MyCity » Ambulanta -> Arhiva Ambulante » Da li da se ložim na ovo upozorenje?

Da li da se ložim na ovo upozorenje?

Napisano na dan: 1.1.2009

Strana:
1
2

Da li da se ložim na ovo upozorenje?

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Sirius Poslao: 01 Jan 2009 00:44 Idi na vrh
offline Sirius Moderator foruma Sad radim sve ono što pre nisam stizao. Pridružio: 17 Maj 2006 Poruke: 18458 Gde živiš: I ja se pitam...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li sam ja to sreo večeras pogrešnog Deda-Mraza ili je ovo samo još jedno Billy Gates zezanje?

Profil

helen1 Poslao: 01 Jan 2009 00:51 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ajoj, ja pijan, a ti izgleda zarazen. Daj HJT pa cemo da vidimo. Gde ga sad pokupi?

Profil

Sirius Poslao: 01 Jan 2009 01:10 Idi na vrh
offline Sirius Moderator foruma Sad radim sve ono što pre nisam stizao. Pridružio: 17 Maj 2006 Poruke: 18458 Gde živiš: I ja se pitam...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo ga... https://www.mycity.rs/must-login.png Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:04:12, on 1/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\yyy9360.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~tmpb.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~tmpc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=25040 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~tmpb.exe O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\yyy9360.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- End of file - 4583 bytes

