MyCity » Ambulanta -> Arhiva Ambulante » Proverka

Proverka

Napisano na dan: 21.7.2008

Proverka

Sledeća strana

Pagination

Odgovori

BaDMaN19 Poslao: 21 Jul 2008 11:33 Idi na vrh
offline BaDMaN19 Građanin Pridružio: 21 Avg 2007 Poruke: 56	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ako moze edna proverka oti cesto mi javuva problemi so usb diskovi.. pozz. Logfile of HijackThis v1.99.1 Scan saved at 11:28:53, on 21.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\KGB\Mpk.exe C:\Program Files\VMware\VMware Workstation\vmware-tray.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\VM305_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\tr2\tr2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici] O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\PC\Desktop\Internet.Download.Manager.IDM.5.12.Build.8.Portable_abu137_\Internet.Download.Manager.IDM.5.12.Build.8.Portable=abu137=\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\PC\Desktop\Internet.Download.Manager.IDM.5.12.Build.8.Portable_abu137_\Internet.Download.Manager.IDM.5.12.Build.8.Portable=abu137=\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\PC\Desktop\Internet.Download.Manager.IDM.5.12.Build.8.Portable_abu137_\Internet.Download.Manager.IDM.5.12.Build.8.Portable=abu137=\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {858B4F85-E945-4F0C-AF65-059E0AD9EEC0} (IntraLaunch.MainControl) - [Link mogu videti samo ulogovani korisnici]\Interface\IntraLaunch.CAB O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

Profil

dr_Bora Poslao: 22 Jul 2008 21:50 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

