MyCity » Ambulanta -> Arhiva Ambulante » da li sam dobro proverio racunar?

da li sam dobro proverio racunar?

Napisano na dan: 11.9.2008

da li sam dobro proverio racunar?

Sledeća strana

Pagination

Odgovori

spalekus Poslao: 11 Sep 2008 17:17 Idi na vrh
offline spalekus Građanin Pridružio: 07 Jun 2008 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ima dva dana kako je uleteo virus a da ne znam ni koji je niti se nesto bas razumem. Jedino sto sam mogao da otvorim je ambulanta i to samo jedan post gde je pisalo da se preuzme ComboFix. Mozda to i nije bila dobra ideja ali nisam inao kud. Uradim sve kako je napisano i jedno par sati racunar radi normalno a onda mi neda da pristupim pojedinim sajtovima. Naravno, sledi ono poznato pitanje - STA DA RADIM??? ComboFix 08-09-10.04 - Aca 2008-09-11 16:58:43.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.517 [GMT 2:00] Running from: F:\Programi\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM43e73f55.txt C:\WINDOWS\BM43e73f55.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\jiyaheee.dll C:\WINDOWS\system32\nfjlukrx.dll C:\WINDOWS\system32\xrkuljfn.ini C:\WINDOWS\system32\ybJQBJjl.ini C:\WINDOWS\system32\ybJQBJjl.ini2 . ((((((((((((((((((((((((( Files Created from 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))) . 2008-09-10 17:34 . 2008-09-10 17:34 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-09-10 17:31 . 2008-09-10 17:31 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-09-10 09:56 . 2008-06-23 18:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-09-10 09:56 . 2008-06-23 11:20 625,664 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe 2008-09-10 09:04 . 2008-06-13 13:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-09-10 09:04 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-09-10 07:49 . 2008-09-10 17:36 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-09-10 07:49 . 2005-02-25 05:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-09-10 06:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-09-10 06:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-09-09 09:59 . 2008-09-09 09:59 237,056 --a------ C:\WINDOWS\system32\ljJBQJby.dll 2008-09-09 09:55 . 2008-09-09 09:55 <DIR> d-------- C:\Documents and Settings\Aca\Application Data\ArcSoft 2008-09-09 09:54 . 2008-09-09 09:54 135,299 --a------ C:\Setup_ver1.1662.0.exe 2008-09-08 15:48 . 2008-09-08 15:55 <DIR> d-------- C:\Program Files\CD Autorun Creator 2008-09-07 12:31 . 2008-09-07 12:31 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS 2008-09-05 20:02 . 2008-09-05 20:02 56,492 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-09-03 00:10 . 2008-09-03 00:11 <DIR> d-------- C:\Documents and Settings\Aca\Application Data\HateML 2008-08-29 19:18 . 2008-08-29 19:18 2,302,017 --a------ C:\WINDOWS\system32\GPhotos.scr 2008-08-25 07:31 . 2008-08-25 07:31 <DIR> d-------- C:\Program Files\PowerISO 2008-08-13 21:55 . 2008-08-13 21:55 <DIR> d-------- C:\Documents and Settings\Aca\Application Data\Nvu 2008-08-13 21:54 . 2008-08-13 21:54 <DIR> d-------- C:\Program Files\Nvu 2008-08-13 09:58 . 2008-08-13 09:58 <DIR> d-------- C:\My Media Files 2008-08-13 09:58 . 2008-08-13 09:58 43 --a------ C:\WINDOWS\Aurora Media Workshop.INI 2008-08-13 09:57 . 2002-05-06 11:01 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2008-08-13 09:57 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI2K.BAK 2008-08-13 09:57 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI2K.BAK 2008-08-13 09:57 . 2002-05-06 11:01 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2008-08-13 09:57 . 2001-04-19 17:34 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL 2008-08-13 09:57 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.BAK 2008-08-13 09:57 . 2001-04-19 17:34 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE 2008-08-13 09:57 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.BAK 2008-08-13 09:56 . 2008-08-13 09:57 <DIR> d-------- C:\Program Files\Aurora Media Workshop 2008-08-11 06:50 . 2008-08-11 06:50 <DIR> d-------- C:\Documents and Settings\Aca\Application Data\FastStone 2008-08-11 06:49 . 2008-08-11 06:49 <DIR> d-------- C:\Program Files\FastStone Capture . