MyCity » Ambulanta -> Arhiva Ambulante » Gamad

Gamad

Napisano na dan: 3.1.2009

Strana:
1
2

Gamad

Pagination

Prethodna strana

Odgovori

Strana:
1
2

Sky22 Poslao: 04 Jan 2009 22:59 Idi na vrh
offline Sky22 Građanin Pridružio: 03 Nov 2008 Poruke: 73	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Malwarebytes' Anti-Malware 1.31 Database version: 1610 Windows 5.1.2600 Service Pack 3 1/4/2009 7:33:38 PM mbam-log-2009-01-04 (19-33-3.txt Scan type: Full Scan (C:\\|D:\ Objects scanned: 92091 Time elapsed: 56 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Milos\Desktop\bla\backups\backup-20090104-155750-787.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Milos\Desktop\bla\backups\backup-20090104-155750-963.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSScfum.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSnrsr.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSofxh.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSriqp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\xcvmvxwp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1FB6ACDE-FAD9-4B58-84C8-76AD54547C8A}\RP73\A0020433.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1FB6ACDE-FAD9-4B58-84C8-76AD54547C8A}\RP73\A0020434.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1FB6ACDE-FAD9-4B58-84C8-76AD54547C8A}\RP73\A0020435.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1FB6ACDE-FAD9-4B58-84C8-76AD54547C8A}\RP73\A0020436.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1FB6ACDE-FAD9-4B58-84C8-76AD54547C8A}\RP73\A0020454.dll (Trojan.Vundo) -> Quarantined and deleted successfully. Dopuna: 04 Jan 2009 22:59 Malwarebytes' Anti-Malware 1.31 Database version: 1613 Windows 5.1.2600 Service Pack 3 1/4/2009 9:55:08 PM mbam-log-2009-01-04 (21-55-0.txt Scan type: Quick Scan Objects scanned: 51496 Time elapsed: 6 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\iifFyXOh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXOiFUK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Profil

helen1 Poslao: 04 Jan 2009 23:03 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ma super. Slusaj sad sta ti kazem: Postavi mi novi HJT log, potom ugasi Antivirus, skini ComboFix skeniraj i postavi mi novi log. I NE RADI nista vise svojevoljno.

