MyCity » Ambulanta -> Arhiva Ambulante » Spor komp moguce zarazen!

Spor komp moguce zarazen!

Napisano na dan: 10.4.2009

Strana:
1
2

Spor komp moguce zarazen!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

dusan93 Poslao: 10 Apr 2009 23:26 Idi na vrh
offline dusan93 Novi MyCity građanin Pridružio: 18 Jan 2009 Poruke: 17 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ljudi pomazite da mu produvamo malo dizne Unapred zahvalan! Evo HJ log-a: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:24:07 PM, on 4/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608-) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\AdobeR.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\CMMON32.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Family Safety\fsui.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Documents and Settings\User\Desktop\asdsa\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Anti-Blaxx Manager] D:\HAWAII_filmovi\300\Anti-Blaxx\Anti-Blaxx.exe O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....6871368953 O17 - HKLM\System\CCS\Services\Tcpip\..\{20E26A3B-1FA0-475A-95FE-C8B509E1DE20}: NameServer = 10.151.167.2 10.151.167.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{20E26A3B-1FA0-475A-95FE-C8B509E1DE20}: NameServer = 10.151.167.2 10.151.167.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 8422 bytes

Profil

helen1 Poslao: 10 Apr 2009 23:33 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Otvori AVG 8 Control Center (desni klik na AVG ikonicu ( ) u donjem, desnom uglu ekrana, stavka Open AVG User Interface). * Kada se pokrene AVG Control Center, dvoklikni na Resident Shield komponentu. * U prozoru koji se otvori, deštikliraj opciju Resident Shield active i klikni Save changes. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. --------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

dusan93 Poslao: 10 Apr 2009 23:37 Idi na vrh
offline dusan93 Novi MyCity građanin Pridružio: 18 Jan 2009 Poruke: 17 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ugasio sam ga imam jos raspalu sedmicu skinucu kasnije....nego da nastavimo

Profil

helen1 Poslao: 11 Apr 2009 12:49 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa hajde, skeniraj sa ComboFixom, ali prvo ugasi taj AVG. Ja mislio da ces postaviti log, nisam mislio da treba da ti odgovorim.

