MyCity » Ambulanta -> Arhiva Ambulante » avast nece ili ne moze da obrise virus. molim za pomoc.

avast nece ili ne moze da obrise virus. molim za pomoc.

Napisano na dan: 28.7.2009

Strana:
1
2
3

avast nece ili ne moze da obrise virus. molim za pomoc.

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

bibendum Poslao: 28 Jul 2009 21:50 Idi na vrh
offline bibendum Građanin Pridružio: 01 Jul 2009 Poruke: 42	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:43:03, on 28.7.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\FrostWire\FrostWire.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\korisnik\Desktop\six.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ask.com/?o=101677&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F877597C-FCF1-4C90-895A-589AF897DCF4}: NameServer = 87.250.98.250 208.68.222.222 O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: fca (eaf) - Unknown owner - C:\WINDOWS\system32\i\J002.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: soft Service (Service) - Unknown owner - C:\WINDOWS\system32\i\J003.exe O23 - Service: Windows Color Service (WcsSrv) - Unknown owner - C:\Program Files\Common Files\Svc.exe -- End of file - 5862 bytes vec par dana me zeza kompjuter kad se konektujem na internet. avast me upozorava da imam virus i poslije par minuta zablokira mi internet, pa moram da restartujem komp da bi mogo ponovo da se konektujem. pokusavo sam da izbrisem virus,al` izgleda avast ne moze da ga obrise. hvala u naprijed.

Profil

dr_Bora Poslao: 28 Jul 2009 23:23 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Da li bi mogao na prepišeš nazive detektovanih file-ova ili da napraviš screenshot na kome se to vidi? Preuzmi SysProt AntiRootkit sa sledeće stranice: SysProt downlaod Na strani koja se otvori treba kliknuti "here" link. Raspakuj arhivu u neki folder; dvoklikom pokreni program i pređi na Log karticu; štikliraj svih osam stavki i klikni Create log; nakon određenog vremena će se pojaviti upit u kome treba obeležiti Scan root drive only i kliknuti Start; po završetku skeniranja pojaviće se obaveštenje koje treba zatvoriti klikom na OK; log će biti sačuvan u istom folderu u kome se nalazi i sam program. Priloži kreirani log uz poruku korišćenjem opcije Prikači fajl.

