Možda tražite i:
Provera loga
Provera loga
Ako moze provera loga!
Provera loga,pokupio sam trojance neke.

MyCity » Ambulanta -> Arhiva Ambulante » Provera loga

Provera loga

Napisano na dan: 9.5.2009

Strana:
1
2

Provera loga

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Springfield Poslao: 09 Maj 2009 16:43 Idi na vrh
offline Springfield Moderator foruma 100%Milanista Information Technology Pridružio: 23 Avg 2008 Poruke: 2634 Gde živiš: Milan, Italy	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:39:50 PM, on 5/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AlienGUIse\wbload.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\VMSnap5.EXE C:\WINDOWS\Domino.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Milos\Desktop\New Folder\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {F4082100-F291-41E0-B63E-C06F6267F690} - (no file) O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VMSnap5] C:\WINDOWS\VMSnap5.EXE O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-21-1960408961-651377827-682003330-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-1960408961-651377827-682003330-1003 Startup: Alienware News Feed.lnk = C:\Program Files\Stardock\DesktopGadgets\Alienware News Feed\Alienware News Feed.exe (User '?') O4 - Startup: Alienware News Feed.lnk = C:\Program Files\Stardock\DesktopGadgets\Alienware News Feed\Alienware News Feed.exe O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm O8 - Extra context menu item: Zoom &Out - C:\WINDOWS\WEB\zoomout.htm O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [international] International O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F31FF05B-3EA6-4E06-8257-D4CC5B714568}: NameServer = 195.66.160.1 195.66.160.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: nnnoLBrq - nnnoLBrq.dll (file missing) O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9825 bytes

Profil

argus Poslao: 09 Maj 2009 17:46 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mozes li malo da opises problem.

Profil

Springfield Poslao: 09 Maj 2009 17:52 Idi na vrh
offline Springfield Moderator foruma 100%Milanista Information Technology Pridružio: 23 Avg 2008 Poruke: 2634 Gde živiš: Milan, Italy	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mogu naravno. Skidao sam sa neta neki serial key i usao na neki sajt i kis2009 mi blokirao stranicu posto mi je trebao taj serial key ja ugasim kis i skinem to sa neta to sam instalirao (uglavnom komp se napunio pun virusa) i sve mi otislo dodjavola pukla konekcija ma sve sve.... ja restartovao komp ponovo ga upalio i sve poremeceno nece nista da se upali od programa nit da se konektujem na net. Jedva nekako upalim kis2009 stavim full scan i sve skenira 100% nadje dosta virusa i sve to ja pobrisem lepo. al i dalje sve otislo dodjavola i taman rekoh da rusim sistem kad mi pade na pamet da ugasim kis ja ugasim kis i sve mi se vrati u normalu ali bas sve. I onda posle nekog vremena upalim kis ono se sve sje*ava polako i vrace se kao onda a kis koristim odavno i nikada nisam imao takvih problema. Evmo mogu da opet upalim kis2009 da napravim scren shot sta se desava u kompu pa da postujem... ako je potrebno?

