MyCity » Ambulanta -> Arhiva Ambulante » pomoc

pomoc

Napisano na dan: 25.5.2008

Strana:
1
2
3
4

pomoc

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

nesho_15 Poslao: 25 Maj 2008 23:46 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! imao sam Rootkit ali ga je avast izbrisao ali se meni izgubio zvuk .uradio sam system restore i sve se vratilo u normalu.ja mislim da je imak rootkit ostao pa bih vas zamolio da i vi viditee pa da mi kazete sta dalje ciniti.evo izvestaja od programa GMER: GMER 1.0.14.14205 - http://www.gmer.net Rootkit scan 2008-05-25 23:46:20 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAAA5E588] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAAA5E444] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAAA5E922] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAAA5E01C] SSDT sptd.sys ZwEnumerateKey [0xF744CD1C] SSDT sptd.sys ZwEnumerateValueKey [0xF744D0BC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAAA5E51E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAAA5DF5C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAAA5DFC0] SSDT sptd.sys ZwQueryKey [0xF744D194] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAAA5E63E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAAA5E5FE] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAAA5E77E] ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process. .text USBPORT.SYS!DllUnload F6D1E68E 5 Bytes JMP 8660E1B8 ? System32\Drivers\a68n8y48.SYS The system cannot find the file specified. ! ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7448AB6] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7448BEE] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7448B76] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F744971C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74495F2] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F746D7AE] sptd.sys ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 10514510 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1456909939 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0x4A 0x84 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9F 0x18 0x7C 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x64 0x62 0x02 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x38 0x00 0xA1 0x6B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0x4A 0x84 0x15 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9F 0x18 0x7C 0x1B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x64 0x62 0x02 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x38 0x00 0xA1 0x6B ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Di reènik_is1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Di reènik_is1@SlowInfoCache 0x28 0x02 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Di reènik_is1@Changed 0 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1@Inno Setup: Setup Version 5.0.8 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1@Inno Setup: App Path C:\Program Files\Di recnik Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1@InstallLocation C:\Program Files\Di recnik\ Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1@Inno Setup: Icon Group Di recnik Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1@Inno Setup: User user Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1@Inno Setup: Selected Tasks desktopicon Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1@Inno Setup: Deselected Tasks quicklaunchicon Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1@DisplayName Di re?nik, v1.0.049 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1@UninstallString "C:\Program Files\Di recnik\unins000.exe" Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1@QuietUninstallString "C:\Program Files\Di recnik\unins000.exe" /SILENT Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1@Publisher Antivari Software Design, s.a. Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1@URLInfoAbout http://www.antivari.rs Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1@HelpLink http://www.antivari.rs Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1@URLUpdateInfo http://www.antivari.rs Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1@NoModify 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Di reènik_is1@NoRepair 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Call of Duty 2 - Ïîäâèã Ñîëäàòà Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Call of Duty 2 - Ïîäâèã Ñîëäàòà@Order 0x08 0x00 0x00 0x00 ... ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior ---- Files - GMER 1.0.14 ---- File C:\Documents and Settings\user\Cookies\user@mycity.co[1].txt 0 bytes File C:\Documents and Settings\user\Cookies\user@www.mycity.co[2].txt 0 bytes ---- EOF - GMER 1.0.14 ----

Profil

helen1 Poslao: 25 Maj 2008 23:48 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini, ko ti je rekao da koristis gmer? Ako trazis nasu pomoc onda moras pre svega da uradis ovo: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

nesho_15 Poslao: 26 Maj 2008 07:13 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo izvestaj od hijack this: Logfile of HijackThis v1.99.1 Scan saved at 7:11:53, on 26.5.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\GIGABYTE\Common\GNConfig.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\internet\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NoGarbage] C:\Program Files\Avramovic Web Solutions\NoGarbage\NoGarbage.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: Gigabyte Wireless Utility.lnk = C:\Program Files\GIGABYTE\Common\GNConfig.exe O4 - Global Startup: RAID Manager.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebpro.....0.15-3.cab O16 - DPF: {33331111-1111-1111-1111-615111193427} - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V.....1380081296 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6.....3057447093 O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/register/Branding/olr3313/OCX/flashax.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{BF810298-B57C-4CB4-BB6E-69E8A2C7AF2B}: NameServer = 10.24.4.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

