MyCity » Ambulanta -> Arhiva Ambulante » strasno usporen komp.

strasno usporen komp.

Napisano na dan: 17.1.2009

Strana:
1
2
3

strasno usporen komp.

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

Brano Poslao: 17 Jan 2009 20:00 Idi na vrh
offline Brano Super građanin Pridružio: 26 Dec 2008 Poruke: 1428 Gde živiš: Bijeljina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: uradjeno : https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

bobby Poslao: 17 Jan 2009 23:18 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Komplikovano... Jesi li imao instaliran Norton antivirus pre ovog McAfeea? Uradi sledece: Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\srvany.exe Driver:: Teaacsrv SurferService` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Brano Poslao: 17 Jan 2009 23:54 Idi na vrh
offline Brano Super građanin Pridružio: 26 Dec 2008 Poruke: 1428 Gde živiš: Bijeljina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradjeno, ne Norton nikada nije bio na ovom kompu. evo log: ComboFix 09-01-17.03 - user 2009-01-17 23:28:15.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.78 [GMT 1:00] Running from: d:\programi\skeniranje virusa\New Folder\ComboFix.exe Command switches used :: d:\programi\skeniranje virusa\New Folder\CFScript.txt AV: McAfee VirusScan On-access scanning enabled (Updated) FW: McAfee Personal Firewall enabled * Created a new restore point * Resident AV is active FILE :: c:\windows\system32\srvany.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\srvany.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SURFERSERVICE -------\Service_SurferService -------\Service_Teaacsrv ((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 ))))))))))))))))))))))))))))))) . 2009-01-14 17:08 . 2009-01-14 17:08 144 --a------ c:\windows\Eudcedit.ini 2009-01-12 23:12 . 2009-01-15 00:26 249,856 --------- c:\windows\Setup1.exe 2009-01-12 23:12 . 2009-01-15 00:26 73,216 --a------ c:\windows\ST6UNST.EXE 2009-01-12 23:06 . 2009-01-12 23:06 <DIR> d-------- c:\windows\system32\Adobe 2009-01-08 21:42 . 2008-12-11 12:57 333,184 -----c--- c:\windows\system32\dllcache\srv.sys 2009-01-08 21:30 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-12-23 17:49 . 2008-12-23 17:49 <DIR> d-------- c:\windows\Logs 2008-12-23 17:46 . 2008-12-23 18:05 682,280 --a------ c:\windows\system32\pbsvc.exe 2008-12-23 17:46 . 2008-12-23 18:12 138,464 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2008-12-23 17:46 . 2008-12-23 18:12 111,928 --a------ c:\windows\system32\PnkBstrB.exe 2008-12-23 17:46 . 2008-12-23 18:05 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2008-12-23 17:46 . 2008-12-23 18:05 22,328 --a------ c:\documents and settings\user\Application Data\PnkBstrK.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-17 22:36 --------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2 2009-01-17 22:30 --------- d-----w c:\documents and settings\user\Application Data\Skype 2009-01-11 13:39 --------- d-----w c:\program files\Windows Live 2009-01-10 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\Corel 2009-01-10 21:06 --------- d-----w c:\program files\BlazeVideo 2009-01-10 19:20 --------- d-----w c:\program files\Lx_cats 2009-01-06 10:16 88 --sh--r c:\documents and settings\All Users\Application Data\6F79CCAF5C.sys 2009-01-06 10:16 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2008-12-23 17:16 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-21 21:30 --------- d-----w c:\documents and settings\user\Application Data\FaxCtr 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-09-19 17:27 14,298 ----a-w c:\program files\settings.dat 2006-11-14 07:42 152 --sh--r c:\windows\system32\495B68E769.sys 2007-04-07 09:30 8 --sh--r c:\windows\system32\8AF25EAEB4.sys 2007-04-06 22:38 56 --sh--r c:\windows\system32\B4AE5EF28A.sys 2007-05-24 11:30 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2009-01-17_16.20.37,57 ))))))))))))))))))))))))))))))))))))))))) . - 2000-08-31 07:00:00 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE - 2008-04-17 19:13:02 811,008 ----a-w c:\windows\gmer.exe + 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe - 2009-01-17 12:12:29 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-01-17 21:18:52 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-01-17 12:12:29 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-01-17 21:18:52 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856] "NCLaunch"="c:\windows\NCLAUNCH.EXe" [2007-11-24 40960] "Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-07 133104] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632] "lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-05 200704] "EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-06-08 94208] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-05-03 299008] "snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960] "LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-16 185896] "SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\SOUNDMAN.EXE] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\user\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\lxcgcoms.exe"= "d:\\programi\\bluetooth adapter\\BlueSoleil.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-01-29 24786] R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2007-05-14 3026] S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2007-01-29 45534] S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys --> c:\windows\system32\DRIVERS\gflmouhid.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-616249376-2147069159-1003.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 10:53] 2008-01-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2008-06-30 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2009-01-09 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-05-03 22:39] 2008-05-03 c:\windows\Tasks\Uniblue SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-05-03 22:39] 2008-05-07 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 08:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.daemon-search.com/startpage mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\2gbr11hg.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - plugin: c:\documents and settings\user\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-17 23:37:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\Ati2evxx.dll c:\windows\system32\cscui.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe d:\programi\bluetooth adapter\BTNtService.exe c:\program files\Bonjour\mDNSResponder.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\McAfee\MSK\msksrver.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PSIService.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\rundll32.exe c:\windows\system32\lxcgcoms.exe c:\windows\system32\msiexec.exe c:\program files\OpenOffice.org 2.4\program\soffice.exe c:\program files\OpenOffice.org 2.4\program\soffice.bin c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************ . Completion time: 2009-01-17 23:45:33 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-17 22:44:09 ComboFix2.txt 2009-01-17 15:23:00 ComboFix3.txt 2008-02-09 20:06:37 Pre-Run: 1.767.706.624 bytes free Post-Run: 1,770,991,616 bytes free 198 --- E O F --- 2009-01-14 23:35:18

