MyCity » Ambulanta -> Arhiva Ambulante » [bobby] problem

[bobby] problem

Napisano na dan: 18.10.2008

Strana:
1
2

[bobby] problem

Sledeća strana

Pagination

Odgovori

Strana:
1
2

zoran.kostic.vranje Poslao: 18 Okt 2008 08:41 Idi na vrh
offline zoran.kostic.vranje Građanin Pridružio: 02 Jul 2008 Poruke: 125	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:31:44, on 18.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\OpenVPN\bin\openvpn-gui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\PnkBstrA.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\quaryhoobou.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Zoki\Desktop\Ambulanta\TR3.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [Link mogu videti samo ulogovani korisnici] O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKfind\PlugIns\IEHelp.dll O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [ciko] C:\WINDOWS\system32\nydooryt.exe O4 - HKLM\..\RunServices: [Speed Driver] sbthost.exe O4 - HKLM\..\RunServices: [ciko] C:\WINDOWS\system32\nydooryt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Blue Coat K9 Web Protection (zaefnat7zy4jy) - Unknown owner - C:\WINDOWS\system32\quaryhoobou.exe (file missing) -- End of file - 7301 bytes U zadnje vreme imam problem sa računarom koji navodi na neki virus: 1. "Automatic updates " opcija mi je uvek isključena, a kad pokušam da je aktiviriram windows mi saopštava da to nije u mogućnosti. Kada probam sa "Microsoft Windows Update" putem interneta dobijam sledeću poruku "The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem. " 2. Drugarica se žali da joj preko "Windows Live Messenger-a" stižu virusi sa mog računara. 3. U procesima u Task manager-u se javljaju procesi čudnog imena. Koristim WinXP professional SP3, ADSL Eunet 512/64 flat

Profil

bobby Poslao: 18 Okt 2008 10:40 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

