|
Poslao: 25 Jul 2009 11:30
|
offline
- seizovic
- Građanin
- Pridružio: 24 Jul 2009
- Poruke: 204
|
Napisano: 25 Jul 2009 11:20
sada se sam restartovao i gubi kontakt...detskop mi cas radi cas se ugasi
Dopuna: 25 Jul 2009 11:30
ne znam...ostavicu nekom ko se razume vise od mene da preusme tvoja uputstva...kada preuzmem sve to komp pisti...zeznucu nesto...
Dopuna: 25 Jul 2009 11:30
ne znam zasto mi system restore ne radi i rececle tj ne mogu nista da obrisem iz recucle
|
|
|
|
|
|
|
Poslao: 25 Jul 2009 11:45
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Isključi antivirus (uputstvo je dato na linku) i dvoklikni na ComboFix.exe. Isprati postupak klikćući na Yes ili OK. PC će se verovatno restartovati u toku postupka i na kraju će se otvoriti izveštaj u Notepad-u.
Doista je veoma prosto. Preporučujem da probaš (čekanje može samo da pogorša stanje). Pištanje ignoriši.
|
|
|
|
|
|
|
Poslao: 25 Jul 2009 13:15
|
offline
- seizovic
- Građanin
- Pridružio: 24 Jul 2009
- Poruke: 204
|
Napisano: 25 Jul 2009 13:07
probala...ne ide mi...sacekacu pa sta bude...hvala na pomoci i trudu
Dopuna: 25 Jul 2009 13:09
ne kontam gde je add aware
Dopuna: 25 Jul 2009 13:13
reci mi zasto mi system restore izgubio funkciju...ne mogu ni jedan datum da odaberem pise system checkpoint
Dopuna: 25 Jul 2009 13:15
da li ima neko jednostavnije iskljucivanje antivirusa
|
|
|
|
|
|
|
|
|
Poslao: 25 Jul 2009 17:06
|
offline
- seizovic
- Građanin
- Pridružio: 24 Jul 2009
- Poruke: 204
|
Napisano: 25 Jul 2009 17:05
joj nesto sam bila zabrljala posle izvestaja nisam mogla ni jedan browser da koristim...2 puta sam restartovala i sada mogu al nema u copy-past taj izvestaj...ne znam definitivno sta radim...zeznucu nesto
bila mi pored nod-a ikonica secyritu centra
Dopuna: 25 Jul 2009 17:06
uh ceo dan se mucim...
|
|
|
|
|
|
|
Poslao: 25 Jul 2009 20:06
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Dvoklikni na C:\ComboFix.txt ;
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.
|
|
|
|
|
|
|
Poslao: 26 Jul 2009 16:17
|
offline
- seizovic
- Građanin
- Pridružio: 24 Jul 2009
- Poruke: 204
|
Napisano: 26 Jul 2009 16:09
nismo se razumeli:)
kada iskljucim nod i kliknem na comboFix...odradi on sta treba...ali ne mogu da odem na net...jednostavno mi izbaci za sve da je ne postojece i moram da restartujem komp a onda posle toga mi se izgubi opcija paste tj ne mogu da nalepim ovde to sto treba:(
Dopuna: 26 Jul 2009 16:11
procitah napomenu i evoComboFix 09-07-24.01 - Administrator 07/25/2009 16:46.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1062 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ADMINI~1\APPLIC~1\.#
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\_tm72A.tmp
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\ISOSetup.exe
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\stb06759.tmp
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.3.0.4160\adwpx.exe
c:\program files\Internet Saving Optimizer\3.3.0.4160\Data\config.md
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.3.0.4160\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.3.0.4160\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.3.0.4160\unins000.dat
c:\program files\Internet Saving Optimizer\3.3.0.4160\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.3.0.790\Data\config.md
c:\program files\Media Access Startup\1.3.0.790\FF\chrome.manifest
c:\program files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.3.0.790\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.3.0.790\FF\install.rdf
c:\program files\Media Access Startup\1.3.0.790\HPCommon.dll
c:\program files\Media Access Startup\1.3.0.790\HPIEAddOn.dll
c:\program files\Media Access Startup\1.3.0.790\hppx.exe
c:\program files\Media Access Startup\1.3.0.790\MAHelper.exe
c:\program files\Media Access Startup\1.3.0.790\unins000.dat
c:\program files\Media Access Startup\1.3.0.790\unins000.exe
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HIstsw.dll
c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POpswt.dll
c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSBar.dll
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSrcas.dll
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\006D5A62
c:\program files\MyWebSearch\bar\Cache\006D73A7
c:\program files\MyWebSearch\bar\Cache\006D74DF.bin
c:\program files\MyWebSearch\bar\Cache\006D7964.bin
c:\program files\MyWebSearch\bar\Cache\006D8E05.bin
c:\program files\MyWebSearch\bar\Cache\006D9539.bin
c:\program files\MyWebSearch\bar\Cache\00A73A6C
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\program files\System Search Dispatcher\1.2.0.750\ssd.dll
c:\windows\Installer\19769d.msi
.
((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.
2009-07-25 09:31 . 2009-07-25 09:31 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-25 09:27 . 2009-07-25 09:31 -------- d-s---w- C:\ComboFix(2)
2009-07-23 17:55 . 2009-07-23 17:55 -------- d-----w- c:\program files\JoWooD
2009-07-20 19:27 . 2009-07-20 19:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSNInstaller
2009-07-20 19:27 . 2009-07-20 19:50 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\MSNInstaller
2009-07-20 19:15 . 2009-07-20 19:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2009-07-20 19:15 . 2009-07-20 19:21 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Yahoo!
