MyCity » Ambulanta -> Arhiva Ambulante » Moj racunar je uljez

Moj racunar je uljez

Napisano na dan: 20.5.2009

Strana:
1
2

Moj racunar je uljez

Sledeća strana

Pagination

Odgovori

Strana:
1
2

kuciste Poslao: 20 Maj 2009 21:37 Idi na vrh
offline kuciste Građanin Pridružio: 07 Mar 2009 Poruke: 33	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Posto radim na jednoj stranici, receno mi je da sa mog racunara stize virus i blokira stranicu . Preko Total Commander prenosim sve na net. Evo loga Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:32:57 PM, on 5/20/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20696) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\services.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\Rhost32.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe C:\Documents and Settings\pc\Desktop\Popravka\TR3.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe O4 - HKLM\..\Run: [Microsoft IT Update] Rhost32.exe O4 - HKLM\..\RunServices: [Microsoft IT Update] Rhost32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Microsoft IT Update] Rhost32.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{2433DD8A-23A3-47A5-9634-4D44463663A2}: NameServer = 217.23.192.9 217.23.192.14 O17 - HKLM\System\CCS\Services\Tcpip\..\{A343A228-E7C1-4146-A0ED-C73A8B28957D}: NameServer = 217.23.192.9,217.23.192.14 O17 - HKLM\System\CS1\Services\Tcpip\..\{2433DD8A-23A3-47A5-9634-4D44463663A2}: NameServer = 217.23.192.9 217.23.192.14 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 5543 bytes

Profil

helen1 Poslao: 20 Maj 2009 21:54 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop: Bleeping Computer . . . . . Geeks to Go! Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: zatvori pokrenute programe; deaktiviraj zaštitni softver (uputstvo); dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

kuciste Poslao: 20 Maj 2009 22:18 Idi na vrh
offline kuciste Građanin Pridružio: 07 Mar 2009 Poruke: 33	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-05-20.01 - pc 05/20/2009 22:12.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.111 [GMT 2:00] Running from: c:\documents and settings\pc\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\services.exe D:\desktop.ini . ((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-20 19:11 . 2009-03-13 05:11 -------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 3 2009-05-19 20:26 . 2009-05-19 20:26 3922 ----a-w c:\windows\IH8E0.tmp 2009-05-19 15:21 . 2009-05-19 15:21 3922 ----a-w c:\windows\IH361.tmp 2009-04-29 08:55 . 2009-04-29 08:55 3922 ----a-w c:\windows\IH3EE.tmp 2009-04-26 20:26 . 2009-04-26 20:26 3922 ----a-w c:\windows\IH285.tmp 2009-04-15 17:24 . 2009-04-15 17:24 3892 ----a-w c:\windows\IHE9.tmp 2009-04-10 20:39 . 2009-04-10 20:39 348160 ----a-w C:\love.exe 2009-04-10 18:44 . 2009-04-10 18:44 47104 ----a-w C:\dtre.exe 2009-04-03 03:40 . 2009-04-03 03:40 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2009-04-03 03:39 . 2009-04-03 03:39 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-04-02 10:24 . 2009-02-23 15:16 -------- d-----w c:\program files\ESET 2009-03-17 05:00 . 2009-02-23 17:48 45664 ----a-w c:\documents and settings\pc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-13 05:12 . 2009-03-13 05:12 0 ----a-w c:\windows\nsreg.dat 2009-03-11 22:28 . 2009-02-23 17:39 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-02-23 17:39 . 2001-08-23 12:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-02-23 17:36 . 2009-02-23 17:36 21640 ----a-w c:\windows\system32\emptyregdb.dat 2009-02-23 15:19 . 2009-02-23 15:19 0 ----a-w c:\windows\ativpsrm.bin 2009-02-23 15:16 . 2009-02-23 15:17 512096 ----a-w c:\windows\system32\drivers\amon.sys 2009-02-23 15:16 . 2009-02-23 15:17 299392 ----a-w c:\windows\system32\imon.dll 2009-02-23 15:16 . 2009-02-23 15:17 15424 ----a-w c:\windows\system32\drivers\nod32drv.sys 2007-12-31 09:26 . 2007-12-31 09:26 348160 --sh--r c:\windows\system32\Rhost32.exe . ------- Sigcheck ------- [-] 2008-05-31 12:21 1580544 0A874046BB7B547864811CFF0DD19724 c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-02-24 2356088] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-02-23 950664] "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2004-12-28 544768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-22 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2/23/2009 8:11 PM 52480] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2/23/2009 5:17 PM 15424] R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2/23/2009 8:10 PM 28672] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll TCP: {2433DD8A-23A3-47A5-9634-4D44463663A2} = 217.23.192.9 217.23.192.14 TCP: {A343A228-E7C1-4146-A0ED-C73A8B28957D} = 217.23.192.9,217.23.192.14 FF - ProfilePath - c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\efr9919r.default\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-05-20 22:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(680) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(736) c:\windows\system32\imon.dll . Completion time: 2009-05-20 22:14 ComboFix-quarantined-files.txt 2009-05-20 20:13 Pre-Run: 43,354,247,168 bytes free Post-Run: 43,748,450,304 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 138

Profil

helen1 Poslao: 20 Maj 2009 22:47 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj mi: C:\dtre.exe preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

kuciste Poslao: 20 Maj 2009 22:56 Idi na vrh
offline kuciste Građanin Pridružio: 07 Mar 2009 Poruke: 33	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio sam upload.

