MyCity » Ambulanta -> Arhiva Ambulante » Provera loga

Provera loga

Napisano na dan: 5.3.2009

Strana:
1
2

Provera loga

Sledeća strana

Pagination

Odgovori

Strana:
1
2

The Philosopher Poslao: 05 Mar 2009 01:07 Idi na vrh
offline The Philosopher Građanin Pridružio: 05 Mar 2009 Poruke: 35	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moze li mi tko reci sta od ovoga da provjerim i popravim jer se slabo kuzim u to a hitno mi je!Ne smijem sam da ne bi nesto zehebo!Please, komp mi je u kurc* pa mi recite.. Hvala unaprijed! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:53:32, on 5.3.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\WS\My Documents\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.ba/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{54EF60C2-EC04-4016-B055-23A00F39E946}: NameServer = 212.39.98.161,212.39.98.162 O17 - HKLM\System\CS1\Services\Tcpip\..\{54EF60C2-EC04-4016-B055-23A00F39E946}: NameServer = 212.39.98.161,212.39.98.162 O17 - HKLM\System\CS2\Services\Tcpip\..\{54EF60C2-EC04-4016-B055-23A00F39E946}: NameServer = 212.39.98.161,212.39.98.162 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 9740 bytes

Profil

helen1 Poslao: 05 Mar 2009 01:13 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! A, sta fali tvom kompjuteru? Kakvih problema imas?

Profil

The Philosopher Poslao: 05 Mar 2009 01:19 Idi na vrh
offline The Philosopher Građanin Pridružio: 05 Mar 2009 Poruke: 35	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! pa svasta nesto...hehe..uglavnom imo sam problema s virusima dostaa ovih dana...pa sam se tog rjesio...ali recemo internet browseri mi nece bas da rade osim opere! explorer i mozzila stekaju na sve strane,kaspersky mi je naso dosta vulnerabiltys ali ne moze ih se rjesit, pa mi i on zapinje kad udjem u online security itd.....pa sam ovim HiJackThis sceniro sve..i sad ne znam ima li uopce ikakvih problema i sta trebam ili je nesto drugo u pitanju??

Profil

helen1 Poslao: 05 Mar 2009 01:21 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradices sledece, a odgovor od mene ces dobiti sutra prepodne ili popodne: * Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection. * U prozoru koji se otvori, izaberi By User Request. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------ Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

The Philosopher Poslao: 05 Mar 2009 01:43 Idi na vrh
offline The Philosopher Građanin Pridružio: 05 Mar 2009 Poruke: 35	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ehh sad je problem sto ja ne mogu pokrenuti nijedan combofix! I to je problem! pise kao nemam dozvolu za to i tako nesto??!

Profil

helen1 Poslao: 05 Mar 2009 10:22 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljuci Antivirus. Probaj da skines odavde i pokrenes, ukoliko ti program zatrazi updejtovanje, dozvoli: http://amf.mycity.rs/programs/mirrored/C-F.exe