Profil

Sky22 Poslao: 04 Jan 2009 23:14 Idi na vrh
offline Sky22 Građanin Pridružio: 03 Nov 2008 Poruke: 73	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:06:13 PM, on 1/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Milos\Desktop\bla\ola.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.bearshare.com/intl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) - O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 4269 bytes "Milos" - 2009-01-04 23:06:43 Service Pack 3 ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Milos\Desktop\" ((((((((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))))) 2009-01-04 21:38 <DIR> d--hs---- C:\RECYCLER 2009-01-04 21:37 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys 2009-01-04 17:34 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2009-01-04 17:34 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2009-01-04 17:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-04 17:01 98,816 --a------ C:\WINDOWS\sed.exe 2009-01-04 17:01 89,504 --a------ C:\WINDOWS\fdsv.exe 2009-01-04 17:01 80,412 --a------ C:\WINDOWS\grep.exe 2009-01-04 17:01 68,096 --a------ C:\WINDOWS\zip.exe 2009-01-04 17:01 49,152 --a------ C:\WINDOWS\VFIND.exe 2009-01-04 17:01 28,672 --a------ C:\WINDOWS\NIRCMD.exe 2009-01-04 17:01 212,480 --a------ C:\WINDOWS\SWXCACLS.exe 2009-01-04 17:01 161,792 --a------ C:\WINDOWS\SWREG.exe 2009-01-04 17:01 136,704 --a------ C:\WINDOWS\SWSC.exe 2009-01-04 08:46 <DIR> d-------- C:\DOCUME~1\Milos\APPLIC~1\TransRender 2009-01-04 08:46 <DIR> d-------- C:\DOCUME~1\Milos\APPLIC~1\Temporary 2009-01-04 08:46 <DIR> d-------- C:\DOCUME~1\Milos\APPLIC~1\Samsung 2009-01-04 08:46 <DIR> d-------- C:\DOCUME~1\Milos\APPLIC~1\ConvertTemp 2009-01-04 08:43 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2009-01-04 08:41 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2009-01-04 08:37 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys 2009-01-04 08:37 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys 2009-01-04 08:37 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys 2009-01-04 08:37 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys 2009-01-04 08:37 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys 2009-01-04 08:37 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys 2009-01-04 08:37 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys 2009-01-04 08:37 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2009-01-04 08:37 <DIR> d-------- C:\Program Files\Samsung 2009-01-03 18:57 <DIR> d-------- C:\Program Files\Trend Micro 2008-12-28 19:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR 2008-12-28 19:15 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2008-12-28 19:15 <DIR> d--hs---- C:\WINDOWS\CSC 2008-12-28 17:32 0 --a------ C:\WINDOWS\system32\drivers\107d9969.sys 2008-12-28 16:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET 2008-12-28 16:03 774,144 --a------ C:\WINDOWS\cis_parser.dll 2008-12-28 16:03 28,672 --a------ C:\WINDOWS\get_username.dll 2008-12-28 16:03 <DIR> d-------- C:\Program Files\Oracle 2008-12-28 15:59 5,220 -ra------ C:\WINDOWS\system32\drivers\CVirtA.sys 2008-12-28 15:55 138,916 --a------ C:\WINDOWS\system32\drivers\dne2000.sys 2008-12-28 15:55 114,000 --a------ C:\WINDOWS\system32\dneinobj.dll 2008-12-28 15:55 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks 2008-12-28 15:55 <DIR> d-------- C:\Program Files\Cisco Systems 2008-12-22 20:21 <DIR> d-------- C:\The.Wackness[2008]DvDrip-aXXo 2008-12-20 20:31 <DIR> d-------- C:\Matrix Reloaded 2008-12-13 18:39 <DIR> d-------- C:\WINDOWS\Funnsystems (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2009-01-04 21:49:03 -------- d-----w C:\DOCUME~1\Milos\APPLIC~1\Skype 2009-01-04 17:14:32 1,744 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2009-01-04 07:41:29 -------- d--h--w C:\Program Files\InstallShield Installation Information 2009-01-04 07:36:45 -------- d-----w C:\Program Files\Common Files\InstallShield 2009-01-04 07:21:46 -------- d-----w C:\DOCUME~1\Milos\APPLIC~1\skypePM 2008-12-28 00:44:39 -------- d-----w C:\DOCUME~1\Milos\APPLIC~1\uTorrent 2008-12-03 21:19:44 -------- d-----w C:\DOCUME~1\Milos\APPLIC~1\Real 2008-12-03 21:18:41 -------- d-----w C:\Program Files\Common Files\xing shared 2008-12-03 21:18:30 -------- d-----w C:\Program Files\Common Files\Real 2008-12-03 21:17:57 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-12-03 21:17:57 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-12-03 21:17:57 -------- d-----w C:\Program Files\Real 2008-11-29 14:11:14 1,632 ----a-w C:\WINDOWS\system32\d3d8caps.dat 2008-11-29 14:10:35 -------- d-----w C:\Program Files\PC Wizard 2008 2008-11-29 12:47:52 -------- d-----w C:\Program Files\Messenger 2008-11-29 12:12:51 -------- d-----w C:\Program Files\Movie Maker 2008-11-29 12:09:55 -------- d-----w C:\Program Files\Windows NT 2008-11-15 17:25:45 -------- d-----w C:\Program Files\Gigatron Konfygurator 2008-11-12 18:30:53 -------- d-----w C:\Program Files\RapidSolution 2008-11-12 17:31:11 -------- d-----w C:\DOCUME~1\Milos\APPLIC~1\Apple Computer 2008-11-12 17:29:44 -------- d-----w C:\Program Files\QuickTime 2008-11-12 17:29:12 -------- d-----w C:\Program Files\Common Files\Apple 2008-11-12 17:28:22 -------- d-----w C:\Program Files\Apple Software Update 2008-11-08 16:23:27 -------- d-----w C:\Program Files\BearShare Applications 2008-11-07 18:03:26 -------- d-----w C:\Program Files\Easy DVD Player 2008-10-25 14:35:54 56 ---ha-w C:\WINDOWS\system32\ezsidmv.dat 2008-10-25 14:19:46 0 ----a-w C:\WINDOWS\nsreg.dat 2008-10-25 13:50:32 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-10-25 13:19:39 0 --sha-r C:\MSDOS.SYS 2008-10-25 13:19:39 0 --sha-r C:\IO.SYS 2008-10-25 13:19:39 0 ----a-w C:\CONFIG.SYS 2008-10-25 13:19:39 0 ----a-w C:\AUTOEXEC.BAT 2008-10-25 13:15:02 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {3049C3E9-B461-4BC5-8870-4C09146192CA}=C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-03 22:18] {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-10-25 15:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 07:57] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 17:21] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 15:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 01:04] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-12-03 22:17] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-09-29 16:57] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 05:42] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] %SystemRoot%\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost netsvcs napagent Contents of the 'Scheduled Tasks' folder 2008-12-27 12:05:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2009-01-04 17:00:00 C:\WINDOWS\tasks\ksmznspn.job ****************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, gmer.net Rootkit scan 2009-01-04 23:07:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ****************************************************************** Completion time: 2009-01-04 23:08:41 C:\ComboFix-quarantined-files.txt ... 2009-01-04 23:08 C:\ComboFix2.txt ... 2009-01-04 21:38 C:\ComboFix3.txt ... 2009-01-04 17:33 --- E O F ---