zoran.kostic.vranje Poslao: 18 Okt 2008 11:37 Idi na vrh
offline zoran.kostic.vranje Građanin Pridružio: 02 Jul 2008 Poruke: 125	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-10-17.01 - Zoki 2008-10-18 11:28:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.2595 [GMT 2:00] Running from: C:\Documents and Settings\Zoki\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\INSTALL.LOG C:\WINDOWS\system32\Cfx32.lic C:\WINDOWS\system32\cfx32.ocx C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-09-18 to 2008-10-18 ))))))))))))))))))))))))))))))) . 2063-09-19 07:50 . 2063-09-19 07:50 5,501 --a------ C:\WINDOWS\system32\rtclmg32.dll 2008-10-18 09:46 . 2008-10-03 11:35 230,400 --a------ C:\WINDOWS\system32\quaryhoobou.exe 2008-10-17 19:08 . 2008-10-18 08:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-10-17 19:08 . 2008-10-17 19:08 1,409 --a------ C:\WINDOWS\QTFont.for 2008-10-16 19:05 . 2008-10-16 19:25 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-10-16 19:05 . 2008-10-16 19:05 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-10-16 19:04 . 2008-10-16 19:04 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-10-16 19:04 . 2008-10-18 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-10-16 19:04 . 2008-10-18 11:31 6,576,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-10-16 19:04 . 2008-10-18 11:31 442,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-10-16 19:04 . 2008-10-18 11:31 55,604 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-10-16 19:04 . 2008-10-18 11:31 4,688 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-10-13 20:35 . 2008-10-17 19:10 9,221 --a------ C:\WINDOWS\system32\QuickTimeFavorites.qtr 2008-10-13 20:34 . 2008-10-13 20:35 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2008-10-13 20:34 . 2004-03-22 07:52 12,276,904 --a------ C:\temp\QuickTimeInstaller.exe 2008-10-13 20:34 . 2008-10-17 19:11 10,308 --a------ C:\WINDOWS\system32\QuickTime.qtp 2008-10-13 20:31 . 2008-10-13 20:32 <DIR> d-------- C:\temp\QT6 2008-10-13 20:15 . 2008-10-13 20:15 <DIR> d-------- C:\Program Files\TEXTware 2008-10-13 20:15 . 2003-09-24 20:24 327,680 --a------ C:\WINDOWS\system32\QFClient2.dll 2008-10-13 20:10 . 2008-10-13 20:10 <DIR> d-------- C:\Program Files\Longman 2008-10-11 15:37 . 2008-10-11 15:37 <DIR> d--h----- C:\WINDOWS\PIF 2008-10-07 18:05 . 2008-10-07 18:05 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\Ahead 2008-10-07 17:46 . 2008-10-07 17:46 <DIR> d-------- C:\Program Files\Valve 2008-10-07 17:45 . 2008-10-16 19:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-07 13:39 . 2008-10-07 13:39 <DIR> d-------- C:\Program Files\MSN Messenger 2008-10-04 21:29 . 2002-04-01 17:53 102,400 --a------ C:\WINDOWS\system32\TrackerNET.dll 2008-10-04 21:27 . 2001-07-31 10:55 217,088 --a------ C:\WINDOWS\system32\libmySQL.dll 2008-10-03 16:41 . 1996-11-08 02:48 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2008-10-03 16:41 . 2006-08-23 14:00 163,840 --a------ C:\WINDOWS\system32\egusound.ocx 2008-10-03 16:41 . 1999-03-13 00:00 127,488 --a------ C:\WINDOWS\system32\Ccrpsld.ocx 2008-10-03 10:03 . 2008-10-03 11:35 230,400 --a------ C:\WINDOWS\system32\nydooryt.exe 2008-09-29 22:19 . 2008-09-29 22:19 134 --a------ C:\WINDOWS\system32\CTSTATUS.FCS 2008-09-29 22:10 . 2008-10-03 17:09 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\F-Secure 2008-09-29 21:41 . 2008-10-16 19:02 <DIR> d-------- C:\Program Files\PC Protection Plus 2008-09-29 21:41 . 2008-09-29 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-09-29 21:41 . 2008-10-16 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-09-29 21:38 . 2008-09-25 16:08 86,169,440 --a------ C:\temp\PC-Protection-Plus-700-387.exe 2008-09-25 14:04 . 2008-04-14 00:24 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys 2008-09-25 14:04 . 2008-04-14 00:24 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys 2008-09-24 15:47 . 2008-09-24 15:47 <DIR> d-------- C:\Program Files\Cambridge 2008-09-24 15:46 . 2008-09-24 15:46 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\cld3-lookup 2008-09-24 15:45 . 2008-09-24 15:45 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-09-24 15:45 . 2008-10-03 23:25 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\EssentialGrammarInUse 2008-09-20 10:41 . 2008-09-20 10:41 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-18 09:18 --------- d-----w C:\Documents and Settings\Zoki\Application Data\uTorrent 2008-10-17 18:11 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-10-15 18:51 494 ----a-w C:\Program Files\Professional 2008-10-15 18:51 --------- d-----w C:\Program Files\Professional §©®ÎŢt v.4 Black 2008-10-15 17:10 --------- d-----w C:\Documents and Settings\Zoki\Application Data\XnView 2008-10-14 06:42 --------- d-----w C:\Documents and Settings\Zoki\Application Data\skypePM 2008-10-14 06:42 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Skype 2008-10-13 18:35 --------- d-----w C:\Program Files\QuickTime 2008-10-13 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-10-10 18:54 --------- d-----w C:\Documents and Settings\Zoki\Application Data\dvdcss 2008-10-08 19:24 --------- d-----w C:\Program Files\Achilles-Script 5.0 Black 2008-10-07 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-29 12:29 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Wildfire 2008-09-28 06:39 --------- d-----w C:\Program Files\GIMPPortable 2008-09-26 12:07 --------- d-----w C:\Program Files\EA Sports 2008-09-23 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-09-22 17:41 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-20 07:46 2,828 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys 2008-09-20 07:45 88 --sh--r C:\Documents and Settings\All Users\Application Data\B7CBA65A96.sys 2008-09-17 18:25 --------- d-----w C:\Documents and Settings\Zoki\Application Data\FarStone 2008-09-17 18:12 --------- d-----w C:\Program Files\FarStone 2008-09-17 18:11 81,920 ----a-w C:\WINDOWS\system32\Dversion.dll 2008-09-17 18:11 61,440 ----a-w C:\WINDOWS\system32\RDrvNTInterface.dll 