MyCity » Ambulanta -> Arhiva Ambulante » warnning you have security problem

warnning you have security problem

Napisano na dan: 14.2.2009

Strana:
1
2

warnning you have security problem

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Bodin Poslao: 14 Feb 2009 02:09 Idi na vrh
offline Bodin Novi MyCity građanin Pridružio: 24 Jan 2006 Poruke: 14	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo mi izlazi i mislim da je nesto ozbiljno. Ortak mi je 2 dana bio na kompu, njegov crkao i trebao mu komp da sprema diplomski. zanima me sta mu se desilo... samo sto sam uzeo komp od njega, nema ni 10 minuta... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:10:04, on 14/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe F:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\VM_STI.EXE F:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Documents and Settings\Bodin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\DOCUME~1\Bodin\LOCALS~1\Temp\perce.jpg C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\Bodin\LOCALS~1\Temp\systeminit.exe F:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE C:\Program Files\mIRC\mirc.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Bodin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com, O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Earn2Life Bar - {93344865-74BD-4873-BE65-56539D41A65C} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file) O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bodin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Bodin\LOCALS~1\Temp\perce.jpg.exe O4 - HKCU\..\Run: [systeminit.exe] C:\DOCUME~1\Bodin\LOCALS~1\Temp\systeminit.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Download by Orbit - [Link mogu videti samo ulogovani korisnici]\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - [Link mogu videti samo ulogovani korisnici]\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - [Link mogu videti samo ulogovani korisnici]\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - [Link mogu videti samo ulogovani korisnici]\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} (Earn2Life Bar) - [Link mogu videti samo ulogovani korisnici] O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.157,85.255.112.97 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8862 bytes

