MyCity » Ambulanta -> Arhiva Ambulante » trojanac!

trojanac!

Napisano na dan: 21.5.2008

Strana:
1
2

trojanac!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

nortalf Poslao: 21 Maj 2008 00:50 Idi na vrh
offline nortalf Novi MyCity građanin Pridružio: 21 Maj 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poštovani. Nod mi javlja trojanca "a variant of WIN32/PSW.ONLINEGAMES.NOUtrojan" FILE C:\windows\system32\drivers\vga.sys prebaci ga u karantenu ,obrisem ali se ponovo javlja. Pokušao iz safe moda bezuspjesno,probao s avg anti-spyware isto ništa, poništava mi show hidden files itd... Logfile of HijackThis v1.99.1 Scan saved at 0:28:25, on 21.5.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Marko\Desktop\New Folder (2)\tr5.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe zahvaljujem

Profil

DEMIAN Poslao: 21 Maj 2008 01:07 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati. -------- Proveru loga i dalja uputstva očekuj za sutra.. Pozz

Profil

nortalf Poslao: 21 Maj 2008 11:58 Idi na vrh
offline nortalf Novi MyCity građanin Pridružio: 21 Maj 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-20.5 - Marko 2008-05-21 11:40:10.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.57 [GMT 2:00] Running from: C:\Documents and Settings\Marko\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\WINDOWS\system32\amvo.exe C:\WINDOWS\system32\amvo0.dll C:\WINDOWS\system32\amvo1.dll D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 ))))))))))))))))))))))))))))))) . 2008-05-20 21:35 . 2008-05-20 21:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft 2008-05-20 21:23 . 2008-05-20 21:23 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\Grisoft 2008-05-20 21:23 . 2008-05-20 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-05-20 21:23 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-05-20 19:46 . 2008-05-20 19:46 <DIR> d-------- C:\Documents and Settings\Administrator 2008-05-17 12:53 . 2008-05-17 12:52 105,745 -r-hs---- C:\d.cmd 2008-05-16 21:46 . 2008-05-16 21:46 <DIR> d-------- C:\Program Files\PC Inspector File Recovery 2008-05-16 21:46 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD 2008-05-16 21:43 . 2008-05-12 21:19 104,805 -r-hs---- C:\g83816.com 2008-05-08 13:38 . 2008-05-15 17:31 <DIR> d-------- C:\Program Files\eMule 2008-05-06 19:11 . 2008-05-06 19:11 <DIR> d-------- C:\Program Files\Shareaza Applications 2008-05-06 19:11 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx 2008-05-06 18:42 . 2008-05-10 18:47 <DIR> d-------- C:\Program Files\yEnc32 2008-05-02 14:49 . 2008-05-02 14:49 <DIR> d-------- C:\Program Files\ANI 2008-05-01 13:46 . 2008-05-01 13:46 <DIR> d-------- C:\Program Files\D-Link 2008-05-01 13:44 . 2008-05-01 13:44 <DIR> d-------- C:\Program Files\T-Com ADSL driver 2008-05-01 13:38 . 2008-05-01 21:09 <DIR> d-------- C:\Program Files\T-Com MAXadsl CD-ROM 2008-04-28 13:37 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2008-04-28 13:37 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys 2008-04-28 13:36 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax 2008-04-28 13:36 . 2004-08-04 00:56 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax 2008-04-28 13:36 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2008-04-28 13:36 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys 2008-04-28 13:36 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2008-04-28 13:36 . 2004-08-03 23:10 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys 2008-04-28 13:36 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2008-04-28 13:36 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys 2008-04-28 13:35 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2008-04-28 13:35 . 2004-08-03 23:10 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys 2008-04-28 13:35 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2008-04-28 13:35 . 2004-08-03 23:10 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys 2008-04-28 13:35 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2008-04-28 13:35 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys 2008-04-28 13:26 . 2008-05-01 20:45 <DIR> d-------- C:\Program Files\Common Files\LogiShrd 2008-04-28 13:25 . 2008-05-01 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-17 13:41 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-16 19:43 --------- d-----w C:\Program Files\ESET 2008-05-01 15:28 19,012,268 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_05_01_16_53_49_full.dmp.zip 2008-04-16 11:15 --------- d-----w C:\Documents and Settings\Marko\Application Data\U3 2008-04-16 11:13 --------- d-----w C:\Program Files\Google 2008-04-15 10:53 --------- d-----w C:\Documents and Settings\Marko\Application Data\gtk-2.0 2008-04-15 10:47 --------- d-----w C:\Documents and Settings\Marko\Application Data\Inkscape 2006-10-15 16:25 16,368 ----a-w C:\Documents and Settings\Marko\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2006-08-16 08:00 364544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816] "AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 14:12 88209 C:\WINDOWS\AGRSMMSG.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38 688218] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 10:15 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 10:15 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-19 10:15 114688] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-06-01 23:36 921600] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-05-31 17:52 968696] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2007-01-20 16:01 36972] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 16:10 271360] "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04 1544192] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19 49152] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "msacm.l3fhg"= mp3fhg.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [] S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49] S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50] S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16853acc-a0bc-11db-a804-00143806bf3c}] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b488a73b-237f-11dd-a903-00143806bf3c}] \Shell\AutoRun\command - G:\g83816.com \Shell\explore\Command - G:\g83816.com \Shell\open\Command - G:\g83816.com Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-21 11:45:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-21 11:46:53 ComboFix-quarantined-files.txt 2008-05-21 09:46:48 Pre-Run: 123,101,184 bytes free Post-Run: 1,676,214,272 bytes free 131

