MyCity » Ambulanta -> Arhiva Ambulante » Izdvojeno iz druge teme

Izdvojeno iz druge teme

Napisano na dan: 30.11.2008

Strana:
1
2

Izdvojeno iz druge teme

Sledeća strana

Pagination

Odgovori

Strana:
1
2

crni_kac Poslao: 30 Nov 2008 02:26 Idi na vrh
offline crni_kac Građanin Pridružio: 25 Apr 2006 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Molim za resenje problema. nakon odredjenog vremena gubim konekciju i javlja mi se sledece Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:17:15, on 30.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\713xRMTMon.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\honestech\honestech TVR\scheduleTV.exe C:\WINDOWS\713xRMT.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe C:\Documents and Settings\xp pro\Desktop\New Folder\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mystart.incredimail.com/english/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {26C2446C-C846-46ED-ABBE-CEECDA22011E} - (no file) O2 - BHO: (no name) - {2736E8C4-EAF2-4E68-82D1-43309C142F0C} - (no file) O2 - BHO: (no name) - {4A5AB901-1612-4AA6-AC61-441CB73BBA7E} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {A6D9B5C8-92CA-4391-841A-195484A04AE1} - (no file) O2 - BHO: (no name) - {A7A54F3C-5DBD-4346-ADF6-4C65091E41C3} - (no file) O2 - BHO: (no name) - {BB71CDF8-460C-4CE2-96D6-AAADBEFA1421} - (no file) O2 - BHO: (no name) - {BFFF70ED-AC47-4859-B8CE-484DA874610D} - (no file) O2 - BHO: (no name) - {D23955D4-8421-4A81-AE3B-9764E00FB40E} - (no file) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - (no file) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Configuration Driver] scghost.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\RunServices: [Configuration Driver] scghost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\XPPRO~1\LOCALS~1\Temp\E_S264.tmp" /EF "HKCU" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe O8 - Extra context menu item: Download by YouTube Robot - res://C:\Program Files\YouTubeRobot\RobotExt.ocx/LINK.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{8AD8E4E2-6BD0-4E03-BE2A-4C46E9C6CA27}: NameServer = 82.117.200.6 O20 - Winlogon Notify: jkkIYomn - C:\WINDOWS\ O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7057 bytes

Profil

dr_Bora Poslao: 30 Nov 2008 10:33 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... crni_kac ::Molim za resenje problema. nakon odredjenog vremena gubim konekciju i javlja mi se sledece Šta se javlja? Neka greška? Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