Profil

helen1 Poslao: 04 Jan 2009 23:30 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odakle si majke ti skinuo ovaj CF? Daj mi link ka sajtu sa koga si skinuo taj ComboFix.

Profil

Sky22 Poslao: 05 Jan 2009 23:46 Idi na vrh
offline Sky22 Građanin Pridružio: 03 Nov 2008 Poruke: 73	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Posto nije hteo da otvori ove stranice koji si mi poslao kinuo sam sa nekog drugog sajta ali se ne secam kojeg.Evo ga log i sa CF koji si ti postavio za download. ComboFix 09-01-05.02 - Milos 2009-01-05 23:37:49.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.184 [GMT 1:00] Running from: c:\documents and settings\Milos\Desktop\ComboFix.exe AV: Kaspersky Internet Security On-access scanning disabled (Updated) FW: Kaspersky Internet Security disabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 ))))))))))))))))))))))))))))))) . 2009-01-04 21:38 . 2005-11-09 00:26 38,400 --a------ c:\windows\system32\moveex.exe 2009-01-04 21:37 . 2004-08-04 13:00 4,224 --a------ c:\windows\system32\drivers\beep.sys 2009-01-04 21:37 . 2004-08-04 13:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys 2009-01-04 17:34 . 2009-01-04 17:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-04 17:34 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-04 17:34 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-04 16:14 . 2009-01-04 16:15 <DIR> d-------- c:\program files\Unlocker 2009-01-04 08:46 . 2009-01-04 08:46 <DIR> d-------- c:\documents and settings\Milos\Application Data\TransRender 2009-01-04 08:46 . 2009-01-04 08:46 <DIR> d-------- c:\documents and settings\Milos\Application Data\Temporary 2009-01-04 08:46 . 2009-01-04 08:46 <DIR> d-------- c:\documents and settings\Milos\Application Data\Samsung 2009-01-04 08:46 . 2009-01-04 08:46 <DIR> d-------- c:\documents and settings\Milos\Application Data\ConvertTemp 2009-01-04 08:43 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll 2009-01-04 08:41 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys 2009-01-04 08:37 . 2009-01-04 08:42 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers 2009-01-04 08:37 . 2009-01-04 08:37 <DIR> d-------- c:\program files\Samsung 2009-01-04 08:37 . 2005-08-30 17:59 94,000 --a------ c:\windows\system32\drivers\ss_mdm.sys 2009-01-04 08:37 . 2005-08-30 17:57 58,320 --a------ c:\windows\system32\drivers\ss_bus.sys 2009-01-04 08:37 . 2005-08-30 17:58 8,304 --a------ c:\windows\system32\drivers\ss_mdfl.sys 2009-01-04 08:37 . 2005-08-30 17:58 6,144 --a------ c:\windows\system32\drivers\ss_cmnt.sys 2009-01-04 08:37 . 2005-08-30 17:58 6,144 --a------ c:\windows\system32\drivers\ss_cm.sys 2009-01-04 08:37 . 2005-08-30 17:57 5,808 --a------ c:\windows\system32\drivers\ss_whnt.sys 2009-01-04 08:37 . 2005-08-30 17:57 5,808 --a------ c:\windows\system32\drivers\ss_wh.sys 2009-01-04 08:37 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico 2009-01-03 18:57 . 2009-01-04 11:05 <DIR> d-------- c:\program files\Trend Micro 2008-12-28 19:15 . 2008-12-28 19:15 <DIR> d-------- c:\documents and settings\Administrator 2008-12-28 17:32 . 2008-12-28 17:36 0 --a------ c:\windows\system32\drivers\107d9969.sys 2008-12-28 16:26 . 2008-12-28 17:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET 2008-12-28 16:03 . 2008-12-28 16:03 <DIR> d-------- c:\program files\Oracle 2008-12-28 16:03 . 2007-09-24 10:57 774,144 --a------ c:\windows\cis_parser.dll 2008-12-28 16:03 . 2003-05-08 14:35 45,153 --a------ c:\windows\system32\plugincpl13113.cpl 2008-12-28 16:03 . 2003-06-05 16:30 36,864 --a------ c:\windows\svrpr.ocx 2008-12-28 16:03 . 2003-06-28 13:11 28,672 --a------ c:\windows\get_username.dll 2008-12-28 15:59 . 2003-05-01 13:26 5,220 -ra------ c:\windows\system32\drivers\CVirtA.sys 2008-12-28 15:55 . 2008-12-28 15:55 <DIR> d-------- c:\program files\Common Files\Deterministic Networks 2008-12-28 15:55 . 2008-12-28 15:55 <DIR> d-------- c:\program files\Cisco Systems 2008-12-28 15:55 . 2002-10-17 14:22 138,916 --a------ c:\windows\system32\drivers\dne2000.sys 2008-12-28 15:55 . 2002-10-17 14:22 114,000 --a------ c:\windows\system32\dneinobj.dll 2008-12-22 20:21 . 2008-12-22 20:21 <DIR> d-------- C:\The.Wackness[2008]DvDrip-aXXo 2008-12-20 20:31 . 2008-12-21 11:45 <DIR> d-------- C:\Matrix Reloaded 2008-12-13 18:39 . 2008-12-13 18:39 <DIR> d-------- c:\windows\Funnsystems . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-05 22:39 --------- d-----w c:\documents and settings\Milos\Application Data\Skype 2009-01-05 16:20 --------- d-----w c:\documents and settings\Milos\Application Data\skypePM 2009-01-05 16:19 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-01-04 22:14 3,136 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-01-04 22:14 294,944 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-01-04 22:14 15,848 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-01-04 22:14 1,756,192 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-01-04 07:41 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-04 07:36 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-03 17:22 98,304 ----a-w c:\windows\DUMP5f85.tmp 2009-01-03 17:20 98,304 ----a-w c:\windows\DUMP608e.tmp 2009-01-03 17:18 98,304 ----a-w c:\windows\DUMP5cb7.tmp 2009-01-02 20:54 98,304 ----a-w c:\windows\DUMP5cb6.tmp 2009-01-02 20:52 98,304 ----a-w c:\windows\DUMP6198.tmp 2009-01-02 12:33 98,304 ----a-w c:\windows\DUMP5ef8.tmp 2008-12-31 19:23 98,304 ----a-w c:\windows\DUMP6050.tmp 2008-12-28 00:44 --------- d-----w c:\documents and settings\Milos\Application Data\uTorrent 2008-12-03 21:18 --------- d-----w c:\program files\Common Files\xing shared 2008-12-03 21:18 --------- d-----w c:\program files\Common Files\Real 2008-12-03 21:17 499,712 ----a-w c:\windows\system32\msvcp71.dll 2008-12-03 21:17 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-12-03 21:17 --------- d-----w c:\program files\Real 2008-11-29 14:10 --------- d-----w c:\program files\PC Wizard 2008 2008-11-24 16:26 --------- d-----w c:\program files\Common Files\Adobe 2008-11-20 21:37 98,304 ----a-w c:\windows\DUMP4ac4.tmp 2008-11-15 17:25 --------- d-----w c:\program files\Gigatron Konfygurator 2008-11-12 18:42 --------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution 2008-11-12 18:30 --------- d-----w c:\program files\RapidSolution 2008-11-12 17:31 --------- d-----w c:\documents and settings\Milos\Application Data\Apple Computer 2008-11-12 17:29 --------- d-----w c:\program files\QuickTime 2008-11-12 17:29 --------- d-----w c:\program files\Common Files\Apple 2008-11-12 17:29 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-11-12 17:28 --------- d-----w c:\program files\Apple Software Update 2008-11-12 17:28 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2008-11-08 16:23 --------- d-----w c:\program files\BearShare Applications 2008-11-07 18:03 --------- d-----w c:\program files\Easy DVD Player 2008-10-25 13:50 737,280 ----a-w c:\windows\iun6002.exe . ((((((((((((((((((((((((((((( snapshot@2009-01-04_17.31.44.70 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-21 19:43:53 1,744 ----a-w c:\windows\system32\d3d9caps.dat + 2009-01-04 17:14:32 1,744 ----a-w c:\windows\system32\d3d9caps.dat + 2006-11-29 16:21:29 370,688 ----a-w c:\windows\system32\swsc.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-03 185872] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] VPN Client.lnk - c:\windows\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2008-12-28 6144] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2008-10-25 77312] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592] S1 107d9969;107d9969;c:\windows\system32\drivers\107d9969.sys [2008-12-28 0] S1 81797175;81797175;c:\windows\system32\drivers\81797175.sys --> c:\windows\system32\drivers\81797175.sys [?] . Contents of the 'Scheduled Tasks' folder 2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-01-05 c:\windows\Tasks\ksmznspn.job - c:\windows\system32\rundll32.exe [2008-04-14 05:42] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.bearshare.com/intl/ mStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 O16 -: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} FF - ProfilePath - c:\documents and settings\Milos\Application Data\Mozilla\Firefox\Profiles\zyu4zcbk.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13113.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-05 23:39:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1260) c:\windows\system32\klogon.dll . Completion time: 2009-01-05 23:40:20 ComboFix-quarantined-files.txt 2009-01-05 22:40:08 ComboFix2.txt 2009-01-04 22:08:41 Pre-Run: 1,273,901,056 bytes free Post-Run: 1,225,916,416 bytes free 170