Profil

helen1 Poslao: 26 Maj 2008 12:07 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati. ------------------------- Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Desni klik na sred forme programa. Pojaviće se menij u kojem je potrebno otići na Options i tu štiklirati opciju Only non MS files Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao fajl file3.txt Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde fajl koji smo malopre snimili

Profil

nesho_15 Poslao: 26 Maj 2008 15:43 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: ComboFix 08-05-25.4 - user 2008-05-26 15:18:03.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.604 [GMT 2:00] Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\install.exe C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\winnb58.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_POWERMANAGER -------\Service_PowerManager ((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))) . 2008-05-25 23:24 . 2008-05-25 23:24 250 --a------ C:\WINDOWS\gmer.ini 2008-05-25 21:37 . 2008-05-25 23:14 <DIR> d-------- C:\Program Files\Unlocker 2008-05-25 19:45 . 2008-05-25 21:53 68,018 --a------ C:\WINDOWS\system32\ksnhtr.sys 2008-05-24 19:21 . 2008-05-25 23:06 <DIR> d-------- C:\Program Files\Brew Mobile Commander 2008-05-24 13:38 . 2008-05-24 13:38 <DIR> d-------- C:\Program Files\totalcmd2 2008-05-24 13:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-24 13:15 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-21 17:09 . 2008-05-26 13:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-21 17:09 . 2008-05-21 17:09 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-21 16:29 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-05-21 16:29 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-05-21 16:29 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-05-21 16:29 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-05-21 15:45 . 2008-05-21 15:45 <DIR> d-------- C:\Documents and Settings\user\Application Data\FDRLab 2008-05-19 21:45 . 2008-05-20 21:47 <DIR> d-------- C:\Program Files\GameWiz32 2008-05-19 21:45 . 2002-04-19 00:43 73,728 --a------ C:\WINDOWS\system32\GkSui18.EXE 2008-05-19 20:00 . 2008-05-19 20:00 244 --ah----- C:\sqmnoopt15.sqm 2008-05-19 20:00 . 2008-05-19 20:00 232 --ah----- C:\sqmdata15.sqm 2008-05-19 18:33 . 2008-05-19 18:33 244 --ah----- C:\sqmnoopt14.sqm 2008-05-19 18:33 . 2008-05-19 18:33 232 --ah----- C:\sqmdata14.sqm 2008-05-18 12:08 . 2008-05-18 12:26 121 --a------ C:\WINDOWS\bdagent.INI 2008-05-18 12:01 . 2008-05-18 12:28 <DIR> d-------- C:\Program Files\BitDefender 2008-05-18 12:00 . 2008-05-18 12:01 <DIR> d-------- C:\Program Files\Common Files\BitDefender 2008-05-18 11:34 . 2008-05-18 11:34 0 --ah----- C:\WINDOWS\SwSys2.bmp 2008-05-18 11:34 . 2008-05-18 11:34 0 --ah----- C:\WINDOWS\SwSys1.bmp 2008-05-08 17:54 . 2008-05-08 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop 2008-05-05 16:13 . 2008-05-05 16:13 244 --ah----- C:\sqmnoopt13.sqm 2008-05-05 16:13 . 2008-05-05 16:13 232 --ah----- C:\sqmdata13.sqm 2008-05-05 09:53 . 2008-05-05 09:53 244 --ah----- C:\sqmnoopt12.sqm 2008-05-05 09:53 . 2008-05-05 09:53 232 --ah----- C:\sqmdata12.sqm 2008-05-05 09:25 . 2008-05-05 09:25 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-05-04 22:41 . 2008-05-04 22:41 244 --ah----- C:\sqmnoopt11.sqm 2008-05-04 22:41 . 2008-05-04 22:41 232 --ah----- C:\sqmdata11.sqm 2008-05-04 20:55 . 2008-05-04 20:55 244 --ah----- C:\sqmnoopt10.sqm 2008-05-04 20:55 . 2008-05-04 20:55 232 --ah----- C:\sqmdata10.sqm 2008-05-04 19:20 . 2008-05-04 19:20 244 --ah----- C:\sqmnoopt09.sqm 2008-05-04 19:20 . 2008-05-04 19:20 232 --ah----- C:\sqmdata09.sqm 2008-05-04 13:27 . 2008-05-04 13:27 244 --ah----- C:\sqmnoopt08.sqm 2008-05-04 13:27 . 2008-05-04 13:27 232 --ah----- C:\sqmdata08.sqm 2008-05-04 10:56 . 2008-05-04 10:56 244 --ah----- C:\sqmnoopt07.sqm 2008-05-04 10:56 . 2008-05-04 10:56 232 --ah----- C:\sqmdata07.sqm 2008-04-29 15:24 . 2008-04-29 15:24 10 --a------ C:\WINDOWS\system32\810429tv4-test.jun 2008-04-29 08:56 . 2008-04-29 08:56 <DIR> d-------- C:\Program Files\Common Files\Nullsoft 2008-04-29 08:32 . 2008-04-29 08:32 <DIR> d-------- C:\Documents and Settings\user\Application Data\Media Player Classic 2008-04-29 08:31 . 2008-04-29 08:41 <DIR> d-------- C:\Program Files\Real Alternative 2008-04-29 08:21 . 2008-04-29 08:21 <DIR> d-------- C:\Program Files\JLC's Software 2008-04-29 08:21 . 2008-04-29 08:21 <DIR> d-------- C:\Documents and Settings\user\Application Data\JLC's Software 2008-04-28 14:32 . 2008-04-28 14:32 <DIR> d-------- C:\Program Files\Avramovic Web Solutions 2008-04-27 22:14 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2008-04-27 22:14 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2008-04-27 22:14 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2008-04-27 22:14 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2008-04-27 22:14 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2008-04-27 22:14 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2008-04-27 22:14 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2008-04-27 22:14 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2008-04-27 20:49 . 