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-11 15:03 --------- d-----w C:\Documents and Settings\Aca\Application Data\Skype 2008-09-11 14:05 --------- d-----w C:\Documents and Settings\Aca\Application Data\skypePM 2008-09-11 13:35 --------- d-----w C:\Program Files\ACD Systems 2008-09-11 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-09-11 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-10 18:42 --------- d-----w C:\Program Files\Google 2008-09-10 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-09 07:52 --------- d-----w C:\Documents and Settings\Aca\Application Data\uTorrent 2008-08-25 05:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-24 17:05 --------- d-----w C:\Program Files\Opera 2008-08-17 18:44 --------- d-----w C:\Documents and Settings\Aca\Application Data\Sony 2008-08-09 09:39 --------- d-----w C:\Program Files\Winamp 2008-08-08 06:35 --------- d-----w C:\Program Files\RegCleaner 2008-08-07 18:45 --------- d-----w C:\Program Files\Mv2Player 2008-08-05 02:52 --------- d-----w C:\Program Files\Innovative Solutions 2008-08-04 22:12 --------- d-----w C:\Program Files\Sun 2008-08-04 22:11 --------- d-----w C:\Program Files\Java 2008-08-04 19:47 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-01 12:26 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-08-01 03:59 --------- d-----w C:\Documents and Settings\Aca\Application Data\Publish Providers 2008-08-01 03:57 --------- d-----w C:\Program Files\Vstplugins 2008-08-01 03:57 --------- d-----w C:\Program Files\Sony 2008-08-01 03:56 --------- d-----w C:\Program Files\Sony Setup 2008-07-31 16:33 --------- d-----w C:\Program Files\Easy CD-DA Extractor 10 2008-07-31 12:42 --------- d-----w C:\Documents and Settings\Aca\Application Data\Canon 2008-07-25 21:24 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-07-25 21:13 --------- d-----w C:\Program Files\MSBuild 2008-07-25 21:13 --------- d-----w C:\Program Files\Microsoft Works 2008-07-25 21:11 --------- d-----w C:\Program Files\Microsoft.NET 2008-07-25 20:05 --------- d-----w C:\Program Files\MSECache 2008-07-24 13:26 --------- d-----w C:\Program Files\AAA Photo Album 2008-07-24 10:28 --------- d-----w C:\Program Files\Microsoft 2008-07-23 00:06 --------- d-----w C:\Program Files\Flickr Uploadr 2008-07-23 00:06 --------- d-----w C:\Documents and Settings\Aca\Application Data\Flickr 2008-07-22 20:06 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-07-22 19:57 --------- d-----w C:\Program Files\Skype 2008-07-22 19:57 --------- d-----w C:\Program Files\Common Files\Skype 2008-07-22 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-07-21 13:37 --------- d-----w C:\Program Files\ESET 2008-07-19 05:04 --------- d-----w C:\Program Files\Netscape 2008-07-17 08:39 --------- d-----w C:\Documents and Settings\Aca\Application Data\CD-LabelPrint 2008-07-16 23:37 --------- d-----w C:\Program Files\Common Files\Borland Shared 2008-07-16 23:37 --------- d-----w C:\Program Files\b&b 2008-07-14 13:37 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-07-14 13:37 --------- d-----w C:\Program Files\Adobe Media Player 2008-07-13 22:41 --------- d-----w C:\Documents and Settings\Aca\Application Data\Mikrotik 2008-07-11 19:26 --------- d-----w C:\Program Files\TC UP 2008-07-11 17:36 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-07-11 10:43 --------- d-----w C:\Program Files\ABBYY FineReader 4.0 Sprint 2008-07-11 10:32 --------- d-----w C:\Program Files\ABBYY FineReader 7.0 Professional Edition 2008-07-11 10:25 --------- d-----w C:\Documents and Settings\Aca\Application Data\ABBYY 2008-07-11 10:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ABBYY 2008-07-11 10:02 --------- d-----w C:\Documents and Settings\Aca\Application Data\Corel 2008-07-11 10:01 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-11 10:01 --------- d-----w C:\Program Files\Common Files\Corel 2008-07-11 10:00 --------- d-----w C:\Program Files\Corel 2008-07-11 09:51 --------- d-----w C:\Program Files\Alcohol Soft 2008-07-11 08:51 --------- d-----w C:\Program Files\BearPaw 1200CU Plus 2008-07-11 08:49 --------- d-----w C:\Program Files\Temp 2008-07-11 08:45 --------- d-----w C:\Program Files\Canon 2008-07-11 08:41 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-07-11 08:36 --------- d-----w C:\Program Files\Common Files\Canon 2008-07-11 08:31 --------- d-----w C:\Documents and Settings\Aca\Application Data\Winamp 2008-07-11 08:10 --------- d-----w C:\Documents and Settings\Aca\Application Data\ACD Systems 2008-07-10 10:33 298,104 ----a-w C:\WINDOWS\system32\imon.dll 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-05-14 10:29 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2008-05-14 10:29 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2008-05-14 10:29 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051420080515\index.dat 