Možda tražite i:
Vista registr. pitanje
Pitanje u vezi potforuma "Download" i postova?
Pitanje
Pitanje oko izvršenja presude.

MyCity » Ambulanta -> Arhiva Ambulante » Pitanje

Pitanje

Napisano na dan: 18.3.2008

Strana:
1
2

Pitanje

Sledeća strana

Pagination

Odgovori

Strana:
1
2

yuowl Poslao: 18 Mar 2008 21:27 Idi na vrh
offline yuowl Građanin Pridružio: 04 Mar 2008 Poruke: 38 Gde živiš: SER	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, operativni sistem XP SP2,AVP 6.0. nista nije nasao a kada sam online racunar uspostavlja neku komunikaciju koju mi nigde ne prijavljuje,evo HIJACK loga pa kada mozete analizirajte pozz Logfile of HijackThis v1.99.1 Scan saved at 21:16:47, on 18.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\DU Meter\DUMeterSvc.exe C:\WINDOWS\system32\LckFldService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\wuauclt.exe E:\New Folder\trt3.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.8.200:3128 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O17 - HKLM\System\CCS\Services\Tcpip\..\{0CFDB073-14F8-4A1D-A355-D73C2C1C92A6}: NameServer = 212.62.32.1,212.62.32.5 O17 - HKLM\System\CS1\Services\Tcpip\..\{0CFDB073-14F8-4A1D-A355-D73C2C1C92A6}: NameServer = 212.62.32.1,212.62.32.5 O17 - HKLM\System\CS2\Services\Tcpip\..\{0CFDB073-14F8-4A1D-A355-D73C2C1C92A6}: NameServer = 212.62.32.1,212.62.32.5 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Profil

helen1 Poslao: 20 Mar 2008 07:30 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, izvini sto si cekao. Kako znas da racunar uspostavlja konekciju?

Profil

yuowl Poslao: 20 Mar 2008 19:35 Idi na vrh
offline yuowl Građanin Pridružio: 04 Mar 2008 Poruke: 38 Gde živiš: SER	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Blinka lampica na ADSL ruteru za komunikaciju i "DU Meter" prijavljuje protok od nekih 2-3 KB/s download...

Profil

helen1 Poslao: 20 Mar 2008 20:01 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! yuowl ::Blinka lampica na ADSL ruteru za komunikaciju i "DU Meter" prijavljuje protok od nekih 2-3 KB/s download... To blinkanje je obicna pojava kod svih modema,ja imam kablovski internet pa lampica na modemu ponekad zatreperi.I stalno mi je protok oko 1kb/s. Ipak: Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