Profil

helen1 Poslao: 01 Jan 2009 01:16 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jesi se zarazio: * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. --------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Sirius Poslao: 01 Jan 2009 01:48 Idi na vrh
offline Sirius Moderator foruma Sad radim sve ono što pre nisam stizao. Pridružio: 17 Maj 2006 Poruke: 18458 Gde živiš: I ja se pitam...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo loga: https://www.mycity.rs/must-login.png ComboFix 08-12-30.02 - Administrator 2009-01-01 1:39:53.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.579 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\MbyG8Roy.exe.a_a c:\windows\system32\msxml71.dll . ((((((((((((((((((((((((( Files Created from 2008-12-01 to 2009-01-01 ))))))))))))))))))))))))))))))) . 2009-01-01 01:04 . 2009-01-01 01:04 <DIR> d-------- c:\program files\Trend Micro 2009-01-01 00:22 . 2009-01-01 00:22 <DIR> d-------- c:\program files\WinSnap 2008-12-31 23:46 . 2009-01-01 00:02 73,728 --a------ c:\windows\system32\MbyG8Roy.exe 2008-12-29 19:37 . 2008-12-29 19:37 <DIR> d---s---- c:\documents and settings\Administrator\UserData 2008-12-27 17:03 . 2008-12-27 17:03 <DIR> d-------- c:\program files\Defraggler 2008-12-24 18:59 . 2008-12-24 18:59 <DIR> d-------- c:\program files\Real 2008-12-24 18:59 . 2008-12-24 19:22 <DIR> d-------- c:\program files\Common Files\Real 2008-12-21 17:29 . 2008-12-21 17:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\CyberLink 2008-12-20 15:00 . 2008-12-20 15:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2008-12-18 21:07 . 2008-12-21 18:05 69 --a------ c:\windows\NeroDigital.ini 2008-12-18 17:00 . 2009-01-01 01:02 <DIR> d-------- c:\program files\DNA 2008-12-18 17:00 . 2008-12-18 17:00 <DIR> d-------- c:\program files\BitTorrent 2008-12-18 17:00 . 2009-01-01 01:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DNA 2008-12-18 17:00 . 2008-12-18 17:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BitTorrent 2008-12-16 13:08 . 2008-12-16 13:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink 2008-12-16 12:02 . 2008-12-30 21:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\skypePM 2008-12-16 12:02 . 2008-12-16 12:02 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-12-15 20:04 . 2008-12-15 20:04 <DIR> d-------- c:\program files\Skype 2008-12-15 20:04 . 2008-12-15 20:04 <DIR> d-------- c:\program files\Common Files\Skype 2008-12-15 20:04 . 2008-12-15 20:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2008-12-15 20:04 . 2008-12-30 22:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Skype 2008-12-13 08:09 . 2009-01-01 00:02 131 --a------ c:\windows\CRC.INI 2008-12-13 08:01 . 2008-12-13 08:01 <DIR> d-------- c:\program files\COMODO 2008-12-12 18:30 . 2008-12-12 18:30 <DIR> d-------- c:\program files\Winamp 2008-12-12 18:30 . 2008-12-12 18:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Winamp 2008-12-12 16:24 . 2008-12-12 16:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems 2008-12-12 16:14 . 2008-12-12 16:14 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2008-12-12 13:13 . 2008-12-12 13:13 0 --a------ c:\windows\Ui.INI 2008-12-11 10:03 . 2008-12-11 10:03 0 --a------ c:\windows\nsreg.dat 2008-12-10 22:25 . 2008-12-21 09:37 317,643 --a------ c:\windows\FontData.fdb 2008-12-10 21:59 . 2008-12-10 21:59 <DIR> d-------- c:\program files\Yahoo! 2008-12-10 21:59 . 2008-12-23 14:00 <DIR> d-------- c:\program files\CCleaner 2008-12-10 21:47 . 2008-12-10 21:47 <DIR> d-------- c:\program files\Opera 2008-12-10 21:27 . 2008-12-10 21:27 <DIR> d-------- c:\program files\Common Files\Protexis 2008-12-10 21:27 . 2008-12-12 13:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel 2008-12-10 21:26 . 2008-12-10 21:26 <DIR> d-------- c:\program files\Corel 2008-12-10 21:26 . 2008-12-10 21:26 <DIR> d-------- c:\program files\Common Files\Corel 2008-12-10 21:17 . 2008-12-10 21:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Corel 2008-12-10 21:17 . 2008-12-30 17:09 2,516 --ahs---- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2008-12-10 21:17 . 2008-12-10 21:28 88 -r-hs---- c:\documents and settings\All Users\Application Data\0AB8DB758E.sys 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\program files\Mustek 1200 UB Plus 2008-12-10 20:57 . 2008-12-10 20:57 <DIR> d--h----- c:\program files\InstallShield Installation Information 2008-12-10 20:57 . 2008-12-10 20:57 <DIR> d-------- c:\program files\hp LaserJet 1000 2008-12-10 20:57 . 2002-05-27 13:37 1,953,792 --------- c:\windows\system32\pcldll6l.dll 2008-12-10 20:47 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys 2008-12-10 19:51 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll 2008-12-10 19:50 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys 2008-12-10 19:49 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-12-10 18:36 . 2008-12-10 22:22 <DIR> d-------- c:\program files\Warblade 2008-12-10 18:36 . 2008-12-10 18:36 <DIR> d-------- c:\program files\Phenomedia 2008-12-10 18:35 . 2008-12-10 18:35 <DIR> d-------- C:\SIERRA 2008-12-10 18:35 . 2008-12-10 18:35 <DIR> d-------- c:\program files\Sierra On-Line 2008-12-10 18:35 . 2008-12-10 18:35 <DIR> d-------- c:\program files\Crystal Player 2008-12-10 18:35 . 2008-12-10 18:35 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS 2008-12-10 18:35 . 1998-09-23 16:17 558,592 --a------ c:\windows\system32\SierraNW.dll 2008-12-10 18:35 . 1998-11-17 13:44 328,704 --a------ c:\windows\IsUn0407.exe 2008-12-10 18:35 . 1998-10-02 19:00 327,168 --a------ c:\windows\IsUninst.exe 2008-12-10 18:35 . 1998-09-23 16:17 227,840 --a------ c:\windows\system32\SNWValid.dll 2008-12-10 18:35 . 1998-09-23 16:17 11,104 --a------ c:\windows\system32\SNWVALID.HLP 2008-12-10 18:35 . 2008-12-10 18:35 396 --a------ c:\windows\SIERRA.INI 2008-12-10 18:34 . 2008-12-10 18:34 <DIR> d-------- c:\program files\XviD 2008-12-10 18:34 . 2008-12-10 18:34 <DIR> d-------- c:\program files\Webteh 2008-12-10 18:34 . 2008-12-11 10:54 <DIR> d-------- c:\program files\Google 2008-12-10 18:34 . 2008-12-10 18:34 <DIR> d-------- c:\program files\DivX 2008-12-10 18:34 . 2008-12-10 18:34 <DIR> d-------- c:\program files\AC3Filter 2008-12-10 18:34 . 2005-12-30 20:10 761,856 --a------ c:\windows\system32\xvidcore.dll 2008-12-10 18:34 . 2005-12-30 20:18 180,224 --a------ c:\windows\system32\xvidvfw.dll 2008-12-10 18:34 . 2005-12-30 20:16 77,824 --a------ c:\windows\system32\xvid.ax 2008-12-10 18:33 . 