Možda tražite i:
Kako napraviti log in?
Potrebna pomoc oko prvog izvoda
Accused port hacker says log files were 'edited'
.log fajl

MyCity » Ambulanta -> Arhiva Ambulante » log prvog rac

log prvog rac

Napisano na dan: 4.3.2009

log prvog rac

Sledeća strana

Pagination

Odgovori

bojanp Poslao: 04 Mar 2009 07:11 Idi na vrh
offline bojanp Građanin Pridružio: 28 Feb 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Bobby po dogovoru saljem ti log od prvog racunara ComboFix 09-03-02.03 - bojana 2009-03-04 6:18:36.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.256.52 [GMT 1:00] Running from: c:\documents and settings\bojana\Desktop\ComboFix.exe AV: Eset NOD32 antivirus system 2.51 On-access scanning disabled (Updated) AV: F-Secure Anti-Virus Client Security 5.55 On-access scanning enabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\sysdrv32.sys . ((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 ))))))))))))))))))))))))))))))) . 2009-03-03 10:01 . 2009-03-03 10:01 527,872 --a------ c:\windows\system32\dq.exe 2009-03-03 09:24 . 2009-03-03 10:01 527,872 --a------ c:\windows\system\wmibus.exe.vir 2009-03-03 09:23 . 2009-03-03 09:24 527,872 --a------ c:\windows\system32\ni.exe 2009-02-28 15:12 . 2009-02-28 15:12 <DIR> d-------- c:\program files\Trend Micro 2009-02-28 14:19 . 2009-02-28 14:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-28 14:19 . 2009-02-28 14:19 <DIR> d-------- c:\documents and settings\bojana\Application Data\Malwarebytes 2009-02-28 14:19 . 2009-02-28 14:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-28 14:19 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-28 14:19 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-28 14:17 . 2009-02-28 14:17 <DIR> d-------- c:\windows\system32\NtmsData 2009-02-27 19:08 . 2009-03-03 16:22 <DIR> d-------- C:\USBNoRisk 2009-02-27 09:58 . 2009-03-03 16:53 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-02-27 09:58 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll 2009-02-27 09:58 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll 2009-02-27 09:58 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll 2009-02-27 09:58 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll 2009-02-27 09:58 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll 2009-02-27 09:57 . 2009-02-27 10:11 <DIR> d-------- c:\program files\Trojan Remover 2009-02-27 09:57 . 2009-02-27 09:57 <DIR> d-------- c:\documents and settings\bojana\Application Data\Simply Super Software 2009-02-27 09:57 . 2009-02-27 09:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-02-27 09:39 . 2001-08-17 12:13 27,165 --a------ c:\windows\system32\drivers\fetnd5.sys 2009-02-27 09:39 . 2001-08-17 12:13 27,165 --a--c--- c:\windows\system32\dllcache\fetnd5.sys 2009-02-26 12:23 . 2009-02-26 12:23 <DIR> d-------- c:\windows\system32\LogFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-27 05:09 --------- d-----w c:\program files\ESET 2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GW Port Controller"="c:\progra~1\samsung\smarthru\PORTCTRL.EXE" [2004-02-09 163840] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-05-31 921600] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-15 1214856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-12-15 10:18 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch] --a------ 2006-09-02 11:29 40960 c:\windows\NCLAUNCH.EXe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\RZZO\\Apoteka 2.1\\Obrada Recepata.exe"= S2 WMIBUS;WMI Bus Database; [x] S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2006-03-18 9344] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\bojana\Application Data\Mozilla\Firefox\Profiles\9wde14uz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-03-04 06:20:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(700) c:\windows\system32\imon.dll . Completion time: 2009-03-04 6:23:31 ComboFix-quarantined-files.txt 2009-03-04 05:22:55 ComboFix2.txt 2009-03-03 15:33:42 Pre-Run: 2,845,626,368 bytes free Post-Run: 2,868,871,168 bytes free 116

