MyCity » Ambulanta -> Arhiva Ambulante » Virus ili???

Virus ili???

Napisano na dan: 6.2.2009

Strana:
1
2

Virus ili???

Pagination

Prethodna strana

Odgovori

Strana:
1
2

spalekus Poslao: 09 Feb 2009 18:50 Idi na vrh
offline spalekus Građanin Pridružio: 07 Jun 2008 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: ComboFix 09-02-06.04 - Administrator 2009-02-07 23:10:19.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.106 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: AVG 7.5.552 On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\windows\system\wmisvmgr.exe c:\windows\system\wmisvr.exe c:\windows\system32\gs.exe c:\windows\system32\gx.exe c:\windows\system32\nx.exe c:\windows\system32\qx.exe c:\windows\system32\wh.exe c:\windows\system32\xz.exe c:\windows\system32\za.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system\wmisvmgr.exe c:\windows\system\wmisvr.exe c:\windows\system32\drivers\sysdrv32.sys c:\windows\system32\gs.exe c:\windows\system32\gx.exe c:\windows\system32\nx.exe c:\windows\system32\qx.exe c:\windows\system32\wh.exe c:\windows\system32\xz.exe c:\windows\system32\za.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SYSDRV32 -------\Legacy_WMISMGR -------\Legacy_WMISRV -------\Service_sysdrv32 -------\Service_WMISMGR -------\Service_WMISRV ((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 ))))))))))))))))))))))))))))))) . 2009-02-07 18:07 . 2009-02-07 18:07 <DIR> d-------- c:\windows\system32\xircom 2009-02-07 18:07 . 2009-02-07 18:07 <DIR> d-------- c:\program files\microsoft frontpage 2009-02-07 15:09 . 2009-02-07 15:09 54,156 --ah----- c:\windows\QTFont.qfn 2009-02-07 15:09 . 2009-02-07 15:09 1,409 --a------ c:\windows\QTFont.for 2009-02-07 09:01 . 2009-02-07 09:01 250 --a------ c:\windows\gmer.ini 2009-02-07 07:09 . 2009-02-07 18:48 <DIR> d-------- c:\windows\fix 2009-02-04 01:09 . 2009-02-04 01:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Search 2009-02-04 01:07 . 2009-02-04 01:07 <DIR> d-------- c:\windows\system32\GroupPolicy 2009-02-04 01:07 . 2009-02-04 07:37 <DIR> d-------- c:\program files\Windows Desktop Search 2009-02-04 01:07 . 2007-09-27 10:46 23,856 --a------ c:\windows\system32\spupdsvc.exe 2009-02-04 01:06 . 2009-02-04 01:06 <DIR> d-------- c:\windows\system32\DllCache 2009-02-04 01:06 . 2009-02-04 01:06 <DIR> d--h----- c:\windows\$hf_mig$ 2009-02-04 01:06 . 2008-03-07 17:56 192,000 --------- c:\windows\system32\DllCache\offfilt.dll 2009-02-04 01:06 . 2008-03-07 17:56 98,304 --------- c:\windows\system32\DllCache\nlhtml.dll 2009-02-04 01:06 . 2008-03-07 17:56 29,696 --------- c:\windows\system32\DllCache\mimefilt.dll 2009-02-04 01:05 . 2009-02-04 01:05 <DIR> d-------- c:\program files\MSECache 2009-01-21 18:41 . 2009-01-21 18:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\zweitgeist 2009-01-09 22:29 . 2009-01-13 19:42 <DIR> d-------- c:\documents and settings\Administrator\Shared 2009-01-09 22:29 . 2009-01-13 19:42 <DIR> d-------- c:\documents and settings\Administrator\Incomplete 2009-01-09 22:29 . 2009-01-13 19:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\LimeWire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-07 17:51 --------- d-----w c:\program files\Gran Paradiso 2009-02-07 08:20 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-02-06 10:45 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7 2009-02-05 21:26 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype 2009-02-05 17:22 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM 2009-01-22 15:53 --------- d-----w c:\program files\Canon 2009-01-07 22:12 --------- d-----w c:\program files\Common Files\ACD Systems 2009-01-07 22:12 --------- d-----w c:\program files\ACD Systems 2009-01-07 22:12 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2009-01-01 12:20 --------- d-----w c:\program files\Netscape 2009-01-01 11:54 --------- d-----w c:\program files\Apple Software Update 2008-12-29 14:53 --------- d-----w c:\program files\PhotoScape 2008-12-29 14:33 --------- d-----w c:\program files\Google 2008-12-28 13:46 --------- d-----w c:\program files\Common Files\Adobe 2008-12-23 13:53 --------- d-----w c:\documents and settings\Administrator\Application Data\CD-LabelPrint 2008-12-23 11:53 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys 2008-12-21 11:07 --------- d-----w c:\documents and settings\Administrator\Application Data\FastStone 2008-12-21 11:06 --------- d-----w c:\program files\FastStone Capture 2008-12-21 10:03 --------- d-----w c:\documents and settings\Administrator\Application Data\Publish Providers 2008-12-21 09:56 --------- d-----w c:\program files\Vstplugins 2008-12-21 09:56 --------- d-----w c:\program files\Sony 2008-12-21 08:03 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony 2008-12-21 07:42 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony Setup 2008-12-19 01:05 --------- d-----w c:\program files\Common Files\Skype 2008-12-18 06:11 --------- d-----w c:\program files\Opera 2008-12-17 08:13 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ 2008-12-17 07:20 --------- d-----w c:\program files\BearPaw 1200CU Plus 2008-12-17 07:19 --------- d-----w c:\program files\Temp 