MyCity » Ambulanta -> Arhiva Ambulante » OKW trojan

OKW trojan

Napisano na dan: 6.7.2009

Strana:
1
2

OKW trojan

Pagination

Prethodna strana

Odgovori

Strana:
1
2

flashboy_didi Poslao: 09 Jul 2009 00:18 Idi na vrh
offline flashboy_didi Građanin Pridružio: 24 Apr 2007 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-07-08.04 - Guza 09.07.2009 0:04.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1519 [GMT 2:00] Running from: c:\documents and settings\Guza\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Guza\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Created a new restore point FILE :: "c:\windows\system32\Drivers\Cdaudio.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Drivers\Cdaudio.sys . ((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 ))))))))))))))))))))))))))))))) . 2009-07-07 17:42 . 2009-07-07 17:42 -------- d-----w- C:\USBNoRisk 2009-07-02 18:55 . 2009-07-02 18:55 41808 ----a-w- c:\windows\system32\xfcodec.dll 2009-07-01 00:36 . 2009-07-01 00:39 -------- d-----w- c:\documents and settings\Guza\Local Settings\Application Data\Temp 2009-06-25 18:10 . 2009-06-25 22:45 -------- d-----w- c:\documents and settings\Guza\Application Data\Winamp 2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\Guza\Application Data\Mozilla\plugins\npgoogletalk.dll 2009-06-21 17:09 . 2009-06-21 17:09 -------- d-----w- C:\eclipse 2009-06-19 14:06 . 2009-06-19 14:06 -------- d-----w- c:\program files\MSXML 6.0 2009-06-19 13:45 . 2008-04-14 13:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll 2009-06-19 13:41 . 2009-06-19 13:48 -------- d-----w- C:\Inetpub 2009-06-19 12:42 . 2009-06-19 12:42 -------- d-----w- c:\windows\SQLHotfix 2009-06-17 18:35 . 2009-06-17 18:35 -------- d-----w- c:\program files\Bonjour 2009-06-09 19:00 . 2009-06-19 14:19 -------- d-----w- c:\program files\Microsoft SQL Server 2009-06-09 16:34 . 2009-06-09 16:34 -------- d-----w- c:\windows\system32\IOSUBSYS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-08 21:05 . 2008-11-22 10:15 -------- d-----w- c:\documents and settings\Guza\Application Data\Xfire 2009-07-08 20:25 . 2009-05-26 23:55 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-08 20:25 . 2009-05-26 23:54 189768 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-07-06 08:36 . 2008-11-20 02:22 -------- d-----w- c:\documents and settings\Guza\Application Data\uTorrent 2009-06-25 18:11 . 2008-11-19 13:05 -------- d-----w- c:\program files\Winamp 2009-06-24 17:28 . 2008-11-19 14:47 85016 ----a-w- c:\documents and settings\Guza\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-19 14:17 . 2008-11-20 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-19 14:12 . 2008-11-20 19:06 -------- d-----w- c:\program files\Microsoft.NET 2009-06-17 18:34 . 2008-11-19 12:25 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-17 09:58 . 2008-11-21 20:38 -------- d-----w- c:\documents and settings\Guza\Application Data\LimeWire 2009-06-15 20:38 . 2009-02-06 11:46 -------- d-----w- c:\documents and settings\Guza\Application Data\mIRC 2009-06-15 20:26 . 2009-02-06 11:46 -------- d-----w- c:\program files\mIRC 2009-06-09 16:34 . 2008-11-19 19:38 -------- d-----w- c:\program files\Google 2009-06-09 09:20 . 2008-11-21 14:50 -------- d-----w- c:\program files\Java 2009-06-02 10:07 . 2009-05-01 20:53 -------- d-----w- c:\program files\Image-Line 2009-05-31 09:40 . 2009-05-31 09:40 -------- d-----w- c:\documents and settings\Guza\Application Data\YoudaGames 2009-05-27 21:21 . 2009-04-13 20:14 -------- d-----w- c:\program files\NetBeans 6.1 2009-05-26 23:54 . 2009-05-26 23:54 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-05-26 20:31 . 2009-05-20 11:52 -------- d-----w- c:\program files\Hewlett-Packard 2009-05-26 20:21 . 2009-05-19 19:01 -------- d-----w- c:\program files\Zylom Games 2009-05-26 20:21 . 2008-12-09 08:55 -------- d-----w- c:\program files\Yahoo! 2009-05-26 20:15 . 2008-11-19 12:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-26 20:07 . 2009-05-26 20:07 -------- d-----w- c:\documents and settings\Guza\Application Data\Share-to-Web Upload Folder 2009-05-26 13:48 . 2009-05-26 13:48 63916 ---ha-w- c:\windows\system32\mlfcache.dat 2009-05-26 13:33 . 2009-05-26 13:31 -------- d-----w- c:\documents and settings\Guza\Application Data\MySQL-Front 2009-05-26 13:31 . 2009-05-26 13:31 -------- d-----w- c:\program files\MySQL-Front 2009-05-22 23:07 . 2009-04-17 20:02 -------- d-----w- c:\documents and settings\Guza\Application Data\Skype 2009-05-21 19:40 . 2009-05-21 19:40 -------- d-----w- c:\program files\EA SPORTS 2009-05-21 07:06 . 2009-03-17 23:39 -------- d-----w- c:\program files\Microsoft 2009-05-20 13:18 . 2009-05-20 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY 2009-05-20 13:10 . 2009-05-20 13:10 -------- d-----w- c:\documents and settings\Guza\Application Data\ABBYY 2009-05-20 12:59 . 2009-05-20 12:59 -------- d-----w- c:\program files\Common Files\ABBYY 2009-05-20 11:52 . 2009-05-20 11:52 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2009-05-20 11:14 . 2009-05-20 11:10 -------- d-----w- c:\documents and settings\Guza\Application Data\GetRightToGo 2009-05-19 19:02 . 2009-05-19 19:02 -------- d-----w- c:\documents and settings\Guza\Application Data\Zylom 2009-05-19 19:01 . 2009-05-19 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom 2009-05-19 15:55 . 2009-05-19 15:50 -------- d-----w- c:\program files\EsetOnlineScanner 2009-05-18 20:04 . 2009-05-18 20:04 -------- d-----w- c:\documents and settings\Guza\Application Data\SystemRequirementsLab 2009-05-18 20:04 . 2009-05-18 20:04 -------- d-----w- c:\program files\SystemRequirementsLab 2009-05-18 20:04 . 2009-05-18 20:04 207872 ----a-w- c:\documents and settings\Guza\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll 2009-05-18 20:04 . 2009-05-18 20:04 207872 ----a-w- c:\documents and settings\Guza\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll 2009-05-18 20:04 . 2009-05-18 20:04 207872 ----a-w- c:\documents and settings\Guza\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll 2009-05-18 20:04 . 2009-05-18 20:04 207872 ----a-w- c:\documents and settings\Guza\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll 2009-05-12 12:55 . 2009-04-13 20:19 -------- d-----w- c:\program files\glassfish-v2ur2 2009-05-11 14:51 . 