Profil

bobby Poslao: 17 Jan 2009 23:59 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zanimljivo, kazes da Norton nije bio instaliran... Mozes li mi onda na proveru poslati sledece fajlove: C:\NAVENG.SYS C:\NAVEX15.SYS C:\Program Files\Norton AntiVirus\SAVRT.SYS Upload uradi preko sledece forme: http://www.mycity.rs/ambulanta-upload.php

Profil

Brano Poslao: 18 Jan 2009 00:21 Idi na vrh
offline Brano Super građanin Pridružio: 26 Dec 2008 Poruke: 1428 Gde živiš: Bijeljina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Siguran sam da nije bio instaliran.... fajlove koje si napisao ne mogu da nadjem! U C:\Program Files-u uopste nema norton Antivirus-a, evo slikao sam pa vidi, takodje sam isao i na pretragu i nije nasao Norton Antivirus ??

Profil

bobby Poslao: 18 Jan 2009 00:33 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo ce morati da prespava. Treba mi da smislim nacina da izadjem sa ovim na kraj. GMER kaze da ti fajlovi postoje, i da su pokrenuti kao servisi. Moram da vidim kako mogu da im pridjem. Javljam se sutra, nakon sto pogledam i sa kolegama da vidim ima li ko ideju.

Profil

Brano Poslao: 18 Jan 2009 00:35 Idi na vrh
offline Brano Super građanin Pridružio: 26 Dec 2008 Poruke: 1428 Gde živiš: Bijeljina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok nastavljamo sutra..........

Profil

bobby Poslao: 18 Jan 2009 18:50 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: SAVRT NAVENG NAVEX15` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Javi mi da li je to imalo uticaja, tj. da li je pomoglo.