Profil

The Philosopher Poslao: 05 Mar 2009 20:10 Idi na vrh
offline The Philosopher Građanin Pridružio: 05 Mar 2009 Poruke: 35	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo uspio sam skinuti...evo lod file..pomagajte! ComboFix 09-03-04.01 - WS 2009-03-05 19:53:22.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2047.1649 [GMT 1:00] Running from: c:\documents and settings\WS\My Documents\C-F.exe AV: Kaspersky Internet Security On-access scanning disabled (Updated) FW: Kaspersky Internet Security disabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt c:\windows\system32\drivers\UACopodwoel.sys c:\windows\system32\UACavdkmxvv.dll c:\windows\system32\UACawviwekx.log c:\windows\system32\UACcnipwwlw.dll c:\windows\system32\UACcxotfumn.dll c:\windows\system32\UACfhxyurip.dll c:\windows\system32\UACmngqowjd.dat c:\windows\system32\UACsijkopxm.log c:\windows\system32\UACsrvpyfqb.log D:\install.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 ))))))))))))))))))))))))))))))) . 2009-03-04 21:39 . 2009-03-04 21:58 <DIR> d-------- c:\program files\Opera 2009-03-03 19:02 . 2009-03-05 19:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan 2009-03-03 00:08 . 2009-03-02 16:23 48,690 -r-hs---- c:\windows\fxsteller.exe 2009-03-02 13:40 . 2009-03-05 15:40 5,396 --a------ c:\windows\system32\uacinit.dll 2009-02-25 15:44 . 2009-02-25 15:44 <DIR> d-------- c:\documents and settings\LocalService\Application Data\GameTracker 2009-02-16 19:23 . 2009-02-16 19:23 <DIR> d-------- c:\documents and settings\WS\Application Data\Malwarebytes 2009-02-16 19:23 . 2009-02-16 19:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-16 19:17 . 2009-03-03 20:09 3,553 --a------ c:\windows\system32\%LocalXml% 2009-02-16 18:46 . 2009-02-16 19:17 101,287 --a------ c:\windows\system32\drivers\klin.dat 2009-02-16 18:46 . 2009-02-16 19:17 89,601 --a------ c:\windows\system32\drivers\klick.dat 2009-02-16 18:33 . 2009-02-16 18:33 <DIR> d-------- c:\program files\Kaspersky Lab 2009-02-16 18:33 . 2009-03-05 19:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-02-16 18:33 . 2009-03-05 19:57 3,300,896 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-02-16 18:33 . 2009-03-05 19:57 434,208 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-02-16 18:33 . 2009-03-05 19:57 27,916 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-02-16 18:33 . 2009-03-05 19:57 3,612 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-02-16 17:35 . 2009-03-03 21:27 <DIR> d-------- c:\program files\Kaspersky 2009-02-14 18:45 . 2009-02-14 18:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-03 20:14 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-03 20:12 --------- d-----w c:\program files\BearShare Applications 2009-03-03 20:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-03-03 01:59 33,808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-03-03 00:56 --------- d-----w c:\program files\Google 2009-03-01 04:34 --------- d-----w c:\documents and settings\WS\Application Data\uTorrent 2009-02-16 17:30 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-16 17:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-02 19:43 --------- d-----w c:\program files\Counter-Strike 1.6 2009-02-02 17:45 --------- d-----w c:\program files\AskBarDis 2009-02-02 17:07 --------- d-----w c:\program files\Cheating-Death 2009-01-29 22:02 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH 2009-01-29 22:01 --------- d-----w c:\documents and settings\WS\Application Data\GRETECH 2009-01-29 22:00 --------- d-----w c:\program files\GRETECH 2009-01-29 21:59 --------- d-----w c:\program files\AskSearch 2009-01-27 18:02 --------- d-----w c:\program files\Team JPN 2009-01-23 23:38 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-01-20 21:30 --------- d-----w c:\documents and settings\WS\Application Data\BSplayer PRO 2009-01-18 21:39 --------- d-----w c:\program files\GameSpy Arcade 2009-01-16 22:22 --------- d-----w c:\program files\Valve 2009-01-14 20:49 --------- d-----w c:\documents and settings\WS\Application Data\Sony Corporation 2009-01-14 20:41 --------- d-----w c:\program files\Sony 2009-01-14 19:15 --------- d-----w c:\program files\Windows Media Connect 2 2009-01-11 01:14 --------- d-----w c:\program files\MSXML 6.0 2009-01-11 01:12 --------- d-----w c:\program files\MSXML 4.0 2009-01-06 18:39 --------- d-----w c:\program files\directx 2009-01-06 18:34 --------- d-----w c:\program files\Infogrames 2009-01-05 17:09 --------- d-----w c:\program files\Java 2008-12-02 21:14 24,192 ----a-w c:\documents and settings\WS\usbsermptxp.sys 2008-12-02 21:14 22,768 ----a-w c:\documents and settings\WS\usbsermpt.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368] "{C94E154B-1459-4A47-966B-4B843BEFC7DB}"= "c:\program files\AskSearch\bin\DefaultSearch.dll" [2008-09-29 90112] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_CLASSES_ROOT\clsid\{c94e154b-1459-4a47-966b-4b843befc7db}] [HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EC73A159-0736-4EF3-972D-6EA9B2278495}] [HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2008-09-02 15:05 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-08 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-02-01 210208] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-22 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-16 206088] "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2007-08-03 c:\windows\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\WS\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-01-14 376832] PowerReg Scheduler V3.exe [2009-01-06 225280] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows UDP Control Center] -r-hs---- 2009-03-02 16:23 48690 c:\windows\fxsteller.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hlds.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe [2007-11-15 151552] . Contents of the 'Scheduled Tasks' folder 2009-02-13 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] 2009-03-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39] . - - - - ORPHANS REMOVED - - - - HKCU-Run-msnmsgr - ~c:\program files\MSN Messenger\msnmsgr.exe HKCU-Run-GameTracker - c:\program files\GameTracker\GTLite.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ba/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm IE: I&zvoz u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {54EF60C2-EC04-4016-B055-23A00F39E946} = 212.39.98.161,212.39.98.162 FF - ProfilePath - c:\documents and settings\WS\Application Data\Mozilla\Firefox\Profiles\dyfo66ot.default\ ---- FIREFOX POLICIES ---- pref(dom.disable_open_during_load, true);. ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-05 19:58:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1004336348-1454471165-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1004) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\WgaTray.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\PnkBstrA.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe . ************************************************************************* . Completion time: 2009-03-05 20:01:34 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-05 19:01:32 Pre-Run: 71,932,014,592 bytes free Post-Run: 72,061,644,800 bytes free 227 --- E O F --- 2009-03-05 11:57:57

