MyCity » Ambulanta -> Arhiva Ambulante » W32.Spybot.Worm,BackDoor.IRC.Bot i W32.Harakit da li je reg?

W32.Spybot.Worm,BackDoor.IRC.Bot i W32.Harakit da li je reg?

Napisano na dan: 17.4.2009

W32.Spybot.Worm,BackDoor.IRC.Bot i W32.Harakit da li je reg?

Sledeća strana

Pagination

Odgovori

rajicic Poslao: 17 Apr 2009 02:10 Idi na vrh
offline rajicic Novi MyCity građanin Pridružio: 29 Jan 2009 Poruke: 19	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! W32.Spybot.Worm,BackDoor.IRC.Bot i W32.Harakit da li je registri ok? Log pre dva dana Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:14:17, on 14.4.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\FlashGet\FlashGet.exe C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\nMtsk.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\mdm.exe C:\Documents and Settings\Obrad Cvijovic\Desktop\Dr Bora Pack\124.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: &Preuzmi sa FlashGet-om - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Preuzmi sve sa FlashGet-om - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{0C1F73EC-70D0-49DF-B390-C56E9355B6D9}: NameServer = 194.247.192.1 194.247.192.33 O17 - HKLM\System\CS1\Services\Tcpip\..\{0C1F73EC-70D0-49DF-B390-C56E9355B6D9}: NameServer = 194.247.192.1 194.247.192.33 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nMtskBar Service (nMtskService) - Intracom S.A. - C:\WINDOWS\nMtsk.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8946 bytes Log Danas Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:05:25, on 17.4.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\FlashGet\FlashGet.exe C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\nMtsk.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\MCUI32.EXE C:\Documents and Settings\Obrad Cvijovic\Desktop\Dr Bora Pack\124.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [run32] C:\Win\lsass.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: &Preuzmi sa FlashGet-om - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Preuzmi sve sa FlashGet-om - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{0C1F73EC-70D0-49DF-B390-C56E9355B6D9}: NameServer = 194.247.192.1 194.247.192.33 O17 - HKLM\System\CS1\Services\Tcpip\..\{0C1F73EC-70D0-49DF-B390-C56E9355B6D9}: NameServer = 194.247.192.1 194.247.192.33 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nMtskBar Service (nMtskService) - Intracom S.A. - C:\WINDOWS\nMtsk.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9156 bytes Pa me interesuje ima par stvari kojih su se promenili svshost dva dodata i lsass.exe pa me interesuje da li su ovi virusi naškodili registrima?

Profil

helen1 Poslao: 17 Apr 2009 10:16 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, * Klikni desnim tasterom na Norton Antivirus ikonicu () u donjem, desnom uglu ekrana i izaberi Disable Auto Protect. * Zatim izaberi željeno trajanje (npr. 5 sati) i klikni OK. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. --------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