BaDMaN19 Poslao: 23 Jul 2008 15:42 Idi na vrh
offline BaDMaN19 Građanin Pridružio: 21 Avg 2007 Poruke: 56	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... eve log od ComboFix ComboFix 08-07-22.4 - PC 2008-07-23 15:15:01.1 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.1760 [GMT 2:00] Running from: C:\Documents and Settings\PC\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Ofb1 C:\Program Files\Ofb1\Uninstall.exe C:\WINDOWS\Fonts\acrsec.fon C:\WINDOWS\Fonts\acrsecB.fon C:\WINDOWS\Fonts\acrsecI.fon C:\WINDOWS\msnimport.exe C:\WINDOWS\system32\Cache C:\WINDOWS\system32\eWebControl.dll C:\WINDOWS\system32\mdm.exe . ((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 ))))))))))))))))))))))))))))))) . 2008-07-20 23:40 . 2008-07-20 23:40 <DIR> d-------- C:\Program Files\Electronic Arts 2008-07-14 22:22 . 2008-07-14 22:22 <DIR> d-------- C:\Program Files\Vimicro 2008-07-14 21:58 . 2008-07-14 21:58 <DIR> d-------- C:\Program Files\Common Files\Vimicro Corporation 2008-07-14 21:57 . 2008-07-14 21:57 <DIR> d-------- C:\Program Files\Vimicro Corporation 2008-07-14 21:57 . 2008-07-14 21:57 <DIR> d-------- C:\Documents and Settings\PC\Application Data\InstallShield 2008-07-14 21:57 . 2007-04-30 15:31 32,768 --a------ C:\WINDOWS\merit.exe 2008-07-14 16:38 . 2008-07-14 16:44 <DIR> d-------- C:\Documents and Settings\PC\Application Data\BSplayer PRO 2008-07-14 13:47 . 2008-07-19 21:12 <DIR> d-------- C:\Program Files\MessengerDiscovery 2008-07-14 09:42 . 2008-07-14 09:42 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-07-14 09:42 . 2008-07-23 14:25 3,834,912 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-07-14 09:42 . 2008-07-23 14:25 565,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-07-14 09:42 . 2008-07-14 09:48 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-07-14 09:42 . 2008-07-14 09:48 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-07-14 09:42 . 2008-07-23 14:25 32,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-07-14 09:42 . 2008-07-23 14:25 4,060 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-07-11 11:28 . 2008-07-11 11:28 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-07-10 20:00 . 2008-07-10 20:01 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-07-10 20:00 . 2008-07-10 20:00 <DIR> d-------- C:\Program Files\Windows Live Favorites 2008-07-10 19:58 . 2008-07-10 19:58 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-07-10 19:49 . 2008-07-10 19:52 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-07-10 01:53 . 2008-07-21 10:40 <DIR> d-------- C:\Documents and Settings\PC\Application Data\uTorrent 2008-07-09 17:28 . 2008-07-09 17:30 <DIR> d-------- C:\Program Files\Pool Sharks 2008-07-09 12:39 . 2008-07-23 15:02 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Skype 2008-07-09 10:03 . 2008-07-09 10:03 268 --ah----- C:\sqmdata00.sqm 2008-07-09 10:03 . 2008-07-09 10:03 244 --ah----- C:\sqmnoopt00.sqm 2008-07-09 02:05 . 2008-07-09 02:05 <DIR> d-------- C:\Documents and Settings\PC\Application Data\TuneUp Software 2008-07-09 02:05 . 2008-07-09 02:05 <DIR> d-------- C:\Documents and Settings\PC\Application Data\ESET 2008-07-09 02:03 . 2008-07-09 02:03 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET 2008-07-07 22:10 . 2008-07-07 22:13 <DIR> d-------- C:\Program Files\Wtm Copy Protection 2008-07-07 11:31 . 2008-07-11 10:32 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Ahead 2008-07-04 22:46 . 2008-07-04 22:46 <DIR> d-------- C:\Documents and Settings\PC\Application Data\CyberLink 2008-07-02 08:42 . 2008-07-02 08:42 <DIR> d-------- C:\Documents and Settings\PC\Application Data\AdobeUM 2008-06-30 23:30 . 2008-07-21 10:35 <DIR> d-------- C:\Documents and Settings\PC\Application Data\VMware 2008-06-30 23:25 . 2008-06-30 23:25 <DIR> d-------- C:\Documents and Settings\PC\Application Data\GRETECH 2008-06-27 10:49 . 2008-06-27 10:49 <DIR> d-------- C:\Program Files\IMMonitor 2008-06-26 00:01 . 2008-06-26 00:01 <DIR> d-------- C:\Program Files\GRETECH 2008-06-26 00:01 . 2008-06-26 00:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\GRETECH 2008-06-25 23:07 . 2008-06-27 10:51 <DIR> d-------- C:\Program Files\USB Disk Security 2008-06-25 23:03 . 2008-06-25 23:03 <DIR> d-------- C:\Program Files\Save My Desktop! . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-23 13:29 --------- d-sh--w C:\Documents and Settings\All Users.WINDOWS\Application Data\MPK 2008-07-23 13:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2008-07-21 09:28 --------- d-----w C:\Program Files\tr2 2008-07-20 22:24 --------- d-----w C:\Program Files\Hitman Contracts 2008-07-20 21:53 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-07-20 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-20 21:30 --------- d-----w C:\Program Files\Atari 2008-07-14 13:14 --------- d-----w C:\Program Files\Windows Live 2008-07-14 13:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WindowsLiveInstaller 2008-07-10 17:56 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2008-07-07 21:55 --------- d-----w C:\Program Files\PowerCmd 2008-07-07 08:59 --------- d-----w C:\Program Files\Google 2008-06-27 08:49 --------- d-----w C:\Program Files\WinPcap 2008-06-26 10:25 --------- d-----w C:\Program Files\nLite 2008-06-25 21:45 --------- d-----w