MyCity » Ambulanta -> Arhiva Ambulante » Straašno uspooren računar

Straašno uspooren računar

Napisano na dan: 9.10.2009

Strana:
1
2
3

Straašno uspooren računar

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

rradovan Poslao: 11 Okt 2009 18:26 Idi na vrh
offline rradovan Građanin Pridružio: 15 Dec 2008 Poruke: 177 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini molim te, ja sam bas neznalica, ali nije mi jasno uputstvo ili moja masina ne funkcionise standardno: - Pokrenut Catchme i predjem na Script, istovremeno se pojavi crni ekran na kome su valjda rezultati skeniranja i beli ekran Catch 0.3 sa dve kartice Files i Script. Na Files mu kazem Run i on obavi neko skeniranje (hidden processes i hiddne files... ), koji saljem na kraju ove poruke. Na Script mu kazem Run, a on veli Script comman not found. Ne znam gde je to sto kazes files C:WINDOWS/system32/drivesr/atapi.sys. Ne znam sta je to zavrsetak procesa i nema nigde file catchme.zip catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-10-11 18:09:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\n\20] "DisplayName"="\x2d28\x731\x2d28\x731\1" "DeviceDesc"="\x2d28\x731\x2d28\x731\1" "ProviderName"="\x27d4\20\xee18\x7c90\x2844\20\b" "MFG"="\x7f0" "DeviceInstanceIds"=str(7):"e:\software\drivers\chipset_inf\smdrv\smbus\smbusati.inf" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0

Profil

magna86 Poslao: 11 Okt 2009 18:56 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok,samo polako..idemo ponovo,ali molim te pazljivo citaj uputstvo! magna86 :: Preuzmi Catchme i sacuvaj ga na Desktop Dvoklikom pokreni catchme.exe i predi na Script tab. U (beli) prozor programa iskopiraj tekst koji se nalazi unutar kod polja: `files: C:\WINDOWS\system32\drivers\atapi.sys` Klikni na taster Run Kada se pojavi poruka sa obavestenjem, klikni OK Po zavrsetku procesa, na Desktop-u ce se nalaziti file catchme.zip Upload-uj ga preko sledece forme: http://www.mycity.rs/ambulanta-upload.php _______________________________________________________ Znaci....ovako: rradovan ::Pokrenut Catchme i predjem na Script, istovremeno se pojavi crni ekran na kome su valjda rezultati skeniranja i beli ekran Catch 0.3 sa dve kartice Files i Script. Znaci ponovo pokreni Cachme program,ignorisi taj "crni prozor" i fokusiraj se samo na "beli prozor" rradovan ::Na Script mu kazem Run, a on veli Script comman not found. Lepo kaze,komanda nije nadjena jer je nisi kopirao. Znaci... Klikni gore na Script i tamo iskopiraj ovaj tekst koji sam dole oznacio: `files: C:\WINDOWS\system32\drivers\atapi.sys` E sad klikni na Run Na Desktop-u ce se "napraviti" Zipovan file koji ce se zvati catchme.zip Taj file uploaduj ga preko sledece forme: http://www.mycity.rs/ambulanta-upload.php

Profil

rradovan Poslao: 11 Okt 2009 19:37 Idi na vrh
offline rradovan Građanin Pridružio: 15 Dec 2008 Poruke: 177 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Opet ja ne umem: U Script prozor iskopiram files: C:\WINDOWS\system32\drivers\atapi.sys i kazem mu Run, a on veli Script command not found.

Profil

magna86 Poslao: 11 Okt 2009 21:48 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 11 Okt 2009 21:46 Ok...hajde ovako probamo ovako: samo pazljivo citaj uputstvo! Idi Start >> Run i tamo kopiraj sledece: `"%userprofile%\desktop\catchme.exe" -c C:\WINDOWS\system32\drivers\atapi.sys C:\file.bak` pa klikni OK Onda na C Particiji nadji file.bak ( C:\file.bak ) Taj file ( C:\file.bak ) uploaduj preko ovog linka: http://www.mycity.rs/ambulanta-upload.php Takodje,na Desktopu ti se mora pojaviti catchme.log Iskoristi opciju Prikaci fajl i zakaci catchme.log Dopuna: 11 Okt 2009 21:48 Jos nesto: Program Catchme mora biti na Desktopu da bi postupak radio.