2009-07-20 19:15 . 2009-07-20 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-20 19:10 . 2009-07-20 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-20 19:10 . 2009-07-20 19:22 -------- d-----w- c:\program files\Yahoo!
2009-07-01 12:05 . 2009-07-01 12:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-29 06:13 . 2009-06-29 06:13 -------- d-----w- c:\program files\DoubleD
2009-06-29 06:13 . 2009-06-29 06:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD
2009-06-28 14:29 . 2009-06-28 14:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup
2009-06-28 14:29 . 2009-06-28 14:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer
2009-06-28 14:28 . 2009-06-28 14:28 -------- d-----w- c:\program files\System Search Dispatcher
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 14:49 . 2008-12-30 18:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-07-25 14:49 . 2008-12-30 18:21 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Skype
2009-07-25 14:04 . 2008-12-30 18:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-07-25 14:04 . 2008-12-30 18:52 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\skypePM
2009-07-01 18:08 . 2008-12-30 14:25 71096 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 18:04 . 2009-07-01 12:06 -------- d-----w- c:\program files\Common Files\Real
2009-07-01 17:30 . 2009-02-09 19:32 -------- d-----w- c:\program files\YouTube Downloader
2009-07-01 17:26 . 2009-07-01 17:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2009-07-01 17:26 . 2009-07-01 17:01 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\GetRightToGo
2009-07-01 17:24 . 2009-07-01 14:15 -------- d-----w- c:\program files\KeepV Converter
2009-07-01 12:06 . 2009-07-01 12:06 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-01 12:06 . 2009-07-01 12:06 -------- d-----w- c:\program files\Real
2009-07-01 12:05 . 2008-12-30 18:20 -------- d-----w- c:\program files\Google
2009-06-29 09:30 . 2009-03-19 17:50 -------- d-----w- c:\program files\Opera
2009-06-12 11:49 . 2009-06-12 11:49 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-06-02 15:00 . 2009-06-02 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitstream
2009-06-02 15:00 . 2009-06-02 14:50 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-02 14:51 . 2009-06-02 14:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel
2009-06-02 14:51 . 2009-06-02 14:50 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Corel
2009-06-02 14:50 . 2009-06-02 14:50 8 --sh--r- c:\documents and settings\All Users\Application Data\E2E70C80C3.sys
2009-06-02 14:40 . 2009-06-02 14:40 -------- d-----w- c:\program files\Common Files\Protexis
2009-06-02 14:40 . 2009-06-02 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-06-02 14:39 . 2009-06-02 14:39 -------- d-----w- c:\program files\Common Files\Corel
2009-06-02 14:39 . 2009-06-02 14:39 -------- d-----w- c:\program files\Corel
2009-06-01 08:56 . 2009-06-01 08:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thinstall
2009-06-01 08:56 . 2009-06-01 08:56 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Thinstall
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-07-24 20:28 . 2009-01-11 19:56 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-11-27 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-30 949376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-01 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16861184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-11-27 99840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\AntiVirusDisableNotify!=dword:0]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [3/9/2009 11:17 PM 13696]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [12/30/2008 4:29 PM 15424]
S2 gupdate1c9fa4440203a06;Google Update Service (gupdate1c9fa4440203a06);c:\program files\Google\Update\GoogleUpdate.exe [7/1/2009 2:05 PM 133104]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [3/19/2009 3:58 PM 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [3/19/2009 3:58 PM 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [3/19/2009 3:58 PM 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [3/19/2009 3:58 PM 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [3/19/2009 3:58 PM 83344]
.
Contents of the 'Scheduled Tasks' folder
2009-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 12:05]
2009-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 12:05]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUfox000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\docume~1\ADMINI~1\APPLIC~1\Mozilla\Firefox\Profiles\ct7awr84.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=GroYGuhPQATv4ZKEz4GJIQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 16:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\imon.dll
.
Completion time: 2009-07-25 16:49
ComboFix-quarantined-files.txt 2009-07-25 14:49
Pre-Run: 29,538,242,560 bytes free
Post-Run: 30,106,411,008 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
268
Dopuna: 26 Jul 2009 16:17
reci mi molimte da li je avast bolji od noda...tj koji AV mi preporucujes...nod 32 mi pravi stalno zbrke
|
|
|
|
|
|
|
|
|
Poslao: 26 Jul 2009 22:08
|
offline
- seizovic
- Građanin
- Pridružio: 24 Jul 2009
- Poruke: 204
|
ne kontam kako da snimim na detskop
sorry komp imamo par meseci pa nisam vesta
|
|
|
|
|
|
|
Poslao: 26 Jul 2009 22:19
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
U redu je...
Otvoriš Notepad (Start > All programs > Accessories > Notepad).
U prozor Notepad-a iskopiraš sve što se nalazi unutar Kod polja.
Zatim, u Notepad-u, klikneš File > Save: kada se otvori dijalog za snimanje file-a, gore levo postoji taster Desktop - klikni na njega.
Zatim u polje File Name upiši:
CFScript
i klikni Save.
Zatim prevuci file CFScript na ikonicu ComboFix-a (i pusti taster).
|
|
|
|
|
|
) u donjem desnom uglu ekrana).
Otvoriti 
