MyCity » Ambulanta -> Arhiva Ambulante » [bobby] upozorenja za viruse

[bobby] upozorenja za viruse

Napisano na dan: 8.10.2008

[bobby] upozorenja za viruse

Sledeća strana

Pagination

Odgovori

Ahmed Mne Poslao: 08 Okt 2008 21:53 Idi na vrh
offline Ahmed Mne Novi MyCity građanin Pridružio: 29 Jul 2008 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozzz. prije možda otprilike 2 sata su mi se počeli pojavljivati prozorčići od Windows Securiti Centra, koji upozorovaju da imam viruse i da skinem odma program "Anti Virus 2009", pa bih vas zamolio da mi pomognete i vidite šta je u pitanju. pokušao sam snimiti to što mi se pojavljuje, ali sve slike su bile preko 3MB, tako da ih nisam uspio uploadovati na vaš sajt. A i moram još dodati i reći da mi je internet poslednjih nekoliko dana bio veoma spor, iako imam ADSL i mnogo dobar kompjuter. Evo Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:44:18, on 8.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a.exe C:\WINDOWS\system32\FreezeScreenSaver.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Mask Surf Lite\Tor\tor.exe C:\WINDOWS\system32\notepad.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\d.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Antivirus 2009\av2009.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:80 R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) R3 - URLSearchHook: (no name) - {60270dc7-9ea0-472f-9b77-66652c06246e} - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {60270dc7-9ea0-472f-9b77-66652c06246e} - (no file) O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [Hide IP NG] C:\Program Files\Hide IP NG\hideipng.exe O4 - HKCU\..\Run: [Lingoes] C:\Program Files\Lingoes\Translator2\Lingoes.exe O4 - HKCU\..\Run: [Adparatus] "C:\Program Files\Adparatus\Adparatus.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto O4 - HKCU\..\Run: [Expressivo] "C:\Program Files\ivo\Expressivo Demo\expressivo.exe" -t O4 - HKCU\..\Run: [Soonr] "C:\Program Files\Soonr\Soonr Desktop Client\SoonrClient.exe" -boot O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a.exe O4 - HKCU\..\Run: [48094261208861567540290172510403] C:\Program Files\Antivirus 2009\av2009.exe O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieexplorer32.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{22C6B2B2-9729-402E-BB39-027A1BCDD8B1}: NameServer = 195.66.160.1,195.66.160.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{22C6B2B2-9729-402E-BB39-027A1BCDD8B1}: NameServer = 195.66.160.1,195.66.160.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{22C6B2B2-9729-402E-BB39-027A1BCDD8B1}: NameServer = 195.66.160.1,195.66.160.2 O17 - HKLM\System\CS3\Services\Tcpip\..\{22C6B2B2-9729-402E-BB39-027A1BCDD8B1}: NameServer = 195.66.160.1,195.66.160.2 O17 - HKLM\System\CS4\Services\Tcpip\..\{22C6B2B2-9729-402E-BB39-027A1BCDD8B1}: NameServer = 195.66.160.1,195.66.160.2 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Zumie Search Service - Unknown owner - C:\Program Files\Zumie\zumie.exe (file missing) -- End of file - 10169 bytes

