Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Čudan rad računara - da li je virus?

[es] :: Zaštita :: Čudan rad računara - da li je virus?

Strane: 1 2

[ Pregleda: 12974 | Odgovora: 32 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Čudan rad računara - da li je virus?30.12.2009. u 14:19 - pre 174 meseci
@djordjestojs

Odradi sledece:


--> Ponovo pokreni OTL
*U prazno polje (ispod Custom Scan/Fixes ) kopiraj ovo:

Citat:
:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80af2674-aa8e-11dc-a9f6-000fea372d9b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b68f396-a200-11dd-afac-000fea372d9b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9360fbd0-557a-11dc-a8c6-000fea372d9b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ddcb024-54a6-11dc-a8ba-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ddcb025-54a6-11dc-a8ba-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae829b54-6655-11dd-ae38-000fea372d9b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d91c0b20-68a1-11dd-ae48-000fea372d9b}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"fsm"=-

:files
C:\WINDOWS\ka.ini
C:\sqmdata01.sqm
C:\sqmnoopt00.sqm
C:\sqmdata00.sqm
C:\sqmnoopt19.sqm
C:\sqmdata19.sqm
C:\sqmnoopt18.sqm
C:\sqmdata18.sqm
C:\sqmnoopt17.sqm
C:\sqmdata17.sqm
C:\sqmnoopt16.sqm
C:\sqmdata16.sqm
C:\sqmnoopt15.sqm
C:\sqmdata15.sqm
C:\sqmnoopt14.sqm
C:\sqmdata14.sqm
C:\sqmnoopt13.sqm
C:\sqmdata13.sqm
C:\sqmnoopt12.sqm
C:\sqmdata12.sqm
C:\sqmnoopt11.sqm
C:\sqmdata11.sqm
C:\sqmnoopt10.sqm
C:\sqmdata10.sqm
C:\sqmnoopt09.sqm
C:\sqmdata09.sqm
C:\sqmnoopt08.sqm
C:\sqmdata08.sqm
C:\sqmnoopt07.sqm
C:\sqmdata07.sqm
C:\sqmnoopt06.sqm
C:\sqmdata06.sqm
C:\sqmnoopt05.sqm
C:\sqmdata05.sqm
C:\sqmnoopt04.sqm
C:\sqmdata04.sqm
C:\sqmnoopt03.sqm
C:\sqmdata03.sqm
C:\sqmnoopt02.sqm
C:\sqmdata02.sqm
C:\sqmnoopt01.sqm
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\tdlp32.ini
C:\WINDOWS\msb.exe
C:\WINDOWS\msa.exe
C:\WINDOWS\System32\sshnas.dll
C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
C:\Documents and Settings\AMD\ntuser.ini
C:\32788R22FWJFW
C:\WINDOWS\System32\sr-Cyrl-CS

:commands
[purity]
[emptytemp]
[Reboot]


*Klikni na Run Fix
*Iskopiraj log koji ces dobiti na kraju postupka:

...........................................................................................

--> Uz ovu poruku sam upload-ovao dva file-a. Skini oba na Desktop.

*Prvo pokreni dvoklikom HKLM file. Na desktopu ce se pojaviti notepad (log) koji se zove showreg.txt
*Kopiraj mi sadrzaj tog teksta.

*Sad isto to uradi i sa drugim file-om koji se zove HKCU *Na desktop-u ce se takodje pojaviti showreg.txt
*Takodje...kopiraj log koji ces dobiti


..........................................................................................


----> Combofix: stavi ga na desktop!

Obrises taj Combofix ( desni klik na ikonicu >> delete ) pa skini novi
Probaj sad da ponovo pokrenes Combofix.

postavi ovde dobijeni log


http://www.itfix.biz/images/Malware.JPG
Prikačeni fajlovi
Fajlovi.zip Fajlovi.zip - 0.4k
 
Odgovor na temu

djordjestojs
djordje stojsavljevic

Član broj: 173719
Poruke: 23
93.87.182.*



Profil

icon Re: Čudan rad računara - da li je virus?30.12.2009. u 21:02 - pre 174 meseci
showreg.txt