2008-09-17 18:11 61,440 ----a-w C:\WINDOWS\system32\RDrv2KInterface.dll 2008-09-17 18:11 28,672 ----a-w C:\WINDOWS\system32\RDrv9xInterface.dll 2008-09-17 18:11 24,576 ----a-w C:\WINDOWS\system32\RDrvInterface.dll 2008-09-17 18:11 114,688 ----a-w C:\WINDOWS\system32\DVC.dll 2008-09-15 17:28 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Corel 2008-09-15 17:27 --------- d-----w C:\Program Files\Common Files\Protexis 2008-09-15 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel 2008-09-15 17:25 --------- d-----w C:\Program Files\Corel 2008-09-15 17:25 --------- d-----w C:\Program Files\Common Files\Corel 2008-09-15 09:43 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-15 09:43 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-09-14 07:53 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft 2008-09-13 21:23 --------- d-----w C:\Program Files\Pristy Utils 2008-09-11 12:54 --------- d-----w C:\Program Files\Common Files\INCA Shared 2008-09-10 16:47 --------- d-----w C:\Program Files\Games-Masters.com 2008-09-06 10:21 --------- d-----w C:\Documents and Settings\Zoki\Application Data\U3 2008-09-06 05:53 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Bret Taylor 2008-09-05 14:46 --------- d-----w C:\Program Files\Google 2008-09-02 18:56 --------- d-----w C:\Program Files\Sierra On-Line 2008-09-02 18:49 --------- d-----w C:\Program Files\cstrike 2008-09-02 18:44 --------- d-----w C:\Program Files\D-Tools 2008-09-01 08:47 --------- d-----w C:\Program Files\TeamViewer3 2008-09-01 08:47 --------- d-----w C:\Documents and Settings\Zoki\Application Data\TeamViewer 2008-08-26 16:23 --------- d-----w C:\Program Files\Mv2Player 2008-08-26 15:40 --------- d-----w C:\Program Files\The Simpsons Hit 'n' run 2008-08-25 17:21 --------- d-----w C:\Program Files\registracija.programa 2008-08-25 17:07 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-25 17:06 --------- d-----w C:\Program Files\InstallShield 2008-08-25 17:05 --------- d-----w C:\Program Files\InstallShield Express - Borland Limited Edition 2008-08-20 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\U3 2008-08-19 18:21 --------- d-----w C:\Program Files\NotesSQL 2008-08-19 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-19 18:20 --------- d-----w C:\Program Files\Crystal Decisions 2008-08-19 18:20 --------- d-----w C:\Program Files\Common Files\Merge Modules 2008-08-19 18:20 --------- d-----w C:\Program Files\Common Files\Crystal Decisions 2008-08-19 14:35 --------- d-----w C:\Program Files\MSXML 4.0 2008-08-19 10:05 --------- d-----w C:\Program Files\NBA 2008 2008-08-18 11:19 --------- d-----w C:\Program Files\Sony Ericsson 2008-08-18 11:19 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-08-18 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-08-03 15:06 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-08-01 10:21 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-07-31 19:51 14,290 ----a-w C:\Program Files\settings.dat 2008-07-31 17:20 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-07-29 18:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-04-14 03:42 933,888 --sh--r C:\WINDOWS\system32\sbthost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "openvpn-gui"="C:\Program Files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "ciko"="C:\WINDOWS\system32\nydooryt.exe" [2008-10-03 230400] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "ciko"="C:\WINDOWS\system32\nydooryt.exe" [2008-10-03 230400] "Speed Driver"="sbthost.exe" [2008-04-14 C:\WINDOWS\system32\sbthost.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784] R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 119552] R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 5504] R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] R3 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2003-08-09 60008] R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-04-09 12039552] R3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624] S2 zaefnat7zy4jy;Blue Coat K9 Web Protection;C:\WINDOWS\system32\quaryhoobou.exe [2008-10-03 230400] S3 dump_wmimmc;dump_wmimmc;C:\Program Files\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [ ] S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568] S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys [ ] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2da133c1-612c-11dd-9f72-0021851090d7}] \Shell\AutoRun\command - ta2.cmd \Shell\explore\Command - ta2.cmd \Shell\open\Command - ta2.cmd . Contents of the 'Scheduled Tasks' folder 2008-10-18 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Zoki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 16:46] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Zoki\Application Data\Mozilla\Firefox\Profiles\242yqlac.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - FF -: plugin - C:\Documents and Settings\Zoki\Local Settings\Application Data\Google\Update\1.2.131.19\npGoogleOneClick6.dll FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava11.dll FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava12.dll FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava13.dll FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJava32.dll FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPJPI141_02.dll FF -: plugin - C:\Program Files\Java\j2re1.4.1_02\bin\NPOJI610.dll FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava11.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava12.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava13.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava32.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJPI141_02.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPOJI610.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-10-18 11:32:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-10-18 11:34:45 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-18 09:34:42 Pre-Run: 171.087.126.528 bytes free Post-Run: 170,982,637,568 bytes free 253 --- E O F --- 2008-09-10 16:40:07