2008-12-16 23:01 --------- d-----w c:\program files\Sony Setup 2008-12-16 22:55 --------- d-----w c:\program files\CoffeeCup Software 2008-06-07 12:00 88 -csh--r c:\documents and settings\All Users\Application Data\A4845040EE.sys 2008-06-07 12:00 2,516 -csha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys . ------- Sigcheck ------- 2007-04-21 13:21 360576 bd8686216e34e22c4ed45a2320b2bea1 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "WilSpoolProxy"="c:\program files\Unimessage Pro\WilCap.exe" [2004-08-13 77824] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-29 39408] "AOL Instant Messenger (TM)"="c:\program files\Netscape\Communicator\Program\AIM\aim.exe" [1998-02-25 18944] "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-16 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ff_acm.acm "VIDC.ACDV"= ACDV.dll "MSACM.VOXACM118"= vdk32118.acm "MSACM.NSX83"= nsx83p32.acm "MSACM.NSX723"= sx5363s.acm "MSACM.NSPAC"= NSPAC32.ACM [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2007-10-11 15872] R2 WILPAR;Wordcraft Parallel Driver;c:\windows\system32\drivers\WILPAR.SYS [2007-06-13 23008] R2 wilusbmonitor;Unimessage Printer Tracking Service;c:\windows\system32\wilpmove.exe [2007-06-13 77824] R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [2008-01-23 11256] R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [2008-01-23 16696] S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [2008-01-23 18168] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f905e00-daf6-11dd-869f-001d9271d11e}] \Shell\AutoRun\command - G:\RavMon.exe \Shell\explore\Command - G:\RavMon.exe -e \Shell\open\Command - G:\RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe418022-3429-11dc-9847-001617d60841}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs . Contents of the 'Scheduled Tasks' folder 2009-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1659004503-682003330-500.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 14:05] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.jasatomic.org.rs/ uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = .local;<local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4k1xvwji.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.jasatomic.org.rs/ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npaudio.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npavi32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\nplau32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npnul32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPQTW32.DLL FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npswf32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPVCAL32.DLL . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-07 23:14:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,5e,ee,2c,b3,65, c0,6c,2f,c8,28,51,af,b0,29,a3,98,af,91,4b,5c,be,6c,31,6b,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,0a,40,28,a0,1c, bd,0e,fc,71,3b,04,66,8b,46,0d,96,25,cb,dc,02,60,b9,d9,72,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e3,92,5d,ed,6e, 31,4d,ef,25,da,ec,7e,55,20,c9,26,53,f6,e5,7d,00,ec,97,56,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,3b,ec,8f,63,93, 19,95,bc,3e,1e,9e,e0,57,5a,93,61,72,11,90,0f,19,4f,9d,64,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,94,87,4e,4b,e1, 17,f8,4a,cd,44,cd,b9,a6,33,6c,cd,f8,ae,30,b0,39,93,fa,45,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,b6,0f,e5,db,e1, 4a,83,2e,b0,18,ed,a7,3f,8d,37,a4,87,55,4c,b4,ef,15,cf,7c,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,3b,b2,c2,46,55, d6,09,f3,31,77,e1,ba,b1,f8,68,02,eb,6c,36,a6,d3,5c,a1,69,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,2c,96,4e,0d,3e, b8,7f,30,83,6c,56,8b,a0,85,96,ab,16,c3,4a,50,cc,f0,53,2d,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,29,af,01,1c,b5, ee,aa,8b,51,fa,6e,91,28,9e,14,cc,27,ab,6f,6e,df,ad,12,ff,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,7d,d6,11,16,6b, f1,16,5a,b1,cd,45,5a,a8,c4,f8,b9,65,cf,70,76,f7,b2,90,57,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c4,7f,7e,8a,32, 27,ee,b9,e3,0e,66,d5,eb,bc,2f,6b,39,6d,60,65,29,05,6a,ea,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,b7,3a,78,db,26, a5,00,8e,fa,ea,66,7f,d4,3b,6b,70,a1,1a,1e,9c,d9,ae,59,90,6c,43,2d,1e,aa,22,\ . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\scardsvr.exe c:\windows\system32\rundll32.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-02-07 23:17:54 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-07 22:17:52 ComboFix2.txt 2009-02-07 17:50:15 Pre-Run: 28.469.141.504 bytes free Post-Run: 28,453,216,256 bytes free 300 Dopuna: 08 Feb 2009 17:45 Posle svih "akcija" sada računar radi dobro, pa koristim priliku da vam se zahvalim. Dopuna: 08 Feb 2009 19:49 Na žalost, pri prvom pokretanju Opere primetio sam da računar ponovo ne radi kako bi trebalo, pa sam ponovo pustio Ad-aware i na slici je prikazano šta je pronašao. Dopuna: 09 Feb 2009 2:16 Upravo sam završio ponovno skeniranje računara te vam prosleđujem nalaze. mycity.rs/must-login.png Dopuna: 09 Feb 2009 18:50 Da li ste to zaboravili na mene i moj problem ili mi nema pomoći pa vam je teško da mi to saopštite?