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\""
"MSI Live"="C:\\Program Files\\MSI\\MSI Live\\SetWallpaper.exe"
"SoundMan"="SOUNDMAN.EXE"
"AdobeCS4ServiceManager"="\"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe\" -launchedbylogin"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"
"Acrobat Assistant 8.0"="\"E:\\5.instalirani_programi\\AdobeCS4\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"Adobe_ID0EYTHM"="C:\\PROGRA~1\\COMMON~1\\Adobe\\ADOBEV~1\\Server\\bin\\VERSIO~2.EXE"
"StartCCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"
"NokiaMServer"="C:\\Program Files\\Common Files\\Nokia\\MPlatform\\NokiaMServer /watchfiles startup"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Čudan rad računara - da li je virus?30.12.2009. u 21:14 - pre 174 meseci
Djordje je si li pokusavao da pokrenes Combofix iz safe mode. Ako bi to uspelo da prodje, zavrsili bi posao.
 
Odgovor na temu

djordjestojs
djordje stojsavljevic

Član broj: 173719
Poruke: 23
93.87.182.*



Profil

icon Re: Čudan rad računara - da li je virus?30.12.2009. u 22:42 - pre 174 meseci
Kristi1!
Uspio sam odraditi sa ComboFix-om. Pri tom mi je upozorio da iskljucim Avast, iako je bio iskljucen. Evo sadrzaja fajla, pa sta bog da. Sa fleskice sam Avastom obrisao neki virus 22yj2fy1.exe, ali mi je ostao na kompjuteru.

ComboFix 09-12-29.06 - AMD 30.12.2009 23:20:54.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.511.260 [GMT 1:00]
Running from: c:\documents and settings\AMD\Desktop\virusi\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091230-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\cleanup.exe
c:\docume~1\AMD\LOCALS~1\Temp\sshnas.dll
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\AMD\Local Settings\Temporary Internet Files\MF14593ED.gif
c:\documents and settings\AMD\Local Settings\Temporary Internet Files\SF0ED.gif
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\system32\sshnas.dll
c:\windows\system32\vspopup.dll
c:\windows\system32\Y14L8iyF.exe.a_a
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
D:\autorun.inf
E:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_AVPsys
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.

