MyCity » Ambulanta -> Arhiva Ambulante » Pomoc hitno potrebna!

Pomoc hitno potrebna!

Napisano na dan: 27.4.2010

Strana:
1
2

Pomoc hitno potrebna!

Pagination

Prethodna strana

Odgovori

Strana:
1
2

maki170582 Poslao: 03 Maj 2010 18:49 Idi na vrh
offline maki170582 Građanin Pridružio: 11 Avg 2008 Poruke: 65 Gde živiš: Vancouver	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 03 Maj 2010 18:02 Nabavio sam hirens boot cd na kojem postoji mini windows, sta da radim dalje. Nod mi prijavljuje sada samo ovaj fajl koji nemoze da izbrise c:window/system32/drivers/cdrom.sys inace prikacio sam sliku mog Nod karantina (pun je) a kad mi se log combofix-a zavrsi kacim i njega.... Dopuna: 03 Maj 2010 18:49 Dr. Boro unapred veliko vam hvala....... [Link mogu videti samo ulogovani korisnici] ComboFix 10-05-02.03 - test 05/03/2010 18:15:02.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.233 [GMT 2:00] Running from: c:\documents and settings\test\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected Restored copy from - c:\system volume information\_restore{9896F155-968E-4374-B479-F89EA049B290}\RP227\A0060461.sys . ((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 ))))))))))))))))))))))))))))))) . 2010-05-01 15:29 . 2009-08-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll 2010-04-30 18:59 . 2004-08-03 22:56 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2010-04-30 18:59 . 2004-08-03 22:56 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-04-30 18:25 . 2010-04-30 18:25 -------- d-----w- c:\documents and settings\test\Local Settings\Application Data\ESET 2010-04-30 17:45 . 2010-04-30 17:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-04-29 08:25 . 2010-04-29 08:25 -------- d-----w- c:\documents and settings\Administrator.TESTERI-26A99C5\Local Settings\Application Data\Opera 2010-04-27 20:12 . 2010-04-27 20:12 -------- d-----w- c:\documents and settings\Administrator.TESTERI-26A99C5\Application Data\DivX 2010-04-18 11:10 . 2010-04-18 11:10 -------- d-----w- C:\NOD_upd 2010-04-18 11:09 . 2010-04-18 11:09 -------- d-----w- c:\program files\ESET 2010-04-18 11:09 . 2010-04-18 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-01 20:53 . 2009-03-30 15:24 10 ----a-w- c:\windows\popcinfo.dat 2010-05-01 20:36 . 2009-03-29 16:36 -------- d-----w- c:\documents and settings\test\Application Data\Skype 2010-05-01 16:33 . 2009-03-29 16:38 -------- d-----w- c:\documents and settings\test\Application Data\skypePM 2010-04-27 20:40 . 2004-08-03 22:56 1032192 ----a-w- c:\windows\explorer.exe 2010-04-27 20:40 . 2009-03-29 20:26 -------- d-----w- c:\documents and settings\test\Application Data\uTorrent 2010-04-27 20:15 . 2009-03-29 18:20 -------- d-----w- c:\program files\Unlocker 2010-04-19 12:59 . 2010-04-19 12:59 255472 ----a-w- c:\documents and settings\test\Application Data\Mozilla\plugins\npgoogletalk.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-02 12:59 . 2010-03-02 12:59 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-02 12:59 . 2010-03-02 12:59 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-02 12:58 . 2009-05-10 00:07 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-03-02 12:58 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll . ((((((((((((((((((((((((((((( SnapShot_2010-04-30_19.02.48 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-03 16:22 . 2010-05-03 16:22 16384 c:\windows\Temp\Perflib_Perfdata_690.dat + 2009-03-29 15:36 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll + 2009-03-29 15:36 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe - 2009-03-29 21:18 . 2006-09-25 15:58 14640 c:\windows\system32\spmsg.dll + 2009-03-29 21:18 . 2008-03-20 12:41 14640 c:\windows\system32\spmsg.dll + 2010-05-01 15:29 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2004-08-03 22:56 . 2005-05-04 12:45 15360 c:\windows\system32\msisip.dll + 2004-08-03 22:56 . 2005-05-04 12:45 78848 c:\windows\system32\msiexec.exe + 2004-08-03 20:59 . 2004-08-03 20:59 49536 c:\windows\system32\drivers\cdrom.sys + 2009-03-29 15:36 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll + 2009-03-29 15:36 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2004-08-03 22:56 . 2005-05-04 12:45 15360 c:\windows\system32\dllcache\msisip.dll + 2004-08-03 22:56 . 