30 13:38 . 2009-06-30 13:38 -------- d-----w- c:\documents and settings\Srdjan\Application Data\AdobeUM 2009-06-30 13:37 . 2009-06-30 13:37 -------- d-----w- c:\documents and settings\Srdjan\Local Settings\Application Data\Adobe 2009-06-28 14:49 . 2009-06-30 12:05 -------- d-----w- c:\documents and settings\Srdjan\Application Data\SlipStream 2009-06-28 12:24 . 2004-08-03 21:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2009-06-27 17:40 . 2009-06-27 17:40 -------- d-----w- c:\program files\Super Spongebob Collapse . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-26 19:25 . 2009-06-07 09:59 -------- d-----w- c:\program files\DAEMON Tools Pro 2009-07-08 10:59 . 2009-06-07 09:42 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-06-20 20:03 . 2009-06-20 19:49 43194 ----a-w- c:\windows\Fonts\EUDC.EUF 2009-06-20 20:03 . 2009-06-20 19:49 104692 ----a-w- c:\windows\Fonts\EUDC.TTE 2009-06-17 14:19 . 2009-06-07 09:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-11 13:39 . 2009-06-11 13:39 -------- d-----w- c:\program files\Kick Shot Pool 2009-06-11 11:21 . 2009-06-11 11:21 -------- d-----w- c:\documents and settings\Srdjan\Application Data\funkitron 2009-06-07 21:54 . 2009-06-07 09:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-06-07 14:00 . 2009-06-06 19:02 19552 ----a-w- c:\documents and settings\Srdjan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-07 13:38 . 2009-06-07 09:27 -------- d-----w- c:\program files\VS Revo Group 2009-06-07 12:41 . 2009-06-07 12:41 -------- d-----w- c:\program files\Common Files\DirectX 2009-06-07 11:47 . 2009-06-07 11:47 -------- d-----w- c:\program files\ReflexiveArcade 2009-06-07 10:20 . 2009-06-07 10:20 -------- d-----w- c:\program files\Audacity 1.3 Beta 2009-06-07 10:08 . 2009-06-06 18:45 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-07 10:02 . 2009-06-07 10:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro 2009-06-07 10:01 . 2009-06-07 10:01 -------- d-----w- c:\documents and settings\Srdjan\Application Data\DAEMON Tools Pro 2009-06-07 09:56 . 2009-06-07 09:56 685816 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-06-07 09:52 . 2009-06-07 09:52 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-07 09:51 . 2009-06-07 09:51 -------- d-----w- c:\program files\Java 2009-06-07 09:49 . 2009-06-07 09:49 -------- d-----w- c:\program files\HWiNFO32 2009-06-07 09:49 . 2009-06-07 09:49 -------- d-----w- c:\program files\CCleaner 2009-06-07 09:48 . 2009-06-07 09:48 -------- d-----w- c:\program files\Defraggler 2009-06-07 09:46 . 2009-06-07 09:46 0 ----a-w- c:\windows\nsreg.dat 2009-06-07 09:41 . 2009-06-07 09:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-06-07 09:41 . 2009-06-07 09:41 -------- d-----w- c:\program files\VITSOFT 2009-06-07 09:38 . 2009-06-07 09:36 -------- d-----w- c:\program files\Winamp 2009-06-07 09:33 . 2009-06-07 09:33 -------- d-----w- c:\program files\Windows Media Connect 2 2009-06-07 09:23 . 2009-06-07 09:23 -------- d-----w- c:\program files\AutoFix 2009-06-07 09:20 . 2009-06-07 09:20 -------- d-----w- c:\program files\Trend Micro 2009-06-07 09:20 . 2009-06-07 09:20 -------- d-----w- c:\program files\ATF-Cleaner 2009-06-07 09:19 . 2009-06-07 09:19 -------- d-----w- c:\program files\Alwil Software 2009-06-07 09:16 . 2009-06-07 09:14 -------- d-----w- c:\program files\Common Files\Ahead 2009-06-07 09:15 . 2009-06-07 09:15 -------- d-----w- c:\documents and settings\Srdjan\Application Data\Ahead 2009-06-07 09:14 . 2009-06-07 09:14 -------- d-----w- c:\program files\Nero 2009-06-07 09:02 . 2009-06-07 09:02 -------- d-----w- c:\program files\DVD X Studios 2009-06-07 09:01 . 2009-06-07 09:01 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-06 21:31 . 2009-06-06 21:30 -------- d-----w- c:\program files\ATI Technologies 2009-06-06 21:31 . 2009-06-06 21:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-06 21:29 . 2009-06-06 21:29 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-06 18:48 . 2009-06-06 18:48 -------- d-----w- c:\program files\microsoft frontpage 2009-06-06 18:41 . 2009-06-06 18:41 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-06-24 13:26 . 2009-06-07 09:45 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7.6.2009 16:20 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.6.2009 16:20 20560] R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [31.12.2002 14:00 14336] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.hr/ IE: I&zvoz u Microsoft Excel - e:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Srdjan\Application Data\Mozilla\Firefox\Profiles\va55byvs.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.hr/ FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . *********************************************************************** catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-07-27 14:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2852) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-07-27 14:32 ComboFix-quarantined-files.txt 2009-07-27 12:32 ComboFix2.txt 2009-07-09 20:29 Pre-Run: 1.535.553.536 bytes free Post-Run: 1.506.177.024 bytes free 186 Napravio sam u Recoveri Consolei fixmbr i bilo je sve u redu. Nije vise bilo toga u gmer-u Disk \Device\Harddisk0\DR0 sector 01: copy of MBR . Ali cim sam opet kliknio na Scan, opet restart i opet se pojavilo isto. I sto jos ne razumijem u gmeru, pod registry su mi sljedece stavke crvene: HKEY_LOCAL_MACHINE\SECURITY\ POLICY -> i svaka stavka onutar te mape HKEY_LOCAL_MACHINE\SECURITY\ RXACT A sto je najzanimljivije, u regeditu nema ni jedna podstavka u HKEY_LOCAL_MACHINE\SECURITY\ Ako itko zna o cemu se radi i kako to rijesit, uz pomoc kojeg programa. Jako bih bio zahvalan.