2009-12-30 21:46 . 2009-12-30 21:49 -------- dc-h--w- c:\windows\ie8
2009-12-30 21:46 . 2009-12-30 21:46 -------- d-----w- c:\windows\LastGood
2009-12-30 18:30 . 2009-12-30 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-30 18:30 . 2009-12-30 18:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-29 20:51 . 2009-12-29 20:51 -------- d-----w- c:\program files\trend micro
2009-12-29 20:51 . 2009-12-29 20:51 -------- d-----w- C:\rsit
2009-12-29 19:20 . 2009-12-29 19:30 26386 ----a-w- C:\backup.reg
2009-12-29 19:20 . 2009-12-29 19:30 574 ----a-w- C:\cleanup.bat
2009-12-29 19:20 . 2009-12-29 19:30 135168 ----a-w- C:\zip.exe
2009-12-29 10:40 . 2009-12-29 10:40 -------- d-----w- c:\documents and settings\AMD\Local Settings\Application Data\WinZip
2009-12-29 10:03 . 2009-12-29 10:03 -------- d-----w- C:\saslPrep_3968
2009-12-29 09:16 . 2009-12-26 13:54 34429264 ----a-r- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_ 2330 7_1_40_1_eng_web.exe
2009-12-29 09:07 . 2009-12-29 09:07 388608 ----a-w- c:\windows\system32\CF19309.exe
2009-12-27 14:28 . 2009-12-28 16:54 -------- d-----w- c:\windows\system32\NtmsData
2009-12-27 14:25 . 2009-12-27 14:25 -------- d-sh--w- c:\documents and settings\AMD\IECompatCache
2009-12-27 11:24 . 2009-12-30 21:23 -------- d-----w- c:\program files\Common Files\Akamai
2009-12-25 21:45 . 2009-12-26 09:01 -------- d-----w- c:\documents and settings\AMD\Local Settings\Application Data\Free_Lunch_Design
2009-12-25 21:44 . 2009-12-25 21:45 -------- d-----w- c:\program files\Free_Lunch_Design
2009-12-25 21:44 . 2009-05-31 17:45 51200 ----a-w- c:\documents and settings\AMD\Application Data\Mozilla\Firefox\Profiles\vayaalab.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\components\FFExternalAlert.dll
2009-12-25 21:44 . 2009-05-31 17:45 114688 ----a-w- c:\documents and settings\AMD\Application Data\Mozilla\Firefox\Profiles\vayaalab.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\components\npmozax.dll
2009-12-25 21:12 . 2009-12-25 21:12 -------- d-----w- c:\program files\Santa Claus in Trouble
2009-12-24 17:32 . 2009-12-27 07:45 -------- d-----w- c:\program files\Carambis
2009-12-24 17:01 . 2009-12-24 17:01 -------- d-----w- c:\documents and settings\AMD\Local Settings\Application Data\Nokia
2009-12-24 17:01 . 2009-12-24 17:01 -------- d-----w- c:\documents and settings\AMD\Local Settings\Application Data\NokiaAccount
2009-12-24 16:54 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-24 16:54 . 2009-12-24 16:54 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-24 16:48 . 2009-12-24 16:49 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-24 16:46 . 2009-12-24 16:52 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-12-24 16:46 . 2009-12-24 16:52 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-12-24 16:46 . 2009-12-24 16:52 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-12-24 16:46 . 2009-12-24 16:52 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-12-24 16:46 . 2009-12-24 16:52 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-24 16:46 . 2009-12-24 16:52 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2009-12-24 16:46 . 2009-12-24 08:50 95992424 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_webinstaller_ALL.exe
2009-12-24 16:46 . 2009-12-24 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2009-12-24 16:18 . 2009-12-24 16:18 -------- d-----w- c:\program files\Common Files\LogoManager
2009-12-24 16:17 . 2009-12-24 16:18 -------- d-----w- c:\program files\MobiMB Mobile Media Browser
2009-12-24 10:19 . 2009-12-24 10:19 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2009-12-24 08:56 . 2009-12-24 08:56 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-24 07:40 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-24 07:40 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-24 07:21 . 2009-12-27 14:04 -------- d-----w- c:\documents and settings\AMD\Application Data\Software Informer
2009-12-24 07:21 . 2009-12-24 07:21 -------- d-----w- c:\program files\Software Informer
2009-12-24 06:59 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-24 06:59 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-24 06:51 . 2009-12-24 06:51 -------- d-----w- c:\documents and settings\AMD\Application Data\PC Suite
2009-12-24 06:51 . 2009-12-24 17:02 -------- d-----w- c:\documents and settings\AMD\Application Data\Nokia
2009-12-24 06:51 . 2009-12-24 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-12-24 06:50 . 2009-12-24 06:50 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-24 06:49 . 2009-12-24 16:56 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-24 06:48 . 2009-10-06 10:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-24 06:48 . 2009-12-24 16:54 -------- d-----w- c:\program files\Nokia
2009-12-24 06:47 . 2009-12-23 19:13 34429264 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_web.exe
2009-12-24 06:47 . 2009-12-24 06:47 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-24 06:47 . 2009-12-24 06:47 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-24 06:47 . 2009-12-24 06:47 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-24 06:47 . 2009-12-24 06:47 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-24 06:44 . 2009-12-24 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-12-23 19:12 . 2009-12-24 10:40 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-23 19:11 . 2009-12-23 19:11 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-12-23 19:10 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-12-23 19:09 . 2009-12-23 19:09 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-12-23 19:09 . 2009-12-23 19:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-23 19:03 . 2009-12-23 19:03 -------- d-----w- c:\program files\Microsoft
2009-12-23 19:02 . 2009-12-23 19:02 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-23 19:02 . 2009-12-23 19:10 -------- d-----w- c:\program files\Windows Live
2009-12-23 18:38 . 2009-12-23 18:38 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-23 18:00 . 2009-12-23 18:00 -------- d-----w- c:\program files\Conduit
2009-12-23 18:00 . 2009-12-23 18:00 -------- d-----w- c:\documents and settings\AMD\Local Settings\Application Data\Conduit
2009-12-23 17:59 . 2009-12-23 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-12-23 17:57 . 2009-12-23 17:57 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-12-23 16:41 . 2009-12-23 16:41 -------- d-sh--w- c:\documents and settings\AMD\PrivacIE
2009-12-23 16:37 . 2009-12-23 16:37 -------- d-sh--w- c:\documents and settings\AMD\IETldCache
2009-12-23 16:35 . 2009-12-30 21:51 -------- d-----w- c:\windows\ie8updates
2009-12-23 16:30 . 2009-12-30 21:48 -------- d-----w- c:\windows\system32\sr-Cyrl-CS
2009-12-23 16:26 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-23 13:11 . 2004-08-03 22:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-22 18:47 . 2009-12-22 18:47 -------- d-----w- c:\program files\Xvid
2009-12-22 18:47 . 2009-12-22 18:47 -------- d-----w- c:\program files\FDRLab
2009-12-22 18:25 . 2005-07-25 09:04 48640 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2009-12-22 17:28 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-22 17:28 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-21 20:32 . 2009-12-21 20:32 -------- d-----w- c:\program files\Barbie(TM)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 14:20 . 2007-08-28 15:53 -------- d-----w- c:\program files\Macromedia
2009-12-27 07:45 . 2007-02-03 09:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 19:56 . 2007-02-03 09:30 113064 ----a-w- c:\documents and settings\AMD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-25 16:46 . 2007-12-06 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-25 16:13 . 2009-07-01 08:04 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-24 06:51 . 2007-08-27 13:36 -------- d-----w- c:\program files\DIFX
2009-12-23 19:21 . 2000-02-24 18:27 -------- d-----w- c:\program files\Windows Live Toolbar
2009-11-24 23:54 . 2007-02-03 10:04 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-02-03 10:04 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2007-02-03 10:04 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:49 . 2007-02-03 10:04 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-02-03 10:04 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-02-03 10:04 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-02-03 10:04 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-10-29 07:45 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2004-08-03 22:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-03 22:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-03 21:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53 . 2004-08-03 22:56 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2004-08-03 22:56 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2004-08-03 22:56 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-08 12:30 . 2009-10-08 12:30 0 ----a-w- c:\windows\ativpsrm.bin
2002-07-31 18:55 . 2007-10-05 20:08 106 --sh--w- c:\windows\WSYS049.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFree.dll" [2009-05-20 2085400]

