MyCity » Ambulanta -> Arhiva Ambulante » pregled racunara

pregled racunara

Napisano na dan: 22.2.2009

Strana:
1
2

pregled racunara

Sledeća strana

Pagination

Odgovori

Strana:
1
2

slajad Poslao: 22 Feb 2009 10:45 Idi na vrh
offline slajad Građanin Pridružio: 26 Apr 2007 Poruke: 34	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:40:38 AM, on 2/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MyFreeWeather\myweather.exe C:\Program Files\uTorrent\uTorrent.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Eset\nod32krn.exe C:\app\Administrator\product\11.1.0\client_1\bin\omtsreco.exe c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Desktop\slax\slax.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [myweather] "C:\Program Files\MyFreeWeather\myweather.exe" /autorun O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\VISUAL~1\NTXcontext.htm O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici] O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\VISUAL~1\NTXtoolbar.htm (HKCU) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici] O17 - HKLM\System\CCS\Services\Tcpip\..\{04E231F6-8A30-4146-92AB-957F56D698AD}: NameServer = 81.93.89.195,81.93.89.194 O17 - HKLM\System\CS1\Services\Tcpip\..\{04E231F6-8A30-4146-92AB-957F56D698AD}: NameServer = 81.93.89.195,81.93.89.194 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\app\Administrator\product\11.1.0\client_1\bin\omtsreco.exe O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe -- End of file - 6831 bytes

Profil

bobby Poslao: 22 Feb 2009 11:42 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! A na sta se to konkretno zalis?

Profil

slajad Poslao: 22 Feb 2009 11:47 Idi na vrh
offline slajad Građanin Pridružio: 26 Apr 2007 Poruke: 34	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! radi usporeno i da li ima virusa prikljucivao sam zarazene usb.

Profil

bobby Poslao: 22 Feb 2009 11:52 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