rajicic Poslao: 24 Apr 2009 22:09 Idi na vrh
offline rajicic Novi MyCity građanin Pridružio: 29 Jan 2009 Poruke: 19	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo Combofix loga posto su mi zatvorili temu bio sam odsutan pa me je to sprecilo da posaljem combofix log i interesuje me da mi predlozite dobar program za ciscenje programa kao naprimer your uninstaller,.... ComboFix 09-04-25.01 - Obrad Cvijovic 24.04.2009 21:53.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.767.186 [GMT 2:00] Running from: c:\documents and settings\Obrad Cvijovic\Desktop\ComboFix.exe AV: Norton AntiVirus On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Obrad Cvijovic\Application Data\.# c:\documents and settings\Obrad Cvijovic\Application Data\inst.exe c:\windows\IE4 Error Log.txt c:\windows\system32\mdm.exe c:\windows\Temp\1.exe G:\resycled . ((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 ))))))))))))))))))))))))))))))) . 2009-04-16 23:34 . 2009-04-16 23:34 -------- d-sh--r C:\Win 2009-04-15 20:40 . 2009-04-15 20:40 -------- d-----r c:\program files\Norton Support 2009-04-15 11:02 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-15 11:02 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 11:02 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-15 11:02 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 11:02 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 11:02 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 11:02 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 11:02 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-15 11:02 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-15 10:55 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-15 10:55 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-15 10:55 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-13 07:25 . 2009-04-24 19:45 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\MailWasherFree 2009-04-12 23:45 . 2009-04-16 17:21 -------- d-----w c:\documents and settings\Miso Cvijovic\Application Data\MailWasherFree 2009-04-12 23:45 . 2009-04-12 23:45 -------- d-----w c:\program files\FireTrust 2009-04-10 19:21 . 2009-04-10 19:21 -------- d-----w c:\documents and settings\All Users\Application Data\GARMIN 2009-04-09 21:49 . 2009-04-09 21:49 -------- d-----w c:\documents and settings\Branka Cvijovic\Application Data\GARMIN 2009-04-09 15:16 . 2008-04-13 17:45 32128 -c--a-w c:\windows\system32\dllcache\usbccgp.sys 2009-04-09 15:16 . 2008-04-13 17:45 32128 ----a-w c:\windows\system32\drivers\usbccgp.sys 2009-04-06 07:41 . 2009-04-06 07:48 -------- d-----w c:\program files\Unlocker 2009-04-06 07:26 . 2009-04-06 07:26 -------- d-sh--w c:\windows\ftpcache 2009-04-06 07:22 . 2009-04-06 07:22 -------- d-----w c:\windows\CreationCentre 2007 2009-04-06 06:27 . 2009-04-06 06:27 15 ----a-w c:\windows\system32\dcsd.ini 2009-04-06 06:24 . 2009-04-06 06:32 -------- d-----w C:\Magacioner 2009-04-04 12:03 . 2009-04-04 12:03 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 SDK 2009-04-04 11:47 . 2009-04-04 11:47 -------- d-----w c:\program files\Pocket Tanks 2009-03-26 23:40 . 2008-04-13 18:54 22016 -c--a-w c:\windows\system32\dllcache\msircomm.sys 2009-03-26 23:40 . 2008-04-13 18:54 22016 ----a-w c:\windows\system32\drivers\MSIRCOMM.sys 2009-03-26 23:36 . 2001-08-17 12:51 19584 -c--a-w c:\windows\system32\dllcache\rasirda.sys 2009-03-26 23:36 . 2001-08-17 12:51 19584 ----a-w c:\windows\system32\drivers\rasirda.sys 2009-03-26 23:36 . 2008-04-14 00:12 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll 2009-03-26 23:36 . 2008-04-14 00:12 8192 ----a-w c:\windows\system32\wshirda.dll 2009-03-26 23:36 . 2008-04-14 00:11 28160 -c--a-w c:\windows\system32\dllcache\irmon.dll 2009-03-26 23:36 . 2008-04-14 00:11 28160 ----a-w c:\windows\system32\irmon.dll 2009-03-26 23:36 . 2008-04-14 00:12 151552 -c--a-w c:\windows\system32\dllcache\irftp.exe 2009-03-26 23:36 . 2008-04-14 00:12 151552 ----a-w c:\windows\system32\irftp.exe 2009-03-26 23:36 . 2008-04-13 18:54 88192 -c--a-w c:\windows\system32\dllcache\irda.sys 2009-03-26 23:36 . 2008-04-13 18:54 88192 ----a-w c:\windows\system32\drivers\irda.sys 2009-03-26 23:36 . 2001-08-17 12:49 26624 -c--a-w c:\windows\system32\dllcache\irstusb.sys 2009-03-26 23:36 . 2001-08-17 12:49 26624 ----a-w c:\windows\system32\drivers\irstusb.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-24 19:51 . 