Profil

dr_Bora Poslao: 28 Jul 2009 19:37 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovako... Ti očigledno imaš tendenciju ka igranju stvarima o kojima nemaš ni elementarno znanje. Naravno, ti imaš pravo da radiš šta hoćeš na svom kompjuteru... Ali ne ovde. Već ranije te upozorih zbog upornog ignorisanja uputstva za otvaranje teme u forumu Ambulanta. Već ranije ti pokušah pojasniti da ovo nije mesto na koje možeš doći i tresnuti log tamo nekog programa i to samo zato što ne razumeš šta to tamo piše, a da pri tome, naravno, nemaš nikakav razlog da koristiš isti, i očekivati da će neko da troši svoje slobodno vreme da bi tebi rešavao probleme koji ne postoje. Ova tema će biti zaključana, a ja bih te zamolio da me ne teraš da ti trajno onemogućim pisanje u forumu Ambulanta.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc! Nepoznat MBR ili sl.

Ko je trenutno na forumu

Ukupno su 1180 korisnika na forumu :: 43 registrovanih, 7 sakrivenih i 1130 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, aramis s, avijacija, Bane san, Bobrock1, bokisha253, cemix, cinoeye, Dannyboy, Darko8, DH, djboj, DPera, Dukelander, Džordžino, FileFinder, ILGromovnik, ivan1973, JOntra, kokodakalo, Marko Marković, mercedesamg, Mercury, Metanoja, Mi lao shu, mica.colak, milimoj, Milometer, nikoladim, Prašinar, Profica, raptorsi, Ray1973, Sir Budimir, stegonosa, suton, vasa.93, Vatreni Zmaj, Vlada1389, voja64, Volkhov-M, zixmix

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by