Profil

rradovan Poslao: 12 Okt 2009 01:20 Idi na vrh
offline rradovan Građanin Pridružio: 15 Dec 2008 Poruke: 177 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obavljeno Upload catchme.log i C:\file.bak. Ako je od značaja, fajl atapi.sys mogu da vidim u drivers, ako ga tražim kroz my computer, explorer itd, ali ga nema kad ga tražim kroz gmer.

Profil

magna86 Poslao: 12 Okt 2009 10:57 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Ok,bitno je da smo uspeli Idemo dalje: Skini ovaj File na Desktop https://www.mycity.rs/must-login.png Pokreni ga dvoklikom i otvorice ti se notepad. Obrisi sve sto se tu nalazi i kopiraj sledece: `[boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect` Klikni gore na X Kad se pojavi upit klikni na Yes Restartuj kompjuter i javi mi da li ti se i dalje javlja ova poruka koju si naveo? Citat:kad se diže sistem na crnom ekranu za trenutak napiše - Invalid BOOT.INI file.

Profil

rradovan Poslao: 12 Okt 2009 17:58 Idi na vrh
offline rradovan Građanin Pridružio: 15 Dec 2008 Poruke: 177 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 12 Okt 2009 12:39 Uradjeno - više nema poruke Invalid BOOT.INI file, izgleda sve u redu. Dopuna: 12 Okt 2009 17:58 Instalirana Recovery Console, CF prvo apdejtovan i uradio test: ComboFix 09-10-11.03 - RR 10/12/2009 17:28.22.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1241 [GMT 2:00] Running from: c:\documents and settings\RR\Desktop\New Folder\ComboFix.exe AV: AVG On-access scanning disabled (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . G:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 ))))))))))))))))))))))))))))))) . 2009-10-11 01:47 . 1998-05-11 20:01 12496 ----a-w- c:\windows\system\vbas.dll 2009-10-11 01:47 . 1996-08-24 11:11 398416 ----a-w- c:\windows\system32\Vbrun300.dll 2009-10-11 01:45 . 2009-10-11 01:45 -------- d-----w- C:\askola 2009-10-11 01:45 . 2009-10-11 01:45 -------- d-----w- c:\program files\aSkola 2009-10-11 01:45 . 2009-10-11 01:45 -------- d-----w- c:\documents and settings\RR\WINDOWS 2009-10-01 01:28 . 2009-10-11 23:57 -------- d-----w- c:\program files\Updates 2009-09-30 14:28 . 2009-10-12 04:03 -------- d-----w- C:\Downloads 2009-09-24 01:48 . 2009-09-24 01:48 -------- d-----w- c:\program files\Advanced System Optimizer 2009-09-24 01:07 . 2009-09-24 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak 2009-09-24 01:06 . 2009-09-24 01:48 -------- d-----w- c:\documents and settings\RR\Application Data\Systweak 2009-09-24 01:05 . 2009-09-24 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\MyDefrag 2009-09-24 00:51 . 2009-09-24 23:59 -------- d-----w- c:\documents and settings\RR\Application Data\CBS Interactive 2009-09-19 18:29 . 2001-08-17 11:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys 2009-09-19 18:29 . 2001-08-17 11:48 17664 ----a-w- c:\windows\system32\drivers\sermouse.sys 2009-09-13 16:11 . 2009-01-09 10:46 33632 ----a-w- c:\windows\system32\DfSdkBt.exe 2009-09-13 16:10 . 2009-09-13 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\page 2009-09-13 15:52 . 2009-01-09 10:46 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-12 15:20 . 2007-12-22 13:48 -------- d-----w- c:\documents and settings\RR\Application Data\Skype 2009-10-12 15:20 . 2008-02-12 14:56 -------- d-----w- c:\documents and settings\RR\Application Data\uTorrent 2009-10-12 15:04 . 2009-09-09 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon 2009-10-12 14:48 . 2009-07-14 12:41 -------- d-----w- c:\documents and settings\RR\Application Data\vlc 2009-10-12 14:04 . 2007-12-22 13:50 -------- d-----w- c:\documents and settings\RR\Application Data\skypePM 2009-10-12 12:44 . 2007-12-22 15:19 10 -c--a-w- c:\windows\popcinfo.dat 2009-10-12 10:47 . 2009-07-18 00:37 2417 ----a-w- c:\program files\USDownloader.lst 2009-10-12 10:47 . 2009-07-18 00:33 2625 ----a-w- c:\program files\USDownloader.ini 2009-10-12 10:46 . 2009-09-30 14:25 92782 ----a-w- c:\program files\USDownloader.log 2009-10-12 10:34 . 2009-07-18 00:37 2417 ----a-w- c:\program files\USDownloader.lst1.bak 2009-10-12 10:04 . 2008-11-19 14:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-12 09:15 . 2009-07-18 00:37 2417 ----a-w- c:\program files\USDownloader.lst2.bak 2009-10-12 08:49 . 2009-07-18 00:37 2417 ----a-w- c:\program files\USDownloader.lst3.bak 2009-10-12 08:23 . 2009-07-18 00:37 2417 ----a-w- c:\program files\USDownloader.lst4.bak 2009-10-12 07:57 . 