crni_kac Poslao: 02 Dec 2008 13:47 Idi na vrh
offline crni_kac Građanin Pridružio: 25 Apr 2006 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-12-01.01 - xp pro 2008-12-02 13:36:04.1 - NTFSx86 Running from: c:\documents and settings\xp pro\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\xp pro\Start Menu\SMS TRAP.url c:\program files\msgaurd.exe c:\windows\BM27dcc015.txt c:\windows\BM27dcc015.xml c:\windows\Install.txt c:\windows\system32\drivers\npf.sys c:\windows\system32\ENUFffii.ini c:\windows\system32\i c:\windows\system32\ioyapxuu.ini c:\windows\system32\jqcyqhim.ini c:\windows\system32\nrrtk.dll c:\windows\system32\open.exe c:\windows\system32\packet.dll c:\windows\system32\qqBKRqru.ini c:\windows\system32\tmp0_145053804157.bk c:\windows\system32\tmp0_294088187352.bk c:\windows\system32\tmp0_409374200896.bk c:\windows\system32\tmp0_539548716150.bk c:\windows\system32\tmp0_608598487077.bk c:\windows\system32\tmp0_730074630193.bk c:\windows\system32\tmp0_733591122938.bk c:\windows\system32\tmp0_800607858590.bk c:\windows\system32\tmp0_81383711578.bk c:\windows\system32\tmp0_8605736756.bk c:\windows\system32\wFffLRqr.ini c:\windows\system32\whrkqivr.ini c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ISODRIVE -------\Legacy_SOTPECA -------\Legacy_TDXDOWKC -------\Service_ISODrive -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 ))))))))))))))))))))))))))))))) . 2008-12-02 08:17 . 2008-12-02 08:17 <DIR> d-------- c:\program files\3D-Relax 2008-12-02 07:35 . 2008-12-02 07:35 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-12-01 20:46 . 2008-12-01 20:46 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Thinstall 2008-12-01 19:51 . 2008-12-02 07:33 <DIR> d-------- c:\program files\Lavasoft 2008-12-01 06:31 . 2008-12-01 10:52 84,492 --a------ c:\windows\system32\wt.exe 2008-11-30 12:55 . 2008-11-30 13:17 <DIR> d-------- c:\program files\T-Com Antidialer 2008-11-30 12:46 . 2008-11-30 12:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Netsweeper 2008-11-28 17:19 . 2008-12-01 11:57 74,764 --a------ c:\windows\system32\quicktime.exe 2008-11-28 12:49 . 2008-12-02 13:11 <DIR> d-------- c:\program files\Trojan Remover 2008-11-26 20:17 . 2005-05-03 11:43 69,632 -r------- c:\windows\Alcmtr.exe 2008-11-23 22:09 . 2008-12-02 13:39 171,135 --a------ c:\windows\system32\nvapps.xml 2008-11-23 22:08 . 2008-11-23 22:08 <DIR> d-------- c:\windows\nview 2008-11-23 22:08 . 2008-02-28 06:34 360,448 -ra------ c:\windows\system32\nvuninst.exe 2008-11-23 22:08 . 2008-02-28 06:34 360,448 --a------ c:\windows\system32\nvudisp.exe 2008-11-23 22:08 . 2008-02-28 06:34 17,848 --a------ c:\windows\system32\nvdisp.nvu 2008-11-23 21:31 . 2008-11-30 09:26 <DIR> d-------- c:\program files\Dr.Hardware 2008 english 2008-11-22 17:54 . 2008-11-24 11:22 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-11-18 14:13 . 2008-11-18 14:13 <DIR> d-------- c:\windows\Green Valley Fun on the Farm 2008-11-18 13:46 . 2008-11-18 13:49 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Ancient Quest of Saqqarah__cminion 2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\program files\Ancient Quest of Saqqarah 2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\StoneLoops! 2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Saqqarah 2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\MagicMatch 2008-11-15 19:51 . 2008-11-15 19:57 <DIR> d-------- c:\documents and settings\xp pro\Application Data\DMCache 2008-11-15 00:08 . 2008-11-15 00:08 <DIR> d-------- c:\windows\3planesoft 3D Screensavers [36-in-1] 32-bit 2008-11-09 20:23 . 2008-11-11 12:57 <DIR> d-------- c:\program files\XP Repair Pro 2007 2008-11-05 10:17 . 2008-11-08 22:16 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-05 09:23 . 2008-11-05 09:23 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Sahmon Games 2008-11-04 22:59 . 2008-11-04 22:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\HipSoft 2008-11-03 10:34 . 2008-11-03 10:34 <DIR> d-------- c:\program files\Windows Sidebar . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-02 12:28 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5 2008-12-02 12:25 --------- d-----w c:\documents and settings\xp pro\Application Data\uTorrent 2008-12-02 12:10 --------- d-----w c:\documents and settings\xp pro\Application Data\Gearbox Software 2008-12-01 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-29 15:35 --------- d-----w c:\program files\Puzzle Express 2008-11-26 19:25 16,376 ----a-w c:\windows\gdrv.sys 2008-11-18 13:14 --------- d-----w c:\documents and settings\All Users\Application Data\Intenium 2008-11-08 21:31 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-05 09:25 --------- d-----w c:\program files\GameHouse 