Možda tražite i:
Provera loga,pokupio sam trojance neke.
Ako moze provera loga!
Provera Loga
Provera HT loga

MyCity » Ambulanta -> Arhiva Ambulante » Provera loga

Provera loga

Napisano na dan: 29.5.2008

Strana:
1
2

Provera loga

Sledeća strana

Pagination

Odgovori

Strana:
1
2

miroslavk11 Poslao: 29 Maj 2008 17:24 Idi na vrh
offline miroslavk11 Novi MyCity građanin Pridružio: 29 Maj 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 17:15:28, on 29.5.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\WAV\wav.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\user\Desktop\HijackThis(2).exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\user\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = internetsearchservice.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll (file missing) O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - dwnldietool.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - dwnldietool.com/redirect.php (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O17 - HKLM\System\CCS\Services\Tcpip\..\{34EB87A2-9E22-4802-996F-48B97A7B36C3}: NameServer = 217.75.192.10 217.75.192.11 O17 - HKLM\System\CS1\Services\Tcpip\..\{34EB87A2-9E22-4802-996F-48B97A7B36C3}: NameServer = 217.75.192.10 217.75.192.11 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Profil

DEMIAN Poslao: 29 Maj 2008 17:50 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: http://www.besttechie.net/tools/mbam-setup.exe Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: * Update Malwarebytes' Anti-Malware * Launch Malwarebytes Anti-Malware * Zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).

Profil

miroslavk11 Poslao: 29 Maj 2008 18:38 Idi na vrh
offline miroslavk11 Novi MyCity građanin Pridružio: 29 Maj 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Malwarebytes' Anti-Malware 1.12 Database version: 722 Scan type: Quick Scan Objects scanned: 34057 Time elapsed: 3 minute(s), 8 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 23 Registry Values Infected: 18 Registry Data Items Infected: 0 Folders Infected: 15 Files Infected: 8 Memory Processes Infected: C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe (Rogue.MalWarrior) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antivirus (Rogue.Antivirus2008-) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinSpywareProtect (ver. 5.1) (Rogue.MalWarrior) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080529083333593.log (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080529100329843.log (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080529115447312.log (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080529162814953.log (Rogue.MalWarrior) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080529173656109.log (Rogue.MalWarrior) -> Quarantined and deleted successfully. Dopuna: 29 Maj 2008 18:38 ne mogu da vjerujem da jos ima ljudi koji hoce pomoc na ovaj nacin ne znam kako da zahvalim sta god da kazem bez veze je POZZ

Profil

DEMIAN Poslao: 29 Maj 2008 18:57 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav i tebi.. Deo malware-a je obrisan (koliko vidim po logu) ali sumnjam da je još nešto zaostalo. Iz tog razloga uradićeš sledeće; Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

