MyCity » Ambulanta -> Arhiva Ambulante » killVBS.vbs

killVBS.vbs

Napisano na dan: 18.4.2008

Strana:
1
2

killVBS.vbs

Sledeća strana

Pagination

Odgovori

Strana:
1
2

dankisha Poslao: 18 Apr 2008 14:50 Idi na vrh
offline dankisha Građanin Pridružio: 08 Maj 2005 Poruke: 227	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Molim pomoc. Stalno se pojavljuje i zarazi flash. Ocistim ga flash Disinfector-om ali ponovo ga zarazi. Skenirao sam NOD-om ,on ga je pronasao i bacio u karantin ali po podizanju sistema prijavljuje da neki fajl nedostaje pa kad vratim iz karantina "Jovo-nanovo". MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscript.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\WINDOWS\SYSTEM32\SRPSKEY.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\bpk.exe C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe C:\Program Files\USB Safely Remove\(zabranjeno)\USBSafelyRemove.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Radio\Desktop\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mediasoftware.sonypictures.com/.net F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\killVBS.vbs O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [srpskey] C:\WINDOWS\SYSTEM32\SRPSKEY.EXE O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe O4 - HKCU\..\Run: [Analogue Vista Clock] C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\(zabranjeno)\USBSafelyRemove.exe /startup O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe P.S. Perfect keylogger sam ja instalirao ali sad ni njega ne mogu da se resim.

Profil

dr_Bora Poslao: 18 Apr 2008 22:35 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