2008-11-05 09:22 --------- d-----w c:\program files\Platypus II 2008-11-05 09:22 --------- d-----w c:\program files\Pinocchio ENG 2008-11-03 09:35 --------- d-----w c:\program files\Nero 2008-11-03 09:35 --------- d-----w c:\program files\Common Files\Nero 2008-11-03 09:23 --------- d-----w c:\documents and settings\All Users\Application Data\Nero 2008-10-31 10:35 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-31 10:35 --------- d-----w c:\program files\EA GAMES 2008-10-31 10:21 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap Games 2008-10-30 11:30 --------- d-----w c:\documents and settings\xp pro\Application Data\SolSuite 2008-10-30 11:19 --------- d-----w c:\program files\SolSuite 2008-10-30 11:19 --------- d-----w c:\documents and settings\All Users\Application Data\TreeCardGames 2008-10-29 10:44 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield 2008-10-29 10:38 --------- d-----w c:\program files\Midway Games 2008-10-28 07:31 --------- d-----w c:\program files\Escape From Paradise 2008-10-28 07:28 --------- d-----w c:\program files\Rainforest Adventure 2008-10-27 12:40 --------- d-----w c:\program files\Fire Maple Games 2008-10-27 12:39 472,576 ----a-w c:\windows\uninstall.exe 2008-10-27 12:39 26,555,220 ----a-w c:\windows\system32\ntx263769828.exe 2008-10-27 12:39 26,555,220 ----a-w c:\windows\system32\ntx263766796.exe 2008-10-27 12:39 --------- d-----w c:\program files\Mahjong Forests 2008-10-21 17:37 --------- d-----w c:\documents and settings\xp pro\Application Data\Playfirst 2008-10-21 17:37 --------- d-----w c:\documents and settings\All Users\Application Data\Playfirst 2008-10-21 16:36 --------- d-----w c:\documents and settings\xp pro\Application Data\Righteous Kill 2008-10-21 15:56 --------- d-----w c:\program files\LeeGTs Games 2008-10-21 15:27 --------- d-----w c:\program files\Chromentum 2 2008-10-17 01:36 --------- d-----w c:\program files\JLC's Software 2008-10-17 01:28 --------- d-----w c:\documents and settings\xp pro\Application Data\JLC's Software 2008-10-14 21:01 81,920 ----a-w c:\documents and settings\xp pro\Application Data\ezpinst.exe 2008-10-14 21:01 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2008-10-14 21:01 47,360 ----a-w c:\documents and settings\xp pro\Application Data\pcouffin.sys 2008-10-14 21:01 --------- d-----w c:\program files\Video Convert Premier 2008-10-14 21:01 --------- d-----w c:\documents and settings\xp pro\Application Data\Vso 2008-10-07 20:48 --------- d-----w c:\program files\Webteh 2008-10-07 20:48 --------- d-----w c:\documents and settings\xp pro\Application Data\BSplayer PRO 2008-10-05 11:14 --------- d-----w c:\program files\UltraISO 2008-10-05 11:13 --------- d-----w c:\program files\Common Files\EZB Systems 2008-10-02 16:52 --------- d-----w c:\documents and settings\xp pro\Application Data\Nero 2007-07-26 19:00 23,800,756 ----a-w c:\program files\Burning Studio 7.1.0.exe 2002-07-01 14:13 224 --sha-w c:\documents and settings\xp pro\Application Data\maildriver32.dat . ------- Sigcheck ------- 2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\system32\dllcache\tcpip.sys 2004-08-04 00:14 359040 27a5959c94ee173a063ca06bd14f021a c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2008-12-02 2468200] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= . - - - - ORPHANS REMOVED - - - - BHO-{26C2446C-C846-46ED-ABBE-CEECDA22011E} - (no file) BHO-{2736E8C4-EAF2-4E68-82D1-43309C142F0C} - (no file) BHO-{4A5AB901-1612-4AA6-AC61-441CB73BBA7E} - (no file) BHO-{516B8DC9-1E9B-442E-B84C-1CCCE91368A2} - c:\windows\system32\nrrtk.dll BHO-{A6D9B5C8-92CA-4391-841A-195484A04AE1} - (no file) BHO-{A7A54F3C-5DBD-4346-ADF6-4C65091E41C3} - (no file) BHO-{BB71CDF8-460C-4CE2-96D6-AAADBEFA1421} - (no file) BHO-{BFFF70ED-AC47-4859-B8CE-484DA874610D} - (no file) BHO-{D23955D4-8421-4A81-AE3B-9764E00FB40E} - (no file) HKLM-RunServices-Configuration Driver - scghost.exe HKU-Default-Run-MS Gaurd Driver - c:\program files\msgaurd.exe Notify-jkkIYomn - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\xp pro\Application Data\Mozilla\Firefox\Profiles\ftjliinr.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.rs/ FF -: plugin - c:\program files\Mozilla Firefox 3 Beta 5\plugins\npnul32.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-02 13:39:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\nvsvc32.exe c:\program files\honestech\honestech TVR\scheduleTV.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-12-02 13:40:57 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-02 12:40:55 Pre-Run: 66.832.887.808 bytes free Post-Run: 66,821,795,840 bytes free 214 Dopuna: 02 Dec 2008 13:47 gubim konekciju interneta posle 5 minuta nakon srestarta i pise Generic host process for win 32 service