Profil

helen1 Poslao: 20 Maj 2009 23:05 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovo iskljuci Antivirus. Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\love.exe C:\dtre.exe c:\windows\system32\Rhost32.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

kuciste Poslao: 20 Maj 2009 23:44 Idi na vrh
offline kuciste Građanin Pridružio: 07 Mar 2009 Poruke: 33	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-05-20.05 - pc 05/20/2009 23:13.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.218 [GMT 2:00] Running from: c:\documents and settings\pc\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\pc\Desktop\CFScript.txt FILE :: C:\dtre.exe C:\love.exe c:\windows\system32\Rhost32.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\dtre.exe C:\love.exe c:\windows\system32\Rhost32.exe . ((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-20 20:14 . 2009-03-13 05:11 -------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 3 2009-05-19 20:26 . 2009-05-19 20:26 3922 ----a-w c:\windows\IH8E0.tmp 2009-05-19 15:21 . 2009-05-19 15:21 3922 ----a-w c:\windows\IH361.tmp 2009-04-29 08:55 . 2009-04-29 08:55 3922 ----a-w c:\windows\IH3EE.tmp 2009-04-26 20:26 . 2009-04-26 20:26 3922 ----a-w c:\windows\IH285.tmp 2009-04-15 17:24 . 2009-04-15 17:24 3892 ----a-w c:\windows\IHE9.tmp 2009-04-03 03:40 . 2009-04-03 03:40 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2009-04-03 03:39 . 2009-04-03 03:39 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-04-02 10:24 . 2009-02-23 15:16 -------- d-----w c:\program files\ESET 2009-03-17 05:00 . 2009-02-23 17:48 45664 ----a-w c:\documents and settings\pc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-13 05:12 . 2009-03-13 05:12 0 ----a-w c:\windows\nsreg.dat 2009-03-11 22:28 . 2009-02-23 17:39 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-02-23 17:39 . 2001-08-23 12:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-02-23 17:36 . 2009-02-23 17:36 21640 ----a-w c:\windows\system32\emptyregdb.dat 2009-02-23 15:19 . 2009-02-23 15:19 0 ----a-w c:\windows\ativpsrm.bin 2009-02-23 15:16 . 2009-02-23 15:17 512096 ----a-w c:\windows\system32\drivers\amon.sys 2009-02-23 15:16 . 2009-02-23 15:17 299392 ----a-w c:\windows\system32\imon.dll 2009-02-23 15:16 . 2009-02-23 15:17 15424 ----a-w c:\windows\system32\drivers\nod32drv.sys . ------- Sigcheck ------- [-] 2008-05-31 12:21 1580544 0A874046BB7B547864811CFF0DD19724 c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-02-24 2356088] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-02-23 950664] "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2004-12-28 544768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-22 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2/23/2009 8:11 PM 52480] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2/23/2009 5:17 PM 15424] R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2/23/2009 8:10 PM 28672] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll TCP: {2433DD8A-23A3-47A5-9634-4D44463663A2} = 217.23.192.9 217.23.192.14 TCP: {A343A228-E7C1-4146-A0ED-C73A8B28957D} = 217.23.192.9,217.23.192.14 FF - ProfilePath - c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\efr9919r.default\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-05-20 23:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(680) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(736) c:\windows\system32\imon.dll . Completion time: 2009-05-20 23:15 ComboFix-quarantined-files.txt 2009-05-20 21:14 ComboFix2.txt 2009-05-20 20:14 Pre-Run: 43,805,310,976 bytes free Post-Run: 43,796,975,616 bytes free 135

Profil

helen1 Poslao: 20 Maj 2009 23:51 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi mi novi HiJack This log.

Profil

kuciste Poslao: 21 Maj 2009 00:03 Idi na vrh
offline kuciste Građanin Pridružio: 07 Mar 2009 Poruke: 33	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:59:51 PM, on 5/20/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20696) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe C:\Documents and Settings\pc\Desktop\Popravka\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{2433DD8A-23A3-47A5-9634-4D44463663A2}: NameServer = 217.23.192.9 217.23.192.14 O17 - HKLM\System\CCS\Services\Tcpip\..\{A343A228-E7C1-4146-A0ED-C73A8B28957D}: NameServer = 217.23.192.9,217.23.192.14 O17 - HKLM\System\CS1\Services\Tcpip\..\{2433DD8A-23A3-47A5-9634-4D44463663A2}: NameServer = 217.23.192.9 217.23.192.14 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 4816 bytes

Profil

helen1 Poslao: 21 Maj 2009 00:04 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Moj racunar je uljez

Ko je trenutno na forumu

Ukupno su 758 korisnika na forumu :: 7 registrovanih, 1 sakriven i 750 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Koridor, Milos82, Miškić, opt1, slonic_tonic, vobo, yrraf

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by