Profil

dusan93 Poslao: 11 Apr 2009 13:06 Idi na vrh
offline dusan93 Novi MyCity građanin Pridružio: 18 Jan 2009 Poruke: 17 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-04-04.01 - User 2009-04-11 12:59:41.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.125 [GMT 2:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: AVG 7.5.557 On-access scanning enabled (Outdated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\MILAN\ravmonlog c:\documents and settings\test\ravmonlog c:\documents and settings\User\ravmonlog c:\windows\adober.exe c:\windows\c.exe c:\windows\system32\f.dll . ((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 ))))))))))))))))))))))))))))))) . 2009-04-11 12:34 . 2009-04-11 12:34 <DIR> d-------- c:\windows\LastGood 2009-04-11 03:04 . 2009-04-11 03:04 <DIR> d-------- c:\program files\MSXML 6.0 2009-04-10 23:34 . 2008-06-13 15:10 272,128 --------- c:\windows\system32\drivers\bthport.sys 2009-04-10 23:34 . 2008-06-13 15:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-04-10 19:14 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-04-10 19:14 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-04-10 19:14 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-04-10 18:59 . 2009-04-10 23:12 <DIR> d-------- c:\documents and settings\User\Tracing 2009-04-10 18:58 . 2009-04-10 18:58 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-04-10 18:57 . 2009-04-10 18:57 <DIR> d-------- c:\program files\Microsoft Sync Framework 2009-04-10 18:57 . 2009-04-10 18:57 <DIR> d-------- c:\program files\Microsoft Office Outlook Connector 2009-04-10 18:57 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys 2009-04-10 18:56 . 2009-04-10 18:56 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-04-10 18:54 . 2009-04-10 18:58 <DIR> d-------- c:\program files\Microsoft 2009-04-10 18:53 . 2009-04-10 18:53 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-04-10 18:13 . 2009-04-10 18:13 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-04-07 21:14 . 2009-04-07 21:14 8,628 --ah----- c:\windows\system32\CMMGR32.GID 2009-04-07 15:45 . 2009-04-11 00:04 <DIR> d-------- c:\documents and settings\User\Application Data\skypePM 2009-04-07 15:45 . 2009-04-07 15:45 56 --ah----- c:\windows\system32\ezsidmv.dat 2009-04-07 15:33 . 2009-04-11 01:02 <DIR> d-------- c:\documents and settings\User\Application Data\Skype 2009-04-07 15:32 . 2009-04-07 15:32 <DIR> dr------- c:\program files\Skype 2009-04-07 15:32 . 2009-04-07 15:32 <DIR> d-------- c:\program files\Common Files\Skype 2009-04-07 15:32 . 2009-04-07 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2009-04-04 21:44 . 2009-04-07 16:00 54,156 --ah----- c:\windows\QTFont.qfn 2009-04-04 21:44 . 2009-04-04 21:44 1,409 --a------ c:\windows\QTFont.for 2009-04-04 18:38 . 2009-04-04 18:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\muvee Technologies 2009-04-04 18:37 . 2009-04-04 18:45 <DIR> d-------- c:\documents and settings\User\Application Data\muvee Technologies 2009-04-04 18:37 . 2009-04-04 22:22 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-04-04 18:34 . 2009-04-04 18:34 <DIR> d-------- c:\program files\MSBuild 2009-04-04 18:29 . 2009-04-04 18:29 <DIR> d-------- c:\windows\system32\XPSViewer 2009-04-04 18:29 . 2009-04-04 18:29 <DIR> d-------- c:\program files\Reference Assemblies 2009-04-04 18:28 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2009-04-04 17:56 . 2009-04-04 17:58 <DIR> d-------- c:\documents and settings\User\Application Data\vlc 2009-04-04 17:54 . 2009-04-04 17:54 <DIR> d-------- c:\documents and settings\User\Application Data\Thinstall 2009-04-04 15:37 . 2009-04-04 15:37 <DIR> d-------- c:\documents and settings\MILAN\Application Data\vlc 2009-04-04 15:36 . 2009-04-04 15:36 <DIR> d-------- c:\program files\VideoLAN 2009-04-04 15:36 . 2009-04-04 15:36 <DIR> d-------- c:\documents and settings\MILAN\Application Data\Thinstall 2009-03-31 18:02 . 2009-03-31 18:02 <DIR> d-------- c:\windows\Sun 2009-03-29 19:59 . 2009-03-29 19:59 9,979 --a------ c:\windows\system\16b30ce279.dll 2009-03-29 19:41 . 2009-03-29 19:41 <DIR> d-------- c:\documents and settings\MILAN\Application Data\CyberLink 2009-03-29 19:40 . 2009-03-29 19:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink 2009-03-29 19:39 . 2009-03-29 19:59 <DIR> d-------- c:\program files\CyberLink 2009-03-21 11:26 . 2009-03-21 11:26 <DIR> d-------- c:\documents and settings\test\Application Data\AVG7 2009-03-21 11:26 . 2009-04-11 13:00 <DIR> d-------- c:\documents and settings\test 2009-03-12 15:17 . 