MyCity » Ambulanta -> Arhiva Ambulante » Sta ovde ne valja posto mi nod prijavljuje virus a kada sken

Sta ovde ne valja posto mi nod prijavljuje virus a kada sken

Napisano na dan: 18.7.2008

Sta ovde ne valja posto mi nod prijavljuje virus a kada sken

Sledeća strana

Pagination

Odgovori

kostolac Poslao: 18 Jul 2008 07:16 Idi na vrh
offline kostolac Građanin Pridružio: 21 Dec 2005 Poruke: 228 Gde živiš: Kostolac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ako mogu da zamolim nekog da pogleda ovaj moj log jer mi malo malo pa izadje prozor od NOD-a za neki virus ali kada pokrenem NOD da skenira komp ne nadje nista. Evo sta mi prijavljuje kada izadje prozor Time Module Object Name Threat Action User Information 18.7.2008 7:07:35 AMON file C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rgR1QlhK.exe probably unknown NewHeur_PE virus quarantined - deleted ADMINIST-439AC7\AdministratoriNET Event occurred on a new file created by the application: C:\Program Files\Google\Google Talk\googletalk.exe. The file was moved to quarantine. You may close this window. ----------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 7:11:21, on 18.7.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\FileZilla Server\FileZilla Server.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\IoctlSvc.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\AdministratoriNET\Desktop\New Folder\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogodak.rs/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071808 serial=DR12WNG-0249275-TMV lang=EN O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE CANYON CN-WCAM23 PC-Camera O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Startup: ProjectWhois.lnk = C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{078F2A67-650C-42AB-8E0B-39812A506184}: NameServer = 212.200.191.166,212.200.190.166 O17 - HKLM\System\CS1\Services\Tcpip\..\{078F2A67-650C-42AB-8E0B-39812A506184}: NameServer = 212.200.191.166,212.200.190.166 O17 - HKLM\System\CS2\Services\Tcpip\..\{078F2A67-650C-42AB-8E0B-39812A506184}: NameServer = 212.200.191.166,212.200.190.166 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Profil

milan27 Poslao: 18 Jul 2008 09:36 Idi na vrh
offline milan27 Super građanin Pridružio: 07 Avg 2006 Poruke: 1182 Gde živiš: Fili Davydkovo, Moscow, Russia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! лог делује ок...за сваки случај: * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. -------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

