MyCity » Ambulanta -> Arhiva Ambulante » Pregled

Pregled

Napisano na dan: 23.4.2009

Pregled

Sledeća strana

Pagination

Odgovori

Cranky Poslao: 23 Apr 2009 19:25 Idi na vrh
offline Cranky Građanin Pridružio: 02 Feb 2009 Poruke: 32	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ako moze pregled loga hvala Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:19:09, on 23.4.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Documents and Settings\Administrator\Desktop\New Folder\mojlog2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-21-1801674531-2077806209-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Djole') O4 - HKUS\S-1-5-21-1801674531-2077806209-839522115-1006\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Djole') O4 - HKUS\S-1-5-21-1801674531-2077806209-839522115-1006\..\Run: [Windows Explorer] c:\RECYCLE\D-0-060-0000000000-1111111-2222222\FiX.exe (User 'Djole') O4 - HKUS\S-1-5-21-1801674531-2077806209-839522115-1006\..\Run: [FIREWALL SERVICE] C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe (User 'Djole') O4 - HKUS\S-1-5-21-1801674531-2077806209-839522115-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Djole') O4 - HKUS\S-1-5-21-1801674531-2077806209-839522115-1006\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe (User 'Djole') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{630EAD48-B813-49BE-84CA-438219256428}: NameServer = 212.200.13.13 O17 - HKLM\System\CCS\Services\Tcpip\..\{E064EEA7-82EF-4689-801B-AB95BF2B0AD0}: NameServer = 212.200.13.13 O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- End of file - 6630 bytes