2008-04-27 20:49 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-04-27 20:47 . 2008-05-23 21:26 <DIR> d-------- C:\Program Files\John Deere American Farmer 2008-04-27 15:21 . 2008-04-27 15:22 <DIR> d-------- C:\Program Files\Windows Live Safety Center . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-26 05:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-25 10:38 196,608 ----a-w C:\WINDOWS\system32\drivers\aStandard.bin 2008-05-19 19:10 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire 2008-05-08 19:18 --------- d-----w C:\Program Files\Yahoo! 2008-04-27 18:45 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-27 18:44 --------- d-----w C:\Program Files\Rockstar Games 2008-04-23 18:36 217,088 ----a-w C:\WINDOWS\system32\srkey.exe 2008-04-23 18:36 --------- d-----w C:\Program Files\Atari 2008-04-22 14:37 --------- d-----w C:\Program Files\Ascaron Entertainment 2008-04-14 14:52 --------- d-----w C:\Documents and Settings\user\Application Data\parentalcontrol 2008-04-13 14:40 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-12 18:32 --------- d-----w C:\Program Files\Electronic Arts 2008-04-11 22:15 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-04-08 16:55 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-04-08 16:45 --------- d-----w C:\Program Files\totalcmd 2008-03-31 19:19 --------- d-----w C:\Program Files\Ubisoft 2008-03-31 18:22 --------- d-----w C:\Program Files\Firaxis Games 2008-03-31 18:18 --------- d-----w C:\Program Files\Metro 3D 2008-03-30 16:21 --------- d-----w C:\Program Files\Activision 2008-03-30 06:59 --------- d-----w C:\Program Files\Sony Ericsson 2008-03-02 11:53 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-03-02 08:53 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-03-02 08:53 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-03-01 13:00 103,736 -c--a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-02-28 18:26 66,872 -c--a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-02-26 20:57 17,872 ----a-w C:\WINDOWS\e01.exe 2008-02-26 20:56 22,016 ----a-w C:\WINDOWS\e00.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-03-06 17:21 5724184] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-01 18:11 4670968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-10-13 22:35 61952 C:\WINDOWS\system32\hdashcut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-03-23 07:28 14202368 C:\WINDOWS\RTHDCPL.EXE] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 19:12 90112] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 21:50 155648] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 02:50 33792] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-27 02:17 159744] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-26 01:01 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768] "NoGarbage"="C:\Program Files\Avramovic Web Solutions\NoGarbage\NoGarbage.exe" [2004-11-27 12:37 164352] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872] C:\Documents and Settings\user\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2008-04-23 20:36:26 225280] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872] BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-17 18:08:14 661776] Gigabyte Wireless Utility.lnk - C:\Program Files\GIGABYTE\Common\GNConfig.exe [2008-01-27 15:38:17 741376] RAID Manager.lnk - C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2007-11-17 06:08:42 724992] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "msacm.l3fhg"= mp3fhg.acm "VIDC.ACDV"= ACDV.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Neoact\\Carom3D\\carom.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "D:\\internet\\za teme\\Uploader.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\JLC's Software\\Internet TV\\Internet TV.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"= R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-12-11 01:44] R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-10-13 15:46] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2003-01-31 22:43] R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2003-01-31 22:43] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 20:06] S3 FXDRV;FXDRV;E:\Fxdrv.sys [] S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31] . Contents of the 'Scheduled Tasks' folder "2008-05-08 18:56:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2008-03-09 19:56:45 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-26 15:24:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\Unlocker\UnlockerHook.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************ . Completion time: 2008-05-26 15:29:56 - machine was rebooted [user] ComboFix-quarantined-files.txt 2008-05-26 13:29:51 Pre-Run: 5,987,811,328 bytes free Post-Run: 6,451,822,592 bytes free 211 https://www.mycity.rs/must-login.png