dankisha Poslao: 21 Apr 2008 13:07 Idi na vrh
offline dankisha Građanin Pridružio: 08 Maj 2005 Poruke: 227	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala na pomoci. Da ne pomislite da sam zbrisao obavestavam Vas da cu tek u ponedeljak moci ovo da odradim. Nadam se da to nije problem. Pozz Dopuna: 21 Apr 2008 13:07 Evo log-a: ComboFix 08-04-20.2 - Radio 2008-04-21 13:00:05.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.566 [GMT 2:00] Running from: C:\Documents and Settings\Radio\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\BazaUspon\Slike\Desktop_.ini C:\Documents and Settings\Radio\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML . ((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))) . 2008-04-21 09:11 . 2008-04-21 09:11 <DIR> d-------- C:\Program Files\Copernic Desktop Search 2 2008-04-19 06:59 . 2008-04-19 06:59 15,158 --a------ C:\WINDOWS\Ascd_tmp.ini 2008-04-18 13:53 . 2008-04-18 13:53 <DIR> d-------- C:\Program Files\Olympus 2008-04-18 13:53 . 2005-06-01 09:54 110,592 --a------ C:\WINDOWS\system32\OdiOlDVR.dll 2008-04-18 13:53 . 2005-01-14 19:01 86,016 --a------ C:\WINDOWS\system32\STRDEVAPI.dll 2008-04-18 13:53 . 2003-12-15 19:44 73,728 --a------ C:\WINDOWS\system32\VNUSB.dll 2008-04-18 13:53 . 2003-06-13 17:49 73,728 --a------ C:\WINDOWS\system32\DW90USB.DLL 2008-04-18 13:53 . 2004-06-21 10:14 53,248 --a------ C:\WINDOWS\system32\OdiAPI.dll 2008-04-18 13:53 . 2001-04-09 19:17 39,096 --a------ C:\WINDOWS\system32\drivers\DW90USB.SYS 2008-04-18 13:53 . 2003-12-15 18:22 38,448 --a------ C:\WINDOWS\system32\drivers\VNUSB.sys 2008-04-17 18:18 . 2008-04-17 18:20 48,654 --a------ C:\WINDOWS\system32\oemlogo.bmp 2008-04-17 18:18 . 2008-04-17 18:20 68 --a------ C:\WINDOWS\system32\oeminfo.ini 2008-04-17 18:02 . 2008-04-18 14:08 <DIR> d-------- C:\Program Files\Max2k 2008-04-17 16:30 . 2008-04-17 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-17 14:06 . 2008-04-17 14:25 <DIR> d-------- C:\Program Files\SHOUTcast 2008-04-14 13:22 . 2008-04-14 13:22 <DIR> d-------- C:\Program Files\Marsu-Fix 2008-04-14 13:22 . 2008-04-14 13:22 159,841 --a------ C:\WINDOWS\Marsu-Fix Uninstaller.exe 2008-04-14 13:17 . 2008-04-14 13:17 <DIR> d-------- C:\Program Files\ESET 2008-04-11 13:33 . 2008-04-11 13:33 <DIR> d-------- C:\Documents and Settings\Radio\Application Data\Media Player Classic 2008-04-11 10:52 . 2008-04-11 10:52 <DIR> d-------- C:\Program Files\CDex_150 2008-04-11 09:57 . 2008-04-11 09:57 <DIR> d-------- C:\Documents and Settings\Radio\Application Data\ESET 2008-04-11 09:56 . 2008-04-11 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-04-11 09:49 . 2008-04-11 09:49 <DIR> d-------- C:\Program Files\Opera 2008-04-11 07:12 . 2008-04-11 07:12 <DIR> d-------- C:\Program Files\uTorrent 2008-04-09 09:42 . 2008-04-09 09:42 <DIR> d-------- C:\Program Files\PowerQuest 2008-04-08 11:44 . 2008-04-08 11:44 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-04-08 11:44 . 2008-04-08 11:44 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-04-08 11:44 . 2008-04-08 11:44 <DIR> d-------- C:\Program Files\MSBuild 2008-04-08 11:44 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll 2008-04-08 11:39 . 2008-04-08 11:39 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-04-08 11:39 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-04-08 11:09 . 2008-04-08 11:09 <DIR> d-------- C:\Program Files\URUSoft 2008-04-08 10:55 . 2008-04-14 18:56 <DIR> d-------- C:\BazaUspon 2008-04-07 12:16 . 2008-04-19 09:57 0 --a------ C:\WINDOWS\system32\killVBS.vbs 2008-04-04 16:34 . 2008-04-17 13:24 <DIR> d-------- C:\Documents and Settings\Radio\Application Data\dvdcss 2008-04-03 19:43 . 2008-04-03 19:43 38 --a------ C:\WINDOWS\avisplitter.INI 2008-04-03 17:17 . 2008-04-03 17:17 <DIR> d-------- C:\Program Files\Passware 2008-04-03 16:10 . 2008-04-21 12:56 167,456 --a------ C:\WINDOWS\system32\bpk.dat 2008-04-03 15:55 . 2008-04-11 12:33 <DIR> d-------- C:\Documents and Settings\Radio\Application Data\AdobeUM 2008-04-03 15:41 . 2008-04-21 11:41 <DIR> d-------- C:\WINDOWS\system32\dt 2008-04-03 13:41 . 2008-04-18 14:09 <DIR> d-------- C:\Documents and Settings\Radio\Application Data\skypePM 2008-04-03 13:41 . 2008-04-03 13:41 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-04-03 13:39 . 2008-04-03 13:39 <DIR> d-------- C:\Program Files\Skype 2008-04-03 13:39 . 2008-04-03 13:39 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-04-03 13:39 . 