Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Virus blokira internet

[es] :: Zaštita :: Virus blokira internet

Strane: < .. 1 2 3

[ Pregleda: 14803 | Odgovora: 49 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

rime1

Član broj: 206869
Poruke: 31
77.46.199.*



Profil

icon Re: Virus blokira internet03.01.2009. u 21:30 - pre 186 meseci
To je to,problem je konacno resen evo log
i moze li savet za neki av,jer ovaj nod ocito ne valja

ComboFix 09-01-02.01 - J 2009-01-03 22:14:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.2047.1579 [GMT 1:00]
Running from: c:\documents and settings\J\Local Settings\Temp\wza21f\E-S.exe

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\J\Application Data\sysFiles00.dll
c:\windows\system32\drivers\TDSSpqlt.sys
c:\windows\system32\gPrtDJlm.ini
c:\windows\system32\gPrtDJlm.ini2
c:\windows\system32\pakltfdr.ini
c:\windows\system32\TDSSbrsr.dll
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSorvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsihc.dll
c:\windows\system32\TDSStkdu.log
c:\windows\system32\TDSSxfum.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2009-01-02 21:17 . 2009-01-02 21:23 <DIR> d-------- c:\program files\Wise Disk Cleaner 3 Pro
2009-01-02 21:15 . 2009-01-02 21:17 <DIR> d-------- c:\program files\Wise Registry Cleaner 3 Pro
2009-01-02 11:32 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-02 11:32 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-01 13:57 . 2009-01-01 13:57 <DIR> d-------- c:\documents and settings\J\Application Data\Thinstall
2008-12-31 12:44 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-30 19:34 . 2008-12-30 19:34 <DIR> d-------- c:\program files\ChromePortable
2008-12-30 18:51 . 2008-12-30 19:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-12-30 17:47 . 2008-12-30 17:47 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-30 17:47 . 2008-12-30 17:47 1,409 --a------ c:\windows\QTFont.for
2008-12-29 19:08 . 2008-12-29 19:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Applications
2008-12-28 20:04 . 2008-12-28 20:04 <DIR> d-------- c:\program files\Eidos Interactive
2008-12-26 20:28 . 2008-12-26 20:28 1,315 --a------ c:\windows\jphdw_m16.ini
2008-12-25 18:11 . 2009-01-03 22:22 <DIR> d-------- c:\documents and settings\J\Tracing
2008-12-25 17:56 . 2008-12-25 17:56 <DIR> d-------- c:\program files\Microsoft Office Outlook Connector
2008-12-25 17:51 . 2008-12-25 17:51 <DIR> d-------- c:\program files\Windows Live SkyDrive
2008-12-25 17:51 . 2008-12-25 17:51 <DIR> d-------- c:\program files\Microsoft
2008-12-25 17:24 . 2008-12-25 17:24 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-12-24 19:02 . 2008-12-24 19:02 <DIR> d-------- C:\Games
2008-12-18 13:13 . 2008-12-18 13:13 <DIR> d-------- c:\windows\ie8updates
2008-12-16 17:36 . 2007-05-27 00:50 <DIR> d-------- c:\program files\Voice Changer 4.0 Diamond
2008-12-14 14:34 . 2008-12-14 14:34 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2008-12-08 15:41 . 2008-12-08 15:41 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-08 15:04 . 2008-12-08 15:06 <DIR> d-------- c:\program files\Rockstar Games
2008-12-07 21:34 . 2008-12-24 17:39 <DIR> d-------- c:\program files\RapidCheck
2008-12-04 14:56 . 2008-12-04 14:56 <DIR> d-------- c:\program files\Java
2008-12-04 14:56 . 2008-12-04 14:56 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-04 14:55 . 2008-12-04 14:55 0 --a------ c:\windows\system32\REN584.tmp