Profil

helen1 Poslao: 26 Maj 2008 21:23 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preko ovog linka pokrenućeš BitDefender Online Scanner. Skeniranje je moguće samo preko Internet Explorer-a sa uključenim ActiveX Control, a obavlja se na sledeći način: Na stranici, prihvate se uslovi korišćenja klikom na I Agree. U prozoru/obaveštenju koje se bude pojavilo prihvati se instalacija skenera kroz ActiveX Control i klikne na Instal. Zatim na Start Scan da bi se započelo skeniranje. Zatim je potrebno sačekati instalaciju skenera, dopunu definicija, i proveru sistema. Po završetku skeniranja klikne sa na opciju More details. Zatim na karticu Detected problems. Klikne se na link Click here to export the scan repost kako bi se snimio izveštaj. Objavi se izveštaj skeniranja na forum. (Opcija "Prikači fajl" u dnu forme za odgovor)

Profil

nesho_15 Poslao: 27 Maj 2008 21:36 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: evo skenirao mi je samo particiju C (u njoj su mi svi programi i sistemski alati) kad je stiglo do particije D (u njoj imam filmove muziku itd.) pise da mu treba 12 h da iskenira celu particiju. evo izvestaja od bit defendera: https://www.mycity.rs/must-login.png

Profil

helen1 Poslao: 27 Maj 2008 23:07 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi mi novi ComboFix log.