Profil

dr_Bora Poslao: 02 Dec 2008 18:18 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\wt.exe c:\windows\system32\quicktime.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Što se tiče problema sa internet konekcijom: http://www.mycity.rs/Windows/Generic-host-process-problem.html

Profil

crni_kac Poslao: 03 Dec 2008 11:41 Idi na vrh
offline crni_kac Građanin Pridružio: 25 Apr 2006 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-12-01.01 - xp pro 2008-12-03 11:31:16.4 - NTFSx86 Running from: c:\documents and settings\xp pro\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\xp pro\Desktop\CFScript.txt * Created a new restore point * Resident AV is active FILE :: c:\windows\system32\quicktime.exe c:\windows\system32\wt.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\wt.exe . ((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 ))))))))))))))))))))))))))))))) . 2008-12-02 14:46 . 2008-12-02 14:46 482,816 --a------ c:\windows\system32PLSR.exe 2008-12-02 14:46 . 2008-12-02 14:46 7,680 --a------ c:\windows\system32PLSR.006 2008-12-02 14:46 . 2008-12-02 14:46 5,632 --a------ c:\windows\system32PLSR.007 2008-12-02 08:17 . 2008-12-02 08:17 <DIR> d-------- c:\program files\3D-Relax 2008-12-02 07:35 . 2008-12-02 07:35 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-12-01 20:46 . 2008-12-01 20:46 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Thinstall 2008-12-01 19:51 . 2008-12-02 07:33 <DIR> d-------- c:\program files\Lavasoft 2008-11-30 12:55 . 2008-11-30 13:17 <DIR> d-------- c:\program files\T-Com Antidialer 2008-11-30 12:46 . 2008-11-30 12:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Netsweeper 2008-11-28 12:49 . 2008-12-02 13:11 <DIR> d-------- c:\program files\Trojan Remover 2008-11-26 20:17 . 2005-05-03 11:43 69,632 -ra------ c:\windows\Alcmtr.exe 2008-11-23 22:09 . 2008-12-03 11:24 171,135 --a------ c:\windows\system32\nvapps.xml 2008-11-23 22:08 . 2008-11-23 22:08 <DIR> d-------- c:\windows\nview 2008-11-23 22:08 . 2008-02-28 06:34 360,448 -ra------ c:\windows\system32\nvuninst.exe 2008-11-23 22:08 . 2008-02-28 06:34 360,448 --a------ c:\windows\system32\nvudisp.exe 2008-11-23 22:08 . 2008-02-28 06:34 17,848 --a------ c:\windows\system32\nvdisp.nvu 2008-11-23 21:31 . 2008-11-30 09:26 <DIR> d-------- c:\program files\Dr.Hardware 2008 english 2008-11-22 17:54 . 2008-11-24 11:22 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-11-18 14:13 . 2008-11-18 14:13 <DIR> d-------- c:\windows\Green Valley Fun on the Farm 2008-11-18 13:46 . 2008-11-18 13:49 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Ancient Quest of Saqqarah__cminion 2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\StoneLoops! 2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Saqqarah 2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\MagicMatch 2008-11-15 19:51 . 2008-11-15 19:57 <DIR> d-------- c:\documents and settings\xp pro\Application Data\DMCache 2008-11-15 00:08 . 2008-11-15 00:08 <DIR> d-------- c:\windows\3planesoft 3D Screensavers [36-in-1] 32-bit 2008-11-09 20:23 . 2008-11-11 12:57 <DIR> d-------- c:\program files\XP Repair Pro 2007 2008-11-05 10:17 . 2008-11-08 22:16 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-05 09:23 . 2008-11-05 09:23 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Sahmon Games 2008-11-04 22:59 . 2008-11-04 22:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\HipSoft 2008-11-03 10:34 . 2008-11-03 10:34 <DIR> d-------- c:\program files\Windows Sidebar . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-03 10:25 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5 2008-12-03 10:23 --------- d-----w c:\documents and settings\xp pro\Application Data\uTorrent 2008-12-02 12:10 --------- d-----w c:\documents and settings\xp pro\Application Data\Gearbox Software 2008-12-01 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-29 15:35 --------- d-----w c:\program files\Puzzle Express 2008-11-26 19:25 16,376 ----a-w c:\windows\gdrv.sys 2008-11-18 13:14 --------- d-----w c:\documents and settings\All Users\Application Data\Intenium 2008-11-08 21:31 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-05 09:25 --------- d-----w c:\program files\GameHouse 2008-11-05 09:22 --------- d-----w c:\program files\Platypus II 2008-11-05 09:22 --------- d-----w c:\program files\Pinocchio ENG 2008-11-03 09:35 --------- d-----w c:\program files\Nero 2008-11-03 09:35 --------- d-----w c:\program files\Common Files\Nero 2008-11-03 09:23 --------- d-----w c:\documents and settings\All Users\Application Data\Nero 2008-10-31 10:35 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-31 10:35 --------- d-----w c:\program files\EA GAMES 2008-10-31 10:21 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap Games 2008-10-30 11:30 --------- d-----w c:\documents and settings\xp pro\Application Data\SolSuite 2008-10-30 11:19 --------- d-----w c:\program files\SolSuite 2008-10-30 11:19 --------- d-----w c:\documents and settings\All Users\Application Data\TreeCardGames 2008-10-29 10:44 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield 2008-10-29 10:38 --------- d-----w c:\program files\Midway Games 2008-10-28 07:31 --------- d-----w c:\program files\Escape From Paradise 2008-10-28 07:28 --------- d-----w c:\program files\Rainforest Adventure 2008-10-27 12:40 --------- d-----w c:\program files\Fire Maple Games 2008-10-27 12:39 472,576 ----a-w c:\windows\uninstall.exe 2008-10-27 12:39 26,555,220 ----a-w c:\windows\system32\ntx263769828.exe 2008-10-27 12:39 26,555,220 ----a-w c:\windows\system32\ntx263766796.exe 2008-10-27 12:39 --------- d-----w c:\program files\Mahjong Forests 2008-10-21 17:37 --------- d-----w c:\documents and settings\xp pro\Application Data\Playfirst 2008-10-21 17:37 --------- d-----w c:\documents and settings\All Users\Application Data\Playfirst 2008-10-21 16:36 --------- d-----w c:\documents and settings\xp pro\Application Data\Righteous Kill 2008-10-21 15:56 --------- d-----w c:\program files\LeeGTs Games 2008-10-21 15:27 --------- d-----w c:\program files\Chromentum 2 2008-10-17 01:36 --------- d-----w c:\program files\JLC's Software 2008-10-17 01:28 --------- d-----w c:\documents and settings\xp pro\Application Data\JLC's Software 2008-10-14 21:01 81,920 ----a-w c:\documents and settings\xp pro\Application Data\ezpinst.exe 2008-10-14 21:01 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2008-10-14 21:01 47,360 ----a-w c:\documents and settings\xp pro\Application Data\pcouffin.sys 2008-10-14 21:01 --------- d-----w c:\program files\Video Convert Premier 2008-10-14 21:01 --------- d-----w c:\documents and settings\xp pro\Application Data\Vso 2008-10-07 20:48 --------- d-----w c:\program files\Webteh 2008-10-07 20:48 --------- d-----w c:\documents and settings\xp pro\Application Data\BSplayer PRO 2008-10-05 11:14 --------- d-----w c:\program files\UltraISO 2008-10-05 11:13 --------- d-----w c:\program files\Common Files\EZB Systems 2007-07-26 19:00 23,800,756 ----a-w c:\program files\Burning Studio 7.1.0.exe 2002-07-01 14:13 224 --sha-w c:\documents and settings\xp pro\Application Data\maildriver32.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2008-12-02 2468200] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800] "system32PLSR Agent"="c:\windows\system32PLSR.exe" [2008-12-02 482816] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-03 11:32:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . Completion time: 2008-12-03 11:32:52 ComboFix-quarantined-files.txt 2008-12-03 10:32:42 ComboFix2.txt 2008-12-03 10:14:08 ComboFix3.txt 2008-12-02 12:52:32 ComboFix4.txt 2008-12-02 12:40:58 Pre-Run: 66.935.623.680 bytes free Post-Run: 66,922,635,264 bytes free 148

