Možda tražite i:
virus,virusi ili....
mbam i sas nasli viruse dali su to stvarno virusi?
Viruss Locknut.F

MyCity » Ambulanta -> Arhiva Ambulante » viruss

viruss

Napisano na dan: 12.1.2009

Strana:
1
2

viruss

Sledeća strana

Pagination

Zaključano

Strana:
1
2

lazio Poslao: 12 Jan 2009 14:25 Idi na vrh
offline lazio Građanin Pridružio: 19 Dec 2008 Poruke: 89	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:13:02, on 12.1.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\WINDOWS\system32\CAPM2RSK.EXE C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\NavNT\rtvscan.exe C:\ORACLE\Apache\Apache\Apache.exe C:\ORACLE\BIN\TNSLSNR.exe c:\oracle\bin\ORACLE.EXE c:\oracle\bin\ORACLE.EXE C:\WINDOWS\system32\svchost.exe C:\ORACLE\Apache\jdk\bin\java.exe C:\ORACLE\Apache\Apache\Apache.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Documents and Settings\All Users\Application Data\259020037\1242542857.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM2LAK.EXE C:\Program Files\WinBatch\System\popmenu.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\HG2135x1.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\korisnik\Desktop\12.01.09\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.cg.rs:8080 R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll N3 - Netscape 7: user_pref("browser.startup.homepage", "http://asserver:7778/forms/frmservlet?config=mgsoft"); (C:\Documents and Settings\KORISNIK\Application Data\Mozilla\Profiles\default\t79qsnue.slt\prefs.js) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [1242542857] "C:\Documents and Settings\All Users\Application Data\259020037\1242542857.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: Canon iR1200-1300 Statusfönster.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM2LAK.EXE O4 - Global Startup: PopMenu exe.lnk = C:\Program Files\WinBatch\System\popmenu.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Link mogu videti samo ulogovani korisnici]\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {CAFECAFE-0013-0001-0026-ABCDEFABCDEF} (JInitiator 1.3.1.26) - O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: Oracle OLAP 9.0.1.0.1 (OLAPServer) - Oracle Corporation - C:\ORACLE\bin\xsolap.exe O23 - Service: Oracle OLAP Agent - Unknown owner - C:\ORACLE\bin\xsaagent.exe O23 - Service: OracleORACLE9IAgent - Oracle Corporation - C:\ORACLE\bin\agntsrvc.exe O23 - Service: OracleORACLE9IClientCache - Unknown owner - C:\ORACLE\BIN\ONRSD.EXE O23 - Service: OracleORACLE9IHTTPServer - Unknown owner - C:\ORACLE\Apache\Apache\Apache.exe O23 - Service: OracleORACLE9IPagingServer - Unknown owner - C:\ORACLE/bin/pagntsrv.exe O23 - Service: OracleORACLE9ISNMPPeerEncapsulator - Unknown owner - C:\ORACLE\BIN\ENCSVC.EXE O23 - Service: OracleORACLE9ISNMPPeerMasterAgent - Unknown owner - C:\ORACLE\BIN\AGNTSVC.EXE O23 - Service: OracleORACLE9ITNSListener - Unknown owner - C:\ORACLE\BIN\TNSLSNR.exe O23 - Service: OracleServiceBP35 - Oracle Corporation - c:\oracle\bin\ORACLE.EXE O23 - Service: OracleServicePV33 - Oracle Corporation - c:\oracle\bin\ORACLE.EXE O23 - Service: Visibroker Smart Agent (xsSmartAgent) - Unknown owner - C:\ORACLE\bin\osagent.exe -- End of file - 8493 bytes