2008-12-04 14:55 . 2008-12-04 14:55 0 --a------ c:\windows\system32\REN583.tmp
2008-12-04 14:55 . 2008-12-04 14:55 0 --a------ c:\windows\system32\REN582.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 19:09 --------- d-----w c:\program files\wLite
2009-01-01 19:07 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-01 12:55 --------- d-----w c:\documents and settings\J\Application Data\Spy Emergency
2008-12-31 15:33 --------- d-----w c:\program files\Skype
2008-12-30 17:51 --------- d-----w c:\program files\Google
2008-12-30 16:18 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-29 18:19 --------- d-----w c:\program files\Microsoft Games
2008-12-25 16:54 --------- d-----w c:\program files\Windows Live
2008-12-24 16:42 --------- d-----w c:\program files\Illusion
2008-12-24 16:38 --------- d-----w c:\program files\DNA
2008-12-20 16:29 --------- d-----w c:\program files\PuppetMaster
2008-12-20 11:49 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-11 13:39 --------- d-----w c:\program files\Latinski Recnik 1.1
2008-12-08 14:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 19:31 --------- d-----w c:\program files\titca
2008-12-02 16:05 --------- d-----w c:\program files\Uniblue
2008-12-02 15:49 --------- d-----w c:\documents and settings\J\Application Data\Uniblue
2008-12-01 14:26 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-28 15:52 --------- d-----w c:\documents and settings\All Users\Application Data\RoboForm
2008-11-28 15:51 --------- d-----w c:\program files\Siber Systems
2008-11-23 14:18 --------- d-----w c:\program files\Njegos »Gorski vijenac«
2008-11-22 20:30 --------- d-----w c:\program files\mIRC
2008-11-22 17:30 --------- d-----w c:\documents and settings\J\Application Data\SystemRequirementsLab
2008-11-15 18:20 --------- d-----w c:\documents and settings\J\Application Data\PC Suite
2008-11-14 13:03 --------- d-----w c:\documents and settings\J\Application Data\Skype
2008-11-14 13:00 --------- d-----w c:\documents and settings\J\Application Data\skypePM
2008-11-12 13:20 --------- d-----w c:\program files\Mafia-WinterEdition
2008-11-12 12:44 --------- d-----w c:\program files\MSXML 4.0
2008-11-08 14:11 --------- d-----w c:\program files\Common Files\Skype
2008-11-08 14:11 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-13 18:05 356,352 ----a-w c:\windows\eSellerateEngine.dll
2008-02-22 11:37 472 ----a-w c:\program files\setup.reg
2008-02-08 09:03 30,529,024 ----a-w c:\program files\kav.en.msi
2008-02-04 20:36 22,328 ----a-w c:\documents and settings\J\Application Data\PnkBstrK.sys
2007-10-02 05:08 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
2004-07-22 08:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
2004-07-19 20:58 1,156,363 ----a-w c:\program files\BDANT.cab
2004-07-19 20:53 976,020 ----a-w c:\program files\BDAXP.cab
2004-07-09 12:17 13,265,040 ----a-w c:\program files\dxnt.cab
2004-07-09 07:13 703,080 ----a-w c:\program files\BDA.cab
2004-07-09 07:13 15,493,481 ----a-w c:\program files\DirectX.cab
2004-07-09 02:08 472,576 ----a-w c:\program files\dxsetup.exe
2004-07-09 02:08 2,242,560 ----a-w c:\program files\dsetup32.dll
2004-07-09 01:03 62,976 ----a-w c:\program files\DSETUP.dll
2008-08-02 23:14 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-07-03 13:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008070320080704\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]

