MyCity » Ambulanta -> Arhiva Ambulante » Zaraza, bolest koja izmice kontroli...

Zaraza, bolest koja izmice kontroli...

Napisano na dan: 6.4.2009

Strana:
1
2

Zaraza, bolest koja izmice kontroli...

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Evian Poslao: 06 Apr 2009 20:49 Idi na vrh
offline Evian Novi MyCity građanin Pridružio: 06 Apr 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:08:48 PM, on 4/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\PC\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing) O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing) O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [less hope] C:\DOCUME~1\PC\APPLIC~1\CASTCO~1\Vc Mail.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{5A3DD863-379D-45A4-A65F-7DEB12FB2CFF}: NameServer = 194.247.192.1 194.247.192.33 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 6793 bytes Mislim (laicki) da mi je komp vec duze vreme zarazen i AVG mi nista nije detektovao pa sam ga zamenila sa NOD32 koji mi je detektovao razne "viruse". Ali ne mogu sve da ih obrisem niti mi prijavljuje sve. Primer: File C:\System Volume Information\_restore{9B5E8DDC-C6AE-40FD-B0D5-FED3A1CFB212}\RP282\A0033322.exe is infected with multiple infiltrations. File D:\System Volume Information\_restore{9B5E8DDC-C6AE-40FD-B0D5-FED3A1CFB212}\RP282\A0033321.exe is infected with multiple infiltrations. Number of threats found: 4 Number of active threats: 2 (Napominjem da su ove brojke ocigledno promenljiva stavka, svako skeniranje drugi broj! ) Takodje, imala sam nekog trojanca koji se zvao "Bat Chic" (izvinjavam se sto ne znam tacan naziv, mesto, ekstenziju itd...) i ja sam ga KAO obrisala, mada mislim da ga imam i dalje... Internet je znatno sporiji, kao i bilo koje radnje na kompu. Pop up-ovi, sa Internet Explorer-a - iako koristim Mozilla-u, na sve strane pogotovo "Travian". I da, imam ADSL (trudim se da se drzim pravilnika ). Svakako bih kasnije (kada se resim tih virusa, sta li vec) oborila sistem, reinstalirala i tako to (naravno ne ja, vec neko kompetentan)... Zagusen je mnogo... Svaka pomoc je dobrodosla i hvala u napred!

Profil

helen1 Poslao: 06 Apr 2009 21:20 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8652 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ---------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Evian Poslao: 06 Apr 2009 21:50 Idi na vrh
offline Evian Novi MyCity građanin Pridružio: 06 Apr 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Valjda sam ok odradila: ComboFix 09-04-04.01 - PC 2009-04-06 21:44:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.435 [GMT 2:00] Running from: c:\documents and settings\PC\Desktop\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Updated) FW: NVIDIA Firewall disabled * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Fonts\#aaifnt.ttf c:\windows\IE4 Error Log.txt . ((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 ))))))))))))))))))))))))))))))) . 2009-04-06 00:25 . 2009-04-06 00:25 <DIR> d-------- c:\program files\weblin 2009-04-06 00:25 . 2009-04-06 00:25 <DIR> d-------- c:\program files\Stardock 2009-04-06 00:25 . 2009-04-06 00:25 <DIR> d-------- c:\program files\My Company Name 2009-04-06 00:25 . 2009-04-06 00:25 <DIR> d-------- c:\program files\cast comp second 2009-04-06 00:25 . 2009-04-06 00:25 <DIR> d-------- c:\program files\AskTBar 2009-04-06 00:25 . 2009-04-06 00:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Shim Cdrom Cast Surf 2009-04-06 00:25 . 2009-04-06 00:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\EmailNotifier 2009-04-06 00:25 . 2009-04-06 00:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\DivoGames 2009-04-05 21:57 . 2009-04-05 21:54 512,096 --a------ c:\windows\system32\drivers\amon.sys 2009-04-05 21:57 . 2009-04-05 21:54 298,104 --a------ c:\windows\system32\imon.dll 2009-04-05 21:57 . 2009-04-05 21:54 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys 2009-04-05 20:07 . 2009-04-05 20:07 <DIR> d-------- c:\program files\Enigma Software Group 2009-03-22 14:26 . 2006-07-28 10:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll 2009-03-22 14:26 . 2006-07-28 10:30 62,744 --a------ c:\windows\system32\xinput1_2.dll 2009-03-22 14:25 . 2005-05-26 16:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll 2009-03-13 20:30 . 2009-03-13 20:30 50,968 --a------ c:\windows\system32\avgfwdx.dll 2009-03-13 20:30 . 2009-03-13 20:30 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-06 16:03 --------- d-----w c:\documents and settings\PC\Application Data\cast comp second 2009-04-05 20:12 --------- d-----w c:\program files\ESET 2009-04-05 18:07 --------- d-----w c:\documents and settings\PC\Application Data\MegauploadToolbar 2009-04-05 15:23 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-30 20:50 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-26 18:53 --------- d-----w c:\program files\FreeGamePick.com 2009-02-24 21:30 --------- d-----w c:\program files\FunPause Atlantis 2009-02-16 23:00 --------- d-----w c:\documents and settings\PC\Application Data\Lavasoft 2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys 2009-01-06 19:37 45,056 ----a-w c:\windows\NCUNINST.EXE 2008-12-20 13:41 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-12-20 13:41 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-20 13:41 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-12-20 13:41 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-12-20 13:41 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "less hope"="c:\docume~1\PC\APPLIC~1\CASTCO~1\Vc Mail.exe" [2009-02-08 616448] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-04-05 949376] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-07 113664] DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-21 839680] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --------- 2008-01-11 23:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] -ra------ 2007-03-01 11:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --------- 2007-02-16 11:54 282624 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 21:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-04-05 15424] R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-01-21 114616] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-01-21 63555] S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-03-13 29208] . Contents of the 'Scheduled Tasks' folder 2008-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 16:42] 2009-04-06 c:\windows\Tasks\B566A7AF91855373.job - c:\docume~1\pc\applic~1\castco~1\wma funk file.exe [2009-02-08 19:51] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL Notify-WgaLogon - (no file) . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll LSP: %SYSTEMROOT%\system32\nvappfilter.dll TCP: {5A3DD863-379D-45A4-A65F-7DEB12FB2CFF} = 194.247.192.1 194.247.192.33 FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\8bosahn5.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-04-06 21:45:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(716) c:\windows\system32\imon.dll c:\windows\system32\nvappfilter.dll . Completion time: 2009-04-06 21:46:23 ComboFix-quarantined-files.txt 2009-04-06 19:45:59 Pre-Run: 4,468,822,016 bytes free Post-Run: 4,538,863,616 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 152 --- E O F --- 2009-03-11 19:14:38