Profil

argus Poslao: 09 Maj 2009 18:01 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! * Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection. * U prozoru koji se otvori, izaberi By User Request. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Springfield Poslao: 09 Maj 2009 18:33 Idi na vrh
offline Springfield Moderator foruma 100%Milanista Information Technology Pridružio: 23 Avg 2008 Poruke: 2634 Gde živiš: Milan, Italy	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-05-08.03 - Milos 05/09/2009 18:08.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.262 [GMT 2:00] Running from: c:\documents and settings\Milos\Desktop\ComboFix.exe AV: Kaspersky Internet Security On-access scanning disabled (Updated) FW: Kaspersky Internet Security disabled . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Milos\Application Data\.# c:\documents and settings\Milos\Application Data\.#\MBX@A90@3837D8.### c:\documents and settings\Milos\Application Data\.#\MBX@A90@3837E8.### c:\documents and settings\Milos\Application Data\.#\MBX@A90@3837F8.### c:\documents and settings\Milos\Application Data\.#\MBX@D74@3D37D8.### c:\documents and settings\Milos\Application Data\.#\MBX@D74@3D37E8.### c:\documents and settings\Milos\Application Data\.#\MBX@D74@3D37F8.### c:\documents and settings\Milos\Application Data\.#\MBX@FF8@3D37E8.### c:\documents and settings\Milos\Application Data\.#\MBX@FF8@3D37F8.### c:\windows\IE4 Error Log.txt c:\windows\msnimport.exe c:\windows\system32\_000007_.tmp.dll c:\windows\system32\azton.mt c:\windows\system32\GiQtwyxx.ini c:\windows\system32\GiQtwyxx.ini2 c:\windows\system32\hlrfeccy.ini c:\windows\system32\kr_done1 c:\windows\system32\update . ((((((((((((((((((((((((( Files Created from 2009-04-09 to 2009-05-09 ))))))))))))))))))))))))))))))) . 2009-05-09 15:21 . 2009-05-09 15:21 32768 ----a-w c:\windows\system32\sfaob.exe 2009-05-09 07:58 . 2009-05-09 07:58 245 ----a-w c:\windows\tmp73431046.bat 2009-05-09 07:58 . 2009-05-09 07:58 578560 -c--a-w c:\windows\system32\dllcache\user32.dll 2009-05-08 17:58 . 2009-05-08 17:58 -------- d-sh--w c:\documents and settings\Milos\PrivacIE 2009-05-08 11:43 . 2009-05-08 11:43 -------- d-sh--w c:\documents and settings\LocalService\IETldCache 2009-05-08 11:35 . 2009-05-08 11:35 -------- d-sh--w c:\documents and settings\Milos\IETldCache 2009-05-08 11:25 . 2009-05-08 11:27 -------- dc-h--w c:\windows\ie8 2009-05-08 02:34 . 2009-05-08 02:34 -------- d-----w c:\documents and settings\Milos\Local Settings\Application Data\Opera 2009-05-08 02:34 . 2009-05-08 02:34 -------- d-----w c:\program files\Opera 2009-05-07 11:54 . 2009-05-09 15:32 -------- d-----w c:\program files\Mozilla Firefox 3.5 Beta 4 2009-05-02 08:13 . 2009-05-02 08:13 -------- d-----w c:\documents and settings\All Users\Application Data\3B271 2009-05-01 23:53 . 2008-09-20 20:19 213504 ----a-w c:\windows\system32\libssl32.dll 2009-05-01 18:25 . 2009-05-04 12:41 -------- d-----w c:\program files\No-IP 2009-05-01 14:33 . 2009-05-01 14:33 2 ---h--w c:\windows\t55ft2692f44.dat 2009-05-01 14:33 . 2009-05-01 15:55 -------- d-----w c:\windows\system32\796525 2009-05-01 14:30 . 2009-05-07 12:44 -------- d-----w c:\program files\ACSPMonitor 2009-05-01 00:56 . 2003-11-04 13:11 159744 ----a-w c:\windows\system32\lfpng13n.dll 2009-04-30 20:31 . 1999-04-08 09:18 49152 ----a-w c:\windows\system32\_ISREG32.DLL 2009-04-30 20:31 . 1999-08-18 07:54 180224 ----a-w c:\windows\system32\Ijl11.dll 2009-04-30 20:31 . 2000-03-06 13:17 32768 ----a-w c:\windows\system32\kbhook.dll 2009-04-30 20:31 . 2002-04-04 15:16 32768 ----a-w c:\windows\system32\nsutil.exe 2009-04-30 20:31 . 2004-03-04 09:13 110592 ----a-w c:\windows\system32\nsys.exe 2009-04-30 20:31 . 1999-03-23 07:12 299520 ----a-w c:\windows\uninst.exe 2009-04-30 18:03 . 2009-04-30 18:03 -------- d-----w c:\documents and settings\Milos\2009-04-30-21-03-51 2009-04-30 17:46 . 2009-04-30 17:46 -------- d-----w c:\documents and settings\Milos\2009-04-30-20-46-40 2009-04-30 17:24 . 2009-04-30 17:24 -------- d-----w c:\program files\SnadBoy's Revelation v2 2009-04-28 12:46 . 2009-04-28 12:46 -------- d-----w c:\documents and settings\All Users\Application Data\03D8 2009-04-28 12:44 . 2009-05-04 11:47 -------- d-----w c:\documents and settings\Milos\Local Settings\Application Data\BearShare 2009-04-28 12:43 . 