c:\documents and settings\J\Start Menu\Programs\u.rar\
Thoosje Sidebar.lnk - c:\program files\Thoosje Vista Sidebar\Thoosje Sidebar.exe [2008-08-18 605696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sremcon.exe\0autocheck smrgdf c:\documents and settings\J\Application Data\iolo\\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Media Key.lnk]
backup=c:\windows\pss\Media Key.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\^.rnd]
path=\.rnd

[HKLM\~\startupfolder\^default.pls]
path=\default.pls

[HKLM\~\startupfolder\^ntuser.dat]
path=\ntuser.dat

[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG

[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\90208
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntamediaBandwidth
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323Domino
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Caffe-Server
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RapidCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftickPPP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThePrivacyGuard
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323VMSnap]
--a------ 2006-09-19 14:26 212992 c:\windows\VMSnap23.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-10-05 16:24 289088 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 12:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2008-12-02 22:41 3882312 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 15:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 08:59 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
-ra------ 2006-01-30 17:00 98304 c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RamBooster]
--a------ 2005-11-17 07:32 561664 c:\program files\RamBooster 2.0\Rambooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2008-12-13 20:15 306088 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
--a------ 2008-05-01 14:14 2071096 c:\program files\NETGATE\Spy Emergency 2008\SpyEmergency.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-18 13:29 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2008-05-05 12:22 1923352 c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2007-08-19 12856]
R1 NDISAH;NDISAH;c:\windows\system32\drivers\ndisah.sys [2008-09-27 19584]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [2008-05-17 12344]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [2007-08-19 8576]
R3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-08-16 420480]
R3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [2008-01-22 260608]
R4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-03-14 578408]
R4 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-03-14 578408]
R4 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe [2008-05-17 694840]
S0 MFX;MFX; [x]
S3 DAGP;DAGP; [x]
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver;\??\c:\docume~1\J\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys --> c:\docume~1\J\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys [?]
S3 mpr_freader;MPR FileReader Driver;\??\c:\docume~1\J\LOCALS~1\Temp\RarSFX0\mpr_freader.sys --> c:\docume~1\J\LOCALS~1\Temp\RarSFX0\mpr_freader.sys [?]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [2008-05-17 14392]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2008-09-28 10986]
S4 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2008-09-28 515803]
S4 ioloProductUpdate;iolo Product Update Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-03-14 578408]
S4 KJYXJSM;KJYXJSM; [x]
S4 Webcam Corp. Service Starter;Webcam Corp. Service Starter;c:\program files\Webcam\Webcam123\dogsvc.exe --> c:\program files\Webcam\Webcam123\dogsvc.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{220dba5a-71ea-11dd-bf54-0018f3ea3f39}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce3ecb5c-6857-11dc-9995-0018f3ea3f39}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
.
Contents of the 'Scheduled Tasks' folder