kostolac Poslao: 18 Jul 2008 17:42 Idi na vrh
offline kostolac Građanin Pridružio: 21 Dec 2005 Poruke: 228 Gde živiš: Kostolac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo odradjeno kako si rekao i evo ga log ------------------------------------------ ComboFix 08-07-17.5 - AdministratoriNET 2008-07-18 17:34:20.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.523 [GMT 2:00] ausgeführt von:: C:\Documents and Settings\AdministratoriNET\Desktop\New Folder (3)\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !! . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\AdministratoriNET\Application Data\.# . ((((((((((((((((((((((( Dateien erstellt von 2008-06-18 bis 2008-07-18 )))))))))))))))))))))))))))))) . 2008-07-17 17:37 . 2008-07-17 17:37 29,760 --a------ C:\WINDOWS\system32\80jkOGAF.exe 2008-07-17 17:37 . 2008-07-17 17:37 0 --a------ C:\WINDOWS\system32\80jkOGAF.exe.a_a 2008-07-06 19:21 . 2008-07-06 19:21 <DIR> d-------- C:\telenor ugovori 2008-07-05 13:57 . 2008-07-05 13:57 <DIR> d-------- C:\Documents and Settings\AdministratoriNET\Application Data\Apple Computer 2008-07-05 13:54 . 2008-07-05 13:54 <DIR> d-------- C:\Program Files\QuickTime 2008-07-05 13:54 . 2008-07-05 13:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-05 13:54 . 2008-07-05 13:54 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-05 13:53 . 2008-07-05 13:53 <DIR> d-------- C:\Program Files\Apple Software Update 2008-07-05 13:53 . 2008-07-05 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-07-05 13:53 . 2008-07-05 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-06-28 15:32 . 2008-06-28 17:12 2,516 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys 2008-06-28 15:32 . 2008-06-28 15:32 8 -r-hs---- C:\Documents and Settings\All Users\Application Data\2C5937E254.sys 2008-06-28 15:31 . 2008-06-28 15:31 <DIR> d-------- C:\Program Files\Common Files\Protexis 2008-06-28 15:31 . 2008-06-28 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel 2008-06-27 22:21 . 2004-05-10 12:42 110,592 --a------ C:\WINDOWS\system32\suppdll.dll 2008-06-27 22:21 . 2008-03-09 16:02 81,632 --a------ C:\WINDOWS\system32\FLKill.exe 2008-06-27 22:21 . 2008-06-28 01:39 498 --a------ C:\sccfg.sys 2008-06-27 22:20 . 2008-06-27 22:24 <DIR> d-------- C:\Program Files\Folder Lock 2008-06-24 17:55 . 2008-06-24 17:56 <DIR> d-------- C:\KOSTOLAC DVD 2008-06-24 17:52 . 2008-06-24 17:53 <DIR> d-------- C:\VIMINACIUM . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-18 05:52 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\uTorrent 2008-07-17 17:54 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-07-16 22:44 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Skype 2008-07-16 22:12 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\skypePM 2008-07-06 06:09 --------- d-----w C:\Program Files\uTorrent 2008-07-05 16:25 --------- d-----w C:\Program Files\Opera 2008-06-28 13:32 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Corel 2008-06-28 13:23 --------- d-----w C:\Program Files\Corel 2008-06-09 16:22 --------- d-----w C:\Program Files\Cosmi 2008-06-09 16:18 --------- d-----w C:\Program Files\Common Files\Cosmi 2008-06-09 16:18 --------- d-----w C:\Program Files\Common Files\Borland Shared 2008-06-08 12:13 --------- d-----w C:\Program Files\FileZilla Server 2008-06-08 11:54 --------- d-----w C:\Program Files\Feeding Frenzy 2 2008-05-29 14:04 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Sony 2008-05-29 14:03 --------- d-----w C:\Program Files\Sony 2008-05-29 14:02 --------- d-----w C:\Program Files\Sony Setup 2008-04-28 18:15 348,160 ----a-w C:\WINDOWS\MSVCR71.DLL 2008-04-28 18:15 1,060,864 ----a-w C:\WINDOWS\MFC71.DLL 2008-04-27 05:37 40,960 ----a-w C:\WINDOWS\SimTestDll.dll 2008-04-20 22:17 86,400 ----a-w C:\WINDOWS\~GLC0000.TMP 2008-01-02 20:43 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 Hinweis leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 23:52 476702] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 05:09 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 05:06 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 05:10 114688] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-16 14:17 917504] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 20:28 1469952] "StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 17:51 36864] "TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 20:28 155648] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 14:39 729088] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-16 20:20 91432] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 10:35 72736] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 13:06 62760] "pdfFactory Pro Dispatcher v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-12-20 19:19 458752] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632] "BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2004-08-20 16:51 40960] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "SMSERIAL"="sm56hlpr.exe" [2004-12-29 00:01 544768 C:\WINDOWS\sm56hlpr.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-03-23 07:28 14202368 C:\WINDOWS\RTHDCPL.EXE] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:07 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360] C:\Documents and Settings\AdministratoriNET\Start Menu\Programs\Startup\ ProjectWhois.lnk - C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe [2006-11-21 03:13:40 147456] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-05 23:55:48 113664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 14:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAID Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAID Manager.lnk backup=C:\WINDOWS\pss\RAID Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] --a------ 2007-12-07 17:03 1913656 C:\Program Files\BitComet\BitComet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface] --a------ 2007-12-25 23:25 937984 C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-02-28 09:59 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\totalcmd\\TOTALCMD.EXE"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\Trillian\\trillian.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "C:\\Program Files\\NetMeeting\\conf.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "27159:TCP"= 27159:TCP:BitComet 27159 TCP "27159:UDP"= 27159:UDP:BitComet 27159 UDP R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-12-10 16:44] R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 01:12] R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 16:30] R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 16:30] R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 16:30] R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 13:54] S3 FXDRV;FXDRV;D:\Fxdrv.sys [] Newly Created Service - CATCHME . Inhalt des "geplante Tasks" Ordners "2008-07-17 22:44:02 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 15:37:45 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 15:37:45 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 15:37:45 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 15:37:45 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 15:37:45 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 15:37:45 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 15:37:45 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 15:37:45 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 15:37:45 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 16:00:02 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 23:00:01 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 17:00:01 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 18:00:03 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 19:00:02 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 20:00:02 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 21:00:01 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-18 00:00:01 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-18 01:00:02 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-18 02:00:02 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-18 03:00:02 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-18 04:00:02 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-18 05:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\system32\80jkOGAF.exe "2008-07-17 15:37:46 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\system32\80jkOGAF.exe . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-18 17:36:25 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . Zeit der Fertigstellung: 2008-07-18 17:39:15 ComboFix-quarantined-files.txt 2008-07-18 15:38:10 ComboFix2.txt 2008-02-04 20:41:54 ComboFix3.txt 2008-02-03 20:51:23 ComboFix4.txt 2008-02-03 13:17:06 Pre-Run: 1,167,728,640 bytes free Post-Run: 1,306,251,264 bytes free 206