2009-04-28 12:45 -------- d-----w c:\program files\BearShare Applications 2009-04-27 13:27 . 2009-04-30 23:28 -------- d-----w c:\documents and settings\Milos\Application Data\Hamachi 2009-04-27 13:26 . 2009-04-27 13:26 25280 ----a-w c:\windows\system32\drivers\hamachi.sys 2009-04-26 20:52 . 2002-06-19 10:19 91136 ----a-w c:\windows\system32\msls2.dll 2009-04-25 12:06 . 2009-04-25 12:28 -------- d-----w c:\program files\SHOUTcast 2009-04-23 15:23 . 2009-04-23 15:23 -------- d-----w c:\program files\Mz_CpuAcc 2009-04-19 15:24 . 2001-08-17 12:55 382592 -c--a-w c:\windows\system32\dllcache\atidrab.dll 2009-04-19 15:24 . 2004-08-04 12:00 29184 -c--a-w c:\windows\system32\dllcache\asptxn.dll 2009-04-19 15:24 . 2004-08-04 12:00 10240 -c--a-w c:\windows\system32\dllcache\aspperf.dll 2009-04-19 15:24 . 2001-08-17 10:12 97354 -c--a-w c:\windows\system32\dllcache\aspndis3.sys 2009-04-19 15:22 . 2001-08-17 10:20 96256 -c--a-w c:\windows\system32\dllcache\ac97intc.sys 2009-04-19 15:20 . 2008-04-13 20:06 231552 -c--a-w c:\windows\system32\dllcache\ac97ali.sys 2009-04-19 15:20 . 2004-08-04 12:00 23552 -c--a-w c:\windows\system32\dllcache\abp480n5.sys 2009-04-19 15:20 . 2001-08-17 20:36 462848 -c--a-w c:\windows\system32\dllcache\a3dapi.dll 2009-04-19 15:20 . 2001-08-17 20:36 98304 -c--a-w c:\windows\system32\dllcache\a3d.dll 2009-04-19 15:20 . 2001-08-17 12:55 38400 -c--a-w c:\windows\system32\dllcache\8514a.dll 2009-04-19 15:20 . 2008-04-13 22:16 48128 -c--a-w c:\windows\system32\dllcache\61883.sys 2009-04-19 15:20 . 2008-04-13 22:10 12288 -c--a-w c:\windows\system32\dllcache\4mmdat.sys 2009-04-19 15:20 . 2001-08-17 10:48 148352 -c--a-w c:\windows\system32\dllcache\3dfxvsm.sys 2009-04-19 15:20 . 2001-08-17 12:55 689216 -c--a-w c:\windows\system32\dllcache\3dfxvs.dll 2009-04-19 15:20 . 2001-08-17 11:28 762780 -c--a-w c:\windows\system32\dllcache\3cwmcru.sys 2009-04-19 15:20 . 2004-08-04 12:00 11264 -c--a-w c:\windows\system32\dllcache\1394vdbg.sys 2009-04-19 15:20 . 2008-04-13 22:16 53376 -c--a-w c:\windows\system32\dllcache\1394bus.sys 2009-04-19 15:19 . 2004-08-04 12:00 7168 -c--a-w c:\windows\system32\dllcache\wamregps.dll 2009-04-19 15:19 . 2001-08-17 12:56 66048 -c--a-w c:\windows\system32\dllcache\s3legacy.dll 2009-04-19 15:19 . 2009-02-06 11:06 2145280 -c--a-w c:\windows\system32\dllcache\ntkrnlmp.exe 2009-04-19 15:18 . 2004-08-04 12:00 19968 -c--a-w c:\windows\system32\dllcache\inetsloc.dll 2009-04-19 15:18 . 2004-08-04 12:00 7680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe 2009-04-19 15:18 . 2004-08-04 12:00 169984 -c--a-w c:\windows\system32\dllcache\iisui.dll 2009-04-19 15:18 . 2004-08-04 12:00 5632 -c--a-w c:\windows\system32\dllcache\iisrstap.dll 2009-04-19 15:18 . 2004-08-04 12:00 14336 -c--a-w c:\windows\system32\dllcache\iisreset.exe 2009-04-19 15:18 . 2004-08-04 12:00 6144 -c--a-w c:\windows\system32\dllcache\ftpsapi2.dll 2009-04-15 11:22 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-15 11:22 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe 2009-04-15 11:22 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 11:22 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 11:22 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 11:22 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 11:22 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe 2009-04-15 11:20 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-15 11:20 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-13 14:11 . 2009-04-13 14:11 180224 ----a-w c:\windows\system32\WinVd32.sys 2009-04-13 14:11 . 2009-04-13 14:11 16896 ----a-w c:\windows\system32\WinFl32.sys 2009-04-11 19:45 . 2001-08-17 20:36 8192 -c--a-w c:\windows\system32\dllcache\tsbyuv.dll 2009-04-11 19:45 . 2001-08-17 20:36 8192 ----a-w c:\windows\system32\tsbyuv.dll 2009-04-11 15:29 . 2009-04-11 15:29 -------- d-----w c:\windows\EffectResources 2009-04-11 15:29 . 2000-10-31 10:00 307200 ----a-w c:\windows\vidcap32.Exe 2009-04-11 15:29 . 2005-08-08 12:37 24576 ----a-w c:\windows\VMPipe.dll 2009-04-11 15:29 . 2006-10-11 16:40 57344 ----a-w c:\windows\Sti305.exe 2009-04-11 15:29 . 2005-05-18 08:55 32768 ----a-w c:\windows\VMZoom.exe 2009-04-11 15:29 . 2009-04-11 15:29 -------- d-----w c:\windows\CatRoot 2009-04-11 15:29 . 