2008-05-14 10:29 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((( snapshot_2008-09-10_22.21.05.48 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-07 03:01:07 124,928 ------w C:\WINDOWS\system32\advpack.dll + 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2008-07-26 12:32:06 264,616 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-09-11 12:42:38 272,576 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT - 2007-12-07 03:01:07 63,488 ------w C:\WINDOWS\system32\icardie.dll + 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2007-12-07 03:01:10 6,067,200 ------w C:\WINDOWS\system32\ieframe.dll + 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2007-12-07 03:01:11 267,776 ------w C:\WINDOWS\system32\iertutil.dll + 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2007-12-07 03:01:11 459,264 ------w C:\WINDOWS\system32\msfeeds.dll + 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2007-12-07 02:01:12 52,224 ------w C:\WINDOWS\system32\msfeedsbs.dll + 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2008-01-16 15:20:50 3,593,728 ------w C:\WINDOWS\system32\mshtml.dll + 2008-06-24 08:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-12-07 03:01:13 105,984 ------w C:\WINDOWS\system32\url.dll + 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2007-12-07 03:01:13 1,162,752 ------w C:\WINDOWS\system32\urlmon.dll + 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73676140-CB2D-40B5-BCF0-9FB4AE97798E}] 2008-09-09 09:59 237056 --a------ C:\WINDOWS\system32\ljJBQJby.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}] 2008-08-30 02:16 133616 --a----t- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 21898024] "DriverMax"="C:\Program Files\Innovative Solutions\DriverMax\devices.exe" [2008-07-25 5057368] "Google Update"="C:\Documents and Settings\Aca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-08-30 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-10 949376] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352] "FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-08-05 278528] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "40d40cc9"="C:\WINDOWS\system32\nfjlukrx.dll" [BU] "BM43e73f55"="C:\WINDOWS\system32\jiyaheee.dll" [BU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] C:\Documents and Settings\Aca\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.YV12"= yv12vfw.dll "VIDC.ACDV"= ACDV.dll "MSACM.NSPAC"= NSPAC32.ACM "MSACM.VOXACM118"= vdk32118.acm "MSACM.NSX83"= nsx83p32.acm "MSACM.NSX723"= sx5363s.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872] S2 gupdate1c8edd8d6ff3fe;Google Update Service (gupdate1c8edd8d6ff3fe);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-30 133104] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Aca\Application Data\Mozilla\Firefox\Profiles\zh89co81.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - [Link mogu videti samo ulogovani korisnici] FF -: plugin - C:\Documents and Settings\Aca\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - C:\Program Files\Google\Google Earth Plugin\npgeplugin.dll FF -: plugin - C:\Program Files\Google\Picasa3\npPicasa3.dll FF -: plugin - C:\Program Files\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - C:\Program Files\Netscape\Communicator\Program\Plugins\npaudio.dll FF -: plugin - C:\Program Files\Netscape\Communicator\Program\Plugins\npavi32.dll FF -: plugin - C:\Program Files\Netscape\Communicator\Program\Plugins\nplau32.dll FF -: plugin - C:\Program Files\Netscape\Communicator\Program\Plugins\npnul32.dll FF -: plugin - C:\Program Files\Netscape\Communicator\Program\Plugins\NPOFF12.DLL FF -: plugin - C:\Program Files\Netscape\Communicator\Program\Plugins\NPQTW32.DLL FF -: plugin - C:\Program Files\Netscape\Communicator\Program\Plugins\NPVCAL32.DLL FF -: plugin - C:\Program Files\Opera\program\plugins\NPOFF12.DLL . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-09-11 17:03:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\ESET\nod32krn.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe . ************************************************************************ . Completion time: 2008-09-11 17:08:01 - machine was rebooted [Aca] ComboFix-quarantined-files.txt 2008-09-11 15:07:55 ComboFix2.txt 2008-09-11 12:49:03 ComboFix3.txt 2008-09-10 20:21:57 ComboFix4.txt 2008-09-09 23:12:06 ComboFix5.txt 2008-09-11 13:23:53 Pre-Run: 3,271,245,824 bytes free Post-Run: 3,263,516,672 bytes free 262 --- E O F --- 2008-09-10 20:35:27