Profil

bibendum Poslao: 28 Jul 2009 23:41 Idi na vrh
offline bibendum Građanin Pridružio: 01 Jul 2009 Poruke: 42	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! SysProt AntiRootkit v1.0.1.0 by swatkat **************************************************************************************** ************************************************************************************** No Hidden Processes found ************************************************************************************** ************************************************************************************** Kernel Modules: Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Service Name: --- Module Base: EF759000 Module End: EF771000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS Service Name: --- Module Base: F8A62000 Module End: F8A64000 Hidden: Yes ************************************************************************************** ************************************************************************************** SSDT: Function Name: ZwClose Address: EF7796B8 Driver Base: EF771000 Driver End: EF792000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwCreateKey Address: EF779574 Driver Base: EF771000 Driver End: EF792000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwDeleteValueKey Address: EF779A52 Driver Base: EF771000 Driver End: EF792000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwDuplicateObject Address: EF77914C Driver Base: EF771000 Driver End: EF792000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwOpenKey Address: EF77964E Driver Base: EF771000 Driver End: EF792000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwOpenProcess Address: EF77908C Driver Base: EF771000 Driver End: EF792000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwOpenThread Address: EF7790F0 Driver Base: EF771000 Driver End: EF792000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwQueryValueKey Address: EF77976E Driver Base: EF771000 Driver End: EF792000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwRestoreKey Address: EF77972E Driver Base: EF771000 Driver End: EF792000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwSetValueKey Address: EF7798AE Driver Base: EF771000 Driver End: EF792000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS ************************************************************************************** ************************************************************************************** No Kernel Hooks found ************************************************************************************** ************************************************************************************** No IRP Hooks found ************************************************************************************** ************************************************************************************** Ports: Local Address: KORISNIK-F4BA11:3798 Remote Address: 61.160.216.6:6800 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: ESTABLISHED Local Address: KORISNIK-F4BA11:3771 Remote Address: HB-IN-F137.GOOGLE.COM:HTTP Type: TCP Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe State: CLOSE_WAIT Local Address: KORISNIK-F4BA11:3769 Remote Address: HB-IN-F103.GOOGLE.COM:HTTP Type: TCP Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe State: LAST_ACK Local Address: KORISNIK-F4BA11:3766 Remote Address: HB-IN-F101.GOOGLE.COM:HTTP Type: TCP Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe State: LAST_ACK Local Address: KORISNIK-F4BA11:3757 Remote Address: HB-IN-F101.GOOGLE.COM:HTTP Type: TCP Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe State: LAST_ACK Local Address: KORISNIK-F4BA11:3746 Remote Address: 80.255.4.206:HTTP Type: TCP Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe State: LAST_ACK Local Address: KORISNIK-F4BA11:3737 Remote Address: USER-514D2B3D.L1.C2.DSL.POL.CO.UK:15248 Type: TCP Process: C:\Program Files\FrostWire\FrostWire.exe State: ESTABLISHED Local Address: KORISNIK-F4BA11:3736 Remote Address: CPE-76-173-46-60.SOCAL.RES.RR.COM:32058 Type: TCP Process: C:\Program Files\FrostWire\FrostWire.exe State: ESTABLISHED Local Address: KORISNIK-F4BA11:3735 Remote Address: CPE-74-75-48-244.MAINE.RES.RR.COM:27908 Type: TCP Process: C:\Program Files\FrostWire\FrostWire.exe State: ESTABLISHED Local Address: KORISNIK-F4BA11:3694 Remote Address: C-71-202-112-75.HSD1.CA.COMCAST.NET:38812 Type: TCP Process: C:\Program Files\FrostWire\FrostWire.exe State: ESTABLISHED Local Address: KORISNIK-F4BA11:3220 Remote Address: WSIP-24-234-134-146.LV.LV.COX.NET:24770 Type: TCP Process: C:\Program Files\FrostWire\FrostWire.exe State: ESTABLISHED Local Address: KORISNIK-F4BA11:2092 Remote Address: A92-122-213-112.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP Type: TCP Process: C:\Program Files\Java\jre6\bin\jusched.exe State: CLOSE_WAIT Local Address: KORISNIK-F4BA11:12143 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe State: LISTENING Local Address: KORISNIK-F4BA11:12119 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe State: LISTENING Local Address: KORISNIK-F4BA11:12110 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe State: LISTENING Local Address: KORISNIK-F4BA11:12080 Remote Address: LOCALHOST:3770 Type: TCP Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe State: ESTABLISHED Local Address: KORISNIK-F4BA11:12080 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe State: LISTENING Local Address: KORISNIK-F4BA11:12025 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe State: LISTENING Local Address: KORISNIK-F4BA11:5152 Remote Address: LOCALHOST:1879 Type: TCP Process: C:\Program Files\Java\jre6\bin\jqs.exe State: CLOSE_WAIT Local Address: KORISNIK-F4BA11:5152 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Java\jre6\bin\jqs.exe State: LISTENING Local Address: KORISNIK-F4BA11:3770 Remote Address: LOCALHOST:12080 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: KORISNIK-F4BA11:1885 Remote Address: LOCALHOST:1884 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: KORISNIK-F4BA11:1884 Remote Address: LOCALHOST:1885 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: KORISNIK-F4BA11:1876 Remote Address: LOCALHOST:1875 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: KORISNIK-F4BA11:1875 Remote Address: LOCALHOST:1876 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: KORISNIK-F4BA11:1030 Remote Address: LOCALHOST:1029 Type: TCP Process: C:\Program Files\FrostWire\FrostWire.exe State: ESTABLISHED Local Address: KORISNIK-F4BA11:1029 Remote Address: LOCALHOST:1030 Type: TCP Process: C:\Program Files\FrostWire\FrostWire.exe State: ESTABLISHED Local Address: KORISNIK-F4BA11:NETBIOS-SSN Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: KORISNIK-F4BA11:45100 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\FrostWire\FrostWire.exe State: LISTENING Local Address: KORISNIK-F4BA11:5403 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\FrostWire\FrostWire.exe State: LISTENING Local Address: KORISNIK-F4BA11:MICROSOFT-DS Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: KORISNIK-F4BA11:EPMAP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: KORISNIK-F4BA11:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: KORISNIK-F4BA11:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: KORISNIK-F4BA11:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: KORISNIK-F4BA11:1877 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: KORISNIK-F4BA11:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: KORISNIK-F4BA11:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: KORISNIK-F4BA11:138 Remote Address: NA Type: UDP Process: System State: NA Local Address: KORISNIK-F4BA11:NETBIOS-NS Remote Address: NA Type: UDP Process: System State: NA Local Address: KORISNIK-F4BA11:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: KORISNIK-F4BA11:5403 Remote Address: NA Type: UDP Process: C:\Program Files\FrostWire\FrostWire.exe State: NA Local Address: KORISNIK-F4BA11:4500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: KORISNIK-F4BA11:1980 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: KORISNIK-F4BA11:1886 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: KORISNIK-F4BA11:1861 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: KORISNIK-F4BA11:1860 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: KORISNIK-F4BA11:1720 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: KORISNIK-F4BA11:500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: KORISNIK-F4BA11:MICROSOFT-DS Remote Address: NA Type: UDP Process: System State: NA ************************************************************************************** **************************************************************************************** Hidden files/folders: Object: C:\Documents and Settings\korisnik\Desktop\Sve\nove\Roger Sanchez (Bang That Box - Laidback Rmx on Daft Punk mashup) + Bodyrox feat. Luciana (Brave New World) + Joey Negro (Must Be The Music - Fasano Mix on Moby mashup) [Jay Amato PODCAST 3AS1 short mix-u Status: Hidden Object: C:\System Volume Information\MountPointManagerRemoteDatabase Status: Access denied Object: C:\System Volume Information\tracking.log Status: Access denied Object: C:\System Volume Information\_restore{E63ACD2A-69E3-447C-90FE-5967A0E50442} Status: Access denied