Profil

helen1 Poslao: 12 Jan 2009 14:35 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozzz, vidim da prosli put nisi zavrsio slucaj sa Bobijem, nemoj da i sad bude uzalud da se trudimo (mi helperi). * Klikni desnim tasterom na Norton Antivirus ikonicu () u donjem, desnom uglu ekrana i izaberi Disable Auto Protect. * Zatim izaberi željeno trajanje (npr. 5 sati) i klikni OK. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------ Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

lazio Poslao: 12 Jan 2009 15:45 Idi na vrh
offline lazio Građanin Pridružio: 19 Dec 2008 Poruke: 89	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-11.04 - korisnik 2009-01-12 15:32:43.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.447.106 [GMT 1:00] Running from: c:\documents and settings\korisnik\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\korisnik\Desktop\System Security.lnk c:\documents and settings\korisnik\Start Menu\Programs\System Security c:\documents and settings\korisnik\Start Menu\Programs\System Security\System Security.lnk . ((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 ))))))))))))))))))))))))))))))) . 2009-01-12 14:08 . 2009-01-12 15:25 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-01-12 14:08 . 2009-01-12 14:08 <DIR> d-------- c:\documents and settings\korisnik\Application Data\SUPERAntiSpyware.com 2009-01-12 14:08 . 2009-01-12 14:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-11 15:21 . 2009-01-12 15:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\259020037 2008-12-30 10:44 . 2008-08-05 11:42 210,944 --a------ C:\ODJEĆA-OBUĆA.doc 2008-12-26 14:41 . 2008-12-26 14:36 150,158 --a------ C:\Fotografija-0018.jpg 2008-12-26 13:21 . 2008-12-26 15:18 <DIR> d-------- C:\slike vesko-aco 2008-12-22 14:01 . 2008-12-22 14:01 <DIR> d-------- c:\documents and settings\korisnik\Oracle Jar Cache 2008-12-22 14:01 . 2008-12-22 14:01 <DIR> d-------- c:\documents and settings\korisnik\.jinit 2008-12-22 13:56 . 2009-01-12 15:25 <DIR> d-------- c:\documents and settings\korisnik\Application Data\Hamachi 2008-12-22 13:55 . 2008-12-22 13:56 <DIR> d-------- c:\program files\Hamachi 2008-12-22 13:55 . 2008-12-22 13:55 25,280 --a------ c:\windows\system32\drivers\hamachi.sys 2008-12-22 13:54 . 2008-12-22 13:54 105,168 --a------ c:\windows\NSUninst.exe 2008-12-22 13:54 . 2006-05-16 04:50 45,164 --------- c:\windows\system32\plugincpl13126.cpl 2008-12-22 13:54 . 2006-05-16 04:49 36,962 --------- c:\windows\system32\ActPanel.dll 2008-12-22 13:53 . 2008-12-22 13:53 <DIR> d-------- c:\program files\Netscape 2008-12-22 13:53 . 2008-12-22 13:53 <DIR> d-------- c:\program files\Common Files\mozilla.org 2008-12-22 13:53 . 2008-12-22 13:53 105,168 --a------ c:\windows\GREUninstall.exe 2008-12-22 13:53 . 2008-12-22 13:54 5,925 --a------ c:\windows\mozver.dat 2008-12-19 09:43 . 2008-12-19 09:43 26,076 --a------ C:\Picture 001.tif 2008-12-19 09:17 . 2008-12-19 09:17 <DIR> d-------- C:\2008-12-19 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-12 13:08 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-12 07:12 --------- d-----w c:\program files\LogMeIn 2008-12-30 11:52 --------- d-----w c:\documents and settings\korisnik\Application Data\Canon 2008-12-22 12:54 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-22 12:54 --------- d-----w c:\program files\Oracle 2008-12-09 07:40 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-12-09 07:39 --------- d-----w c:\program files\Common Files\Adobe 2008-12-05 14:05 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-11-30 19:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-30 19:03 --------- d-----w c:\program files\Any DVD Converter Professional 2008-11-30 19:03 --------- d-----w c:\documents and settings\korisnik\Application Data\Any DVD Converter Professional 2008-11-30 18:52 --------- d-----w c:\program files\Any Flv Player 2008-11-30 18:52 --------- d-----w c:\documents and settings\korisnik\Application Data\Video Converter for Any Flv Player 2008-11-27 15:14 --------- d-----w c:\documents and settings\korisnik\Application Data\Xilisoft Corporation 2008-11-27 15:12 --------- d-----w c:\documents and settings\korisnik\Application Data\NCH Swift Sound 2008-11-27 15:08 --------- d-----w c:\program files\NCH Software 2008-11-27 15:08 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound 2008-11-27 15:07 27,136 ----a-w c:\windows\system32\drivers\nchssvad.sys 2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-18 09:39 87,352 ----a-w c:\windows\system32\LMIinit.dll 2008-10-18 09:39 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll 2008-10-18 09:39 28,984 ----a-w c:\windows\system32\LMIport.dll 2008-10-18 09:39 23,736 ----a-w c:\windows\system32\lmimirr.dll 2008-10-18 09:39 10,040 ----a-w c:\windows\system32\lmimirr2.