Profil

dr_Bora Poslao: 09 Feb 2009 20:51 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Izvini zbog čekanja. Kolega je zauzet, stoga ću ja da ''preuzmem'' temu. Zamolio bih te da dvoklikom pokreneš ComboFix i ovde postaviš log koji dobiješ.

Profil

spalekus Poslao: 09 Feb 2009 21:19 Idi na vrh
offline spalekus Građanin Pridružio: 07 Jun 2008 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-02-06.04 - Administrator 2009-02-09 21:09:01.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.150 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: AVG 7.5.552 On-access scanning enabled (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\sysdrv32.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SYSDRV32 -------\Service_sysdrv32 ((((((((((((((((((((((((( Files Created from 2009-01-09 to 2009-02-09 ))))))))))))))))))))))))))))))) . 2009-02-09 00:02 . 2009-02-09 00:04 <DIR> d-------- c:\program files\RegCleaner 2009-02-08 23:12 . 2009-02-08 23:12 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-08 21:08 . 2009-02-08 21:08 <DIR> d-------- c:\program files\Opera 2009-02-08 17:37 . 2009-02-08 17:37 519,168 --a------ c:\windows\system32\kb.exe 2009-02-08 17:35 . 2009-02-08 17:35 519,168 --a------ c:\windows\system32\lx.exe 2009-02-08 13:12 . 2009-02-08 13:12 519,168 --a------ c:\windows\system32\tn.exe 2009-02-08 11:50 . 2009-02-08 11:50 519,168 -r-hs---- c:\windows\system\wmisync.exe 2009-02-07 18:07 . 2009-02-07 18:07 <DIR> d-------- c:\windows\system32\xircom 2009-02-07 18:07 . 2009-02-07 18:07 <DIR> d-------- c:\program files\microsoft frontpage 2009-02-07 09:01 . 2009-02-08 20:36 250 --a------ c:\windows\gmer.ini 2009-02-07 07:09 . 2009-02-09 19:26 <DIR> d-------- c:\windows\fix 2009-02-04 01:09 . 2009-02-04 01:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Search 2009-02-04 01:07 . 2009-02-04 01:07 <DIR> d-------- c:\windows\system32\GroupPolicy 2009-02-04 01:07 . 2009-02-04 07:37 <DIR> d-------- c:\program files\Windows Desktop Search 2009-02-04 01:07 . 2007-09-27 10:46 23,856 --a------ c:\windows\system32\spupdsvc.exe 2009-02-04 01:06 . 2009-02-04 01:06 <DIR> d-------- c:\windows\system32\DllCache 2009-02-04 01:06 . 2009-02-04 01:06 <DIR> d--h----- c:\windows\$hf_mig$ 2009-02-04 01:06 . 2008-03-07 17:56 192,000 --------- c:\windows\system32\DllCache\offfilt.dll 2009-02-04 01:06 . 2008-03-07 17:56 98,304 --------- c:\windows\system32\DllCache\nlhtml.dll 2009-02-04 01:06 . 2008-03-07 17:56 29,696 --------- c:\windows\system32\DllCache\mimefilt.dll 2009-02-04 01:05 . 2009-02-04 01:05 <DIR> d-------- c:\program files\MSECache 2009-01-21 18:41 . 2009-01-21 18:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\zweitgeist 2009-01-09 22:29 . 2009-01-13 19:42 <DIR> d-------- c:\documents and settings\Administrator\Shared 2009-01-09 22:29 . 2009-01-13 19:42 <DIR> d-------- c:\documents and settings\Administrator\Incomplete 2009-01-09 22:29 . 2009-01-13 19:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\LimeWire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-09 17:45 --------- d-----w c:\program files\Gran Paradiso 2009-02-09 07:00 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7 2009-02-08 22:12 --------- d-----w c:\program files\Java 2009-02-07 08:20 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-02-05 21:26 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype 2009-02-05 17:22 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM 2009-01-22 15:53 --------- d-----w c:\program files\Canon 2009-01-07 22:12 --------- d-----w c:\program files\Common Files\ACD Systems 2009-01-07 22:12 --------- d-----w c:\program files\ACD Systems 2009-01-07 22:12 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2009-01-01 12:20 --------- d-----w c:\program files\Netscape 2009-01-01 11:54 --------- d-----w c:\program files\Apple Software Update 2008-12-29 14:53 --------- d-----w c:\program files\PhotoScape 2008-12-29 14:33 --------- d-----w c:\program files\Google 2008-12-28 13:46 --------- d-----w c:\program files\Common Files\Adobe 2008-12-23 13:53 --------- d-----w c:\documents and settings\Administrator\Application Data\CD-LabelPrint 2008-12-23 11:53 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys 2008-12-21 11:07 --------- d-----w c:\documents and settings\Administrator\Application Data\FastStone 2008-12-21 11:06 --------- d-----w c:\program files\FastStone Capture 2008-12-21 10:03 --------- d-----w c:\documents and settings\Administrator\Application Data\Publish Providers 2008-12-21 09:56 --------- d-----w c:\program files\Vstplugins 2008-12-21 09:56 --------- d-----w c:\program files\Sony 2008-12-21 08:03 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony 2008-12-21 07:42 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony Setup 2008-12-19 01:05 --------- d-----w c:\program files\Common Files\Skype 2008-12-17 08:13 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ 2008-12-17 07:20 --------- d-----w c:\program files\BearPaw 1200CU Plus 2008-12-17 07:19 --------- d-----w c:\program files\Temp 2008-12-16 23:01 --------- d-----w c:\program files\Sony Setup 2008-12-16 22:55 --------- d-----w c:\program files\CoffeeCup Software 2008-06-07 12:00 88 -csh--r c:\documents and settings\All Users\Application Data\A4845040EE.sys 2008-06-07 12:00 2,516 -csha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys . ------- Sigcheck ------- 2007-04-21 13:21 360576 bd8686216e34e22c4ed45a2320b2bea1 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2009-02-07_18.10.24.59 ))))))))))))))))))))))))))))))))))))))))) . - 2007-09-24 21:30:30 135,168 -c--a-w c:\windows\system32\javaw.exe + 2009-02-08 22:12:43 144,792 ----a-w c:\windows\system32\javaw.exe - 2007-09-24 22:31:42 139,264 -c--a-w c:\windows\system32\javaws.exe + 2009-02-08 22:12:43 148,888 ----a-w c:\windows\system32\javaws.