Profil

dr_Bora Poslao: 11 Sep 2008 17:27 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Postavi HijackThis logfile: [Link mogu videti samo ulogovani korisnici]

Profil

spalekus Poslao: 11 Sep 2008 18:36 Idi na vrh
offline spalekus Građanin Pridružio: 07 Jun 2008 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zahvaljujem se na pomoći. Upustvo i kritike su na mestu i više nego ozbiljne. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:26:49, on 11.9.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Innovative Solutions\DriverMax\devices.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Aca\Desktop\FERKO\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] O2 - BHO: (no name) - {05C92845-C1D7-41F6-B760-8A35415FABDa} - C:\WINDOWS\system32\nmjurddv.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {740611B0-F8F3-4C30-BA98-F17C6164A83B} - C:\WINDOWS\system32\ljJBQJby.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [40d40cc9] rundll32.exe "C:\WINDOWS\system32\weqsmhsc.dll",b O4 - HKLM\..\Run: [BM43e73f55] Rundll32.exe "C:\WINDOWS\system32\ychdbafg.dll",s O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Link mogu videti samo ulogovani korisnici]\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O16 - DPF: {304171C0-65EA-4B51-B5D9-93A311E26EB1} (MxPEG_ActiveX Control) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - [Link mogu videti samo ulogovani korisnici] O17 - HKLM\System\CCS\Services\Tcpip\..\{250DE528-24E5-45D4-BECA-BC2FB4B45D9D}: NameServer = 212.200.56.13,212.200.56.11 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Google Update Service (gupdate1c8edd8d6ff3fe) (gupdate1c8edd8d6ff3fe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 9443 bytes

Profil

dr_Bora Poslao: 11 Sep 2008 18:52 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Aktiviraj prikaz skrivenih file-ova: [Link mogu videti samo ulogovani korisnici] Uploaduj sledeće file-ove na proveru: C:\WINDOWS\system32\mlfcache.dat C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll Upload link: [Link mogu videti samo ulogovani korisnici]

Profil

spalekus Poslao: 11 Sep 2008 19:33 Idi na vrh
offline spalekus Građanin Pridružio: 07 Jun 2008 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio sam sve sto ste od mene trazili.

