MSN "hack" pomoć!!

MSN "hack" pomoć!!

offline
  • Pridružio: 06 Nov 2008
  • Poruke: 95

Ja se dopisujem sa drugom kad ono:

.....says: jesi tu?

Walents *im says: {tj. "JA"}
ja sam peder

____________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:52, on 8.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP UT\bin\hppusg.exe
M:\Kaspersky Internet Security 2009\avp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
M:\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RALINK\Common\RaUI.exe
M:\Kaspersky Internet Security 2009\avp.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
M:\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
M:\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vanja\Desktop\HiJackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - M:\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [AVP] "M:\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "M:\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [uTorrent] "M:\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - M:\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://M:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - M:\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - M:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....1091361140
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FA6BFF4-D6C7-445E-9E84-15A3BA1424F7}: NameServer = 195.252.122.154
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: M:\KASPER~1\mzvkbd.dll,M:\KASPER~1\mzvkbd3.dll,M:\KASPER~1\adialhk.dll,M:\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - M:\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - M:\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 5712 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Pojasni malo... Dok si bio ulogovan na MSN i u toku chat-a, tvoj MSN sam šalje te poruke. I to na srpskom?

Jesam li dobro razumeo?

offline
  • Pridružio: 06 Nov 2008
  • Poruke: 95

Yes, thats it!
I jedno obaveštenje

| Sorry this contact is no GAY |

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

* Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection.
* U prozoru koji se otvori, izaberi By User Request.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.




Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 06 Nov 2008
  • Poruke: 95

Malo kasnim imam zurbu sa laptopom.....
______________________________________

ComboFix 09-01-08.01 - Vanja 2009-01-08 20:43:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.325 [GMT 1:00]
Running from: c:\documents and settings\Vanja\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 1