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "WilSpoolProxy"="c:\program files\Unimessage Pro\WilCap.exe" [2004-08-13 77824] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-29 39408] "AOL Instant Messenger (TM)"="c:\program files\Netscape\Communicator\Program\AIM\aim.exe" [1998-02-25 18944] "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-16 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ff_acm.acm "VIDC.ACDV"= ACDV.dll "MSACM.VOXACM118"= vdk32118.acm "MSACM.NSX83"= nsx83p32.acm "MSACM.NSX723"= sx5363s.acm "MSACM.NSPAC"= NSPAC32.ACM [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system\\wmisync.exe"= "c:\\WINDOWS\\System32\\tn.exe"= "c:\\WINDOWS\\System32\\lx.exe"= "c:\\WINDOWS\\System32\\kb.exe"= R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2007-10-11 15872] R2 WILPAR;Wordcraft Parallel Driver;c:\windows\system32\drivers\WILPAR.SYS [2007-06-13 23008] R2 wilusbmonitor;Unimessage Printer Tracking Service;c:\windows\system32\wilpmove.exe [2007-06-13 77824] R2 WMISYNC;Wmi Sync Manager;c:\windows\system\wmisync.exe [2009-02-08 519168] R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [2008-01-23 11256] R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [2008-01-23 16696] R4 sysdrv32;Play Port I/O Driver;c:\windows\system32\drivers\sysdrv32.sys [2009-02-09 11656] S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [2008-01-23 18168] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] --- Other Services/Drivers In Memory --- NewlyCreated - SYSDRV32 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f905e00-daf6-11dd-869f-001d9271d11e}] \Shell\AutoRun\command - G:\RavMon.exe \Shell\explore\Command - G:\RavMon.exe -e \Shell\open\Command - G:\RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe418022-3429-11dc-9847-001617d60841}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs . Contents of the 'Scheduled Tasks' folder 2009-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1659004503-682003330-500.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 14:05] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.jasatomic.org.rs/ uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = .local;<local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4k1xvwji.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.jasatomic.org.rs/ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npaudio.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npavi32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\nplau32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npnul32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPQTW32.DLL FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPVCAL32.DLL . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-09 21:13:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,5e,ee,2c,b3,65, c0,6c,2f,c8,28,51,af,b0,29,a3,98,af,91,4b,5c,be,6c,31,6b,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,0a,40,28,a0,1c, bd,0e,fc,71,3b,04,66,8b,46,0d,96,25,cb,dc,02,60,b9,d9,72,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e3,92,5d,ed,6e, 31,4d,ef,25,da,ec,7e,55,20,c9,26,53,f6,e5,7d,00,ec,97,56,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,3b,ec,8f,63,93, 19,95,bc,3e,1e,9e,e0,57,5a,93,61,72,11,90,0f,19,4f,9d,64,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,94,87,4e,4b,e1, 17,f8,4a,cd,44,cd,b9,a6,33,6c,cd,f8,ae,30,b0,39,93,fa,45,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,b6,0f,e5,db,e1, 4a,83,2e,b0,18,ed,a7,3f,8d,37,a4,87,55,4c,b4,ef,15,cf,7c,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,3b,b2,c2,46,55, d6,09,f3,31,77,e1,ba,b1,f8,68,02,eb,6c,36,a6,d3,5c,a1,69,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,2c,96,4e,0d,3e, b8,7f,30,83,6c,56,8b,a0,85,96,ab,16,c3,4a,50,cc,f0,53,2d,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,29,af,01,1c,b5, ee,aa,8b,51,fa,6e,91,28,9e,14,cc,27,ab,6f,6e,df,ad,12,ff,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,7d,d6,11,16,6b, f1,16,5a,b1,cd,45,5a,a8,c4,f8,b9,65,cf,70,76,f7,b2,90,57,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c4,7f,7e,8a,32, 27,ee,b9,e3,0e,66,d5,eb,bc,2f,6b,39,6d,60,65,29,05,6a,ea,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,b7,3a,78,db,26, a5,00,8e,fa,ea,66,7f,d4,3b,6b,70,a1,1a,1e,9c,d9,ae,59,90,6c,43,2d,1e,aa,22,\ . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\scardsvr.exe c:\program files\Canon\CAL\CALMAIN.exe . ************************************************************************** . Completion time: 2009-02-09 21:16:45 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-09 20:16:42 ComboFix2.txt 2009-02-08 19:59:12 ComboFix3.txt 2009-02-07 22:17:55 ComboFix4.txt 2009-02-07 17:50:15 Pre-Run: 28.365.574.144 bytes free Post-Run: 28,353,437,696 bytes free 295