2009-03-09 10:29 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\DNA 2009-04-24 19:51 . 2009-03-09 11:03 -------- d-----w c:\program files\FlashGet 2009-04-24 19:21 . 2009-03-09 10:29 -------- d-----w c:\program files\DNA 2009-04-16 21:33 . 2009-03-10 20:45 89560 ----a-w c:\documents and settings\Djordje Cvijovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-11 13:27 . 2009-04-11 13:25 745 ----a-w C:\uniextract.txt 2009-04-10 19:21 . 2009-03-09 11:07 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\GARMIN 2009-04-09 19:37 . 2009-03-10 21:03 89560 ----a-w c:\documents and settings\Branka Cvijovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-06 16:56 . 2009-03-10 22:08 89560 ----a-w c:\documents and settings\Miso Cvijovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-06 07:50 . 2009-03-09 10:27 89560 ----a-w c:\documents and settings\Obrad Cvijovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-31 17:16 . 2009-03-18 13:31 -------- d-----w c:\program files\Java 2009-03-24 19:14 . 2009-03-24 19:08 -------- d-----w c:\documents and settings\Miso Cvijovic\Application Data\BitTorrent 2009-03-24 18:58 . 2009-03-24 18:58 -------- d-----w c:\program files\ReflexiveArcade 2009-03-24 18:52 . 2009-03-24 18:38 -------- d-----w c:\program files\AXIS Communications 2009-03-22 14:31 . 2009-03-09 10:36 -------- d-----w c:\program files\K-Lite Codec Pack 2009-03-22 13:55 . 2009-03-11 00:26 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\DivX 2009-03-22 11:56 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Nokia 2009-03-22 11:52 . 2009-03-11 11:08 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite 2009-03-22 11:52 . 2009-03-22 11:52 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-03-22 11:52 . 2009-03-22 11:52 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-03-21 23:59 . 2009-03-18 13:12 -------- d-----w c:\program files\Warcraft III 2009-03-21 08:14 . 2009-03-21 08:14 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-03-20 20:21 . 2009-03-09 01:32 -------- d-----w c:\program files\Symantec 2009-03-20 20:21 . 2009-03-09 01:32 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-03-20 20:21 . 2009-03-09 01:32 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-03-20 20:21 . 2009-03-09 01:32 60808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-03-20 20:21 . 2009-03-09 01:32 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-03-18 20:07 . 2009-03-18 20:07 -------- d-----w c:\documents and settings\Miso Cvijovic\Application Data\Media Player Classic 2009-03-18 20:04 . 2009-03-18 20:04 -------- d-----w c:\program files\Learn2.com 2009-03-18 20:04 . 2009-03-18 20:04 -------- d-----w c:\documents and settings\Miso Cvijovic\Application Data\Learn2.com 2009-03-18 20:01 . 2009-03-18 20:00 -------- d-sh--w c:\program files\Common Files\WindowsLiveInstaller 2009-03-18 19:59 . 2009-03-09 01:32 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-18 19:52 . 2009-03-18 19:52 -------- d-----w c:\program files\Common Files\Adobe Systems Shared 2009-03-18 19:47 . 2009-03-10 20:10 -------- d-----w c:\program files\Common Files\Adobe 2009-03-18 14:24 . 2009-03-18 14:24 -------- d-----w c:\program files\Xvid 2009-03-18 14:09 . 2009-03-11 11:38 -------- d-----w c:\program files\Igre 2009-03-18 14:05 . 2009-03-18 13:32 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\LimeWire 2009-03-18 13:48 . 2009-03-18 13:16 77298 ----a-w c:\windows\War3Unin.dat 2009-03-18 13:32 . 2009-03-18 13:16 2829 ----a-w c:\windows\War3Unin.pif 2009-03-18 13:32 . 2009-03-18 13:16 139264 ----a-w c:\windows\War3Unin.exe 2009-03-18 13:32 . 2009-03-18 13:29 -------- d-----w c:\program files\LimeWire 2009-03-18 13:20 . 2009-03-18 13:20 -------- d-----w c:\program files\Gabest 2009-03-17 16:42 . 2009-03-17 16:41 -------- d-----w c:\program files\KONAMI 2009-03-16 15:06 . 2009-03-09 10:37 -------- d-----w c:\program files\Magic Video Converter 2009-03-15 16:49 . 2009-03-15 16:49 -------- d-----w c:\documents and settings\All Users\Application Data\TechSmith 2009-03-15 16:49 . 2009-03-15 16:49 -------- d-----w c:\program files\Common Files\TechSmith Shared 2009-03-15 16:49 . 2009-03-15 16:49 -------- d-----w c:\program files\TechSmith 2009-03-12 11:58 . 2009-03-12 11:58 -------- d-----w c:\program files\Common Files\Apple 2009-03-12 11:50 . 2009-03-12 11:50 -------- d-----w c:\program files\IrfanView 2009-03-12 11:35 . 2009-03-12 11:35 -------- d-----w c:\program files\Intracom S.A 2009-03-12 11:15 . 