/wow section not completed

/wow section not completed

((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-08 17:20 . 2009-01-08 17:20 45 --a------ c:\windows\system32\initdebug.nfo
2009-01-07 22:07 . 2009-01-07 22:07 <DIR> d-------- c:\program files\MSXML 6.0
2009-01-07 13:10 . 2009-01-07 13:10 <DIR> d-------- c:\windows\nview
2009-01-07 13:10 . 2009-01-07 13:10 <DIR> d-------- C:\NVIDIA
2009-01-07 13:10 . 2008-05-16 14:01 446,464 --a------ c:\windows\system32\nvudisp.exe
2009-01-07 13:10 . 2009-01-08 09:58 186,097 --a------ c:\windows\system32\nvapps.xml
2009-01-07 13:10 . 2008-05-16 14:01 18,070 --a------ c:\windows\system32\nvdisp.nvu
2009-01-07 12:49 . 2006-07-01 22:39 36,864 --a------ c:\windows\system32\drivers\AmdK8.sys
2009-01-07 12:48 . 2009-01-07 12:48 <DIR> d-------- c:\program files\AMD
2009-01-07 11:15 . 2009-01-08 16:00 <DIR> d-------- c:\documents and settings\Vanja\Application Data\skypePM
2009-01-07 11:15 . 2009-01-07 11:15 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-07 11:14 . 2009-01-08 20:25 <DIR> d-------- c:\documents and settings\Vanja\Application Data\Skype
2009-01-07 11:13 . 2009-01-07 11:13 <DIR> d-------- c:\program files\Skype
2009-01-07 11:13 . 2009-01-07 11:13 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-07 11:13 . 2009-01-07 11:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-01-06 22:24 . 2009-01-06 22:24 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-06 15:11 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-06 15:11 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-06 15:11 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-06 15:11 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-06 13:16 . 2009-01-06 13:16 <DIR> d-------- c:\documents and settings\Vanja\Application Data\Corel
2009-01-06 13:16 . 2009-01-08 10:43 3,140 --ahs---- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-01-06 13:16 . 2009-01-08 10:43 88 -r-hs---- c:\documents and settings\All Users\Application Data\806E709AA8.sys
2009-01-06 13:13 . 2009-01-06 13:13 <DIR> d-------- c:\program files\Common Files\Protexis
2009-01-06 13:13 . 2009-01-06 13:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-01-06 13:08 . 2009-01-06 13:08 <DIR> d-------- c:\program files\Common Files\Corel
2009-01-06 12:55 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-06 12:34 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-01-06 12:34 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-06 09:59 . 2009-01-06 09:59 <DIR> d-------- c:\documents and settings\Vanja\Application Data\Malwarebytes
2009-01-06 09:58 . 2009-01-06 09:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-06 09:58 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-06 09:58 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-06 09:38 . 2009-01-06 22:31 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-06 09:38 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-01-05 21:39 . 2002-08-30 17:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-01-05 21:38 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-01-05 21:38 . 2001-08-17 22:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2009-01-05 21:38 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-01-05 21:38 . 2001-08-17 22:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2009-01-05 21:38 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd106.dll
2009-01-05 21:38 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-01-05 21:38 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-01-05 21:38 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-01-05 21:38 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2009-01-05 21:38 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-01-05 21:38 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-01-05 21:38 . 2001-08-17 14:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2009-01-05 19:05 . 2008-04-27 10:33 765,952 --a------ c:\windows\system32\xvidcore.dll
2009-01-05 19:05 . 2008-04-27 10:35 180,224 --a------ c:\windows\system32\xvidvfw.dll
2009-01-05 19:05 . 2007-06-28 18:55 77,824 --a------ c:\windows\system32\xvid.ax
2009-01-05 18:46 . 2009-01-05 18:46 <DIR> d-------- c:\documents and settings\Vanja\Application Data\GRETECH
2009-01-05 18:44 . 1999-12-17 10:13 86,016 --a------ c:\windows\unvise32.exe
2009-01-05 18:29 . 2009-01-06 14:34 <DIR> d-------- c:\documents and settings\Vanja\Phone Browser
2009-01-05 18:29 . 2009-01-05 18:29 <DIR> d-------- c:\documents and settings\Vanja\Application Data\Datalayer
2009-01-05 18:29 . 2009-01-08 18:40 69 --a------ c:\windows\NeroDigital.ini
2009-01-05 18:13 . 2009-01-05 18:13 <DIR> d-------- c:\documents and settings\Vanja\Application Data\Nokia
2009-01-05 18:11 . 2009-01-05 18:11 <DIR> d-------- c:\windows\Downloaded Installations
2009-01-05 18:10 . 2009-01-05 18:10 <DIR> d-------- c:\program files\DIFX
2009-01-05 18:08 . 2009-01-05 18:08 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-01-05 18:08 . 2009-01-05 18:08 <DIR> d-------- c:\program files\Common Files\Nokia
2009-01-05 18:08 . 2009-01-05 18:10 <DIR> d-------- c:\documents and settings\Vanja\Application Data\PC Suite
2009-01-05 18:08 . 2009-01-05 18:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite
2009-01-05 18:07 . 2009-01-05 18:11 <DIR> d-------- c:\program files\Nokia
2009-01-05 18:07 . 2006-05-29 08:26 127,488 --a------ c:\windows\system32\drivers\nmwcd.sys
2009-01-05 18:07 . 2006-05-29 08:26 50,688 --a------ c:\windows\system32\nmwcdcls.dll