Profil

bobby Poslao: 18 Okt 2008 12:07 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1. Posalji mi sledeci fajl na proveru: C:\WINDOWS\system32\rtclmg32.dll Upload uradi preko sledece forme: [Link mogu videti samo ulogovani korisnici] 2. Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\quaryhoobou.exe C:\WINDOWS\system32\nydooryt.exe Driver:: zaefnat7zy4jy` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Ima jos nakon toga da se uradi, ali odradi prvo ovo sto sam gore napisao.

Profil

zoran.kostic.vranje Poslao: 18 Okt 2008 12:24 Idi na vrh
offline zoran.kostic.vranje Građanin Pridružio: 02 Jul 2008 Poruke: 125	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poslao sam fajl C:\WINDOWS\system32\rtclmg32.dll Dopuna: 18 Okt 2008 12:24 ComboFix 08-10-17.01 - Zoki 2008-10-18 12:13:17.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.2545 [GMT 2:00] Running from: C:\Documents and Settings\Zoki\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Zoki\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\nydooryt.exe C:\WINDOWS\system32\quaryhoobou.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\nydooryt.exe C:\WINDOWS\system32\quaryhoobou.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ZAEFNAT7ZY4JY -------\Service_zaefnat7zy4jy ((((((((((((((((((((((((( Files Created from 2008-09-18 to 2008-10-18 ))))))))))))))))))))))))))))))) . 2063-09-19 07:50 . 2063-09-19 07:50 5,501 --a------ C:\WINDOWS\system32\rtclmg32.dll 2008-10-17 19:08 . 2008-10-18 08:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-10-17 19:08 . 2008-10-17 19:08 1,409 --a------ C:\WINDOWS\QTFont.for 2008-10-16 19:05 . 2008-10-16 19:25 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-10-16 19:05 . 2008-10-16 19:05 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-10-16 19:04 . 2008-10-16 19:04 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-10-16 19:04 . 2008-10-18 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-10-16 19:04 . 2008-10-18 12:14 6,583,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-10-16 19:04 . 2008-10-18 12:14 450,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-10-16 19:04 . 2008-10-18 12:14 55,660 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-10-16 19:04 . 2008-10-18 12:14 4,716 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-10-13 20:35 . 2008-10-17 19:10 9,221 --a------ C:\WINDOWS\system32\QuickTimeFavorites.qtr 2008-10-13 20:34 . 2008-10-13 20:35 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2008-10-13 20:34 . 2004-03-22 07:52 12,276,904 --a------ C:\temp\QuickTimeInstaller.exe 2008-10-13 20:34 . 2008-10-17 19:11 10,308 --a------ C:\WINDOWS\system32\QuickTime.qtp 2008-10-13 20:31 . 2008-10-13 20:32 <DIR> d-------- C:\temp\QT6 2008-10-13 20:15 . 2008-10-13 20:15 <DIR> d-------- C:\Program Files\TEXTware 2008-10-13 20:15 . 2003-09-24 20:24 327,680 --a------ C:\WINDOWS\system32\QFClient2.dll 2008-10-13 20:10 . 2008-10-13 20:10 <DIR> d-------- C:\Program Files\Longman 2008-10-11 15:37 . 2008-10-11 15:37 <DIR> d--h----- C:\WINDOWS\PIF 2008-10-07 18:05 . 2008-10-07 18:05 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\Ahead 2008-10-07 17:46 . 2008-10-07 17:46 <DIR> d-------- C:\Program Files\Valve 2008-10-07 17:45 . 2008-10-16 19:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-07 13:39 . 2008-10-07 13:39 <DIR> d-------- C:\Program Files\MSN Messenger 2008-10-04 21:29 . 2002-04-01 17:53 102,400 --a------ C:\WINDOWS\system32\TrackerNET.dll 2008-10-04 21:27 . 2001-07-31 10:55 217,088 --a------ C:\WINDOWS\system32\libmySQL.dll 2008-10-03 16:41 . 1996-11-08 02:48 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2008-10-03 16:41 . 2006-08-23 14:00 163,840 --a------ C:\WINDOWS\system32\egusound.ocx 2008-10-03 16:41 . 1999-03-13 00:00 127,488 --a------ C:\WINDOWS\system32\Ccrpsld.ocx 2008-09-29 22:19 . 2008-09-29 22:19 134 --a------ C:\WINDOWS\system32\CTSTATUS.FCS 2008-09-29 22:10 . 2008-10-03 17:09 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\F-Secure 2008-09-29 21:41 . 2008-10-16 19:02 <DIR> d-------- C:\Program Files\PC Protection Plus 2008-09-29 21:41 . 2008-09-29 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-09-29 21:41 . 2008-10-16 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-09-29 21:38 . 2008-09-25 16:08 86,169,440 --a------ C:\temp\PC-Protection-Plus-700-387.exe 2008-09-25 14:04 . 2008-04-14 00:24 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys 2008-09-25 14:04 . 2008-04-14 00:24 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys 2008-09-24 15:47 . 2008-09-24 15:47 <DIR> d-------- C:\Program Files\Cambridge 2008-09-24 15:46 . 2008-09-24 15:46 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\cld3-lookup 2008-09-24 15:45 . 2008-09-24 15:45 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-09-24 15:45 . 2008-10-03 23:25 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\EssentialGrammarInUse 2008-09-20 10:41 . 