2009-03-09 10:42 -------- d-----w c:\program files\Corel 2009-03-12 11:12 . 2009-03-10 16:40 6578 --sha-w c:\windows\system32\KGyGaAvL.sys 2009-03-12 00:36 . 2009-03-12 00:36 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Sports Interactive 2009-03-12 00:31 . 2009-03-12 00:31 107888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-03-12 00:29 . 2009-03-12 00:27 -------- d--h--w c:\program files\Zero G Registry 2009-03-11 21:12 . 2009-03-09 00:03 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-11 21:10 . 2009-03-11 21:10 -------- d-----w c:\program files\Sonic 2009-03-11 21:03 . 2009-03-11 21:03 -------- d-----w c:\program files\Sony 2009-03-11 21:02 . 2009-03-11 21:02 -------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation 2009-03-11 20:33 . 2009-03-11 20:33 -------- d-----w c:\program files\MSBuild 2009-03-11 20:33 . 2009-03-11 20:33 -------- d-----w c:\program files\Reference Assemblies 2009-03-11 19:52 . 2009-03-11 19:52 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\AdobeUM 2009-03-11 19:45 . 2009-03-11 19:45 -------- d-----w c:\documents and settings\All Users\Application Data\Cadsoft 2009-03-11 19:44 . 2009-03-11 19:44 -------- d-----w c:\program files\Common Files\Cadsoft 2009-03-11 19:43 . 2009-03-11 19:43 -------- d-----w c:\program files\3D Home Architect 2009-03-11 19:07 . 2009-03-11 19:07 -------- d-----w c:\program files\MSXML 4.0 2009-03-11 18:16 . 2009-03-11 18:16 -------- d-----w c:\program files\Readiris 2009-03-11 18:16 . 2009-03-11 18:07 -------- d-----w c:\program files\Samsung 2009-03-11 11:42 . 2009-03-11 11:42 -------- d-----w c:\program files\CartmansAuthoritah 2009-03-11 11:07 . 2009-03-11 11:06 -------- d-----w c:\program files\Common Files\PCSuite 2009-03-11 11:06 . 2009-03-11 11:06 -------- d-----w c:\program files\Common Files\Nokia 2009-03-11 11:06 . 2009-03-11 10:48 -------- d-----w c:\program files\Nokia 2009-03-11 11:06 . 2009-03-11 11:06 -------- d-----w c:\program files\DIFX 2009-03-11 11:06 . 2009-03-11 11:06 -------- d-----w c:\program files\PC Connectivity Solution 2009-03-11 11:04 . 2009-03-11 11:04 -------- d-----w c:\documents and settings\All Users\Application Data\Installations 2009-03-11 10:28 . 2009-03-11 10:28 -------- d-----w c:\program files\Real Alternative 2009-03-11 10:24 . 2009-03-11 10:23 -------- d-----w c:\program files\AV Vcs 6.0 DIAMOND 2009-03-11 10:22 . 2009-03-11 10:20 -------- d-----w c:\program files\YVD 2009-03-11 10:20 . 2009-03-11 10:18 -------- d-----w c:\program files\Virtual Piano 2009-03-11 10:16 . 2009-03-11 10:16 -------- d-----w c:\program files\uTIPu 2009-03-11 10:15 . 2009-03-11 10:15 -------- d-----w c:\program files\Youdagames 2009-03-11 10:15 . 2009-03-11 10:15 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Youdagames 2009-03-11 10:11 . 2009-03-11 10:11 -------- d-----w c:\program files\PassportPhoto 2009-03-11 10:06 . 2009-03-10 20:11 -------- d-----w c:\program files\Cleaner 5 EZ 2009-03-11 10:05 . 2009-03-11 09:54 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-03-11 10:03 . 2009-03-11 09:49 -------- d-----w c:\program files\DivX 2009-03-11 09:55 . 2009-03-11 09:54 -------- d-----w c:\program files\QuickTime 2009-03-11 09:54 . 2009-03-11 09:54 -------- d-----w c:\program files\Apple Software Update 2009-03-11 09:54 . 2009-03-11 09:54 -------- d-----w c:\documents and settings\All Users\Application Data\Apple 2009-03-11 09:44 . 2009-03-11 09:42 -------- d-----w c:\program files\Valve 2009-03-11 00:28 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Windows Search 2009-03-11 00:28 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\SystemRequirementsLab 2009-03-11 00:28 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Sony Corporation 2009-03-11 00:28 . 2009-03-10 17:07 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\skypePM 2009-03-11 00:28 . 2009-03-10 17:06 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Skype 2009-03-11 00:28 . 2009-03-11 00:28 -------- d--h--r c:\documents and settings\Obrad Cvijovic\Application Data\SecuROM 2009-03-11 00:28 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\PC Suite 2009-03-11 00:28 . 2009-03-10 19:29 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\MyPhoneExplorer 2009-03-11 00:27 . 2009-03-11 00:27 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\MegauploadToolbar 2009-03-11 00:27 . 2009-03-11 00:27 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Media Player Classic 2009-03-11 00:27 . 