2008-04-18 14:16 <DIR> d-------- C:\Documents and Settings\Radio\Application Data\Skype 2008-04-03 13:39 . 2008-04-03 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-04-03 13:16 . 2008-04-03 13:16 <DIR> d-------- C:\Program Files\Google 2008-04-02 19:07 . 2008-04-02 19:07 <DIR> d-------- C:\Documents and Settings\Radio\Application Data\vlc 2008-04-02 18:40 . 2008-04-02 18:40 <DIR> d-------- C:\Program Files\VideoLAN 2008-04-02 12:52 . 2008-04-11 13:33 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-04-01 16:23 . 2008-04-01 16:23 <DIR> d-------- C:\Documents and Settings\Radio\Application Data\AltrixSoft 2008-04-01 16:01 . 2008-04-01 16:02 <DIR> d-------- C:\Program Files\Your Uninstaller 2008 2008-04-01 16:01 . 2008-04-01 16:01 <DIR> d-------- C:\Documents and Settings\Radio\Application Data\URSoft 2008-04-01 16:01 . 2008-04-18 14:08 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-01 15:07 . 2008-04-01 15:07 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007 2008-04-01 15:07 . 2008-04-01 15:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-01 15:07 . 2008-04-01 15:07 <DIR> d-------- C:\Documents and Settings\Radio\Application Data\TuneUp Software 2008-04-01 15:07 . 2008-04-01 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-04-01 15:07 . 2006-12-19 16:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-04-01 14:11 . 2008-04-01 14:11 <DIR> d-------- C:\Program Files\Casio_FX-9860G_SD_Calculator 2008-04-01 14:07 . 2008-04-01 14:07 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-04-01 14:07 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-04-01 14:05 . 2008-04-01 14:05 <DIR> d-------- C:\Documents and Settings\Radio\Application Data\USBSafelyRemove 2008-04-01 14:04 . 2008-04-01 14:04 <DIR> d-------- C:\Program Files\USB Safely Remove 2008-04-01 14:02 . 2008-04-01 14:02 <DIR> d-------- C:\Documents and Settings\Radio\Application Data\Publish Providers 2008-04-01 13:58 . 2008-04-01 13:58 <DIR> d-------- C:\Documents and Settings\Radio\Application Data\Sony 2008-04-01 13:57 . 2008-04-01 13:57 <DIR> d-------- C:\Program Files\Vstplugins 2008-04-01 13:57 . 2008-04-01 13:58 <DIR> d-------- C:\Program Files\Sony 2008-04-01 13:49 . 2008-04-01 13:49 6,693 --a------ C:\78875.sym 2008-04-01 13:49 . 2008-04-01 13:49 3,982 --a------ C:\WINDOWS\kj01d.sys 2008-04-01 13:48 . 2008-04-01 13:48 49,692 --a------ C:\WINDOWS\system32\drivers\XMS1563K.SYS 2008-04-01 13:47 . 2005-06-10 13:21 417,792 --a------ C:\WINDOWS\system32\fldrvw61.ocx 2008-04-01 13:47 . 2004-11-19 10:24 122,880 --a------ C:\WINDOWS\EMF_Decrypt.exe 2008-04-01 13:47 . 2003-05-13 12:41 49,152 --a------ C:\WINDOWS\system32\cdlock.dll 2008-04-01 13:47 . 2005-08-26 14:37 28,672 --a------ C:\WINDOWS\ALI.EXE 2008-04-01 13:47 . 2003-04-09 01:58 24,576 --a------ C:\WINDOWS\MAGIC.EXE 2008-04-01 13:47 . 2008-04-01 13:50 190 --a------ C:\WINDOWS\z56k2.ini 2008-04-01 13:46 . 2008-04-01 13:46 <DIR> d-------- C:\Program Files\iColorFolder 2008-04-01 13:43 . 2008-04-01 13:43 <DIR> d-------- C:\Program Files\Analogue Vista Clock 2008-04-01 13:42 . 2008-04-01 13:42 <DIR> d-------- C:\Program Files\CCleaner 2008-04-01 13:42 . 2007-07-02 13:11 35,840 --a------ C:\WINDOWS\system32\srpskey.exe 2008-04-01 13:42 . 2008-04-01 13:42 4,096 --a------ C:\WINDOWS\system32\srpskeyh5.dll 2008-04-01 13:39 . 2008-04-17 14:06 <DIR> d-------- C:\Program Files\Winamp 2008-04-01 13:39 . 2008-04-17 14:12 <DIR> d-------- C:\Documents and Settings\Radio\Application Data\Winamp 2008-04-01 13:31 . 2008-04-01 13:31 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-04-01 13:31 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-04-01 13:26 . 2008-04-01 13:26 <DIR> d-------- C:\Documents and Settings\Radio\Application Data\Nero 2008-04-01 13:24 . 2008-04-01 13:24 <DIR> d-------- C:\Program Files\Nero 2008-04-01 13:24 . 2008-04-01 13:25 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-04-01 13:24 . 2008-04-01 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-04-01 13:18 . 2008-04-01 13:18 8 --a------ C:\WINDOWS\system32\ntP2.trk 2008-04-01 13:17 . 2008-04-01 13:18 <DIR> d-------- C:\Program Files\MP3Producer 2008-04-01 13:14 . 2008-04-01 13:14 1,158 --a------ C:\WINDOWS\mozver.dat 2008-04-01 13:09 . 2008-04-01 13:09 <DIR> d-------- C:\Program Files\BSplayer 2008-04-01 13:06 . 2008-04-01 13:06 <DIR> d-------- C:\WINDOWS\Cache 2008-04-01 13:02 . 