Profil

dr_Bora Poslao: 28 Jul 2009 23:59 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi The Avenger na Desktop. Raspakuj arhivu u neki folder Dvoklikom pokreni avenger.exe Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa: `Folders to delete: C:\WINDOWS\system32\i Files to delete: C:\Program Files\Common Files\Svc.exe Drivers to delete: eaf Service WcsSrv` Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u Iskopiraj sadržaj dobijenog loga u temu na forumu.

Profil

bibendum Poslao: 29 Jul 2009 22:42 Idi na vrh
offline bibendum Građanin Pridružio: 01 Jul 2009 Poruke: 42	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 29 Jul 2009 22:37 Logfile of The Avenger Version 2.0, (c) by Swandog46 swandog46.geekstogo.com Platform: Windows XP ***************** Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Rootkit scan active. No rootkits found! Folder "C:\WINDOWS\system32\i" deleted successfully. File "C:\Program Files\Common Files\Svc.exe" deleted successfully. Driver "eaf" deleted successfully. Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\Service" not found! Deletion of driver "Service" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "WcsSrv" deleted successfully. Completed script processing. ***************** Finished! Terminate. Dopuna: 29 Jul 2009 22:42 evo sta mi pise avast Pronadjen je malware! ime datoteke C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KT2BOV4J\scanner[1].dll ime maware-a Win32:Siveras-B [Expl] tip malwara-a Exploit VPS verzija 090729-0, 29.07.2009

Profil

dr_Bora Poslao: 29 Jul 2009 23:44 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odradi sada skeniranje avast-om. Detektuje li nešto što ne može da obriše? Preuzmi program DDS sa ovog, ovog ili ovog linka na Desktop. Dvoklikom pokreni DDS; nakon par minuta će se pojaviti poruka o završetku procesa i otvoriće se dva izveštaja; snimi oba izveštaja na Desktop (izborom File > Save As); dvoklikom otvori DDS.txt i iskopiraj sadržaj u temu; file Attach.txt priloži uz poruku korišćenjem opcije Prikači fajl. Napomena: u slučaju da zaštitni softver omete DDS u radu, privremeno deaktiviraj isti (uputstvo) i ponovo pokreni DDS.