yuowl Poslao: 21 Mar 2008 14:10 Idi na vrh
offline yuowl Građanin Pridružio: 04 Mar 2008 Poruke: 38 Gde živiš: SER	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-03-20.5 - ks 2008-03-21 13:51:48.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.957 [GMT 1:00] Running from: C:\Documents and Settings\ks\Desktop\Bases\combofix\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\winsys.exe . ((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 ))))))))))))))))))))))))))))))) . 2008-03-21 13:54 . 2008-03-21 13:54 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS 2008-03-18 21:49 . 2008-03-18 21:49 35,328 --a------ C:\WINDOWS\system32\COMCT332.oca 2008-03-17 14:47 . 2008-03-17 14:47 348,160 --a------ C:\WINDOWS\system32\FM20.oca 2008-03-16 14:48 . 2008-03-16 14:48 <DIR> d-------- C:\New Folder 2008-03-15 09:37 . 2008-03-15 14:42 <DIR> d-------- C:\Documents and Settings\ks\Application Data\Beyond 2008-03-14 12:38 . 2008-03-14 12:38 <DIR> d-------- C:\Documents and Settings\ks\Application Data\Ubisoft 2008-03-14 12:38 . 2008-03-14 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft 2008-03-14 12:14 . 2008-03-14 12:14 <DIR> d-------- C:\Documents and Settings\ks\Application Data\InstallShield 2008-03-09 19:21 . 2008-03-09 19:21 1,363,456 --a------ C:\WINDOWS\system32\mshtml.oca 2008-03-08 15:10 . 2008-03-08 15:10 43,008 --a------ C:\WINDOWS\system32\TABCTL32.oca 2008-03-08 15:00 . 2008-03-08 15:00 265,728 --a------ C:\WINDOWS\system32\MSCOMCTL.oca 2008-03-08 15:00 . 2008-03-08 15:00 62,976 --a------ C:\WINDOWS\system32\shdocvw.oca 2008-03-08 10:31 . 2008-03-08 10:31 22,016 --a------ C:\WINDOWS\system32\MSWINSCK.oca 2008-03-07 16:54 . 2008-03-07 16:54 0 --a------ C:\sudoku.dat 2008-03-06 22:32 . 2008-03-06 22:43 <DIR> d-------- C:\Program Files\DU Meter 2008-03-06 22:32 . 2008-03-06 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies 2008-02-25 21:55 . 2008-02-25 21:55 <DIR> d-------- C:\Program Files\Web Publish 2008-02-25 21:55 . 2008-02-25 21:55 288 --a------ C:\WINDOWS\ODBC.INI 2008-02-25 21:48 . 1998-05-31 18:11 5 -ra------ C:\WINDOWS\vb98pro.mif 2008-02-25 18:56 . 2008-02-25 18:56 <DIR> d-------- C:\Documents and Settings\ks\Application Data\AKVIS LLC 2008-02-25 18:45 . 2008-02-25 19:02 <DIR> d-------- C:\Program Files\AKVIS 2008-02-23 19:39 . 2004-08-22 17:04 69,120 --a------ C:\WINDOWS\daemon.dll 2008-02-22 20:22 . 2008-02-22 20:22 244 --ah----- C:\sqmnoopt19.sqm 2008-02-22 20:22 . 2008-02-22 20:22 232 --ah----- C:\sqmdata19.sqm 2008-02-22 20:21 . 2008-02-22 20:21 244 --ah----- C:\sqmnoopt18.sqm 2008-02-22 20:21 . 2008-02-22 20:21 232 --ah----- C:\sqmdata18.sqm 2008-02-22 20:19 . 2008-02-22 20:19 244 --ah----- C:\sqmnoopt17.sqm 2008-02-22 20:19 . 2008-02-22 20:19 244 --ah----- C:\sqmnoopt16.sqm 2008-02-22 20:19 . 2008-02-22 20:19 232 --ah----- C:\sqmdata17.sqm 2008-02-22 20:19 . 2008-02-22 20:19 232 --ah----- C:\sqmdata16.sqm 2008-02-22 20:18 . 2008-02-22 20:18 244 --ah----- C:\sqmnoopt15.sqm 2008-02-22 20:18 . 2008-02-22 20:18 232 --ah----- C:\sqmdata15.sqm 2008-02-22 20:17 . 2008-02-22 20:17 244 --ah----- C:\sqmnoopt14.sqm 2008-02-22 20:17 . 2008-02-22 20:17 232 --ah----- C:\sqmdata14.sqm 2008-02-22 20:16 . 2008-02-22 20:16 244 --ah----- C:\sqmnoopt13.sqm 2008-02-22 20:16 . 2008-02-22 20:16 232 --ah----- C:\sqmdata13.sqm 2008-02-22 20:15 . 2008-02-22 20:15 244 --ah----- C:\sqmnoopt12.sqm 2008-02-22 20:15 . 2008-02-22 20:15 232 --ah----- C:\sqmdata12.sqm 2008-02-22 19:32 . 2008-02-22 19:32 244 --ah----- C:\sqmnoopt11.sqm 2008-02-22 19:32 . 2008-02-22 19:32 244 --ah----- C:\sqmnoopt10.sqm 2008-02-22 19:32 . 2008-02-22 19:32 232 --ah----- C:\sqmdata11.sqm 2008-02-22 19:32 . 2008-02-22 19:32 232 --ah----- C:\sqmdata10.sqm 2008-02-22 19:31 . 2008-02-22 19:31 244 --ah----- C:\sqmnoopt09.sqm 2008-02-22 19:31 . 2008-02-22 19:31 244 --ah----- C:\sqmnoopt08.sqm 2008-02-22 19:31 . 2008-02-22 19:31 232 --ah----- C:\sqmdata09.sqm 2008-02-22 19:31 . 2008-02-22 19:31 232 --ah----- C:\sqmdata08.sqm 2008-02-22 19:29 . 2008-02-22 19:29 244 --ah----- C:\sqmnoopt07.sqm 2008-02-22 19:29 . 2008-02-22 19:29 232 --ah----- C:\sqmdata07.sqm 2008-02-22 19:26 . 2008-02-22 19:26 244 --ah----- C:\sqmnoopt06.sqm 2008-02-22 19:26 . 2008-02-22 19:26 244 --ah----- C:\sqmnoopt05.sqm 2008-02-22 19:26 . 2008-02-22 19:26 232 --ah----- C:\sqmdata06.sqm 2008-02-22 19:26 . 2008-02-22 19:26 232 --ah----- C:\sqmdata05.sqm 2008-02-22 19:25 . 2008-02-22 19:25 244 --ah----- C:\sqmnoopt04.sqm 2008-02-22 19:25 . 2008-02-22 19:25 232 --ah----- C:\sqmdata04.sqm 2008-02-22 19:23 . 2008-02-22 19:23 244 --ah----- C:\sqmnoopt03.sqm 2008-02-22 19:23 . 2008-02-22 19:23 232 --ah----- C:\sqmdata03.sqm 2008-02-22 19:22 . 