2005-05-04 12:45 78848 c:\windows\system32\dllcache\msiexec.exe + 2004-08-03 22:56 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll + 2004-08-03 22:56 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll + 2009-03-29 15:36 . 2009-08-06 17:23 209624 c:\windows\system32\wuweb.dll + 2009-03-29 15:36 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll + 2009-03-29 15:36 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll + 2010-05-01 15:29 . 2009-08-06 17:23 575704 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.4.7600.226\wuapi.dll - 2004-08-03 22:56 . 2004-08-03 22:56 884736 c:\windows\system32\msimsg.dll + 2004-08-03 22:56 . 2005-05-04 12:45 884736 c:\windows\system32\msimsg.dll + 2004-08-03 22:56 . 2005-05-04 12:45 271360 c:\windows\system32\msihnd.dll + 2009-03-29 15:36 . 2009-08-06 17:23 209624 c:\windows\system32\dllcache\wuweb.dll + 2009-03-29 15:36 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2009-03-29 15:36 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll - 2004-08-03 22:56 . 2004-08-03 22:56 884736 c:\windows\system32\dllcache\msimsg.dll + 2004-08-03 22:56 . 2005-05-04 12:45 884736 c:\windows\system32\dllcache\msimsg.dll + 2004-08-03 22:56 . 2005-05-04 12:45 271360 c:\windows\system32\dllcache\msihnd.dll + 2009-03-29 15:36 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll + 2004-08-03 22:56 . 2005-05-04 12:45 2890240 c:\windows\system32\msi.dll + 2008-03-20 16:06 . 2008-03-20 16:06 1480232 c:\windows\system32\LegitCheckControl.dll + 2009-03-29 15:36 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll + 2004-08-03 22:56 . 2005-05-04 12:45 2890240 c:\windows\system32\dllcache\msi.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-11-07 19:31 135664 ----atw- c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-02 12:58 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2009-12-16 21:02 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Documents and Settings\\test\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\test\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Opera\\opera.exe"= "$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/11/2009 7:26 AM 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/11/2009 7:24 AM 735960] S2 gupdate1c9dee19208e8a;Google Update Service (gupdate1c9dee19208e8a);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2009 5:37 PM 133104] S3 FXDRV;FXDRV;\??\g:\fxdrv.sys --> g:\Fxdrv.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/29/2009 11:32 PM 682232] . Contents of the 'Scheduled Tasks' folder 2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 15:37] 2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 15:37] 2010-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1801674531-1003Core.job - c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 19:31] 2010-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1801674531-1003UA.job - c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 19:31] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - c:\progra~1\MI699F~1\Office10\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2010-05-03 18:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{56d3df43-34d8-483c-8ecd-a6fe3ba4b11b}] @Denied: (Full) (Everyone) "Model"=dword:00000092 "Therad"=dword:00000001 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d, df,1c,2f,3b,8a,0a,32,11,89,01,b5,d4,ad,be,af,c7,ac,81,43,42,df,67,86,56,7b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):83,d9,4b,20,00,7f,47,58,72,2d,f3,33,1d,a0,51,29,70,e9,92,38,0d, 30,3a,9a,94,b8,fb,b9,07,7e,24,a1,6a,ff,62,20,7d,1a,49,19,00,00,00,00,00,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(676) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3408-) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe c:\windows\system32\Ati2evxx.exe . ************************************************************************ . Completion time: 2010-05-03 18:39:43 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-03 16:39 ComboFix2.txt 2010-05-01 15:17 ComboFix3.txt 2010-04-30 19:06 ComboFix4.txt 2009-12-06 15:48 ComboFix5.txt 2010-05-03 16:14 Pre-Run: 2,545,303,552 bytes free Post-Run: 2,639,151,104 bytes free - - End Of File - - 506C664ABF7001EC4083D70B8070A776

