MyCity » Ambulanta -> Arhiva Ambulante » problem sa messanger virusom

problem sa messanger virusom

Napisano na dan: 7.5.2008

Strana:
1
2

problem sa messanger virusom

Pagination

Prethodna strana

Odgovori

Strana:
1
2

makica90 Poslao: 08 Maj 2008 23:07 Idi na vrh
offline makica90 Novi MyCity građanin Pridružio: 07 Maj 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-07.2 - Korisnik 2008-05-08 22:58:21.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.642 [GMT 2:00] Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Korisnik\Application Data\urlredir.cfg C:\Program Files\webhancer C:\Program Files\webhancer\Programs\webhdll.dll C:\Program Files\webhancer\Programs\whagent.exe C:\Program Files\webhancer\Programs\whagent.ini C:\Program Files\webhancer\Programs\whiehlpr.dll C:\Program Files\webhancer\Programs\whinstaller.exe C:\WINDOWS\system32\dcads-remove.exe C:\WINDOWS\system32\DcadsSocial-uninstall.exe C:\WINDOWS\system32\nsy94.dll . ((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 ))))))))))))))))))))))))))))))) . 2008-05-07 16:51 . 2008-05-07 16:51 <DIR> d-------- C:\_OTMoveIt 2008-05-05 13:50 . 2008-05-05 13:50 253,952 --a------ C:\WINDOWS\system32\ruxhuxnbcy.exe 2008-05-05 01:40 . 2008-05-05 01:40 245,760 --a------ C:\WINDOWS\system32\ydzwahpfgggf.exe 2008-05-04 23:40 . 2008-05-04 23:40 249,856 --a------ C:\WINDOWS\system32\vunylztcoyhyu.exe 2008-05-04 18:45 . 2008-05-04 18:45 245,760 --a------ C:\WINDOWS\system32\fatlzjubwb.exe 2008-05-04 16:25 . 2008-05-04 16:25 249,856 --a------ C:\WINDOWS\system32\cbtelqitbmbl.exe 2008-05-03 21:10 . 2008-05-03 21:10 268 --ah----- C:\sqmdata03.sqm 2008-05-03 21:10 . 2008-05-03 21:10 244 --ah----- C:\sqmnoopt03.sqm 2008-05-03 20:12 . 2008-05-03 20:12 268 --ah----- C:\sqmdata02.sqm 2008-05-03 20:12 . 2008-05-03 20:12 244 --ah----- C:\sqmnoopt02.sqm 2008-04-26 21:23 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-04-26 21:23 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-04-24 22:46 . 2008-04-24 22:46 180,224 --a------ C:\WINDOWS\system32\vlfaqgtuki.exe 2008-04-24 22:46 . 2008-04-24 22:46 180,224 --a------ C:\WINDOWS\system32\tmlmnhz.exe 2008-04-24 22:46 . 2008-04-24 22:46 180,224 --a------ C:\WINDOWS\system32\gnnfju.exe 2008-04-18 21:08 . 2008-04-18 21:08 268 --ah----- C:\sqmdata01.sqm 2008-04-18 21:08 . 2008-04-18 21:08 244 --ah----- C:\sqmnoopt01.sqm 2008-04-18 19:39 . 2008-04-18 19:39 268 --ah----- C:\sqmdata00.sqm 2008-04-18 19:39 . 2008-04-18 19:39 244 --ah----- C:\sqmnoopt00.sqm 2008-04-11 00:01 . 2008-04-11 00:01 <DIR> d-------- C:\Program Files\SweetIM 2008-04-11 00:01 . 2008-04-11 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-02 16:06 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\AVG7 2008-04-27 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2008-04-04 17:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-04 11:17 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-04 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-04 11:15 --------- d-----w C:\Program Files\Trend Micro 2008-04-04 11:00 --------- d-----w C:\Program Files\AusLogics Disk Defrag 2007-12-21 19:41 7,317,344 ----a-w C:\Program Files\msnsusii.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-12-14 18:06 577536 C:\WINDOWS\soundman.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064] "StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864] "TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-07 14:40 282624] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 04:03 49263] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 13:20 579584] "SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-04 13:17 219136] C:\Documents and Settings\Korisnik\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2007-10-13 15:03:08 225280] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22 10872] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.AP41"= APmpg4v1.dll "msacm.avis"= ff_acm.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "C:\\Program Files\\Quake III Arena\\quake3.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= S2 ikic8adinxdluern;CommServer;C:\WINDOWS\system32\zwfwrhbdtwp.exe [] S2 ovaehtyayoou1;DeepSight Extractor Service for NP08;C:\WINDOWS\system32\zwfwrhbdtwp.exe [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40c22e4e-115a-11dc-8d59-0002446c7dc7}] \Shell\auto\command - Knight.exe open \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open \Shell\explore\command - Knight.exe open \Shell\find\command - Knight.exe open \Shell\install\command - Knight.exe open \Shell\open\command - Knight.exe open [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50ade121-fda7-11db-8d3f-0002446c7dc7}] \Shell\Auto\command - fun.xls.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b072e206-0e19-11dc-8d53-0002446c7dc7}] \Shell\Auto\command - fun.xls.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b072e207-0e19-11dc-8d53-0002446c7dc7}] \Shell\AutoRun\command - G:\USBNB.exe . Contents of the 'Scheduled Tasks' folder "2008-05-08 20:57:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-08 23:02:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 1 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe . ************************************************************************ . Completion time: 2008-05-08 23:04:08 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-08 21:04:05 Pre-Run: 126,006,386,688 bytes free Post-Run: 126,610,001,920 bytes free 166 --- E O F --- 2007-12-27 14:26:23