Profil

bobby Poslao: 04 Mar 2009 07:46 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\dq.exe c:\windows\system\wmibus.exe.vir c:\windows\system32\ni.exe Driver:: WMIBUS Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

bojanp Poslao: 04 Mar 2009 08:45 Idi na vrh
offline bojanp Građanin Pridružio: 28 Feb 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-02.03 - bojana 2009-03-04 8:28:31.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.256.31 [GMT 1:00] Running from: c:\documents and settings\bojana\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\bojana\Desktop\CFScript.txt AV: Eset NOD32 antivirus system 2.51 On-access scanning disabled (Updated) AV: F-Secure Anti-Virus Client Security 5.55 On-access scanning enabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\windows\system\wmibus.exe.vir c:\windows\system32\dq.exe c:\windows\system32\ni.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system\wmibus.exe.vir c:\windows\system32\dq.exe c:\windows\system32\ni.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WMIBUS -------\Service_WMIBUS ((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 ))))))))))))))))))))))))))))))) . 2009-02-28 15:12 . 2009-02-28 15:12 <DIR> d-------- c:\program files\Trend Micro 2009-02-28 14:19 . 2009-02-28 14:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-28 14:19 . 2009-02-28 14:19 <DIR> d-------- c:\documents and settings\bojana\Application Data\Malwarebytes 2009-02-28 14:19 . 2009-02-28 14:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-28 14:19 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-28 14:19 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-28 14:17 . 2009-02-28 14:17 <DIR> d-------- c:\windows\system32\NtmsData 2009-02-27 19:08 . 2009-03-03 16:22 <DIR> d-------- C:\USBNoRisk 2009-02-27 09:58 . 2009-03-03 16:53 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-02-27 09:58 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll 2009-02-27 09:58 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll 2009-02-27 09:58 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll 2009-02-27 09:58 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll 2009-02-27 09:58 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll 2009-02-27 09:57 . 2009-02-27 10:11 <DIR> d-------- c:\program files\Trojan Remover 2009-02-27 09:57 . 2009-02-27 09:57 <DIR> d-------- c:\documents and settings\bojana\Application Data\Simply Super Software 2009-02-27 09:57 . 2009-02-27 09:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-02-27 09:39 . 2001-08-17 12:13 27,165 --a------ c:\windows\system32\drivers\fetnd5.sys 2009-02-27 09:39 . 2001-08-17 12:13 27,165 --a--c--- c:\windows\system32\dllcache\fetnd5.sys 2009-02-26 12:23 . 2009-02-26 12:23 <DIR> d-------- c:\windows\system32\LogFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-27 05:09 --------- d-----w c:\program files\ESET 2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((( SnapShot@2009-03-04_ 6.21.09.20 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2009-03-04 07:34:24 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6dc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GW Port Controller"="c:\progra~1\samsung\smarthru\PORTCTRL.EXE" [2004-02-09 163840] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-05-31 921600] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-15 1214856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-12-15 10:18 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\RZZO\\Apoteka 2.1\\Obrada Recepata.exe"= S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2006-03-18 9344] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\bojana\Application Data\Mozilla\Firefox\Profiles\9wde14uz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-03-04 08:34:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(696) c:\windows\system32\imon.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe c:\program files\ESET\nod32krn.exe c:\windows\system32\HPZipm12.exe c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE . ************************************************************************ . Completion time: 2009-03-04 8:40:19 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-04 07:40:08 ComboFix2.txt 2009-03-04 05:23:33 ComboFix3.txt 2009-03-03 15:33:42 Pre-Run: 2,859,761,664 bytes free Post-Run: 2,816,098,304 bytes free 137

Profil

bobby Poslao: 04 Mar 2009 09:59 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo je sada cist log. Restartuj ovaj racunar par puta danas, i posle toga mi napravi nov log da vidim da li se infekcija vraca. Obicno se infekcije vracaju kod startovanja Windowsa, a neke imaju i vreme cekanja od par sati, pa tek se onda usade na sistem. Gledaj da za to vreme ne prikljucujes stickove ili mrezu (ukoliko je moguce), da bi smo se uverili da infekcija nije skrivena negde na samom kompjuteru (a da se u logu ne vidi).