Profil

nesho_15 Poslao: 29 Maj 2008 16:01 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! izvinjavam se zbog kasnjenja evo novog cobmo fix log-a: ComboFix 08-05-25.4 - user 2008-05-29 15:47:12.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.588 [GMT 2:00] Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\install.exe C:\WINDOWS\system32\winnb58.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_POWERMANAGER -------\Service_PowerManager ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))) . 2008-05-28 16:14 . 2008-05-28 17:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-28 16:14 . 2008-05-28 16:14 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-27 16:07 . 2008-05-27 16:06 77,768 --a------ C:\izvestaj.html 2008-05-27 14:56 . 2008-05-27 16:06 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-05-26 15:44 . 2008-05-26 15:59 <DIR> d--hs---- C:\RECYCLER(2) 2008-05-25 23:24 . 2008-05-25 23:24 250 --a------ C:\WINDOWS\gmer.ini 2008-05-25 21:37 . 2008-05-25 23:14 <DIR> d-------- C:\Program Files\Unlocker 2008-05-24 19:21 . 2008-05-25 23:06 <DIR> d-------- C:\Program Files\Brew Mobile Commander 2008-05-24 13:38 . 2008-05-24 13:38 <DIR> d-------- C:\Program Files\totalcmd2 2008-05-24 13:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-24 13:15 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-21 16:29 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-05-21 16:29 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-05-21 16:29 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-05-21 16:29 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-05-21 15:45 . 2008-05-21 15:45 <DIR> d-------- C:\Documents and Settings\user\Application Data\FDRLab 2008-05-19 21:45 . 2008-05-20 21:47 <DIR> d-------- C:\Program Files\GameWiz32 2008-05-19 21:45 . 2002-04-19 00:43 73,728 --a------ C:\WINDOWS\system32\GkSui18.EXE 2008-05-19 20:00 . 2008-05-19 20:00 244 --ah----- C:\sqmnoopt15.sqm 2008-05-19 20:00 . 2008-05-19 20:00 232 --ah----- C:\sqmdata15.sqm 2008-05-19 18:33 . 2008-05-19 18:33 244 --ah----- C:\sqmnoopt14.sqm 2008-05-19 18:33 . 2008-05-19 18:33 232 --ah----- C:\sqmdata14.sqm 2008-05-18 12:08 . 2008-05-18 12:26 121 --a------ C:\WINDOWS\bdagent.INI 2008-05-18 12:01 . 2008-05-18 12:28 <DIR> d-------- C:\Program Files\BitDefender 2008-05-18 12:00 . 2008-05-18 12:01 <DIR> d-------- C:\Program Files\Common Files\BitDefender 2008-05-18 11:34 . 2008-05-18 11:34 0 --ah----- C:\WINDOWS\SwSys2.bmp 2008-05-18 11:34 . 2008-05-18 11:34 0 --ah----- C:\WINDOWS\SwSys1.bmp 2008-05-08 17:54 . 2008-05-08 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop 2008-05-05 16:13 . 2008-05-05 16:13 244 --ah----- C:\sqmnoopt13.sqm 2008-05-05 16:13 . 2008-05-05 16:13 232 --ah----- C:\sqmdata13.sqm 2008-05-05 09:53 . 2008-05-05 09:53 244 --ah----- C:\sqmnoopt12.sqm 2008-05-05 09:53 . 2008-05-05 09:53 232 --ah----- C:\sqmdata12.sqm 2008-05-05 09:25 . 2008-05-05 09:25 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-05-04 22:41 . 2008-05-04 22:41 244 --ah----- C:\sqmnoopt11.sqm 2008-05-04 22:41 . 2008-05-04 22:41 232 --ah----- C:\sqmdata11.sqm 2008-05-04 20:55 . 2008-05-04 20:55 244 --ah----- C:\sqmnoopt10.sqm 2008-05-04 20:55 . 2008-05-04 20:55 232 --ah----- C:\sqmdata10.sqm 2008-05-04 19:20 . 2008-05-04 19:20 244 --ah----- C:\sqmnoopt09.sqm 2008-05-04 19:20 . 2008-05-04 19:20 232 --ah----- C:\sqmdata09.sqm 2008-05-04 13:27 . 2008-05-04 13:27 244 --ah----- C:\sqmnoopt08.sqm 2008-05-04 13:27 . 2008-05-04 13:27 232 --ah----- C:\sqmdata08.sqm 2008-05-04 10:56 . 2008-05-04 10:56 244 --ah----- C:\sqmnoopt07.sqm 2008-05-04 10:56 . 2008-05-04 10:56 232 --ah----- C:\sqmdata07.sqm 2008-04-29 15:24 . 2008-04-29 15:24 10 --a------ C:\WINDOWS\system32\810429tv4-test.jun 2008-04-29 08:56 . 2008-04-29 08:56 <DIR> d-------- C:\Program Files\Common Files\Nullsoft 2008-04-29 08:32 . 2008-04-29 08:32 <DIR> d-------- C:\Documents and Settings\user\Application Data\Media Player Classic 2008-04-29 08:31 . 2008-04-29 08:41 <DIR> d-------- C:\Program Files\Real Alternative 2008-04-29 08:21 . 2008-04-29 08:21 <DIR> d-------- C:\Program Files\JLC's Software 2008-04-29 08:21 . 2008-04-29 08:21 <DIR> d-------- C:\Documents and Settings\user\Application Data\JLC's Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-29 12:26 196,608 ----a-w C:\WINDOWS\system32\drivers\aStandard.bin 2008-05-27 19:48 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire 2008-05-26 14:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-23 19:26 --------- d-----w C:\Program Files\John Deere American Farmer 2008-05-08 19:18 --------- d-----w C:\Program Files\Yahoo! 