[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
2009-05-20 17:05 2085400 ----a-w- c:\program files\Free_Lunch_Design\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFree.dll" [2009-05-20 2085400]

[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"= "c:\program files\Free_Lunch_Design\tbFree.dll" [2009-05-20 2085400]

[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-11-25 2011205]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Acrobat Assistant 8.0"="e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-7-11 295606]
Adobe Acrobat Synchronizer.lnk - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^AMD^Start Menu^Programs^Startup^Registration .LNK]
path=c:\documents and settings\AMD\Start Menu\Programs\Startup\Registration .LNK
backup=c:\windows\pss\Registration .LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^AMD^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\documents and settings\AMD\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
2009-11-24 23:51 81000 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 22:56 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 00:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QKSMTPServer3]
2005-08-08 11:33 959488 ----a-w- c:\progra~1\QKSMTP~1\QKSmtpServer3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-02-16 09:54 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-12-22 09:09 77824 ----a-w- c:\windows\soundman.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Browsers\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.01.2007 21:43 685816]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.12.2009 18:28 114768]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [03.08.2004 23:56 14336]
S2 Apache2.2;Apache2.2;e:\5.instalirani_programi\AppServ\Apache2.2\bin\httpd.exe [17.01.2008 18:37 24635]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.12.2009 18:28 20560]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [23.12.2009 20:10 54752]
S2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice --> c:\apache\APACHE.EXE [?]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe --> c:\xampp\service.exe [?]
S3 DNSFILT;DNSFILT;\??\c:\program files\Atguard\DNSFILT.SYS --> c:\program files\Atguard\DNSFILT.SYS [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05.08.2009 22:48 704864]
S3 FWFILT;FWFILT;\??\c:\program files\Atguard\FWFILT.SYS --> c:\program files\Atguard\FWFILT.SYS [?]
S3 HTTPFILT;HTTPFILT;\??\c:\program files\Atguard\HTTPFILT.SYS --> c:\program files\Atguard\HTTPFILT.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SPUPDSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: Append to existing PDF - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Subscribe in RSS Bandit - c:\documents and settings\AMD\Application Data\RssBandit\iecontext_subscribebandit.htm
TCP: {ED2C4C66-C3B5-49A5-A999-C4F3566E8A9B} = 212.200.191.166,212.200.190.166
FF - ProfilePath - c:\documents and settings\AMD\Application Data\Mozilla\Firefox\Profiles\vayaalab.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Free Lunch Design Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1708250&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=2&q=
FF - component: c:\documents and settings\AMD\Application Data\Mozilla\Firefox\Profiles\vayaalab.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\components\FFExternalAlert.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\browsers\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\browsers\Opera\program\plugins\NPOFFICE.DLL
FF - plugin: c:\browsers\Opera\program\plugins\NPSWF32.dll
FF - plugin: c:\browsers\Opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MySQL Data Wizard Agent - c:\program files\SQL Maestro Group\Data Wizard for MySQL\MyDataWizardA.exe
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-AdobeBridge - c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe
HKCU-Run-fsm - (no file)
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
HKLM-Run-MSI Live - c:\program files\MSI\MSI Live\SetWallpaper.exe
MSConfigStartUp-00PCTFW - c:\program files\PC Tools Firewall Plus\FirewallGUI.exe
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
MSConfigStartUp-MySQL Data Wizard Agent - c:\program files\SQL Maestro Group\Data Wizard for MySQL\MyDataWizardA.exe
MSConfigStartUp-NvCplDaemon - c:\windows\system32\NvCpl.dll
MSConfigStartUp-NvMediaCenter - c:\windows\system32\NvMcTray.dll
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-SinapsiAntispam - c:\program files\Sinapsi Antispam\SinapsiAntispam.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_05\bin\jusched.exe
AddRemove-CVS for Dreamweaver - c:\program files\CVS4DW\uninst.exe
AddRemove-GnuPG - c:\xampp\apache\GnuPG\uninst-gnupg.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 23:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="e:\5.instalirani_programi\AppServ\MySQL\bin\mysqld --defaults-file=e:\50cee~1.ins\AppServ\MySQL\my.ini mysql"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\sirenacm.dll