Profil

dr_Bora Poslao: 03 Dec 2008 17:08 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ardamax Keylogger - da li si ga ti sam instalirao?

Profil

crni_kac Poslao: 04 Dec 2008 16:07 Idi na vrh
offline crni_kac Građanin Pridružio: 25 Apr 2006 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! nisam.Da li je to u pitanju? Kako izleciti komp?

Profil

dr_Bora Poslao: 04 Dec 2008 17:29 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj sledeće file-ove: c:\windows\system32PLSR.exe c:\windows\system32PLSR.006 c:\windows\system32PLSR.007 Upload link: http://www.mycity.rs/ambulanta-upload.php Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Profil

crni_kac Poslao: 05 Dec 2008 17:09 Idi na vrh
offline crni_kac Građanin Pridružio: 25 Apr 2006 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png mycity.rs/must-login.png ovo sam odradio sem sto neznam da pronadjem ove fajlove da upoadujem

Profil

dr_Bora Poslao: 05 Dec 2008 17:32 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovako ćemo... Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32PLSR.exe c:\windows\system32PLSR.006 c:\windows\system32PLSR.007` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Izdvojeno iz druge teme

Ko je trenutno na forumu

Ukupno su 1004 korisnika na forumu :: 26 registrovanih, 2 sakrivenih i 976 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, Aleksandar Tomić, Asparagus, bato, bojank, bojankrstc, Boris90, BraneS, cenejac111, darcaud, DavidA, debeli, Denaya, Dorcolac, flash12, Georgius, ILGromovnik, Kubovac, kubura91, kybonacci, milenko crazy north, Milometer, mrav pesadinac, pein, sevenino, solic

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by