2009-03-12 15:17 <DIR> d-------- c:\documents and settings\MILAN\Application Data\Mount&Blade 2009-03-12 15:16 . 2008-05-30 15:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll 2009-03-12 15:16 . 2008-05-30 15:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll 2009-03-12 15:16 . 2008-05-30 15:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll 2009-03-12 15:16 . 2008-05-30 15:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll 2009-03-12 15:16 . 2008-05-30 15:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll 2009-03-12 15:16 . 2008-05-30 15:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll 2009-03-12 15:16 . 2008-05-30 15:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll 2009-03-12 15:15 . 2009-03-12 15:15 <DIR> d-------- c:\windows\Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-10 16:57 --------- d-----w c:\program files\Windows Live 2009-03-29 18:11 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-29 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\Firefly Studios 2009-03-05 18:19 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll 2009-02-19 09:26 --------- d-----w c:\documents and settings\MILAN\Application Data\Black Sea Studios 2009-02-06 17:03 307,576 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 16:52 49,504 ----a-w c:\windows\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-04-01 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSVideo"= CSvidcap.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2005-06-29 01:09 32768 c:\program files\ATI Technologies\ATI.ACE\CLI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2005-06-28 21:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] --a------ 2009-04-01 20:06 590848 c:\progra~1\Grisoft\AVG7\avgcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 12:48 157592 c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2009-03-27 09:55 24103720 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2006-11-21 19:38 35328 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13399:TCP"= 13399:TCP:NortonAV "17358:TCP"= 17358:TCP:NortonAV "13702:TCP"= 13702:TCP:NortonAV "13752:TCP"= 13752:TCP:NortonAV "12953:TCP"= 12953:TCP:NortonAV "14879:TCP"= 14879:TCP:NortonAV "13088:TCP"= 13088:TCP:NortonAV "18099:TCP"= 18099:TCP:NortonAV "16400:TCP"= 16400:TCP:NortonAV "13293:TCP"= 13293:TCP:NortonAV "14796:TCP"= 14796:TCP:NortonAV "13700:TCP"= 13700:TCP:NortonAV "14151:TCP"= 14151:TCP:NortonAV "14398:TCP"= 14398:TCP:NortonAV "14772:TCP"= 14772:TCP:NortonAV "18555:TCP"= 18555:TCP:NortonAV "15790:TCP"= 15790:TCP:NortonAV "14863:TCP"= 14863:TCP:NortonAV "13837:TCP"= 13837:TCP:NortonAV "12164:TCP"= 12164:TCP:NortonAV "16915:TCP"= 16915:TCP:NortonAV "18960:TCP"= 18960:TCP:NortonAV "14146:TCP"= 14146:TCP:NortonAV "15239:TCP"= 15239:TCP:NortonAV "14507:TCP"= 14507:TCP:NortonAV "17958:TCP"= 17958:TCP:NortonAV "15410:TCP"= 15410:TCP:NortonAV "12715:TCP"= 12715:TCP:NortonAV "12913:TCP"= 12913:TCP:NortonAV "13460:TCP"= 13460:TCP:NortonAV "15679:TCP"= 15679:TCP:NortonAV "16668:TCP"= 16668:TCP:NortonAV "12197:TCP"= 12197:TCP:NortonAV "16357:TCP"= 16357:TCP:NortonAV "16603:TCP"= 16603:TCP:NortonAV "13124:TCP"= 13124:TCP:NortonAV "15014:TCP"= 15014:TCP:NortonAV "16079:TCP"= 16079:TCP:NortonAV "18754:TCP"= 18754:TCP:NortonAV "14484:TCP"= 14484:TCP:NortonAV "15738:TCP"= 15738:TCP:NortonAV "15402:TCP"= 15402:TCP:NortonAV "17652:TCP"= 17652:TCP:NortonAV "13343:TCP"= 13343:TCP:NortonAV "16696:TCP"= 16696:TCP:NortonAV "18055:TCP"= 18055:TCP:NortonAV R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-04-10 55152] S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89883d14-fe47-11dc-b119-806d6172696f}] \Shell\AutoRun\command - f:\bin\Assetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfc69982-fe57-11dc-a642-0013d465916d}] \Shell\AutoRun\command - I:\AUTORUN.exe . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Anti-Blaxx Manager - d:\hawaii_filmovi\300\Anti-Blaxx\Anti-Blaxx.exe MSConfigStartUp-RavAV - c:\windows\AdobeR.exe MSConfigStartUp-Weather - c:\progra~1\AWS\WEATHE~1\Weather.exe . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {20E26A3B-1FA0-475A-95FE-C8B509E1DE20} = 10.151.167.2 10.151.167.2 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ah5jxs5w.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMySrWB.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-11 13:02:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(700) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-04-11 13:04:21 ComboFix-quarantined-files.txt 2009-04-11 11:04:04 Pre-Run: 9,225,531,392 bytes free Post-Run: 13,644,845,056 bytes free 242 --- E O F --- 2009-04-11 01:08:10