Profil

dr_Bora Poslao: 09 Feb 2009 22:04 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\kb.exe c:\windows\system32\lx.exe c:\windows\system32\tn.exe c:\windows\system\wmisync.exe KillAll:: DirLook:: c:\windows\fix Driver:: WMISYNC Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\System32\\tn.exe"=- "c:\\WINDOWS\\System32\\lx.exe"=- "c:\\WINDOWS\\System32\\kb.exe"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f905e00-daf6-11dd-869f-001d9271d11e}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe418022-3429-11dc-9847-001617d60841}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

spalekus Poslao: 09 Feb 2009 22:24 Idi na vrh
offline spalekus Građanin Pridružio: 07 Jun 2008 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-02-08.02 - Administrator 2009-02-09 22:13:44.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.162 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: AVG 7.5.552 On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\windows\system\wmisync.exe c:\windows\system32\kb.exe c:\windows\system32\lx.exe c:\windows\system32\tn.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system\wmisync.exe c:\windows\system32\drivers\sysdrv32.sys c:\windows\system32\kb.exe c:\windows\system32\lx.exe c:\windows\system32\tn.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SYSDRV32 -------\Legacy_WMISYNC -------\Service_WMISYNC ((((((((((((((((((((((((( Files Created from 2009-01-09 to 2009-02-09 ))))))))))))))))))))))))))))))) . 2009-02-09 00:02 . 2009-02-09 00:04 <DIR> d-------- c:\program files\RegCleaner 2009-02-08 23:12 . 2009-02-08 23:12 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-08 21:08 . 2009-02-08 21:08 <DIR> d-------- c:\program files\Opera 2009-02-07 18:07 . 2009-02-07 18:07 <DIR> d-------- c:\windows\system32\xircom 2009-02-07 18:07 . 2009-02-07 18:07 <DIR> d-------- c:\program files\microsoft frontpage 2009-02-07 09:01 . 2009-02-08 20:36 250 --a------ c:\windows\gmer.ini 2009-02-07 07:09 . 2009-02-09 21:14 <DIR> d-------- c:\windows\fix 2009-02-04 01:09 . 2009-02-04 01:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Search 2009-02-04 01:07 . 2009-02-04 01:07 <DIR> d-------- c:\windows\system32\GroupPolicy 2009-02-04 01:07 . 2009-02-04 07:37 <DIR> d-------- c:\program files\Windows Desktop Search 2009-02-04 01:07 . 2007-09-27 10:46 23,856 --a------ c:\windows\system32\spupdsvc.exe 2009-02-04 01:06 . 2009-02-04 01:06 <DIR> d-------- c:\windows\system32\DllCache 2009-02-04 01:06 . 2009-02-04 01:06 <DIR> d--h----- c:\windows\$hf_mig$ 2009-02-04 01:06 . 2008-03-07 17:56 192,000 --------- c:\windows\system32\DllCache\offfilt.dll 2009-02-04 01:06 . 2008-03-07 17:56 98,304 --------- c:\windows\system32\DllCache\nlhtml.dll 2009-02-04 01:06 . 2008-03-07 17:56 29,696 --------- c:\windows\system32\DllCache\mimefilt.dll 2009-02-04 01:05 . 2009-02-04 01:05 <DIR> d-------- c:\program files\MSECache 2009-01-21 18:41 . 2009-01-21 18:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\zweitgeist 2009-01-09 22:29 . 2009-01-13 19:42 <DIR> d-------- c:\documents and settings\Administrator\Shared 2009-01-09 22:29 . 2009-01-13 19:42 <DIR> d-------- c:\documents and settings\Administrator\Incomplete 2009-01-09 22:29 . 2009-01-13 19:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\LimeWire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-09 20:17 --------- d-----w c:\program files\Gran Paradiso 2009-02-09 07:00 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7 2009-02-08 22:12 --------- d-----w c:\program files\Java 2009-02-07 08:20 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-02-05 21:26 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype 2009-02-05 17:22 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM 2009-01-22 15:53 --------- d-----w c:\program files\Canon 2009-01-07 22:12 --------- d-----w c:\program files\Common Files\ACD Systems 2009-01-07 22:12 --------- d-----w c:\program files\ACD Systems 2009-01-07 22:12 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr 2009-01-01 12:20 --------- d-----w c:\program files\Netscape 2009-01-01 11:54 --------- d-----w c:\program files\Apple Software Update 2008-12-29 14:53 --------- d-----w c:\program files\PhotoScape 2008-12-29 14:33 --------- d-----w c:\program files\Google 2008-12-28 13:46 --------- d-----w c:\program files\Common Files\Adobe 2008-12-23 13:53 --------- d-----w c:\documents and settings\Administrator\Application Data\CD-LabelPrint 2008-12-23 11:53 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys 2008-12-21 11:07 --------- d-----w c:\documents and settings\Administrator\Application Data\FastStone 2008-12-21 11:06 --------- d-----w c:\program files\FastStone Capture 2008-12-21 10:03 --------- d-----w c:\documents and settings\Administrator\Application Data\Publish Providers 2008-12-21 09:56 --------- d-----w c:\program files\Vstplugins 2008-12-21 09:56 --------- d-----w c:\program files\Sony 2008-12-21 08:03 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony 2008-12-21 07:42 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony Setup 2008-12-19 01:05 --------- d-----w c:\program files\Common Files\Skype 2008-12-17 08:13 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ 2008-12-17 07:20 --------- d-----w c:\program files\BearPaw 1200CU Plus 2008-12-17 07:19 --------- d-----w c:\program files\Temp 2008-12-16 23:01 --------- d-----w c:\program files\Sony Setup 2008-12-16 22:55 --------- d-----w c:\program files\CoffeeCup Software 2008-06-07 12:00 88 -csh--r c:\documents and settings\All Users\Application Data\A4845040EE.sys 2008-06-07 12:00 2,516 -csha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\windows\fix ---- 2009-02-07 05:19 151094 --a------ c:\windows\fix\system.exe 2009-02-07 04:24 151094 --a------ c:\windows\fix\11649 2009-02-07 01:15 150966 --a------ c:\windows\fix\cln.exe 2009-02-06 21:50 150830 --a------ c:\windows\fix\9030 2009-02-06 21:50 150830 --a------ c:\windows\fix\2905 2009-02-06 21:50 150830 --a------ c:\windows\fix\14913 ------- Sigcheck ------- 2007-04-21 13:21 360576 bd8686216e34e22c4ed45a2320b2bea1 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2009-02-07_18.10.24.59 ))))))))))))))))))))))))))))))))))))))))) . - 2007-09-24 21:30:30 135,168 -c--a-w c:\windows\system32\javaw.exe + 2009-02-08 22:12:43 144,792 ----a-w c:\windows\system32\javaw.exe - 2007-09-24 22:31:42 139,264 -c--a-w c:\windows\system32\javaws.exe + 2009-02-08 22:12:43 148,888 ----a-w c:\windows\system32\javaws.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "WilSpoolProxy"="c:\program files\Unimessage Pro\WilCap.exe" [2004-08-13 77824] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-29 39408] "AOL Instant Messenger (TM)"="c:\program files\Netscape\Communicator\Program\AIM\aim.exe" [1998-02-25 18944] "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-16 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ff_acm.acm "VIDC.ACDV"= ACDV.dll "MSACM.VOXACM118"= vdk32118.acm "MSACM.NSX83"= nsx83p32.acm "MSACM.NSX723"= sx5363s.acm "MSACM.NSPAC"= NSPAC32.ACM [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2007-10-11 15872] R2 WILPAR;Wordcraft Parallel Driver;c:\windows\system32\drivers\WILPAR.SYS [2007-06-13 23008] R2 wilusbmonitor;Unimessage Printer Tracking Service;c:\windows\system32\wilpmove.exe [2007-06-13 77824] R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [2008-01-23 11256] R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [2008-01-23 16696] S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [2008-01-23 18168] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1659004503-682003330-500.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 14:05] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.jasatomic.org.rs/ uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = .local;<local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4k1xvwji.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.jasatomic.org.rs/ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npaudio.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npavi32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\nplau32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npnul32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPQTW32.DLL FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPVCAL32.DLL . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-09 22:17:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe c:\windows\system32\rundll32.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\scardsvr.exe c:\program files\Canon\CAL\CALMAIN.exe . ************************************************************************ . Completion time: 2009-02-09 22:20:53 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-09 21:20:50 ComboFix2.txt 2009-02-09 20:16:46 ComboFix3.txt 2009-02-08 19:59:12 ComboFix4.txt 2009-02-07 22:17:55 ComboFix5.txt 2009-02-09 21:13:00 Pre-Run: 28.339.744.768 bytes free Post-Run: 28,325,347,328 bytes free 239