Profil

helen1 Poslao: 06 Jan 2009 12:12 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovo iskljuci Antivirus. Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\drivers\107d9969.sys c:\windows\Tasks\ksmznspn.job c:\windows\system32\drivers\81797175.sys Driver:: 107d9969 81797175` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Sky22 Poslao: 06 Jan 2009 22:48 Idi na vrh
offline Sky22 Građanin Pridružio: 03 Nov 2008 Poruke: 73	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-05.02 - Milos 2009-01-06 22:36:58.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.251 [GMT 1:00] Running from: c:\documents and settings\Milos\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Milos\Desktop\CFScript.txt AV: Kaspersky Internet Security On-access scanning disabled (Updated) FW: Kaspersky Internet Security disabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\windows\system32\drivers\107d9969.sys c:\windows\system32\drivers\81797175.sys c:\windows\Tasks\ksmznspn.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\107d9969.sys c:\windows\Tasks\ksmznspn.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_107d9969 -------\Service_81797175 ((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 ))))))))))))))))))))))))))))))) . 2009-01-04 21:38 . 2005-11-09 00:26 38,400 --a------ c:\windows\system32\moveex.exe 2009-01-04 21:37 . 2004-08-04 13:00 4,224 --a------ c:\windows\system32\drivers\beep.sys 2009-01-04 21:37 . 2004-08-04 13:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys 2009-01-04 17:34 . 2009-01-04 17:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-04 17:34 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-04 17:34 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-04 16:14 . 2009-01-04 16:15 <DIR> d-------- c:\program files\Unlocker 2009-01-04 08:46 . 2009-01-04 08:46 <DIR> d-------- c:\documents and settings\Milos\Application Data\TransRender 2009-01-04 08:46 . 2009-01-04 08:46 <DIR> d-------- c:\documents and settings\Milos\Application Data\Temporary 2009-01-04 08:46 . 2009-01-04 08:46 <DIR> d-------- c:\documents and settings\Milos\Application Data\Samsung 2009-01-04 08:46 . 2009-01-04 08:46 <DIR> d-------- c:\documents and settings\Milos\Application Data\ConvertTemp 2009-01-04 08:43 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll 2009-01-04 08:41 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys 2009-01-04 08:37 . 2009-01-04 08:42 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers 2009-01-04 08:37 . 2009-01-04 08:37 <DIR> d-------- c:\program files\Samsung 2009-01-04 08:37 . 2005-08-30 17:59 94,000 --a------ c:\windows\system32\drivers\ss_mdm.sys 2009-01-04 08:37 . 2005-08-30 17:57 58,320 --a------ c:\windows\system32\drivers\ss_bus.sys 2009-01-04 08:37 . 2005-08-30 17:58 8,304 --a------ c:\windows\system32\drivers\ss_mdfl.sys 2009-01-04 08:37 . 2005-08-30 17:58 6,144 --a------ c:\windows\system32\drivers\ss_cmnt.sys 2009-01-04 08:37 . 2005-08-30 17:58 6,144 --a------ c:\windows\system32\drivers\ss_cm.sys 2009-01-04 08:37 . 2005-08-30 17:57 5,808 --a------ c:\windows\system32\drivers\ss_whnt.sys 2009-01-04 08:37 . 2005-08-30 17:57 5,808 --a------ c:\windows\system32\drivers\ss_wh.sys 2009-01-04 08:37 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico 2009-01-03 18:57 . 2009-01-04 11:05 <DIR> d-------- c:\program files\Trend Micro 2008-12-28 19:15 . 2008-12-28 19:15 <DIR> d-------- c:\documents and settings\Administrator 2008-12-28 16:26 . 2008-12-28 17:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET 2008-12-28 16:03 . 2008-12-28 16:03 <DIR> d-------- c:\program files\Oracle 2008-12-28 16:03 . 2007-09-24 10:57 774,144 --a------ c:\windows\cis_parser.dll 2008-12-28 16:03 . 2003-05-08 14:35 45,153 --a------ c:\windows\system32\plugincpl13113.cpl 2008-12-28 16:03 . 2003-06-05 16:30 36,864 --a------ c:\windows\svrpr.ocx 2008-12-28 16:03 . 2003-06-28 13:11 28,672 --a------ c:\windows\get_username.dll 2008-12-28 15:59 . 2003-05-01 13:26 5,220 -ra------ c:\windows\system32\drivers\CVirtA.sys 2008-12-28 15:55 . 2008-12-28 15:55 <DIR> d-------- c:\program files\Common Files\Deterministic Networks 2008-12-28 15:55 . 2008-12-28 15:55 <DIR> d-------- c:\program files\Cisco Systems 2008-12-28 15:55 . 2002-10-17 14:22 138,916 --a------ c:\windows\system32\drivers\dne2000.sys 2008-12-28 15:55 . 