Profil

milan27 Poslao: 19 Jul 2008 11:12 Idi na vrh
offline milan27 Super građanin Pridružio: 07 Avg 2006 Poruke: 1182 Gde živiš: Fili Davydkovo, Moscow, Russia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\80jkOGAF.exe C:\WINDOWS\system32\80jkOGAF.exe.a_a C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

kostolac Poslao: 20 Jul 2008 12:30 Idi na vrh
offline kostolac Građanin Pridružio: 21 Dec 2005 Poruke: 228 Gde živiš: Kostolac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio sam kako je receno i evo novog loga. ------------------------------ ComboFix 08-07-19.1 - AdministratoriNET 2008-07-20 12:12:56.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.475 [GMT 2:00] Running from: C:\Documents and Settings\AdministratoriNET\Desktop\New Folder (4)\ComboFix.exe Command switches used :: C:\Documents and Settings\AdministratoriNET\Desktop\New Folder (4)\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\80jkOGAF.exe C:\WINDOWS\system32\80jkOGAF.exe.a_a C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\80jkOGAF.exe C:\WINDOWS\system32\80jkOGAF.exe.a_a C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 ))))))))))))))))))))))))))))))) . 2008-07-19 23:15 . 2008-07-19 23:17 <DIR> d-------- C:\gaga 2008-07-06 19:21 . 2008-07-06 19:21 <DIR> d-------- C:\telenor ugovori 2008-07-05 13:57 . 2008-07-05 13:57 <DIR> d-------- C:\Documents and Settings\AdministratoriNET\Application Data\Apple Computer 2008-07-05 13:54 . 2008-07-05 13:54 <DIR> d-------- C:\Program Files\QuickTime 2008-07-05 13:54 . 2008-07-05 13:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-05 13:54 . 2008-07-05 13:54 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-05 13:53 . 2008-07-05 13:53 <DIR> d-------- C:\Program Files\Apple Software Update 2008-07-05 13:53 . 2008-07-05 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-07-05 13:53 . 2008-07-05 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-06-28 15:32 . 2008-06-28 17:12 2,516 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys 2008-06-28 15:32 . 2008-06-28 15:32 8 -r-hs---- C:\Documents and Settings\All Users\Application Data\2C5937E254.sys 2008-06-28 15:31 . 2008-06-28 15:31 <DIR> d-------- C:\Program Files\Common Files\Protexis 2008-06-28 15:31 . 2008-06-28 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel 2008-06-27 22:21 . 2004-05-10 12:42 110,592 --a------ C:\WINDOWS\system32\suppdll.dll 2008-06-27 22:21 . 2008-03-09 16:02 81,632 --a------ C:\WINDOWS\system32\FLKill.exe 2008-06-27 22:21 . 2008-06-28 01:39 498 --a------ C:\sccfg.sys 2008-06-27 22:20 . 2008-06-27 22:24 <DIR> d-------- C:\Program Files\Folder Lock 2008-06-24 17:55 . 2008-06-24 17:56 <DIR> d-------- C:\KOSTOLAC DVD 2008-06-24 17:52 . 2008-06-24 17:53 <DIR> d-------- C:\VIMINACIUM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-20 10:14 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\uTorrent 2008-07-17 17:54 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-07-16 22:44 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Skype 2008-07-16 22:12 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\skypePM 2008-07-06 06:09 --------- d-----w C:\Program Files\uTorrent 2008-07-05 16:25 --------- d-----w C:\Program Files\Opera 2008-06-28 13:32 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Corel 2008-06-28 13:23 --------- d-----w C:\Program Files\Corel 2008-06-09 16:22 --------- d-----w C:\Program Files\Cosmi 2008-06-09 16:18 --------- d-----w C:\Program Files\Common Files\Cosmi 2008-06-09 16:18 --------- d-----w C:\Program Files\Common Files\Borland Shared 2008-06-08 12:13 --------- d-----w C:\Program Files\FileZilla Server 2008-06-08 11:54 --------- d-----w C:\Program Files\Feeding Frenzy 2 2008-05-29 14:04 --------- d-----w C:\Documents and Settings\AdministratoriNET\Application Data\Sony 2008-05-29 14:03 --------- d-----w C:\Program Files\Sony 2008-05-29 14:02 --------- d-----w C:\Program Files\Sony Setup 2008-04-28 18:15 348,160 ----a-w C:\WINDOWS\MSVCR71.DLL 2008-04-28 18:15 1,060,864 ----a-w C:\WINDOWS\MFC71.DLL 2008-04-27 05:37 40,960 ----a-w C:\WINDOWS\SimTestDll.dll 2008-04-20 22:17 86,400 ----a-w C:\WINDOWS\~GLC0000.TMP 2008-01-02 20:43 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 23:52 476702] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 05:09 