MyCity » Ambulanta -> Arhiva Ambulante » svichosst.exe

svichosst.exe

Napisano na dan: 30.3.2008

Strana:
1
2

svichosst.exe

Sledeća strana

Pagination

Odgovori

Strana:
1
2

novidan Poslao: 30 Mar 2008 06:28 Idi na vrh
offline novidan Super građanin Zora Pridružio: 22 Okt 2004 Poruke: 1435 Gde živiš: ni na nebu ni na zemlji	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! molim pomoc da uklonim ovaj virus ili malvare.. juce je formatiran HD zbog prethodnih virusa.. nemogu stalno formatirati HD.. izasli su na net bez antivirus programa i eto.. hvala izvinite ako sam opet na pogresnom mestu postavila pitanje Dopuna: 30 Mar 2008 6:28 nakon bobbyjevog uputstva kako otvoriti temu u ambulanti evo log file hvala naucila sam to s vama ..ranije.. oS je W-XP prof sa pack 2 Logfile of HijackThis v1.99.1 Scan saved at 9:52:20 AM, on 4/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ASUS\Asus Probe\AsusProb.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Administrator\Desktop\TR3\lovac.exe.exe R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL F2 - REG:system.ini: Shell=Explorer.exe SSVICHOSST.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll (file missing) O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hpzsetup.LNK = G:\HPZstub.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Profil

bobby Poslao: 30 Mar 2008 07:58 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

novidan Poslao: 30 Mar 2008 09:35 Idi na vrh
offline novidan Super građanin Zora Pridružio: 22 Okt 2004 Poruke: 1435 Gde živiš: ni na nebu ni na zemlji	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Bobby mnogo hvala.. jel' ovo OK? ComboFix 08-03-25.2 - Administrator 2008-03-30 12:39:47.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.166 [GMT 5.5:30] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\nhatquanglan18.exe C:\WINDOWS\system32\SCVHSOT.exe C:\WINDOWS\system32\setting.ini C:\WINDOWS\system32\test1.exe . ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))) . 2008-03-30 12:03 . 2008-03-30 12:03 <DIR> d-------- C:\WINDOWS\LastGood . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-05 04:38 8,288 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-05 03:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7 2008-04-05 03:29 95,744 ----a-w C:\WINDOWS\system32\drivers\timntr.sys 2008-04-05 03:29 63,808 ----a-w C:\WINDOWS\system32\drivers\snapman.sys 2008-04-05 03:29 --------- d-----w C:\Program Files\Common Files\Acronis 2008-04-05 03:29 --------- d-----w C:\Program Files\Acronis 2008-04-05 03:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2008-04-05 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-04-05 02:56 --------- d-----w C:\Program Files\Zone Labs 2008-04-05 02:51 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-05 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-05 02:50 --------- d-----w C:\Program Files\MSXML 4.0 2008-04-04 17:33 --------- d-----w C:\Program Files\Symantec 2008-04-04 17:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-04 17:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-04-04 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-04 17:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft 2008-04-03 13:58 --------- d-----w C:\Program Files\Google 2008-04-03 13:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype 2008-04-03 12:16 --------- d-----w C:\Program Files\Skype 2008-04-03 12:16 --------- d-----w C:\Program Files\Common Files\Skype 2008-04-03 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-04-03 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP 2008-04-03 08:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-04-03 08:23 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-04-03 08:18 --------- d-----w C:\Program Files\badcdrepair 2008-04-03 08:17 --------- d-----w C:\Program Files\PIXresizer 2008-04-03 08:13 --------- d-----w C:\Program Files\QuickTime 2008-04-03 08:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-03 08:12 --------- d-----w C:\Program Files\Apple Software Update 2008-04-03 08:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-04-03 08:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic 2008-04-03 08:10 --------- d-----w C:\Program Files\VideoLAN 2008-04-03 08:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\vlc 2008-04-03 07:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead 2008-04-03 06:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Printer Info Cache 2008-04-03 06:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Image Zone Express 2008-04-03 06:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY 2008-04-03 06:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\HP 2008-04-03 06:45 --------- d-----w C:\Program Files\HP 2008-04-03 06:45 --------- d-----w C:\Program Files\Common Files\HP 2008-04-03 06:41 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2008-04-03 06:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2008-04-03 06:19 --------- d-----w C:\Program Files\Common Files\Ahead 2008-04-03 06:18 --------- d-----w C:\Program Files\Nero 2008-04-03 06:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-04-03 06:15 --------- d-----w C:\Program Files\AskTBar 2008-04-03 06:04 --------- d-----w C:\Program Files\MSN Messenger 2008-04-03 06:03 --------- d-----w C:\Program Files\Yahoo! 2008-04-03 05:56 --------- d-----w C:\Program Files\RConnect 2008-04-03 05:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-03 05:53 --------- d-----w C:\Program Files\LG Electronics 2008-04-03 05:42 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-03 05:42 --------- d-----w C:\Program Files\ASUS 2008-04-03 05:41 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-03 05:40 --------- d-----w C:\Program Files\Marvell 2008-04-03 05:39 --------- d-----w C:\Program Files\Analog Devices 2008-04-03 05:37 --------- d-----w C:\Program Files\Intel 2008-04-03 05:25 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-30 07:11 614,432 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:54 1694208] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-02-24 11:57 2506752] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 10:05 6856704] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-03 18:19 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160] "ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 16:07 617984] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-05 08:22 579072] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-05 08:21 219136] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29a01f8c-0259-11dd-a87e-0018f317dcf1}] \Shell\AutoRun\command - H:\nlblkhq.com \Shell\explore\Command - H:\nlblkhq.com \Shell\open\Command - H:\nlblkhq.com . Contents of the 'Scheduled Tasks' folder "2008-04-05 03:30:00 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\SSVICHOSST.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-30 12:41:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-03-30 12:42:16 ComboFix-quarantined-files.txt 2008-03-30 07:12:12 . 2008-03-30 06:35:18 --- E O F ---