Profil

helen1 Poslao: 11 Apr 2009 13:17 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini sledeci program, pokreni ga, i postavi mi log kad zavrsi. http://amf.mycity.rs/personal/dr_Bora/Win32.Rjump_Port_Exception_Cleaner.exe ------------------- Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89883d14-fe47-11dc-b119-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfc69982-fe57-11dc-a642-0013d465916d}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

dusan93 Poslao: 11 Apr 2009 13:48 Idi na vrh
offline dusan93 Novi MyCity građanin Pridružio: 18 Jan 2009 Poruke: 17 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo Combo Fix log-a: ComboFix 09-04-04.01 - User 2009-04-11 13:42:50.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.163 [GMT 2:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 ))))))))))))))))))))))))))))))) . 2009-04-11 13:37 . 2009-04-11 13:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg7 2009-04-11 03:04 . 2009-04-11 03:04 <DIR> d-------- c:\program files\MSXML 6.0 2009-04-10 23:34 . 2008-06-13 15:10 272,128 --------- c:\windows\system32\drivers\bthport.sys 2009-04-10 23:34 . 2008-06-13 15:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-04-10 19:14 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-04-10 19:14 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-04-10 19:14 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-04-10 18:59 . 2009-04-10 23:12 <DIR> d-------- c:\documents and settings\User\Tracing 2009-04-10 18:58 . 2009-04-10 18:58 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-04-10 18:57 . 2009-04-10 18:57 <DIR> d-------- c:\program files\Microsoft Sync Framework 2009-04-10 18:57 . 2009-04-10 18:57 <DIR> d-------- c:\program files\Microsoft Office Outlook Connector 2009-04-10 18:57 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys 2009-04-10 18:56 . 2009-04-10 18:56 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-04-10 18:54 . 2009-04-10 18:58 <DIR> d-------- c:\program files\Microsoft 2009-04-10 18:53 . 2009-04-10 18:53 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-04-10 18:13 . 2009-04-10 18:13 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-04-07 21:14 . 2009-04-07 21:14 8,628 --ah----- c:\windows\system32\CMMGR32.GID 2009-04-07 15:45 . 2009-04-11 00:04 <DIR> d-------- c:\documents and settings\User\Application Data\skypePM 2009-04-07 15:45 . 2009-04-07 15:45 56 --ah----- c:\windows\system32\ezsidmv.dat 2009-04-07 15:33 . 2009-04-11 01:02 <DIR> d-------- c:\documents and settings\User\Application Data\Skype 2009-04-07 15:32 . 2009-04-07 15:32 <DIR> dr------- c:\program files\Skype 2009-04-07 15:32 . 2009-04-07 15:32 <DIR> d-------- c:\program files\Common Files\Skype 2009-04-07 15:32 . 2009-04-07 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2009-04-04 21:44 . 2009-04-07 16:00 54,156 --ah----- c:\windows\QTFont.qfn 2009-04-04 21:44 . 2009-04-04 21:44 1,409 --a------ c:\windows\QTFont.for 2009-04-04 18:38 . 2009-04-04 18:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\muvee Technologies 2009-04-04 18:37 . 2009-04-04 18:45 <DIR> d-------- c:\documents and settings\User\Application Data\muvee Technologies 2009-04-04 18:37 . 2009-04-04 22:22 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-04-04 18:34 . 2009-04-04 18:34 <DIR> d-------- c:\program files\MSBuild 2009-04-04 18:29 . 2009-04-04 18:29 <DIR> d-------- c:\windows\system32\XPSViewer 2009-04-04 18:29 . 2009-04-04 18:29 <DIR> d-------- c:\program files\Reference Assemblies 2009-04-04 18:28 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2009-04-04 17:56 . 2009-04-04 17:58 <DIR> d-------- c:\documents and settings\User\Application Data\vlc 2009-04-04 17:54 . 2009-04-04 17:54 <DIR> d-------- c:\documents and settings\User\Application Data\Thinstall 2009-04-04 15:37 . 2009-04-04 15:37 <DIR> d-------- c:\documents and settings\MILAN\Application Data\vlc 2009-04-04 15:36 . 2009-04-04 15:36 <DIR> d-------- c:\program files\VideoLAN 2009-04-04 15:36 . 2009-04-04 15:36 <DIR> d-------- c:\documents and settings\MILAN\Application Data\Thinstall 2009-03-31 18:02 . 2009-03-31 18:02 <DIR> d-------- c:\windows\Sun 2009-03-29 19:59 . 2009-03-29 19:59 9,979 --a------ c:\windows\system\16b30ce279.dll 2009-03-29 19:41 . 2009-03-29 19:41 <DIR> d-------- c:\documents and settings\MILAN\Application Data\CyberLink 2009-03-29 19:40 . 