2009-07-18 00:37 2417 ----a-w- c:\program files\USDownloader.lst5.bak 2009-10-12 07:31 . 2009-07-18 00:37 2417 ----a-w- c:\program files\USDownloader.lst6.bak 2009-10-12 07:05 . 2009-07-18 00:37 2417 ----a-w- c:\program files\USDownloader.lst7.bak 2009-10-12 06:39 . 2009-07-18 00:37 2417 ----a-w- c:\program files\USDownloader.lst8.bak 2009-10-12 06:13 . 2009-07-18 00:37 2417 ----a-w- c:\program files\USDownloader.lst9.bak 2009-10-12 01:59 . 2009-03-23 15:08 -------- d-----w- c:\program files\Everything 2009-10-11 23:57 . 2005-12-31 17:39 -------- d-----w- c:\program files\Plugins 2009-10-10 01:31 . 2008-05-03 20:07 -------- d-----w- c:\documents and settings\RR\Application Data\dvdcss 2009-10-07 14:40 . 2007-12-22 02:53 -------- d-----w- c:\program files\TimeLeft3 2009-10-07 02:24 . 2008-10-28 16:35 -------- d-----w- c:\documents and settings\RR\Application Data\LimeWire 2009-09-14 09:58 . 2009-09-09 03:12 -------- d-----w- c:\documents and settings\RR\Application Data\Babylon 2009-09-13 15:48 . 2009-08-22 10:21 -------- d-----w- c:\program files\Ashampoo 2009-09-09 22:01 . 2008-06-01 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-09 15:23 . 2009-09-09 02:58 -------- d-----w- c:\program files\myBabylon_English5 2009-09-09 03:12 . 2009-09-09 03:12 -------- d-----w- c:\program files\myBabylon_English 2009-09-09 03:12 . 2009-09-09 03:12 -------- d-----w- c:\program files\Babylon 2009-09-05 14:57 . 2009-07-30 15:39 -------- d-----w- c:\documents and settings\RR\Application Data\Windows Desktop Search 2009-09-05 14:51 . 2008-01-30 02:28 -------- d-----w- c:\program files\SpeedFan 2009-09-03 09:24 . 2009-04-22 12:12 -------- d-----w- c:\program files\DAP 2009-09-02 15:30 . 2009-09-01 09:04 -------- d-----w- c:\program files\The KMPlayer 2009-08-31 23:20 . 2009-08-31 23:15 -------- d-----w- c:\program files\Kmplayer Plus 2009-08-22 13:12 . 2009-08-22 10:22 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo 2009-08-22 10:24 . 2008-04-10 14:35 -------- d-----w- c:\documents and settings\RR\Application Data\Ashampoo 2009-08-22 09:54 . 2009-08-22 09:25 -------- d-----w- c:\documents and settings\RR\Application Data\StarBurn 2009-08-22 09:22 . 2009-08-22 09:22 -------- d-----w- c:\program files\SkyMediaPack 2009-08-22 09:22 . 2009-08-22 09:22 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-21 17:41 . 2008-01-27 13:42 -------- d-----w- c:\documents and settings\RR\Application Data\IObit 2009-08-21 17:41 . 2009-02-22 15:42 -------- d-----w- c:\documents and settings\RR\Application Data\Any Video Converter 2009-08-21 17:41 . 2009-02-22 15:14 -------- d-----w- c:\documents and settings\RR\Application Data\Any Video Converter Professional 2009-08-21 17:41 . 2009-04-03 08:19 -------- d-----w- c:\program files\superdvd 2009-08-21 17:41 . 2009-02-22 15:42 -------- d-----w- c:\program files\Any Video Converter 2009-08-21 04:49 . 2008-08-13 14:16 -------- d-----w- c:\program files\IObit 2009-08-19 03:09 . 2009-02-04 11:08 -------- d-----r- c:\program files\Skype 2009-08-19 03:09 . 2007-12-22 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-08-15 19:49 . 2008-11-14 23:26 -------- d-----w- c:\documents and settings\RR\Application Data\ACD Systems 2009-08-15 19:48 . 2007-12-22 02:42 -------- d-----w- c:\program files\Common Files\ACD Systems 2009-08-15 19:48 . 2009-08-15 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems 2009-08-15 19:48 . 2009-08-15 19:48 -------- d-----w- c:\program files\ACD Systems 2009-08-15 19:35 . 2009-08-05 03:25 -------- d-----w- c:\program files\P2P_Torrent 2009-08-15 19:01 . 2007-12-22 01:37 69632 -c--a-w- c:\documents and settings\RR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-14 00:01 . 2008-01-16 11:44 -------- d-----w- c:\program files\AusLogics Disk Defrag 2009-08-13 23:47 . 2007-12-22 19:35 -------- d-----w- c:\program files\Google 2009-08-06 16:13 . 2009-08-06 16:13 604488 ----a-w- c:\windows\system32\TUProgSt.exe 2009-08-06 16:13 . 2009-08-06 16:13 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-08-05 09:01 . 2004-08-03 22:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-26 01:38 . 2009-07-26 01:32 720896 ----a-w- c:\windows\iun6002ev.exe 2009-07-26 01:32 . 2009-07-26 01:31 922214 ----a-w- c:\program files\splitter_setup.exe 2009-07-18 00:33 . 2009-07-18 00:33 506 --sha-w- c:\program files\USDownloader.exe.manifest 2009-07-18 00:28 . 2009-07-18 00:27 8030016 ----a-w- c:\program files\USDownloader135.zip 2009-07-17 19:01 . 