Profil

bobby Poslao: 08 Okt 2008 22:03 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Ahmed Mne Poslao: 09 Okt 2008 11:41 Idi na vrh
offline Ahmed Mne Novi MyCity građanin Pridružio: 29 Jul 2008 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ,izvinjavam se što kasnim, ali kompjuter mi je bio zablokirao. Evo log ovo mi je uzbacilo u Notepad ComboFix 08-10-08.01 - Administrator 2008-10-08 22:24:12.2 - NTFSx86 Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 ))))))))))))))))))))))))))))))) . 2008-10-08 20:45 . 2008-10-08 20:45 106,496 --a------ C:\WINDOWS\system32\ieexplorer32.exe 2008-10-08 19:51 . 2008-10-08 20:03 <DIR> d-------- C:\MyAudio 2008-10-08 13:10 . 2008-10-08 13:10 <DIR> d-------- C:\Program Files\Trojan Remover 2008-10-08 13:10 . 2008-10-08 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-10-08 13:10 . 2008-10-08 13:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Simply Super Software 2008-10-08 13:10 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-10-08 13:10 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-10-08 13:10 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-10-08 13:10 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-10-08 13:10 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-10-08 13:01 . 2008-10-08 13:01 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-10-07 17:25 . 2005-03-09 14:29 11,226 --a------ C:\sample.bmp 2008-10-07 17:10 . 2001-09-03 07:52 766 --a------ C:\WINDOWS\win98Logo.ico 2008-10-07 16:00 . 2008-10-07 16:00 <DIR> d-------- C:\Program Files\Mask Surf Lite 2008-10-07 16:00 . 2008-10-07 16:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Mask Surf Lite 2008-10-07 15:06 . 2008-10-07 15:06 <DIR> d-------- C:\Program Files\HackTheGame 2008-10-07 14:53 . 2006-12-31 00:38 245,760 --------- C:\WINDOWS\system32\CDAConverterAX.ocx 2008-10-07 14:53 . 1998-10-23 17:28 187,904 --------- C:\WINDOWS\system32\Slider.ocx 2008-10-07 14:53 . 2004-11-01 13:38 57,344 --------- C:\WINDOWS\system32\XButton.ocx 2008-10-07 14:53 . 2008-10-07 14:53 56 --a------ C:\WINDOWS\system32\S-1-5-21-0020E832 2008-10-07 11:45 . 2008-10-07 11:45 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-06 15:58 . 2008-10-06 15:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\FunWebProducts 2008-10-06 12:13 . 2008-10-06 12:13 <DIR> d-------- C:\Program Files\BearShare Applications 2008-10-06 12:13 . 2008-10-06 12:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BearShare 2008-10-06 12:13 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx 2008-10-05 01:17 . 2008-10-05 01:17 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-10-04 02:21 . 2008-10-04 02:21 <DIR> d-------- C:\Downloads 2008-10-04 02:21 . 2008-10-04 02:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Orbit 2008-10-04 01:30 . 2008-10-04 01:30 <DIR> d-------- C:\Program Files\Opera 2008-10-01 11:39 . 2008-10-01 11:39 <DIR> d-------- C:\WINDOWS\PaltalkScene 2008-10-01 11:39 . 2008-10-01 11:39 <DIR> d-------- C:\Program Files\Paltalk Messenger 2008-10-01 11:39 . 2008-10-01 11:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Paltalk 2008-10-01 08:49 . 2004-03-09 00:00 124,688 --------- C:\WINDOWS\system32\MSWINSCK.OCX 2008-10-01 06:59 . 2008-10-01 07:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\IDM 2008-10-01 06:59 . 2008-10-01 07:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DMCache 2008-10-01 00:52 . 2008-10-01 01:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit 2008-09-30 04:37 . 2008-09-30 04:37 <DIR> d-------- C:\Documents and Settings\Administrator\Updates 2008-09-28 14:48 . 2008-09-28 14:48 159 --a------ C:\Delme.bat 2008-09-28 14:47 . 2008-09-28 14:47 0 --a------ C:\WINDOWS\popcinfo.dat 2008-09-28 13:27 . 1998-01-23 12:22 304,128 --a------ C:\WINDOWS\IsUninst.exe 2008-09-28 13:27 . 2008-09-28 13:34 773 --a------ C:\WINDOWS\disney.ini 2008-09-27 17:31 . 2008-09-28 03:08 <DIR> d-------- C:\Program Files\WebShot 2008-09-27 17:30 . 2008-09-27 17:30 30,601 --a------ C:\Documents and Settings\Administrator\x.exe 2008-09-27 04:21 . 2008-09-27 04:21 <DIR> d-------- C:\Program Files\KONAMI 2008-09-27 04:13 . 2008-09-27 04:13 260,344 --a------ C:\AnalysisLog.sr0 2008-09-27 04:11 . 2008-09-27 04:11 <DIR> dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM 2008-09-27 04:11 . 2008-09-27 04:11 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-09-26 13:19 . 2008-09-26 13:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings 2008-09-26 13:19 . 2008-09-26 13:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo! 2008-09-26 13:19 . 2008-09-26 13:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SmartShopper 2008-09-26 01:44 . 2008-09-26 01:43 737,280 --a------ C:\WINDOWS\iun6002.exe 2008-09-25 14:10 . 2008-09-25 14:10 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-09-25 00:37 . 2008-09-25 00:37 <DIR> d-------- C:\Program Files\Lingoes 2008-09-25 00:37 . 2008-09-25 13:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lingoes 2008-09-23 23:29 . 2008-09-23 23:29 <DIR> d-------- C:\Restoration 2008-09-23 13:41 . 