Profil

dr_Bora Poslao: 23 Apr 2009 20:18 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings.... U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK. Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Cranky Poslao: 23 Apr 2009 23:03 Idi na vrh
offline Cranky Građanin Pridružio: 02 Feb 2009 Poruke: 32	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz ComboFix 09-04-23.A3 - Administrator 23.04.2009 22:58.8 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.3582.2960 [GMT 2:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090423-0] On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Sysvxd.exe . ((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 ))))))))))))))))))))))))))))))) . 2009-04-13 20:19 . 2009-04-13 20:19 -------- d-----w c:\documents and settings\Administrator\Application Data\Leadertech 2009-04-04 09:43 . 2009-04-04 09:43 -------- d-----w c:\documents and settings\Djole\Application Data\Rational 2009-04-03 11:40 . 2009-04-03 11:40 -------- d-----w c:\documents and settings\Administrator\Application Data\Rational 2009-04-03 11:39 . 2009-04-03 11:39 -------- d-----w c:\program files\Rational 2009-04-03 11:37 . 2009-04-03 11:38 -------- d-----w c:\program files\Rose Enterprise Edition for Windows 2009-03-29 15:00 . 2009-03-29 15:18 -------- d-----w c:\documents and settings\Administrator\DoctorWeb 2009-03-29 14:37 . 2009-03-29 14:37 5120 --sha-w c:\windows\system32\Thumbs.db 2009-03-26 22:23 . 2009-03-28 18:28 -------- d-----w c:\program files\Trend Micro 2009-03-25 15:03 . 2009-03-25 15:03 -------- d-----w c:\documents and settings\Vera\Local Settings\Application Data\Help . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-17 00:15 . 2008-04-30 10:02 -------- d-----w c:\program files\Winamp 2009-04-13 20:14 . 2008-04-30 09:06 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-04 00:36 . 2008-04-30 08:59 71048 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-04 00:35 . 2008-04-30 08:17 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-03 22:18 . 2009-01-20 00:27 71048 ----a-w c:\documents and settings\Vera\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-03 17:05 . 2009-01-20 12:38 71048 ----a-w c:\documents and settings\Djole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-26 23:17 . 2009-01-20 00:22 70944 ----a-w c:\documents and settings\Djordje\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-26 21:52 . 2009-01-18 12:25 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-19 19:50 . 2009-03-19 19:50 -------- d-----w c:\documents and settings\Djole\Application Data\Ahead 2009-02-24 22:47 . 2009-02-15 22:23 -------- d-----w c:\program files\Microsoft Web Designer Tools 2009-02-24 22:47 . 2009-02-13 17:13 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-24 22:44 . 2009-02-15 22:25 -------- d-----w c:\program files\Microsoft Visual Studio 9.0 2009-02-24 22:39 . 2009-02-14 01:23 -------- d-----w c:\program files\Microsoft SQL Server 2009-02-24 22:39 . 2008-04-30 10:00 -------- d-----w c:\program files\Microsoft.NET 2009-02-15 22:22 . 2009-02-15 22:22 163000 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-02-09 07:47 . 2009-02-09 07:47 268 ---ha-w C:\sqmdata18.sqm 2009-02-09 07:47 . 2009-02-09 07:47 244 ---ha-w C:\sqmnoopt18.sqm 2009-02-09 01:13 . 2009-02-09 01:13 268 ---ha-w C:\sqmdata17.sqm 2009-02-09 01:13 . 2009-02-09 01:13 244 ---ha-w C:\sqmnoopt17.sqm 2009-02-08 21:34 . 2009-02-08 21:34 268 ---ha-w C:\sqmdata16.sqm 2009-02-08 21:34 . 2009-02-08 21:34 244 ---ha-w C:\sqmnoopt16.sqm 2009-02-08 20:36 . 2009-02-08 20:36 268 ---ha-w C:\sqmdata15.sqm 2009-02-08 20:36 . 2009-02-08 20:36 244 ---ha-w C:\sqmnoopt15.sqm 2009-01-30 11:03 . 2009-01-30 11:03 268 ---ha-w C:\sqmdata14.sqm 2009-01-30 11:03 . 2009-01-30 11:03 244 ---ha-w C:\sqmnoopt14.sqm 2009-01-30 10:05 . 2009-01-30 10:05 268 ---ha-w C:\sqmdata13.sqm 2009-01-30 10:05 . 2009-01-30 10:05 244 ---ha-w C:\sqmnoopt13.sqm 2009-01-25 18:30 . 2009-01-25 18:30 268 ---ha-w C:\sqmdata12.sqm 2009-01-25 18:30 . 2009-01-25 18:30 244 ---ha-w C:\sqmnoopt12.sqm 2009-01-06 21:25 . 2009-01-06 21:25 22328 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-06-23 847872] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Igre\\Valve\\hltv.exe"= "d:\\Igre\\Valve\\hl.exe"= "c:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"= "d:\\Igre\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Opera\\opera.exe"= "d:\\Igre\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "d:\\Igre\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= "d:\\Igre\\Atari\\Neverwinter Nights 2\\nwn2main.exe"= "d:\\Igre\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"= "d:\\Igre\\Atari\\Neverwinter Nights 2\\nwupdate.exe"= "d:\\Igre\\Atari\\Neverwinter Nights 2\\nwn2server.exe"= S1 aswSP;avast! Self Protection; [x] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] --- Other Services/Drivers In Memory --- Deregistered - PROCEXP111 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80122fa4-1b8b-11dd-8725-001bfc3f3fe0}] \Shell\AutoRun\command - G:\LaunchU3.exe . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {20289E75-291D-4615-8A43-12F434C92DE7} = 79.143.173.161 79.143.172.3 TCP: {630EAD48-B813-49BE-84CA-438219256428} = 212.200.13.13 TCP: {E064EEA7-82EF-4689-801B-AB95BF2B0AD0} = 212.200.13.13 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-23 22:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1801674531-2077806209-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a2,6b,2a,37,79,3c,e4,81,c7,71,0b,25,8d,4e,fc,c5,59,2c,0a,9b,ba,a5,76, b9,cb,bb,77,d3,b2,b7,a7,0e,b4,34,34,8e,94,86,6b,3a,51,c4,a3,41,57,37,58,69,\ "??"=hex:2e,c7,1e,64,a1,f2,51,ec,e8,bc,52,0f,50,53,63,93 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1032) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-04-23 23:00 ComboFix-quarantined-files.txt 2009-04-23 21:00 ComboFix2.txt 2009-03-28 21:42 Pre-Run: 925.741.056 bytes free Post-Run: 1.048.739.840 bytes free 140

Profil

dr_Bora Poslao: 24 Apr 2009 13:35 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi svež HijackThis logfile.