2002-10-17 14:22 114,000 --a------ c:\windows\system32\dneinobj.dll 2008-12-22 20:21 . 2008-12-22 20:21 <DIR> d-------- C:\The.Wackness[2008]DvDrip-aXXo 2008-12-20 20:31 . 2008-12-21 11:45 <DIR> d-------- C:\Matrix Reloaded 2008-12-13 18:39 . 2008-12-13 18:39 <DIR> d-------- c:\windows\Funnsystems . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-06 21:40 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-01-06 21:38 3,136 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-01-06 21:38 294,944 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-01-06 21:38 15,848 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-01-06 21:38 1,756,192 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-01-06 21:33 --------- d-----w c:\documents and settings\Milos\Application Data\Skype 2009-01-06 15:03 --------- d-----w c:\documents and settings\Milos\Application Data\skypePM 2009-01-04 07:41 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-04 07:36 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-03 17:22 98,304 ----a-w c:\windows\DUMP5f85.tmp 2009-01-03 17:20 98,304 ----a-w c:\windows\DUMP608e.tmp 2009-01-03 17:18 98,304 ----a-w c:\windows\DUMP5cb7.tmp 2009-01-02 20:54 98,304 ----a-w c:\windows\DUMP5cb6.tmp 2009-01-02 20:52 98,304 ----a-w c:\windows\DUMP6198.tmp 2009-01-02 12:33 98,304 ----a-w c:\windows\DUMP5ef8.tmp 2008-12-31 19:23 98,304 ----a-w c:\windows\DUMP6050.tmp 2008-12-28 00:44 --------- d-----w c:\documents and settings\Milos\Application Data\uTorrent 2008-12-03 21:18 --------- d-----w c:\program files\Common Files\xing shared 2008-12-03 21:18 --------- d-----w c:\program files\Common Files\Real 2008-12-03 21:17 499,712 ----a-w c:\windows\system32\msvcp71.dll 2008-12-03 21:17 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-12-03 21:17 --------- d-----w c:\program files\Real 2008-11-29 14:10 --------- d-----w c:\program files\PC Wizard 2008 2008-11-24 16:26 --------- d-----w c:\program files\Common Files\Adobe 2008-11-20 21:37 98,304 ----a-w c:\windows\DUMP4ac4.tmp 2008-11-15 17:25 --------- d-----w c:\program files\Gigatron Konfygurator 2008-11-12 18:42 --------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution 2008-11-12 18:30 --------- d-----w c:\program files\RapidSolution 2008-11-12 17:31 --------- d-----w c:\documents and settings\Milos\Application Data\Apple Computer 2008-11-12 17:29 --------- d-----w c:\program files\QuickTime 2008-11-12 17:29 --------- d-----w c:\program files\Common Files\Apple 2008-11-12 17:29 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-11-12 17:28 --------- d-----w c:\program files\Apple Software Update 2008-11-12 17:28 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2008-11-08 16:23 --------- d-----w c:\program files\BearShare Applications 2008-11-07 18:03 --------- d-----w c:\program files\Easy DVD Player 2008-10-25 13:50 737,280 ----a-w c:\windows\iun6002.exe . ((((((((((((((((((((((((((((( snapshot@2009-01-04_17.31.44.70 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-21 19:43:53 1,744 ----a-w c:\windows\system32\d3d9caps.dat + 2009-01-04 17:14:32 1,744 ----a-w c:\windows\system32\d3d9caps.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-03 185872] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] VPN Client.lnk - c:\windows\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2008-12-28 6144] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2008-10-25 77312] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592] . Contents of the 'Scheduled Tasks' folder 2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.bearshare.com/intl/ mStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 O16 -: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} FF - ProfilePath - c:\documents and settings\Milos\Application Data\Mozilla\Firefox\Profiles\zyu4zcbk.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13113.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-06 22:40:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1260) c:\windows\system32\klogon.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************ . Completion time: 2009-01-06 22:42:23 - machine was rebooted [Milos] ComboFix-quarantined-files.txt 2009-01-06 21:42:20 ComboFix2.txt 2009-01-05 22:40:22 ComboFix3.txt 2009-01-04 22:08:41 Pre-Run: 1,144,619,008 bytes free Post-Run: 1,097,633,792 bytes free 189