Profil

bibendum Poslao: 30 Jul 2009 07:50 Idi na vrh
offline bibendum Građanin Pridružio: 01 Jul 2009 Poruke: 42	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 30 Jul 2009 7:45 sve ko i dosad DDS (Ver_09-06-26.01) - NTFSx86 Run by korisnik at 7:41:41,73 on cet 30.07.2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.87 [GMT 2:00] AV: avast! antivirus 4.8.1335 [VPS 090729-1] On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k VaultSrv C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\FrostWire\FrostWire.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\korisnik\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.ask.com/?o=101677&l=dis mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q= uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd mRun: [D-Link AirPlus G] c:\program files\d-link\airplus g\AirGCFG.exe mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\korisnik\startm~1\programs\startup\frostw~1.lnk - c:\program files\frostwire\FrostWire.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab TCP: {F877597C-FCF1-4C90-895A-589AF897DCF4} = 87.250.98.250 208.67.222.222 Notify: AtiExtEvent - Ati2evxx.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\korisnik\applic~1\mozilla\firefox\profiles\coy493u0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101677&l=dis FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q= FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-25 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-25 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-25 138680] R2 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);c:\windows\system32\drivers\tcpz-x86d.sys [2009-7-28 12136] R2 VaultSrv;Credential Manager Service;c:\windows\system32\svchost.exe -k VaultSrv [2004-8-4 14336] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-25 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-25 352920] =============== Created Last 30 ================ 2009-07-30 07:41 <DIR> --d-h--- c:\windows\PIF 2009-07-30 07:39 220,029 a------- c:\windows\system32\crdtsrv.dll 2009-07-28 19:43 873,984 a------- c:\windows\system32\libmysql.dll 2009-07-28 10:14 12,136 a------- c:\windows\system32\drivers\tcpz-x86d.sys 2009-07-28 10:14 101,888 ---sh--- c:\windows\system32\comptres.dll 2009-07-27 19:35 <DIR> --d----- c:\program files\Autodesk 2009-07-27 19:35 12,464 a------- c:\windows\system32\drivers\CDAC15BA.SYS 2009-07-27 19:35 <DIR> --d----- c:\program files\common files\Macrovision Shared 2009-07-27 19:35 54,784 a------- c:\windows\system32\drivers\CDAC11BA.EXE 2009-07-27 19:35 <DIR> --d----- c:\program files\AnswerWorks 4.0 2009-07-27 19:34 <DIR> --d----- C:\Programme 2009-07-27 19:34 <DIR> --d----- c:\program files\common files\Autodesk Shared 2009-07-27 19:34 <DIR> --d----- c:\docume~1\korisnik\applic~1\Autodesk 2009-07-27 19:30 <DIR> --d----- c:\program files\AutoCad2004 2009-07-20 19:26 <DIR> --d----- c:\documents and settings\korisnik\Tracing 2009-07-20 19:11 <DIR> --d----- c:\program files\Microsoft 2009-07-20 19:10 <DIR> --d----- c:\program files\Windows Live SkyDrive 2009-07-20 18:34 <DIR> --d----- c:\program files\common files\Windows Live 2009-07-20 16:39 <DIR> --d----- c:\program files\YouTube Downloader 2009-07-18 09:10 <DIR> --d----- c:\docume~1\korisnik\applic~1\FrostWire 2009-07-18 09:09 <DIR> --d----- c:\program files\AskSearch 2009-07-18 09:09 <DIR> --d----- c:\program files\AskBarDis 2009-07-18 09:09 <DIR> --d----- c:\program files\FrostWire 2009-07-15 16:52 <DIR> --d----- c:\docume~1\korisnik\applic~1\Participatory Culture Foundation 2009-07-15 16:51 <DIR> --d----- c:\program files\Participatory Culture Foundation 2009-07-15 16:38 79 a------- c:\windows\system32\asr_xeehd 2009-07-13 20:42 79 a------- c:\windows\system32\asr_rhlog 2009-07-08 13:04 79 a------- c:\windows\system32\asr_gondg 2009-07-08 12:20 79 a------- c:\windows\system32\asr_ckfny 2009-07-08 12:10 79 a------- c:\windows\system32\asr_dyhrs 2009-07-03 22:37 664 a------- c:\windows\system32\d3d9caps.dat 2009-07-01 23:35 <DIR> --d----- c:\program files\City Interactive ==================== Find3M ==================== 2009-06-26 00:00 410,984 a------- c:\windows\system32\deploytk.dll 2009-06-24 20:28 5,632 a------- c:\windows\system32\drivers\StarOpen.sys 2009-06-24 12:55 5,058 a------- c:\windows\help\hhcolreg.dat 2009-06-24 12:33 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-06-24 12:05 21,640 a------- c:\windows\system32\emptyregdb.dat 2001-11-23 06:08 712,704 a----r-- c:\windows\inf\other\AUDIO3D.DLL ============= FINISH: 7:42:00,43 =============== mycity.rs/must-login.png Dopuna: 30 Jul 2009 7:47 sve je ko i do sad, jos uvjek izbacuje. Pronadjen je malware! ime datoteke C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KT2BOV4J\scanner[1].dll ime maware-a Win32:Siveras-B [Expl] tip malwara-a Exploit VPS verzija 090729-0, 29.07.2009 Dopuna: 30 Jul 2009 7:50 Pronadjen je malware! ime datoteke C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CH6RA309\scanner[1].dll razlika je u ovom broju ime maware-a Win32:Siveras-B [Expl] tip malwara-a Exploit VPS verzija 090729-0, 29.07.2009