- - - - - - - > 'explorer.exe'(388)
c:\windows\system32\WININET.dll
.
Completion time: 2009-12-30 23:35:07
ComboFix-quarantined-files.txt 2009-12-30 22:34

Pre-Run: 10 480 181 248 bytes free
Post-Run: 10 459 090 944 bytes free

- - End Of File - - DEFF4D09D71E5DC7098F7F6710C1478D
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Čudan rad računara - da li je virus?31.12.2009. u 07:39 - pre 174 meseci
Djordje, kakva je sad situacija, trebalo bi da je ok.
 
Odgovor na temu

djordjestojs
djordje stojsavljevic

Član broj: 173719
Poruke: 23
91.150.101.*



Profil

icon Re: Čudan rad računara - da li je virus?31.12.2009. u 08:14 - pre 174 meseci
Ma ne.
Ikonica rundll32 u folderu Windows/system32 nama na sebi zupcanike. Kad pokusam otvoriti u Kontrolnoj tabli meni: Security center, Windows Firewall ili Dodaj ili ukloni otvara se na par sekundi prozor IE8, a onda ga zamjeni manji prozor: Preuzimanje datoteke - Bezbednosno upozorenje sa pitanjem: Zelite li da pokrenete ili sacuvate ovu datoteku?
Ime: rundll32.exe
Tip: Aplikacion, 32,5 kB
Od: C:\Windows\system32
sa dugmadima POKRENI, SACUVAJ, OTKAZI

Jedino sada kad startujem racunar ne cekira particiju E i dozvoljava mi da normalno sa levim dvoklikom otvorim sve particije sa hard diska. Ne znam jel mi zarazen Antivirus program.
Pozdrav
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Čudan rad računara - da li je virus?31.12.2009. u 08:53 - pre 174 meseci
Citat:
1.Kad uključim računar, uključi se i pregledanje fajlova (CHKDSK) na disku E


Trebalo bi da odradis sledece
Start > run > cmd > chkdsk e:/f

Imas problem sa bad sektorima na hard disku.
Mozes da reinstaliras Antivirus.
Trebalo bi da odradis repair Windowsa, mnogo je ostecen, u uzasnom je stanju.

Obrisi ikonicu Combofixa
Obrisi sve programe sa kojima smo radili
Obrisi foldere
C:\Combofix
C:\Qoobox

Iskljuci system restore > restartuj > ukljuci system restore.

Racunar je cist, sve ostalo je ili posledica malware-a ili je windows star, sto bi nas narod rekao izakan.
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Čudan rad računara - da li je virus?31.12.2009. u 09:08 - pre 174 meseci
Daj da probamo jos nesto

Obrisi taj Combofix iz tog foldera i skini novu verziju, ali striktno na desktop

deinstaliraj antivirus i Spybot

zatim otvori notepad i iskopiraj sledeci tekst

Code:
DirLook:: 
C:\saslPrep_3968


Snimi ga na desktop pod nazivom CFScript

Zatim prevuci taj fajl na ikonicu Combofixa i kad zavrsi postavi novi log.
 