miroslavk11 Poslao: 29 Maj 2008 20:01 Idi na vrh
offline miroslavk11 Novi MyCity građanin Pridružio: 29 Maj 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-29.1 - user 2008-05-29 19:05:35.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503 [GMT 2:00] Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\user\Application Data\FunWebProducts C:\Documents and Settings\user\Application Data\FunWebProducts\Data\user\avatar.dat C:\Documents and Settings\user\Application Data\FunWebProducts\Data\user\outfit.dat C:\Documents and Settings\user\Application Data\FunWebProducts\Data\user\register.dat C:\Documents and Settings\user\Application Data\FunWebProducts\Data\user\zbucks.dat . ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))) . 2008-05-29 18:26 . 2008-05-29 18:26 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes 2008-05-29 18:25 . 2008-05-29 18:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-29 18:25 . 2008-05-29 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-29 18:25 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-29 18:25 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-29 17:36 . 2008-05-29 17:36 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-05-29 17:33 . 2008-05-29 17:33 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-05-29 17:31 . 2008-05-29 17:31 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-05-29 17:31 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-05-29 17:30 . 2008-05-29 17:34 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-05-29 15:11 . 2008-05-29 16:26 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-29 08:12 . 2008-05-29 14:14 <DIR> d-------- C:\Program Files\WAV 2008-05-29 07:48 . 2008-05-29 07:48 <DIR> d-------- C:\WINDOWS\system32\824223 2008-05-25 15:45 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-25 15:44 . 2008-05-25 15:45 <DIR> d-------- C:\Program Files\Java 2008-05-25 15:44 . 2008-05-25 15:44 <DIR> d-------- C:\Program Files\Common Files\Java 2008-05-19 18:30 . 2008-05-19 18:30 169 --a------ C:\WINDOWS\RtlRack.ini 2008-05-18 10:54 . 2008-05-18 10:54 <DIR> d-------- C:\WINDOWS\system32\Lang 2008-05-18 10:54 . 2008-05-18 10:54 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2008-05-18 10:54 . 2008-05-18 10:54 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2008-05-08 09:02 . 2008-05-08 09:04 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-05-05 13:06 . 2008-05-05 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail 2008-05-05 13:06 . 2008-05-05 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-29 16:50 --------- d-----w C:\Documents and Settings\user\Application Data\Skype 2008-05-29 15:37 --------- d-----w C:\Documents and Settings\user\Application Data\skypePM 2008-05-29 11:28 --------- d-----w C:\Documents and Settings\user\Application Data\Yahoo! 2008-05-29 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-05-29 11:27 --------- d-----w C:\Program Files\Yahoo! 2008-05-29 07:11 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire 2008-05-25 13:48 --------- d-----w C:\Program Files\ESET 2008-05-05 09:38 --------- d-----w C:\Program Files\Picasa2 2008-05-05 09:37 22,510 ----a-w C:\Program Files\Picture2.png 2008-04-30 04:42 --------- d-----w C:\Program Files\Winamp 2008-04-26 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\SweetIM 2008-04-24 06:26 --------- d-----w C:\Program Files\Common Files\NSV 2008-04-24 05:20 304,160 ----a-w C:\StiImg.dat 2008-04-24 05:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-24 05:12 --------- d-----w C:\Program Files\Trust 2008-04-24 05:12 --------- d-----w C:\Program Files\Common Files\PCCamera 2008-04-24 05:11 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2008-04-24 05:11 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll 2008-04-24 03:19 --------- d-----w C:\Program Files\LucasArts 2008-04-23 16:49 --------- d-----w C:\Program Files\WIDCOMM 2008-04-23 16:27 --------- d-----w C:\Program Files\LimeWire 2008-04-23 15:50 --------- d-----w C:\Program Files\Google 2008-04-23 14:57 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-04-23 14:55 --------- d-----w C:\Program Files\Skype 2008-04-23 14:55 --------- d-----w C:\Program Files\Common Files\Skype 2008-04-23 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-04-22 14:10 --------- d-----w C:\Program Files\CyberLink 2008-04-22 14:07 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-22 14:05 --------- d-----w C:\Program Files\Common Files\L&H 2008-04-22 14:04 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-04-22 14:02 --------- d-----w C:\Program Files\Microsoft Works 2008-04-22 14:00 502,208 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2008-04-22 14:00 270,336 ----a-w C:\WINDOWS\system32\imon.dll 2008-04-22 14:00 --------- d-----w C:\Program Files\Common Files\Ahead 2008-04-22 14:00 --------- d-----w C:\Program Files\Ahead 2008-04-22 13:59 --------- d-----w C:\Program Files\Microsoft.NET 2008-04-22 13:54 --------- d-----w C:\Documents and Settings\user\Application Data\ATI 2008-04-22 13:50 --------- d-----w C:\Program Files\ATI Technologies 2008-04-22 13:35 --------- d-----w C:\Program Files\Realtek Sound Manager 2008-04-22 13:35 --------- d-----w C:\Program Files\AvRack 2008-04-22 13:34 --------- d-----w C:\Program Files\Marvell 2008-04-22 13:34 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-22 13:33 --------- d-----w C:\Program Files\AMD 2008-04-22 13:18 --------- d-----w C:\Program Files\microsoft frontpage 2008-04-22 13:13 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-26 08:09 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll 2008-03-19 09:40 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:03 827,392 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-22 16:00 917504] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "Antivirus"="C:\Program Files\WAV\wav.exe" [2008-05-22 17:27 325632] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 01:16:54 610365] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-05-10 11:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] -ra------ 2004-06-29 18:42 569344 C:\WINDOWS\sm56hlpr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Documents and Settings\\user\\Desktop\\svastara\\WLM_Lite_8.5\\WLM Lite 8.5.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29] Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-29 19:07:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-29 19:07:40 ComboFix-quarantined-files.txt 2008-05-29 17:07:36 Pre-Run: 32,359,870,464 bytes free Post-Run: 32,446,955,520 bytes free 147 --- E O F --- 2008-05-29 15:34:59 Dopuna: 29 Maj 2008 19:13 pojavio se nod 32 i pokazao da ima neki virus to se desilo dok je ovaj radio a ova poruka je otisla jos negdje .-izvini Dopuna: 29 Maj 2008 20:00 evo sad sa skenirao sa nod32-om i ovo se pojavilo a ne da se obrisati C:\System Volume Information\_restore{9C047DDC-7872-48C8-8E3C-49C0A037A606}\RP35\A0003647.exe »CAB »mwsSrcSp.CommonCodebase.exe - a variant of Win32/AdInstaller application Dopuna: 29 Maj 2008 20:01 C:\System Volume Information\_restore{9C047DDC-7872-48C8-8E3C-49C0A037A606}\RP35\A0003647.exe - a variant of Win32/AdInstaller application