2008-10-08 21:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Tor 2008-09-23 13:17 . 2008-09-23 13:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Delete Cookie 2008-09-23 13:15 . 2008-09-23 13:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Hide IP NG 2008-09-23 00:06 . 2008-09-29 10:49 2,359,350 --a------ C:\WINDOWS\darkportal-1024x.bmp 2008-09-22 14:33 . 2008-10-01 00:52 <DIR> d-------- C:\Program Files\Google 2008-09-22 10:41 . 2008-09-22 10:41 638,910 --a------ C:\WINDOWS\ThemeMakerWallpaper.bmp 2008-09-22 09:18 . 2008-09-22 10:34 <DIR> d-------- C:\Program Files\ScreenshotCaptor 2008-09-22 09:18 . 2008-09-22 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DonationCoder 2008-09-22 09:18 . 2008-09-22 09:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DonationCoder 2008-09-22 09:18 . 2008-09-22 09:18 58 --a------ C:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat 2008-09-22 07:42 . 2005-04-07 14:07 235,830 --a------ C:\WINDOWS\darkportal-1024x.jpg 2008-09-22 07:41 . 2008-09-22 07:41 <DIR> d-------- C:\Program Files\Stardock 2008-09-22 07:41 . 2008-09-22 07:41 <DIR> d-------- C:\Program Files\Common Files\Stardock 2008-09-22 07:41 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll 2008-09-22 07:41 . 2008-09-22 07:41 82 --a------ C:\WINDOWS\wb.ini 2008-09-22 07:40 . 2008-09-22 07:41 6,917,168 --a------ C:\Program Files\WorldofWarcraft-Desktop.zip 2008-09-22 07:31 . 2008-09-22 07:31 972,423 --a------ C:\Program Files\Royale_Theme_Oficial.zip 2008-09-22 07:09 . 2008-09-22 07:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RateMyScreensaver 2008-09-22 07:07 . 2008-09-22 07:07 2,987,803 --a------ C:\WINDOWS\TopalovTrial.scr 2008-09-22 07:07 . 2008-09-26 13:20 12 --a------ C:\WINDOWS\dirsaver.ini 2008-09-22 06:58 . 2008-09-22 06:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winferno 2008-09-22 06:56 . 2008-10-05 01:01 <DIR> d-------- C:\Program Files\Real 2008-09-22 06:56 . 2008-10-05 01:17 <DIR> d-------- C:\Program Files\Common Files\Real 2008-09-22 06:56 . 2008-09-22 06:56 774,144 --a------ C:\Program Files\RngInterstitial.dll 2008-09-22 06:55 . 2005-09-14 12:46 475,136 --a------ C:\WINDOWS\Living Marine Aquarium 2.scr 2008-09-22 06:55 . 2008-09-26 13:19 108,200 --a------ C:\lma_log.html 2008-09-22 06:55 . 2005-09-29 14:55 69,632 --a------ C:\WINDOWS\system32\FreezeScreenSaver.exe 2008-09-22 06:55 . 2008-10-08 15:17 9,945 --a------ C:\log.html 2008-09-22 06:54 . 2008-09-22 06:54 <DIR> d-------- C:\Program Files\Freeze.com 2008-09-22 06:54 . 2006-10-09 13:28 835,584 --a------ C:\WINDOWS\system32\WINCTL4.OCX 2008-09-22 06:54 . 2006-10-09 14:06 495,616 --a------ C:\WINDOWS\system32\WINUTIL5.DLL 2008-09-22 06:54 . 2006-05-17 09:40 393,216 --a------ C:\WINDOWS\system32\WINLCTL5.DLL 2008-09-22 06:52 . 2008-09-22 06:53 15,412,344 --a------ C:\Program Files\marineemailFree.exe 2008-09-22 06:49 . 2008-09-22 06:49 <DIR> d-------- C:\Program Files\Theme Maker 2008-09-22 06:49 . 2008-09-22 06:49 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS 2008-09-22 06:49 . 1997-01-18 10:40 299,520 --a------ C:\WINDOWS\uninst.exe 2008-09-22 06:49 . 1999-09-20 09:50 288,768 --a------ C:\WINDOWS\chdcu1.exe 2008-09-22 06:49 . 1997-12-22 01:30 99,840 --a------ C:\WINDOWS\ZIPDLL.DLL 2008-09-22 02:28 . 2008-09-23 13:38 125 --a------ C:\ioSpecial.ini 2008-09-22 02:04 . 2008-09-23 11:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Vidalia 2008-09-22 02:03 . 2008-09-22 02:03 8,286,470 --a------ C:\Program Files\vidalia-bundle-0.2.0.31-0.1.9.exe 2008-09-21 04:43 . 2008-09-21 04:44 3,532 --a------ C:\drmHeader.bin 2008-09-21 04:03 . 2008-10-06 13:59 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-09-18 10:35 . 2008-09-18 10:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink 2008-09-18 09:31 . 2007-02-05 13:11 139,264 --a------ C:\WINDOWS\NeoUninstall.exe 2008-09-18 09:31 . 2008-09-18 09:31 26 --a------ C:\WINDOWS\neosetup.INI 2008-09-18 09:08 . 2008-09-18 09:08 <DIR> d-------- C:\WINDOWS\Sun 2008-09-18 06:26 . 2008-09-18 06:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-09-18 06:26 . 2008-09-18 06:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo! 2008-09-18 06:26 . 2008-09-18 06:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Search Settings 2008-09-18 04:15 . 2008-09-27 02:42 <DIR> d-------- C:\Program Files\FLVPlayer4Free 2008-09-18 04:14 . 2008-09-18 04:14 2,395,589 --a------ C:\Program Files\flvplayer4free_setupb.exe 2008-09-18 01:00 . 2008-09-18 01:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX 2008-09-18 01:00 . 2008-09-18 01:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\com.uplayme.airclient.9B472EFF9A3BAE26509EDFEDD3D8214233BACDB1.1 2008-09-18 00:59 . 2008-09-18 00:59 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-09-18 00:58 . 2008-09-18 01:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\FLVPlayer4Free 2008-09-18 00:58 . 2008-09-18 00:58 3,023,156 --a------ C:\Program Files\FLVPlayer4Free_Setup.exe 2008-09-18 00:55 . 2008-09-18 00:56 <DIR> d-------- C:\Program Files\Free FLV Converter 2008-09-18 00:55 . 2008-06-04 18:42 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx 2008-09-18 00:55 . 