Profil

Brano Poslao: 18 Jan 2009 19:33 Idi na vrh
offline Brano Super građanin Pridružio: 26 Dec 2008 Poruke: 1428 Gde živiš: Bijeljina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jeste imalo uticaja, dosta je brzi..... Evo log: ComboFix 09-01-17.03 - user 2009-01-18 19:00:14.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.101 [GMT 1:00] Running from: d:\programi\skeniranje virusa\New Folder\ComboFix.exe Command switches used :: d:\programi\skeniranje virusa\New Folder\CFScript.txt AV: McAfee VirusScan On-access scanning enabled (Updated) FW: McAfee Personal Firewall enabled * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NAVENG -------\Service_NAVEX15 -------\Service_SAVRT ((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 ))))))))))))))))))))))))))))))) . 2009-01-18 18:55 . 2009-01-18 18:56 <DIR> d-------- C:\32788R22FWJFW 2009-01-14 17:08 . 2009-01-14 17:08 144 --a------ c:\windows\Eudcedit.ini 2009-01-12 23:12 . 2009-01-15 00:26 249,856 --------- c:\windows\Setup1.exe 2009-01-12 23:12 . 2009-01-15 00:26 73,216 --a------ c:\windows\ST6UNST.EXE 2009-01-12 23:06 . 2009-01-12 23:06 <DIR> d-------- c:\windows\system32\Adobe 2009-01-08 21:42 . 2008-12-11 12:57 333,184 -----c--- c:\windows\system32\dllcache\srv.sys 2009-01-08 21:30 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-12-23 17:49 . 2008-12-23 17:49 <DIR> d-------- c:\windows\Logs 2008-12-23 17:46 . 2008-12-23 18:05 682,280 --a------ c:\windows\system32\pbsvc.exe 2008-12-23 17:46 . 2008-12-23 18:12 138,464 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2008-12-23 17:46 . 2008-12-23 18:12 111,928 --a------ c:\windows\system32\PnkBstrB.exe 2008-12-23 17:46 . 2008-12-23 18:05 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2008-12-23 17:46 . 2008-12-23 18:05 22,328 --a------ c:\documents and settings\user\Application Data\PnkBstrK.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-18 18:11 --------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2 2009-01-18 17:44 --------- d-----w c:\documents and settings\user\Application Data\Skype 2009-01-11 13:39 --------- d-----w c:\program files\Windows Live 2009-01-10 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\Corel 2009-01-10 21:06 --------- d-----w c:\program files\BlazeVideo 2009-01-10 19:20 --------- d-----w c:\program files\Lx_cats 2009-01-06 10:16 88 --sh--r c:\documents and settings\All Users\Application Data\6F79CCAF5C.sys 2009-01-06 10:16 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2008-12-23 17:16 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-21 21:30 --------- d-----w c:\documents and settings\user\Application Data\FaxCtr 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2006-11-14 07:42 152 --sh--r c:\windows\system32\495B68E769.sys 2007-04-07 09:30 8 --sh--r c:\windows\system32\8AF25EAEB4.sys 2007-04-06 22:38 56 --sh--r c:\windows\system32\B4AE5EF28A.sys 2007-05-24 11:30 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2009-01-17_16.20.37,57 ))))))))))))))))))))))))))))))))))))))))) . - 2000-08-31 07:00:00 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE - 2008-04-17 19:13:02 811,008 ----a-w c:\windows\gmer.exe + 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe - 2009-01-17 12:12:29 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-01-18 13:47:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-01-17 12:12:29 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-01-18 13:47:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856] "NCLaunch"="c:\windows\NCLAUNCH.EXe" [2007-11-24 40960] "Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-07 133104] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632] "lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-05 200704] "EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-06-08 94208] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-05-03 299008] "snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960] "LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-16 185896] "SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\SOUNDMAN.EXE] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\user\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\lxcgcoms.exe"= "d:\\programi\\bluetooth adapter\\BlueSoleil.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-01-29 24786] R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2007-05-14 3026] S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2007-01-29 45534] S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys --> c:\windows\system32\DRIVERS\gflmouhid.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-616249376-2147069159-1003.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 10:53] 2008-01-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2008-06-30 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2009-01-09 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-05-03 22:39] 2008-05-03 c:\windows\Tasks\Uniblue SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-05-03 22:39] 2008-05-07 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 08:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.daemon-search.com/startpage mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\2gbr11hg.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - plugin: c:\documents and settings\user\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-18 19:12:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\Ati2evxx.dll c:\windows\system32\cscui.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe d:\programi\bluetooth adapter\BTNtService.exe c:\program files\Bonjour\mDNSResponder.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\McAfee\MSK\msksrver.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PSIService.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\rundll32.exe c:\program files\OpenOffice.org 2.4\program\soffice.exe c:\program files\OpenOffice.org 2.4\program\soffice.bin c:\windows\system32\msiexec.exe c:\windows\system32\lxcgcoms.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************ . Completion time: 2009-01-18 19:20:29 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-18 18:19:07 ComboFix2.txt 2009-01-17 22:45:37 ComboFix3.txt 2009-01-17 15:23:00 ComboFix4.txt 2008-02-09 20:06:37 Pre-Run: 1.779.040.256 bytes free Post-Run: 1,763,786,752 bytes free 196 --- E O F --- 2009-01-14 23:35:18

Profil

bobby Poslao: 18 Jan 2009 19:46 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sta imas u sledecem folderu: C:\32788R22FWJFW ? napravi mi screenshot ukoliko ima previse fajlova. Dopuna: 18 Jan 2009 19:46 Ne mora da trazis, saznao sam koji je to folder i od cega je. Hajmo ovako. Ja sam na forumu do 10 veceras. Javi mi se oko pola deset da mi kazes da li ima jos nekih simptoma. Ako nema, da dovrsimo ciscenje (uklonimo ostatke).

Profil

MyCity » Ambulanta -> Arhiva Ambulante » strasno usporen komp.

Ko je trenutno na forumu

Ukupno su 994 korisnika na forumu :: 37 registrovanih, 7 sakrivenih i 950 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., babaroga, bojcistv, comi_pfc, cvrle312, DeerHunter, Denaya, draganca, FOX, Frunze, grenadir, hyla, ILGromovnikM2, Kibice, Leonov, mercedesamg, Metanoja, milenko crazy north, Milos1389, Nemanja.M, nenad81, nikoladim, novator, Povratak1912, raketaš, sasa87, Sirius, suton, Tila Painen, Vatreni Zmaj, Vlada78, wolf431, yrraf, YU-UKI, zdrebac, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by