C:\Program Files\Wireshark 2008-06-18 08:18 --------- d-----w C:\Program Files\AVIConverter 2008-06-11 22:32 --------- d-----w C:\Program Files\PhotoScape 2008-06-10 07:55 --------- d-----w C:\Program Files\hkSFV 2008-05-27 08:17 --------- d-----w C:\Program Files\Serials 2005 2008-05-26 20:40 --------- d-----w C:\Program Files\Serials 2005-2 2008-02-06 17:54 88 --sh--r C:\Documents and Settings\All Users.WINDOWS\Application Data\C45735968D.sys 2008-02-06 17:54 2,516 --sha-w C:\Documents and Settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys 2008-02-05 16:01 1,024 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\1doc2pdf.dll 2007-06-26 12:16 271 --sh--w C:\Program Files\desktop.ini 2007-06-26 12:16 21,952 ---ha-w C:\Program Files\folder.htt 2007-07-17 08:36 245,760 ----a-w C:\Program Files\opera\program\plugins\dapop.dll 2008-03-28 09:39 2 --shatr C:\WINDOWS\winstart.bat 2007-07-03 22:38 56 --sh--r C:\WINDOWS\system32\C1B4FE6355.sys 2007-09-29 18:44 2,880 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-05-23 15:22 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB Antivirus"="C:\Program Files\USB Disk Security\USBGuard.exe" [2008-05-09 15:42 798720] "BigDog305"="C:\WINDOWS\VM305_STI.EXE" [2007-01-05 13:37 61440] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-05-23 15:22 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "Mpk.exe"="C:\Program Files\KGB\Mpk.exe" [2008-02-08 18:24 880128] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.YV12"= yv12vfw.dll "msacm.ac3filter"= ac3filter.acm "msacm.divxa32"= msaud32_divx.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^BlueSoleil.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Control Center.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Control Center.lnk backup=C:\WINDOWS\pss\Control Center.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^LNSS Status Monitor.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\LNSS Status Monitor.lnk backup=C:\WINDOWS\pss\LNSS Status Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Monitor Apache Servers.lnk backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^REALTEK RTL8185 Wireless LAN Utility.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\REALTEK RTL8185 Wireless LAN Utility.lnk backup=C:\WINDOWS\pss\REALTEK RTL8185 Wireless LAN Utility.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^PC^Start Menu^Programs^Startup^stop.lnk] path=C:\Documents and Settings\PC\Start Menu\Programs\Startup\stop.lnk backup=C:\WINDOWS\pss\stop.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antihost HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] --a------ 2007-06-30 00:53 4177920 C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-03-12 22:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2007-05-23 15:22 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2003-12-28 05:43 81920 C:\Program Files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] --a------ 2007-07-17 10:36 4376328 C:\Program Files\DAP\DAP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter] --a------ 2007-10-15 16:19 2582288 C:\Program Files\DU Meter\DUMeter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series] --a------ 2004-01-13 20:00 99840 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0T1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series (Copy 1)] --a------ 2004-01-13 20:00 99840 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0T1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] -ra------ 2006-03-23 06:13 77824 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] -ra------ 2006-03-23 06:17 118784 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] -ra------ 2006-03-23 06:17 94208 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2007-02-07 16:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Webcam Recorder] --a------ 2007-11-27 05:03 110592 C:\Program Files\MSN Webcam Recorder\ml20gui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-10 03:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-08-11 15:43 7630848 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-03-15 01:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-02-07 16:24 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-03-04 03:36 36975 C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray] --a------ 2007-10-08 10:26 55856 C:\Program Files\VMware\VMware Workstation\hqtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray] --a------ 2007-10-08 10:27 72240 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-08-11 15:43 86016 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2007-09-19 19:14 16844800 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WZCSVC"=2 (0x2) "wuauserv"=3 (0x3) "wscsvc"=2 (0x2) "WLSetupSvc"=3 (0x3) "usnjsvc"=3 (0x3) "Symantec Core LC"=3 (0x3) "STI Simulator"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "vmount2"=2 (0x2) "VMware NAT Service"=2 (0x2) "VMnetDHCP"=2 (0x2) "VMAuthdService"=2 (0x2) "ufad-ws60"=3 (0x3) "NVSvc"=2 (0x2) "NBService"=3 (0x3) "DUMeterSvc"=2 (0x2) "BlueSoleil Hid Service"=2 (0x2) "Adobe LM Service"=3 (0x3) "UserAccess7"=2 (0x2) "NMIndexingService"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "MDM"=2 (0x2) "IDriverT"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\WinPcap\\rpcapd.