Profil

dr_Bora Poslao: 11 Sep 2008 20:02 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\ljJBQJby.dll C:\WINDOWS\system32\nmjurddv.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73676140-CB2D-40B5-BCF0-9FB4AE97798E}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05C92845-C1D7-41F6-B760-8A35415FABDa}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "40d40cc9"=- "BM43e73f55"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

spalekus Poslao: 11 Sep 2008 20:28 Idi na vrh
offline spalekus Građanin Pridružio: 07 Jun 2008 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-09-10.04 - Aca 2008-09-11 20:19:47.9 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.595 [GMT 2:00] Running from: F:\Programi\ComboFix.exe Command switches used :: C:\Documents and Settings\Aca\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ljJBQJby.dll . ((((((((((((((((((((((((( Files Created from 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))) . 2008-09-10 17:34 . 2008-09-10 17:34 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-09-10 17:31 . 2008-09-10 17:31 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-09-10 09:56 . 2008-06-23 18:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-09-10 09:56 . 2008-06-23 11:20 625,664 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe 2008-09-10 09:04 . 2008-06-13 13:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-09-10 09:04 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-09-10 07:49 . 2008-09-10 17:36 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-09-10 07:49 . 2005-02-25 05:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-09-10 06:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-09-10 06:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-09-09 09:55 . 2008-09-09 09:55 <DIR> d-------- C:\Documents and Settings\Aca\Application Data\ArcSoft 2008-09-09 09:54 . 2008-09-09 09:54 135,299 --a------ C:\Setup_ver1.1662.0.exe 2008-09-08 15:48 . 2008-09-08 15:55 <DIR> d-------- C:\Program Files\CD Autorun Creator 2008-09-07 12:31 . 2008-09-07 12:31 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS 2008-09-05 20:02 . 2008-09-05 20:02 56,492 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-09-03 00:10 . 2008-09-03 00:11 <DIR> d-------- C:\Documents and Settings\Aca\Application Data\HateML 2008-08-29 19:18 . 2008-08-29 19:18 2,302,017 --a------ C:\WINDOWS\system32\GPhotos.scr 2008-08-25 07:31 . 2008-08-25 07:31 <DIR> d-------- C:\Program Files\PowerISO 2008-08-13 21:55 . 2008-08-13 21:55 <DIR> d-------- C:\Documents and Settings\Aca\Application Data\Nvu 2008-08-13 21:54 . 2008-08-13 21:54 <DIR> d-------- C:\Program Files\Nvu 2008-08-13 09:58 . 2008-08-13 09:58 <DIR> d-------- C:\My Media Files 2008-08-13 09:58 . 2008-08-13 09:58 43 --a------ C:\WINDOWS\Aurora Media Workshop.INI 2008-08-13 09:57 . 2002-05-06 11:01 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2008-08-13 09:57 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI2K.BAK 2008-08-13 09:57 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI2K.BAK 2008-08-13 09:57 . 2002-05-06 11:01 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2008-08-13 09:57 . 2001-04-19 17:34 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL 2008-08-13 09:57 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.BAK 2008-08-13 09:57 . 2001-04-19 17:34 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE 2008-08-13 09:57 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.BAK 2008-08-13 09:56 . 2008-08-13 09:57 <DIR> d-------- C:\Program Files\Aurora Media Workshop 2008-08-11 06:50 . 2008-08-11 06:50 <DIR> d-------- C:\Documents and Settings\Aca\Application Data\FastStone 2008-08-11 06:49 . 2008-08-11 06:49 <DIR> d-------- C:\Program Files\FastStone Capture . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-11 17:47 --------- d-----w C:\Documents and Settings\Aca\Application Data\Skype 2008-09-11 15:05 --------- d-----w C:\Documents and Settings\Aca\Application Data\skypePM 2008-09-11 13:35 --------- d-----w C:\Program Files\ACD Systems 2008-09-11 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-09-11 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-10 18:42 --------- d-----w C:\Program Files\Google 2008-09-10 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-09 07:52 --------- d-----w C:\Documents and Settings\Aca\Application Data\uTorrent 2008-08-25 05:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-24 17:05 --------- d-----w C:\Program Files\Opera 2008-08-17 18:44 --------- d-----w C:\Documents and Settings\Aca\Application Data\Sony 2008-08-09 09:39 --------- d-----w C:\Program Files\Winamp 2008-08-08 06:35 --------- d-----w C:\Program Files\RegCleaner 2008-08-07 18:45 --------- d-----w C:\Program Files\Mv2Player 2008-08-05 02:52 --------- d-----w C:\Program Files\Innovative Solutions 2008-08-04 22:12 --------- d-----w C:\Program Files\Sun 2008-08-04 22:11 --------- d-----w C:\Program Files\Java 2008-08-04 19:47 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-01 12:26 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-08-01 03:59 --------- d-----w C:\Documents and Settings\Aca\Application Data\Publish Providers 2008-08-01 03:57 --------- d-----w C:\Program Files\Vstplugins 2008-08-01 03:57 --------- d-----w C:\Program Files\Sony 2008-08-01 03:56 --------- d-----w C:\Program Files\Sony Setup 2008-07-31 16:33 --------- d-----w C:\Program Files\Easy CD-DA Extractor 10 2008-07-31 12:42 --------- d-----w C:\Documents and Settings\Aca\Application Data\Canon 2008-07-25 21:24 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-07-25 21:13 --------- d-----w C:\Program Files\MSBuild 2008-07-25 21:13 --------- d-----w C:\Program Files\Microsoft Works 2008-07-25 21:11 --------- d-----w C:\Program Files\Microsoft.NET 2008-07-25 20:05 --------- d-----w C:\Program Files\MSECache 2008-07-24 13:26 --------- d-----w C:\Program Files\AAA Photo Album 2008-07-24 10:28 --------- d-----w C:\Program Files\Microsoft 2008-07-23 00:06 --------- d-----w C:\Program Files\Flickr Uploadr 2008-07-23 00:06 --------- d-----w C:\Documents and Settings\Aca\Application Data\Flickr 2008-07-22 20:06 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-07-22 19:57 --------- d-----w C:\Program Files\Skype 2008-07-22 19:57 --------- d-----w C:\Program Files\Common Files\Skype 2008-07-22 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-07-21 13:37 --------- d-----w C:\Program Files\ESET 2008-07-19 05:04 --------- d-----w C:\Program Files\Netscape 2008-07-17 08:39 --------- d-----w C:\Documents and Settings\Aca\Application Data\CD-LabelPrint 2008-07-16 23:37 --------- d-----w C:\Program Files\Common Files\Borland Shared 2008-07-16 23:37 --------- d-----w C:\Program Files\b&b 2008-07-14 13:37 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-07-14 13:37 --------- d-----w C:\Program Files\Adobe Media Player 2008-07-13 22:41 --------- d-----w C:\Documents and Settings\Aca\Application Data\Mikrotik 2008-07-11 19:26 --------- d-----w C:\Program Files\TC UP 2008-07-11 17:36 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-07-11 10:43 --------- d-----w C:\Program Files\ABBYY FineReader 4.0 Sprint 2008-07-11 10:32 --------- d-----w C:\Program Files\ABBYY FineReader 7.0 Professional Edition 2008-07-11 10:25 --------- d-----w C:\Documents and Settings\Aca\Application Data\ABBYY 2008-07-11 10:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ABBYY 2008-07-11 10:02 --------- d-----w C:\Documents and Settings\Aca\Application Data\Corel 2008-07-11 10:01 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-11 10:01 --------- d-----w C:\Program Files\Common Files\Corel 2008-07-11 10:00 --------- d-----w C:\Program Files\Corel 2008-07-11 09:51 --------- d-----w C:\Program Files\Alcohol Soft 2008-07-11 08:51 --------- d-----w C:\Program Files\BearPaw 1200CU Plus 2008-07-11 08:49 --------- d-----w C:\Program Files\Temp 2008-07-11 08:45 --------- d-----w C:\Program Files\Canon 2008-07-11 08:41 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-07-11 08:36 --------- d-----w C:\Program Files\Common Files\Canon 2008-07-11 08:31 --------- d-----w C:\Documents and Settings\Aca\Application Data\Winamp 2008-07-11 08:10 --------- d-----w C:\Documents and Settings\Aca\Application Data\ACD Systems 2008-07-10 10:33 298,104 ----a-w C:\WINDOWS\system32\imon.dll 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-05-14 10:29 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2008-05-14 10:29 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2008-05-14 10:29 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051420080515\index.dat 2008-05-14 10:29 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((( snapshot_2008-09-10_22.21.05.48 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-07 03:01:07 124,928 ------w C:\WINDOWS\system32\advpack.dll + 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2008-07-26 12:32:06 264,616 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-09-11 18:10:52 287,704 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT - 2007-12-07 03:01:07 63,488 ------w C:\WINDOWS\system32\icardie.dll + 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2007-12-07 03:01:10 6,067,200 ------w C:\WINDOWS\system32\ieframe.dll + 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2007-12-07 03:01:11 267,776 ------w C:\WINDOWS\system32\iertutil.dll + 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2007-12-07 03:01:11 459,264 ------w C:\WINDOWS\system32\msfeeds.dll + 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2007-12-07 02:01:12 52,224 ------w C:\WINDOWS\system32\msfeedsbs.dll + 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2008-01-16 15:20:50 3,593,728 ------w C:\WINDOWS\system32\mshtml.dll + 2008-06-24 08:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-12-07 03:01:13 105,984 ------w C:\WINDOWS\system32\url.dll + 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2007-12-07 03:01:13 1,162,752 ------w C:\WINDOWS\system32\urlmon.dll + 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}] 2008-08-30 02:16 133616 --a----t- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 21898024] "DriverMax"="C:\Program Files\Innovative Solutions\DriverMax\devices.exe" [2008-07-25 5057368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-10 949376] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352] "FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-08-05 278528] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] C:\Documents and Settings\Aca\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.YV12"= yv12vfw.dll "VIDC.ACDV"= ACDV.dll "MSACM.NSPAC"= NSPAC32.ACM "MSACM.VOXACM118"= vdk32118.acm "MSACM.NSX83"= nsx83p32.acm "MSACM.NSX723"= sx5363s.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872] S2 gupdate1c8edd8d6ff3fe;Google Update Service (gupdate1c8edd8d6ff3fe);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-30 133104] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - BHO-{88A0ACE6-C469-4E2C-B66D-792B1C9CD9B0} - C:\WINDOWS\system32\ljJBQJby.dll ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-09-11 20:21:38 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-09-11 20:22:40 ComboFix-quarantined-files.txt 2008-09-11 18:22:32 ComboFix2.txt 2008-09-11 18:17:27 ComboFix3.txt 2008-09-11 17:28:29 ComboFix4.txt 2008-09-11 17:01:29 ComboFix5.txt 2008-09-11 18:19:10 Pre-Run: 3,362,181,120 bytes free Post-Run: 3,352,862,720 bytes free 224 --- E O F --- 2008-09-10 20:35:27