2008-09-13 04:30 266,240 --a------ C:\WINDOWS\system32\TubeFinder.exe 2008-09-18 00:55 . 2008-06-04 18:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb 2008-09-18 00:55 . 2008-06-04 18:42 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX 2008-09-18 00:55 . 2008-06-04 18:42 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL 2008-09-18 00:55 . 2008-06-04 18:42 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL 2008-09-18 00:55 . 2008-06-04 18:42 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX 2008-09-18 00:55 . 2008-06-04 18:42 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL 2008-09-18 00:55 . 2008-06-04 18:42 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx 2008-09-18 00:55 . 2008-06-04 18:42 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL 2008-09-18 00:54 . 2008-09-18 00:55 5,422,651 --a------ C:\Program Files\Setup_FreeFlvConverter.exe 2008-09-18 00:48 . 2008-09-18 00:48 <DIR> d-------- C:\Program Files\Yahoo! . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-28 11:27 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2008-09-28 11:27 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll 2008-09-17 22:14 1,380 ----a-w C:\Program Files\50 FREE MP3s +1 Free Audiobook!.lnk 2008-09-17 21:24 1,044 ----a-w C:\Program Files\eBay.lnk 2008-09-17 16:18 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-09-17 12:37 --------- d-----w C:\Program Files\microsoft frontpage 2008-08-22 14:09 1,614,848 ----a-w C:\WINDOWS\system32\sfcfiles.dll 2008-08-22 14:08 990,208 ----a-w C:\WINDOWS\system32\syssetup.dll 2008-08-05 22:02 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-08-05 22:02 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-08-05 22:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-08-05 22:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-08-05 21:59 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-08-05 21:59 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-08-05 21:59 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-08-05 21:59 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-08-05 21:59 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-08-05 21:59 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-08-05 21:58 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-08-05 21:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-08-05 21:58 683,520 ----a-w C:\WINDOWS\system32\DivX.dll 2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-08-05 21:58 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll 2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll 2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll 2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll 2008-07-12 06:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll 2008-07-12 06:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll . ((((((((((((((((((((((((((((( snapshot@2008-10-08_22.12.18.00 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-08 20:23:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_530.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "Lingoes"="C:\Program Files\Lingoes\Translator2\Lingoes.exe" [2008-08-10 2064384] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-01 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 8429568] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-05 185872] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-10-05 967048] "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-08-13 C:\WINDOWS\system32\advpack.dll] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "ForceStartMenuLogoff"= 0 (0x0) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "StartMenuLogoff"= 1 (0x1) "ForceStartMenuLogoff"= 0 (0x0) "NoSMConfigurePrograms"= 1 (0x1) "NoUserNameInStartMenu"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 23:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Documents and Settings\\Administrator\\Desktop\\PES 2008.exe"= R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 11:31] S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\DRIVERS\aswSP.syS [2008-07-19 16:35] S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 21:37] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1pxw4jee.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.com/ FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npracplug.dll FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-10-08 22:26:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 Dopuna: 09 Okt 2008 11:41 , Pozzz Želim samo da kažem da su mi se prestali pojavljivati prozorčići od Windows Security Centra i da su mi se pobrisale sve njihove ikonice koje su mi bile stavljene na desktop, kada sam vama poslao log od "ComboFix-a". Ne znam zašto i kako je sve to dovedeno u normalu, a pogotovo zato što ja nisam bio skinuo sa interneta niti jedan jedini AntiVirus program ( sem Avasta kojeg sam instalirao prije 30-tak dana), ili neki drugi program koji bi mi uklonio opasnosti koje su prijetile u tom trenutku kompu. Tako da sad sve izgleda OK pa što se mene tiče možete zatvoriti temu. Hvala vam na pomoći.