2008-12-10 19:01 <DIR> d-------- c:\program files\ESET 2008-12-10 18:33 . 2008-12-10 18:33 512,096 --a------ c:\windows\system32\drivers\amon.sys 2008-12-10 18:33 . 2008-12-10 18:33 298,104 --a------ c:\windows\system32\imon.dll 2008-12-10 18:33 . 2008-12-10 18:33 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys 2008-12-10 18:26 . 2008-12-22 20:10 <DIR> d-------- C:\Cd 2008-12-10 18:24 . 2002-08-30 12:58 2,166,454 -ra------ c:\windows\system32\drivers\IntelC51.sys 2008-12-10 18:24 . 2002-08-30 12:49 447,921 -ra------ c:\windows\system32\drivers\IntelC52.sys 2008-12-10 18:24 . 2002-08-30 12:58 26,921 -ra------ c:\windows\system32\drivers\IntelC53.sys 2008-12-10 18:24 . 2001-08-17 13:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys 2008-12-10 18:21 . 2008-12-10 18:33 <DIR> d-------- C:\totalcmd 2008-12-10 18:21 . 2008-12-16 13:17 2,326 --a------ c:\windows\wincmd.ini 2008-12-10 18:21 . 2007-09-14 07:02 545 --a------ c:\windows\UC.PIF 2008-12-10 18:21 . 2007-09-14 07:02 545 --a------ c:\windows\RAR.PIF 2008-12-10 18:21 . 2007-09-14 07:02 545 --a------ c:\windows\PKZIP.PIF 2008-12-10 18:21 . 2007-09-14 07:02 545 --a------ c:\windows\PKUNZIP.PIF 2008-12-10 18:21 . 2007-09-14 07:02 545 --a------ c:\windows\NOCLOSE.PIF 2008-12-10 18:21 . 2007-09-14 07:02 545 --a------ c:\windows\LHA.PIF 2008-12-10 18:21 . 2007-09-14 07:02 545 --a------ c:\windows\ARJ.PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-12 15:27 --------- d-----w c:\program files\Common Files\Adobe 2008-12-10 19:57 32,768 ----a-w c:\windows\closewnd.exe 2008-12-10 16:56 --------- d-----w c:\program files\Microsoft.NET 2008-12-10 16:56 --------- d-----w c:\program files\Microsoft ActiveSync 2008-12-10 16:56 --------- d-----w c:\program files\Common Files\L&H 2008-12-10 16:55 --------- d-----w c:\program files\Microsoft Works 2008-12-10 16:53 --------- d-----w c:\program files\CyberLink 2008-12-10 16:53 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-10 16:53 --------- d-----w c:\program files\Common Files\Ahead 2008-12-10 16:53 --------- d-----w c:\program files\Ahead 2008-12-10 16:52 --------- d-----w c:\program files\QuickTime Alternative 2008-12-10 16:52 --------- d-----w c:\program files\Media Player Classic 2008-12-10 16:52 --------- d-----w c:\program files\7-Zip 2008-12-10 16:52 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-10 16:43 --------- d-----w c:\program files\Windows Media Connect 2 2008-12-10 16:43 --------- d-----w c:\program files\Unlocker . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-10 949376] "SoundMan"="SOUNDMAN.EXE" [2005-10-24 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2002-12-31 c:\windows\system32\narrator.exe] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\DRIVERS\nvcchflt.sys [2008-12-10 16640] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-10 15424] Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-12-31 c:\windows\Tasks\At1.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At10.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At11.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At12.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At13.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At14.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At15.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At16.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At17.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At18.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At19.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2009-01-01 c:\windows\Tasks\At2.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At20.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At21.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At22.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At23.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At24.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At25.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2009-01-01 c:\windows\Tasks\At26.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At27.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At28.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At29.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At3.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At30.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At31.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At32.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At33.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At34.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At35.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At36.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At37.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At38.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At39.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At4.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At40.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At41.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At42.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At43.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At44.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At45.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At46.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At47.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At48.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At5.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At6.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At7.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At8.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] 2008-12-31 c:\windows\Tasks\At9.job - c:\windows\system32\MbyG8Roy.exe [2009-01-01 00:02] . . ------- Supplementary Scan ------- . uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wp8gk874.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll ATTENTION: FIREFOX POLICES IS IN FORCE FF - user.js: yahoo.homepage.dontask - true. ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-01 01:40:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(688-) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(748-) c:\windows\system32\imon.dll . Completion time: 2009-01-01 1:41:19 ComboFix-quarantined-files.txt 2009-01-01 00:41:03 Pre-Run: 25,689,960,448 bytes free Post-Run: 25,683,271,680 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff 290