2009-01-03 c:\windows\Tasks\User_Feed_Synchronization-{132907F2-D634-4C67-9942-44DF435096B5}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:05]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-9c147f9a - c:\windows\system32\rdftlkap.dll
MSConfigStartUp-WMUAgent - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZR&fl=0&ptb=FxQDV6NJmNITE9Cif4c9qA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download ALL with IDA
IE: Download with IDA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\J\Application Data\Mozilla\Firefox\Profiles\w92mhjlz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p=
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 22:22:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-854245398-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\H*NULL*a*NULL*r*NULL*r*NULL*y*NULL* *NULL*P*NULL*o*NULL*t*NULL*t*NULL*e*NULL*r*NULL* *NULL*a*NULL*n*NULL*d*NULL* *NULL*t*NULL*h*NULL*e*NULL* *NULL*O*NULL*r*NULL*d*NULL*e*NULL*r*NULL* *NULL*o*NULL*f*NULL* *NULL*t*NULL*h*NULL*e*NULL* *NULL*P*NULL*h*NULL*o*NULL*e*NULL*n*NULL*i*NULL*x*NULL*"!]
"Order"=hex:08,00,00,00,02,00,00,00,ce,03,00,00,01,00,00,00,06,00,00,00,98,00,\
00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,\
00,32,00,00,00,8c,38,51,8b,20,00,45,4c,45,43,54,52,7e,31,2e,55,52,4c,00,00,\
4e,00,03,00,04,00,ef,be,8c,38,51,8b,08,39,5c,a4,14,00,00,00,45,00,6c,00,65,\
00,63,00,74,00,72,00,6f,00,6e,00,69,00,63,00,20,00,52,00,65,00,67,00,69,00,\
73,00,74,00,72,00,61,00,74,00,69,00,6f,00,6e,00,2e,00,75,00,72,00,6c,00,00,\
00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,\
be,00,00,00,01,00,00,00,b0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,9e,\
00,32,00,39,08,00,00,8c,38,51,8b,20,00,48,41,52,52,59,50,7e,31,2e,4c,4e,4b,\
00,00,74,00,03,00,04,00,ef,be,8c,38,51,8b,08,39,5c,a4,14,00,00,00,48,00,61,\
00,72,00,72,00,79,00,20,00,50,00,6f,00,74,00,74,00,65,00,72,00,20,00,61,00,\
6e,00,64,00,20,00,74,00,68,00,65,00,20,00,4f,00,72,00,64,00,65,00,72,00,20,\
00,6f,00,66,00,20,00,74,00,68,00,65,00,20,00,50,00,68,00,6f,00,65,00,6e,00,\
69,00,78,00,22,21,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,96,00,00,00,02,00,00,00,88,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,76,00,32,00,37,04,00,00,8c,38,51,\
8b,20,00,4d,49,43,52,4f,53,7e,31,2e,4c,4e,4b,00,00,4c,00,03,00,04,00,ef,be,\
8c,38,51,8b,08,39,5c,a4,14,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,\
00,66,00,74,00,20,00,44,00,69,00,72,00,65,00,63,00,74,00,58,00,20,00,45,00,\
55,00,4c,00,41,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,78,00,00,00,03,00,00,00,6a,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,32,00,4b,04,00,00,8c,38,51,\
8b,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,00,00,2e,00,03,00,04,00,ef,be,\
8c,38,51,8b,08,39,5c,a4,14,00,00,00,52,00,65,00,61,00,64,00,20,00,4d,00,65,\
00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,8c,00,00,00,04,00,00,00,7e,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,6c,00,32,00,79,05,00,00,8c,38,51,8b,20,00,54,45,\
43,48,4e,49,7e,31,2e,4c,4e,4b,00,00,42,00,03,00,04,00,ef,be,8c,38,51,8b,08,\
39,5c,a4,14,00,00,00,54,00,65,00,63,00,68,00,6e,00,69,00,63,00,61,00,6c,00,\
20,00,53,00,75,00,70,00,70,00,6f,00,72,00,74,00,2e,00,6c,00,6e,00,6b,00,00,\
00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,\
d2,00,00,00,05,00,00,00,c4,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,b2,\
00,32,00,6c,08,00,00,8c,38,51,8b,20,00,55,4e,49,4e,53,54,7e,31,2e,4c,4e,4b,\
00,00,88,00,03,00,04,00,ef,be,8c,38,51,8b,08,39,5c,a4,14,00,00,00,55,00,6e,\
00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,48,00,61,00,72,00,72,00,\
79,00,20,00,50,00,6f,00,74,00,74,00,65,00,72,00,20,00,61,00,6e,00,64,00,20,\
00,74,00,68,00,65,00,20,00,4f,00,72,00,64,00,65,00,72,00,20,00,6f,00,66,00,\
20,00,74,00,68,00,65,00,20,00,50,00,68,00,6f,00,65,00,6e,00,69,00,78,00,22,\
21,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-854245398-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{33D2BCAC-D8CD-7C15-7D6E-9FACCABFBE7E}*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaigbcmlfjemhihlkjbebonpcfcboo"=hex:6b,61,62,61,67,62,6b,62,65,65,6a,66,70,6c,\
61,64,67,65,68,6e,70,61,00,00
"naoldemhnmfcpobnocieijjpgagg"=hex:6b,61,62,61,6e,61,6c,63,70,62,6e,65,6e,6a,\
65,6e,6f,64,6a,6d,6c,70,00,00

[HKEY_USERS\S-1-5-21-854245398-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{57C36166-70FE-3C67-1019-08DAF9ABD357}*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"fajgffiojpod"=hex:66,61,6c,61,69,63,6b,64,67,6b,6c,6f,00,00

[HKEY_USERS\S-1-5-21-854245398-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{64DD45CF-09EE-7A4E-AEDF-8BF3633D3E5D}*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"haibciohbojgnffb"=hex:61,61,00,7c
"jaibciohbojgnffbmgoe"=hex:63,61,6a,64,67,65,00,7c
"paacdkghbkbfnjcgfggacgnnegejooni"=hex:64,61,6e,64,6a,70,61,6a,00,00