Odgovor na temu

djordjestojs
djordje stojsavljevic

Član broj: 173719
Poruke: 23
91.150.101.*



Profil

icon Re: Čudan rad računara - da li je virus?31.12.2009. u 09:08 - pre 174 meseci
Pokusacu reinstalirati AVAST. RUN ne prihvata nijednu komandu, jer na ENTER izbacuje prozor IE. Takodjer pri startovanju racunara, otvori mi oko 15 prozora IE svaki put.
Pozdrav. Javljam se ubrzo.
 
Odgovor na temu

djordjestojs
djordje stojsavljevic

Član broj: 173719
Poruke: 23
93.87.249.*



Profil

icon Re: Čudan rad računara - da li je virus?01.01.2010. u 10:50 - pre 174 meseci
Evo rezultata sa OTL od fajla HKCU.bat

1.showreg.txt
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Software Informer"="\"C:\\Program Files\\Software Informer\\softinfo.exe\" -autorun"
"PC Suite Tray"="\"C:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe\" -onlytray"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
@=""
 
Odgovor na temu

djordjestojs
djordje stojsavljevic

Član broj: 173719
Poruke: 23
93.87.249.*



Profil

icon Re: Čudan rad računara - da li je virus?01.01.2010. u 10:52 - pre 174 meseci
Evo rezultata sa OTL od fajla HKLM.bat

2.showreg.txt
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SoundMan"="SOUNDMAN.EXE"
"AdobeCS4ServiceManager"="\"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe\" -launchedbylogin"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"
"Acrobat Assistant 8.0"="\"E:\\5.instalirani_programi\\AdobeCS4\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"Adobe_ID0EYTHM"="C:\\PROGRA~1\\COMMON~1\\Adobe\\ADOBEV~1\\Server\\bin\\VERSIO~2.EXE"
"StartCCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"
"NokiaMServer"="C:\\Program Files\\Common Files\\Nokia\\MPlatform\\NokiaMServer /watchfiles startup"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"RegGenie Scheduler"="C:\\Program Files\\RegGenie\\RegGenieScheduler.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Čudan rad računara - da li je virus?02.01.2010. u 12:55 - pre 174 meseci
@djordjestojs
Odradi ovo sto ti je @Kristi1 napisao za Combofix i postavi dobijeni log.

Citat:
kristi1: Daj da probamo jos nesto

Obrisi taj Combofix iz tog foldera i skini novu verziju, ali striktno na desktop

deinstaliraj antivirus i Spybot

zatim otvori notepad i iskopiraj sledeci tekst

Code:
DirLook:: 
C:\saslPrep_3968


Snimi ga na desktop pod nazivom CFScript

Zatim prevuci taj fajl na ikonicu Combofixa i kad zavrsi postavi novi log.


mada mislim da ti repair ili formatC pa nov XP negine ...

Citat:
kristi1: Trebalo bi da odradis sledece
Start > run > cmd > chkdsk e:/f

Imas problem sa bad sektorima na hard disku.
Trebalo bi da odradis repair Windowsa, mnogo je ostecen, u uzasnom je stanju.

Obrisi ikonicu Combofixa
Obrisi sve programe sa kojima smo radili
Obrisi foldere
C:\Combofix
C:\Qoobox

Iskljuci system restore > restartuj > ukljuci system restore.

Racunar je cist, sve ostalo je ili posledica malware-a ili je windows star, sto bi nas narod rekao izakan.


[Ovu poruku je menjao magna86 dana 02.01.2010. u 15:54 GMT+1]
http://www.itfix.biz/images/Malware.JPG
 
Odgovor na temu

djordjestojs
djordje stojsavljevic

Član broj: 173719
Poruke: 23
93.86.231.*



Profil

icon Re: Čudan rad računara - da li je virus?02.01.2010. u 22:36 - pre 174 meseci
Razmisljam kako da reinstaliram Windows, kad mi nece da otvori ikonu Dodaj ili ukloni programe?
 
Odgovor na temu

[es] :: Zaštita :: Čudan rad računara - da li je virus?

Strane: 1 2

[ Pregleda: 12974 | Odgovora: 32 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.