MyCity » Ambulanta -> Arhiva Ambulante » Outlook se ne povezuje na Exchange...

Outlook se ne povezuje na Exchange...

Napisano na dan: 11.5.2009

Outlook se ne povezuje na Exchange...

Sledeća strana

Pagination

Odgovori

Srki_82 Poslao: 11 Maj 2009 14:18 Idi na vrh
offline Srki_82 Moderator foruma Srđan Tot Am I evil? I am man, yes I am. Pridružio: 12 Jul 2005 Poruke: 2483 Gde živiš: Ljubljana	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:10:04, on 11.5.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\CodeGear\RAD Studio\5.0\bin\BSQLServer.exe C:\WINDOWS\system32\CLIENTSERVICE.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe d:\Projects\.Net\EPP2Import\EPP2Import\bin\Debug\EPP2Import.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\WINDOWS\system32\vmnat.exe C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE c:\program files\lenovo\system update\suservice.exe C:\Program Files\VMware\VMware Server\vmware-authd.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Server\vmware-hostd.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\system32\TpShocks.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\ISS\Proventia Desktop\blackice.exe C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\srdjant\Desktop\New Folder\nekoNOVObezveznoIME.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.gov.si:80 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-299502267-73586283-839522115-1015\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Proventia Desktop Agent.lnk = ? O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V.....5291458055 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6.....5291759055 O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} (VMware Remote Console Plug-in 2.5.0.00000) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zaslon-telecom.si O17 - HKLM\Software\..\Telephony: DomainName = zaslon-telecom.si O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = zaslon-telecom.si O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlackfishSQL - CodeGear - C:\Program Files\CodeGear\RAD Studio\5.0\bin\BSQLServer.exe O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe O23 - Service: BonusPlusService - Unknown owner - H:\BonusPlus\Service\BonusPlusService.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: CTI Client (ClientService4Com) - Unknown owner - C:\WINDOWS\system32\CLIENTSERVICE.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: EPP2 Import - Zaslon Telecom d.o.o. - d:\Projects\.Net\EPP2Import\EPP2Import\bin\Debug\EPP2Import.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe O23 - Service: Tetra Recorder (ServiceRecorder) - Unknown owner - C:\Documents and Settings\srdjant\Desktop\TetraRecorder\TetraRecorder.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - C:\Program Files\VMware\VMware Server\vmware-hostd.exe O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe O23 - Service: VMware VSS Writer (vmwriter) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmVssWriter.exe O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\VPatch.exe -- End of file - 13367 bytes Kolega je pre nekoliko dana zakacio virus kojeg je sam uklonio (pitanje je da li je virus uspesno uklonjen). Danas u toku rada mi je veza sa Exchange Serverom sama pukla i vise se nije htela uspostaviti. Probao sam neke standardne stvari (konfiguracija firewall-a, repair outlook-a, provera prava mog korisnika,...), ali nista nije pomoglo. Interesuje me da li mozda neki virus onemogucava komunikaciju Outlook-a sa Exchange serverom... i ko za sta jos radi.

