MyCity » Ambulanta -> Arhiva Ambulante » Sta mi je ciniti

Sta mi je ciniti

Napisano na dan: 1.1.2009

Strana:
1
2

Sta mi je ciniti

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Aco Poslao: 01 Jan 2009 20:53 Idi na vrh
offline Aco Moderator foruma Aleksandar Pridružio: 12 Maj 2006 Poruke: 16823 Gde živiš: /home/aco	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Maloprije sam nesto gledao po ebay, i onda je nod poludio non stop izbacuje da nesto nalazi.Zatim sam skenirao sa nod antivirusom i on je naso svasta nesto. Probao sam da skeniram Malwarebytes' Anti-Malware ali neda mi da pokrenem instalciju. Takodje ni HijackThis nemogu da skinem , mozillom nemogu uopste vise na internet .Pa bio bih zahvalan za pomoc ako se uopste moze pomoci..

Profil

dr_Bora Poslao: 01 Jan 2009 21:00 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... HijackThis: http://amf.mycity.rs/programs/mirrored/FG5.exe

Profil

Aco Poslao: 01 Jan 2009 21:03 Idi na vrh
offline Aco Moderator foruma Aleksandar Pridružio: 12 Maj 2006 Poruke: 16823 Gde živiš: /home/aco	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo ga dr Bora.. Logfile of HijackThis v1.99.1 Scan saved at 20:56:50, on 1.1.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Analog Clock\AnalogClock.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OVISLINK\Common\AirliveUI.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Aco29\Desktop\New Folder\FG5.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: AirLive 802.11G Wireless Utility.lnk = C:\Program Files\OVISLINK\Common\AirliveUI.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V.....0680969471 O17 - HKLM\System\CCS\Services\Tcpip\..\{6E413851-D3B5-4547-8B7D-A71078597FA2}: NameServer = 87.250.98.250 208.67.222.222 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

Profil

dr_Bora Poslao: 01 Jan 2009 21:23 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Privremeno isključi antivirus pre pokretanja idućeg programa... Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Aco Poslao: 01 Jan 2009 21:28 Idi na vrh
offline Aco Moderator foruma Aleksandar Pridružio: 12 Maj 2006 Poruke: 16823 Gde živiš: /home/aco	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dr Bora nemogu da ga skinem ni sa jednog od ovih linkova, jednostavno nemoze da otvori .. Internet Explorer cannot display the webpage

Profil

dr_Bora Poslao: 01 Jan 2009 21:58 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ga ovde: http://amf.mycity.rs/programs/mirrored/C-F.exe

Profil

Aco Poslao: 01 Jan 2009 22:17 Idi na vrh
offline Aco Moderator foruma Aleksandar Pridružio: 12 Maj 2006 Poruke: 16823 Gde živiš: /home/aco	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! situacija je sledeca, prilikom pokretanja on je krenuo da skenira i odmah nakon 5 sekundi izbacio nekakvo obavjestenje, da je nesto naso i da moram na restart. Ja sam klikom na ok to potvrdio, medjutim poslije restarta on nije nastavio sa skenira. Jedini izvjestaj koji sam nasao je na c/Qoobox i evo ga .. \Registry\Machine\System\CurrentControlSet\Services\vkquwexg ***************** Script file located at: \??\C:\C-F\ComboDel.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\QooBox *************** Beginning to process script file: File C:\WINDOWS\system32\drivers\TDSSmqlt.sys not found! File move operation C:\WINDOWS\system32\drivers\TDSSmqlt.sys\|C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\TDSSmqlt.sys.vir failed! Could not process line: C:\WINDOWS\system32\drivers\TDSSmqlt.sys\|C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\TDSSmqlt.sys.vir Status: 0xc0000034 File move operation C:\WINDOWS\system32\TDSSoiqn.dll\|C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSoiqn.dll.vir completed successfully. File move operation C:\WINDOWS\system32\TDSSorvd.dat\|C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSorvd.dat.vir completed successfully. File move operation C:\WINDOWS\system32\TDSShrsr.dll\|C:\QooBox\Quarantine\C\WINDOWS\system32\TDSShrsr.dll.vir completed successfully. File move operation C:\WINDOWS\system32\TDSSrtqp.dll\|C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSrtqp.dll.vir completed successfully. File move operation C:\WINDOWS\system32\TDSSxfum.dll\|C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSxfum.dll.vir completed successfully. File move operation C:\WINDOWS\system32\TDSSlxwp.dll\|C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSlxwp.dll.vir completed successfully. File move operation C:\WINDOWS\system32\TDSSkkbi.log\|C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSkkbi.log.vir completed successfully. File C:\WINDOWS\system32\TDSSnmxh.log not found! File move operation C:\WINDOWS\system32\TDSSnmxh.log\|C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSnmxh.log.vir failed! Could not process line: C:\WINDOWS\system32\TDSSnmxh.log\|C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSnmxh.log.vir Status: 0xc0000034 File C:\WINDOWS\system32\TDSSsihc.dll not found! File move operation C:\WINDOWS\system32\TDSSsihc.dll\|C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSsihc.dll.vir failed! Could not process line: C:\WINDOWS\system32\TDSSsihc.dll\|C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSsihc.dll.vir Status: 0xc0000034 File C:\WINDOWS\system32\TDSSrhyp.log not found! File move operation C:\WINDOWS\system32\TDSSrhyp.log\|C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSrhyp.log.vir failed! Could not process line: C:\WINDOWS\system32\TDSSrhyp.log\|C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSrhyp.log.vir Status: 0xc0000034 Program C:\C-F\C.bat successfully set up to run once on reboot. Completed script processing. ***************** Finished! Terminate. Pa da ga ponovo pustim ili...