Profil

dr_Bora Poslao: 10 Maj 2008 09:36 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvinjavam se na kašnjenju. Promaklo mi je da si pisala u temi... Preuzmi program Flash_Disinfector. program se pokreće dvoklikom na Flash_Disinfector.exe kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay) kliknuti na OK i sačekati da se proces završi kada se pojavi poruka Done !!, kliknuti na OK. ------------------------------------------------------------------------------------- Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\ruxhuxnbcy.exe C:\WINDOWS\system32\ydzwahpfgggf.exe C:\WINDOWS\system32\vunylztcoyhyu.exe C:\WINDOWS\system32\fatlzjubwb.exe C:\WINDOWS\system32\cbtelqitbmbl.exe C:\WINDOWS\system32\vlfaqgtuki.exe C:\WINDOWS\system32\tmlmnhz.exe C:\WINDOWS\system32\gnnfju.exe Driver:: ikic8adinxdluern ovaehtyayoou1 Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40c22e4e-115a-11dc-8d59-0002446c7dc7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50ade121-fda7-11db-8d3f-0002446c7dc7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b072e206-0e19-11dc-8d53-0002446c7dc7}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

makica90 Poslao: 11 Maj 2008 18:54 Idi na vrh
offline makica90 Novi MyCity građanin Pridružio: 07 Maj 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-07.2 - Korisnik 2008-05-11 18:44:14.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.626 [GMT 2:00] Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Korisnik\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\cbtelqitbmbl.exe C:\WINDOWS\system32\fatlzjubwb.exe C:\WINDOWS\system32\gnnfju.exe C:\WINDOWS\system32\ruxhuxnbcy.exe C:\WINDOWS\system32\tmlmnhz.exe C:\WINDOWS\system32\vlfaqgtuki.exe C:\WINDOWS\system32\vunylztcoyhyu.exe C:\WINDOWS\system32\ydzwahpfgggf.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\cbtelqitbmbl.exe C:\WINDOWS\system32\fatlzjubwb.exe C:\WINDOWS\system32\gnnfju.exe C:\WINDOWS\system32\ruxhuxnbcy.exe C:\WINDOWS\system32\tmlmnhz.exe C:\WINDOWS\system32\vlfaqgtuki.exe C:\WINDOWS\system32\vunylztcoyhyu.exe C:\WINDOWS\system32\ydzwahpfgggf.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IKIC8ADINXDLUERN -------\Legacy_OVAEHTYAYOOU1 -------\Service_ikic8adinxdluern -------\Service_ovaehtyayoou1 ((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 ))))))))))))))))))))))))))))))) . 2008-05-07 16:51 . 2008-05-07 16:51 <DIR> d-------- C:\_OTMoveIt 2008-05-03 21:10 . 2008-05-03 21:10 268 --ah----- C:\sqmdata03.sqm 2008-05-03 21:10 . 2008-05-03 21:10 244 --ah----- C:\sqmnoopt03.sqm 2008-05-03 20:12 . 2008-05-03 20:12 268 --ah----- C:\sqmdata02.sqm 2008-05-03 20:12 . 2008-05-03 20:12 244 --ah----- C:\sqmnoopt02.sqm 2008-04-26 21:23 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-04-26 21:23 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-04-18 21:08 . 2008-04-18 21:08 268 --ah----- C:\sqmdata01.sqm 2008-04-18 21:08 . 2008-04-18 21:08 244 --ah----- C:\sqmnoopt01.sqm 2008-04-18 19:39 . 2008-04-18 19:39 268 --ah----- C:\sqmdata00.sqm 2008-04-18 19:39 . 2008-04-18 19:39 244 --ah----- C:\sqmnoopt00.sqm 2008-04-11 00:01 . 2008-04-11 00:01 <DIR> d-------- C:\Program Files\SweetIM 2008-04-11 00:01 . 