Profil

dr_Bora Poslao: 03 Maj 2010 19:01 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Restartuj PC i postavi još jedan svež ComboFix log.

Profil

maki170582 Poslao: 03 Maj 2010 19:29 Idi na vrh
offline maki170582 Građanin Pridružio: 11 Avg 2008 Poruke: 65 Gde živiš: Vancouver	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 03 Maj 2010 19:16 hocu evo sada... sada mi je prijavio c:system volume information/_restore{9896F155-968E-4374.../A0059950.sys evo sada cu uraditi novi log!! Dopuna: 03 Maj 2010 19:29 [Link mogu videti samo ulogovani korisnici] ComboFix 10-05-02.03 - test 05/03/2010 19:21:03.6.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.159 [GMT 2:00] Running from: c:\documents and settings\test\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 ))))))))))))))))))))))))))))))) . 2010-05-03 17:19 . 2010-05-03 17:20 -------- d-----w- C:\32788R22FWJFW 2010-05-01 15:29 . 2009-08-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll 2010-04-30 18:59 . 2004-08-03 22:56 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2010-04-30 18:59 . 2004-08-03 22:56 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-04-30 18:25 . 2010-04-30 18:25 -------- d-----w- c:\documents and settings\test\Local Settings\Application Data\ESET 2010-04-30 17:45 . 2010-04-30 17:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-04-29 08:25 . 2010-04-29 08:25 -------- d-----w- c:\documents and settings\Administrator.TESTERI-26A99C5\Local Settings\Application Data\Opera 2010-04-27 20:12 . 2010-04-27 20:12 -------- d-----w- c:\documents and settings\Administrator.TESTERI-26A99C5\Application Data\DivX 2010-04-19 12:59 . 2010-04-19 12:59 255472 ----a-w- c:\documents and settings\test\Application Data\Mozilla\plugins\npgoogletalk.dll 2010-04-18 11:10 . 2010-04-18 11:10 -------- d-----w- C:\NOD_upd 2010-04-18 11:09 . 2010-04-18 11:09 -------- d-----w- c:\program files\ESET 2010-04-18 11:09 . 2010-04-18 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-01 20:53 . 2009-03-30 15:24 10 ----a-w- c:\windows\popcinfo.dat 2010-05-01 20:36 . 2009-03-29 16:36 -------- d-----w- c:\documents and settings\test\Application Data\Skype 2010-05-01 16:33 . 2009-03-29 16:38 -------- d-----w- c:\documents and settings\test\Application Data\skypePM 2010-04-27 20:40 . 2004-08-03 22:56 1032192 ----a-w- c:\windows\explorer.exe 2010-04-27 20:40 . 2009-03-29 20:26 -------- d-----w- c:\documents and settings\test\Application Data\uTorrent 2010-04-27 20:15 . 2009-03-29 18:20 -------- d-----w- c:\program files\Unlocker 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-02 12:59 . 2010-03-02 12:59 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-02 12:59 . 2010-03-02 12:59 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-02 12:58 . 2009-05-10 00:07 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-03-02 12:58 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll . ((((((((((((((((((((((((((((( SnapShot_2010-04-30_19.02.48 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-03 17:19 . 2010-05-03 17:19 16384 c:\windows\Temp\Perflib_Perfdata_e8.dat + 2009-03-29 15:36 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll + 2009-03-29 15:36 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe - 2009-03-29 21:18 . 2006-09-25 15:58 14640 c:\windows\system32\spmsg.dll + 2009-03-29 21:18 . 2008-03-20 12:41 14640 c:\windows\system32\spmsg.dll + 2010-05-01 15:29 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2004-08-03 22:56 . 2005-05-04 12:45 15360 c:\windows\system32\msisip.dll + 2004-08-03 22:56 . 2005-05-04 12:45 78848 c:\windows\system32\msiexec.exe + 2004-08-03 20:59 . 2004-08-03 20:59 49536 c:\windows\system32\drivers\cdrom.sys + 2009-03-29 15:36 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll + 2009-03-29 15:36 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2004-08-03 22:56 . 2005-05-04 12:45 15360 c:\windows\system32\dllcache\msisip.dll + 2004-08-03 22:56 . 