Profil

helen1 Poslao: 06 Apr 2009 22:02 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8652 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj mi: c:\docume~1\PC\APPLIC~1\CASTCO~1\Vc Mail.exe i c:\docume~1\pc\applic~1\castco~1\wma funk file.exe preko sledeceg linka: [Link mogu videti samo ulogovani korisnici]

Profil

Evian Poslao: 06 Apr 2009 22:29 Idi na vrh
offline Evian Novi MyCity građanin Pridružio: 06 Apr 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upload-ovala sam, a u tom folderu koji se zove "cast comp second", pored trazenih "Vc Mail-a" i "wma funk file-a" imam ih jos 4. Sa nekim "cudnim" nazivima...

Profil

helen1 Poslao: 06 Apr 2009 22:36 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8652 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi Lop S&D na Desktop. Dvoklikom pokreni LopSD.exe Na prvom ekranu odaberi jezik kucajući E i Enter a zatim klikni OK Odaberi opciju 1 - Search kucajući 1 i Enter Sačekaj nekoliko minuta da program završi skeniranje Na kraju procesa, log C:\LopR.txt će se otvoriti u Notepad-u Iskopiraj dobijeni log u temu na forumu.

Profil

Evian Poslao: 07 Apr 2009 14:50 Idi na vrh
offline Evian Novi MyCity građanin Pridružio: 06 Apr 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvoli(te) i hvala: --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : PC ( Administrator ) BOOT : Normal boot Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated) Firewall : NVIDIA Firewall 1.0 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go) D:\ (Local Disk) - NTFS - Total:119 Go (Free:7 Go) E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) "C:\Lop SD" ( MAJ : 19-12-2008\|23:40 ) Option : [1] ( Mon 04/06/2009\|22:39 ) --------------------\\ Listing folders in APPLIC~1 [01/17/2008\|05:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ACD Systems [02/08/2008\|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe [01/21/2008\|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer [01/17/2008\|01:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI [01/17/2008\|04:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink [04/06/2009\|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DivoGames [04/06/2009\|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EmailNotifier [01/28/2008\|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP [11/09/2008\|01:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IM [11/09/2008\|01:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IncrediMail [03/06/2009\|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [04/06/2009\|12:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Shim Cdrom Cast Surf [04/05/2009\|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP [03/27/2008\|01:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia [11/05/2008\|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller [01/15/2008\|02:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [04/05/2009\|10:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [04/05/2009\|10:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft [01/17/2008\|05:10] C:\DOCUME~1\PC\APPLIC~1\<DIR> ACD Systems [12/03/2008\|01:41] C:\DOCUME~1\PC\APPLIC~1\<DIR> Adobe [01/21/2008\|12:15] C:\DOCUME~1\PC\APPLIC~1\<DIR> Apple Computer [01/17/2008\|01:18] C:\DOCUME~1\PC\APPLIC~1\<DIR> ATI [04/06/2009\|06:03] C:\DOCUME~1\PC\APPLIC~1\<DIR> cast comp second [01/21/2008\|12:07] C:\DOCUME~1\PC\APPLIC~1\<DIR> CyberLink [01/20/2008\|11:10] C:\DOCUME~1\PC\APPLIC~1\<DIR> DivX [12/22/2008\|06:13] C:\DOCUME~1\PC\APPLIC~1\<DIR> GetRightToGo [02/20/2008\|01:59] C:\DOCUME~1\PC\APPLIC~1\<DIR> Help [01/28/2008\|01:36] C:\DOCUME~1\PC\APPLIC~1\<DIR> HP [01/15/2008\|03:22] C:\DOCUME~1\PC\APPLIC~1\<DIR> Identities [12/29/2008\|03:37] C:\DOCUME~1\PC\APPLIC~1\<DIR> Image Zone Express [02/17/2009\|01:00] C:\DOCUME~1\PC\APPLIC~1\<DIR> Lavasoft [01/22/2008\|04:43] C:\DOCUME~1\PC\APPLIC~1\<DIR> Macromedia [01/20/2008\|11:58] C:\DOCUME~1\PC\APPLIC~1\<DIR> Media Player Classic [04/05/2009\|08:07] C:\DOCUME~1\PC\APPLIC~1\<DIR> MegauploadToolbar [02/15/2009\|06:37] C:\DOCUME~1\PC\APPLIC~1\<DIR> Microsoft [01/22/2008\|01:32] C:\DOCUME~1\PC\APPLIC~1\<DIR> Mozilla [01/17/2008\|05:06] C:\DOCUME~1\PC\APPLIC~1\<DIR> RadLight Company [02/17/2008\|07:32] C:\DOCUME~1\PC\APPLIC~1\<DIR> Sun [01/20/2008\|11:05] C:\DOCUME~1\PC\APPLIC~1\<DIR> Winamp [11/05/2008\|10:32] C:\DOCUME~1\PC\APPLIC~1\<DIR> zweitgeist --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [04/06/2009 10:00 PM][--ah-----] C:\WINDOWS\tasks\B566A7AF91855373.job [01/21/2008 12:11 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [04/06/2009 09:46 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/04/2004 03:07 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini ( B566A7AF91855373.job )=( c:\docume~1\pc\applic~1\castco~1\wmafunkfile.exe ) --------------------\\ Listing Folders in C:\Program Files [01/17/2008\|05:08] C:\Program Files\<DIR> ACD Systems [07/07/2008\|11:51] C:\Program Files\<DIR> Adobe [01/17/2008\|04:57] C:\Program Files\<DIR> Ahead [01/21/2008\|12:11] C:\Program Files\<DIR> Apple Software Update [04/06/2009\|12:25] C:\Program Files\<DIR> AskTBar [01/17/2008\|01:08] C:\Program Files\<DIR> ATI Technologies [03/27/2008\|02:27] C:\Program Files\<DIR> Autodesk [01/17/2008\|12:45] C:\Program Files\<DIR> AvRack [04/06/2009\|12:25] C:\Program Files\<DIR> cast comp second [04/06/2009\|09:44] C:\Program Files\<DIR> Common Files [01/15/2008\|02:53] C:\Program Files\<DIR> ComPlus Applications [01/17/2008\|04:55] C:\Program Files\<DIR> CyberLink [01/20/2008\|11:20] C:\Program Files\<DIR> DivX [01/07/2009\|06:19] C:\Program Files\<DIR> EA GAMES [04/05/2009\|08:07] C:\Program Files\<DIR> Enigma Software Group [04/05/2009\|10:12] C:\Program Files\<DIR> ESET [01/21/2008\|12:12] C:\Program Files\<DIR> Flash Movie Player [01/21/2008\|12:12] C:\Program Files\<DIR> FLVPlayer [02/26/2009\|08:53] C:\Program Files\<DIR> FreeGamePick.com [02/24/2009\|11:30] C:\Program Files\<DIR> FunPause Atlantis [04/06/2009\|12:25] C:\Program Files\<DIR> Grisoft [01/21/2008\|10:54] C:\Program Files\<DIR> Hewlett Packard [01/21/2008\|10:52] C:\Program Files\<DIR> Hewlett-Packard [01/28/2008\|01:32] C:\Program Files\<DIR> HP [03/30/2009\|10:50] C:\Program Files\<DIR> InstallShield Installation Information [12/10/2008\|04:41] C:\Program Files\<DIR> Internet Explorer [01/29/2008\|10:12] C:\Program Files\<DIR> Java [01/17/2008\|05:06] C:\Program Files\<DIR> K-Lite Codec Pack [03/05/2008\|06:02] C:\Program Files\<DIR> MegauploadToolbar [09/07/2008\|12:17] C:\Program Files\<DIR> Messenger [01/17/2008\|05:16] C:\Program Files\<DIR> Microsoft ActiveSync [11/07/2008\|11:47] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2 [01/15/2008\|02:57] C:\Program Files\<DIR> microsoft frontpage [12/22/2008\|06:24] C:\Program Files\<DIR> Microsoft Office [11/05/2008\|12:50] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition [01/17/2008\|05:15] C:\Program Files\<DIR> Microsoft Visual Studio [01/17/2008\|05:15] C:\Program Files\<DIR> Microsoft Works [01/17/2008\|05:15] C:\Program Files\<DIR> Microsoft.NET [01/15/2008\|02:54] C:\Program Files\<DIR> Movie Maker [04/06/2009\|09:51] C:\Program Files\<DIR> Mozilla Firefox [12/22/2008\|06:24] C:\Program Files\<DIR> MSECache [01/20/2008\|10:07] C:\Program Files\<DIR> MSN [01/15/2008\|02:53] C:\Program Files\<DIR> MSN Gaming Zone [01/23/2008\|02:31] C:\Program Files\<DIR> MSXML 4.0 [04/06/2009\|12:25] C:\Program Files\<DIR> My Company Name [01/15/2008\|02:55] C:\Program Files\<DIR> NetMeeting [03/27/2008\|02:27] C:\Program Files\<DIR> Netscape [01/17/2008\|12:43] C:\Program Files\<DIR> NVIDIA Corporation [01/17/2008\|05:05] C:\Program Files\<DIR> On2 Technologies [01/15/2008\|02:53] C:\Program Files\<DIR> Online Services [01/23/2008\|02:35] C:\Program Files\<DIR> Outlook Express [11/05/2008\|05:40] C:\Program Files\<DIR> QuickTime [01/17/2008\|05:06] C:\Program Files\<DIR> RadLight Company [01/17/2008\|05:00] C:\Program Files\<DIR> Real [01/17/2008\|12:45] C:\Program Files\<DIR> Realtek AC97 [01/17/2008\|12:45] C:\Program Files\<DIR> Realtek Sound Manager [04/05/2009\|05:21] C:\Program Files\<DIR> Registry Mechanic [11/14/2008\|07:08] C:\Program Files\<DIR> Rockstar Games [01/21/2008\|11:41] C:\Program Files\<DIR> SAGEM [05/25/2008\|04:46] C:\Program Files\<DIR> Screamer Radio [04/06/2009\|12:25] C:\Program Files\<DIR> Stardock [01/15/2008\|03:22] C:\Program Files\<DIR> Uninstall Information [04/06/2009\|12:25] C:\Program Files\<DIR> weblin [01/17/2008\|04:54] C:\Program Files\<DIR> Winamp [11/05/2008\|10:34] C:\Program Files\<DIR> Windows Live [01/23/2008\|02:36] C:\Program Files\<DIR> Windows Media Player [01/15/2008\|02:53] C:\Program Files\<DIR> Windows NT [01/15/2008\|02:56] C:\Program Files\<DIR> WindowsUpdate [02/16/2009\|08:00] C:\Program Files\<DIR> WinRAR [01/17/2008\|04:53] C:\Program Files\<DIR> WinZip [01/15/2008\|02:57] C:\Program Files\<DIR> xerox [01/23/2008\|02:14] C:\Program Files\<DIR> Zuma Deluxe --------------------\\ Listing Folders in C:\Program Files\Common Files [01/17/2008\|05:08] C:\Program Files\Common Files\<DIR> ACD Systems [07/07/2008\|11:51] C:\Program Files\Common Files\<DIR> Adobe [01/17/2008\|04:57] C:\Program Files\Common Files\<DIR> Ahead [01/17/2008\|05:16] C:\Program Files\Common Files\<DIR> DESIGNER [01/28/2008\|01:32] C:\Program Files\Common Files\<DIR> HP [01/17/2008\|01:07] C:\Program Files\Common Files\<DIR> InstallShield [01/29/2008\|10:07] C:\Program Files\Common Files\<DIR> Java [01/17/2008\|05:16] C:\Program Files\Common Files\<DIR> L&H [03/13/2009\|08:30] C:\Program Files\Common Files\<DIR> Microsoft Shared [01/15/2008\|02:55] C:\Program Files\Common Files\<DIR> MSSoap [01/15/2008\|03:34] C:\Program Files\Common Files\<DIR> ODBC [01/15/2008\|02:55] C:\Program Files\Common Files\<DIR> Services [01/15/2008\|03:34] C:\Program Files\Common Files\<DIR> SpeechEngines [01/06/2009\|07:40] C:\Program Files\Common Files\<DIR> SWF Studio [01/23/2008\|02:35] C:\Program Files\Common Files\<DIR> System [11/05/2008\|12:40] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller [01/21/2008\|10:53] C:\Program Files\Common Files\<DIR> Wise Installation Wizard --------------------\\ Process ( 40 Processes ) ... OK ! --------------------\\ Searching with S_Lop C:\DOCUME~1\PC\APPLIC~1\CASTCO~1 C:\DOCUME~1\PC\APPLIC~1\CASTCO~1\aqhevchg.exe C:\DOCUME~1\PC\APPLIC~1\CASTCO~1\bczkvuwf.exe C:\DOCUME~1\PC\APPLIC~1\CASTCO~1\dzdhsbwy.exe C:\DOCUME~1\PC\APPLIC~1\CASTCO~1\oxcairgc.exe C:\DOCUME~1\PC\APPLIC~1\CASTCO~1\Vc Mail.exe C:\DOCUME~1\PC\APPLIC~1\CASTCO~1\wma funk file.exe --------------------\\ Searching for Lop Files - Folders C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf\Bat Chic.exe C:\DOCUME~1\PC\APPLIC~1\castco~1 C:\DOCUME~1\PC\APPLIC~1\castco~1\aqhevchg.exe C:\DOCUME~1\PC\APPLIC~1\castco~1\bczkvuwf.exe C:\DOCUME~1\PC\APPLIC~1\castco~1\dzdhsbwy.exe C:\DOCUME~1\PC\APPLIC~1\castco~1\oxcairgc.exe C:\DOCUME~1\PC\APPLIC~1\castco~1\Vc Mail.exe C:\DOCUME~1\PC\APPLIC~1\castco~1\wma funk file.exe C:\Program Files\castco~1 C:\WINDOWS\Tasks\B566A7AF91855373.job --------------------\\ Searching within the Registry [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BoobDoesWin] "DisplayName"="CiD Help" "UninstallString"="C:\\DOCUME~1\\PC\\APPLIC~1\\CASTCO~1\\Vc Mail.exe -uninstall" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "less hope"="C:\\DOCUME~1\\PC\\APPLIC~1\\CASTCO~1\\Vc Mail.exe" "less hope"="C:\\DOCUME~1\\PC\\APPLIC~1\\CASTCO~1\\Vc Mail.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-04-06 22:40:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 2 --------------------\\ Searching for other infections --------------------\\ (zabranjeno)s & Keygens .. C:\DOCUME~1\PC\Desktop\S\(zabranjeno) C:\DOCUME~1\PC\Desktop\S\(zabranjeno)\Sims2.exe [F:6][D:0]-> C:\DOCUME~1\PC\LOCALS~1\Temp [F:7][D:0]-> C:\DOCUME~1\PC\Cookies [F:2][D:0]-> C:\DOCUME~1\PC\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Mon 04/06/2009\|22:42 - Option : [1] --------------------\\ Scan completed at 22:42:16 Dopuna: 07 Apr 2009 14:50 Evo sta mi je NOD32 izbacio: File: C:\System Volume Information\_restore{9B5E8DDC-C6AE-40FD-B0D5-FED...\A0033048.exe Threat: a variant of Win32/TrojanDownloader.Swizzor.NBF trojan Event occured on a file modified by the application: C:\WINOWS\System32\svchost.exe