2008-09-20 10:41 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-18 09:18 --------- d-----w C:\Documents and Settings\Zoki\Application Data\uTorrent 2008-10-17 18:11 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-10-15 18:51 494 ----a-w C:\Program Files\Professional 2008-10-15 18:51 --------- d-----w C:\Program Files\Professional §©®ÎŢt v.4 Black 2008-10-15 17:10 --------- d-----w C:\Documents and Settings\Zoki\Application Data\XnView 2008-10-14 06:42 --------- d-----w C:\Documents and Settings\Zoki\Application Data\skypePM 2008-10-14 06:42 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Skype 2008-10-13 18:35 --------- d-----w C:\Program Files\QuickTime 2008-10-13 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-10-10 18:54 --------- d-----w C:\Documents and Settings\Zoki\Application Data\dvdcss 2008-10-08 19:24 --------- d-----w C:\Program Files\Achilles-Script 5.0 Black 2008-10-07 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-29 12:29 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Wildfire 2008-09-28 06:39 --------- d-----w C:\Program Files\GIMPPortable 2008-09-26 12:07 --------- d-----w C:\Program Files\EA Sports 2008-09-23 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-09-22 17:41 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-20 07:46 2,828 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys 2008-09-20 07:45 88 --sh--r C:\Documents and Settings\All Users\Application Data\B7CBA65A96.sys 2008-09-17 18:25 --------- d-----w C:\Documents and Settings\Zoki\Application Data\FarStone 2008-09-17 18:12 --------- d-----w C:\Program Files\FarStone 2008-09-17 18:11 81,920 ----a-w C:\WINDOWS\system32\Dversion.dll 2008-09-17 18:11 61,440 ----a-w C:\WINDOWS\system32\RDrvNTInterface.dll 2008-09-17 18:11 61,440 ----a-w C:\WINDOWS\system32\RDrv2KInterface.dll 2008-09-17 18:11 28,672 ----a-w C:\WINDOWS\system32\RDrv9xInterface.dll 2008-09-17 18:11 24,576 ----a-w C:\WINDOWS\system32\RDrvInterface.dll 2008-09-17 18:11 114,688 ----a-w C:\WINDOWS\system32\DVC.dll 2008-09-15 17:28 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Corel 2008-09-15 17:27 --------- d-----w C:\Program Files\Common Files\Protexis 2008-09-15 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel 2008-09-15 17:25 --------- d-----w C:\Program Files\Corel 2008-09-15 17:25 --------- d-----w C:\Program Files\Common Files\Corel 2008-09-15 09:43 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-15 09:43 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-09-14 07:53 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft 2008-09-13 21:23 --------- d-----w C:\Program Files\Pristy Utils 2008-09-11 12:54 --------- d-----w C:\Program Files\Common Files\INCA Shared 2008-09-10 16:47 --------- d-----w C:\Program Files\Games-Masters.com 2008-09-06 10:21 --------- d-----w C:\Documents and Settings\Zoki\Application Data\U3 2008-09-06 05:53 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Bret Taylor 2008-09-05 14:46 --------- d-----w C:\Program Files\Google 2008-09-02 18:56 --------- d-----w C:\Program Files\Sierra On-Line 2008-09-02 18:49 --------- d-----w C:\Program Files\cstrike 2008-09-02 18:44 --------- d-----w C:\Program Files\D-Tools 2008-09-01 08:47 --------- d-----w C:\Program Files\TeamViewer3 2008-09-01 08:47 --------- d-----w C:\Documents and Settings\Zoki\Application Data\TeamViewer 2008-08-26 16:23 --------- d-----w C:\Program Files\Mv2Player 2008-08-26 15:40 --------- d-----w C:\Program Files\The Simpsons Hit 'n' run 2008-08-25 17:21 --------- d-----w C:\Program Files\registracija.programa 2008-08-25 17:07 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-25 17:06 --------- d-----w C:\Program Files\InstallShield 2008-08-25 17:05 --------- d-----w C:\Program Files\InstallShield Express - Borland Limited Edition 2008-08-20 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\U3 2008-08-19 18:21 --------- d-----w C:\Program Files\NotesSQL 2008-08-19 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-19 18:20 --------- d-----w C:\Program Files\Crystal Decisions 2008-08-19 18:20 --------- d-----w C:\Program Files\Common Files\Merge Modules 2008-08-19 18:20 --------- d-----w C:\Program Files\Common Files\Crystal Decisions 2008-08-19 14:35 --------- d-----w C:\Program Files\MSXML 4.0 2008-08-19 10:05 --------- d-----w C:\Program Files\NBA 2008 2008-08-18 11:19 --------- d-----w C:\Program Files\Sony Ericsson 2008-08-18 11:19 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-08-18 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-08-03 15:06 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-08-01 10:21 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-07-31 19:51 14,290 ----a-w C:\Program Files\settings.dat 2008-07-31 17:20 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-07-29 18:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-04-14 03:42 933,888 --sh--r C:\WINDOWS\system32\sbthost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "openvpn-gui"="C:\Program Files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Speed Driver"="sbthost.exe" [2008-04-14 C:\WINDOWS\system32\sbthost.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784] R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 119552] R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 5504] R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] R3 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2003-08-09 60008] R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-04-09 12039552] R3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624] S3 dump_wmimmc;dump_wmimmc;C:\Program Files\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [ ] S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568] S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys [ ] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2da133c1-612c-11dd-9f72-0021851090d7}] \Shell\AutoRun\command - ta2.cmd \Shell\explore\Command - ta2.cmd \Shell\open\Command - ta2.cmd . Contents of the 'Scheduled Tasks' folder 2008-10-18 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Zoki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 16:46] . - - - - ORPHANS REMOVED - - - - HKLM-Run-ciko - C:\WINDOWS\system32\nydooryt.exe HKLM-RunServices-ciko - C:\WINDOWS\system32\nydooryt.exe ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-10-18 12:16:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-10-18 12:18:04 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-18 10:18:00 Pre-Run: 170.956.677.120 bytes free Post-Run: 170,944,479,232 bytes free 232 --- E O F --- 2008-09-10 16:40:07