Profil

dr_Bora Poslao: 01 Jan 2009 22:27 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokreni ga opet.

Profil

Aco Poslao: 01 Jan 2009 22:35 Idi na vrh
offline Aco Moderator foruma Aleksandar Pridružio: 12 Maj 2006 Poruke: 16823 Gde živiš: /home/aco	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ga Bora. samo napomena da je on isto napravio restart, ali je poslije njega nastavio.. ComboFix 08-12-31.01 - Aco29 2009-01-01 22:25:12.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1535.1131 [GMT 1:00] Running from: c:\documents and settings\Aco29\Desktop\C-F.exe AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\TDSSmqlt.sys c:\windows\system32\TDSShrsr.dll c:\windows\system32\TDSSkkbi.log c:\windows\system32\TDSSlxwp.dll c:\windows\system32\TDSSnmxh.log c:\windows\system32\TDSSoiqn.dll c:\windows\system32\TDSSorvd.dat c:\windows\system32\TDSSrhyp.log c:\windows\system32\TDSSrtqp.dll c:\windows\system32\TDSSsihc.dll c:\windows\system32\TDSSxfum.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_tdssserv.sys -------\Service_tdssserv.sys ((((((((((((((((((((((((( Files Created from 2008-12-01 to 2009-01-01 ))))))))))))))))))))))))))))))) . 2009-01-01 20:03 . 2009-01-01 20:03 0 --a------ C:\yuqpba.exe 2009-01-01 20:02 . 2009-01-01 20:02 <DIR> d-------- c:\program files\Unlocker 2009-01-01 20:02 . 2009-01-01 20:02 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Desktopicon 2009-01-01 20:02 . 2009-01-01 22:27 112,364 --a------ c:\windows\system32\drivers\e41133be.sys 2009-01-01 20:01 . 2009-01-01 20:03 2 --a------ C:\-2009474655 2009-01-01 19:56 . 2009-01-01 20:09 <DIR> d-------- c:\program files\iXi Tools 2009-01-01 19:56 . 2009-01-01 19:56 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{4439F0FD-AFAF-434D-86E2-DEB14A9C58AC} 2009-01-01 14:03 . 2009-01-01 14:03 <DIR> d-------- c:\program files\Yamicsoft 2009-01-01 13:08 . 2009-01-01 13:08 <DIR> d-------- c:\program files\Recover Keys 2009-01-01 13:01 . 2009-01-01 13:01 <DIR> d-------- c:\program files\Codec Pack - All In 1 2009-01-01 13:01 . 2009-01-01 13:00 737,280 --a------ c:\windows\iun6002.exe 2008-12-31 15:50 . 2008-12-31 15:50 <DIR> d-------- c:\documents and settings\Aco29\Application Data\VitySoft 2008-12-31 15:47 . 2008-12-31 15:47 <DIR> d-------- c:\program files\Real 2008-12-31 15:47 . 2008-12-31 15:47 <DIR> d-------- c:\program files\Common Files\xing shared 2008-12-31 15:47 . 2008-12-31 15:47 <DIR> d-------- c:\program files\Common Files\Real 2008-12-31 15:47 . 2008-12-31 15:47 499,712 --a------ c:\windows\system32\msvcp71.dll 2008-12-31 15:47 . 2008-12-31 15:47 348,160 --a------ c:\windows\system32\msvcr71.dll 2008-12-31 12:07 . 2008-12-31 12:07 <DIR> d-------- c:\program files\IObit 2008-12-31 11:45 . 2008-12-31 11:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2008-12-31 11:35 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2008-12-31 11:34 . 2008-12-31 11:34 <DIR> d-------- c:\program files\Microsoft Works 2008-12-31 11:32 . 2008-12-31 11:32 <DIR> d-------- c:\program files\Microsoft.NET 2008-12-31 11:30 . 2008-12-31 11:30 <DIR> d-------- c:\program files\Microsoft Visual Studio 8 2008-12-31 11:29 . 2008-12-31 11:29 <DIR> d-------- c:\windows\SHELLNEW 2008-12-31 11:29 . 2008-12-31 11:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-31 11:28 . 2008-12-31 11:28 <DIR> dr-h----- C:\MSOCache 2008-12-31 10:32 . 2008-10-16 21:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2008-12-31 10:32 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2008-12-31 10:32 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2008-12-31 10:32 . 2008-10-16 21:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2008-12-31 10:32 . 2008-10-16 21:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2008-12-31 10:32 . 2008-10-16 21:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2008-12-31 10:32 . 2008-10-16 21:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2008-12-31 10:32 . 2008-10-16 21:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2008-12-31 10:32 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2008-12-31 01:26 . 2008-12-31 01:26 <DIR> d-------- c:\program files\Windows Media Connect 2 2008-12-31 01:26 . 