2008-04-01 13:04 <DIR> d-------- C:\Program Files\totalcmd6.01 2008-04-01 12:57 . 2008-04-18 19:03 <DIR> d-------- C:\Instalacije 2008-03-31 17:59 . 2008-04-01 13:26 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.dat.LOG 2008-03-31 17:58 . 2000-12-13 04:21 7,572,224 --a------ C:\WINDOWS\system32\CT8MGM.SF2 2008-03-31 17:58 . 2000-12-05 03:11 4,174,814 --a------ C:\WINDOWS\system32\CT4MGM.SF2 2008-03-31 17:58 . 1999-09-22 09:18 2,167,684 -ra------ C:\WINDOWS\system32\ct2mgm.sf2 2008-03-31 17:55 . 2008-03-31 18:05 <DIR> d-------- C:\Program Files\Creative 2008-03-31 17:47 . 2008-03-31 17:47 <DIR> d-------- C:\Program Files\MT882 2008-03-31 17:47 . 2005-08-22 11:22 38,400 --a------ C:\WINDOWS\system32\CoInst.dll 2008-03-31 17:47 . 2006-03-20 09:32 30,336 --a------ C:\WINDOWS\system32\drivers\glauiad.sys 2008-03-31 17:47 . 2006-03-22 11:59 19,220 --------- C:\WINDOWS\wwdslcfg.ini 2008-03-31 17:46 . 2008-03-31 17:46 <DIR> d-------- C:\Program Files\MadOnion.com 2008-03-31 17:46 . 2008-04-18 13:53 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-03-31 17:46 . 2008-03-31 17:46 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-03-28 16:50 . 2008-03-28 17:24 288 --a------ C:\WINDOWS\packegtag.reg . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-02 14:59 --------- d-----w C:\Program Files\PerformanceTest 2008-04-01 14:42 --------- d-----w C:\Program Files\Canon 2008-03-31 16:41 --------- d-----w C:\Program Files\totalcmd 2008-03-31 16:39 --------- d-----w C:\Program Files\Sony Setup 2008-03-31 16:37 --------- d-----w C:\Documents and Settings\Radio\Application Data\Sony Setup 2008-03-31 16:29 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-31 16:29 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-03-31 16:22 --------- d-----w C:\Program Files\S3 2008-03-31 16:16 --------- d-----w C:\Program Files\Lavasoft 2008-03-31 16:16 --------- d-----w C:\Documents and Settings\Radio\Application Data\Lavasoft 2008-03-31 15:54 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-31 14:45 --------- d-----w C:\Program Files\VIA 2008-03-31 14:34 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Analogue Vista Clock"="C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe" [2007-11-14 19:38 194560] "USB Safely Remove"="C:\Program Files\USB Safely Remove\(zabranjeno)\USBSafelyRemove.exe" [2007-11-22 21:07 628387] "Copernic Desktop Search 2"="C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" [2008-03-03 22:45 1583624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "srpskey"="C:\WINDOWS\SYSTEM32\SRPSKEY.EXE" [2007-07-02 13:11 35840] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072] "bpk"="C:\WINDOWS\system32\bpk.exe" [2007-04-03 15:36 417792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "msacm.ac3acm"= ac3acm.acm "msacm.lameacm"= lameACM.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk backup=C:\WINDOWS\pss\Device Detector 3.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpk] --a------ 2007-04-03 15:36 417792 C:\WINDOWS\system32\bpk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search] C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --------- 2005-10-31 10:51 57344 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper] -ra------ 2005-05-03 13:38 64512 C:\WINDOWS\system32\P17.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] -ra------ 2005-03-11 05:33 53248 C:\WINDOWS\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] -ra------ 2005-11-04 06:15 163840 C:\WINDOWS\system32\VTTrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "bpk"=C:\WINDOWS\system32\bpk.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\CNAB4RPK.EXE"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:56] R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 09:32] S0 XMS1563K;XMS1563K;C:\WINDOWS\system32\drivers\XMS1563K.sys [2008-04-01 13:48] S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 18:22] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-04-18 15:16:21 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-21 13:01:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\SYZ_DAT C:\WINDOWS\system32\drivers\MFX.sys 49692 bytes executable scan completed successfully hidden files: 2 ************************************************************************ . Completion time: 2008-04-21 13:02:10 ComboFix-quarantined-files.txt 2008-04-21 11:02:07 Pre-Run: 25,289,277,440 bytes free Post-Run: 25,344,335,872 bytes free 227