2008-02-22 19:22 244 --ah----- C:\sqmnoopt02.sqm 2008-02-22 19:22 . 2008-02-22 19:22 232 --ah----- C:\sqmdata02.sqm 2008-02-22 19:19 . 2008-02-22 19:19 244 --ah----- C:\sqmnoopt01.sqm 2008-02-22 19:19 . 2008-02-22 19:19 232 --ah----- C:\sqmdata01.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-21 13:06 51,301,408 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-21 13:06 1,625,632 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-21 13:03 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-03-21 12:43 --------- d-----w C:\Documents and Settings\ks\Application Data\Skype 2008-03-21 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-21 10:57 693,260 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-21 10:57 159,500 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-17 17:38 --------- d-----w C:\Program Files\Zuma Deluxe 2008-03-16 13:49 --------- d-----w C:\Program Files\Absolute Video Converter 2008-03-16 11:53 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-03-14 11:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-23 18:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-02-15 15:41 --------- d-----w C:\Program Files\Mobile Secret CodeX v1.35 2008-02-04 20:54 328 ----a-w C:\Documents and Settings\ks\admin.exe 2008-02-02 19:46 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-01-29 22:10 --------- d-----w C:\Program Files\MOBILedit! Forensic 2008-01-24 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia 2008-01-24 16:12 --------- d-----w C:\Program Files\ReflexiveArcade 2008-01-24 16:01 --------- d-----w C:\Program Files\Winamp 2008-01-23 15:21 --------- d-----w C:\Program Files\Rapidown 2008-01-21 19:29 --------- d-----w C:\Program Files\Passware 2001-09-28 16:00 164,864 ----a-w C:\WINDOWS\Fonts\UNWISE.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 21:51 68856] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 11:43 23165736] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-11-06 22:39 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-05-18 07:27 16207872 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 10:22 7618560] "nwiz"="nwiz.exe" [2006-06-01 10:22 1519616 C:\WINDOWS\system32\nwiz.exe] "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15 208896] "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37 69632] "NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 86016 C:\WINDOWS\system32\nvmctray.dll] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920] "HPWUTOOLBOX"="C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe" [2005-09-19 10:31 352256] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 22:02 200768] "DataLayer"="C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [2004-08-24 12:30 986624] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [2004-08-17 15:04 148992] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent] --a------ 2007-07-13 15:09 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon] --a------ 2007-07-13 15:10 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-06-03 02:52 36975 C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2003-12-13 01:50 33792 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "E:\\igre\\World of Warcraft\\Launcher.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\NetMeeting\\conf.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "E:\\igre\\AOE2CONQ\\age2_x1.exe"= "C:\\Documents and Settings\\ks\\Local Settings\\Temp\\tle33773328.exe"= "C:\\Documents and Settings\\ks\\Local Settings\\Temp\\tle33919421.exe"= "C:\\Documents and Settings\\ks\\Local Settings\\Temp\\tle3730562.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "E:\\igre\\AOE2CONQ\\age2_x1\\age2_x1.exe"= "E:\\igre\\Assassins Creed\\AssassinsCreed_Dx9.exe"= "E:\\igre\\Assassins Creed\\AssassinsCreed_Dx10.exe"= "E:\\igre\\Assassins Creed\\AssassinsCreed_Launcher.exe"= R0 m5288;m5288;C:\WINDOWS\system32\DRIVERS\m5288.sys [2005-12-23 22:54] R1 XPROTECTOR;XPROTECTOR;C:\WINDOWS\system32\drivers\Oreans.sys [2007-10-08 09:36] R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 15:19] R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 13:36] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{934b9328-dca7-11dc-83dc-001617921e52}] \Shell\Auto\command - K:\Cn911.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe . Contents of the 'Scheduled Tasks' folder "2008-03-01 17:32:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-11-12 17:32:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-03-21 14:06:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc] "ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . Completion time: 2008-03-21 14:07:55 ComboFix-quarantined-files.txt 2008-03-21 13:07:38