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici],03 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-12 13:08:42 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2009-01-12 13:08:42 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe - 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe + 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-30 68856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-12 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "vptray"="c:\program files\NavNT\vptray.exe" [2001-10-31 73728] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-23 185896] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "1242542857"="c:\documents and settings\All Users\Application Data\259020037\1242542857.exe" [2009-01-11 1843748] "RTHDCPL"="RTHDCPL.EXE" [2006-09-12 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "VTTimer"="VTTimer.exe" [2005-03-11 c:\windows\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-11-04 c:\windows\system32\VTTrayp.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\korisnik\Start Menu\Programs\Startup\ hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-22 625952] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Canon iR1200-1300 Statusf”nster.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPM2LAK.EXE [2008-09-17 30720] PopMenu exe.lnk - c:\program files\WinBatch\System\popmenu.exe [2007-08-08 58368] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-01-12 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-01-12 15:25 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-18 10:39 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "17848:TCP"= 17848:TCP:NortonAV R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-02-29 55024] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096] R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?] R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-08-03 12856] R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-08-20 47640] R4 OracleORACLE9IHTTPServer;OracleORACLE9IHTTPServer;c:\oracle\Apache\Apache\Apache.exe [2001-08-17 3584] R4 OracleORACLE9ITNSListener;OracleORACLE9ITNSListener;c:\oracle\BIN\TNSLSNR --> c:\oracle\BIN\TNSLSNR [?] R4 OracleServiceBP35;OracleServiceBP35;c:\oracle\bin\ORACLE.EXE BP35 --> c:\oracle\bin\ORACLE.EXE BP35 [?] R4 OracleServicePV33;OracleServicePV33;c:\oracle\bin\ORACLE.EXE PV33 --> c:\oracle\bin\ORACLE.EXE PV33 [?] R4 RapidPortM2;RapidPortM2;c:\windows\system32\drivers\CAPM2LP.SYS [2008-09-17 23232] S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [2008-06-30 201728] S3 OracleORACLE9IAgent;OracleORACLE9IAgent;c:\oracle\BIN\agntsrvc.exe [2001-08-16 16656] S3 OracleORACLE9IClientCache;OracleORACLE9IClientCache;c:\oracle\BIN\ONRSD.EXE [2001-08-14 425828] S3 OracleORACLE9IPagingServer;OracleORACLE9IPagingServer;c:\oracle\BIN\pagntsrv.exe [2001-08-28 52224] S3 OracleORACLE9ISNMPPeerEncapsulator;OracleORACLE9ISNMPPeerEncapsulator;c:\oracle\BIN\encsvc.exe [2001-08-16 189952] S3 OracleORACLE9ISNMPPeerMasterAgent;OracleORACLE9ISNMPPeerMasterAgent;c:\oracle\BIN\agntsvc.exe [2001-08-16 256512] S3 xsSmartAgent;Visibroker Smart Agent;c:\oracle\BIN\osagent.exe [2001-03-30 205312] S4 LMIRfsClientNP;LMIRfsClientNP; [x] --- Other Services/Drivers In Memory --- NewlyCreated - SASDIFSV Deregistered - NAVAP Deregistered - NAVENG Deregistered - NAVEX15 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47ced9dc-4672-11dd-8c96-001bfc20643e}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47ced9df-4672-11dd-8c96-001bfc20643e}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47ced9e0-4672-11dd-8c96-001bfc20643e}] \Shell\AutoRun\command - F:\AutoRun.exe . Contents of the 'Scheduled Tasks' folder 2009-01-09 c:\windows\Tasks\At1.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At10.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At11.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At12.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At13.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At14.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At15.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At16.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At17.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At18.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At19.job - c:\windows\system32\HG2135x1.exe [] 2009-01-09 c:\windows\Tasks\At2.