2009-03-29 19:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink 2009-03-29 19:39 . 2009-03-29 19:59 <DIR> d-------- c:\program files\CyberLink 2009-03-21 11:26 . 2009-04-11 13:37 <DIR> d-------- c:\documents and settings\test 2009-03-12 15:17 . 2009-03-12 15:17 <DIR> d-------- c:\documents and settings\MILAN\Application Data\Mount&Blade 2009-03-12 15:16 . 2008-05-30 15:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll 2009-03-12 15:16 . 2008-05-30 15:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll 2009-03-12 15:16 . 2008-05-30 15:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll 2009-03-12 15:16 . 2008-05-30 15:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll 2009-03-12 15:16 . 2008-05-30 15:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll 2009-03-12 15:16 . 2008-05-30 15:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll 2009-03-12 15:16 . 2008-05-30 15:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll 2009-03-12 15:15 . 2009-03-12 15:15 <DIR> d-------- c:\windows\Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-10 16:57 --------- d-----w c:\program files\Windows Live 2009-03-29 18:11 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-29 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\Firefly Studios 2009-03-05 18:19 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll 2009-02-19 09:26 --------- d-----w c:\documents and settings\MILAN\Application Data\Black Sea Studios 2009-02-06 17:03 307,576 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 16:52 49,504 ----a-w c:\windows\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSVideo"= CSvidcap.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2005-06-29 01:09 32768 c:\program files\ATI Technologies\ATI.ACE\CLI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2005-06-28 21:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 12:48 157592 c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2009-03-27 09:55 24103720 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2006-11-21 19:38 35328 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13399:TCP"= 13399:TCP:NortonAV "17358:TCP"= 17358:TCP:NortonAV "13702:TCP"= 13702:TCP:NortonAV "13752:TCP"= 13752:TCP:NortonAV "12953:TCP"= 12953:TCP:NortonAV "14879:TCP"= 14879:TCP:NortonAV "13088:TCP"= 13088:TCP:NortonAV "18099:TCP"= 18099:TCP:NortonAV "16400:TCP"= 16400:TCP:NortonAV "13293:TCP"= 13293:TCP:NortonAV "14796:TCP"= 14796:TCP:NortonAV "13700:TCP"= 13700:TCP:NortonAV "14151:TCP"= 14151:TCP:NortonAV "14398:TCP"= 14398:TCP:NortonAV "14772:TCP"= 14772:TCP:NortonAV "18555:TCP"= 18555:TCP:NortonAV "15790:TCP"= 15790:TCP:NortonAV "14863:TCP"= 14863:TCP:NortonAV "13837:TCP"= 13837:TCP:NortonAV "12164:TCP"= 12164:TCP:NortonAV "16915:TCP"= 16915:TCP:NortonAV "18960:TCP"= 18960:TCP:NortonAV "14146:TCP"= 14146:TCP:NortonAV "15239:TCP"= 15239:TCP:NortonAV "14507:TCP"= 14507:TCP:NortonAV "17958:TCP"= 17958:TCP:NortonAV "15410:TCP"= 15410:TCP:NortonAV "12715:TCP"= 12715:TCP:NortonAV "12913:TCP"= 12913:TCP:NortonAV "13460:TCP"= 13460:TCP:NortonAV "15679:TCP"= 15679:TCP:NortonAV "16668:TCP"= 16668:TCP:NortonAV "12197:TCP"= 12197:TCP:NortonAV "16357:TCP"= 16357:TCP:NortonAV "16603:TCP"= 16603:TCP:NortonAV "13124:TCP"= 13124:TCP:NortonAV "15014:TCP"= 15014:TCP:NortonAV "16079:TCP"= 16079:TCP:NortonAV "18754:TCP"= 18754:TCP:NortonAV "14484:TCP"= 14484:TCP:NortonAV "15738:TCP"= 15738:TCP:NortonAV "15402:TCP"= 15402:TCP:NortonAV "17652:TCP"= 17652:TCP:NortonAV "13343:TCP"= 13343:TCP:NortonAV "16696:TCP"= 16696:TCP:NortonAV "18055:TCP"= 18055:TCP:NortonAV R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-04-10 55152] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {20E26A3B-1FA0-475A-95FE-C8B509E1DE20} = 10.151.167.2 10.151.167.2 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ah5jxs5w.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMySrWB.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-11 13:45:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(692) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-04-11 13:46:46 ComboFix-quarantined-files.txt 2009-04-11 11:46:28 ComboFix2.txt 2009-04-11 11:26:48 ComboFix3.txt 2009-04-11 11:04:22 Pre-Run: 13,673,635,840 bytes free Post-Run: 13,661,401,088 bytes free 221 --- E O F --- 2009-04-11 01:08:10

