MyCity » Ambulanta -> Arhiva Ambulante » molim za pomoc

molim za pomoc

Napisano na dan: 17.7.2008

Strana:
1
2

molim za pomoc

Sledeća strana

Pagination

Odgovori

Strana:
1
2

blacksilhouette Poslao: 17 Jul 2008 14:34 Idi na vrh
offline blacksilhouette Građanin Pridružio: 23 Mar 2008 Poruke: 51	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! u zadnje vreme nod je prestao sam da se abdejtuje, kompjuter mi koci i blokira pa usred posla u nekom programu moram da ga restartujem, ni Nod ni Adavare nista ne pokazuju , s vremena na vreme i krci, skripi i nesto cakce, a danas se blokirao iz cista mira pa kada sam ga restartovala ukljucio mi se Bios. Molim za pomoc Logfile of HijackThis v1.99.1 Scan saved at 2:29:08 PM, on 7/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ICQ6\ICQ.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\SearchInOneStep\searchin1.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\SearchInOneStep\searchin1.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Semenka\Desktop\j\tr3.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Active CallerID] C:\Program Files\Active CallerID\CallerID.exe hide O4 - HKLM\..\Run: [BinaPC3] "C:\Program Files\BINA\BINA486.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Avi Player] "C:\Program Files\Avi Player\AviPlayer.exe" hmw O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [CallerID Monitor] c:\program files\callerid monitor\callerid.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: SearchInOneStep Service - Unknown owner - C:\Program Files\SearchInOneStep\searchin1.exe" "C:\Program Files\SearchInOneStep\searchin1.dll" Service (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Profil

dr_Bora Poslao: 17 Jul 2008 16:17 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

blacksilhouette Poslao: 17 Jul 2008 22:58 Idi na vrh
offline blacksilhouette Građanin Pridružio: 23 Mar 2008 Poruke: 51	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nod mi nista nije pronasao medjutim kod ComboFix u toku skeniranja mi je nestala struja, sta da radim?

Profil

dr_Bora Poslao: 17 Jul 2008 23:21 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Možeš ponoviti skeniranje ComboFix-om.