2008-04-11 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-10 15:35 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\AVG7 2008-04-27 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2008-04-04 17:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-04 11:17 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-04 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-04 11:15 --------- d-----w C:\Program Files\Trend Micro 2008-04-04 11:00 --------- d-----w C:\Program Files\AusLogics Disk Defrag 2007-12-21 19:41 7,317,344 ----a-w C:\Program Files\msnsusii.exe . ((((((((((((((((((((((((((((( snapshot@2008-05-08_23.03.55.25 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-08 21:01:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-11 16:47:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-12-14 18:06 577536 C:\WINDOWS\soundman.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064] "StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864] "TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-07 14:40 282624] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 04:03 49263] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 13:20 579584] "SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-04 13:17 219136] C:\Documents and Settings\Korisnik\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2007-10-13 15:03:08 225280] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22 10872] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.AP41"= APmpg4v1.dll "msacm.avis"= ff_acm.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "C:\\Program Files\\Quake III Arena\\quake3.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b072e207-0e19-11dc-8d53-0002446c7dc7}] \Shell\AutoRun\command - G:\USBNB.exe . Contents of the 'Scheduled Tasks' folder "2008-05-11 15:57:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-11 18:47:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 1 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe . ************************************************************************ . Completion time: 2008-05-11 18:49:56 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-11 16:49:53 ComboFix2.txt 2008-05-08 21:04:09 Pre-Run: 126,412,943,360 bytes free Post-Run: 126,471,598,080 bytes free 164 --- E O F --- 2007-12-27 14:26:23

Profil

dr_Bora Poslao: 11 Maj 2008 19:03 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Čist log. Kakvo je sada stanje?

Profil

makica90 Poslao: 12 Maj 2008 20:13 Idi na vrh
offline makica90 Novi MyCity građanin Pridružio: 07 Maj 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! pa ne znam, valjda ne saljem sad te poruke sa virusom na msn-u... sad cu da pitam nekog pa ti javljem... jel ja da sad izbrisem one programe sto sam instalirala ili..?

Profil

dr_Bora Poslao: 12 Maj 2008 20:35 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

makica90 Poslao: 12 Maj 2008 23:57 Idi na vrh
offline makica90 Novi MyCity građanin Pridružio: 07 Maj 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Xvala ))

Profil

MyCity » Ambulanta -> Arhiva Ambulante » problem sa messanger virusom

Ko je trenutno na forumu

Ukupno su 1106 korisnika na forumu :: 38 registrovanih, 9 sakrivenih i 1059 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Acivi, Atomski čoban, babaroga, bojan_t, BORUTUS, DENIRO, djboj, Draganeli, Georgius, goxin, joca83, Koridor, krkalon, Kubovac, kunktator, Leonov, maiden6657, Marko Marković, marsovac 2, mikrimaus, Mile80, Milometer, mnn2, moldway, MrNo, naki011, nemkea71, nenad81, Nikolaa11, procesor, raketaš, Romibrat, shaja1, stemark, tmanda323, wolf431, zdrebac, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by