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\pnp script\\mirc32.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-28 05:42] R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 11:38] R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51] R2 A4S2;A4S2;C:\WINDOWS\system32\drivers\a4s2.sys [1997-05-12 19:51] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2007-05-23 15:34] R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07] S3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2007-04-03 13:20] S3 mpr_freader;MPR FileReader Driver;C:\Program Files\Multi Password Recovery\mpr_freader.sys [] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [] S3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys [] S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 04:54] S3 vvftav;vvftav;C:\WINDOWS\system32\drivers\vvftav.sys [2007-02-02 21:38] S3 XScanPF;XScanPF;C:\Documents and Settings\PC\Desktop\X-Scan-v3.3-en\X-Scan-v3.3\dat\xpf.sys [] S3 ZSMC0305;USB PC Camera VC305;C:\WINDOWS\system32\Drivers\usbVM305.sys [2007-03-08 19:05] S4 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 16:19] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09cd7e40-4b19-11dc-838b-101111111111}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17deb2fb-7340-11dc-b795-000854acd12a}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c805c37-9fef-11dc-a499-000854acd12a}] \Shell\Auto\command - G:\sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a5545e1-fe47-11dc-8b0c-005056c00008}] \Shell\Auto\command - sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{825792e8-3318-11dc-b2c2-00030d000001}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f99bb1de-56d1-11dc-83bf-101111111111}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe . Contents of the 'Scheduled Tasks' folder "2008-05-15 20:48:02 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-07-10 18:01:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-AVP - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe MSConfigStartUp-HTV Agent - C:\Program Files\HTV\HTV.exe MSConfigStartUp-openvpn-gui - C:\Program Files\OpenVPN\bin\openvpn-gui.exe MSConfigStartUp-osCheck - C:\Program Files\Norton AntiVirus\osCheck.exe MSConfigStartUp-PC Booster - C:\Program Files\inKline Global\PC Booster\pcbooster.exe MSConfigStartUp-Power2GoExpress - C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\qttask.exe MSConfigStartUp-SMSystemAnalyzer - C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe MSConfigStartUp-svchost - c:\windows\swchost.exe MSConfigStartUp-System Files Updater - C:\WINDOWS\FlyakiteOSX\System Files Updater.exe MSConfigStartUp-SystemGuardAlerter - C:\Program Files\iolo\System Mechanic Professional 7\SystemGuardAlerter.exe MSConfigStartUp-TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe MSConfigStartUp-VistaStart1 - C:\WINDOWS\Resources\Themes\Vista_Anthracite\VistaStart\VistaStart1.3.exe MSConfigStartUp-XPRepairPro2007 - C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe . ------- Supplementary Scan ------- . R0 -: HKLM-Main,Start Page = [Link mogu videti samo ulogovani korisnici] R0 -: HKLM-Main,Window Title = Microsoft Internet Explorer O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 -: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici] O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 -: Download all links with IDM - C:\Documents and Settings\PC\Desktop\Internet.Download.Manager.IDM.5.12.Build.8.Portable_abu137_\Internet.Download.Manager.IDM.5.12.Build.8.Portable=abu137=\IEGetAll.htm O8 -: Download FLV video content with IDM - C:\Documents and Settings\PC\Desktop\Internet.Download.Manager.IDM.5.12.Build.8.Portable_abu137_\Internet.Download.Manager.IDM.5.12.Build.8.Portable=abu137=\IEGetVL.htm O8 -: Download with IDM - C:\Documents and Settings\PC\Desktop\Internet.Download.Manager.IDM.5.12.Build.8.Portable_abu137_\Internet.Download.Manager.IDM.5.12.Build.8.Portable=abu137=\IEExt.htm O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 -: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm O16 -: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\WINDOWS\Java\classes\xmldso.cab C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd O16 -: {858B4F85-E945-4F0C-AF65-059E0AD9EEC0} - [Link mogu videti samo ulogovani korisnici]\Interface\IntraLaunch.CAB C:\WINDOWS\Downloaded Program Files\IntraLaunch.INF C:\Program Files\Microsoft Visual Studio\Common\Tools\APE\REGTOOL5.DLL C:\WINDOWS\system32\msstkprp.dll C:\WINDOWS\system32\msvbvm60.dll C:\WINDOWS\system32\OLEAUT32.DLL C:\WINDOWS\system32\OLEPRO32.DLL C:\WINDOWS\system32\ASYCFILT.DLL C:\WINDOWS\system32\STDOLE2.TLB C:\WINDOWS\system32\COMCAT.DLL C:\WINDOWS\Downloaded Program Files\IntraLaunch.ocx ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-07-23 15:29:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc] "ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\KGB\MPK.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe . ************************************************************************ . Completion time: 2008-07-23 15:34:05 - machine was rebooted [PC] ComboFix-quarantined-files.txt 2008-07-23 13:34:00 Pre-Run: 2,847,490,048 bytes free Post-Run: 2,775,355,392 bytes free 371 --- E O F --- 2007-10-23 08:01:01