Profil

bobby Poslao: 30 Mar 2008 10:21 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sta ti je drajv H: ? CD/DVD ROM? Jel imas instaliranog Nortona, tacnije Norton antivirus? Komp je i dalje inficiran, i postavicu ti skriptu za resavanje cim mi odgovoris na ova pitanja.

Profil

novidan Poslao: 30 Mar 2008 13:15 Idi na vrh
offline novidan Super građanin Zora Pridružio: 22 Okt 2004 Poruke: 1435 Gde živiš: ni na nebu ni na zemlji	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! hvala bobby, H: je bio 'flashpen ' usb memorija..nije cd rom niti HD. nemam sada norton antivirus. odinstalirala sam ga u pola noci(ovdasnje vreme) nisam sigurna da mi je vazeci.. i nekako ga ne volim..(od 2005) imam AVG.

Profil

bobby Poslao: 30 Mar 2008 15:51 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da krenemo prvo od te flash memorijice, posto je inficirana. Preuzmi program Flash_Disinfector. program se pokreće dvoklikom na Flash_Disinfector.exe kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay) kliknuti na OK i sačekati da se proces završi kada se pojavi poruka Done !!, kliknuti na OK. Sada da vidimo i ostatak da odradimo. Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\SSVICHOSST.exe C:\WINDOWS\Tasks\At1.job Folder:: C:\Program Files\AskTBar Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29a01f8c-0259-11dd-a87e-0018f317dcf1}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Postavi i novi HijackThis log.

Profil

novidan Poslao: 30 Mar 2008 19:49 Idi na vrh
offline novidan Super građanin Zora Pridružio: 22 Okt 2004 Poruke: 1435 Gde živiš: ni na nebu ni na zemlji	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! nazalost nisam dobila log nakon sto sam prevukla text na ikonicu combofixa. dobila sam samo poruku da ne pokrecem nikakav drugi program dok ovaj log ne zavrsi....." ja cekala i cekal i na kraju ....nista!

Profil

bobby Poslao: 30 Mar 2008 20:24 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Koliko dugo si cekala? Daj mi obican ComboFix log da vidim dokle se stiglo ukoliko vec nece preko skripta.