Profil

helen1 Poslao: 05 Mar 2009 23:56 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljuci ponovo Antivirus. Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\fxsteller.exe c:\windows\system32\uacinit.dll C:\Documents and Settings\Radosavljevic\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows UDP Control Center]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

The Philosopher Poslao: 06 Mar 2009 01:45 Idi na vrh
offline The Philosopher Građanin Pridružio: 05 Mar 2009 Poruke: 35	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo... ComboFix 09-03-04.01 - WS 2009-03-06 1:34:56.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2047.1400 [GMT 1:00] Running from: c:\documents and settings\WS\My Documents\C-F.exe Command switches used :: c:\documents and settings\WS\Desktop\CFScript.txt AV: Kaspersky Internet Security On-access scanning disabled (Updated) FW: Kaspersky Internet Security disabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\documents and settings\Radosavljevic\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe c:\windows\fxsteller.exe c:\windows\system32\uacinit.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\fxsteller.exe c:\windows\system32\uacinit.dll . ((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 ))))))))))))))))))))))))))))))) . 2009-03-04 21:39 . 2009-03-04 21:58 <DIR> d-------- c:\program files\Opera 2009-03-03 19:02 . 2009-03-05 19:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan 2009-02-25 15:44 . 2009-02-25 15:44 <DIR> d-------- c:\documents and settings\LocalService\Application Data\GameTracker 2009-02-16 19:23 . 2009-02-16 19:23 <DIR> d-------- c:\documents and settings\WS\Application Data\Malwarebytes 2009-02-16 19:23 . 2009-02-16 19:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-16 19:17 . 2009-03-03 20:09 3,553 --a------ c:\windows\system32\%LocalXml% 2009-02-16 18:46 . 2009-02-16 19:17 101,287 --a------ c:\windows\system32\drivers\klin.dat 2009-02-16 18:46 . 2009-02-16 19:17 89,601 --a------ c:\windows\system32\drivers\klick.dat 2009-02-16 18:33 . 2009-02-16 18:33 <DIR> d-------- c:\program files\Kaspersky Lab 2009-02-16 18:33 . 2009-03-05 19:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-02-16 18:33 . 2009-03-05 21:36 3,329,568 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-02-16 18:33 . 2009-03-05 20:57 466,976 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-02-16 18:33 . 2009-03-05 21:36 28,140 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-02-16 18:33 . 2009-03-05 20:57 3,724 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-02-16 17:35 . 2009-03-03 21:27 <DIR> d-------- c:\program files\Kaspersky 2009-02-14 18:45 . 2009-02-14 18:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-03 20:14 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-03 20:12 --------- d-----w c:\program files\BearShare Applications 2009-03-03 20:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-03-03 01:59 33,808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-03-03 00:56 --------- d-----w c:\program files\Google 2009-03-01 04:34 --------- d-----w c:\documents and settings\WS\Application Data\uTorrent 2009-02-16 17:30 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-16 17:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-02 19:43 --------- d-----w c:\program files\Counter-Strike 1.6 2009-02-02 17:45 --------- d-----w c:\program files\AskBarDis 2009-02-02 17:07 --------- d-----w c:\program files\Cheating-Death 2009-01-29 22:02 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH 2009-01-29 22:01 --------- d-----w c:\documents and settings\WS\Application Data\GRETECH 2009-01-29 22:00 --------- d-----w c:\program files\GRETECH 2009-01-29 21:59 --------- d-----w c:\program files\AskSearch 2009-01-27 18:13 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-01-27 18:02 --------- d-----w c:\program