Profil

helen1 Poslao: 01 Jan 2009 02:42 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi program ATF Cleaner i sačuvaj ga na Desktop. Štikliraj Select All i nakon toga klikni na Empty Selected. Kada se pojavi poruka Done Cleaning, zatvori program. --------------------------------- Iskljuci ponovo antivirus: Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\Tasks\At1.job c:\windows\system32\MbyG8Roy.exe c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At25.job c:\windows\Tasks\At26.job c:\windows\Tasks\At27.job c:\windows\Tasks\At28.job c:\windows\Tasks\At29.job c:\windows\Tasks\At3.job c:\windows\Tasks\At30.job c:\windows\Tasks\At31.job c:\windows\Tasks\At32.job c:\windows\Tasks\At33.job c:\windows\Tasks\At34.job c:\windows\Tasks\At35.job c:\windows\Tasks\At36.job c:\windows\Tasks\At37.job c:\windows\Tasks\At38.job c:\windows\Tasks\At39.job c:\windows\Tasks\At4.job c:\windows\Tasks\At40.job c:\windows\Tasks\At41.job c:\windows\Tasks\At42.job c:\windows\Tasks\At43.job c:\windows\Tasks\At44.job c:\windows\Tasks\At45.job c:\windows\Tasks\At46.job c:\windows\Tasks\At47.job c:\windows\Tasks\At48.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Sirius Poslao: 01 Jan 2009 09:14 Idi na vrh
offline Sirius Moderator foruma Sad radim sve ono što pre nisam stizao. Pridružio: 17 Maj 2006 Poruke: 18458 Gde živiš: I ja se pitam...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Urađeno kako si rekao. Evo loga. Sad, pretpostavljam, treba da ponovo uključim AMON? ComboFix 08-12-31.01 - Administrator 2009-01-01 9:05:23.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.655 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Updated) * Created a new restore point FILE :: c:\windows\system32\MbyG8Roy.exe c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At25.job c:\windows\Tasks\At26.job c:\windows\Tasks\At27.job c:\windows\Tasks\At28.job c:\windows\Tasks\At29.job c:\windows\Tasks\At3.job c:\windows\Tasks\At30.job c:\windows\Tasks\At31.job c:\windows\Tasks\At32.job c:\windows\Tasks\At33.job c:\windows\Tasks\At34.job c:\windows\Tasks\At35.job c:\windows\Tasks\At36.job c:\windows\Tasks\At37.job c:\windows\Tasks\At38.job c:\windows\Tasks\At39.job c:\windows\Tasks\At4.job c:\windows\Tasks\At40.job c:\windows\Tasks\At41.job c:\windows\Tasks\At42.job c:\windows\Tasks\At43.job c:\windows\Tasks\At44.job c:\windows\Tasks\At45.job c:\windows\Tasks\At46.job c:\windows\Tasks\At47.job c:\windows\Tasks\At48.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\MbyG8Roy.exe c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At25.job c:\windows\Tasks\At26.job c:\windows\Tasks\At27.job c:\windows\Tasks\At28.job c:\windows\Tasks\At29.job c:\windows\Tasks\At3.job c:\windows\Tasks\At30.job c:\windows\Tasks\At31.job c:\windows\Tasks\At32.job c:\windows\Tasks\At33.job c:\windows\Tasks\At34.job c:\windows\Tasks\At35.job c:\windows\Tasks\At36.job c:\windows\Tasks\At37.job c:\windows\Tasks\At38.job c:\windows\Tasks\At39.job c:\windows\Tasks\At4.job c:\windows\Tasks\At40.job c:\windows\Tasks\At41.job c:\windows\Tasks\At42.job c:\windows\Tasks\At43.job c:\windows\Tasks\At44.job c:\windows\Tasks\At45.job c:\windows\Tasks\At46.job c:\windows\Tasks\At47.job c:\windows\Tasks\At48.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . ((((((((((((((((((((((((( Files Created from 2008-12-01 to 2009-01-01 ))))))))))))))))))))))))))))))) . 2009-01-01 01:04 . 2009-01-01 01:04 <DIR> d-------- c:\program files\Trend Micro 2009-01-01 00:22 . 2009-01-01 00:22 <DIR> d-------- c:\program files\WinSnap 2008-12-29 19:37 . 2008-12-29 19:37 <DIR> d---s---- c:\documents and settings\Administrator\UserData 2008-12-27 17:03 . 2008-12-27 17:03 <DIR> d-------- c:\program files\Defraggler 2008-12-24 18:59 . 2008-12-24 18:59 <DIR> d-------- c:\program files\Real 2008-12-24 18:59 . 2008-12-24 19:22 <DIR> d-------- c:\program files\Common Files\Real 2008-12-21 17:29 . 2008-12-21 17:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\CyberLink 2008-12-20 15:00 . 2008-12-20 15:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2008-12-18 21:07 . 2008-12-21 18:05 69 --a------ c:\windows\NeroDigital.ini 2008-12-18 17:00 . 