Profil

dr_Bora Poslao: 22 Mar 2008 11:08 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... helen1 je trenutno zauzet, stoga ću ti ja dati dalja uputstva. Vidim da imaš instalirana dva antivirus programa - to nikako nije poželjno (usporava rad kompjutera, umanjuje efikasnost zaštite i, u krajnjem slučaju, konflikt između ta dva programa može izazvati nemogućnost startovanja Windowsa), stoga bih ti preporučio da se odlučiš za jedan, a drugi da deinstaliraš. ------------------------------------------------------------------------------------- U logu su vidljivi tragovi infekcije koja se prenosi putem USB flash drive-ova. Ukoliko imaš neki takav uređaj, priključi ga u toku narednog postupka. Preuzmi program Flash_Disinfector. program se pokreće dvoklikom na Flash_Disinfector.exe kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay) kliknuti na OK i sačekati da se proces završi kada se pojavi poruka Done !!, kliknuti na OK. ------------------------------------------------------------------------------------- Zatim otvoriti Notepad i iskopirati sledeci tekst: File:: C:\Documents and Settings\ks\admin.exe Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Documents and Settings\\ks\\Local Settings\\Temp\\tle33773328.exe"=- "C:\\Documents and Settings\\ks\\Local Settings\\Temp\\tle33919421.exe"=- "C:\\Documents and Settings\\ks\\Local Settings\\Temp\\tle3730562.exe"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{934b9328-dca7-11dc-83dc-001617921e52}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