2009-04-07 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PowerDesigner 12 2009-05-11 14:49 . 2009-01-28 14:54 -------- d-----w- c:\program files\Corel 2009-05-11 14:49 . 2009-01-28 14:57 -------- d-----w- c:\documents and settings\Guza\Application Data\Corel 2009-05-04 13:07 . 2009-05-14 09:06 2298680 ----a-w- c:\documents and settings\Guza\Application Data\Mozilla\Firefox\Profiles\wivc4e1r.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-04-27 19:08 . 2009-01-29 10:15 2984 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-04-27 19:08 . 2009-01-29 10:15 2984 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-04-27 19:08 . 2009-01-29 10:15 88 --sh--r- c:\documents and settings\All Users\Application Data\76C55D0F83.sys 2009-04-27 19:08 . 2009-01-29 10:15 88 --sh--r- c:\documents and settings\All Users\Application Data\76C55D0F83.sys 2009-04-25 11:05 . 2009-04-25 11:05 5 ----a-w- C:\b.bat 2009-04-23 13:03 . 2009-04-23 13:03 216064 ----a-w- c:\windows\iun3405.exe . ------- Sigcheck ------- [-] 2008-07-12 19:20 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-08 22:10 . 2009-07-08 22:10 16384 c:\windows\Temp\Perflib_Perfdata_558.dat + 2009-06-19 13:48 . 2009-07-08 22:11 225191 c:\windows\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SkinClock"="d:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2006-09-17 549376] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "H/PC Connection Agent"="d:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128] "Google Update"="c:\documents and settings\Guza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-19 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008] "DU Meter"="d:\program files\DU Meter\DUMeter.exe" [2005-02-01 1469952] "CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ RUPS Daemon.lnk - c:\program files\Megatec\RUPS 2000\Rupsw32.EXE [2008-11-19 32768] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ Autocheck autochk * [HKLM\~\startupfolder\C:^Documents and Settings^Guza^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\Guza\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Guza^Start Menu^Programs^Startup^Need for Speed™ Undercover Registration.lnk] path=c:\documents and settings\Guza\Start Menu\Programs\Startup\Need for Speed™ Undercover Registration.lnk backup=c:\windows\pss\Need for Speed™ Undercover Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Guza^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\Guza\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Microsoft Office Groove Audit Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Guza\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Guza\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "d:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\Program Files\\BORGChat\\BORGChat.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Program Files\\Activision\\Call of Duty 2\\xfire.exe"= "d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "d:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 5:51 33800] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 5:51 468224] R2 Fireserv;Fireserv;c:\fireserv\Apache\bin\Apache.exe [7.5.2002 0:31 20480] R2 UPS2501;UPS2501;c:\windows\system32\drivers\ups2501.sys [19.11.2008 19:46 9351] R3 SNCP106;PC Camera (6009 CIF);c:\windows\system32\drivers\sncp106.sys [16.3.2009 23:13 243712] S2 ups2501_xp;ups2501_xp;c:\windows\system32\drivers\ups2501_XP.sys [19.11.2008 15:55 5344] S3 cpuz130;cpuz130;\??\c:\docume~1\Guza\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Guza\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 HssTrayService;Hotspot Shield Tray Service;d:\program files\Hotspot Shield\bin\HssTrayService.EXE --> d:\program files\Hotspot Shield\bin\HssTrayService.EXE [?] S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [30.1.2009 17:10 654848] S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [12.1.2009 21:04 50048] . Contents of the 'Scheduled Tasks' folder 2009-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-796845957-1003Core.job - c:\documents and settings\Guza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-19 18:25] 2009-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-796845957-1003UA.job - c:\documents and settings\Guza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-19 18:25] . . ------- Supplementary Scan ------- . uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici] uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]* IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 DPF: {73FDD716-9BCE-42F7-8B13-DB4F7587B8D1} - [Link mogu videti samo ulogovani korisnici] FF - ProfilePath - c:\documents and settings\Guza\Application Data\Mozilla\Firefox\Profiles\wivc4e1r.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - component: c:\documents and settings\Guza\Application Data\Mozilla\Firefox\Profiles\wivc4e1r.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\Guza\Application Data\Mozilla\Firefox\Profiles\wivc4e1r.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\Guza\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Guza\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFF12.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: d:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nppl3260.dll FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprjplug.dll FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll ---- FIREFOX POLICIES ---- d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); d:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); d:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); d:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-07-09 00:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(5460) d:\program files\Atomic Alarm Clock\Clock.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\ATKKBService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\rundll32.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\fireserv\mysql\bin\mysqld-nt.exe d:\progra~1\MICROS~2\rapimgr.exe d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\IoctlSvc.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Megatec\RUPS 2000\Rupsd.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-07-08 0:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-08 22:15 ComboFix2.txt 2009-07-06 16:55 Pre-Run: 640.606.208 bytes free Post-Run: 785.608.704 bytes free 309