2009-01-01 08:44 <DIR> d-------- c:\program files\DNA 2008-12-18 17:00 . 2008-12-18 17:00 <DIR> d-------- c:\program files\BitTorrent 2008-12-18 17:00 . 2009-01-01 09:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DNA 2008-12-18 17:00 . 2008-12-18 17:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BitTorrent 2008-12-16 13:08 . 2008-12-16 13:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink 2008-12-16 12:02 . 2008-12-30 21:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\skypePM 2008-12-16 12:02 . 2008-12-16 12:02 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-12-15 20:04 . 2008-12-15 20:04 <DIR> d-------- c:\program files\Skype 2008-12-15 20:04 . 2008-12-15 20:04 <DIR> d-------- c:\program files\Common Files\Skype 2008-12-15 20:04 . 2008-12-15 20:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2008-12-15 20:04 . 2008-12-30 22:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Skype 2008-12-13 08:09 . 2009-01-01 00:02 131 --a------ c:\windows\CRC.INI 2008-12-13 08:01 . 2008-12-13 08:01 <DIR> d-------- c:\program files\COMODO 2008-12-12 18:30 . 2008-12-12 18:30 <DIR> d-------- c:\program files\Winamp 2008-12-12 18:30 . 2008-12-12 18:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Winamp 2008-12-12 16:24 . 2008-12-12 16:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems 2008-12-12 16:14 . 2008-12-12 16:14 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2008-12-12 13:13 . 2008-12-12 13:13 0 --a------ c:\windows\Ui.INI 2008-12-11 10:03 . 2008-12-11 10:03 0 --a------ c:\windows\nsreg.dat 2008-12-10 22:25 . 2008-12-21 09:37 317,643 --a------ c:\windows\FontData.fdb 2008-12-10 21:59 . 2008-12-10 21:59 <DIR> d-------- c:\program files\Yahoo! 2008-12-10 21:59 . 2008-12-23 14:00 <DIR> d-------- c:\program files\CCleaner 2008-12-10 21:47 . 2008-12-10 21:47 <DIR> d-------- c:\program files\Opera 2008-12-10 21:27 . 2008-12-10 21:27 <DIR> d-------- c:\program files\Common Files\Protexis 2008-12-10 21:27 . 2008-12-12 13:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel 2008-12-10 21:26 . 2008-12-10 21:26 <DIR> d-------- c:\program files\Corel 2008-12-10 21:26 . 2008-12-10 21:26 <DIR> d-------- c:\program files\Common Files\Corel 2008-12-10 21:17 . 2008-12-10 21:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Corel 2008-12-10 21:17 . 2008-12-30 17:09 2,516 --ahs---- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2008-12-10 21:17 . 2008-12-10 21:28 88 -r-hs---- c:\documents and settings\All Users\Application Data\0AB8DB758E.sys 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\program files\Mustek 1200 UB Plus 2008-12-10 20:57 . 2008-12-10 20:57 <DIR> d--h----- c:\program files\InstallShield Installation Information 2008-12-10 20:57 . 2008-12-10 20:57 <DIR> d-------- c:\program files\hp LaserJet 1000 2008-12-10 20:57 . 2002-05-27 13:37 1,953,792 --------- c:\windows\system32\pcldll6l.dll 2008-12-10 20:47 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys 2008-12-10 19:51 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll 2008-12-10 19:50 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys 2008-12-10 19:49 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-12-10 18:36 . 2008-12-10 22:22 <DIR> d-------- c:\program files\Warblade 2008-12-10 18:36 . 2008-12-10 18:36 <DIR> d-------- c:\program files\Phenomedia 2008-12-10 18:35 . 2008-12-10 18:35 <DIR> d-------- C:\SIERRA 2008-12-10 18:35 . 2008-12-10 18:35 <DIR> d-------- c:\program files\Sierra On-Line 2008-12-10 18:35 . 2008-12-10 18:35 <DIR> d-------- c:\program files\Crystal Player 2008-12-10 18:35 . 2008-12-10 18:35 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS 2008-12-10 18:35 . 1998-09-23 16:17 558,592 --a------ c:\windows\system32\SierraNW.dll 2008-12-10 18:35 . 1998-11-17 13:44 328,704 --a------ c:\windows\IsUn0407.exe 2008-12-10 18:35 . 1998-10-02 19:00 327,168 --a------ c:\windows\IsUninst.exe 2008-12-10 18:35 . 1998-09-23 16:17 227,840 --a------ c:\windows\system32\SNWValid.dll 2008-12-10 18:35 . 1998-09-23 16:17 11,104 --a------ c:\windows\system32\SNWVALID.HLP 2008-12-10 18:35 . 2008-12-10 18:35 396 --a------ c:\windows\SIERRA.INI 2008-12-10 18:34 . 