[HKEY_USERS\S-1-5-21-854245398-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74994A84-DEEA-1D66-6253-E678E0142485}*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"aboccklpfmppekdofhmbaedacickmonjfj"=hex:62,62,61,65,6a,6c,66,6f,61,68,69,65,\
6f,63,66,69,64,64,6b,62,6a,62,62,62,67,6f,69,68,6d,61,6c,6c,6e,67,6d,6c,00,\
1f
"bboccklpfmppekdofhjbfgiabcohoipeddfb"=hex:61,62,66,65,62,6e,6a,65,6b,62,64,6b,\
61,6a,6c,6f,69,61,65,6d,65,6e,68,66,6c,67,6e,61,69,68,62,6a,64,61,00,6c

[HKEY_USERS\S-1-5-21-854245398-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E417608-86B4-BA6E-DF09-0DF38D92EB4D}*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-854245398-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1C3B509-B662-6634-645E-24E03CCD3F16}*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hapmdcbcknilnbag"=hex:6f,61,65,6e,6b,6c,6f,6d,67,6b,6e,6b,61,6d,6f,70,64,68,\
6d,66,64,6b,6f,65,6a,63,6f,67,6f,6b,00,00
"hapmdcbcepcogefg"=hex:63,63,66,6b,69,66,70,68,68,67,6e,6e,67,62,64,64,6c,6a,\
63,67,62,61,6d,6d,6f,67,70,70,6b,70,63,6c,6f,62,61,65,65,62,6b,69,66,61,67,\
62,70,6b,61,6f,66,6f,6e,6e,63,6d,64,61,67,66,61,6f,6e,62,6b,62,67,62,6a,61,\
6d,69,00,00
"iadkcmfjjnbipanbhh"=hex:69,61,64,6a,62,6a,6f,67,67,68,6c,63,67,68,69,6f,62,61,\
00,00
"hanbagijpjiaefmn"=hex:69,61,64,6a,62,6a,6f,67,67,68,6c,63,67,68,69,6f,62,61,\
00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{26ba0792-0985-4d80-8d59-e36016ecec97}]
@Denied: (Full) (Everyone)
"Model"=dword:0000011e
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,\
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
3f,ce,a2,4b,39,29,d8,6e,56,96,16,73,9f,4f,94,a3,f7,89,46,8f,3c,f2,5c,68,ee,\
21,8c,c2,bc,f9,ea,af,0b,0d,1a,60,fd,e7,c1,34,ef,30,fa,b3,45,7c,c0,ca,18,a6,\
19,9c,8e,91,24,d4,cb,61,47,c6,bd,29,47,f3,bb,33,af,ab,cd,0e,56,2c,76,32,e7,\
38,2e,98,d8,aa,db,af,2e,07,98,4e,76,5f,ea,e7,0e,50,4c,a7,8c,27,9a,ce,f6,9b,\
39,12,86,d9,d9,be,35,22,f8,ac,98,55,74,7d,e3,5d,5f,fc,2c,79,70,66,b9,f0,43,\
56,ff,e4,48,eb,25,4d,90,ab,1b,0c,d4,9f,4c,45,27,90,f4,12,01,58,60,e7,75,b8,\
bd,9a,f1,4d,cb,f5,2e,74,78,3c,f7,95,2c,fd,f1,78,d9,1d,5a,42,49,8c,bf,1a,9d,\
fe,41,71,cb,3f,46,a4,7c,ab,3f,ce,c0,8f,d7,20,9f,15,65,be,a8,d9,c1,c4,0e,a9,\
32,a9,b8,eb,e4,7b,2e,a8,de,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):10,e5,1e,c2,35,2e,ad,24,f5,9a,81,4f,e6,b4,a9,dd,cd,b5,31,ac,84,\
f2,55,2f,af,ee,36,76,2f,af,22,a1,de,e3,95,27,fa,1d,9e,57,00,00,00,00,00,00,\
00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F1C3B509-B662-6634-645E-24E03CCD3F16}\InProcServer32*NULL*]
"jabchlnhlpiejjcjdimp"=hex:69,61,64,6a,62,6a,6f,67,67,68,6c,63,67,68,69,6f,62,\
61,00,00
"iabcblenkjogbhjama"=hex:69,61,64,6a,62,6a,6f,67,67,68,6c,63,67,68,69,6f,62,61,\
00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
.
**************************************************************************
.
Completion time: 2009-01-03 22:28:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-03 21:26:48
ComboFix2.txt 2009-01-02 16:45:28