2004-08-03 22:56 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-15 09:48 . 2009-08-06 16:13 29000 ----a-w- c:\windows\system32\uxtuneup.dll 2009-05-28 16:32 . 2009-05-28 16:32 530432 ----a-w- c:\program files\USDownloader.exe . ((((((((((((((((((((((((((((( SnapShot@2009-10-09_18.33.21 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-12 10:04 . 2009-10-12 10:04 16384 c:\windows\Temp\Perflib_Perfdata_2e8.dat + 2007-12-23 18:42 . 1999-03-23 07:12 299520 c:\windows\uninst.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P1.dll" [2009-08-05 2215960] "{98fb0482-4317-4435-a4bc-f9783aa43071}"= "c:\program files\myBabylon_English5\tbmyB0.dll" [2009-07-02 2215960] [HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}] [HKEY_CLASSES_ROOT\clsid\{98fb0482-4317-4435-a4bc-f9783aa43071}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98fb0482-4317-4435-a4bc-f9783aa43071}] 2009-07-02 08:18 2215960 ----a-w- c:\program files\myBabylon_English5\tbmyB0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}] 2009-08-05 04:27 2215960 ----a-w- c:\program files\P2P_Torrent\tbP2P1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P1.dll" [2009-08-05 2215960] "{98fb0482-4317-4435-a4bc-f9783aa43071}"= "c:\program files\myBabylon_English5\tbmyB0.dll" [2009-07-02 2215960] [HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}] [HKEY_CLASSES_ROOT\clsid\{98fb0482-4317-4435-a4bc-f9783aa43071}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-09-04 25623336] "DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-09-03 2799104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-08-03 3730832] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-01-11 15961088] c:\documents and settings\RR\Start Menu\Programs\Startup\ TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2007-12-22 1996984] Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0sasnative32 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^RR^Start Menu^Programs^Startup^FrostWire On Startup.lnk] backup=c:\windows\pss\FrostWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^RR^Start Menu^Programs^Startup^ppcb_32.lnk] backup=c:\windows\pss\ppcb_32.lnkStartup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Device Detector"=DevDetect.exe -autorun [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Documents and Settings\\RR\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/20/2008 12:11 PM 33800] R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [8/22/2009 11:22 AM 95592] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/20/2008 12:08 PM 472320] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [8/6/2009 6:13 PM 604488] S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [8/23/2001 12:00 PM 3584] S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [9/13/2009 6:11 PM 410976] S3 EuMusDesignVirtualAudioCableWdm_lcs;Breakaway Pipeline (WDM);c:\windows\system32\DRIVERS\vaclcskd.sys --> c:\windows\system32\DRIVERS\vaclcskd.sys [?] S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [10/19/2008 5:05 PM 36928] S3 w89c940;Winbond W89C940 PCI Ethernet Adapter Driver;c:\windows\system32\drivers\w940nd.sys [12/22/2007 12:52 AM 16925] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-10-12 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54] 2009-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-527237240-725345543-1003Core.job - c:\documents and settings\RR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 11:13] 2009-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-527237240-725345543-1003UA.job - c:\documents and settings\RR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 11:13] . . ------- Supplementary Scan ------- . uStart Page = uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm FF - ProfilePath - c:\documents and settings\RR\Application Data\Mozilla\Firefox\Profiles\zk5243q7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll FF - plugin: c:\documents and settings\RR\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\RR\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-10-12 17:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(844) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-10-12 17:39 ComboFix-quarantined-files.txt 2009-10-12 15:38 ComboFix2.txt 2009-10-09 21:35 ComboFix3.txt 2009-10-09 18:39 Pre-Run: 9,141,960,704 bytes free Post-Run: 9,178,677,248 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect 237 --- E O F --- 2009-09-09 22:04