Profil

bobby Poslao: 09 Okt 2008 20:39 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nije sve OK, barem ne u ovom ComboFix logu. Posto kazes da mislis da je anti-virus program nesto mozda obrisao, zamolio bih te da odradis sledece: Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\ieexplorer32.exe C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Sledece fajlove mi uploaduj na proveru: C:\WINDOWS\system32\w95inf32.dll C:\WINDOWS\system32\w95inf16.dll C:\WINDOWS\chdcu1.exe Upload uradi preko sledece forme: http://www.mycity.rs/ambulanta-upload.php

Profil

MyCity » Ambulanta -> Arhiva Ambulante » [bobby] upozorenja za viruse

Ko je trenutno na forumu

Ukupno su 1051 korisnika na forumu :: 35 registrovanih, 9 sakrivenih i 1007 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: ArchaBasha, babaroga, BlekMen, bojank, ceman, Dežurni pod palubom, dragoljub11987, Duh sa sekirom, flash12, havoc995, kalens021, laki_bb, mean_machine, mercedesamg, mgolub, milanovic, milimoj, nenad81, ozzy, Panter, pein, Prašinar, Ripanjac, ruso, sabros, SlaKoj, Tvrtko I, uruk, vathra, Vatreni Zmaj, voja64, vrag81, Wrangler, zlatkoa987, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by