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At20.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At21.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At22.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At23.job - c:\windows\system32\HG2135x1.exe [] 2009-01-09 c:\windows\Tasks\At24.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At25.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At26.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At27.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At28.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At29.job - c:\windows\system32\HG2135x1.exe [] 2009-01-09 c:\windows\Tasks\At3.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At30.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At31.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At32.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At33.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At34.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At35.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At36.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At37.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At38.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At39.job - c:\windows\system32\HG2135x1.exe [] 2009-01-09 c:\windows\Tasks\At4.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At40.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At41.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At42.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At43.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At44.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At45.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At46.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At47.job - c:\windows\system32\HG2135x1.exe [] 2009-01-10 c:\windows\Tasks\At48.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At49.job - c:\windows\system32\HG2135x1.exe [] 2009-01-09 c:\windows\Tasks\At5.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At50.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At51.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At52.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At53.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At54.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At55.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At56.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At57.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At58.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At59.job - c:\windows\system32\HG2135x1.exe [] 2009-01-09 c:\windows\Tasks\At6.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At60.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At61.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At62.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At63.job - c:\windows\system32\HG2135x1.exe [] 2009-01-12 c:\windows\Tasks\At64.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At65.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At66.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At67.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At68.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At69.job - c:\windows\system32\HG2135x1.exe [] 2009-01-09 c:\windows\Tasks\At7.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At70.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At71.job - c:\windows\system32\HG2135x1.exe [] 2009-01-11 c:\windows\Tasks\At72.job - c:\windows\system32\HG2135x1.exe [] 2009-01-09 c:\windows\Tasks\At8.job - c:\windows\system32\HG2135x1.exe [] 2009-01-09 c:\windows\Tasks\At9.job - c:\windows\system32\HG2135x1.exe [] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici] uInternet Settings,ProxyServer = proxy.cg.rs:8080 uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-01-12 15:35:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleORACLE9IPagingServer] "ImagePath"="C:\ORACLE/bin/pagntsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleORACLE9ITNSListener] "ImagePath"="c:\oracle\BIN\TNSLSNR " . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\LMIinit.dll c:\windows\system32\NavLogon.dll . Completion time: 2009-01-12 15:38:12 ComboFix-quarantined-files.txt 2009-01-12 14:37:12 ComboFix2.txt 2009-01-12 13:06:23 ComboFix3.txt 2009-01-12 12:53:42 ComboFix4.txt 2009-01-12 12:40:08 ComboFix5.txt 2009-01-12 14:31:58 Pre-Run: 22.621.556.736 bytes free Post-Run: 22,615,687,168 bytes free 343 --- E O F --- 2008-12-18 14:08:02