Profil

diarno Poslao: 14 Feb 2009 02:14 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da... imas aktivnu infekciju.. Uradi sledece : Privremeno iskljuci sav zastitni softver i : Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Bodin Poslao: 14 Feb 2009 15:25 Idi na vrh
offline Bodin Novi MyCity građanin Pridružio: 24 Jan 2006 Poruke: 14	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-02-12.03 - Bodin 2009-02-14 10:14:43.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.589 [GMT 1:00] Running from: c:\documents and settings\Bodin\Desktop\ComboFix.exe FW: ZoneAlarm Firewall disabled . ((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))) . 2009-02-12 23:11 . 2009-02-12 23:11 67,200 --ah----- c:\windows\system32\mlfcache.dat 2009-02-09 12:36 . 2009-02-09 12:36 <DIR> d-------- c:\documents and settings\Bodin\Application Data\Uniblue 2009-02-09 12:28 . 2009-02-09 12:28 <DIR> d-------- c:\program files\Uniblue 2009-02-09 12:27 . 2009-02-09 12:28 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81} 2009-02-01 16:06 . 2008-04-14 05:42 712,704 --------- c:\windows\system32\windowscodecs.dll 2009-02-01 16:05 . 2009-02-01 16:05 <DIR> d-------- c:\windows\system32\scripting 2009-02-01 16:05 . 2009-02-01 16:05 <DIR> d-------- c:\windows\system32\en 2009-02-01 16:05 . 2009-02-01 16:05 <DIR> d-------- c:\windows\system32\bits 2009-02-01 16:05 . 2009-02-01 16:05 <DIR> d-------- c:\windows\l2schemas 2009-02-01 15:58 . 2008-04-13 22:06 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys 2009-02-01 15:58 . 2008-04-14 00:10 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys 2009-02-01 15:56 . 2006-12-29 00:31 19,569 --a------ c:\windows\005545_.tmp 2009-01-31 10:31 . 2009-01-31 10:31 <DIR> d--h----- c:\windows\$hf_mig$ 2009-01-31 10:08 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll 2009-01-31 10:08 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui 2009-01-31 10:08 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui 2009-01-31 10:08 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2009-01-31 10:08 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui 2009-01-30 18:04 . 2009-01-30 18:04 <DIR> d--hs---- c:\documents and settings\Mama i Tata\PrivacIE 2009-01-24 22:42 . 2009-01-25 00:10 <DIR> d-------- C:\USBNoRisk 2009-01-17 20:41 . 2009-01-17 20:41 <DIR> d-------- c:\program files\MSECache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-14 09:16 29,587,488 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-02-14 01:20 --------- d-----w c:\documents and settings\Bodin\Application Data\mIRC 2009-02-14 00:30 --------- d-----w c:\program files\mIRC 2009-02-13 15:04 --------- d-----w c:\documents and settings\Bodin\Application Data\uTorrent 2009-02-13 14:55 2,934,784 ----a-w c:\windows\Internet Logs\xDB25.tmp 2009-02-13 14:55 2,233,344 ----a-w c:\windows\Internet Logs\xDB26.tmp 2009-02-12 19:14 353,132 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-02-12 09:26 --------- d-----w c:\program files\a-squared Anti-Malware 2009-02-09 15:35 --------- d-----w c:\documents and settings\Bodin\Application Data\SolidWorks 2009-02-07 17:56 --------- d-----w c:\documents and settings\Bodin\Application Data\Skype 2009-02-01 17:25 --------- d-----w c:\program files\MSN Messenger 2009-01-31 23:50 --------- d-----w c:\documents and settings\Bodin\Application Data\skypePM 2009-01-31 08:44 64,260 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_01_31_01_02_26_small.dmp.zip 2009-01-31 01:08 3,202,560 ----a-w c:\windows\Internet Logs\xDB24.tmp 2009-01-23 01:58 3,561,984 ----a-w c:\windows\Internet Logs\xDB22.tmp 2009-01-23 01:58 2,184,192 ----a-w c:\windows\Internet Logs\xDB23.tmp 2009-01-20 06:40 9,793,332 ----a-w c:\windows\Internet Logs\tvDebug.zip 2009-01-11 18:19 2,824,704 ----a-w c:\windows\Internet Logs\xDB21.tmp 2009-01-07 22:13 47,104 ----a-w c:\windows\Internet Logs\xDB1F.tmp 2009-01-07 22:13 2,141,696 ----a-w c:\windows\Internet Logs\xDB20.tmp 2009-01-07 22:10 29,184 ----a-w c:\windows\Internet Logs\xDB1D.tmp 2009-01-07 22:10 2,141,696 ----a-w c:\windows\Internet Logs\xDB1E.tmp 2009-01-07 22:08 2,141,696 ----a-w c:\windows\Internet Logs\xDB1C.tmp 2009-01-07 22:08 138,752 ----a-w c:\windows\Internet Logs\xDB1B.tmp 2009-01-07 21:56 2,141,696 ----a-w c:\windows\Internet Logs\xDB1A.tmp 2009-01-07 21:56 135,168 ----a-w c:\windows\Internet Logs\xDB19.tmp 2009-01-07 21:40 2,141,184 ----a-w c:\windows\Internet Logs\xDB18.tmp 2009-01-07 21:40 161,280 ----a-w c:\windows\Internet Logs\xDB17.tmp 2009-01-07 21:20 36,352 ----a-w c:\windows\Internet Logs\xDB15.tmp 2009-01-07 21:20 2,140,160 ----a-w c:\windows\Internet Logs\xDB16.tmp 2009-01-07 21:17 38,400 ----a-w c:\windows\Internet Logs\xDB13.tmp 2009-01-07 21:17 2,140,160 ----a-w c:\windows\Internet Logs\xDB14.tmp 2009-01-07 21:15 28,160 ----a-w c:\windows\Internet Logs\xDB11.tmp 2009-01-07 21:15 2,140,160 ----a-w c:\windows\Internet Logs\xDB12.tmp 2009-01-07 20:09 2,812,416 ----a-w c:\windows\Internet Logs\xDBF.tmp 2009-01-07 20:09 2,139,648 ----a-w c:\windows\Internet Logs\xDB10.tmp 2009-01-07 15:55 --------- d-----w c:\documents and settings\Bodin\Application Data\Hide IP NG 2009-01-03 17:01 3,431,936 ----a-w c:\windows\Internet Logs\xDBD.tmp 2009-01-03 17:01 2,097,664 ----a-w c:\windows\Internet Logs\xDBE.tmp 2008-12-15 21:26 --------- d-----w c:\documents and settings\Bodin\Application Data\AVS4YOU 2008-12-15 21:26 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU 2008-12-15 21:25 --------- d-----w c:\program files\Common Files\AVSMedia 2008-12-15 21:25 --------- d-----w c:\program files\AVS4YOU 2008-08-21 14:31 81,920 ----a-w c:\documents and settings\Bodin\Application Data\ezpinst.exe 2008-08-21 14:31 47,360 ----a-w c:\documents and settings\Bodin\Application Data\pcouffin.sys 2007-12-06 21:50 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{93344865-74BD-4873-BE65-56539D41A65C}"= "c:\windows\Downloaded Program Files\Earn2Life.dll" [2007-05-14 303104] [HKEY_CLASSES_ROOT\clsid\{93344865-74bd-4873-be65-56539d41a65c}] [HKEY_CLASSES_ROOT\Earn2Life.LeadBar.1] [HKEY_CLASSES_ROOT\TypeLib\{92F9C4A2-C2A5-41f6-9829-49B8C6FF0709}] [HKEY_CLASSES_ROOT\Earn2Life.LeadBar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-08 270128] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544] "Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696] "CorelDRAW Graphics Suite 11b"="f:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088] "LabtecKB"="c:\program files\Labtec\Labtec Keyboard-Desktop Software\DsiMmKbd.EXE" [2003-09-25 204800] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "SoundMan"="SOUNDMAN.EXE" [2003-02-27 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/16/2007 8:36:36 PM 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk * [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Highlight Zone II.