Profil

dr_Bora Poslao: 09 Feb 2009 22:57 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Folder:: c:\windows\fix` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

spalekus Poslao: 09 Feb 2009 23:13 Idi na vrh
offline spalekus Građanin Pridružio: 07 Jun 2008 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-02-08.02 - Administrator 2009-02-09 23:03:10.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.163 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: AVG 7.5.552 On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\fix c:\windows\fix\11649 c:\windows\fix\14913 c:\windows\fix\2905 c:\windows\fix\9030 c:\windows\fix\cln.exe c:\windows\fix\system.exe . ((((((((((((((((((((((((( Files Created from 2009-01-09 to 2009-02-09 ))))))))))))))))))))))))))))))) . 2009-02-09 00:02 . 2009-02-09 00:04 <DIR> d-------- c:\program files\RegCleaner 2009-02-08 23:12 . 2009-02-08 23:12 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-08 21:08 . 2009-02-08 21:08 <DIR> d-------- c:\program files\Opera 2009-02-07 18:07 . 2009-02-07 18:07 <DIR> d-------- c:\windows\system32\xircom 2009-02-07 18:07 . 2009-02-07 18:07 <DIR> d-------- c:\program files\microsoft frontpage 2009-02-07 09:01 . 2009-02-08 20:36 250 --a------ c:\windows\gmer.ini 2009-02-04 01:09 . 2009-02-04 01:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Search 2009-02-04 01:07 . 2009-02-04 01:07 <DIR> d-------- c:\windows\system32\GroupPolicy 2009-02-04 01:07 . 2009-02-04 07:37 <DIR> d-------- c:\program files\Windows Desktop Search 2009-02-04 01:07 . 2007-09-27 10:46 23,856 --a------ c:\windows\system32\spupdsvc.exe 2009-02-04 01:06 . 2009-02-04 01:06 <DIR> d-------- c:\windows\system32\DllCache 2009-02-04 01:06 . 2009-02-04 01:06 <DIR> d--h----- c:\windows\$hf_mig$ 2009-02-04 01:06 . 2008-03-07 17:56 192,000 --------- c:\windows\system32\DllCache\offfilt.dll 2009-02-04 01:06 . 2008-03-07 17:56 98,304 --------- c:\windows\system32\DllCache\nlhtml.dll 2009-02-04 01:06 . 2008-03-07 17:56 29,696 --------- c:\windows\system32\DllCache\mimefilt.dll 2009-02-04 01:05 . 2009-02-04 01:05 <DIR> d-------- c:\program files\MSECache 2009-01-21 18:41 . 2009-01-21 18:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\zweitgeist 2009-01-09 22:29 . 2009-01-13 19:42 <DIR> d-------- c:\documents and settings\Administrator\Shared 2009-01-09 22:29 . 2009-01-13 19:42 <DIR> d-------- c:\documents and settings\Administrator\Incomplete 2009-01-09 22:29 . 2009-01-13 19:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\LimeWire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-09 21:21 --------- d-----w c:\program files\Gran Paradiso 2009-02-09 07:00 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7 2009-02-08 22:12 --------- d-----w c:\program files\Java 2009-02-07 08:20 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-02-05 21:26 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype 2009-02-05 17:22 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM 2009-01-22 15:53 --------- d-----w c:\program files\Canon 2009-01-07 22:12 --------- d-----w c:\program files\Common Files\ACD Systems 2009-01-07 22:12 --------- d-----w c:\program files\ACD Systems 2009-01-07 22:12 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr 2009-01-01 12:20 --------- d-----w c:\program files\Netscape 2009-01-01 11:54 --------- d-----w c:\program files\Apple Software Update 2008-12-29 14:53 --------- d-----w c:\program files\PhotoScape 2008-12-29 14:33 --------- d-----w c:\program files\Google 2008-12-28 13:46 --------- d-----w c:\program files\Common Files\Adobe 2008-12-23 13:53 --------- d-----w c:\documents and settings\Administrator\Application Data\CD-LabelPrint 2008-12-23 11:53 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys 2008-12-21 11:07 --------- d-----w c:\documents and settings\Administrator\Application Data\FastStone 2008-12-21 11:06 --------- d-----w c:\program files\FastStone Capture 2008-12-21 10:03 --------- d-----w c:\documents and settings\Administrator\Application Data\Publish Providers 2008-12-21 09:56 --------- d-----w c:\program files\Vstplugins 2008-12-21 09:56 --------- d-----w c:\program files\Sony 2008-12-21 08:03 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony 2008-12-21 07:42 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony Setup 2008-12-19 01:05 --------- d-----w c:\program files\Common Files\Skype 2008-12-17 08:13 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ 2008-12-17 07:20 --------- d-----w c:\program files\BearPaw 1200CU Plus 2008-12-17 07:19 --------- d-----w c:\program files\Temp 2008-12-16 23:01 --------- d-----w c:\program files\Sony Setup 2008-12-16 22:55 --------- d-----w