Profil

helen1 Poslao: 12 Jan 2009 19:51 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi program OTMoveIt3 na Desktop. Dvoklikom pokreni OTMoveIt3.exe U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja: `:file c:\windows\Tasks\At?.job c:\documents and settings\All Users\Application Data\259020037 :reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47ced9dc-4672-11dd-8c96-001bfc20643e}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 1242542857"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17848:TCP"=-` Klikni MoveIt! Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu. Ukoliko se pojavi upit: Confirm ::The system requires a reboot to finish removing files. Do you want to reboot now? kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen. Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu. Potrebno je iskopirati sadržaj tog loga u poruku na forumu. Sta se nalazi u folderu: C:\2008-12-19

Profil

lazio Poslao: 13 Jan 2009 09:17 Idi na vrh
offline lazio Građanin Pridružio: 19 Dec 2008 Poruke: 89	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! :file c:\windows\Tasks\At?.job c:\documents and settings\All Users\Application Data\259020037 :reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47ced9dc-4672-11dd-8c96-001bfc20643e}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 1242542857"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17848:TCP"=-

Profil

helen1 Poslao: 13 Jan 2009 10:49 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li je ovo log koji si dobio kada si uradio ono sto sam ti gore napisao? I nisi mi odgovorio sta je u folderu: C:\2008-12-19

Profil

sshare Poslao: 13 Jan 2009 11:10 Idi na vrh
offline sshare Građanin Pridružio: 04 Nov 2008 Poruke: 126	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! da to je log koji sam dobio posle procedure koje si mi rekao da odradim ,a sto se tice foldera C:\2008-12-19 nisam mogao da ga nadjem ,tacnije nisam mogao da otvorim C koliko sporo radi komp .

Profil

lazio Poslao: 13 Jan 2009 11:20 Idi na vrh
offline lazio Građanin Pridružio: 19 Dec 2008 Poruke: 89	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! e jasm isti sa ovim nikom sshare .

Profil

helen1 Poslao: 13 Jan 2009 14:39 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nesto je zakazalo. Pokusacemo opet: Preuzmi program OTMoveIt3 na Desktop. Dvoklikom pokreni OTMoveIt3.exe U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja: `:files c:\windows\Tasks\At?.job c:\documents and settings\All Users\Application Data\259020037 :reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47ced9dc-4672-11dd-8c96-001bfc20643e}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 1242542857"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17848:TCP"=-` Klikni MoveIt! Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu. Ukoliko se pojavi upit: Confirm ::The system requires a reboot to finish removing files. Do you want to reboot now? kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen. Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu. Potrebno je iskopirati sadržaj tog loga u poruku na forumu.

Profil

lazio Poslao: 13 Jan 2009 16:15 Idi na vrh
offline lazio Građanin Pridružio: 19 Dec 2008 Poruke: 89	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! :file c:\windows\Tasks\At?.job c:\documents and settings\All Users\Application Data\259020037 :reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47ced9dc-4672-11dd-8c96-001bfc20643e}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 1242542857"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17848:TCP"=- evo ista stvar se desava

Profil

MyCity » Ambulanta -> Arhiva Ambulante » viruss

Ko je trenutno na forumu

Ukupno su 928 korisnika na forumu :: 62 registrovanih, 4 sakrivenih i 862 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: acatomic, Aleksandar Tomić, awathorn, Belac91, Bobrock1, bojanM84, bojcistv, Boris BM, BOXRR, cikadeda, cole77, Czrweni, d.arsenal321, dekan.m, dendrit86, Django777, DonRumataEstorski, Dovla, Dovla 1980, Electron, elias2, flash12, goran.vvv, goxin, Hitri, hyla, Igor Antonic, ILGromovnik, indja, IQ116, Jaz, ljuba, mantrox, MarkoJ-Nis, MB120mm, Mercury, milbos, mile33, Mrav Obrad, Mskok, nebidrag, pablojepao, Pale2025, Panter, Parker, Pilipenda, Rectifier, sasa87, Silvertooth, Siti2, Srky Boy, SympathyForTheDevil, tecataki, uruk, Valter071, vargas, vathra, vjetar, wolf431, YugoSlav, Zorge, zziko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by