2009-04-11 15:29 -------- d-----w c:\program files\Vimicro 2009-04-11 15:26 . 2005-08-08 08:36 114688 ----a-r c:\windows\VM305Cap.exe 2009-04-11 15:26 . 2006-06-28 09:54 49152 ----a-w c:\windows\Domino.EXE 2009-04-11 15:26 . 2006-06-28 09:39 49152 ----a-w c:\windows\VMSnap5.EXE 2009-04-11 15:26 . 2005-05-03 07:51 176128 ----a-r c:\windows\amcap.exe 2009-04-11 15:26 . 2005-08-05 10:36 81920 ----a-r c:\windows\system32\VM305STI.dll 2009-04-11 15:26 . 2006-08-10 04:32 391737 ----a-r c:\windows\system32\drivers\usbVM305.sys 2009-04-11 15:12 . 2008-04-13 22:46 141056 -c--a-w c:\windows\system32\dllcache\ks.sys 2009-04-11 15:12 . 2008-04-13 22:46 141056 ----a-w c:\windows\system32\drivers\ks.sys 2009-04-11 15:12 . 2008-04-14 03:42 294912 ----a-w c:\windows\system32\msh263.drv 2009-04-11 15:12 . 2008-04-14 03:42 53760 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll 2009-04-11 15:12 . 2008-04-14 03:42 53760 ----a-w c:\windows\system32\vfwwdm32.dll 2009-04-11 15:12 . 2008-04-14 03:42 16896 -c--a-w c:\windows\system32\dllcache\msyuv.dll 2009-04-11 15:12 . 2008-04-14 03:42 16896 ----a-w c:\windows\system32\msyuv.dll 2009-04-11 15:12 . 2008-04-14 04:41 4096 ----a-w c:\windows\system32\ksuser.dll 2009-04-11 15:12 . 2008-04-14 03:41 47616 -c--a-w c:\windows\system32\dllcache\iyuv_32.dll 2009-04-11 15:12 . 2008-04-14 03:41 47616 ----a-w c:\windows\system32\iyuv_32.dll 2009-04-10 17:20 . 2009-04-10 17:20 -------- d-----w c:\documents and settings\Milos\Application Data\Sports Interactive 2009-04-10 11:14 . 2009-04-10 11:14 -------- d-----w c:\program files\Sports Interactive 2009-04-10 04:54 . 2009-04-10 10:24 -------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts 2009-04-10 04:47 . 2009-04-10 04:47 -------- d-----w C:\ProgramData 2009-04-10 04:47 . 2009-04-10 04:47 816 ----a-w c:\windows\system32\ealregsnapshot1.reg 2009-04-10 04:47 . 2009-04-10 04:47 -------- d-----w c:\documents and settings\Milos\Local Settings\Application Data\Downloaded Installations . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-09 16:13 . 2008-12-05 11:36 942112 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-05-09 16:13 . 2008-12-05 11:36 5348 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-05-09 16:10 . 2008-12-05 11:36 4469280 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-05-09 16:10 . 2008-12-05 11:36 37044 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-05-09 15:46 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-05-09 15:21 . 2009-01-28 00:33 33808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-05-09 08:03 . 2004-08-04 12:00 112640 ----a-w c:\windows\system32\services.exe 2009-05-09 08:03 . 2004-08-04 12:00 14336 ----a-w c:\windows\system32\lsass.exe 2009-05-09 08:02 . 2004-08-04 12:00 58368 ----a-w c:\windows\system32\spoolsv.exe 2009-05-09 08:02 . 2004-08-04 12:00 1035776 ----a-w c:\windows\explorer.exe 2009-05-09 08:02 . 2004-08-04 12:00 16896 ----a-w c:\windows\system32\svchost.exe 2009-05-09 08:01 . 2004-08-04 12:00 578560 ----a-w c:\windows\system32\user32.DLL 2009-05-08 18:03 . 2009-01-08 03:28 -------- d-----w c:\program files\Mozilla Thunderbird 2009-05-07 18:05 . 2009-01-16 20:38 -------- d-----w c:\program files\Xilisoft 2009-05-07 11:53 . 2008-12-09 00:23 -------- d-----w c:\program files\Notepad++ 2009-05-07 00:24 . 2008-11-09 17:21 -------- d-----w c:\program files\MessengerDiscovery 2009-05-04 12:44 . 2008-11-13 13:02 -------- d-----w c:\program files\EA SPORTS 2009-05-04 12:42 . 2009-04-09 15:36 -------- d-----w c:\program files\PokerRoom.com 2009-05-02 01:03 . 2009-03-18 21:38 5 ----a-w c:\windows\sbacknt.bin 2009-05-01 14:36 . 2004-08-04 12:00 182656 ----a-w c:\windows\system32\drivers\ndis.sys 2009-04-25 12:06 . 2008-11-10 00:22 -------- d-----w c:\program files\Winamp 2009-04-19 16:46 . 2008-12-13 14:43 -------- d-----w c:\program files\AlienGUIse 2009-04-18 12:35 . 2008-12-05 11:37 89601 ----a-w c:\windows\system32\drivers\klick.dat 2009-04-18 12:35 . 2008-12-05 11:37 101287 ----a-w c:\windows\system32\drivers\klin.dat 2009-04-11 15:29 . 2008-11-09 15:48 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-11 15:29 . 2008-11-09 15:47 -------- d-----w c:\program files\Common Files\InstallShield 2009-04-09 19:52 . 2009-02-27 12:37 -------- d-----w c:\program files\Pool Sharks 2009-04-09 15:35 . 