Profil

dr_Bora Poslao: 11 Maj 2009 17:03 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Da li su ti poznati ovi programi: C:\Documents and Settings\srdjant\Desktop\TetraRecorder\TetraRecorder.exe H:\BonusPlus\Service\BonusPlusService.exe Upload-uj C:\WINDOWS\system32\CLIENTSERVICE.EXE preko ovog linka: http://www.mycity.rs/ambulanta-upload.php Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Srki_82 Poslao: 11 Maj 2009 17:37 Idi na vrh
offline Srki_82 Moderator foruma Srđan Tot Am I evil? I am man, yes I am. Pridružio: 12 Jul 2005 Poruke: 2483 Gde živiš: Ljubljana	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 11 Maj 2009 17:07 Fajl C:\WINDOWS\system32\CLIENTSERVICE.EXE je poslan. Sva tri fajla su poznata i sami smo ih razvili tako da oni ne bi smeli da budu problem. C:\Documents and Settings\srdjant\Desktop\TetraRecorder\TetraRecorder.exe H:\BonusPlus\Service\BonusPlusService.exe C:\WINDOWS\system32\CLIENTSERVICE.EXE Uskoro stize log. Dopuna: 11 Maj 2009 17:15 ComboFix 09-05-10.07 - srdjant 11.05.2009 17:07.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3066.2317 [GMT 2:00] Running from: c:\documents and settings\srdjant\Desktop\New Folder\ComboFix.exe FW: ISS Proventia 9.0.226.0 disabled WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\srdjant\LOCALS~1\Temp\tmp1.tmp c:\program files\ISS\Proventia Desktop\IBE\ICEPac.dll . ((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 ))))))))))))))))))))))))))))))) . 2009-05-11 09:59 . 2009-05-11 11:26 81984 ----a-w c:\windows\system32\bdod.bin 2009-05-11 09:50 . 2009-05-11 09:56 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender 2009-05-11 09:50 . 2009-05-11 09:50 -------- d-----w c:\program files\BitDefender 2009-05-11 09:50 . 2009-05-11 11:27 -------- d-----w c:\program files\Common Files\BitDefender 2009-05-11 09:42 . 2009-05-11 15:00 -------- d-----w c:\documents and settings\postgres\Application Data\VMware 2009-05-08 08:49 . 2009-05-08 08:49 -------- d-----w c:\documents and settings\srdjant\Application Data\postgresql 2009-05-08 08:32 . 2009-03-26 19:20 200704 ----a-w c:\windows\system32\libssl32.dll 2009-05-08 08:32 . 2009-03-26 19:20 1017344 ----a-w c:\windows\system32\libeay32.dll 2009-05-08 08:32 . 2009-03-26 19:20 200704 ----a-w c:\windows\system32\ssleay32.dll 2009-05-08 08:32 . 2009-05-08 08:32 -------- d-----w C:\OpenSSL 2009-05-08 08:22 . 2009-05-08 08:22 -------- d-----w c:\program files\PostgreSQL 2009-05-08 08:06 . 2009-05-08 08:06 -------- d-----w C:\prog 2009-05-08 07:48 . 2009-05-08 07:49 -------- d-----w C:\Perl 2009-05-04 08:13 . 2009-05-04 08:14 -------- d--h--w c:\program files\Zero G Registry 2009-05-04 08:13 . 2009-05-04 08:13 -------- d--h--w c:\documents and settings\srdjant\InstallAnywhere 2009-04-23 08:28 . 2009-04-23 08:35 -------- d-----w C:\Lang 2009-04-15 16:51 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-15 16:51 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 16:51 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-15 16:51 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 16:51 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 16:51 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 16:51 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 16:51 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-15 16:51 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-15 16:40 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-15 16:40 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-11 12:03 . 2008-10-30 12:13 70112 ----a-w c:\documents and settings\srdjant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-11 11:56 . 2008-11-03 11:52 -------- d-----w c:\program files\Microsoft Works 2009-05-11 11:56 . 2008-10-30 14:14 -------- d-----w c:\program files\MSBuild 2009-05-06 11:56 . 2009-03-25 11:37 1324 ----a-w c:\windows\system32\d3d9caps.dat 2009-04-04 16:03 . 2009-04-04 16:03 -------- d-----w c:\program files\Microangelo 2009-04-03 07:11 . 2009-04-03 07:11 -------- d-----w c:\program files\Microsoft 2009-04-03 07:10 . 2009-04-03 07:10 -------- d-----w c:\program files\Windows Live SkyDrive 2009-04-03 07:10 . 2008-11-15 08:53 -------- d-----w c:\program files\Windows Live 2009-04-03 07:08 . 2009-04-03 07:08 -------- d-----w c:\program files\Common Files\Windows Live 2009-04-01 06:44 . 2008-11-16 09:53 -------- d-----w c:\program files\Java 2009-03-31 07:16 . 2008-11-11 07:53 -------- d-----w c:\program files\NOS 2009-03-26 14:05 . 2009-03-26 14:04 -------- d-----w c:\program files\Common Files\Adobe 2009-03-26 12:26 . 2009-03-26 12:26 -------- d-----w c:\program files\Common Files\Adobe AIR 2009-03-25 13:34 . 2009-03-25 13:34 -------- d-----w c:\program files\Common Files\VMware 2009-03-25 11:04 . 2009-03-25 11:04 -------- d-----w c:\program files\VMware 2009-03-09 03:19 . 2008-11-16 09:53 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-20 10:11 . 2008-11-05 07:49 50355 ----a-w c:\windows\system32\drivers\RapDrv.sys 2009-02-20 10:11 . 2009-02-20 10:07 80512 ----a-w c:\windows\system32\drivers\isskboep.sys 2009-02-20 10:11 . 2008-11-05 07:49 205938 ----a-w c:\windows\system32\drivers\Blackcat.sys 2009-02-20 10:07 . 2009-02-20 10:07 548864 ----a-w c:\windows\msvcp80.dll 2009-02-20 10:07 . 2009-02-20 10:07 499712 ----a-w c:\windows\msvcp71.dll 2006-05-03 09:06 . 2008-12-23 12:28 163328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2008-12-23 12:28 31232 --sh--r c:\windows\system32\msfDX.dll 2008-03-16 12:30 . 2008-12-23 12:28 216064 --sh--r c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-08-15 143360] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-09-25 331776] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-09 165208] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-09 124248] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-07 167936] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2008-06-06 181536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\srdjant\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2008-8-18 604776] Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-11-5 1421328] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2008-08-15 20:37 32768 ----a-w c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ACGina [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [14.5.2008 17:21 114728] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14.5.2008 17:21 19496] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [30.10.2008 13:15 4442] R2 BlackfishSQL;BlackfishSQL;c:\program files\CodeGear\RAD Studio\5.0\bin\BSQLServer.exe [11.12.2007 21:04 65536] R2 ClientService4Com;CTI Client;c:\windows\system32\ClientService.exe [3.11.2008 15:18 368640] R2 EPP2 Import;EPP2 Import;d:\projects\.Net\EPP2Import\EPP2Import\bin\Debug\EPP2Import.exe [10.2.2009 15:18 198656] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [13.3.2009 5:50 65536] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [30.10.2008 13:15 94208] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [12.10.2008 14:24 54960] R2 VMwareHostd;VMware Host Agent;c:\program files\VMware\VMware Server\vmware-hostd.exe [12.10.2008 14:24 322096] R2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\VMware\VMware Server\tomcat\bin\tomcat6.exe [12.10.2008 21:27 57344] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22.2.2008 16:54 37312] S0 black;black;c:\windows\system32\drivers\Blackcat.sys [5.11.2008 9:49 205938] S2 BlackICE;BlackICE;c:\program files\ISS\Proventia Desktop\blackd.exe [5.11.2008 9:49 2081034] S2 BonusPlusService;BonusPlusService;"h:\bonusplus\Service\BonusPlusService.exe" --> h:\bonusplus\Service\BonusPlusService.exe [?] S2 VPatch;ISS Buffer Overflow Exploit Prevention;c:\program files\ISS\Proventia Desktop\VPatch.exe [5.11.2008 9:49 405770] S3 MakoNT;MakoNT;c:\windows\system32\drivers\isskboep.sys [20.2.2009 12:07 80512] S3 rap;rap;c:\windows\system32\drivers\RapDrv.sys [5.11.2008 9:49 50355] S3 ServiceRecorder;Tetra Recorder;c:\documents and settings\srdjant\Desktop\TetraRecorder\TetraRecorder.exe [27.3.2009 12:58 567808] S3 vmwriter;VMware VSS Writer;c:\program files\VMware\VMware Server\vmVssWriter.exe [12.10.2008 14:24 29744] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2.12.2006 7:17 2805000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d65160e4-b247-11dd-b907-001fe2e4be16}] \Shell\AutoRun\command - F:\AutoRun.exe /AUTORUN . Contents of the 'Scheduled Tasks' folder 2008-10-30 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-10-30 00:47] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyServer = proxy.gov.si:80 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\VMware\VMware Server\vsocklib.dll DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} FF - ProfilePath - c:\documents and settings\srdjant\Application Data\Mozilla\Firefox\Profiles\gxrs57du.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\documents and settings\srdjant\Application Data\Mozilla\Firefox\Profiles\gxrs57du.default\extensions\{A2049DEF-A235-488f-878C-B41F8071FA9C}\components\BossKey.dll FF - component: c:\documents and settings\srdjant\Application Data\Mozilla\Firefox\Profiles\gxrs57du.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\documents and settings\srdjant\Application Data\Mozilla\Firefox\Profiles\gxrs57du.default\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-11 17:10 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql] "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1744) c:\windows\system32\VMGINA.DLL c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(1800) c:\program files\ThinkPad\ConnectUtilities\ACGina.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACON.dll c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll . Completion time: 2009-05-11 17:12 ComboFix-quarantined-files.txt 2009-05-11 15:12 Pre-Run: 20.446.769.152 bytes free Post-Run: 20.993.794.048 bytes free 242 --- E O F --- 2009-04-30 01:01 Dopuna: 11 Maj 2009 17:37 Jedan update... sam sam u firmi vec oko sat vremena, niko nista nije dirao ni na mojem racunaru, ni na serveru, a Outlook se upravo bez problema povezao na Exchange.