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 05:06 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 05:10 114688] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-16 14:17 917504] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 20:28 1469952] "StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 17:51 36864] "TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 20:28 155648] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 14:39 729088] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-16 20:20 91432] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 10:35 72736] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 13:06 62760] "pdfFactory Pro Dispatcher v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-12-20 19:19 458752] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42 69632] "BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2004-08-20 16:51 40960] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "SMSERIAL"="sm56hlpr.exe" [2004-12-29 00:01 544768 C:\WINDOWS\sm56hlpr.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-03-23 07:28 14202368 C:\WINDOWS\RTHDCPL.EXE] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:07 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360] C:\Documents and Settings\AdministratoriNET\Start Menu\Programs\Startup\ ProjectWhois.lnk - C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe [2006-11-21 03:13:40 147456] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-05 23:55:48 113664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 14:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAID Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAID Manager.lnk backup=C:\WINDOWS\pss\RAID Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] --a------ 2007-12-07 17:03 1913656 C:\Program Files\BitComet\BitComet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface] --a------ 2007-12-25 23:25 937984 C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-02-28 09:59 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\totalcmd\\TOTALCMD.EXE"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\Trillian\\trillian.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "C:\\Program Files\\NetMeeting\\conf.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "27159:TCP"= 27159:TCP:BitComet 27159 TCP "27159:UDP"= 27159:UDP:BitComet 27159 UDP R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-12-10 16:44] R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 01:12] R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 16:30] R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 16:30] R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 16:30] R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15] S3 FXDRV;FXDRV;D:\Fxdrv.sys [] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 13:54] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-20 12:17:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\FileZilla Server\FileZilla server.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\ESET\nod32krn.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe . ************************************************************************ . Completion time: 2008-07-20 12:24:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-20 10:24:54 ComboFix2.txt 2008-07-18 15:39:16 ComboFix3.txt 2008-02-04 20:41:54 ComboFix4.txt 2008-02-03 20:51:23 ComboFix5.txt 2008-07-20 10:11:47 Pre-Run: 522,887,168 bytes free Post-Run: 1,075,163,136 bytes free 223

Profil

milan27 Poslao: 21 Jul 2008 21:59 Idi na vrh
offline milan27 Super građanin Pridružio: 07 Avg 2006 Poruke: 1182 Gde živiš: Fili Davydkovo, Moscow, Russia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

kostolac Poslao: 24 Jul 2008 18:20 Idi na vrh
offline kostolac Građanin Pridružio: 21 Dec 2005 Poruke: 228 Gde živiš: Kostolac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vise nista ne prijavljuje NOD. Hvala na pomoci Pozdrav

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Sta ovde ne valja posto mi nod prijavljuje virus a kada sken

Ko je trenutno na forumu

Ukupno su 889 korisnika na forumu :: 9 registrovanih, 1 sakriven i 879 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, Bubimir, darkojbn, Lazarus, LUDI, mrav pesadinac, opt1, S-lash, strelac07

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by