Profil

dr_Bora Poslao: 30 Jul 2009 10:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

bibendum Poslao: 30 Jul 2009 23:51 Idi na vrh
offline bibendum Građanin Pridružio: 01 Jul 2009 Poruke: 42	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-07-29.04 - korisnik 30.07.2009 23:14.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.266 [GMT 2:00] Running from: c:\documents and settings\korisnik\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090729-1] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\AskSearch\bin\DefaultSearch.dll c:\windows\system32\capisrv.dll c:\windows\system32\crdtsrv.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SERVICE ((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 ))))))))))))))))))))))))))))))) . 2009-07-30 17:52 . 2009-07-30 17:55 -------- d-----w- c:\windows\system32\81FR0MLUJV 2009-07-30 16:18 . 2009-07-30 16:18 -------- d-----w- c:\windows\system32\N8R5GQWFEY 2009-07-30 15:14 . 2009-07-30 16:11 -------- d-----w- c:\windows\system32\A64JU1WW2Z 2009-07-30 14:33 . 2009-07-30 15:08 -------- d-----w- c:\windows\system32\1FMZ2NEBD5 2009-07-30 13:13 . 2009-07-30 13:15 -------- d-----w- c:\windows\system32\KE571CDGC2 2009-07-30 13:13 . 2009-07-30 13:13 97792 ------w- c:\windows\system32\cmptes.dll 2009-07-30 13:12 . 2009-07-30 13:13 -------- d-----w- c:\windows\system32\JV33PKTIZY 2009-07-30 05:41 . 2009-07-30 05:41 -------- d--h--w- c:\windows\PIF 2009-07-28 08:14 . 2009-07-30 13:13 12136 ----a-w- c:\windows\system32\drivers\tcpz-x86d.sys 2009-07-28 08:14 . 2009-07-28 08:14 101888 --sh--w- c:\windows\system32\comptres.dll 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\Autodesk 2009-07-27 17:35 . 2009-07-27 17:35 12464 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-07-27 17:35 . 2009-07-27 17:35 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Autodesk 2009-07-27 17:35 . 2009-07-27 17:35 -------- d-----w- c:\program files\AnswerWorks 4.0 2009-07-27 17:34 . 2009-07-27 17:39 -------- d-----w- c:\documents and settings\korisnik\Application Data\Autodesk 2009-07-27 17:34 . 2009-07-27 17:36 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2009-07-27 17:34 . 2009-07-27 17:34 -------- d-----w- C:\Programme 2009-07-27 17:34 . 2009-07-27 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-07-27 17:30 . 2009-07-27 17:30 -------- d-----w- c:\program files\AutoCad2004 2009-07-20 17:26 . 2009-07-30 21:20 -------- d-----w- c:\documents and settings\korisnik\Tracing 2009-07-20 17:11 . 2009-07-20 17:11 -------- d-----w- c:\program files\Microsoft 2009-07-20 17:10 . 2009-07-20 17:10 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-07-20 17:10 . 2009-07-20 17:11 -------- d-----w- c:\program files\Windows Live 2009-07-20 16:34 . 2009-07-20 16:34 -------- d-----w- c:\program files\Common Files\Windows Live 2009-07-20 14:43 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\korisnik\Application Data\GRETECH\GomPlayer\GrLauncher.exe 2009-07-20 14:39 . 2009-07-20 14:39 -------- d-----w- c:\program files\YouTube Downloader 2009-07-18 07:24 . 2009-07-18 07:24 0 ----a-w- c:\documents and settings\korisnik\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe 2009-07-18 07:10 . 2009-07-30 16:46 -------- d-----w- c:\documents and settings\korisnik\Application Data\FrostWire 2009-07-18 07:09 . 2009-07-18 07:09 -------- d-----w- c:\program files\AskSearch 2009-07-18 07:09 . 2009-07-18 07:09 -------- d-----w- c:\program files\AskBarDis 2009-07-18 07:09 . 2009-07-30 16:44 -------- d-----w- c:\program files\FrostWire 2009-07-15 14:52 . 2009-07-15 14:52 -------- d-----w- c:\documents and settings\korisnik\Application Data\Participatory Culture Foundation 2009-07-15 14:51 . 2009-07-15 14:51 -------- d-----w- c:\program files\Participatory Culture Foundation 2009-07-13 14:36 . 2009-07-13 14:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple 2009-07-08 21:08 . 2009-07-08 21:08 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Identities 2009-07-06 14:36 . 2009-07-06 14:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-07-06 04:47 . 2009-07-06 04:47 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Ahead 2009-07-03 20:37 . 2009-07-29 19:18 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-07-01 21:35 . 2009-07-01 21:35 -------- d-----w- c:\program files\City Interactive . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-26 19:21 . 2009-06-24 12:52 -------- d-----w- c:\program files\Winamp 2009-07-26 07:57 . 2009-06-24 12:49 -------- d-----w- c:\program files\Mv2Player 2009-07-20 17:26 . 2009-06-24 10:15 17728 ----a-w- c:\documents and settings\korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-15 14:00 . 2009-06-24 12:49 -------- d-----w- c:\program files\CyberLink 2009-06-28 22:34 . 2009-06-28 22:34 -------- d-----w- c:\documents and settings\korisnik\Application Data\DivX 2009-06-28 22:28 . 2009-06-24 12:52 -------- d-----w- c:\program files\QuickTime Alternative 2009-06-28 22:27 . 2009-06-24 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-06-28 22:27 . 2009-06-28 22:27 -------- d-----w- c:\program files\Apple Software Update 2009-06-28 22:27 . 2009-06-28 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-06-27 17:32 . 