Profil

dr_Bora Poslao: 11 Sep 2008 20:39 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje?

Profil

spalekus Poslao: 11 Sep 2008 22:03 Idi na vrh
offline spalekus Građanin Pridružio: 07 Jun 2008 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Namerno se javljam tek sad, jer sam prvo proverio kako radi računar i da li još postoji virus. Računar radi kao nov čak imam utisak i bolje nego pre. Sve u svemu prezadovoljan sam. Hvala Vam na pomoći a ovo je još jedan dokaz koliko je Mycity jak i koliko je dobro biti član tako velike i jake porodice. HVALA!!!

Profil

dr_Bora Poslao: 11 Sep 2008 22:17 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok. Uradi još i sledeće: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore To je sve. poz

Profil

MyCity » Ambulanta -> Arhiva Ambulante » da li sam dobro proverio racunar?

Ko je trenutno na forumu

Ukupno su 2023 korisnika na forumu :: 29 registrovanih, 4 sakrivenih i 1990 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 5253 - dana 09 Dec 2025 16:26

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Aleksandar Tomić, Bbbggg1979, bojcistv, BUDDAR70, BZ, cifra, djonsule, eagle.rs, ghoost, gobrad, Jablan, Kepinger, Lester Freamon, Mickey91, miki kv, niksa517, pceklic, procesor, Sharpshooter, Stanlio, TBF1D, Trpe Grozni, VekiJ, Veless, vidra1, voja64, vuksa72, zeka013, Žoržo

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by