2008-12-10 18:34 <DIR> d-------- c:\program files\XviD 2008-12-10 18:34 . 2008-12-10 18:34 <DIR> d-------- c:\program files\Webteh 2008-12-10 18:34 . 2008-12-11 10:54 <DIR> d-------- c:\program files\Google 2008-12-10 18:34 . 2008-12-10 18:34 <DIR> d-------- c:\program files\DivX 2008-12-10 18:34 . 2008-12-10 18:34 <DIR> d-------- c:\program files\AC3Filter 2008-12-10 18:34 . 2005-12-30 20:10 761,856 --a------ c:\windows\system32\xvidcore.dll 2008-12-10 18:34 . 2005-12-30 20:18 180,224 --a------ c:\windows\system32\xvidvfw.dll 2008-12-10 18:34 . 2005-12-30 20:16 77,824 --a------ c:\windows\system32\xvid.ax 2008-12-10 18:33 . 2008-12-10 19:01 <DIR> d-------- c:\program files\ESET 2008-12-10 18:33 . 2008-12-10 18:33 512,096 --a------ c:\windows\system32\drivers\amon.sys 2008-12-10 18:33 . 2008-12-10 18:33 298,104 --a------ c:\windows\system32\imon.dll 2008-12-10 18:33 . 2008-12-10 18:33 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys 2008-12-10 18:26 . 2008-12-22 20:10 <DIR> d-------- C:\Cd 2008-12-10 18:24 . 2002-08-30 12:58 2,166,454 -ra------ c:\windows\system32\drivers\IntelC51.sys 2008-12-10 18:24 . 2002-08-30 12:49 447,921 -ra------ c:\windows\system32\drivers\IntelC52.sys 2008-12-10 18:24 . 2002-08-30 12:58 26,921 -ra------ c:\windows\system32\drivers\IntelC53.sys 2008-12-10 18:24 . 2001-08-17 13:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys 2008-12-10 18:21 . 2008-12-10 18:33 <DIR> d-------- C:\totalcmd 2008-12-10 18:21 . 2008-12-16 13:17 2,326 --a------ c:\windows\wincmd.ini 2008-12-10 18:21 . 2007-09-14 07:02 545 --a------ c:\windows\UC.PIF 2008-12-10 18:21 . 2007-09-14 07:02 545 --a------ c:\windows\RAR.PIF 2008-12-10 18:21 . 2007-09-14 07:02 545 --a------ c:\windows\PKZIP.PIF 2008-12-10 18:21 . 2007-09-14 07:02 545 --a------ c:\windows\PKUNZIP.PIF 2008-12-10 18:21 . 2007-09-14 07:02 545 --a------ c:\windows\NOCLOSE.PIF 2008-12-10 18:21 . 2007-09-14 07:02 545 --a------ c:\windows\LHA.PIF 2008-12-10 18:21 . 2007-09-14 07:02 545 --a------ c:\windows\ARJ.PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-12 15:27 --------- d-----w c:\program files\Common Files\Adobe 2008-12-10 19:57 32,768 ----a-w c:\windows\closewnd.exe 2008-12-10 16:56 --------- d-----w c:\program files\Microsoft.NET 2008-12-10 16:56 --------- d-----w c:\program files\Microsoft ActiveSync 2008-12-10 16:56 --------- d-----w c:\program files\Common Files\L&H 2008-12-10 16:55 --------- d-----w c:\program files\Microsoft Works 2008-12-10 16:53 --------- d-----w c:\program files\CyberLink 2008-12-10 16:53 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-10 16:53 --------- d-----w c:\program files\Common Files\Ahead 2008-12-10 16:53 --------- d-----w c:\program files\Ahead 2008-12-10 16:52 --------- d-----w c:\program files\QuickTime Alternative 2008-12-10 16:52 --------- d-----w c:\program files\Media Player Classic 2008-12-10 16:52 --------- d-----w c:\program files\7-Zip 2008-12-10 16:52 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-10 16:43 --------- d-----w c:\program files\Windows Media Connect 2 2008-12-10 16:43 --------- d-----w c:\program files\Unlocker . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-10 949376] "SoundMan"="SOUNDMAN.EXE" [2005-10-24 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2002-12-31 c:\windows\system32\narrator.exe] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\DRIVERS\nvcchflt.sys [2008-12-10 16640] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-10 15424] . . ------- Supplementary Scan ------- . uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wp8gk874.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll ATTENTION: FIREFOX POLICES IS IN FORCE FF - user.js: yahoo.homepage.dontask - true. ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-01 09:06:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(688-) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(748-) c:\windows\system32\imon.dll . Completion time: 2009-01-01 9:06:43 ComboFix-quarantined-files.txt 2009-01-01 08:06:27 ComboFix2.txt 2009-01-01 00:41:20 Pre-Run: 25,682,534,400 bytes free Post-Run: 25,674,797,056 bytes free 282