Profil

blacksilhouette Poslao: 17 Jul 2008 23:35 Idi na vrh
offline blacksilhouette Građanin Pridružio: 23 Mar 2008 Poruke: 51	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo jesam i pise mi do not run any programs until has finished tako vec 20 minuta i nista se ne desava, a kada sam ga pokrenula nista me nije dodatno pitao kao prvi put Dopuna: 17 Jul 2008 23:35 evo ga konacno ComboFix 08-07-15.4 - Semenka 2008-07-17 23:11:46.5 - NTFSx86 Running from: C:\Documents and Settings\Semenka\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\MSINET.oca . ((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 ))))))))))))))))))))))))))))))) . 2021-04-18 22:01 . 2007-07-22 13:05 <DIR> d-------- C:\Program Files\Eset 2021-04-18 22:01 . 2021-04-18 22:00 245,760 --a------ C:\WINDOWS\system32\imon.dll 2021-04-18 22:01 . 2021-04-18 22:00 114,688 --a------ C:\WINDOWS\system32\nms32.dll 2008-07-17 19:29 . 2008-07-17 19:51 <DIR> d-------- C:\Documents and Settings\Semenka\Application Data\NCH Swift Sound 2008-07-15 18:53 . 2008-07-15 19:02 <DIR> d-------- C:\Documents and Settings\Semenka\Application Data\ICQ 2008-07-15 18:51 . 2008-07-15 19:02 <DIR> d-------- C:\Program Files\ICQ6 2008-07-13 10:39 . 2008-07-13 10:39 <DIR> d-------- C:\WINDOWS\Logs 2008-07-09 16:39 . 2008-07-09 16:40 20,032,046 --a------ C:\Sweden.avi 2008-07-09 00:26 . 2008-07-09 00:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-08 19:26 . 2008-07-13 06:56 <DIR> d-------- C:\Program Files\SearchInOneStep 2008-07-08 11:08 . 2008-07-08 11:08 <DIR> d-------- C:\Documents and Settings\Semenka\Application Data\Media Player Classic 2008-07-07 00:45 . 2008-07-16 19:49 <DIR> d-------- C:\Program Files\Call Alert 2008-07-06 11:54 . 2004-11-28 21:09 679,936 --a------ C:\WINDOWS\system\xvidcore.dll 2008-07-04 21:20 . 2001-04-01 17:24 218,112 --a------ C:\WINDOWS\system32\CALLERID.OCX 2008-07-04 21:20 . 2000-03-09 10:46 21,504 --a------ C:\WINDOWS\system32\FT.OCX 2008-07-04 21:12 . 2008-07-04 21:12 274,432 --------- C:\WINDOWS\Setup1.exe 2008-07-04 21:12 . 2008-07-04 21:12 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-07-04 20:24 . 2002-04-07 22:14 724,992 --a------ C:\WINDOWS\system32\ebCrypt.dll 2008-07-04 20:24 . 2004-07-23 12:05 532,480 --a------ C:\WINDOWS\system32\vsflex8l.ocx 2008-07-04 20:24 . 2003-05-15 12:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx 2008-07-04 20:24 . 2000-05-30 21:29 106,496 --a------ C:\WINDOWS\system32\TrayIcn6.ocx 2008-07-04 20:24 . 1998-06-24 00:00 103,744 --a------ C:\WINDOWS\system32\MSCOMM32.OCX 2008-07-04 20:24 . 2003-07-28 22:31 28,672 --a------ C:\WINDOWS\system32\VbLear.dll 2008-07-04 20:24 . 2003-07-26 16:22 4,720 --a------ C:\WINDOWS\system32\Vb201.vxd 2008-07-04 20:10 . 2008-07-04 20:10 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2008-07-04 19:55 . 2008-07-04 20:12 <DIR> d-------- C:\Program Files\acc 2008-07-04 19:06 . 2008-07-04 19:06 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2008-06-25 16:06 . 2008-06-25 16:06 <DIR> d-------- C:\Program Files\Gadwin Systems 2008-06-21 06:41 . 2008-06-21 06:41 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-06-21 06:41 . 2008-06-21 06:41 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-06-20 13:05 . 2008-06-21 06:26 <DIR> d-------- C:\WINDOWS\SxsCaPendDel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2021-04-18 20:00 300,048 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2008-07-17 21:21 --------- d-----w C:\Documents and Settings\Semenka\Application Data\Skype 2008-07-17 20:55 --------- d-----w C:\Documents and Settings\Semenka\Application Data\skypePM 2008-07-17 17:03 --------- d-----w C:\Program Files\Common Files\Macromedia 2008-07-17 17:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-17 17:00 --------- d-----w C:\Program Files\Macromedia 2008-07-15 16:59 --------- d-----w C:\Program Files\ICQLite 2008-07-10 15:02 --------- d-----w C:\Program Files\JDVoiceMail 2008-07-09 06:52 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-07-08 22:27 --------- d-----w C:\Program Files\Lavasoft 2008-07-08 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-06 14:11 57,632 ----a-w C:\StiImg.dat 2008-06-28 17:37 --------- d-----w C:\Program Files\Java 2008-06-28 17:33 --------- d-----w C:\Program Files\Common Files\Corel 2008-06-28 17:32 --------- d-----w C:\Documents and Settings\Semenka\Application Data\Corel 2008-06-20 11:28 --------- d-----w C:\Program Files\Corel 2008-06-20 06:49 --------- d-----w C:\Program Files\FlashGet 2008-06-05 21:58 --------- d-----w C:\Documents and Settings\Semenka\Application Data\JAlbum 2008-06-05 21:54 --------- d-----w C:\Program Files\JalbumWin 2008-05-22 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel 2008-05-22 19:34 --------- d-----w C:\Program Files\Common Files\Real 2008-05-22 19:32 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-22 18:40 --------- d-----w C:\Documents and Settings\Semenka\Application Data\InstallShield 2008-05-22 17:57 --------- d-----w C:\Program Files\Common Files\Nikon 2008-05-22 17:54 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT 2008-05-22 15:20 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-03 15:54 131,584 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2008-02-08 17:46 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-09-10 23:03 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2007-04-19 23:28 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2007-04-18 19:54 56 --sh--r C:\WINDOWS\system32\FB1B3CBE4A.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 12:57 94208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 23:16 68856] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312] "Gadwin PrintScreen 3.5"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2006-07-08 10:57 1101824] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360] "ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-05-18 18:30 172280] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2021-04-18 22:00 847872] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-10-22 00:41 57344] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-18 21:55 77824] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "MP10_EnsureFileVer"="C:\WINDOWS\inf\unregmp2.exe" [2004-08-04 03:07 208896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608] "Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-04-18 21:55 77824 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] --a------ 2002-04-17 10:42 69632 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\totalcmd\\TOTALCMD.EXE"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\ICQ6\\ICQ.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "94:TCP"= 94:TCP:VRS Recording System Web Control Panel "8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP) "8001:UDP"= 8001:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8002:UDP"= 8002:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8003:UDP"= 8003:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8004:UDP"= 8004:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8005:UDP"= 8005:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8006:UDP"= 8006:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8007:UDP"= 8007:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8008:UDP"= 8008:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8009:UDP"= 8009:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "5060:UDP"= 5060:UDP:Axon Virtual PBX Sip Incoming Calls (UDP) "81:TCP"= 81:TCP:Axon Virtual PBX Web Server R3 PAC207;VideoCAM GE111;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Avi Player - C:\Program Files\Avi Player\AviPlayer.exe HKCU-Run-CallerID Monitor - c:\program files\callerid monitor\callerid.exe HKLM-Run-Active CallerID - C:\Program Files\Active CallerID\CallerID.exe HKLM-Run-BinaPC3 - C:\Program Files\BINA\BINA486.exe MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-07-17 23:21:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Active CallerID = C:\Program Files\Active CallerID\CallerID.exe hide???????????????????????????z??????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\WINDOWS\system32\imon.dll . Completion time: 2008-07-17 23:32:51 ComboFix-quarantined-files.txt 2008-07-17 21:32:26 Pre-Run: 4,430,622,720 bytes free Post-Run: 4,419,776,512 bytes free 180