2009-04-09 15:33 -------- d-----w c:\program files\VPHoldem 2009-04-09 15:32 . 2009-04-09 15:29 -------- d-----w c:\program files\PacificPoker 2009-04-01 13:10 . 2008-11-09 17:11 -------- d-----w c:\program files\Google 2009-03-29 19:38 . 2009-03-29 19:38 -------- d-----w c:\program files\Ventrilo 2009-03-29 19:37 . 2009-03-29 19:37 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-03-23 17:23 . 2009-03-23 17:18 -------- d-----w c:\program files\Counter-Strike 1.6 2009-03-18 21:36 . 2009-03-18 21:36 -------- d-----w c:\program files\vghd 2009-03-18 21:36 . 2009-03-18 21:36 152904 ----a-w c:\windows\system32\vghd.scr 2009-03-16 02:09 . 2009-03-16 02:09 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 2009-03-15 02:03 . 2008-11-29 00:01 -------- d-----w c:\program files\Skype 2009-03-14 16:59 . 2009-03-14 16:59 -------- d-----w c:\program files\MSN Content Plus Inc 2009-03-14 15:13 . 2008-11-09 17:18 -------- d-----w c:\program files\Windows Live 2009-03-14 15:10 . 2008-11-09 15:47 47296 ----a-w c:\documents and settings\Milos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-08 02:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 02:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 02:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 02:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 02:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-02-12 12:42 . 2009-02-12 12:42 5501 ----a-w c:\windows\system32\rtclcmg32.dll 2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys . ------- Sigcheck ------- [7] 2004-08-04 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe [7] 2008-04-14 04:42 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe [-] 2009-05-09 08:02 16896 7F7B9914B3588D75C7B46BE8CB412DD0 c:\windows\system32\svchost.exe [-] 2009-05-09 08:02 1035776 C6B24430B36E0F65D1D05EC3C1E2DB09 c:\windows\explorer.exe [7] 2004-08-04 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtServicePackUninstall$\explorer.exe [7] 2008-04-14 04:42 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe [7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [7] 2004-08-04 12:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe [7] 2008-04-14 04:42 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe [7] 2008-04-14 04:42 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe [-] 2009-05-09 08:03 112640 BC0C7A7143DFDC6492FEC02015415784 c:\windows\system32\services.exe [7] 2004-08-04 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe [7] 2008-04-14 04:42 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe [-] 2009-05-09 08:03 14336 88E05A76833D83A9065A2EC5132DEEF4 c:\windows\system32\lsass.exe [7] 2004-08-04 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtServicePackUninstall$\spoolsv.exe [7] 2008-04-14 04:42 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2009-05-09 08:02 58368 66E74B8C4FB0BB22E75F9C2CFB4B1477 c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-11-10 57344] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2008-09-02 14:05 398776 ----a-w c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120] "VMSnap5"="c:\windows\VMSnap5.EXE" [2006-06-28 49152] "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-05 206088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Milos\Start Menu\Programs\Startup\ Alienware News Feed.lnk - c:\program files\Stardock\DesktopGadgets\Alienware News Feed\Alienware News Feed.exe [2009-1-9 523952] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 15 (0xf) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 22:34 24576 ----a-w c:\program files\AlienGUIse\fastload.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GoogleUpdate.exe] "Debugger"=rundll32.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IoctlSvc.exe] "Debugger"=rundll32.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jqs.exe] "Debugger"=rundll32.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LSSrvc.exe] "Debugger"=rundll32.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NBService.exe] "Debugger"=rundll32.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nvsvc32.exe] "Debugger"=rundll32.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ULCDRSvr.exe] "Debugger"=rundll32.