yuowl Poslao: 22 Mar 2008 14:16 Idi na vrh
offline yuowl Građanin Pridružio: 04 Mar 2008 Poruke: 38 Gde živiš: SER	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo ga Log uradjen po upustvu,stim sto Bit Defender sam deinstalirao ali i dalje mi stoji u start up-u,nemogu skroz da ga uklonim ??? ComboFix 08-03-20.5 - ks 2008-03-22 13:12:57.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1028 [GMT 1:00] Running from: C:\Documents and Settings\ks\Desktop\Bases\combofix\ComboFix.exe Command switches used :: C:\Documents and Settings\ks\Desktop\Bases\combofix\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))) . 2008-03-18 21:49 . 2008-03-18 21:49 35,328 --a------ C:\WINDOWS\system32\COMCT332.oca 2008-03-17 14:47 . 2008-03-17 14:47 348,160 --a------ C:\WINDOWS\system32\FM20.oca 2008-03-16 14:48 . 2008-03-16 14:48 <DIR> d-------- C:\New Folder 2008-03-15 09:37 . 2008-03-15 14:42 <DIR> d-------- C:\Documents and Settings\ks\Application Data\Beyond 2008-03-14 12:38 . 2008-03-14 12:38 <DIR> d-------- C:\Documents and Settings\ks\Application Data\Ubisoft 2008-03-14 12:38 . 2008-03-14 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft 2008-03-14 12:14 . 2008-03-14 12:14 <DIR> d-------- C:\Documents and Settings\ks\Application Data\InstallShield 2008-03-09 19:21 . 2008-03-09 19:21 1,363,456 --a------ C:\WINDOWS\system32\mshtml.oca 2008-03-08 15:10 . 2008-03-08 15:10 43,008 --a------ C:\WINDOWS\system32\TABCTL32.oca 2008-03-08 15:00 . 2008-03-08 15:00 265,728 --a------ C:\WINDOWS\system32\MSCOMCTL.oca 2008-03-08 15:00 . 2008-03-08 15:00 62,976 --a------ C:\WINDOWS\system32\shdocvw.oca 2008-03-08 10:31 . 2008-03-08 10:31 22,016 --a------ C:\WINDOWS\system32\MSWINSCK.oca 2008-03-07 16:54 . 2008-03-07 16:54 0 --a------ C:\sudoku.dat 2008-03-06 22:32 . 2008-03-06 22:43 <DIR> d-------- C:\Program Files\DU Meter 2008-03-06 22:32 . 2008-03-06 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies 2008-02-25 21:55 . 2008-02-25 21:55 <DIR> d-------- C:\Program Files\Web Publish 2008-02-25 21:55 . 2008-02-25 21:55 288 --a------ C:\WINDOWS\ODBC.INI 2008-02-25 21:48 . 1998-05-31 18:11 5 -ra------ C:\WINDOWS\vb98pro.mif 2008-02-25 18:56 . 2008-02-25 18:56 <DIR> d-------- C:\Documents and Settings\ks\Application Data\AKVIS LLC 2008-02-25 18:45 . 2008-02-25 19:02 <DIR> d-------- C:\Program Files\AKVIS 2008-02-23 19:39 . 2004-08-22 17:04 69,120 --a------ C:\WINDOWS\daemon.dll 2008-02-22 20:22 . 2008-02-22 20:22 244 --ah----- C:\sqmnoopt19.sqm 2008-02-22 20:22 . 2008-02-22 20:22 232 --ah----- C:\sqmdata19.sqm 2008-02-22 20:21 . 2008-02-22 20:21 244 --ah----- C:\sqmnoopt18.sqm 2008-02-22 20:21 . 2008-02-22 20:21 232 --ah----- C:\sqmdata18.sqm 2008-02-22 20:19 . 2008-02-22 20:19 244 --ah----- C:\sqmnoopt17.sqm 2008-02-22 20:19 . 2008-02-22 20:19 244 --ah----- C:\sqmnoopt16.sqm 2008-02-22 20:19 . 2008-02-22 20:19 232 --ah----- C:\sqmdata17.sqm 2008-02-22 20:19 . 2008-02-22 20:19 232 --ah----- C:\sqmdata16.sqm 2008-02-22 20:18 . 2008-02-22 20:18 244 --ah----- C:\sqmnoopt15.sqm 2008-02-22 20:18 . 2008-02-22 20:18 232 --ah----- C:\sqmdata15.sqm 2008-02-22 20:17 . 2008-02-22 20:17 244 --ah----- C:\sqmnoopt14.sqm 2008-02-22 20:17 . 2008-02-22 20:17 232 --ah----- C:\sqmdata14.sqm 2008-02-22 20:16 . 2008-02-22 20:16 244 --ah----- C:\sqmnoopt13.sqm 2008-02-22 20:16 . 2008-02-22 20:16 232 --ah----- C:\sqmdata13.sqm 2008-02-22 20:15 . 2008-02-22 20:15 244 --ah----- C:\sqmnoopt12.sqm 2008-02-22 20:15 . 2008-02-22 20:15 232 --ah----- C:\sqmdata12.sqm 2008-02-22 19:32 . 2008-02-22 19:32 244 --ah----- C:\sqmnoopt11.sqm 2008-02-22 19:32 . 2008-02-22 19:32 244 --ah----- C:\sqmnoopt10.sqm 2008-02-22 19:32 . 2008-02-22 19:32 232 --ah----- C:\sqmdata11.sqm 2008-02-22 19:32 . 2008-02-22 19:32 232 --ah----- C:\sqmdata10.sqm 2008-02-22 19:31 . 2008-02-22 19:31 244 --ah----- C:\sqmnoopt09.sqm 2008-02-22 19:31 . 2008-02-22 19:31 244 --ah----- C:\sqmnoopt08.sqm 2008-02-22 19:31 . 2008-02-22 19:31 232 --ah----- C:\sqmdata09.sqm 2008-02-22 19:31 . 2008-02-22 19:31 232 --ah----- C:\sqmdata08.sqm 2008-02-22 19:29 . 2008-02-22 19:29 244 --ah----- C:\sqmnoopt07.sqm 2008-02-22 19:29 . 2008-02-22 19:29 232 --ah----- C:\sqmdata07.sqm 2008-02-22 19:26 . 2008-02-22 19:26 244 --ah----- C:\sqmnoopt06.sqm 2008-02-22 19:26 . 2008-02-22 19:26 244 --ah----- C:\sqmnoopt05.sqm 2008-02-22 19:26 . 2008-02-22 19:26 232 --ah----- C:\sqmdata06.sqm 2008-02-22 19:26 . 2008-02-22 19:26 232 --ah----- C:\sqmdata05.sqm 2008-02-22 19:25 . 2008-02-22 19:25 244 --ah----- C:\sqmnoopt04.sqm 2008-02-22 19:25 . 2008-02-22 19:25 232 --ah----- C:\sqmdata04.sqm 2008-02-22 19:23 . 2008-02-22 19:23 244 --ah----- C:\sqmnoopt03.sqm 2008-02-22 19:23 . 