Profil

dr_Bora Poslao: 21 Apr 2008 18:12 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi program Flash_Disinfector. program se pokreće dvoklikom na Flash_Disinfector.exe kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay) kliknuti na OK i sačekati da se proces završi kada se pojavi poruka Done !!, kliknuti na OK. ------------------------------------------------------------------------------------- Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\killVBS.vbs C:\WINDOWS\system32\bpk.dat C:\WINDOWS\system32\bpk.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "bpk"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpk] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "bpk"=- DirLook:: C:\Program Files` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

dankisha Poslao: 22 Apr 2008 10:06 Idi na vrh
offline dankisha Građanin Pridružio: 08 Maj 2005 Poruke: 227	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-04-20.2 - Radio 2008-04-22 9:50:55.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.604 [GMT 2:00] Running from: C:\Documents and Settings\Radio\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Radio\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\bpk.dat C:\WINDOWS\system32\bpk.exe C:\WINDOWS\system32\killVBS.vbs . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\28463 C:\WINDOWS\system32\28463\WKBH.001 C:\WINDOWS\system32\28463\WKBH.002 C:\WINDOWS\system32\28463\WKBH.005 C:\WINDOWS\system32\28463\WKBH.006 C:\WINDOWS\system32\28463\WKBH.007 C:\WINDOWS\system32\28463\WKBH.009.tmp C:\WINDOWS\system32\28463\WKBH.exe C:\WINDOWS\system32\bpk.dat C:\WINDOWS\system32\bpk.exe C:\WINDOWS\system32\killVBS.vbs . ...

Profil

dankisha Poslao: 22 Apr 2008 10:46 Idi na vrh
offline dankisha Građanin Pridružio: 08 Maj 2005 Poruke: 227	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mislim da nisam uspeo ceo log da iskopiram. Kako da ga postavim?

Profil

dr_Bora Poslao: 22 Apr 2008 16:39 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Priloži C:\ComboFix.txt uz poruku (koristi opciju Prikači fajl).

Profil

dankisha Poslao: 23 Apr 2008 09:16 Idi na vrh
offline dankisha Građanin Pridružio: 08 Maj 2005 Poruke: 227	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo log-a: https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png Hvala.

Profil

dr_Bora Poslao: 23 Apr 2008 17:47 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jesi li ti instalirao program Magic Folders? Skinuti SDFix na Desktop. Dupli klik na SDFix.exe ce raspakovati program u folder C:\SDFix, osim ukoliko putanja nije drugacije odredjena pri raspakivanju. Restartovati kompjuter u Safe Mode Uci u folder u kojem je raspakovan SDFix i startovati RunThis.bat Stisnuti Y da bi se zapocelo skeniranje Nakon skeniranja ce se pojaviti poruka da ce kompjuter biti restartovan Pritisnuti bilo koji taster da bi se kompjuter restartovao Nakon restarta ce se automatski pokrenuti jos jedno skeniranje, i po njegovom zavrsetku ce se pojaviti poruka Finished Nakon ucitavanja desktop ikonica, na ekranu ce se pojaviti izvestaj. Izvestaj ce ujedno biti snimljen i kao Report.txt u folderu u kojem je SDFix raspakovan Iskopirati izvestaj u poruku na forumu, i postaviti i nov log programa HijackThis ------------------------------------------------------------------------------------- Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Priloži uz poruku ta dva file-a.