Profil

dr_Bora Poslao: 12 Okt 2009 18:09 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Ja se izvinjavam kolegi zbog ubacivanja u temu, no pošto je ovo bitno, ne želim da gubimo vreme. Sada kada je Recovery Console instalirana, primetićeš da ti se pri paljenju računara nakratko pojavljuje ekran na kome možeš izabrati da li želiš pokrenuti Windows ili Recovery console (kao na [url=https://www.mycity.rs/must-login.png slici[/url]). Trebaćeš zapisati donje komande na papir. Obrati pažnju na razmake koji postoje. Ako je bilo šta nejasno, slobodno reci. Restartuj računar i korišćenjem strelica na tastaturi izaberi stavku (da bela linija bude na njoj): Microsoft Windows Recovery Console Zatim pritisni Enter. Da ne bi zakasnio sa pritiskanjem strelice (na dole), možeš je odmah početi lagano pritiskati čim se računar upali (čim vidiš prvu sliku na monitoru). Nakon ovoga će započeti pokretanje Recovery Console (potrajaće do pola minuta). Zatim će se pojaviti sledeći upit: Citat:1: C:\Windows Which Windows installation would you like to log onto (To cancel, press ENTER)? Sada treba da ukucaš: 1 i pritisneš Enter. Zatim se može pojaviti sledeći upit: Citat:Type the Administrator password: Ako koristiš šifru za logovanje u Windows, ukucaj je i pritisni Enter. Ako ne koristiš šifru, samo pritisni Enter. Zatim će na ekranu biti prikazano sledeće: C:\Windows> Sada kucaj redom (jednu po jednu) sledeće komande i potvrdi svaku sa Enter: cd system32 cd drivers copy atapi.sys atapi.bad Nakon ovoga će se pojaviti obaveštenje da je file kopiran: 1 file(s) copied. Sad još treba da ukucaš exit kako bi se računar restartovao. Sve ovo će tebi da izgleda otprilike ovako: Znači, ti kucaš ono što je podvučeno žutim linijama i svaku komandu potvrdiš sa Enter. U osnovi, vrlo je jednostavno i potrajaće nekih 2-3 minuta. Nakon što se Windows normalno pokrene, upload-uj file: C:\WINDOWS\system32\drivers\atapi.bad preko ovog linka: http://www.mycity.rs/ambulanta-upload.php Čim pregledamo file, krenućemo na rešavanje ovoga.

Profil

rradovan Poslao: 12 Okt 2009 18:29 Idi na vrh
offline rradovan Građanin Pridružio: 15 Dec 2008 Poruke: 177 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poslat upload atapi.bad.

Profil

dr_Bora Poslao: 12 Okt 2009 18:37 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ispratio si postupak sa Recovery Console? Sve prošlo kako je bilo planirano? Hajde ponovi Gmer skeniranje (ono prvo, na Rootkit/malware tabu - pre skeniranja proveri da opcija Only non-MS files nije čekirana).

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Straašno uspooren računar

Ko je trenutno na forumu

Ukupno su 1038 korisnika na forumu :: 12 registrovanih, 2 sakrivenih i 1024 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: babaroga, drimer, hyla, JohnnyBoii, Koca Popovic, oldtimer, operniki, raso76, Sass Drake, Trpe Grozni, vladulns, VP6919

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by