c:\program files\CoffeeCup Software 2008-06-07 12:00 88 -csh--r c:\documents and settings\All Users\Application Data\A4845040EE.sys 2008-06-07 12:00 2,516 -csha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys . ------- Sigcheck ------- 2007-04-21 13:21 360576 bd8686216e34e22c4ed45a2320b2bea1 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2009-02-07_18.10.24.59 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-09 22:07:18 16,384 ----atw c:\windows\system32\config\systemprofile\Local Settings\temp\Perflib_Perfdata_4d4.dat - 2007-09-24 21:30:30 135,168 -c--a-w c:\windows\system32\javaw.exe + 2009-02-08 22:12:43 144,792 ----a-w c:\windows\system32\javaw.exe - 2007-09-24 22:31:42 139,264 -c--a-w c:\windows\system32\javaws.exe + 2009-02-08 22:12:43 148,888 ----a-w c:\windows\system32\javaws.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "WilSpoolProxy"="c:\program files\Unimessage Pro\WilCap.exe" [2004-08-13 77824] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-29 39408] "AOL Instant Messenger (TM)"="c:\program files\Netscape\Communicator\Program\AIM\aim.exe" [1998-02-25 18944] "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-16 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ff_acm.acm "VIDC.ACDV"= ACDV.dll "MSACM.VOXACM118"= vdk32118.acm "MSACM.NSX83"= nsx83p32.acm "MSACM.NSX723"= sx5363s.acm "MSACM.NSPAC"= NSPAC32.ACM [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2007-10-11 15872] R2 WILPAR;Wordcraft Parallel Driver;c:\windows\system32\drivers\WILPAR.SYS [2007-06-13 23008] R2 wilusbmonitor;Unimessage Printer Tracking Service;c:\windows\system32\wilpmove.exe [2007-06-13 77824] R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [2008-01-23 11256] R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [2008-01-23 16696] S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [2008-01-23 18168] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1659004503-682003330-500.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 14:05] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.jasatomic.org.rs/ uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = .local;<local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4k1xvwji.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.jasatomic.org.rs/ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npaudio.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npavi32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\nplau32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npnul32.dll FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPQTW32.DLL FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPVCAL32.DLL . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-09 23:07:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,5e,ee,2c,b3,65, c0,6c,2f,c8,28,51,af,b0,29,a3,98,af,91,4b,5c,be,6c,31,6b,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,0a,40,28,a0,1c, bd,0e,fc,71,3b,04,66,8b,46,0d,96,25,cb,dc,02,60,b9,d9,72,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e3,92,5d,ed,6e, 31,4d,ef,25,da,ec,7e,55,20,c9,26,53,f6,e5,7d,00,ec,97,56,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,3b,ec,8f,63,93, 19,95,bc,3e,1e,9e,e0,57,5a,93,61,72,11,90,0f,19,4f,9d,64,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,94,87,4e,4b,e1, 17,f8,4a,cd,44,cd,b9,a6,33,6c,cd,f8,ae,30,b0,39,93,fa,45,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,b6,0f,e5,db,e1, 4a,83,2e,b0,18,ed,a7,3f,8d,37,a4,87,55,4c,b4,ef,15,cf,7c,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,3b,b2,c2,46,55, d6,09,f3,31,77,e1,ba,b1,f8,68,02,eb,6c,36,a6,d3,5c,a1,69,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,2c,96,4e,0d,3e, b8,7f,30,83,6c,56,8b,a0,85,96,ab,16,c3,4a,50,cc,f0,53,2d,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,29,af,01,1c,b5, ee,aa,8b,51,fa,6e,91,28,9e,14,cc,27,ab,6f,6e,df,ad,12,ff,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,7d,d6,11,16,6b, f1,16,5a,b1,cd,45,5a,a8,c4,f8,b9,65,cf,70,76,f7,b2,90,57,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c4,7f,7e,8a,32, 27,ee,b9,e3,0e,66,d5,eb,bc,2f,6b,39,6d,60,65,29,05,6a,ea,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,b7,3a,78,db,26, a5,00,8e,fa,ea,66,7f,d4,3b,6b,70,a1,1a,1e,9c,d9,ae,59,90,6c,43,2d,1e,aa,22,\ . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\scardsvr.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2009-02-09 23:10:53 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-09 22:10:50 ComboFix2.txt 2009-02-09 21:20:55 ComboFix3.txt 2009-02-09 20:16:46 ComboFix4.txt 2009-02-08 19:59:12 ComboFix5.txt 2009-02-09 22:02:43 Pre-Run: 28.307.460.096 bytes free Post-Run: 28,294,176,768 bytes free 284