slajad Poslao: 22 Feb 2009 12:27 Idi na vrh
offline slajad Građanin Pridružio: 26 Apr 2007 Poruke: 34	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-02-21.01 - Administrator 2009-02-22 12:20:02.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.759.403 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 On-access scanning enabled (Updated) * Resident AV is active . ((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 ))))))))))))))))))))))))))))))) . 2009-02-20 11:17 . 2009-02-20 11:17 <DIR> d-------- c:\program files\7-Zip 2009-02-18 18:24 . 2009-02-18 18:24 <DIR> d--h----- c:\windows\system32\GroupPolicy 2009-02-17 12:50 . 2009-02-17 12:50 <DIR> d-------- c:\windows\system32\scripting 2009-02-17 12:50 . 2009-02-17 12:50 <DIR> d-------- c:\windows\system32\en 2009-02-17 12:50 . 2009-02-17 12:50 <DIR> d-------- c:\windows\system32\bits 2009-02-17 12:50 . 2009-02-17 12:50 <DIR> d-------- c:\windows\l2schemas 2009-02-17 12:42 . 2009-02-17 12:42 <DIR> d-------- c:\windows\ServicePackFiles 2009-02-14 13:27 . 2009-02-14 13:35 189,924,970 --a------ C:\grafika.rar 2009-02-14 10:18 . 2009-02-14 10:18 <DIR> d-------- c:\program files\CCleaner 2009-02-14 09:41 . 2009-02-14 09:41 <DIR> d-------- c:\program files\Bit Che 2009-02-14 09:41 . 2009-02-14 09:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Convivea 2009-02-13 15:07 . 2009-02-13 15:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SSH 2009-02-13 14:56 . 2009-02-13 14:56 <DIR> d-------- c:\program files\SSH Communications Security 2009-02-13 10:05 . 2009-02-13 10:05 118 --a------ c:\windows\system32\MRT.INI 2009-02-11 12:01 . 2009-02-11 12:01 <DIR> d-------- c:\program files\FDRLab . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-22 11:17 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-02-22 10:23 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-02-17 10:50 --------- d-----w c:\program files\MyFreeWeather 2009-02-13 13:56 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-13 09:12 --------- d-----w c:\program files\Common Files\Adobe 2009-01-16 20:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll 2008-12-23 07:50 --------- d-----w c:\program files\Common Files\Macromedia 2008-12-23 07:49 --------- d-----w c:\program files\Macromedia 2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-12-12 08:58 520,192 ----a-w c:\windows\system32\Dexter Screen Saver.scr 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2008-11-25 17:07 5,429 ----a-w c:\windows\Sysnv32.dll 1999-04-23 22:22 12 --sha-w c:\windows\system\WININETICMP32.drv . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2009-02-18 09:55:58 239,424 ----a-w c:\windows\system32\inetsrv\MetaBase.bin + 2009-02-20 15:24:14 239,422 ----a-w c:\windows\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-08-05 1610264] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] 2008-08-05 02:13 1610264 --a------ c:\program files\MyPlayCity\tbMyPl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-08-05 1610264] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-08-05 1610264] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "myweather"="c:\program files\MyFreeWeather\myweather.exe" [2009-01-22 1585152] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-02-11 270128] "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-02 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-28 949376] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\myweather] --a------ 2009-01-22 21:51 1585152 c:\program files\MyFreeWeather\MyWeather.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh] --a------ 2003-11-06 16:22 524800 c:\program files\Compaq\SetRefresh\SetRefresh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean] --ah----- 2001-07-24 22:34 36864 c:\cpqs\scom\srmclean.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-04 00:02 36352 c:\program files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre1.6.0_05\\bin\\java.exe"= "c:\\Program Files\\Java\\jdk1.6.0_05\\bin\\java.exe"= "c:\\Program Files\\Java\\jdk1.6.0_05\\jre\\bin\\java.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP::Disabled:@xpsp2res.dll,-22009 R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-03-28 15424] R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?] R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2006-02-01 204800] S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [2007-09-04 55664] S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a551df2-0797-11dd-8008-000ffe128688}] \Shell\AutoRun\command - E:\ur0.com \Shell\open\Command - E:\ur0.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e17bdc7-f9ae-11dd-80b4-000ffe128688}] \Shell\AutoRun\command - E:\opgde.exe \Shell\open\Command - E:\opgde.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e17bdcb-f9ae-11dd-80b4-000ffe128688}] \Shell\AutoRun\command - E:\opgde.exe \Shell\open\Command - E:\opgde.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e857e3c4-0d15-11dd-8011-000ffe128688}] \Shell\AutoOpen\command - e:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe . Contents of the 'Scheduled Tasks' folder 2009-02-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39] 2009-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2037756552-2343093921-4187683305-500.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-02 10:54] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici]* mSearch Bar = [Link mogu videti samo ulogovani korisnici] IE: &NeoTrace It! - c:\progra~1\VISUAL~1\NTXcontext.htm IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll TCP: {04E231F6-8A30-4146-92AB-957F56D698AD} = 81.93.89.195,81.93.89.194 DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici] FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sk9b4yt2.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1425.4532\npCIDetect13.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-02-22 12:21:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(740) c:\windows\system32\imon.dll . Completion time: 2009-02-22 12:23:34 ComboFix-quarantined-files.txt 2009-02-22 11:23:26 ComboFix2.txt 2009-02-22 11:17:22 ComboFix3.txt 2009-02-18 10:16:22 Pre-Run: 1,419,300,864 bytes free Post-Run: 1,401,729,024 bytes free 161 --- E O F --- 2009-02-18 02:00:41

Profil

bobby Poslao: 22 Feb 2009 12:36 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

slajad Poslao: 22 Feb 2009 12:41 Idi na vrh
offline slajad Građanin Pridružio: 26 Apr 2007 Poruke: 34	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBNoRisk 1.5 by bobby Started at 2/22/2009 12:36:17 PM Scanning for connected USB Mass storage... ---------------------------------------- ======================================== Scanning for other storage... ---------------------------------------- C: {7bb3f11e-fcf9-11dc-89b7-806d6172696f} ======================================== Scanning fixed storage for autorun.inf files... ---------------------------------------- Autorun.inf on C: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for C: No key found for 7bb3f11e-fcf9-11dc-89b7-806d6172696f ======================================== New device connected at 2/22/2009 12:36:58 PM Scanning for connected USB mass storage... ---------------------------------------- E: {08a739b5-ff26-11dd-80b9-000ffe128688} Added E: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on E: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 08a739b5-ff26-11dd-80b9-000ffe128688 ======================================== ---------------------------------------- Desktop.ini on E: - None ---------------------------------------- ======================================== ======================================== Removed E: ======================================== New device connected at 2/22/2009 12:37:03 PM Scanning for connected USB mass storage... ---------------------------------------- E: {08a739b5-ff26-11dd-80b9-000ffe128688} Added E: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on E: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 08a739b5-ff26-11dd-80b9-000ffe128688 ======================================== ---------------------------------------- Desktop.ini on E: - None ---------------------------------------- ======================================== ======================================== Removed E: ======================================== New device connected at 2/22/2009 12:37:05 PM Scanning for connected USB mass storage... ---------------------------------------- E: {08a739b5-ff26-11dd-80b9-000ffe128688} Added E: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on E: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 08a739b5-ff26-11dd-80b9-000ffe128688 ======================================== ---------------------------------------- Desktop.ini on E: - None ---------------------------------------- ======================================== ======================================== Removed E: ========================================