Profil

DEMIAN Poslao: 21 Maj 2008 14:53 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\d.cmd C:\WINDOWS\system32\actskn45.ocx C:\g83816.com C:\WINDOWS\system32\INT13EXT.VXD Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16853acc-a0bc-11db-a804-00143806bf3c}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b488a73b-237f-11dd-a903-00143806bf3c}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

nortalf Poslao: 21 Maj 2008 15:14 Idi na vrh
offline nortalf Novi MyCity građanin Pridružio: 21 Maj 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-20.5 - Marko 2008-05-21 14:57:57.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.59 [GMT 2:00] Running from: C:\Documents and Settings\Marko\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Marko\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\d.cmd C:\g83816.com C:\WINDOWS\system32\actskn45.ocx C:\WINDOWS\system32\INT13EXT.VXD . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\d.cmd C:\g83816.com C:\WINDOWS\system32\actskn45.ocx C:\WINDOWS\system32\INT13EXT.VXD . ((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 ))))))))))))))))))))))))))))))) . 2008-05-20 21:35 . 2008-05-20 21:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft 2008-05-20 21:23 . 2008-05-20 21:23 <DIR> d-------- C:\Documents and Settings\Marko\Application Data\Grisoft 2008-05-20 21:23 . 2008-05-20 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-05-20 21:23 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-05-20 19:46 . 2008-05-20 19:46 <DIR> d-------- C:\Documents and Settings\Administrator 2008-05-16 21:46 . 2008-05-16 21:46 <DIR> d-------- C:\Program Files\PC Inspector File Recovery 2008-05-08 13:38 . 2008-05-15 17:31 <DIR> d-------- C:\Program Files\eMule 2008-05-06 19:11 . 2008-05-06 19:11 <DIR> d-------- C:\Program Files\Shareaza Applications 2008-05-06 18:42 . 2008-05-10 18:47 <DIR> d-------- C:\Program Files\yEnc32 2008-05-02 14:49 . 2008-05-02 14:49 <DIR> d-------- C:\Program Files\ANI 2008-05-01 13:46 . 2008-05-01 13:46 <DIR> d-------- C:\Program Files\D-Link 2008-05-01 13:44 . 2008-05-01 13:44 <DIR> d-------- C:\Program Files\T-Com ADSL driver 2008-05-01 13:38 . 2008-05-01 21:09 <DIR> d-------- C:\Program Files\T-Com MAXadsl CD-ROM 2008-04-28 13:37 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2008-04-28 13:37 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys 2008-04-28 13:36 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax 2008-04-28 13:36 . 2004-08-04 00:56 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax 2008-04-28 13:36 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2008-04-28 13:36 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys 2008-04-28 13:36 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2008-04-28 13:36 . 2004-08-03 23:10 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys 2008-04-28 13:36 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2008-04-28 13:36 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys 2008-04-28 13:35 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2008-04-28 13:35 . 2004-08-03 23:10 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys 2008-04-28 13:35 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2008-04-28 13:35 . 2004-08-03 23:10 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys 2008-04-28 13:35 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2008-04-28 13:35 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys 2008-04-28 13:26 . 2008-05-01 20:45 <DIR> d-------- C:\Program Files\Common Files\LogiShrd 2008-04-28 13:25 . 2008-05-01 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-21 09:51 2,429,550 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-05-17 13:41 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-16 19:43 --------- d-----w C:\Program Files\ESET 2008-05-01 15:28 19,012,268 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_05_01_16_53_49_full.dmp.zip 2008-04-16 11:15 --------- d-----w C:\Documents and Settings\Marko\Application Data\U3 2008-04-16 11:13 --------- d-----w C:\Program Files\Google 2008-04-15 10:53 --------- d-----w C:\Documents and Settings\Marko\Application Data\gtk-2.0 2008-04-15 10:47 --------- d-----w C:\Documents and Settings\Marko\Application Data\Inkscape 2006-10-15 16:25 16,368 ----a-w C:\Documents and Settings\Marko\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-05-21_11.46.23,14 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-21 09:28:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-21 12:34:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2006-08-16 08:00 364544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816] "AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 14:12 88209 C:\WINDOWS\AGRSMMSG.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38 688218] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 10:15 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 10:15 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-19 10:15 114688] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-06-01 23:36 921600] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-05-31 17:52 968696] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2007-01-20 16:01 36972] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 16:10 271360] "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04 1544192] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19 49152] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "msacm.l3fhg"= mp3fhg.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [] S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49] S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50] S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-21 15:02:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-21 15:03:40 ComboFix-quarantined-files.txt 2008-05-21 09:46:48 ComboFix2.txt 2008-05-21 09:46:54 Pre-Run: 2,463,551,488 bytes free Post-Run: 2,573,406,208 bytes free 132