Profil

dankisha Poslao: 24 Apr 2008 09:44 Idi na vrh
offline dankisha Građanin Pridružio: 08 Maj 2005 Poruke: 227	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1.Magic Folders sam ja instalirao,koristim ga vec godinama. 2.SDFix log SDFix: Version 1.174 Run by Radio on źet 24.04.2008 at 09:21 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\Radio\Desktop\TR3.exe.exe - Deleted C:\WINDOWS\system32\dt\2008-04-03_15-41-23-8452781 - Deleted C:\WINDOWS\system32\dt\2008-04-04_13-01-13-334312 - Deleted C:\WINDOWS\system32\dt\2008-04-04_13-06-13-634312 - Deleted C:\WINDOWS\system32\dt\2008-04-04_13-11-13-934265 - Deleted C:\WINDOWS\system32\dt\2008-04-04_13-16-13-1234281 - Deleted C:\WINDOWS\system32\dt\2008-04-04_13-21-14-1535140 - Deleted C:\WINDOWS\system32\dt\2008-04-04_13-26-13-1834187 - Deleted C:\WINDOWS\system32\dt\2008-04-04_13-31-14-2134921 - Deleted C:\WINDOWS\system32\dt\2008-04-04_13-36-13-2434203 - Deleted C:\WINDOWS\system32\dt\2008-04-04_13-41-13-2734265 - Deleted C:\WINDOWS\system32\dt\2008-04-04_13-46-13-3034343 - Deleted C:\WINDOWS\system32\dt\2008-04-04_13-51-13-3334250 - Deleted C:\WINDOWS\system32\dt\2008-04-04_13-56-13-3634281 - Deleted C:\WINDOWS\system32\dt\2008-04-04_14-01-13-3934343 - Deleted C:\WINDOWS\system32\dt\2008-04-05_07-03-57-332765 - Deleted C:\WINDOWS\system32\dt\2008-04-05_07-08-57-632734 - Deleted C:\WINDOWS\system32\dt\2008-04-05_07-13-57-932781 - Deleted C:\WINDOWS\system32\dt\2008-04-07_07-21-30-329984 - Deleted C:\WINDOWS\system32\dt\2008-04-07_09-14-56-339546 - Deleted C:\WINDOWS\system32\dt\2008-04-07_09-19-57-639578 - Deleted C:\WINDOWS\system32\dt\2008-04-07_09-24-56-939531 - Deleted C:\WINDOWS\system32\dt\2008-04-07_09-29-56-1240359 - Deleted C:\WINDOWS\system32\dt\2008-04-07_09-34-56-1539531 - Deleted C:\WINDOWS\system32\dt\2008-04-07_11-08-17-333953 - Deleted C:\WINDOWS\system32\dt\2008-04-07_11-13-17-633968 - Deleted C:\WINDOWS\system32\dt\2008-04-07_11-18-17-934000 - Deleted C:\WINDOWS\system32\dt\2008-04-07_11-23-17-1233968 - Deleted C:\WINDOWS\system32\dt\2008-04-07_11-28-17-1534015 - Deleted C:\WINDOWS\system32\dt\2008-04-08_10-14-09-332984 - Deleted C:\WINDOWS\system32\dt\2008-04-08_10-19-09-632968 - Deleted C:\WINDOWS\system32\dt\2008-04-08_10-24-09-933000 - Deleted C:\WINDOWS\system32\dt\2008-04-08_10-29-09-1232968 - Deleted C:\WINDOWS\system32\dt\2008-04-08_11-32-16-337218 - Deleted C:\WINDOWS\system32\dt\2008-04-08_11-37-16-637125 - Deleted C:\WINDOWS\system32\dt\2008-04-08_11-42-21-947546 - Deleted C:\WINDOWS\system32\dt\2008-04-08_11-52-46-363968 - Deleted C:\WINDOWS\system32\dt\2008-04-08_11-57-45-663531 - Deleted C:\WINDOWS\system32\dt\2008-04-08_12-08-27-335468 - Deleted C:\WINDOWS\system32\dt\2008-04-08_12-13-27-635453 - Deleted C:\WINDOWS\system32\dt\2008-04-09_07-35-52-346781 - Deleted C:\WINDOWS\system32\dt\2008-04-09_10-01-47-334140 - Deleted C:\WINDOWS\system32\dt\2008-04-09_10-06-47-633968 - Deleted C:\WINDOWS\system32\dt\2008-04-09_10-11-47-933953 - Deleted C:\WINDOWS\system32\dt\2008-04-09_10-16-47-1234109 - Deleted C:\WINDOWS\system32\dt\2008-04-09_10-57-48-332468 - Deleted C:\WINDOWS\system32\dt\2008-04-09_11-02-48-632453 - Deleted C:\WINDOWS\system32\dt\2008-04-09_11-07-48-932453 - Deleted C:\WINDOWS\system32\dt\2008-04-09_11-12-48-1232531 - Deleted C:\WINDOWS\system32\dt\2008-04-09_11-17-48-1532515 - Deleted C:\WINDOWS\system32\dt\2008-04-09_11-22-48-1832453 - Deleted C:\WINDOWS\system32\dt\2008-04-09_11-27-48-2132515 - Deleted C:\WINDOWS\system32\dt\2008-04-09_11-32-48-2432437 - Deleted C:\WINDOWS\system32\dt\2008-04-09_11-37-48-2732453 - Deleted C:\WINDOWS\system32\dt\2008-04-09_11-42-48-3032515 - Deleted C:\WINDOWS\system32\dt\2008-04-09_11-47-48-3332484 - Deleted C:\WINDOWS\system32\dt\2008-04-09_11-52-48-3632546 - Deleted C:\WINDOWS\system32\dt\2008-04-09_11-57-48-3932531 - Deleted C:\WINDOWS\system32\dt\2008-04-09_12-02-48-4232546 - Deleted C:\WINDOWS\system32\dt\2008-04-09_12-07-48-4532578 - Deleted C:\WINDOWS\system32\dt\2008-04-09_12-12-48-4832531 - Deleted C:\WINDOWS\system32\dt\2008-04-09_12-17-48-5132531 - Deleted C:\WINDOWS\system32\dt\2008-04-09_12-22-48-5432531 - Deleted C:\WINDOWS\system32\dt\2008-04-09_12-27-48-5732671 - Deleted C:\WINDOWS\system32\dt\2008-04-09_12-50-02-336609 - Deleted C:\WINDOWS\system32\dt\2008-04-09_12-55-02-636593 - Deleted C:\WINDOWS\system32\dt\2008-04-09_13-00-02-936609 - Deleted C:\WINDOWS\system32\dt\2008-04-09_13-05-02-1236593 - Deleted C:\WINDOWS\system32\dt\2008-04-09_13-10-02-1536593 - Deleted C:\WINDOWS\system32\dt\2008-04-09_13-15-02-1836578 - Deleted C:\WINDOWS\system32\dt\2008-04-10_10-32-19-351015 - Deleted C:\WINDOWS\system32\dt\2008-04-10_10-37-19-651046 - Deleted C:\WINDOWS\system32\dt\2008-04-10_10-42-19-951015 - Deleted C:\WINDOWS\system32\dt\2008-04-10_10-47-19-1251046 - Deleted C:\WINDOWS\system32\dt\2008-04-10_10-52-19-1551046 - Deleted C:\WINDOWS\system32\dt\2008-04-10_10-57-19-1851015 - Deleted C:\WINDOWS\system32\dt\2008-04-10_11-02-19-2151046 - Deleted C:\WINDOWS\system32\dt\2008-04-10_11-07-19-2451015 - Deleted C:\WINDOWS\system32\dt\2008-04-10_11-12-19-2751046 - Deleted C:\WINDOWS\system32\dt\2008-04-10_11-17-19-3051031 - Deleted C:\WINDOWS\system32\dt\2008-04-10_11-22-19-3351031 - Deleted C:\WINDOWS\system32\dt\2008-04-10_11-27-19-3651031 - Deleted C:\WINDOWS\system32\dt\2008-04-10_11-32-19-3951015 - Deleted C:\WINDOWS\system32\dt\2008-04-10_11-37-19-4251453 - Deleted C:\WINDOWS\system32\dt\2008-04-10_11-42-19-4551015 - Deleted C:\WINDOWS\system32\dt\2008-04-10_11-47-19-4851031 - Deleted C:\WINDOWS\system32\dt\2008-04-10_11-52-19-5151015 - Deleted C:\WINDOWS\system32\dt\2008-04-10_11-57-19-5451015 - Deleted C:\WINDOWS\system32\dt\2008-04-10_12-02-19-5751015 - Deleted C:\WINDOWS\system32\dt\2008-04-10_12-07-19-6051078 - Deleted C:\WINDOWS\system32\dt\2008-04-10_16-16-43-339562 - Deleted C:\WINDOWS\system32\dt\2008-04-10_16-48-00-334187 - Deleted C:\WINDOWS\system32\dt\2008-04-11_07-51-43-335062 - Deleted C:\WINDOWS\system32\dt\2008-04-11_07-56-43-634984 - Deleted C:\WINDOWS\system32\dt\2008-04-11_08-01-43-935000 - Deleted C:\WINDOWS\system32\dt\2008-04-11_08-06-43-1234906 - Deleted C:\WINDOWS\system32\dt\2008-04-11_10-06-02-336640.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_10-11-02-636609.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_10-16-02-936609.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_10-21-02-1236656.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_10-26-02-1536531.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_10-31-02-1836578.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_10-36-02-2136546.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_10-41-02-2436562.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_10-46-02-2736531.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_10-51-03-3037015.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_10-56-08-3342328.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_11-01-05-3639437.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_11-06-03-3936953.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_11-11-02-4236546.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_11-16-02-4536515.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_11-21-02-4836500.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_11-26-02-5136531.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_11-31-02-5436500.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_11-36-02-5736546.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_11-41-02-6036578.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_11-46-02-6336609.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-11_11-51-02-6636609.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-12_07-52-29-335484 - Deleted C:\WINDOWS\system32\dt\2008-04-13_19-45-07-339031 - Deleted C:\WINDOWS\system32\dt\2008-04-14_13-21-42-334015 - Deleted C:\WINDOWS\system32\dt\2008-04-14_13-28-44-338750 - Deleted C:\WINDOWS\system32\dt\2008-04-14_13-33-44-638765 - Deleted C:\WINDOWS\system32\dt\2008-04-14_13-38-45-939375 - Deleted C:\WINDOWS\system32\dt\2008-04-14_13-43-44-1238734 - Deleted C:\WINDOWS\system32\dt\2008-04-14_13-48-44-1538750 - Deleted C:\WINDOWS\system32\dt\2008-04-14_13-53-45-1838656 - Deleted C:\WINDOWS\system32\dt\2008-04-14_13-58-45-2138687 - Deleted C:\WINDOWS\system32\dt\2008-04-14_14-03-45-2438671 - Deleted C:\WINDOWS\system32\dt\2008-04-14_14-08-45-2738671 - Deleted C:\WINDOWS\system32\dt\2008-04-14_14-13-45-3038687 - Deleted C:\WINDOWS\system32\dt\2008-04-14_14-18-45-3338656 - Deleted C:\WINDOWS\system32\dt\2008-04-14_14-23-45-3638671 - Deleted C:\WINDOWS\system32\dt\2008-04-14_14-28-44-3938812 - Deleted C:\WINDOWS\system32\dt\2008-04-14_14-33-44-4238734 - Deleted C:\WINDOWS\system32\dt\2008-04-14_14-38-45-4538781 - Deleted C:\WINDOWS\system32\dt\2008-04-14_14-43-45-4839046 - Deleted C:\WINDOWS\system32\dt\2008-04-14_14-48-44-5138750 - Deleted C:\WINDOWS\system32\dt\2008-04-15_15-03-07-336140 - Deleted C:\WINDOWS\system32\dt\2008-04-15_15-08-07-636109 - Deleted C:\WINDOWS\system32\dt\2008-04-15_15-13-07-936125 - Deleted C:\WINDOWS\system32\dt\2008-04-15_15-18-07-1236093 - Deleted C:\WINDOWS\system32\dt\2008-04-15_15-23-07-1536078 - Deleted C:\WINDOWS\system32\dt\2008-04-15_15-28-14-1842921 - Deleted C:\WINDOWS\system32\dt\2008-04-15_15-33-07-2136093 - Deleted C:\WINDOWS\system32\dt\2008-04-15_15-38-07-2436171 - Deleted C:\WINDOWS\system32\dt\2008-04-15_15-53-40-333546 - Deleted C:\WINDOWS\system32\dt\2008-04-15_15-58-40-633468 - Deleted C:\WINDOWS\system32\dt\2008-04-15_16-03-40-933484 - Deleted C:\WINDOWS\system32\dt\2008-04-15_16-08-40-1233468 - Deleted C:\WINDOWS\system32\dt\2008-04-15_16-39-49-338093 - Deleted C:\WINDOWS\system32\dt\2008-04-15_16-44-49-638140 - Deleted C:\WINDOWS\system32\dt\2008-04-15_16-49-49-938015 - Deleted C:\WINDOWS\system32\dt\2008-04-15_16-54-49-1238031 - Deleted C:\WINDOWS\system32\dt\2008-04-15_16-59-49-1538015 - Deleted C:\WINDOWS\system32\dt\2008-04-15_17-04-49-1838015 - Deleted C:\WINDOWS\system32\dt\2008-04-15_17-09-49-2138046 - Deleted C:\WINDOWS\system32\dt\2008-04-15_17-14-49-2438031 - Deleted C:\WINDOWS\system32\dt\2008-04-15_17-19-49-2738031 - Deleted C:\WINDOWS\system32\dt\2008-04-15_17-24-49-3038046 - Deleted C:\WINDOWS\system32\dt\2008-04-15_17-29-49-3338015 - Deleted C:\WINDOWS\system32\dt\2008-04-15_17-34-49-3638265 - Deleted C:\WINDOWS\system32\dt\2008-04-15_17-39-49-3938046 - Deleted C:\WINDOWS\system32\dt\2008-04-16_08-37-58-336000 - Deleted C:\WINDOWS\system32\dt\2008-04-16_08-44-24-337093 - Deleted C:\WINDOWS\system32\dt\2008-04-16_08-49-24-637125 - Deleted C:\WINDOWS\system32\dt\2008-04-16_08-54-24-937093 - Deleted C:\WINDOWS\system32\dt\2008-04-16_12-01-13-359703 - Deleted C:\WINDOWS\system32\dt\2008-04-16_12-30-30-336421 - Deleted C:\WINDOWS\system32\dt\2008-04-16_12-35-30-636296 - Deleted C:\WINDOWS\system32\dt\2008-04-16_12-40-30-936281 - Deleted C:\WINDOWS\system32\dt\2008-04-16_12-45-30-1236281 - Deleted C:\WINDOWS\system32\dt\2008-04-17_08-40-49-334062 - Deleted C:\WINDOWS\system32\dt\2008-04-17_08-45-49-634062 - Deleted C:\WINDOWS\system32\dt\2008-04-17_14-31-27-335015 - Deleted C:\WINDOWS\system32\dt\2008-04-17_14-36-27-634984 - Deleted C:\WINDOWS\system32\dt\2008-04-17_14-41-27-935062 - Deleted C:\WINDOWS\system32\dt\2008-04-17_14-46-27-1234984 - Deleted C:\WINDOWS\system32\dt\2008-04-17_16-16-57-337453 - Deleted C:\WINDOWS\system32\dt\2008-04-17_16-21-57-637796 - Deleted C:\WINDOWS\system32\dt\2008-04-17_16-26-57-937062 - Deleted C:\WINDOWS\system32\dt\2008-04-17_16-38-43-345125 - Deleted C:\WINDOWS\system32\dt\2008-04-17_16-43-43-645109 - Deleted C:\WINDOWS\system32\dt\2008-04-17_16-48-43-945218 - Deleted C:\WINDOWS\system32\dt\2008-04-17_16-53-43-1245125 - Deleted C:\WINDOWS\system32\dt\2008-04-17_16-58-43-1545328 - Deleted C:\WINDOWS\system32\dt\2008-04-17_17-03-43-1846500 - Deleted C:\WINDOWS\system32\dt\2008-04-17_17-08-43-2145140 - Deleted C:\WINDOWS\system32\dt\2008-04-17_17-13-43-2445109 - Deleted C:\WINDOWS\system32\dt\2008-04-17_19-27-04-331734 - Deleted C:\WINDOWS\system32\dt\2008-04-17_19-32-05-631734 - Deleted C:\WINDOWS\system32\dt\2008-04-17_19-37-04-931734 - Deleted C:\WINDOWS\system32\dt\2008-04-17_19-42-05-1232718 - Deleted C:\WINDOWS\system32\dt\2008-04-17_19-47-04-1531734 - Deleted C:\WINDOWS\system32\dt\2008-04-18_07-02-58-331640 - Deleted C:\WINDOWS\system32\dt\2008-04-18_14-45-38-337390.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-18_14-50-38-637421.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-18_14-55-38-937375.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-18_15-00-38-1237390.jpg - Deleted C:\WINDOWS\system32\dt\2008-04-18_16-14-34-337078 - Deleted C:\WINDOWS\system32\dt\2008-04-19_07-00-24-337312 - Deleted C:\WINDOWS\system32\dt\2008-04-19_07-22-19-336484 - Deleted C:\WINDOWS\system32\dt\2008-04-19_10-04-15-336062 - Deleted C:\WINDOWS\system32\dt\2008-04-19_10-09-15-636046 - Deleted C:\WINDOWS\system32\dt\2008-04-19_10-14-19-940218 - Deleted C:\WINDOWS\system32\dt\2008-04-19_10-19-15-1236046 - Deleted C:\WINDOWS\system32\dt\2008-04-19_10-24-15-1536062 - Deleted C:\WINDOWS\system32\dt\2008-04-19_10-29-20-1862078 - Deleted C:\WINDOWS\system32\dt\2008-04-19_14-01-30-334875 - Deleted C:\WINDOWS\system32\dt\2008-04-19_14-06-30-634875 - Deleted C:\WINDOWS\system32\dt\2008-04-21_07-04-21-335046 - Deleted C:\WINDOWS\system32\dt\2008-04-21_14-16-20-340796 - Deleted C:\WINDOWS\system32\dt\2008-04-21_14-21-20-640828 - Deleted C:\WINDOWS\system32\dt\2008-04-21_14-26-20-940781 - Deleted C:\WINDOWS\system32\dt\2008-04-21_14-31-20-1240859 - Deleted C:\WINDOWS\system32\dt\2008-04-21_14-36-20-1540828 - Deleted C:\WINDOWS\system32\dt\2008-04-21_14-41-20-1840781 - Deleted C:\WINDOWS\system32\bpkhk.dll - Deleted C:\WINDOWS\system32\bpkr.exe - Deleted C:\WINDOWS\system32\inst.dat - Deleted C:\WINDOWS\system32\pk.bin - Deleted C:\WINDOWS\system32\web.dat - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-24 09:28:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\system32\drivers\MFX.sys 49692 bytes executable scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\CNAB4RPK.EXE"="C:\\WINDOWS\\system32\\CNAB4RPK.EXE::Enabled:Canon LBP2900 RPC Server Process" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe::Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Finished! 3. gmer.exe : kad pokrenem skeniranje rootkit/malware racunar se restartuje u toku skeniranja. I tako stalno, tako da nemam log.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » killVBS.vbs

Ko je trenutno na forumu

Ukupno su 660 korisnika na forumu :: 18 registrovanih, 4 sakrivenih i 638 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, bbogdan, bobomicek, Djokislav, galerija, gasha, kolle.the.kid, ladro, ljuba, Mare Ivanović, Milometer, Milos82, panzerwaffe, S2M, SR-3m, suton, Zimbabwe

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by