Profil

diarno Poslao: 09 Jul 2009 22:10 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje?

Profil

flashboy_didi Poslao: 10 Jul 2009 10:43 Idi na vrh
offline flashboy_didi Građanin Pridružio: 24 Apr 2007 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Trenutno ne vidim neke probleme, nadam se da ih nece biti Hvala puno!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » OKW trojan

Ko je trenutno na forumu

Ukupno su 1060 korisnika na forumu :: 93 registrovanih, 7 sakrivenih i 960 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 33 bren, 8u47, A.R.Chafee.Jr., alberto, ALEKSICMILE, aleph_one, B61, babaroga, Bo96, bobor, bojank, Boris.A, boromir, BORUTUS, bufanje, Cicumile, cifra, CikaKURE, Colt D, DalmatinacMF, Deki Duga Devetka, Df410, djonsule, doktor1964, doloress, DonRumataEstorski, Dugme1984, dule10savic, elias, ElvisP, Ercomero, Georgius, Gosha101980, halkin gol, Insan, ivica976, jodzula, komsija1, Kubovac, kuntakinte, kybonacci, ladro, Lelemood, lord sir giga, LUDI, miki kv, milanpb, milenko crazy north, Milos82, mist-mist, Mladenovicc, mnn2, Moldovan, nebkv, nightwish, Orc, Pale2025, Panter, panzerwaffe, pein, Petarvu, proka89, RAKITNICA, raster12, Rebel Frank, Resad76, Ripanjac, Romibrat, S-lash, sabros, Sase, Semprini, shlauf, sluga, sslay, stefan95, umaric7, user24, Vaske8990, vathra, Velibor Radoja, vespa nikola, vidra boy, vlado_pg, vobo, voja64, Weah88, xAlex2, zemljanin, Zgembo78, zmajbre, zzapNDjuric99, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by