Profil

Cranky Poslao: 24 Apr 2009 14:12 Idi na vrh
offline Cranky Građanin Pridružio: 02 Feb 2009 Poruke: 32	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:10:56, on 24.4.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\Administrator\Desktop\New Folder\mojlog2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-21-1801674531-2077806209-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Djole') O4 - HKUS\S-1-5-21-1801674531-2077806209-839522115-1006\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Djole') O4 - HKUS\S-1-5-21-1801674531-2077806209-839522115-1006\..\Run: [Windows Explorer] c:\RECYCLE\D-0-060-0000000000-1111111-2222222\FiX.exe (User 'Djole') O4 - HKUS\S-1-5-21-1801674531-2077806209-839522115-1006\..\Run: [FIREWALL SERVICE] C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe (User 'Djole') O4 - HKUS\S-1-5-21-1801674531-2077806209-839522115-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Djole') O4 - HKUS\S-1-5-21-1801674531-2077806209-839522115-1006\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe (User 'Djole') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{20289E75-291D-4615-8A43-12F434C92DE7}: NameServer = 79.143.173.161 79.143.172.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{630EAD48-B813-49BE-84CA-438219256428}: NameServer = 212.200.13.13 O17 - HKLM\System\CCS\Services\Tcpip\..\{E064EEA7-82EF-4689-801B-AB95BF2B0AD0}: NameServer = 212.200.13.13 O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- End of file - 6680 bytes

Profil

dr_Bora Poslao: 24 Apr 2009 16:11 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokreni HijackThis, skeniraj i čekiraj sledeće linije: O4 - HKUS\S-1-5-21-1801674531-2077806209-839522115-1006\..\Run: [Windows Explorer] c:\RECYCLE\D-0-060-0000000000-1111111-2222222\FiX.exe (User 'Djole') O4 - HKUS\S-1-5-21-1801674531-2077806209-839522115-1006\..\Run: [FIREWALL SERVICE] C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe (User 'Djole') O4 - HKUS\S-1-5-21-1801674531-2077806209-839522115-1006\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe (User 'Djole') Klikni Fix checked. Aktiviraj prikaz skrivenih file-ova: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html Ukoliko postoje, obriši sledeće foldere: c:\RECYCLE C:\RECYCLER\k-1-3542-4232123213-7676767-8888886 Nakon toga:Klikni START a zatim RUN. U liniju za unos teksta ukucaj (iskopiraj) sledeće: Combofix /u a zatim klikni OK. Sačekaj da se proces deinstalacije završi. I to je sve...

Profil

Cranky Poslao: 24 Apr 2009 17:08 Idi na vrh
offline Cranky Građanin Pridružio: 02 Feb 2009 Poruke: 32	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! cekirao, fixao, nema tih fajlova, deinstalirao combo Hvala na pomoci

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pregled

Ko je trenutno na forumu

Ukupno su 1032 korisnika na forumu :: 61 registrovanih, 8 sakrivenih i 963 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, Battlehammer, bigfoot, bladesu, BlekMen, bokisha253, BORUTUS, bufanje, cavatina, ccoogg123, cemix, cenejac111, comi_pfc, CrazyDiablo, croato, dane007, darcaud, darios, Darko8, darkojbn, dekan.m, Djokislav, doklevise, Dorcolac, draganca, gasha, gomago, goxin, havoc995, hyla, Još malo pa deda, kobaja77, kokodakalo, krkalon, kubura91, kunktator, kybonacci, loon123, Luka Blažević, mercedesamg, milenko crazy north, MiroslavD, moldway, mushroom, nemkea71, novator, nuke92, Panter, raptorsi, Romibrat, S.Palestinac, ser.hill, Sirius, srbijaiznadsvega, VJ, vladulns, voja64, wizzardone, Zeks, žeks62

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by