2005-05-04 12:45 78848 c:\windows\system32\dllcache\msiexec.exe + 2004-08-03 22:56 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll + 2004-08-03 22:56 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll + 2009-03-29 15:36 . 2009-08-06 17:23 209624 c:\windows\system32\wuweb.dll + 2009-03-29 15:36 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll + 2009-03-29 15:36 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll + 2010-05-01 15:29 . 2009-08-06 17:23 575704 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.4.7600.226\wuapi.dll - 2004-08-03 22:56 . 2004-08-03 22:56 884736 c:\windows\system32\msimsg.dll + 2004-08-03 22:56 . 2005-05-04 12:45 884736 c:\windows\system32\msimsg.dll + 2004-08-03 22:56 . 2005-05-04 12:45 271360 c:\windows\system32\msihnd.dll + 2009-03-29 15:36 . 2009-08-06 17:23 209624 c:\windows\system32\dllcache\wuweb.dll + 2009-03-29 15:36 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2009-03-29 15:36 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll - 2004-08-03 22:56 . 2004-08-03 22:56 884736 c:\windows\system32\dllcache\msimsg.dll + 2004-08-03 22:56 . 2005-05-04 12:45 884736 c:\windows\system32\dllcache\msimsg.dll + 2004-08-03 22:56 . 2005-05-04 12:45 271360 c:\windows\system32\dllcache\msihnd.dll + 2009-03-29 15:36 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll + 2004-08-03 22:56 . 2005-05-04 12:45 2890240 c:\windows\system32\msi.dll + 2008-03-20 16:06 . 2008-03-20 16:06 1480232 c:\windows\system32\LegitCheckControl.dll + 2009-03-29 15:36 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll + 2004-08-03 22:56 . 2005-05-04 12:45 2890240 c:\windows\system32\dllcache\msi.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-11-07 19:31 135664 ----atw- c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-02 12:58 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2009-12-16 21:02 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Documents and Settings\\test\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\test\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Opera\\opera.exe"= "$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/11/2009 7:26 AM 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/11/2009 7:24 AM 735960] S2 gupdate1c9dee19208e8a;Google Update Service (gupdate1c9dee19208e8a);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2009 5:37 PM 133104] S3 FXDRV;FXDRV;\??\g:\fxdrv.sys --> g:\Fxdrv.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/29/2009 11:32 PM 682232] . Contents of the 'Scheduled Tasks' folder 2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 15:37] 2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 15:37] 2010-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1801674531-1003Core.job - c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 19:31] 2010-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1801674531-1003UA.job - c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 19:31] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - c:\progra~1\MI699F~1\Office10\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2010-05-03 19:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{56d3df43-34d8-483c-8ecd-a6fe3ba4b11b}] @Denied: (Full) (Everyone) "Model"=dword:00000092 "Therad"=dword:00000001 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d, df,1c,2f,3b,8a,0a,32,11,89,01,b5,d4,ad,be,af,c7,ac,81,43,42,df,67,86,56,7b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):83,d9,4b,20,00,7f,47,58,72,2d,f3,33,1d,a0,51,29,70,e9,92,38,0d, 30,3a,9a,94,b8,fb,b9,07,7e,24,a1,6a,ff,62,20,7d,1a,49,19,00,00,00,00,00,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(672) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2356) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-05-03 19:27:21 ComboFix-quarantined-files.txt 2010-05-03 17:27 ComboFix2.txt 2010-05-03 16:39 ComboFix3.txt 2010-05-01 15:17 ComboFix4.txt 2010-04-30 19:06 ComboFix5.txt 2010-05-03 17:20 Pre-Run: 2,087,706,624 bytes free Post-Run: 2,055,536,640 bytes free - - End Of File - - 633EA4C629496B711BE6A1CA1F6E1083