2008-04-14 04:42 221,184 --a------ c:\windows\system32\wmpns.dll 2008-12-31 01:25 . 2008-12-31 01:25 <DIR> d-------- c:\windows\system32\LogFiles 2008-12-31 01:25 . 2008-12-31 01:26 <DIR> d-------- c:\windows\system32\drivers\UMDF 2008-12-31 01:18 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-12-31 01:16 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-12-31 01:16 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-12-31 01:16 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-12-31 01:16 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-12-31 01:12 . 2008-06-13 12:05 272,128 --------- c:\windows\system32\drivers\bthport.sys 2008-12-31 01:12 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-12-31 00:56 . 2008-12-31 11:01 <DIR> d--h----- c:\windows\$hf_mig$ 2008-12-31 00:54 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll 2008-12-31 00:54 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui 2008-12-31 00:54 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui 2008-12-31 00:54 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2008-12-31 00:54 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui 2008-12-31 00:49 . 2008-12-31 00:49 <DIR> d--hs---- c:\documents and settings\Aco29\UserData 2008-12-30 22:52 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2008-12-30 22:52 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys 2008-12-30 22:42 . 2008-12-30 22:44 <DIR> d-------- c:\program files\Euro Truck Simulator 2008-12-30 22:30 . 2008-12-31 12:23 <DIR> d--h----- c:\windows\Icons 2008-12-30 22:23 . 2008-12-30 22:23 <DIR> d-------- c:\program files\Microsoft Silverlight 2008-12-30 22:23 . 2009-01-01 22:27 <DIR> d-------- c:\documents and settings\Aco29\Tracing 2008-12-30 22:22 . 2008-12-30 22:22 <DIR> d-------- c:\program files\Windows Live SkyDrive 2008-12-30 22:22 . 2008-12-30 22:22 <DIR> d-------- c:\program files\Windows Live 2008-12-30 22:22 . 2008-12-30 22:22 <DIR> d-------- c:\program files\Microsoft 2008-12-30 22:21 . 2008-12-30 22:21 <DIR> d-------- c:\program files\Common Files\Windows Live 2008-12-30 22:20 . 2008-12-30 22:20 <DIR> d-------- c:\program files\VS Revo Group 2008-12-30 22:12 . 2008-12-30 22:12 <DIR> d-------- c:\windows\system32\XPSViewer 2008-12-30 22:12 . 2008-12-30 22:12 <DIR> d-------- c:\program files\Reference Assemblies 2008-12-30 22:12 . 2008-12-30 22:12 <DIR> d-------- c:\program files\MSBuild 2008-12-30 22:11 . 2007-10-05 15:42 23,856 --a------ c:\windows\system32\spupdsvc.exe 2008-12-30 22:11 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-12-30 22:05 . 2008-12-30 22:06 <DIR> d-------- c:\program files\Video Convert Master 2008-12-30 22:05 . 2008-12-30 22:05 47,360 --a------ c:\windows\system32\drivers\Pcouffin.sys 2008-12-30 22:04 . 2008-12-31 22:26 <DIR> d-------- c:\program files\Mv2Player 2008-12-30 22:02 . 2008-12-30 22:02 <DIR> d-------- c:\program files\TechSmith 2008-12-30 22:01 . 2008-12-30 22:01 4,444 --a------ c:\windows\system32\pid.PNF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-01 20:51 --------- d-----w c:\documents and settings\Aco29\Application Data\uTorrent 2009-01-01 13:13 --------- d-----w c:\program files\Analog Clock 2008-12-30 21:44 --------- d-----w c:\program files\AGEIA Technologies 2008-12-30 21:31 --------- d-----w c:\program files\Google 2008-12-30 20:54 --------- d-----w c:\program files\Common Files\ACD Systems 2008-12-30 20:54 --------- d-----w c:\program files\ACD Systems 2008-12-30 20:54 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2008-12-30 20:54 --------- d-----w c:\documents and settings\Aco29\Application Data\ACD Systems 2008-12-30 20:50 --------- d-----w c:\documents and settings\Aco29\Application Data\TuneUp Software 2008-12-30 20:49 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-12-30 20:49 --------- d-----w c:\program files\TuneUp Utilities 2009 2008-12-30 20:49 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-12-30 20:48 --------- d-----w c:\program files\Picasa2 2008-12-30 20:45 --------- d-----w c:\program files\ESET 2008-12-30 20:45 --------- d-----w c:\documents and settings\All Users\Application Data\ESET 2008-12-30 20:43 --------- d-----w