2008-04-28 12:32 --------- d-----w C:\Program Files\Avramovic Web Solutions 2008-04-27 18:49 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-04-27 18:45 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-27 18:44 --------- d-----w C:\Program Files\Rockstar Games 2008-04-27 13:22 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-04-23 18:36 217,088 ----a-w C:\WINDOWS\system32\srkey.exe 2008-04-23 18:36 --------- d-----w C:\Program Files\Atari 2008-04-22 14:37 --------- d-----w C:\Program Files\Ascaron Entertainment 2008-04-14 14:52 --------- d-----w C:\Documents and Settings\user\Application Data\parentalcontrol 2008-04-13 14:40 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-12 18:32 --------- d-----w C:\Program Files\Electronic Arts 2008-04-11 22:15 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-04-08 16:55 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-04-08 16:45 --------- d-----w C:\Program Files\totalcmd 2008-03-31 19:19 --------- d-----w C:\Program Files\Ubisoft 2008-03-31 18:22 --------- d-----w C:\Program Files\Firaxis Games 2008-03-31 18:18 --------- d-----w C:\Program Files\Metro 3D 2008-03-30 16:21 --------- d-----w C:\Program Files\Activision 2008-03-30 06:59 --------- d-----w C:\Program Files\Sony Ericsson 2008-03-02 11:53 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-03-02 08:53 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-03-02 08:53 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-03-01 13:00 103,736 -c--a-w C:\WINDOWS\system32\PnkBstrB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-03-06 17:21 5724184] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-01 18:11 4670968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-10-13 22:35 61952 C:\WINDOWS\system32\hdashcut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-03-23 07:28 14202368 C:\WINDOWS\RTHDCPL.EXE] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 19:12 90112] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 21:50 155648] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 02:50 33792] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-27 02:17 159744] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-26 01:01 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768] "NoGarbage"="C:\Program Files\Avramovic Web Solutions\NoGarbage\NoGarbage.exe" [2004-11-27 12:37 164352] C:\Documents and Settings\user\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2008-04-23 20:36:26 225280] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872] BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-17 18:08:14 661776] Gigabyte Wireless Utility.lnk - C:\Program Files\GIGABYTE\Common\GNConfig.exe [2008-01-27 15:38:17 741376] RAID Manager.lnk - C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2007-11-17 06:08:42 724992] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "msacm.l3fhg"= mp3fhg.acm "VIDC.ACDV"= ACDV.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Neoact\\Carom3D\\carom.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "D:\\internet\\za teme\\Uploader.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\JLC's Software\\Internet TV\\Internet TV.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"= R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-12-11 01:44] R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-10-13 15:46] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2003-01-31 22:43] R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2003-01-31 22:43] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 20:06] S3 FXDRV;FXDRV;E:\Fxdrv.sys [] S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31] . Contents of the 'Scheduled Tasks' folder "2008-05-08 18:56:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2008-03-09 19:56:45 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-29 15:52:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************ . Completion time: 2008-05-29 15:57:58 - machine was rebooted [user] ComboFix-quarantined-files.txt 2008-05-29 13:57:53 Pre-Run: 6,584,242,176 bytes free Post-Run: 6,619,627,520 bytes free 195

Profil

helen1 Poslao: 29 Maj 2008 23:07 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da bi utvrdio da li se ista infekcija stalno vraca uradices ponovo skeniranje sa CF-om. Znaci skeniraj ComboFixom i postavi mi novi log.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » pomoc

Ko je trenutno na forumu

Ukupno su 863 korisnika na forumu :: 42 registrovanih, 7 sakrivenih i 814 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., ajo baba, amaterSRB, Bloody, cenejac111, dane007, Dannyboy, Djokislav, DonRumataEstorski, Duh sa sekirom, dushan, flash12, FOX, Georgius, Griffon vulture, ikan, Ivica1102, jackreacher011011, Karla, Krvava Devetka, kybonacci, Marko Marković, Mi lao shu, Milometer, Mlav, nebojsag, nemkea71, nextyamb, operniki, opt1, raptorsi, RJ, Srle993, stegonosa, Trpe Grozni, Tvrtko I, vathra, W123, yufighter, ZetaMan, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by