Profil

bobby Poslao: 19 Okt 2008 00:54 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! zorane, cekamo jos uvek na analizu onog fajla koji si poslao. Ja nisam uspeo sam da dodjem do bilo kakvog zakljucka u vezi njega, pa sam morao da ga posaljem dalje nekim ljudima da ga pogledaju. Dopuna: 19 Okt 2008 0:54 Otvori Notepad i unesi sledeci tekst: `attrib -S -H C:\WINDOWS\system32\sbthost.exe` Fajl snimi negde kao Look.bat Startuj taj programcic duplim klikom. Samo ce na trenutak da se pojavi prozor programa, i odmah ce nestati. Sada bi sledeci fajl trebao da bude vidljiv u exploreru: C:\WINDOWS\system32\sbthost.exe Uploaduj ga na proveru preko sledece forme: [Link mogu videti samo ulogovani korisnici] Sto se tice onog fajla na ciju analizu cekamo, dobio sam informaciju da je kriptovan i da nije pravi DLL. Jos uvek cekam na info kojem programu pripada. Tip mi kaze da mozda pripada Zone Alarmu, ali ti nemas instaliran Zone Alarm, tako da to otpada.

Profil

zoran.kostic.vranje Poslao: 19 Okt 2008 09:27 Idi na vrh
offline zoran.kostic.vranje Građanin Pridružio: 02 Jul 2008 Poruke: 125	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadoovao sam traženi fajl. Pozdrav

Profil

bobby Poslao: 19 Okt 2008 09:35 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\sbthost.exe C:\WINDOWS\system32\rtclmg32.dll Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Speed Driver"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2da133c1-612c-11dd-9f72-0021851090d7}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Ovaj zadnji fajl sto si mi poslao, to je bot i upao je sam na tvoj komp zato sto nemas instaliran firewall. Porazmisli o instaliranju nekog firewalla. Javi da li ima jos nekih vidljivih simptoma.