Profil

dr_Bora Poslao: 18 Jul 2008 14:31 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj file: C:\Program Files\SearchInOneStep\searchin1.exe preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

Profil

blacksilhouette Poslao: 18 Jul 2008 16:52 Idi na vrh
offline blacksilhouette Građanin Pridružio: 23 Mar 2008 Poruke: 51	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uplovdovala sam taj file

Profil

dr_Bora Poslao: 18 Jul 2008 17:03 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Takođe, uploaduj i ovaj file: C:\Program Files\SearchInOneStep\searchin1.dll

Profil

blacksilhouette Poslao: 18 Jul 2008 17:21 Idi na vrh
offline blacksilhouette Građanin Pridružio: 23 Mar 2008 Poruke: 51	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo i tog fajla hvala

Profil

dr_Bora Poslao: 18 Jul 2008 17:31 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Privremeno isključi NOD32... Otvoriti Notepad i iskopirati sledeci tekst: `Folder:: C:\Program Files\SearchInOneStep Driver:: SearchInOneStep Service` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » molim za pomoc

Ko je trenutno na forumu

Ukupno su 930 korisnika na forumu :: 21 registrovanih, 3 sakrivenih i 906 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Alibaba1981, alkatraz080, bokisha253, brundo65, cenejac111, Džordžino, Georgius, Kriglord, mercedesamg, milenko crazy north, MiroslavD, nextyamb, Parker, Pele23, rovac, royst33, savaskytec, Toper, vrag81, vranjanac29, zixmix

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by