Profil

bobby Poslao: 22 Feb 2009 12:48 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a551df2-0797-11dd-8008-000ffe128688}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e17bdc7-f9ae-11dd-80b4-000ffe128688}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e17bdcb-f9ae-11dd-80b4-000ffe128688}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e857e3c4-0d15-11dd-8011-000ffe128688}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Dopuna: 22 Feb 2009 12:48 Daj mi sledeci fajl na upload da bih ga proverio: c:\windows\Sysnv32.dll Upload uradi preko sledece forme: [Link mogu videti samo ulogovani korisnici]

Profil

slajad Poslao: 22 Feb 2009 12:57 Idi na vrh
offline slajad Građanin Pridružio: 26 Apr 2007 Poruke: 34	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-02-21.01 - Administrator 2009-02-22 12:47:28.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.759.403 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: ESET NOD32 antivirus system 2.70 On-access scanning enabled (Updated) * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 ))))))))))))))))))))))))))))))) . 2009-02-22 12:37 . 2009-02-22 12:38 <DIR> d-------- C:\USBNoRisk 2009-02-20 11:17 . 2009-02-20 11:17 <DIR> d-------- c:\program files\7-Zip 2009-02-18 18:24 . 2009-02-18 18:24 <DIR> d--h----- c:\windows\system32\GroupPolicy 2009-02-17 12:50 . 2009-02-17 12:50 <DIR> d-------- c:\windows\system32\scripting 2009-02-17 12:50 . 2009-02-17 12:50 <DIR> d-------- c:\windows\system32\en 2009-02-17 12:50 . 2009-02-17 12:50 <DIR> d-------- c:\windows\system32\bits 2009-02-17 12:50 . 2009-02-17 12:50 <DIR> d-------- c:\windows\l2schemas 2009-02-17 12:42 . 2009-02-17 12:42 <DIR> d-------- c:\windows\ServicePackFiles 2009-02-14 13:27 . 2009-02-14 13:35 189,924,970 --a------ C:\grafika.rar 2009-02-14 10:18 . 2009-02-14 10:18 <DIR> d-------- c:\program files\CCleaner 2009-02-14 09:41 . 2009-02-14 09:41 <DIR> d-------- c:\program files\Bit Che 2009-02-14 09:41 . 2009-02-14 09:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Convivea 2009-02-13 15:07 . 2009-02-13 15:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SSH 2009-02-13 14:56 . 2009-02-13 14:56 <DIR> d-------- c:\program files\SSH Communications Security 2009-02-13 10:05 . 2009-02-13 10:05 118 --a------ c:\windows\system32\MRT.INI 2009-02-11 12:01 . 2009-02-11 12:01 <DIR> d-------- c:\program files\FDRLab . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-22 11:45 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-02-22 10:23 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-02-17 10:50 --------- d-----w c:\program files\MyFreeWeather 2009-02-13 13:56 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-13 09:12 --------- d-----w c:\program files\Common Files\Adobe 2009-01-16 20:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll 2008-12-23 07:50 --------- d-----w c:\program files\Common Files\Macromedia 2008-12-23 07:49 --------- d-----w c:\program files\Macromedia 2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-12-12 08:58 520,192 ----a-w c:\windows\system32\Dexter Screen Saver.scr 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2008-11-25 17:07 5,429 ----a-w c:\windows\Sysnv32.dll 1999-04-23 22:22 12 --sha-w c:\windows\system\WININETICMP32.drv . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2009-02-18 09:55:58 239,424 ----a-w c:\windows\system32\inetsrv\MetaBase.bin + 2009-02-20 15:24:14 239,422 ----a-w c:\windows\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-08-05 1610264] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] 2008-08-05 02:13 1610264 --a------ c:\program files\MyPlayCity\tbMyPl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-08-05 1610264] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-08-05 1610264] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "myweather"="c:\program files\MyFreeWeather\myweather.exe" [2009-01-22 1585152] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-02-11 270128] "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-02 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-28 949376] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\myweather] --a------ 2009-01-22 21:51 1585152 c:\program files\MyFreeWeather\MyWeather.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh] --a------ 2003-11-06 16:22 524800 c:\program files\Compaq\SetRefresh\SetRefresh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean] --ah----- 2001-07-24 22:34 36864 c:\cpqs\scom\srmclean.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-04 00:02 36352 c:\program files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre1.6.0_05\\bin\\java.exe"= "c:\\Program Files\\Java\\jdk1.6.0_05\\bin\\java.exe"= "c:\\Program Files\\Java\\jdk1.6.0_05\\jre\\bin\\java.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP::Disabled:@xpsp2res.dll,-22009 R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-03-28 15424] R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?] R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2006-02-01 204800] S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [2007-09-04 55664] S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?] . Contents of the 'Scheduled Tasks' folder 2009-02-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39] 2009-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2037756552-2343093921-4187683305-500.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-02 10:54] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici]* mSearch Bar = [Link mogu videti samo ulogovani korisnici] IE: &NeoTrace It! - c:\progra~1\VISUAL~1\NTXcontext.htm IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll TCP: {04E231F6-8A30-4146-92AB-957F56D698AD} = 81.93.89.195,81.93.89.194 DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici] FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sk9b4yt2.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1425.4532\npCIDetect13.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-02-22 12:50:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(740) c:\windows\system32\imon.dll . Completion time: 2009-02-22 12:52:45 ComboFix-quarantined-files.txt 2009-02-22 11:52:38 ComboFix2.txt 2009-02-22 11:23:36 ComboFix3.txt 2009-02-22 11:17:22 ComboFix4.txt 2009-02-18 10:16:22 Pre-Run: 1,413,554,176 bytes free Post-Run: 1,395,552,256 bytes free 153 --- E O F --- 2009-02-18 02:00:41