Profil

zoran.kostic.vranje Poslao: 19 Okt 2008 18:25 Idi na vrh
offline zoran.kostic.vranje Građanin Pridružio: 02 Jul 2008 Poruke: 125	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-10-18.03 - Zoki 2008-10-19 18:20:17.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.2580 [GMT 2:00] Running from: C:\Documents and Settings\Zoki\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Zoki\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\rtclmg32.dll C:\WINDOWS\system32\sbthost.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\rtclmg32.dll C:\WINDOWS\system32\sbthost.exe . ((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 ))))))))))))))))))))))))))))))) . 2008-10-19 17:06 . 2008-10-19 17:25 13,030 --a------ C:\PDOXUSRS.NET 2008-10-17 19:08 . 2008-10-19 09:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-10-17 19:08 . 2008-10-17 19:08 1,409 --a------ C:\WINDOWS\QTFont.for 2008-10-16 19:05 . 2008-10-16 19:25 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-10-16 19:05 . 2008-10-16 19:05 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-10-16 19:04 . 2008-10-16 19:04 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-10-16 19:04 . 2008-10-19 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-10-16 19:04 . 2008-10-18 22:03 6,583,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-10-16 19:04 . 2008-10-19 17:07 466,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-10-16 19:04 . 2008-10-18 22:03 55,660 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-10-16 19:04 . 2008-10-19 17:07 5,820 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-10-13 20:35 . 2008-10-17 19:10 9,221 --a------ C:\WINDOWS\system32\QuickTimeFavorites.qtr 2008-10-13 20:34 . 2008-10-13 20:35 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2008-10-13 20:34 . 2004-03-22 07:52 12,276,904 --a------ C:\temp\QuickTimeInstaller.exe 2008-10-13 20:34 . 2008-10-17 19:11 10,308 --a------ C:\WINDOWS\system32\QuickTime.qtp 2008-10-13 20:31 . 2008-10-13 20:32 <DIR> d-------- C:\temp\QT6 2008-10-13 20:15 . 2008-10-13 20:15 <DIR> d-------- C:\Program Files\TEXTware 2008-10-13 20:15 . 2003-09-24 20:24 327,680 --a------ C:\WINDOWS\system32\QFClient2.dll 2008-10-13 20:10 . 2008-10-13 20:10 <DIR> d-------- C:\Program Files\Longman 2008-10-11 15:37 . 2008-10-11 15:37 <DIR> d--h----- C:\WINDOWS\PIF 2008-10-07 18:05 . 2008-10-07 18:05 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\Ahead 2008-10-07 17:46 . 2008-10-07 17:46 <DIR> d-------- C:\Program Files\Valve 2008-10-07 17:45 . 2008-10-16 19:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-07 13:39 . 2008-10-07 13:39 <DIR> d-------- C:\Program Files\MSN Messenger 2008-10-04 21:29 . 2002-04-01 17:53 102,400 --a------ C:\WINDOWS\system32\TrackerNET.dll 2008-10-04 21:27 . 2001-07-31 10:55 217,088 --a------ C:\WINDOWS\system32\libmySQL.dll 2008-10-03 16:41 . 1996-11-08 02:48 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2008-10-03 16:41 . 2006-08-23 14:00 163,840 --a------ C:\WINDOWS\system32\egusound.ocx 2008-10-03 16:41 . 1999-03-13 00:00 127,488 --a------ C:\WINDOWS\system32\Ccrpsld.ocx 2008-09-29 22:19 . 2008-09-29 22:19 134 --a------ C:\WINDOWS\system32\CTSTATUS.FCS 2008-09-29 22:10 . 2008-10-03 17:09 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\F-Secure 2008-09-29 21:41 . 2008-10-16 19:02 <DIR> d-------- C:\Program Files\PC Protection Plus 2008-09-29 21:41 . 2008-09-29 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-09-29 21:41 . 2008-10-16 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-09-29 21:38 . 2008-09-25 16:08 86,169,440 --a------ C:\temp\PC-Protection-Plus-700-387.exe 2008-09-25 14:04 . 2008-04-14 00:24 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys 2008-09-25 14:04 . 2008-04-14 00:24 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys 2008-09-24 15:47 . 2008-09-24 15:47 <DIR> d-------- C:\Program Files\Cambridge 2008-09-24 15:46 . 2008-09-24 15:46 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\cld3-lookup 2008-09-24 15:45 . 2008-09-24 15:45 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-09-24 15:45 . 2008-10-03 23:25 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\EssentialGrammarInUse 2008-09-20 10:41 . 2008-09-20 10:41 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-19 15:03 --------- d-----w C:\Documents and Settings\Zoki\Application Data\uTorrent 2008-10-18 14:11 495 ----a-w C:\Program Files\Professional 2008-10-18 14:11 --------- d-----w C:\Program Files\Professional §©®ÎŢt v.4 Black 2008-10-18 10:32 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-10-15 17:10 --------- d-----w C:\Documents and Settings\Zoki\Application Data\XnView 2008-10-14 06:42 --------- d-----w C:\Documents and Settings\Zoki\Application Data\skypePM 2008-10-14 06:42 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Skype 2008-10-13 18:35 --------- d-----w C:\Program Files\QuickTime 2008-10-13 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-10-10 18:54 --------- d-----w C:\Documents and Settings\Zoki\Application Data\dvdcss 2008-10-08 19:24 --------- d-----w C:\Program Files\Achilles-Script 5.0 Black 2008-10-07 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-29 12:29 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Wildfire 2008-09-28 06:39 --------- d-----w C:\Program Files\GIMPPortable 2008-09-26 12:07 --------- d-----w C:\Program Files\EA Sports 2008-09-23 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-09-22 17:41 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-20 07:46 2,828 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys 2008-09-20 07:45 88 --sh--r C:\Documents and Settings\All Users\Application Data\B7CBA65A96.sys 2008-09-17 18:25 --------- d-----w C:\Documents and Settings\Zoki\Application Data\FarStone 2008-09-17 18:12 --------- d-----w C:\Program Files\FarStone 2008-09-17 18:11 81,920 ----a-w C:\WINDOWS\system32\Dversion.dll 2008-09-17 18:11 61,440 ----a-w C:\WINDOWS\system32\RDrvNTInterface.dll 2008-09-17 18:11 61,440 ----a-w C:\WINDOWS\system32\RDrv2KInterface.dll 2008-09-17 18:11 28,672 ----a-w C:\WINDOWS\system32\RDrv9xInterface.dll 2008-09-17 18:11 24,576 ----a-w C:\WINDOWS\system32\RDrvInterface.dll 2008-09-17 18:11 114,688 ----a-w C:\WINDOWS\system32\DVC.dll 2008-09-15 17:28 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Corel 2008-09-15 17:27 --------- d-----w C:\Program Files\Common Files\Protexis 2008-09-15 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel 2008-09-15 17:25 --------- d-----w C:\Program Files\Corel 2008-09-15 17:25 --------- d-----w C:\Program Files\Common Files\Corel 2008-09-15 09:43 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-15 09:43 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-09-14 07:53 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft 2008-09-13 21:23 --------- d-----w C:\Program Files\Pristy Utils 2008-09-11 12:54 --------- d-----w C:\Program Files\Common Files\INCA Shared 2008-09-10 16:47 --------- d-----w C:\Program Files\Games-Masters.com 2008-09-06 10:21 --------- d-----w C:\Documents and Settings\Zoki\Application Data\U3 2008-09-06 05:53 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Bret Taylor 2008-09-05 14:46 --------- d-----w C:\Program Files\Google 2008-09-02 18:56 --------- d-----w C:\Program Files\Sierra On-Line 2008-09-02 18:49 --------- d-----w C:\Program Files\cstrike 2008-09-02 18:44 --------- d-----w C:\Program Files\D-Tools 2008-09-01 08:47 --------- d-----w C:\Program Files\TeamViewer3 2008-09-01 08:47 --------- d-----w C:\Documents and Settings\Zoki\Application Data\TeamViewer 2008-08-26 16:23 --------- d-----w C:\Program Files\Mv2Player 2008-08-26 15:40 --------- d-----w C:\Program Files\The Simpsons Hit 'n' run 2008-08-25 17:21 --------- d-----w C:\Program Files\registracija.programa 2008-08-25 17:07 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-25 17:06 --------- d-----w C:\Program Files\InstallShield 2008-08-25 17:05 --------- d-----w C:\Program Files\InstallShield Express - Borland Limited Edition 2008-08-20 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\U3 2008-08-19 18:21 --------- d-----w C:\Program Files\NotesSQL 2008-08-19 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-19 18:20 --------- d-----w C:\Program Files\Crystal Decisions 2008-08-19 18:20 --------- d-----w C:\Program Files\Common Files\Merge Modules 2008-08-19 18:20 --------- d-----w C:\Program Files\Common Files\Crystal Decisions 2008-08-19 14:35 --------- d-----w C:\Program Files\MSXML 4.0 2008-08-19 10:05 --------- d-----w C:\Program Files\NBA 2008 2008-08-03 15:06 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-08-01 10:21 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-07-31 19:51 14,290 ----a-w C:\Program Files\settings.dat 2008-07-31 17:20 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-07-29 18:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "openvpn-gui"="C:\Program Files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784] R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 119552] R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 5504] R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] R3 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2003-08-09 60008] R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-04-09 12039552] R3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624] S3 dump_wmimmc;dump_wmimmc;C:\Program Files\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [ ] S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568] S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys [ ] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] . Contents of the 'Scheduled Tasks' folder 2008-10-19 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Zoki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 16:46] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-10-19 18:21:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-10-19 18:22:12 ComboFix-quarantined-files.txt 2008-10-19 16:22:10 Pre-Run: 171.033.223.168 bytes free Post-Run: 171,017,646,080 bytes free 196 --- E O F --- 2008-09-10 16:40:07