c:\program files\CDex_150 2008-12-30 20:43 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip 2008-12-30 20:42 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-12-30 20:41 --------- d-----w c:\program files\Common Files\Adobe 2008-12-30 20:28 --------- d-----w c:\program files\Winamp 2008-12-30 20:28 --------- d-----w c:\program files\uTorrent 2008-12-30 20:28 --------- d-----w c:\documents and settings\Aco29\Application Data\Winamp 2008-12-30 20:26 --------- d-----w c:\program files\Java 2008-12-30 20:26 --------- d-----w c:\program files\EASEUS 2008-12-30 20:26 --------- d-----w c:\program files\Common Files\Java 2008-12-30 20:24 21,419 ----a-w c:\windows\system32\drivers\AegisP.sys 2008-12-30 20:24 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-30 20:24 --------- d-----w c:\program files\OVISLINK 2008-12-30 20:24 --------- d-----w c:\documents and settings\Aco29\Application Data\InstallShield 2008-12-30 20:21 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-30 20:18 315,392 ----a-w c:\windows\HideWin.exe 2008-12-30 20:18 --------- d-----w c:\program files\Realtek 2008-12-30 20:17 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-30 20:16 --------- d-----w c:\program files\VIA 2008-12-30 20:09 --------- d-----w c:\program files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnalogClock"="c:\program files\Analog Clock\AnalogClock.exe" [2005-11-05 480256] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "RTHDCPL"="RTHDCPL.EXE" [2007-02-26 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AirLive 802.11G Wireless Utility.lnk - c:\program files\OVISLINK\Common\AirliveUI.exe [2008-12-30 1290240] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Device Detector"=DevDetect.exe -autorun "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= R0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2008-12-30 16896] R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2008-12-30 52224] R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312] R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-07-01 468224] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-30 603904] S3 epmntdrv;epmntdrv;\??\c:\windows\system32\epmntdrv.sys [2008-12-30 8704] S3 EuGdiDrv;EuGdiDrv;\??\c:\windows\system32\EuGdiDrv.sys [2008-12-30 3072] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-01-01 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 16:28] . - - - - ORPHANS REMOVED - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 TCP: {6E413851-D3B5-4547-8B7D-A71078597FA2} = 87.250.98.250 208.67.222.222 FF - ProfilePath - c:\documents and settings\Aco29\Application Data\Mozilla\Firefox\Profiles\otiqa7qy.default\ FF - prefs.js: browser.startup.homepage - google.com FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ATTENTION: FIREFOX POLICES IS IN FORCE FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-01 22:27:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e41133be] "ImagePath"="\SystemRoot\System32\drivers\e41133be.sys" . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\rundll32.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-01-01 22:28:51 - machine was rebooted [Aco29] ComboFix-quarantined-files.txt 2009-01-01 21:28:48 Pre-Run: 43,689,017,344 bytes free Post-Run: 43,699,744,768 bytes free 238 --- E O F --- 2008-12-31 10:01:41

Profil

dr_Bora Poslao: 01 Jan 2009 22:56 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upload-uj sledeći file: c:\windows\system32\drivers\e41133be.sys Upload link: http://www.mycity.rs/ambulanta-upload.php

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Sta mi je ciniti

Ko je trenutno na forumu

Ukupno su 999 korisnika na forumu :: 36 registrovanih, 7 sakrivenih i 956 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Alibaba1981, aramis s, babaroga, Belac91, bojan_t, bojankrstc, branko7, cemix, dragoljub11987, dule10savic, E_Kurir, GORDI, Haris, ivan979, JohnnyBoii, Kubovac, kuntalo, kybonacci, lord sir giga, Miki01, mikrimaus, milenko crazy north, Milos1389, miodrag, mocnijogurt, MrNo, niksa517, Prometeus, rovac, sap, SlaKoj, Toper, vathra, Vlada1389, voja64, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by