Profil

bojanp Poslao: 06 Mar 2009 11:33 Idi na vrh
offline bojanp Građanin Pridružio: 28 Feb 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo ga ponovo log da vidimo jel jos uvek cist ComboFix 09-03-02.03 - bojana 2009-03-06 11:20:57.8 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.256.91 [GMT 1:00] Running from: c:\documents and settings\bojana\Desktop\ComboFix.exe AV: Eset NOD32 antivirus system 2.51 On-access scanning disabled (Updated) AV: F-Secure Anti-Virus Client Security 5.55 On-access scanning enabled (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 ))))))))))))))))))))))))))))))) . 2009-03-04 13:14 . 2009-03-04 13:14 <DIR> d-------- c:\program files\Google 2009-02-28 15:12 . 2009-02-28 15:12 <DIR> d-------- c:\program files\Trend Micro 2009-02-28 14:19 . 2009-02-28 14:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-28 14:19 . 2009-02-28 14:19 <DIR> d-------- c:\documents and settings\bojana\Application Data\Malwarebytes 2009-02-28 14:19 . 2009-02-28 14:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-28 14:19 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-28 14:19 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-28 14:17 . 2009-02-28 14:17 <DIR> d-------- c:\windows\system32\NtmsData 2009-02-27 19:08 . 2009-03-03 16:22 <DIR> d-------- C:\USBNoRisk 2009-02-27 09:58 . 2009-03-03 16:53 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-02-27 09:58 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll 2009-02-27 09:58 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll 2009-02-27 09:58 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll 2009-02-27 09:58 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll 2009-02-27 09:58 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll 2009-02-27 09:57 . 2009-02-27 10:11 <DIR> d-------- c:\program files\Trojan Remover 2009-02-27 09:57 . 2009-02-27 09:57 <DIR> d-------- c:\documents and settings\bojana\Application Data\Simply Super Software 2009-02-27 09:57 . 2009-02-27 09:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-02-27 09:39 . 2001-08-17 12:13 27,165 --a------ c:\windows\system32\drivers\fetnd5.sys 2009-02-27 09:39 . 2001-08-17 12:13 27,165 --a--c--- c:\windows\system32\dllcache\fetnd5.sys 2009-02-26 12:23 . 2009-02-26 12:23 <DIR> d-------- c:\windows\system32\LogFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-27 05:09 --------- d-----w c:\program files\ESET 2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((( SnapShot@2009-03-04_ 6.21.09.20 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2009-03-06 05:06:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6d0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GW Port Controller"="c:\progra~1\samsung\smarthru\PORTCTRL.EXE" [2004-02-09 163840] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-05-31 921600] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-15 1214856] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-12-15 10:18 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\RZZO\\Apoteka 2.1\\Obrada Recepata.exe"= S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2006-03-18 9344] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\bojana\Application Data\Mozilla\Firefox\Profiles\9wde14uz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-03-06 11:23:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(696) c:\windows\system32\imon.dll . Completion time: 2009-03-06 11:26:23 ComboFix-quarantined-files.txt 2009-03-06 10:26:17 ComboFix2.txt 2009-03-04 07:40:23 ComboFix3.txt 2009-03-04 05:23:33 ComboFix4.txt 2009-03-03 15:33:42 Pre-Run: 2,738,352,128 bytes free Post-Run: 2,727,923,712 bytes free 114

Profil

bobby Poslao: 06 Mar 2009 14:16 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Cist je Mozes da deinstaliras Combofix (znas vec kako ide).

Profil

bojanp Poslao: 06 Mar 2009 14:25 Idi na vrh
offline bojanp Građanin Pridružio: 28 Feb 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! znaci uspeli smo da odradimo Hvala i pozdrav

Profil

MyCity » Ambulanta -> Arhiva Ambulante » log prvog rac

Ko je trenutno na forumu

Ukupno su 665 korisnika na forumu :: 5 registrovanih, 0 sakrivenih i 660 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Komanca, Milos ZA, Muki 123, nenad81, shaja1

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by