Profil

DEMIAN Poslao: 29 Maj 2008 20:06 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Što si nervozan Miroslave? Batali skeniranje AV-om sada. Isprati uputstva samo i nemaš brige. Ništa neće da 'zaostane' * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravite da uključite ovu opciju po završetku čišćenja. ------------------------- Zatim otvori Notepad i iskopiraj sledeci tekst: `File:: C:\Program Files\WAV\wav.exe C:\WINDOWS\ativpsrm.bin C:\WINDOWS\RtlRack.ini Folder:: C:\WINDOWS\system32\824223 C:\Program Files\WAV Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Antivirus"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

miroslavk11 Poslao: 29 Maj 2008 20:23 Idi na vrh
offline miroslavk11 Novi MyCity građanin Pridružio: 29 Maj 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Snimiti na Desktop fajl iz Notepada kao "CFScript" ovo ti ne znam uradit , ako te ne mrzi malo opsirnije hvala

Profil

DEMIAN Poslao: 29 Maj 2008 20:29 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kopiraj ovo što je u code tagovima (zeleno) u Notepad. Opcija "Save As" i snimiš to na Desktop kao CFScript. CFScript je znači naziv tog txt dokumenta. Prevučeš to nad ComboFix.exe i pustiš. On radi sve ostalo sam.