Profil

dr_Bora Poslao: 03 Maj 2010 19:40 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo sada izgleda ok. Detektuje li sada NOD nešto što ne može da obriše?

Profil

maki170582 Poslao: 03 Maj 2010 23:07 Idi na vrh
offline maki170582 Građanin Pridružio: 11 Avg 2008 Poruke: 65 Gde živiš: Vancouver	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nod mi narandzst i pokazuje mi da moram updatovati windows, pored toga mi pokazuje da c:system volume information/?restore{9896F155-968E-4374.../A0059951.sys nemoze izbrisati!!!!!!! Sta dalje profesore?

Profil

dr_Bora Poslao: 04 Maj 2010 00:06 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Isključi i zatim ponovo uključi System Restore: [Link mogu videti samo ulogovani korisnici] Nakon ovoga više ne bi trebalo biti te gornje detekcije.

Profil

maki170582 Poslao: 26 Maj 2010 19:38 Idi na vrh
offline maki170582 Građanin Pridružio: 11 Avg 2008 Poruke: 65 Gde živiš: Vancouver	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kako da uninstall combofix i gmer??

Profil

dr_Bora Poslao: 26 Maj 2010 19:56 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Gmer i ostale korišćene programe možeš obrisati.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc hitno potrebna!

Ko je trenutno na forumu

Ukupno su 1076 korisnika na forumu :: 107 registrovanih, 9 sakrivenih i 960 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 100jan, 357magnum, Abebe Bikila, Aleksandar_1980, alternator, Avalon015, babaroga, bbrasnjo3, Bojan198527, bojankrstc, bojanstros9, bojcistv, BraneS, BWG, Cigi, coaaco, cojapop, Dimitrise93, Djordje29, Dorcolac, Dovla, Dovla 1980, drgrozozo, dukajov, Electron, esx66, Georgius, gobrad, HrcAk47, ibssa, ILGromovnik, ivan979, Jose, Još malo pa deda, kaskadija, Koridor, Kosmos Banja Luka, Kruger, Krusarac, Kubovac, Kukuvaja, kybonacci, Lester Freamon, Lieutenant, ljubo70, lucko1, M74AB3, maiden6657, Marko Marković, Marko1238, mean_machine, Mercury, Metanoja, Miki01, milenko crazy north, mnn2, momcilob55, mrav pesadinac, Mravojed, nazgul75, neko iz mase, nelezele, nevjerna beba, niksa517, nnnnnnnnnn, Novakomp, novator, Oscar, OtacMakarije, Panter, Peruta, pirke96, Povratak1912, predragc, proka89, RajkoB, Raso75, rednap, rodoljub, sajorg, samocitam, Sančo, SD izvidjac, Shilok, Shinobi, Sirius, skvara, Smajser, sokars, sova72, SOVO515, Sr.Stat., Stoilkovic, strelac07, trajkoni018, Tvrtko I, vathra, Velizar Laro, vidra boy, W123, Weteran, Yellow Pinky, Yugol33, zdrebac, |_MeD_|, Žrnov, Đurđevdan

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by