2009-03-11 00:27 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Malwarebytes . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-22 342848] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-06-29 1990704] "WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-02-16 106496] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152] "QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-11-30 77892] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "run32"="c:\win\lsass.exe" [2001-12-31 551669] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536] "nMTaskBarService"="nMtsk.exe" - c:\windows\nMtsk.exe [2005-05-06 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000] DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-3-9 839680] InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-3-9 204800] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\proeWildfire\\i486_nt\\nms\\nmsd.exe"= "c:\\Program Files\\proeWildfire\\i486_nt\\obj\\xtop.exe"= "c:\\Program Files\\proeWildfire\\i486_nt\\obj\\pro_comm_msg.exe"= "c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"= "c:\\Program Files\\ApexDC++\\ApexDC.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Pocket Tanks\\pockettanks.exe"= R2 .norton2009Reset;Norton 2009 Reset;c:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe [2009-03-10 280833] R2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2006-03-02 63555] R3 fsssvc;Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656] R3 GrooveInstallerService;Groove Installer Service;c:\program files\Groove Networks\Groove\Bin\GrooveInstallerService.exe [2002-09-25 99904] R3 netModUSBlfService;netMod USB Lower Filter Service;c:\windows\system32\drivers\nMUSBlf.sys [2004-01-20 20716] R3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2006-10-02 59260] R3 nMtskService;nMtskBar Service;c:\windows\nMtsk.exe [2005-05-06 90112] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SYMEFA.SYS [2009-02-27 310320] S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NAV\1005000.086\BHDrvx86.sys [2009-02-27 258608] S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NAV\1005000.086\ccHPx86.sys [2009-03-20 482352] S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090420.001\IDSxpx86.sys [2009-02-06 276344] S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152] S2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-02-27 115560] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2006-05-04 114616] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-08 101936] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed2cda8e-0e7f-11de-ab99-4d6564696130}] \shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L . Contents of the 'Scheduled Tasks' folder 2009-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-04-24 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] . - - - - ORPHANS REMOVED - - - - HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe . ------- Supplementary Scan ------- . IE: &Preuzmi sa FlashGet-om - c:\program files\FlashGet\jc_link.htm IE: &Preuzmi sve sa FlashGet-om - c:\program files\FlashGet\jc_all.htm IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta TCP: {0C1F73EC-70D0-49DF-B390-C56E9355B6D9} = 194.247.192.1 194.247.192.33 FF - ProfilePath - c:\documents and settings\Obrad Cvijovic\Application Data\Mozilla\Firefox\Profiles\f9yh552d.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-24 21:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(832) c:\program files\FlashGet\fgmgr.dll . Completion time: 2009-04-24 21:59 ComboFix-quarantined-files.txt 2009-04-24 19:59 Pre-Run: 80.352.321.536 bytes free Post-Run: 81.100.349.440 bytes free 285 --- E O F --- 2009-04-24 19:42 Pojavio mi se hidden folder Win u C:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » W32.Spybot.Worm,BackDoor.IRC.Bot i W32.Harakit da li je reg?

Ko je trenutno na forumu

Ukupno su 903 korisnika na forumu :: 36 registrovanih, 3 sakrivenih i 864 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., airsuba, Aleksandar Tomić, amaterSRB, Andrija357, Arahne, ccoogg123, Denaya, Dorcolac, dule10savic, FileFinder, kjkszpj, kolle.the.kid, mikrimaus, mnn2, mrav pesadinac, NoOneEver Dreams, opt1, Parker, raptorsi, repac, RJ, rovac, S2M, Sančo, Shinobi, theNedjeljko, Trpe Grozni, virked, Vlada1389, VP6919, wolf431, YugoSlav, |_MeD_|, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by