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Highlight Zone II.lnk backup=c:\windows\pss\Highlight Zone II.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Bodin^Start Menu^Programs^Startup^Registration Myst V] path=c:\documents and settings\Bodin\Start Menu\Programs\Startup\Registration Myst V backup=c:\windows\pss\Registration Myst VStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-01-02 16:41 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a--c--- 2007-12-12 14:09 167368 f:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LabtecKB] --a------ 2003-09-25 09:18 204800 c:\program files\Labtec\Labtec Keyboard-Desktop Software\DsiMmKbd.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 05:42 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-11-12 15:48 21760296 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] --a--c--- 2007-08-31 16:46 1460560 c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a--c--- 2003-02-27 14:29 47104 c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Prime95 Service"=2 (0x2) "Nero BackItUp Scheduler 3"=2 (0x2) "ERSvc"=2 (0x2) "Autodata Limited License Service"=2 (0x2) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "DefWatch"=2 (0x2) "C-DillaCdaC11BA"=2 (0x2) "Apple Mobile Device"=2 (0x2) "StarWindServiceAE"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "e:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [12/31/2007 3:30:10 PM 53760] R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [12/29/2007 7:09:41 PM 137344] R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [12/29/2007 7:09:40 PM 12032] S1 SDManager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?] S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys --> c:\windows\system32\drivers\wf2kvcap.sys [?] S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys --> c:\windows\system32\drivers\wf2ktunr.sys [?] S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys --> c:\windows\system32\drivers\wf2kxbar.sys [?] S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [11/19/2007 1:10:47 PM 5824] S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?] S4 Prmotsgrnpnt;Prmotsgrnpnt;c:\windows\system32\netdde.exe [8/29/2002 4:41:28 AM 111104] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c533576-98f9-11dc-bdab-000c6ed05503}] \Shell\AutoRun\command - l:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe \Shell\open\command - l:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe . Contents of the 'Scheduled Tasks' folder 2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2009-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-682003330-725345543-1003.job - c:\documents and settings\Bodin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 12:50] 2009-02-14 c:\windows\Tasks\User_Feed_Synchronization-{28FFE4AA-5C91-4F08-9FF3-B4B29A9A724B}.job - c:\windows\system32\msfeedssync.exe [2008-08-22 02:05] . - - - - ORPHANS REMOVED - - - - BHO-{0A58754D-A452-4CBB-B8A4-B2BDCC8A0A9C} - (no file) HKLM-Run-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe HKLM-Run-{0228e555-4f9c-4e35-a3ec-b109a192b4c2} - c:\program files\Google\Gmail Notifier\gnotify.exe Notify-wvuroon - (no file) . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com, IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm IE: {{07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - {93344865-74BD-4873-BE65-56539D41A65C} - c:\windows\Downloaded Program Files\Earn2Life.dll DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab DPF: {93344865-74BD-4873-BE65-56539D41A65C} - [Link mogu videti samo ulogovani korisnici] FF - ProfilePath - c:\documents and settings\Bodin\Application Data\Mozilla\Firefox\Profiles\9z93p0j7.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\Bodin\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll ---- FIREFOX POLICIES ---- FF - user.js: network.proxy.type - 0 FF - user.js: network.proxy.http - FF - user.js: network.proxy.http_port - 0 FF - user.js: network.proxy.ssl - FF - user.js: network.proxy.ssl_port - 0 FF - user.js: network.proxy.ftp - FF - user.js: network.proxy.ftp_port - 0 FF - user.js: network.proxy.gopher - FF - user.js: network.proxy.gopher_port - 0 FF - user.js: network.proxy.socks_version - 5 FF - user.js: network.proxy.socks - FF - user.js: network.proxy.socks_port - 0 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-02-14 10:16:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-796845957-682003330-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:47,fd,1c,06,c8,dd,9f,1c,fb,dd,93,01,5f,c9,af,5d,bb,6a,fa,11,60,c6,d2, db,cd,db,94,65,25,47,a1,d3,61,af,21,00,40,9e,b4,97,5e,de,68,a7,47,fd,28,f6,\ "??"=hex:d4,e2,c7,20,6c,2f,dc,27,c4,23,51,1c,29,66,76,1b [HKEY_LOCAL_MACHINE\software\Autodata\CDX2] @DACL=(02 0000) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-14 10:20:02 ComboFix-quarantined-files.txt 2009-02-14 09:18:44 ComboFix2.txt 2009-02-14 01:58:00 ComboFix3.txt 2009-01-24 13:21:28 Pre-Run: 1,063,784,448 bytes free Post-Run: 1,048,530,944 bytes free Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5 269 Dopuna: 14 Feb 2009 10:28 Nasao sam sta je radio... zadnji fail koji je skinuo je neki viewtubesoftware.40017.exe bio je na nekom (film-za-odrasle)-o sajtu...ne vidim da je fail instaliran na kompu, zvacu ga da vidim sta je radio sa njim... Dopuna: 14 Feb 2009 15:25 sad sam primetio da mi se ugasilo upozorenje i da ne iskace vise. Kada idem na IE vise me ne baca na stranice za skeniranje kompa...da li to znaci da se popravilo?