Profil

DEMIAN Poslao: 21 Maj 2008 18:46 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! nortalf ::... poništava mi show hidden files itd... Kakvo je sada stanje? Možeš li da uključiš prikaz skrivenih fajova, pronađeš preko navedene putanje i uploaduješ nam fajl vga.sys radi provere? Link za upload je ovaj: http://www.mycity.rs/ambulanta-upload.php ------------------- Kada to rešiš prekeniraj komp sa GMER-om i postavi log da proverimo da nema nekih rootkitova... Uradi sledeće: Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili..

Profil

nortalf Poslao: 21 Maj 2008 21:09 Idi na vrh
offline nortalf Novi MyCity građanin Pridružio: 21 Maj 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! prikaz skrivenih fajlova radi vga.sys -uploadan GMER 1.0.14.14205 - gmer.net Rootkit scan 2008-05-21 20:40:01 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xAAE8BBB0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xAAE88520] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xAAE93940] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xAAE8BF40] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xAAE92750] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xAAE92980] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xAAE95F40] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xAAE8C020] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xAAE88C30] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xAAE94920] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xAAE94570] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xAAE91F30] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xAAE94C50] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xAAE88A80] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xAAE91C80] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xAAE91AA0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xAAE94F40] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xAAE8B850] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xAAE951F0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xAAE8BD60] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xAAE88DA0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xAAE94107] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xAAE92BB0] ---- Kernel code sections - GMER 1.0.14 ---- .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes CALL 6975780F ? srescan.sys The system cannot find the file specified. ! .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes CALL 6975780F ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AAE906C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AAE90BE0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AAE90D40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AAE90830] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AAE90830] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AAE906C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AAE90BE0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AAE90D40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AAE906C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AAE90D40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AAE90BE0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AAE90830] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AAE90D40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AAE90BE0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AAE906C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [AAE9E220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AAE90830] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AAE906C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AAE90BE0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AAE90D40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [AAE90D40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [AAE90BE0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [AAE90830] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [AAE906C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AAE906C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AAE90830] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AAE90D40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AAE90BE0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [AAE89300] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [AAE89250] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [AAE89400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [AAE88F60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset ) Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f6062c73 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f6062c73@001bafbfba0a 0x05 0xC5 0xD8 0x32 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011f6062c73 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011f6062c73@001bafbfba0a 0x05 0xC5 0xD8 0x32 ... ---- EOF - GMER 1.0.14 ---- GMER 1.0.14.14205 - gmer.net Autostart scan 2008-05-21 20:43:50 Windows 5.1.2600 Service Pack 2 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe, HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxdev.dll HKLM\SYSTEM\CurrentControlSet\Services\ >>> ANIWZCSdService@ = C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe AVG Anti-Spyware Guard@ = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe NOD32krn@ = "C:\Program Files\Eset\nod32krn.exe" SoundMAX Agent Service (default)@ = C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe UMWdf@ = C:\WINDOWS\system32\wdfmgr.exe vsmon@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @eabconfg.cplC:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start /file not found/ = C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start /file not found/ @AGRSMMSGAGRSMMSG.exe = AGRSMMSG.exe @SynTPLprC:\Program Files\Synaptics\SynTP\SynTPLpr.exe = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe @SynTPEnhC:\Program Files\Synaptics\SynTP\SynTPEnh.exe = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe @igfxtrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe @igfxhkcmdC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe @igfxpersC:\WINDOWS\system32\igfxpers.exe = C:\WINDOWS\system32\igfxpers.exe @SoundMAXPnPC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe = C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe @nod32kui"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE = "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE @NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe @Zone Labs Client"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" @SunJavaUpdateSchedC:\Program Files\Java\jre1.5.0\bin\jusched.exe = C:\Program Files\Java\jre1.5.0\bin\jusched.exe @BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent @PCSuiteTrayApplicationC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup /file not found/ = C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup /file not found/ @D-Link AirPlus GC:\Program Files\D-Link\AirPlus G\AirGCFG.exe = C:\Program Files\D-Link\AirPlus G\AirGCFG.exe @ANIWZCS2ServiceC:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe = C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe @!AVG Anti-Spyware"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized HKCU\Software\Microsoft\Windows\CurrentVersion\Run@RocketDock = "C:\Program Files\RocketDock\RocketDock.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{42071714-76d4-11d1-8b24-00a0c9068ff3} /Display Panning CPL Extension/deskpan.dll /file not found/ = deskpan.dll /file not found/ @{596AB062-B4D2-4215-9F74-E9109B0A8153} /Previous Versions Property Page/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll @{9DB7A13C-F208-4981-8353-73CC61AE2783} /Previous Versions/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll @{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /Autoplay for SlideShow/(null) = @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /Extensions Manager Folder/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll @{2F603045-309F-11CF-9774-0020AFD0CFF6} /Synaptics Control Panel/C:\Program Files\Synaptics\SynTP\SynTPCpl.dll = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll @{B089FE88-FB52-11D3-BDF1-0050DA34150D} /NOD32 Context Menu Shell Extension/C:\Program Files\Eset\nodshex.dll = C:\Program Files\Eset\nodshex.dll @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /WinRAR shell extension/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /Web Folders/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL @{42042206-2D85-11D3-8CFF-005004838597} /Microsoft Office HTML Icon Handler/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll @{E480AFC1-C6F0-484A-BFA3-14574BB0C46C} /X1 file icon extension/(null) = @{e82a2d71-5b2f-43a0-97b8-81be15854de8} /ShellLink for Application References/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll @{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /Shell Icon Handler for Application References/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll @{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /Nokia Phone Browser/C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll HKLM\Software\Classes\\shellex\ContextMenuHandlers\ >>> AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll yEnc32@{8CDA2F05-B2BA-4AC7-B731-51E9E6B006E1} = C:\Program Files\yEnc32\yEnc32Shell.dll HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>> AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = go.microsoft.com/fwlink/?LinkId=69157 @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main >>> @Start Pagehttp://www.google.com/ = google.com/ @Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm HKLM\Software\Classes\PROTOCOLS\Handler\ >>> cdo@CLSID = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll its@CLSID = C:\WINDOWS\system32\itss.dll mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll ms-its@CLSID = C:\WINDOWS\system32\itss.dll mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL tv@CLSID = C:\WINDOWS\system32\msvidctl.dll wia@CLSID = C:\WINDOWS\system32\wiascr.dll HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CBB99C76-05D5-40D0-BB84-C064878DCF6C} /1394 Connection*/ >>> @IPAddress192.168.1.8 = 192.168.1.8 @NameServer = @DefaultGateway = @Domain = HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>> 000000000001@PackedCatalogItem = C:\WINDOWS\system32\imon.dll 000000000002@PackedCatalogItem = C:\WINDOWS\system32\imon.dll 000000000003@PackedCatalogItem = C:\WINDOWS\system32\imon.dll 000000000004@PackedCatalogItem = C:\WINDOWS\system32\imon.dll 000000000005@PackedCatalogItem = C:\WINDOWS\system32\imon.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011@PackedCatalogItem = C:\WINDOWS\system32\imon.dll ---- EOF - GMER 1.0.14 ---- Dopuna: 21 Maj 2008 21:09 ovako mi npr. izgleda youtube

Profil

DEMIAN Poslao: 21 Maj 2008 21:42 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Drajver koji si uploadovao je čist. Šta tačno treba da se vidi na toj slici? Izgleda kao loše učitana strana.

Profil

nortalf Poslao: 21 Maj 2008 22:32 Idi na vrh
offline nortalf Novi MyCity građanin Pridružio: 21 Maj 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! neznam dali ima veze s temom ali nemogu dobiti normalan prikaz stranice?

Profil

DEMIAN Poslao: 21 Maj 2008 22:38 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » trojanac!

Ko je trenutno na forumu

Ukupno su 826 korisnika na forumu :: 38 registrovanih, 11 sakrivenih i 777 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, aleksandarbl, aleksmajstor, Apok, Brana01, Bubimir, cavatina, cenejac111, darkangel, Denaya, DonRumataEstorski, draganl, elenemste, FOX, Georgius, Istman, Koridor, Kubovac, laki_bb, mean_machine, Mercury, mikrimaus, mnn2, mrav pesadinac, opt1, Panter, pein, Raso75, RJ, robertino, simazr, Tragač, uruk, USSVoyager, vathra, vladaa012, VP6919, wolverined4

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by