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"= "d:\\Program Files\\Achilles-Script 4.5 White\\Mirc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "4357:TCP"= 4357:TCP:WWW R2 zdmlebnjc;zdmlebnjc; [x] R3 FXDRV;FXDRV; [x] R3 WFIOCTL;WFIOCTL; [x] S0 HFXP2;HFXP2; [x] S0 klbg;Kaspersky Lab Boot Guard Driver; [x] S2 BT848;WinFast TV2000 XP WDM Video Capture; [x] S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; [x] S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; [x] S3 KLFLTDEV;Kaspersky Lab KLFltDev; [x] S3 klim5;Kaspersky Anti-Virus NDIS Filter; [x] S3 ZSMC0305;Vimicro USB PC Camera (VC0305); [x] --- Other Services/Drivers In Memory --- Deregistered - a347bus Deregistered - a347scsi Deregistered - adfs Deregistered - AFD Deregistered - atapi Deregistered - AudioSrv Deregistered - audstub Deregistered - AVP Deregistered - Beep Deregistered - BITS Deregistered - Cdfs Deregistered - CryptSvc Deregistered - DcomLaunch Deregistered - Dhcp Deregistered - dmio Deregistered - dmload Deregistered - dmserver Deregistered - ERSvc Deregistered - EventSystem Deregistered - Fips Deregistered - FltMgr Deregistered - Ftdisk Deregistered - Gpc Deregistered - gusvc Deregistered - helpsvc Deregistered - HFXP2 Deregistered - IpNat Deregistered - IPSec Deregistered - kl1 Deregistered - klbg Deregistered - KLIF Deregistered - klim5 Deregistered - KSecDD Deregistered - lanmanserver Deregistered - lanmanworkstation Deregistered - LmHosts Deregistered - mnmdd Deregistered - MountMgr Deregistered - MRxDAV Deregistered - MRxSmb Deregistered - Msfs Deregistered - mssmbios Deregistered - Mup Deregistered - NDIS Deregistered - NdisTapi Deregistered - Ndisuio Deregistered - NdisWan Deregistered - NDProxy Deregistered - NetBIOS Deregistered - NetBT Deregistered - Netman Deregistered - Npfs Deregistered - Ntfs Deregistered - Null Deregistered - PartMgr Deregistered - ParVdm Deregistered - PCIIde Deregistered - PptpMiniport Deregistered - PSched Deregistered - RasAcd Deregistered - Rasl2tp Deregistered - RasPppoe Deregistered - Raspti Deregistered - Rdbss Deregistered - RDPCDD Deregistered - rdpdr Deregistered - RpcSs Deregistered - SamSs Deregistered - Schedule Deregistered - ShellHWDetection Deregistered - Spooler Deregistered - sptd Deregistered - sr Deregistered - Srv Deregistered - swenum Deregistered - Tcpip Deregistered - TermDD Deregistered - Themes Deregistered - Update Deregistered - VgaSave Deregistered - VolSnap Deregistered - Wanarp Deregistered - WebClient Deregistered - WZCSVC HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs zdmlebnjc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f2a03aa-bf9f-11dd-a96f-001558156083}] \Shell\Auto\command - Autorun.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60b49e34-c7cc-11d0-8953-00a0c90347ff}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-02-09 c:\windows\Tasks\WinXP Manager - Auto Shutdown.job - d:\program files\Yamicsoft\WinXP Manager\ShutDownCommand.exe [2006-09-27 04:16] . - - - - ORPHANS REMOVED - - - - BHO-{F4082100-F291-41E0-B63E-C06F6267F690} - (no file) HKLM-Run-BigDog305 - c:\windows\VM305_STI.EXE Notify-nnnoLBrq - nnnoLBrq.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Highlight - c:\windows\WEB\highlight.htm IE: &Links List - c:\windows\WEB\urllist.htm IE: &Web Search - c:\windows\WEB\selsearch.htm IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open Frame in &New Window - c:\windows\WEB\frm2new.htm IE: Zoom &In - c:\windows\WEB\zoomin.htm IE: Zoom &Out - c:\windows\WEB\zoomout.htm Trusted Zone: microsoft.com\office TCP: {F31FF05B-3EA6-4E06-8257-D4CC5B714568} = 195.66.160.1 195.66.160.2 DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab FF - ProfilePath - c:\documents and settings\Milos\Application Data\Mozilla\Firefox\Profiles\mdqgtdii.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-09 18:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@?????????????? scanning hidden files ... ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1960408961-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . Completion time: 2009-05-09 18:19 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-09 16:19 Pre-Run: 18,778,796,032 bytes free Post-Run: 18,707,689,472 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5 454 --- E O F --- 2009-04-25 21:39