Profil

helen1 Poslao: 07 Apr 2009 18:30 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8652 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovo ćemo koristiti program Lop S&D. Dvoklikom pokreni LopSD.exe Na prvom ekranu odaberi jezik kucajući E i Enter a zatim klikni OK Odaberi opciju 2 - Fix + Hosts kucajući 2 i Enter Sačekaj da program završi skeniranje/čišćenje Na kraju procesa, log C:\LopR.txt će se otvoriti u Notepad-u Iskopiraj dobijeni log u temu na forumu.

Profil

Evian Poslao: 07 Apr 2009 19:51 Idi na vrh
offline Evian Novi MyCity građanin Pridružio: 06 Apr 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo...i sve vreme mi je javljao dok sam to skenirala da imam zarazu! I to C:\Lop SD\Backup-Lop\DOCUME~1\PC\APPLIC~1\CASTCO~1\wma funk file.exe kao i onaj VC Mail + jos 4 pomenuta sa "cudnim" nazivima! LOG: --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : PC ( Administrator ) BOOT : Normal boot Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated) Firewall : NVIDIA Firewall 1.0 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go) D:\ (Local Disk) - NTFS - Total:119 Go (Free:7 Go) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008\|23:40 ) Option : [2] ( Tue 04/07/2009\|19:41 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf\Bat Chic.exe Deleted! - C:\DOCUME~1\PC\APPLIC~1\castco~1\aqhevchg.exe Deleted! - C:\DOCUME~1\PC\APPLIC~1\castco~1\bczkvuwf.exe Deleted! - C:\DOCUME~1\PC\APPLIC~1\castco~1\dzdhsbwy.exe Deleted! - C:\DOCUME~1\PC\APPLIC~1\castco~1\oxcairgc.exe Deleted! - C:\DOCUME~1\PC\APPLIC~1\castco~1\Vc Mail.exe Deleted! - C:\DOCUME~1\PC\APPLIC~1\castco~1\wma funk file.exe Deleted! - C:\WINDOWS\Tasks\B566A7AF91855373.job Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf Deleted! - C:\DOCUME~1\PC\APPLIC~1\castco~1 Deleted! - C:\Program Files\castco~1 - [ Hosts file ] .. Restored! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing folders in APPLIC~1 [01/17/2008\|05:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ACD Systems [02/08/2008\|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe [01/21/2008\|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer [01/17/2008\|01:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI [01/17/2008\|04:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink [04/06/2009\|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DivoGames [04/06/2009\|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EmailNotifier [01/28/2008\|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP [11/09/2008\|01:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IM [11/09/2008\|01:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IncrediMail [03/06/2009\|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [04/05/2009\|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP [03/27/2008\|01:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia [11/05/2008\|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller [01/15/2008\|02:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [04/05/2009\|10:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [04/05/2009\|10:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft [01/17/2008\|05:10] C:\DOCUME~1\PC\APPLIC~1\<DIR> ACD Systems [12/03/2008\|01:41] C:\DOCUME~1\PC\APPLIC~1\<DIR> Adobe [01/21/2008\|12:15] C:\DOCUME~1\PC\APPLIC~1\<DIR> Apple Computer [01/17/2008\|01:18] C:\DOCUME~1\PC\APPLIC~1\<DIR> ATI [01/21/2008\|12:07] C:\DOCUME~1\PC\APPLIC~1\<DIR> CyberLink [01/20/2008\|11:10] C:\DOCUME~1\PC\APPLIC~1\<DIR> DivX [12/22/2008\|06:13] C:\DOCUME~1\PC\APPLIC~1\<DIR> GetRightToGo [02/20/2008\|01:59] C:\DOCUME~1\PC\APPLIC~1\<DIR> Help [01/28/2008\|01:36] C:\DOCUME~1\PC\APPLIC~1\<DIR> HP [01/15/2008\|03:22] C:\DOCUME~1\PC\APPLIC~1\<DIR> Identities [12/29/2008\|03:37] C:\DOCUME~1\PC\APPLIC~1\<DIR> Image Zone Express [02/17/2009\|01:00] C:\DOCUME~1\PC\APPLIC~1\<DIR> Lavasoft [01/22/2008\|04:43] C:\DOCUME~1\PC\APPLIC~1\<DIR> Macromedia [01/20/2008\|11:58] C:\DOCUME~1\PC\APPLIC~1\<DIR> Media Player Classic [04/05/2009\|08:07] C:\DOCUME~1\PC\APPLIC~1\<DIR> MegauploadToolbar [02/15/2009\|06:37] C:\DOCUME~1\PC\APPLIC~1\<DIR> Microsoft [01/22/2008\|01:32] C:\DOCUME~1\PC\APPLIC~1\<DIR> Mozilla [01/17/2008\|05:06] C:\DOCUME~1\PC\APPLIC~1\<DIR> RadLight Company [02/17/2008\|07:32] C:\DOCUME~1\PC\APPLIC~1\<DIR> Sun [01/20/2008\|11:05] C:\DOCUME~1\PC\APPLIC~1\<DIR> Winamp [11/05/2008\|10:32] C:\DOCUME~1\PC\APPLIC~1\<DIR> zweitgeist --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [01/21/2008 12:11 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [04/07/2009 07:38 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/04/2004 03:07 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [01/17/2008\|05:08] C:\Program Files\<DIR> ACD Systems [07/07/2008\|11:51] C:\Program Files\<DIR> Adobe [01/17/2008\|04:57] C:\Program Files\<DIR> Ahead [01/21/2008\|12:11] C:\Program Files\<DIR> Apple Software Update [04/06/2009\|12:25] C:\Program Files\<DIR> AskTBar [01/17/2008\|01:08] C:\Program Files\<DIR> ATI Technologies [03/27/2008\|02:27] C:\Program Files\<DIR> Autodesk [01/17/2008\|12:45] C:\Program Files\<DIR> AvRack [04/06/2009\|09:44] C:\Program Files\<DIR> Common Files [01/15/2008\|02:53] C:\Program Files\<DIR> ComPlus Applications [01/17/2008\|04:55] C:\Program Files\<DIR> CyberLink [01/20/2008\|11:20] C:\Program Files\<DIR> DivX [01/07/2009\|06:19] C:\Program Files\<DIR> EA GAMES [04/05/2009\|08:07] C:\Program Files\<DIR> Enigma Software Group [04/05/2009\|10:12] C:\Program Files\<DIR> ESET [01/21/2008\|12:12] C:\Program Files\<DIR> Flash Movie Player [01/21/2008\|12:12] C:\Program Files\<DIR> FLVPlayer [02/26/2009\|08:53] C:\Program Files\<DIR> FreeGamePick.com [02/24/2009\|11:30] C:\Program Files\<DIR> FunPause Atlantis [04/06/2009\|12:25] C:\Program Files\<DIR> Grisoft [01/21/2008\|10:54] C:\Program Files\<DIR> Hewlett Packard [01/21/2008\|10:52] C:\Program Files\<DIR> Hewlett-Packard [01/28/2008\|01:32] C:\Program Files\<DIR> HP [03/30/2009\|10:50] C:\Program Files\<DIR> InstallShield Installation Information [12/10/2008\|04:41] C:\Program Files\<DIR> Internet Explorer [01/29/2008\|10:12] C:\Program Files\<DIR> Java [01/17/2008\|05:06] C:\Program Files\<DIR> K-Lite Codec Pack [03/05/2008\|06:02] C:\Program Files\<DIR> MegauploadToolbar [09/07/2008\|12:17] C:\Program Files\<DIR> Messenger [01/17/2008\|05:16] C:\Program Files\<DIR> Microsoft ActiveSync [11/07/2008\|11:47] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2 [01/15/2008\|02:57] C:\Program Files\<DIR> microsoft frontpage [12/22/2008\|06:24] C:\Program Files\<DIR> Microsoft Office [11/05/2008\|12:50] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition [01/17/2008\|05:15] C:\Program Files\<DIR> Microsoft Visual Studio [01/17/2008\|05:15] C:\Program Files\<DIR> Microsoft Works [01/17/2008\|05:15] C:\Program Files\<DIR> Microsoft.NET [01/15/2008\|02:54] C:\Program Files\<DIR> Movie Maker [04/07/2009\|07:39] C:\Program Files\<DIR> Mozilla Firefox [12/22/2008\|06:24] C:\Program Files\<DIR> MSECache [01/20/2008\|10:07] C:\Program Files\<DIR> MSN [01/15/2008\|02:53] C:\Program Files\<DIR> MSN Gaming Zone [01/23/2008\|02:31] C:\Program Files\<DIR> MSXML 4.0 [04/06/2009\|12:25] C:\Program Files\<DIR> My Company Name [01/15/2008\|02:55] C:\Program Files\<DIR> NetMeeting [03/27/2008\|02:27] C:\Program Files\<DIR> Netscape [01/17/2008\|12:43] C:\Program Files\<DIR> NVIDIA Corporation [01/17/2008\|05:05] C:\Program Files\<DIR> On2 Technologies [01/15/2008\|02:53] C:\Program Files\<DIR> Online Services [01/23/2008\|02:35] C:\Program Files\<DIR> Outlook Express [11/05/2008\|05:40] C:\Program Files\<DIR> QuickTime [01/17/2008\|05:06] C:\Program Files\<DIR> RadLight Company [01/17/2008\|05:00] C:\Program Files\<DIR> Real [01/17/2008\|12:45] C:\Program Files\<DIR> Realtek AC97 [01/17/2008\|12:45] C:\Program Files\<DIR> Realtek Sound Manager [04/05/2009\|05:21] C:\Program Files\<DIR> Registry Mechanic [11/14/2008\|07:08] C:\Program Files\<DIR> Rockstar Games [01/21/2008\|11:41] C:\Program Files\<DIR> SAGEM [05/25/2008\|04:46] C:\Program Files\<DIR> Screamer Radio [04/06/2009\|12:25] C:\Program Files\<DIR> Stardock [01/15/2008\|03:22] C:\Program Files\<DIR> Uninstall Information [04/06/2009\|12:25] C:\Program Files\<DIR> weblin [01/17/2008\|04:54] C:\Program Files\<DIR> Winamp [11/05/2008\|10:34] C:\Program Files\<DIR> Windows Live [01/23/2008\|02:36] C:\Program Files\<DIR> Windows Media Player [01/15/2008\|02:53] C:\Program Files\<DIR> Windows NT [01/15/2008\|02:56] C:\Program Files\<DIR> WindowsUpdate [02/16/2009\|08:00] C:\Program Files\<DIR> WinRAR [01/17/2008\|04:53] C:\Program Files\<DIR> WinZip [01/15/2008\|02:57] C:\Program Files\<DIR> xerox [01/23/2008\|02:14] C:\Program Files\<DIR> Zuma Deluxe --------------------\\ Listing Folders in C:\Program Files\Common Files [01/17/2008\|05:08] C:\Program Files\Common Files\<DIR> ACD Systems [07/07/2008\|11:51] C:\Program Files\Common Files\<DIR> Adobe [01/17/2008\|04:57] C:\Program Files\Common Files\<DIR> Ahead [01/17/2008\|05:16] C:\Program Files\Common Files\<DIR> DESIGNER [01/28/2008\|01:32] C:\Program Files\Common Files\<DIR> HP [01/17/2008\|01:07] C:\Program Files\Common Files\<DIR> InstallShield [01/29/2008\|10:07] C:\Program Files\Common Files\<DIR> Java [01/17/2008\|05:16] C:\Program Files\Common Files\<DIR> L&H [03/13/2009\|08:30] C:\Program Files\Common Files\<DIR> Microsoft Shared [01/15/2008\|02:55] C:\Program Files\Common Files\<DIR> MSSoap [01/15/2008\|03:34] C:\Program Files\Common Files\<DIR> ODBC [01/15/2008\|02:55] C:\Program Files\Common Files\<DIR> Services [01/15/2008\|03:34] C:\Program Files\Common Files\<DIR> SpeechEngines [01/06/2009\|07:40] C:\Program Files\Common Files\<DIR> SWF Studio [01/23/2008\|02:35] C:\Program Files\Common Files\<DIR> System [11/05/2008\|12:40] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller [01/21/2008\|10:53] C:\Program Files\Common Files\<DIR> Wise Installation Wizard --------------------\\ Process ( 41 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders No Lop folder found ! --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-04-07 19:42:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 2 --------------------\\ Searching for other infections --------------------\\ (zabranjeno)s & Keygens .. C:\DOCUME~1\PC\Desktop\S\(zabranjeno) C:\DOCUME~1\PC\Desktop\S\(zabranjeno)\Sims2.exe [F:5][D:4]-> C:\DOCUME~1\PC\LOCALS~1\Temp [F:7][D:0]-> C:\DOCUME~1\PC\Cookies [F:364][D:4]-> C:\DOCUME~1\PC\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Mon 04/06/2009\|22:42 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - Tue 04/07/2009\|19:44 - Option : [2] --------------------\\ Scan completed at 19:44:29