2009-06-27 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH 2009-06-27 17:32 . 2009-06-27 17:32 -------- d-----w- c:\documents and settings\korisnik\Application Data\GRETECH 2009-06-27 17:31 . 2009-06-27 17:31 -------- d-----w- c:\program files\GRETECH 2009-06-27 17:28 . 2009-06-24 12:49 -------- d-----w- c:\program files\DivX 2009-06-27 17:22 . 2009-06-27 17:22 -------- d-----w- c:\documents and settings\korisnik\Application Data\Media Player Classic 2009-06-27 17:20 . 2009-06-24 10:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-27 17:19 . 2009-06-27 17:19 -------- d-----w- c:\program files\Real Alternative 2009-06-26 05:02 . 2009-06-26 05:02 -------- d-----w- c:\documents and settings\korisnik\Application Data\CyberLink 2009-06-25 22:29 . 2009-06-25 22:29 -------- d-----w- c:\documents and settings\korisnik\Application Data\AdobeUM 2009-06-25 22:28 . 2009-06-24 18:06 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-25 22:00 . 2009-06-25 22:01 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-25 22:00 . 2009-06-25 22:00 -------- d-----w- c:\program files\Java 2009-06-25 22:00 . 2009-06-25 22:00 152576 ----a-w- c:\documents and settings\korisnik\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-25 17:49 . 2009-06-25 17:49 -------- d-----w- c:\program files\Alwil Software 2009-06-25 16:37 . 2009-06-25 16:37 0 ----a-w- c:\windows\nsreg.dat 2009-06-24 18:45 . 2009-06-24 18:45 1915520 ----a-w- c:\documents and settings\korisnik\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-06-24 18:33 . 2009-06-24 18:33 -------- d-----w- c:\documents and settings\korisnik\Application Data\Samsung 2009-06-24 18:28 . 2009-06-24 18:07 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-06-24 18:07 . 2009-06-24 18:07 -------- d-----w- c:\program files\Samsung 2009-06-24 12:52 . 2009-06-24 12:52 -------- d-----w- c:\program files\Media Player Classic 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\Ahead 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\Common Files\Ahead 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\XviD 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\ffdshow 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\DivXCodec 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\DivX_311alpha 2009-06-24 12:50 . 2009-06-24 12:50 -------- d-----w- c:\program files\AC3Filter 2009-06-24 12:49 . 2009-06-24 12:49 -------- d-----w- c:\program files\ASUSTek 2009-06-24 12:48 . 2009-06-24 12:48 -------- d-----w- c:\program files\IrfanView 2009-06-24 10:55 . 2009-06-24 10:55 5058 ----a-w- c:\windows\Help\hhcolreg.dat 2009-06-24 10:52 . 2009-06-24 10:52 -------- d-----w- c:\documents and settings\korisnik\Application Data\Microsoft Web Folders 2009-06-24 10:52 . 2009-06-24 10:09 -------- d-----w- c:\program files\microsoft frontpage 2009-06-24 10:45 . 2009-06-24 10:45 -------- d-----w- c:\program files\ANI 2009-06-24 10:45 . 2009-06-24 10:45 -------- d-----w- c:\program files\D-Link 2009-06-24 10:44 . 2009-06-24 10:35 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-24 10:40 . 2009-06-24 10:40 -------- d-----w- c:\program files\C-Media 3D Audio 2009-06-24 10:37 . 2009-06-24 10:36 -------- d-----w- c:\program files\ATI Technologies 2009-06-24 10:33 . 2009-06-24 10:08 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-24 10:05 . 2009-06-24 10:05 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-23 08:04 . 2009-06-25 16:37 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-08 20:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-25 148888] "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-05-26 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\korisnik\Start Menu\Programs\Startup\ FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-4 114688] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.6.2009 19:49 114768] R2 AExpSrv;Application Experiences;c:\windows\System32\svchost.exe -k AExpSrv [4.8.2004 0:56 14336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.6.2009 19:49 20560] R2 efrgt;daetfr;c:\windows\system32\KE571CDGC2\J001.exe [30.7.2009 15:15 69632] R2 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);c:\windows\system32\drivers\tcpz-x86d.sys [28.7.2009 10:14 12136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] VaultSrv REG_MULTI_SZ VaultSrv Cred AExpSrv REG_MULTI_SZ AExpSrv Appl . Contents of the 'Scheduled Tasks' folder 2009-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com/?o=101677&l=dis uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s FF - ProfilePath - c:\documents and settings\korisnik\Application Data\Mozilla\Firefox\Profiles\coy493u0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101677&l=dis FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q= . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-07-30 23:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(760) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2404) c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\rundll32.exe . ************************************************************************ . Completion time: 2009-07-30 23:21 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-30 21:21 Pre-Run: 16.041.033.728 bytes free Post-Run: 16.354.611.200 bytes free 207