Profil

bobby Poslao: 19 Okt 2008 18:28 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nisi mi odgovorio na pitanje da li jos ima vidljivih simptoma (posto je log sada cist)?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » [bobby] problem

Ko je trenutno na forumu

Ukupno su 1609 korisnika na forumu :: 106 registrovanih, 11 sakrivenih i 1492 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 252., A.R.Chafee.Jr., aleksamaki, Apok, artbit, bog sunca, bojan581, bojan_t, boxbole, bpop, brandža84, BSD, CCCP, Ciri1994, Clouseau, coaa, cvrle312, DalmatinacMF, dd201176, DeerHunter, despodovski.s, Despot1, djboj, Djota1, djuradj, draganl, drimer, dule10savic, dushan, Dvogled, Dzuki, ekser222, FileFinder, g_g, gorval, GveX, Hardenberg, Jan, janezek67, Jelly4183, Još malo pa deda, Kalem, karjatid, Kenanjoz, keyz, Khalid ibn al-Walid, kib, knutveliki, Kriglord, Kubovac, laurusri, LostInSpaceandTime, Lucky91, Makeitdrip, Maruti, mat, medaTT, mercedesamg, Mercury, mgolub, miki kv, Miki281, MiroslavD, miso2709, mnn2, Mrav Obrad, nebkv, neko iz mase, Nepopravljivi, nikolapetkovic, Nikoletina Bursac, nixos, nobutado, oblivion, panonski mornar, pein, Pero, Pero Petković, PITT, PoolbegD02, Povratak1912, Prečanin30, proka89, Robin, ruma, samsung, sap, Sava89, Sharpshooter, snikolic, Stanislav1970, starlights, stegonosa, suton, TheDictator, tmanda323, trutcina, TRZH92, Uros Cuore Sportivo, veljko82, vojnik švejk, vrlenija, VX1, Yekaterinburg, zdrebac, ziggga

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by