Profil

helen1 Poslao: 07 Apr 2009 20:04 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8652 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradi sledece: Klikni Start > Run i kucaj: notepad C:\WINDOWS\tasks\SA.DAT kopiraj mi sadrzaj fajla.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Zaraza, bolest koja izmice kontroli...

Ko je trenutno na forumu

Ukupno su 2030 korisnika na forumu :: 118 registrovanih, 11 sakrivenih i 1901 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 10x10.9, 33 bren, 357magnum, Agape, Akiro, aleksamaki, aleph_one, amaterSRB, annon, belov, Ben Roj, branko7, BrcakRS, brundo65, bunker, Burovnyak, cakija, CCCP, Cicumile, Cirkon, Colt D, dano, darkdruid72, darkkran, dekan.m, Djokislav, djonsule, Djuza, DonRumataEstorski, Dorijan Grej, Dovla 1980, dradex, Draganeli, dusanobr, Ercomero, gaga23, ghoost, GrobarPovratak, GveX, halkin gol, Haris, icemilos, istina, Ivan Campo, ivan1973, ivran064, Jager715510, JK, Jomini, K a s p e r, kaisarevic1, Klass, Kruger, Krusarac, Kubovac, Kvazar, kybonacci, laki_bb, lcc, littlebunny, Lucky 6, luja, Magarac, marko.markovic, MaschinenPistole, mat, mercedesamg, metallac777, Mihajlo, milbos, milimoj, Milometer, milos.cbr, Milos1389, Miškić, Mićko, mm1811, nebidrag, nebkv, nemkea71, nenooo, neutrino, Ns1975, pablojepao, Parker, pein, Pero Petković, Pilipenda, pisac12, pobeda, proka89, Qvazimodo, raketaš, raptorsi, Redred, redstar72, S94, sickmouse, Smiljkovich, SOVO515, sreckop, st4nk3la, TangoSix, tubular, ujke, vathra, VJ, Vlado82, Vladoj, vobo, vojnik švejk, yrraf, zeka013, zgoljo, Zigi757, Zjmc, |_MeD_|, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by