2008-02-22 19:23 232 --ah----- C:\sqmdata03.sqm 2008-02-22 19:22 . 2008-02-22 19:22 244 --ah----- C:\sqmnoopt02.sqm 2008-02-22 19:22 . 2008-02-22 19:22 232 --ah----- C:\sqmdata02.sqm 2008-02-22 19:19 . 2008-02-22 19:19 244 --ah----- C:\sqmnoopt01.sqm 2008-02-22 19:19 . 2008-02-22 19:19 232 --ah----- C:\sqmdata01.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-22 12:16 51,769,120 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-22 12:16 1,634,080 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-22 12:12 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-03-22 11:42 --------- d-----w C:\Documents and Settings\ks\Application Data\Skype 2008-03-22 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-22 11:13 699,788 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-22 11:13 160,292 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-17 17:38 --------- d-----w C:\Program Files\Zuma Deluxe 2008-03-16 13:49 --------- d-----w C:\Program Files\Absolute Video Converter 2008-03-16 11:53 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-03-14 11:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-23 18:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-02-15 15:41 --------- d-----w C:\Program Files\Mobile Secret CodeX v1.35 2008-02-04 20:54 328 ----a-w C:\Documents and Settings\ks\admin.exe 2008-02-02 19:46 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-01-29 22:10 --------- d-----w C:\Program Files\MOBILedit! Forensic 2008-01-24 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia 2008-01-24 16:12 --------- d-----w C:\Program Files\ReflexiveArcade 2008-01-24 16:01 --------- d-----w C:\Program Files\Winamp 2008-01-23 15:21 --------- d-----w C:\Program Files\Rapidown 2001-09-28 16:00 164,864 ----a-w C:\WINDOWS\Fonts\UNWISE.EXE . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-21 12:47:25 58,800 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-22 11:45:55 58,800 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-03-21 12:47:25 392,626 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-22 11:45:55 392,626 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 21:51 68856] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 11:43 23165736] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-11-06 22:39 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-05-18 07:27 16207872 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 10:22 7618560] "nwiz"="nwiz.exe" [2006-06-01 10:22 1519616 C:\WINDOWS\system32\nwiz.exe] "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15 208896] "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37 69632] "NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 86016 C:\WINDOWS\system32\nvmctray.dll] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920] "HPWUTOOLBOX"="C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe" [2005-09-19 10:31 352256] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 22:02 200768] "DataLayer"="C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [2004-08-24 12:30 986624] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [2004-08-17 15:04 148992] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent] --a------ 2007-07-13 15:09 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon] --a------ 2007-07-13 15:10 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-06-03 02:52 36975 C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2003-12-13 01:50 33792 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "E:\\igre\\World of Warcraft\\Launcher.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\NetMeeting\\conf.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "E:\\igre\\AOE2CONQ\\age2_x1.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "E:\\igre\\AOE2CONQ\\age2_x1\\age2_x1.exe"= "E:\\igre\\Assassins Creed\\AssassinsCreed_Dx9.exe"= "E:\\igre\\Assassins Creed\\AssassinsCreed_Dx10.exe"= "E:\\igre\\Assassins Creed\\AssassinsCreed_Launcher.exe"= R0 m5288;m5288;C:\WINDOWS\system32\DRIVERS\m5288.sys [2005-12-23 22:54] R1 XPROTECTOR;XPROTECTOR;C:\WINDOWS\system32\drivers\Oreans.sys [2007-10-08 09:36] R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 15:19] R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 13:36] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31] . Contents of the 'Scheduled Tasks' folder "2008-03-21 17:32:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-11-12 17:32:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-03-22 13:16:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc] "ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PROCEXP90] . Completion time: 2008-03-22 13:20:56 ComboFix-quarantined-files.txt 2008-03-22 12:20:50 ComboFix2.txt 2008-03-21 13:07:56