Profil

helen1 Poslao: 06 Jan 2009 23:12 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kako radi komp?

Profil

Sky22 Poslao: 06 Jan 2009 23:15 Idi na vrh
offline Sky22 Građanin Pridružio: 03 Nov 2008 Poruke: 73	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK.Nemam problema i KIS ne prijavljuje nikakve viruse i trojance.

Profil

helen1 Poslao: 06 Jan 2009 23:40 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradi jos ovo: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Gamad

Ko je trenutno na forumu

Ukupno su 1246 korisnika na forumu :: 52 registrovanih, 7 sakrivenih i 1187 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Acivi, amaterSRB, Andrija357, ArmyBoss, Atomski čoban, Battlehammer, Bobrock1, Boris90, BRATORIII, crnitrn, Dannyboy, darcaud, darkangel, Denaya, Djole, flash12, Georgius, Gosha101980, havoc995, Istman, karevski, Kibice, Kubovac, Levi, Lieutenant, madza, mgolub, mikrimaus, milenko crazy north, Misirac, Ne doznajem se u oružje, Oscar, ozzy, Parker, pein, prle122, Rakenica, raso7, ruger357, savaskytec, SR-3m, Srki94, Srle993, styg, suton, Vlada1389, voja64, VP6919, wolverined4, YugoSlav, 1107

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by