2009-01-05 18:07 . 2006-05-29 08:26 30,720 --a------ c:\windows\system32\nmwcdcocls.dll
2009-01-05 18:07 . 2006-05-29 08:26 13,312 --a------ c:\windows\system32\drivers\nmwcdcm.sys
2009-01-05 18:07 . 2006-05-29 08:26 13,312 --a------ c:\windows\system32\drivers\nmwcdcj.sys
2009-01-05 18:07 . 2006-05-29 08:26 8,704 --a------ c:\windows\system32\drivers\nmwcdc.sys
2009-01-05 18:07 . 2006-05-29 08:26 4,608 --a------ c:\windows\system32\nmwcdlog.dll
2009-01-05 18:06 . 2009-01-05 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-01-05 14:57 . 2009-01-05 14:57 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-01-05 14:54 . 2009-01-05 14:54 <DIR> d-------- c:\windows\Cache
2009-01-05 13:47 . 2009-01-06 19:28 917 --a------ c:\windows\GTA-SA_Trn_Settings.ini
2009-01-05 11:30 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-05 11:30 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-05 11:30 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-04 22:08 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-01-04 22:07 . 2009-01-04 22:07 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-04 22:05 . 2009-01-04 22:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2009-01-04 19:39 . 2009-01-05 11:29 <DIR> d-------- c:\documents and settings\Vanja\Contacts
2009-01-04 19:23 . 2009-01-04 19:37 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2009-01-04 19:22 . 2009-01-04 19:37 <DIR> d-------- c:\program files\Windows Live
2009-01-04 19:22 . 2009-01-04 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 19:43 7,608 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-08 19:43 376,864 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-08 19:42 --------- d-----w c:\documents and settings\Vanja\Application Data\uTorrent
2009-01-08 09:04 3,207,712 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-08 09:03 36,620 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-08 08:59 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-07 11:48 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-04 21:00 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-04 17:45 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-04 17:44 --------- d-----w c:\program files\Microsoft.NET
2009-01-04 17:38 --------- d-----w c:\documents and settings\Vanja\Application Data\Nero
2009-01-04 17:37 --------- d-----w c:\program files\Common Files\Nero
2009-01-04 17:35 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-01-04 17:27 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-01-04 17:14 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-04 16:55 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2009-01-04 16:48 --------- d--h--w c:\program files\Avago-HP
2009-01-04 16:48 --------- d-----w c:\program files\HP
2009-01-04 16:48 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-01-04 16:36 21,419 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-01-04 16:36 --------- d-----w c:\program files\RALINK
2009-01-04 16:36 --------- d-----w c:\documents and settings\Vanja\Application Data\InstallShield
2009-01-04 16:35 --------- d-----w c:\program files\Realtek Sound Manager
2009-01-04 16:35 --------- d-----w c:\program files\AvRack
2009-01-04 16:26 --------- d-----w c:\program files\microsoft frontpage
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="m:\utorrent\uTorrent.exe" [2009-01-04 270128]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"AVP"="m:\kaspersky internet security 2009\avp.exe" [2008-07-29 206088]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="m:\nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-01-04 1339392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=m:\kasper~1\mzvkbd.dll,m:\kasper~1\mzvkbd3.dll,m:\kasper~1\adialhk.dll,m:\kasper~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"C:4\\uTorrent\\uTorrent.exe"=
"m:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2009-01-04 16640]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GIVEIO
*NewlyCreated* - SPEEDFAN
.
.
------- Supplementary Scan -------
.
IE: Add to Banner Ad Blocker - m:\kaspersky internet security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - m:\micros~1\OFFICE11\EXCEL.EXE/3000
TCP: {5FA6BFF4-D6C7-445E-9E84-15A3BA1424F7} = 195.252.122.154
FF - ProfilePath - c:\documents and settings\Vanja\Application Data\Mozilla\Firefox\Profiles\x0k93zyf.default\
FF - prefs.js: browser.startup.homepage - hxxp://abakusbp.net/forum
FF - component: m:\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-08 20:43:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-08 20:44:54
ComboFix-quarantined-files.txt 2009-01-08 19:44:48

Pre-Run: 14.203.322.368 bytes free
Post-Run: 15,046,094,848 bytes free

213 --- E O F --- 2009-01-07 21:07:35

offline
  • Source  Male
  • Legendarni građanin
  • Pridružio: 10 Jan 2005
  • Poruke: 3319
  • Gde živiš: Stara Pazova

Izvinite sto se ubacujem, ali postoji program (koristio sam ga i nije "hack") koji radi to kao da si ti ispisao, verovatno je to... (mada nije lose proveriti ni malware).

offline
  • Pridružio: 06 Nov 2008
  • Poruke: 95

Izgleda da ce to biti ono!

Dopuna: 09 Jan 2009 11:38

Hvala na trudu!

mod edit: link uklonjen.

To mi je prijatelj dao!

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Meni je ostalo samo da dodam da na kompjuteru nema tragova malware-a.

Ko je trenutno na forumu
 

Ukupno su 635 korisnika na forumu :: 11 registrovanih, 1 sakriven i 623 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: cikadeda, DPera, Kenanjoz, Kruger, mikki jons, novator, Parker, Pohovani_00, repac, slonic_tonic, Vitomir