Profil

miroslavk11 Poslao: 29 Maj 2008 20:41 Idi na vrh
offline miroslavk11 Novi MyCity građanin Pridružio: 29 Maj 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-29.1 - user 2008-05-29 20:35:49.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.392 [GMT 2:00] Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\user\My Documents\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Program Files\WAV\wav.exe C:\WINDOWS\ativpsrm.bin C:\WINDOWS\RtlRack.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\WAV C:\Program Files\WAV\wav.exe C:\Program Files\WAV\wav0.dat C:\Program Files\WAV\wav1.dat C:\WINDOWS\ativpsrm.bin C:\WINDOWS\RtlRack.ini C:\WINDOWS\system32\824223 . ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))) . 2008-05-29 18:26 . 2008-05-29 18:26 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes 2008-05-29 18:25 . 2008-05-29 18:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-29 18:25 . 2008-05-29 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-29 18:25 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-29 18:25 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-29 17:33 . 2008-05-29 17:33 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-05-29 17:31 . 2008-05-29 17:31 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-05-29 17:31 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-05-29 17:30 . 2008-05-29 17:34 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-05-29 15:11 . 2008-05-29 16:26 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-25 15:45 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-25 15:44 . 2008-05-25 15:45 <DIR> d-------- C:\Program Files\Java 2008-05-25 15:44 . 2008-05-25 15:44 <DIR> d-------- C:\Program Files\Common Files\Java 2008-05-18 10:54 . 2008-05-18 10:54 <DIR> d-------- C:\WINDOWS\system32\Lang 2008-05-18 10:54 . 2008-05-18 10:54 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2008-05-18 10:54 . 2008-05-18 10:54 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2008-05-08 09:02 . 2008-05-08 09:04 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-05-05 13:06 . 2008-05-05 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail 2008-05-05 13:06 . 2008-05-05 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-29 17:57 --------- d-----w C:\Documents and Settings\user\Application Data\Skype 2008-05-29 15:37 --------- d-----w C:\Documents and Settings\user\Application Data\skypePM 2008-05-29 11:28 --------- d-----w C:\Documents and Settings\user\Application Data\Yahoo! 2008-05-29 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-05-29 11:27 --------- d-----w C:\Program Files\Yahoo! 2008-05-29 07:11 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire 2008-05-25 13:48 --------- d-----w C:\Program Files\ESET 2008-05-05 09:38 --------- d-----w C:\Program Files\Picasa2 2008-05-05 09:37 22,510 ----a-w C:\Program Files\Picture2.png 2008-04-30 04:42 --------- d-----w C:\Program Files\Winamp 2008-04-26 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\SweetIM 2008-04-24 06:26 --------- d-----w C:\Program Files\Common Files\NSV 2008-04-24 05:20 304,160 ----a-w C:\StiImg.dat 2008-04-24 05:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-24 05:12 --------- d-----w C:\Program Files\Trust 2008-04-24 05:12 --------- d-----w C:\Program Files\Common Files\PCCamera 2008-04-24 05:11 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2008-04-24 05:11 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll 2008-04-24 03:19 --------- d-----w C:\Program Files\LucasArts 2008-04-23 16:49 --------- d-----w C:\Program Files\WIDCOMM 2008-04-23 16:27 --------- d-----w C:\Program Files\LimeWire 2008-04-23 15:50 --------- d-----w C:\Program Files\Google 2008-04-23 14:57 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-04-23 14:55 --------- d-----w C:\Program Files\Skype 2008-04-23 14:55 --------- d-----w C:\Program Files\Common Files\Skype 2008-04-23 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-04-22 14:10 --------- d-----w C:\Program Files\CyberLink 2008-04-22 14:07 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-22 14:05 --------- d-----w C:\Program Files\Common Files\L&H 2008-04-22 14:04 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-04-22 14:02 --------- d-----w C:\Program Files\Microsoft Works 2008-04-22 14:00 502,208 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2008-04-22 14:00 270,336 ----a-w C:\WINDOWS\system32\imon.dll 2008-04-22 14:00 --------- d-----w C:\Program Files\Common Files\Ahead 2008-04-22 14:00 --------- d-----w C:\Program Files\Ahead 2008-04-22 13:59 --------- d-----w C:\Program Files\Microsoft.NET 2008-04-22 13:54 --------- d-----w C:\Documents and Settings\user\Application Data\ATI 2008-04-22 13:50 --------- d-----w C:\Program Files\ATI Technologies 2008-04-22 13:35 --------- d-----w C:\Program Files\Realtek Sound Manager 2008-04-22 13:35 --------- d-----w C:\Program Files\AvRack 2008-04-22 13:34 --------- d-----w C:\Program Files\Marvell 2008-04-22 13:34 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-22 13:33 --------- d-----w C:\Program Files\AMD 2008-04-22 13:18 --------- d-----w C:\Program Files\microsoft frontpage 2008-04-22 13:13 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-26 08:09 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll 2008-03-19 09:40 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:03 827,392 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-22 16:00 917504] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 01:16:54 610365] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-05-10 11:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] -ra------ 2004-06-29 18:42 569344 C:\WINDOWS\sm56hlpr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Documents and Settings\\user\\Desktop\\svastara\\WLM_Lite_8.5\\WLM Lite 8.5.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29] Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-29 20:36:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-29 20:37:03 ComboFix-quarantined-files.txt 2008-05-29 18:36:58 ComboFix2.txt 2008-05-29 17:07:41 Pre-Run: 32,438,759,424 bytes free Post-Run: 32,429,559,808 bytes free 149 --- E O F --- 2008-05-29 15:34:59

Profil

DEMIAN Poslao: 29 Maj 2008 20:48 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Provera loga

Ko je trenutno na forumu

Ukupno su 992 korisnika na forumu :: 29 registrovanih, 4 sakrivenih i 959 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: babaroga, Bobrock1, Brana01, Dannyboy, dolinalima, Georgius, ILGromovnik, ivica976, kunktator, laurusri, mercedesamg, Mi lao shu, MiG-29M2, milos97, mnn2, nemkea71, nikoladim, Povratak1912, procesor, proka89, raketaš, savaskytec, Silvertooth, Sir Budimir, Stija zmija, uruk, vathra, VJ, wolf431

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by