[ 93 Stefan @ 07.11.2009. 17:08 ] @
Ćao svima evo ga log: Citat: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:02:46, on 7.11.2009 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\KeePass Password Safe 2\KeePass.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{0F944819-09C1-4655-93F8-09A0B1A068B8}: NameServer = 156.154.70.22,156.154.71.22 O17 - HKLM\System\CS1\Services\Tcpip\..\{0F944819-09C1-4655-93F8-09A0B1A068B8}: NameServer = 156.154.70.22,156.154.71.22 O17 - HKLM\System\CS2\Services\Tcpip\..\{0F944819-09C1-4655-93F8-09A0B1A068B8}: NameServer = 156.154.70.22,156.154.71.22 O17 - HKLM\System\CS3\Services\Tcpip\..\{0F944819-09C1-4655-93F8-09A0B1A068B8}: NameServer = 156.154.70.22,156.154.71.22 O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- End of file - 2507 bytes Ovi IP-ovi su od Comodoa. Je l da? Video sam na njihovom forumu da počinju isto kao i od nekog virusa, čisto da se ne zalećete. Šta je ovo mctadmin.exe? Na nekim mestima govore da je to neki sistemski fajl, a na nekim da je neki trojanac. Jedan je rekao da mu je zauzeće RAM-a opalo za 100 MB kad ga je izbrisao sa Hijack This-om. Verzija Internet Explorera ne može da se otkrije jer sam ga isključio. |