Pre-Run: 56,207,564,800 bytes free
Post-Run: 56,250,466,304 bytes free

399 --- E O F --- 2008-12-18 12:14:07
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
82.208.201.*

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Virus blokira internet03.01.2009. u 21:47 - pre 186 meseci
Kazi mi kakva je sad situacija i da li mozes da skines recimo malwarebytes sa neta. I nemoj da ga pokreces samo vidi da li oce da skine.
I postavi mi svez HJT log.

edit:
Onaj CF sto si imao na kompu je bio iz 2007 godine.
 
Odgovor na temu

rime1

Član broj: 206869
Poruke: 31
77.46.199.*



Profil

icon Re: Virus blokira internet03.01.2009. u 22:04 - pre 186 meseci
Skinuo sam ga i instalirao jer nisam video sta si napisao ali ga nisam pokrenuo,sada moze da otvara stranice koje ranije nije mogao a i google chrom radi,da skinem novi combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:49, on 3.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\titca\titca\titca.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Thoosje Sidebar.lnk = C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe

--
End of file - 6700 bytes
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
82.208.201.*

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Virus blokira internet03.01.2009. u 22:13 - pre 186 meseci
Evo ovako, HJT log je odlican, samo ces deinstalirati Combofix
Start\Run\ Combofix /u ok. Ovo ce ti obrisati foldere CF i resetovati system restore.
Mozes da pokrenes malwarebytes za svaki slucaj cisto preventive radi.
Sto se tice antivirusa svako ce ti reci nesto drugo, a ja mogu da ti kazem sta ja koristim. Avast i Comodo Firewall.
 
Odgovor na temu

rime1

Član broj: 206869
Poruke: 31
77.46.199.*



Profil

icon Re: Virus blokira internet03.01.2009. u 22:16 - pre 186 meseci
Nece da mi deinstalira combofix kucam Combofix /u ali mi kaze da ne moze da ga pronadze
malwarebytes mi je pronasao devet zarazenih kjuceva i ocistio ih
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
82.208.201.*

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Virus blokira internet03.01.2009. u 22:18 - pre 186 meseci
Obrisi ovaj folder C:\ComboFix.
Obriši folder C:\qoobox a zatim isključi pa ponovo uključi System Restore:

Ti si ga skinuo na desktop i stavio si ga u folder a folder si nazvao J i zato nece da se deinstalira automatski.
 
Odgovor na temu

rime1

Član broj: 206869
Poruke: 31
77.46.199.*



Profil

icon Re: Virus blokira internet03.01.2009. u 22:21 - pre 186 meseci
kod mene se on zove QooBox
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
82.208.201.*

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Virus blokira internet03.01.2009. u 22:26 - pre 186 meseci
Pa da to je taj.
 
Odgovor na temu

rime1

Član broj: 206869
Poruke: 31
79.101.177.*



Profil

icon Re: Virus blokira internet05.01.2009. u 10:33 - pre 186 meseci
Onaj virus jos uvek pokusava da se pokrene ponekoliko puta na dan ali ga avg detektuje i nedozvoljava mu da se pokrene ali ne moze da se izbrise oznacava ga kao trojanski konj BHO.GGC koji pokusava da se pokrene uz proces svchost.exe
a nalazi se na ovoj adresi C:\System Volume Information\_restore{29D0025D-3378-4AAF-ABB5-2522E76269F0}\RP362\A0239899.dll
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
82.208.201.*

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Virus blokira internet05.01.2009. u 15:15 - pre 186 meseci
@rime1 ajde molim te deinstaliraj taj AVG i instaliraj Avast, prilikom instalacije ce te pitati da skenira system pre podizanja, dozvoli mu i restartuj. Javi se posle sa vestima.
 
Odgovor na temu

[es] :: Zaštita :: Virus blokira internet

Strane: < .. 1 2 3

[ Pregleda: 14803 | Odgovora: 49 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.