Profil

bobby Poslao: 22 Feb 2009 15:14 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Propustio si jedan deo moje prethodne poruke. Daj mi sledeci fajl na upload da bih ga proverio: c:\windows\Sysnv32.dll Upload uradi preko sledece forme: [Link mogu videti samo ulogovani korisnici]

Profil

MyCity » Ambulanta -> Arhiva Ambulante » pregled racunara

Ko je trenutno na forumu

Ukupno su 1487 korisnika na forumu :: 116 registrovanih, 10 sakrivenih i 1361 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, Acivi, ALEXV, AS, babaroga, Baždaranac, Bbbggg1979, bigvlada, Bo96, Bobanzd, Boris90, borya90, Botovac, boxbole, branko7, Cirkon, Clouseau, Crazzer, Ctrl x, DalmatinacMF, damirZR, darionis, Darth Malak, debeli, deLacy, desmeki, djonsule, Djota1, dovlafkcz, draganl, dskrlec33, Džekson, elenemste, excentric, famoso, Frunze, Georgius, havoc995, HogarStrashni, ivan979, jon istvan, JOntra, king111, Klass, koneks, lcc, Lester Freamon, littlebunny, ljubo70, Ljusa, Lucky91, lukac, m94j, macak44, Malahit, Marko Marković, Maschinekalibar, mean_machine, metallac777, Metanoja, MGBRBG, Miha79, milanpb, Miler88, Miletić Zoran, Milo97, Milovan Dinic, nazgul75, nebkv, neko iz mase, nelezele, OldKresoje, opt1, Pewac21, pfc74, Pilence, Povratak1912, Prečanin30, proka89, Qvazimodo, RD84, repac, Sale0501, samsung, Shajlok, Sharpshooter, Shilok, SineMileBubaJez, Skakac7, Solunac na steroidima, SOM, sparkie, StankoVrankovic, stibium51, styg, Szigetwar, takini, Tas011, travisrise, Tvrtko I, umpah-pah, VaRvArI 85, vathra, vazduh, VJ, Vlada1389, VonDrobac, Walkers, Warrior, wolverined4, zajcev1, ZlatniRez, Zoran1959, Zrcalo, Zuna77, zvomar

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by