files\Team JPN 2009-01-23 23:38 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-01-23 23:37 183,112 ----a-w c:\windows\system32\PnkBstrB.exe 2009-01-20 21:30 --------- d-----w c:\documents and settings\WS\Application Data\BSplayer PRO 2009-01-18 21:39 --------- d-----w c:\program files\GameSpy Arcade 2009-01-16 22:22 --------- d-----w c:\program files\Valve 2009-01-14 20:49 --------- d-----w c:\documents and settings\WS\Application Data\Sony Corporation 2009-01-14 20:41 --------- d-----w c:\program files\Sony 2009-01-14 19:15 --------- d-----w c:\program files\Windows Media Connect 2 2009-01-11 01:14 --------- d-----w c:\program files\MSXML 6.0 2009-01-11 01:12 --------- d-----w c:\program files\MSXML 4.0 2009-01-06 18:39 --------- d-----w c:\program files\directx 2009-01-06 18:34 --------- d-----w c:\program files\Infogrames 2009-01-05 17:09 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-06 15:05 66,872 ----a-w c:\windows\system32\PnkBstrA.exe 2008-12-02 21:14 24,192 ----a-w c:\documents and settings\WS\usbsermptxp.sys 2008-12-02 21:14 22,768 ----a-w c:\documents and settings\WS\usbsermpt.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2008-09-02 15:05 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-08 68856] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-02-01 210208] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-22 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-16 206088] "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2007-08-03 c:\windows\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\WS\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-01-14 376832] PowerReg Scheduler V3.exe [2009-01-06 225280] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hlds.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe [2007-11-15 151552] . Contents of the 'Scheduled Tasks' folder 2009-02-13 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] 2009-03-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ba/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm IE: I&zvoz u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {54EF60C2-EC04-4016-B055-23A00F39E946} = 212.39.98.161,212.39.98.162 FF - ProfilePath - c:\documents and settings\WS\Application Data\Mozilla\Firefox\Profiles\dyfo66ot.default\ ---- FIREFOX POLICIES ---- pref(dom.disable_open_during_load, true);. ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-06 01:37:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1004336348-1454471165-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1004) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-03-06 1:38:12 ComboFix-quarantined-files.txt 2009-03-06 00:38:10 ComboFix2.txt 2009-03-05 19:01:36 Pre-Run: 71.908.847.616 bytes free Post-Run: 71,894,523,904 bytes free 198 --- E O F --- 2009-03-05 11:57:57

Profil

helen1 Poslao: 06 Mar 2009 07:23 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljuci Antivirus. Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\documents and settings\WS\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe DirLook:: c:\documents and settings\All Users\Application Data\SecTaskMan` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Provera loga

Ko je trenutno na forumu

Ukupno su 867 korisnika na forumu :: 49 registrovanih, 7 sakrivenih i 811 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Petar, A.R.Chafee.Jr., airsuba, ajo baba, Atomski čoban, babaroga, Boris90, Brana01, cer, dane007, Dimitrise93, dulleo, FOX, Georgius, h8propaganda, havoc995, ikan, ivica976, Još malo pa deda, Karla, kokodakalo, ksyyaj, kunktator, kybonacci, Marko Marković, Marko.anticc, mikrimaus, Milometer, miodrag, mrav pesadinac, opt1, panzerwaffe, Parker, radionica1, rasok, royst33, S2M, slonic_tonic, Smajser, SR-3m, Srle993, Steeeefan, theNedjeljko, uruk, VJ, wolf431, zziko, šumar bk2, Čivi

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by