Profil

novidan Poslao: 31 Mar 2008 06:12 Idi na vrh
offline novidan Super građanin Zora Pridružio: 22 Okt 2004 Poruke: 1435 Gde živiš: ni na nebu ni na zemlji	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! hvala bobby, evo log sa combofix. cekala sam 10 min prije i samo je blinkala mala crtica ispod texta da ne koristim druge programe dok se kreira log. mozda sam trebala jos cekati ComboFix 08-03-25.2 - Administrator 2008-03-31 9:31:11.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.153 [GMT 5.5:30] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Program Files\AskTBar C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL C:\Program Files\AskTBar\bar\Cache\0006B97F C:\Program Files\AskTBar\bar\Cache\0006C13F C:\Program Files\AskTBar\bar\Cache\0006C6BD.bin C:\Program Files\AskTBar\bar\Cache\0006D7A5.bin C:\Program Files\AskTBar\bar\Cache\0006DB7E.bin C:\Program Files\AskTBar\bar\Cache\0006DF47.bin C:\Program Files\AskTBar\bar\Cache\0006E2C1.bin C:\Program Files\AskTBar\bar\Cache\00070BB6.bin C:\Program Files\AskTBar\bar\Cache\files.ini C:\Program Files\AskTBar\bar\History\search2 C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm C:\Program Files\AskTBar\PopSwatr\History\allowed C:\Program Files\AskTBar\PopSwatr\History\notallow C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL C:\WINDOWS\Tasks\At1.job . ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 ))))))))))))))))))))))))))))))) . 2008-03-31 00:52 . 2008-03-31 00:52 0 --a------ C:\WINDOWS\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-05 03:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7 2008-04-05 03:29 95,744 ----a-w C:\WINDOWS\system32\drivers\timntr.sys 2008-04-05 03:29 63,808 ----a-w C:\WINDOWS\system32\drivers\snapman.sys 2008-04-05 03:29 --------- d-----w C:\Program Files\Common Files\Acronis 2008-04-05 03:29 --------- d-----w C:\Program Files\Acronis 2008-04-05 03:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2008-04-05 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-04-05 02:56 --------- d-----w C:\Program Files\Zone Labs 2008-04-05 02:51 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-05 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-05 02:50 --------- d-----w C:\Program Files\MSXML 4.0 2008-04-04 17:33 --------- d-----w C:\Program Files\Symantec 2008-04-04 17:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-04 17:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-04-04 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-04 17:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft 2008-04-03 13:58 --------- d-----w C:\Program Files\Google 2008-04-03 13:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype 2008-04-03 12:16 --------- d-----w C:\Program Files\Skype 2008-04-03 12:16 --------- d-----w C:\Program Files\Common Files\Skype 2008-04-03 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-04-03 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP 2008-04-03 08:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-04-03 08:23 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-04-03 08:18 --------- d-----w C:\Program Files\badcdrepair 2008-04-03 08:17 --------- d-----w C:\Program Files\PIXresizer 2008-04-03 08:13 --------- d-----w C:\Program Files\QuickTime 2008-04-03 08:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-03 08:12 --------- d-----w C:\Program Files\Apple Software Update 2008-04-03 08:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-04-03 08:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic 2008-04-03 08:10 --------- d-----w C:\Program Files\VideoLAN 2008-04-03 08:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\vlc 2008-04-03 07:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead 2008-04-03 06:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Printer Info Cache 2008-04-03 06:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Image Zone Express 2008-04-03 06:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY 2008-04-03 06:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\HP 2008-04-03 06:45 --------- d-----w C:\Program Files\HP 2008-04-03 06:45 --------- d-----w C:\Program Files\Common Files\HP 2008-04-03 06:41 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2008-04-03 06:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2008-04-03 06:19 --------- d-----w C:\Program Files\Common Files\Ahead 2008-04-03 06:18 --------- d-----w C:\Program Files\Nero 2008-04-03 06:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-04-03 06:04 --------- d-----w C:\Program Files\MSN Messenger 2008-04-03 06:03 --------- d-----w C:\Program Files\Yahoo! 2008-04-03 05:56 --------- d-----w C:\Program Files\RConnect 2008-04-03 05:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-03 05:53 --------- d-----w C:\Program Files\LG Electronics 2008-04-03 05:42 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-03 05:42 --------- d-----w C:\Program Files\ASUS 2008-04-03 05:41 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-03 05:40 --------- d-----w C:\Program Files\Marvell 2008-04-03 05:39 --------- d-----w C:\Program Files\Analog Devices 2008-04-03 05:37 --------- d-----w C:\Program Files\Intel 2008-04-03 05:25 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-31 04:03 1,069,088 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-30 19:28 14,948 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll . ((((((((((((((((((((((((((((( snapshot@2008-03-30_12.41.59.74 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-21 00:04:14 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe - 2006-11-09 09:50:40 2,111,096 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll + 2007-06-11 20:34:34 2,115,816 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll + 2007-06-11 20:34:40 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-03-30 10:07:50 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe + 2008-03-30 10:14:06 45,218 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:54 1694208] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-02-24 11:57 2506752] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 10:05 6856704] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-03 18:19 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160] "ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 16:07 617984] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-05 08:22 579072] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-05 08:21 219136] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-31 09:33:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-03-31 9:33:58 ComboFix-quarantined-files.txt 2008-03-31 04:03:53 ComboFix2.txt 2008-03-30 07:12:17 . 2008-03-30 06:35:18 --- E O F ---

Profil

bobby Poslao: 31 Mar 2008 19:38 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odlicno, prilicno je toga uradio pre nego sto si ga prekinula. Ajmo sada dalje. Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\SSVICHOSST.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Postavi i novi HijackThis log.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » svichosst.exe

Ko je trenutno na forumu

Ukupno su 860 korisnika na forumu :: 9 registrovanih, 1 sakriven i 850 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: draganl, Haris, Istman, marsovac 2, pein, rikirubio, Vlada1389, zicko.spacek, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by