Profil

helen1 Poslao: 11 Apr 2009 13:49 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jesi pokretao onaj program koji sam ti dao?

Profil

dusan93 Poslao: 11 Apr 2009 13:50 Idi na vrh
offline dusan93 Novi MyCity građanin Pridružio: 18 Jan 2009 Poruke: 17 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Onaj drugi program samo pise Done! Ports closed:0....nema loga

Profil

helen1 Poslao: 11 Apr 2009 13:58 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moracemo onda ovako. Otvoriti Notepad i iskopirati sledeci tekst: Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13399:TCP"=- "17358:TCP"=- "13702:TCP"=- "13752:TCP"=- "12953:TCP"=- "14879:TCP"=- "13088:TCP"=- "18099:TCP"=- "16400:TCP"=- "13293:TCP"=- "14796:TCP"=- "13700:TCP"=- "14151:TCP"=- "14398:TCP"=- "14772:TCP"=- "18555:TCP"=- "15790:TCP"=- "14863:TCP"=- "13837:TCP"=- "12164:TCP"=- "16915:TCP"=- "18960:TCP"=- "14146:TCP"=- "15239:TCP"=- "14507:TCP"=- "17958:TCP"=- "15410:TCP"=- "12715:TCP"=- "12913:TCP"=- "13460:TCP"=- "15679:TCP"=- "16668:TCP"=- "12197:TCP"=- "16357:TCP"=- "16603:TCP"=- "13124:TCP"=- "15014:TCP"=- "16079:TCP"=- "18754:TCP"=- "14484:TCP"=- "15738:TCP"=- "15402:TCP"=- "17652:TCP"=- "13343:TCP"=- "16696:TCP"=- "18055:TCP"=- Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Spor komp moguce zarazen!

Ko je trenutno na forumu

Ukupno su 1123 korisnika na forumu :: 41 registrovanih, 4 sakrivenih i 1078 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., antonije64, Areal84, babaroga, Bobrock1, bokisha253, bozo13, delrey, dushan, flash12, Georgius, Griffon vulture, hooraay, Karla, Kriglord, krkalon, Krvava Devetka, kybonacci, laurusri, Leonov, Lieutenant, Lošmi, mercedesamg, milutin134, nebkv, Oscar, pein, procesor, raptorsi, ruger357, Sirius, Srky Boy, Srle993, stalja, stegonosa, Trpe Grozni, Vladko, VP6919, Webb, wolf431, yrraf

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by