Profil

argus Poslao: 09 Maj 2009 20:14 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pronadji ova dva fajla c:\windows\system32\svchost.exe c:\windows\system32\spoolsv.exe i posalji na upload preko sledeceg linka http://www.mycity.rs/ambulanta-upload.php

Profil

Springfield Poslao: 09 Maj 2009 20:28 Idi na vrh
offline Springfield Moderator foruma 100%Milanista Information Technology Pridružio: 23 Avg 2008 Poruke: 2634 Gde živiš: Milan, Italy	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! argus ::Pronadji ova dva fajla c:\windows\system32\svchost.exe c:\windows\system32\spoolsv.exe i posalji na upload preko sledeceg linka http://www.mycity.rs/ambulanta-upload.php Uploadovao sam tri fajla dva sam uploadovao koja treba a treci sam upoadovao svchost ali nije exe file to sam greskom sorry :-)

Profil

argus Poslao: 09 Maj 2009 20:37 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! @Springfield malo cu da odmorim, oci mi ispadose pa se cujemo za jedno pola sata- sat.

Profil

Springfield Poslao: 09 Maj 2009 20:41 Idi na vrh
offline Springfield Moderator foruma 100%Milanista Information Technology Pridružio: 23 Avg 2008 Poruke: 2634 Gde živiš: Milan, Italy	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! hahahahaha :-D vazi brate ajd :-D

Profil

argus Poslao: 10 Maj 2009 00:09 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovako : Iskljuci ponovo Antivirus Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\sfaob.exe Driver:: zdmlebnjc NetSvc:: zdmlebnjc FCOPY:: c:\windows\ServicePackFiles\i386\spoolsv.exe\|c:\windows\system32\spoolsv.exe c:\windows\ServicePackFiles\i386\svchost.exe\|c:\windows\system32\svchost.exe c:\windows\ServicePackFiles\i386\explorer.exe\|c:\windows\explorer.exe c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe\|c:\windows\system32\services.exe c:\windows\ServicePackFiles\i386\lsass.exe\|c:\windows\system32\lsass.exe RegLock:: [HKEY_USERS\S-1-5-21-1960408961-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GoogleUpdate.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IoctlSvc.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jqs.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NBService.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nvsvc32.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ULCDRSvr.exe] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Provera loga

Ko je trenutno na forumu

Ukupno su 1032 korisnika na forumu :: 12 registrovanih, 3 sakrivenih i 1017 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Dorcolac, jukeboxer, marsovac 2, Miki 84, MILO-VAN, Milos ZA, mrav pesadinac, repac, solic, stegonosa, 125

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by