Profil

dr_Bora Poslao: 31 Jul 2009 00:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvori Control Panel, Add/Remove Programs i deinstaliraj sve vezano za: Ask (Search, Tooolbar...). Koristiš li program TCP-Z ? Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\cmptes.dll Folder:: c:\windows\system32\81FR0MLUJV c:\windows\system32\N8R5GQWFEY c:\windows\system32\A64JU1WW2Z c:\windows\system32\1FMZ2NEBD5 c:\windows\system32\KE571CDGC2 c:\windows\system32\JV33PKTIZY Driver:: AExpSrv efrgt Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] "VaultSrv"=- "AExpSrv"=- DDS:: uStart Page = hxxp://www.ask.com/?o=101677&l=dis uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s Firefox:: FF - ProfilePath - c:\documents and settings\korisnik\Application Data\Mozilla\Firefox\Profiles\coy493u0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101677&l=dis FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q= Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » avast nece ili ne moze da obrise virus. molim za pomoc.

Ko je trenutno na forumu

Ukupno su 1202 korisnika na forumu :: 46 registrovanih, 8 sakrivenih i 1148 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, aramis s, avijacija, Bane san, Bobrock1, bokisha253, cemix, cinoeye, Darko8, DH, djboj, DPera, Dukelander, Džordžino, FileFinder, ILGromovnik, ivan1973, JOntra, kokodakalo, Marko Marković, mercedesamg, Mercury, Metanoja, Mi lao shu, mica.colak, milimoj, Milometer, nebidrag, nemkea71, nikoladim, Povratak1912, Prašinar, Profica, raptorsi, Ray1973, Sir Budimir, Srle993, stegonosa, suton, vasa.93, Vatreni Zmaj, Vlada1389, voja64, Volkhov-M, zixmix

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by