Profil

diarno Poslao: 14 Feb 2009 16:06 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ti si i ranije pustao CF??? Okaci mi sledece logove : ComboFix-quarantined-files.txt ComboFix2.txt ComboFix3.txt Na C particiji se nalaze ... Postavi ih preko opcije prikaci fajl

Profil

Bodin Poslao: 14 Feb 2009 17:14 Idi na vrh
offline Bodin Novi MyCity građanin Pridružio: 24 Jan 2006 Poruke: 14	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: jesam...pre manje od 2 meseca i danas sam bio pustio 2 puta, jer nisam ugasio bio spy guard ili tako ensto, nisam znao ni da imam to Dopuna: 14 Feb 2009 17:13 nasao sam samo ovaj jedan fail u rootu c-a Dopuna: 14 Feb 2009 17:14 [Link mogu videti samo ulogovani korisnici]

Profil

diarno Poslao: 14 Feb 2009 18:07 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Idi u sledeci folder na C particiji : C:\QooBox\ i pgledaj dal tamo imas navedene logove i okaci ih...

Profil

Bodin Poslao: 14 Feb 2009 18:28 Idi na vrh
offline Bodin Novi MyCity građanin Pridružio: 24 Jan 2006 Poruke: 14	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

diarno Poslao: 14 Feb 2009 19:21 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jel sad nemas vise problema?

Profil

Bodin Poslao: 14 Feb 2009 19:27 Idi na vrh
offline Bodin Novi MyCity građanin Pridružio: 24 Jan 2006 Poruke: 14	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! nemam...hvala...znaci uvek da skinem CF da ga pokrenem i to je to? I DA NEDAJEM ORTTAKU KOMP!!!

Profil

diarno Poslao: 14 Feb 2009 19:33 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne, ne i ne... Combofix nikad nemoj da pokreces na svoju ruku...To sto si ga ti pokretao i sve je proslo u redu ne znaci da ce uvek tako biti.... Sta ako zakacis malware koji CF nije obrisao u potpunosti..? Znaci ako imas problema sa malware-om, dodji ovde.... Uradi sledece : Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

MyCity » Ambulanta -> Arhiva Ambulante » warnning you have security problem

Ko je trenutno na forumu

Ukupno su 862 korisnika na forumu :: 8 registrovanih, 2 sakrivenih i 852 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 4thFlavian, AMCXXL, Joco Skljoco, komsija1, N.e.m.a.nj.a., repac, shajone, Slingshot

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by