Profil

helen1 Poslao: 01 Jan 2009 09:18 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da, sad ukljucis Nod. Kako sad radi komp?

Profil

Sirius Poslao: 01 Jan 2009 09:27 Idi na vrh
offline Sirius Moderator foruma Sad radim sve ono što pre nisam stizao. Pridružio: 17 Maj 2006 Poruke: 18458 Gde živiš: I ja se pitam...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sad je OK, ne buni se više onaj alert Windowsov koji mi je iskakao svakih deset sekundi. Pratiću situaciju i biti oprezniji. Izgleda da se i Deda-mraz promangupirao... Dopuna: 01 Jan 2009 9:27 Hvala, u svakom slučaju!

Profil

helen1 Poslao: 01 Jan 2009 09:42 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mislim da ipak nismo jos gotovi: Postavi mi novi HJT log.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Da li da se ložim na ovo upozorenje?

Ko je trenutno na forumu

Ukupno su 772 korisnika na forumu :: 24 registrovanih, 1 sakriven i 747 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., Apok, Ben Roj, djboj, Duh sa sekirom, hooraay, Ilija Cvorovic, jackreacher011011, kokan0905, kolle.the.kid, Kubovac, libellule_dk, mercedesamg, Metanoja, mrav pesadinac, naki011, nuke92, Panonsky, raptorsi, Srki94, stegonosa, vathra, vlajkox

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by