Profil

dr_Bora Poslao: 11 Maj 2009 17:44 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 11 Maj 2009 17:43 Pa, dobra vest je da ovde nema malware-a. Loša je da ti je nastradao deo BlackICE-a. Biće mu potrebna reinstalacija. Zamolio bih te da zipuješ i uploaduješ folder C:\qoobox preko ranije datog linka. Za konkretan problem koji te muči ćeš morati da se raspitaš u nekom drugom potforumu. Na kraju, Start > Run: combofix /u Dopuna: 11 Maj 2009 17:44 Sad videh dopunu. Fino (upload mi i dalje treba ).

Profil

Srki_82 Poslao: 11 Maj 2009 18:02 Idi na vrh
offline Srki_82 Moderator foruma Srđan Tot Am I evil? I am man, yes I am. Pridružio: 12 Jul 2005 Poruke: 2483 Gde živiš: Ljubljana	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ko zna sta je bilo... u svakom slucaju hvala na trudu i vremenu Folder je zipovan i poslan (qoobox.zip)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Outlook se ne povezuje na Exchange...

Ko je trenutno na forumu

Ukupno su 884 korisnika na forumu :: 7 registrovanih, 1 sakriven i 876 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Fabius, goxin, Marko Marković, opt1, Romibrat, SR-3m, TBF1D

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by