Profil

dr_Bora Poslao: 10 Feb 2009 16:08 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje?

Profil

spalekus Poslao: 10 Feb 2009 18:50 Idi na vrh
offline spalekus Građanin Pridružio: 07 Jun 2008 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mada sam danas malo radio na računaru mislim da je sve u redu. Doduše nisam ponovo skenirao računar jer sam čekao odgovor od Vas. Znam da nije mnogo i da Vam neće pomoći ali ja Vam se od srca zahvaljujem na pomoći, pogotovo što sam saznao da vi i vaše kolege ovo radite čisto na dobrovoljnoj osnovi. Hvala!

Profil

dr_Bora Poslao: 10 Feb 2009 19:37 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Molim... Potrebno je da uradiš sledeće: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore I time smo gotovi. Ukoliko bude nekih problema, javi se u temi...

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virus ili???

Ko je trenutno na forumu

Ukupno su 1164 korisnika na forumu :: 40 registrovanih, 6 sakrivenih i 1118 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, aleksmajstor, aramis s, Ben Roj, bestguarder, bojcistv, bokisha253, cifra, darcaud, dekan.m, dekao, E_Kurir, Georgius, goxin, Krusarac, lord sir giga, Lucije Kvint, mercedesamg, mgolub, milenko crazy north, Milometer, milos97, MiroslavD, mrav pesadinac, MrNo, nikoladim, Nobunaga, NoOneEver Dreams, nuke92, Parker, pein, proka89, repac, Snorks, Viktor Petrenko, Vlada1389, wolf431, yufighter, YugoSlav, zdrebac

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by