Profil

dr_Bora Poslao: 22 Mar 2008 17:33 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Skini file sa [url=https://www.mycity.rs/must-login.png linka[/url]. Pokreni ga dvoklikom i u poruci koja se pojavi, klikni Yes. Ovo gore će ukloniti zaostale stavke iz registra vezane za BD. Obriši sledeći file: C:\Documents and Settings\ks\admin.exe (<--- admin.exe) Kakvo je sada stanje? Primetiš li još uvek simptome sa početka teme?

Profil

yuowl Poslao: 24 Mar 2008 11:05 Idi na vrh
offline yuowl Građanin Pridružio: 04 Mar 2008 Poruke: 38 Gde živiš: SER	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! admin.exe se ne moze obrisati,prijavljuje da je zauzet ???

Profil

dr_Bora Poslao: 24 Mar 2008 12:21 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst (sve što se nalazi unutar Kod polja - znači, obe linije): `File:: C:\Documents and Settings\ks\admin.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. ------------------------------------------------------------------------------------- Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Save ... dugme ispod i sačuvaj taj file. Priloži snimljeni file uz poruku (korišćenjem opcije Prikači fajl)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pitanje

Ko je trenutno na forumu

Ukupno su 1145 korisnika na forumu :: 113 registrovanih, 5 sakrivenih i 1027 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 015, AleksSE, Alibaba1981, Armadillo, Asteker, babaroga, bato_banjaluka, bbrasnjo3, bigfoot, Boris BM, BOXRR, brkan1, brundo65, cezar67, coaaco, DIJALOG, Dimitrije Paunovic, djukapfc, DJUNTA, Dovla 1980, dovlafkcz, DovlaODR, draganl, dragoljub11987, dule10savic, dusan.l, Electron, EXIT78, FilipSRB, FOX, GH69, Gogi do, gregorxix, hologram, hpetr, hyla, icemilos, IQ116, istina, jodzula, Jozo74, kikisp, Kobrim, komsija1, KonstantinR, koom0001, Kriglord, krkalon, Lieutenant, Litostroton, LUDI, M74AB3, Macalone, maksi007, Manjane, markomacii9, Mi lao shu, Mig 29, Milan Miscevic, milanpb, mir, mkukoleca, moldway, mux, neko_drugi, nextyamb, oganj123, opt1, Pekman, Petarvu, ping15, Plavi Jadran, Polemarchoi, probisic, R_038, Raso75, redstar72, Rothmans, rovac, sabac015555m, sabros, samo opusteno, Sančo, sap, saputnik plavetnila, sekretar, Simonsen23, sixpac, Slingshot, SOVO515, stalja, Su 57, tachinni, tanakadzo, The Joker, TRZH92, Tvrtko I, umpah-pah, Utd4ce, VanZan, vaso1, veljkovicdani, VladaDi, vladanan, voja64, Vrač, vuksa72, Zadonbas, ZetaMan, zoran77, Zvrk, |_MeD_|, Živanski

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by