Profil

dr_Bora Poslao: 23 Jul 2008 18:00 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: FileLook:: C:\WINDOWS\merit.exe Folder:: C:\Program Files\MessengerDiscovery Registry:: [-HKLM\~\startupfolder\C:^Documents and Settings^PC^Start Menu^Programs^Startup^stop.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antihost] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09cd7e40-4b19-11dc-838b-101111111111}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17deb2fb-7340-11dc-b795-000854acd12a}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c805c37-9fef-11dc-a499-000854acd12a}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a5545e1-fe47-11dc-8b0c-005056c00008}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{825792e8-3318-11dc-b2c2-00030d000001}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f99bb1de-56d1-11dc-83bf-101111111111}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

BaDMaN19 Poslao: 23 Jul 2008 19:58 Idi na vrh
offline BaDMaN19 Građanin Pridružio: 21 Avg 2007 Poruke: 56	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-07-22.4 - PC 2008-07-23 19:32:34.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.1069 [GMT 2:00] Running from: C:\Documents and Settings\PC\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\PC\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\MessengerDiscovery C:\Program Files\MessengerDiscovery\AlertSkinInstaller.exe C:\Program Files\MessengerDiscovery\buki_6709@hotmail.com\ContactManager.mdl C:\Program Files\MessengerDiscovery\buki_6709@hotmail.com\Encrypted.mdl C:\Program Files\MessengerDiscovery\buki_6709@hotmail.com\NNHistory.mdl C:\Program Files\MessengerDiscovery\buki_6709@hotmail.com\PSMHistory.mdl C:\Program Files\MessengerDiscovery\Languages\Dansk.ini C:\Program Files\MessengerDiscovery\Languages\Dutch.ini C:\Program Files\MessengerDiscovery\Languages\Eesti.ini C:\Program Files\MessengerDiscovery\Languages\English.ini C:\Program Files\MessengerDiscovery\Languages\Espaсol (Neutral).ini C:\Program Files\MessengerDiscovery\Languages\Franзais.ini C:\Program Files\MessengerDiscovery\Languages\German.ini C:\Program Files\MessengerDiscovery\Languages\Italiano.ini C:\Program Files\MessengerDiscovery\Languages\Magyar.ini C:\Program Files\MessengerDiscovery\Languages\Norsk.ini C:\Program Files\MessengerDiscovery\Languages\Portuguese (Brazil).ini C:\Program Files\MessengerDiscovery\Languages\Portuguese (Portugal).ini C:\Program Files\MessengerDiscovery\Languages\Turkish.ini C:\Program Files\MessengerDiscovery\Loader.exe C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe.manifest C:\Program Files\MessengerDiscovery\MessengerDiscovery Today.exe C:\Program Files\MessengerDiscovery\MessengerDiscovery.dll C:\Program Files\MessengerDiscovery\nikola_adriano10@hotmail.com\ContactManager.mdl C:\Program Files\MessengerDiscovery\nikola_adriano10@hotmail.com\Encrypted.mdl C:\Program Files\MessengerDiscovery\nikola_adriano10@hotmail.com\NNHistory.mdl C:\Program Files\MessengerDiscovery\nikola_adriano10@hotmail.com\PSMHistory.mdl C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Blue\background.png C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\away.png C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\background.png C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\busy.png C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\close.png C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\close_sel.png C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\DO NOT DELETE THIS DIRECTORY OR ITS CONTENTS C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\dpframe.png C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\move.png C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\move_sel.png C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\offline.png C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\online.png C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\pin.png C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\pin_sel.png C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\pinned.png C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\pinned_sel.png C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\Skin.ini C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Red\background.png C:\Program Files\MessengerDiscovery\Resources\Settings\AlertSel0.png C:\Program Files\MessengerDiscovery\Resources\Settings\AlertSel1.png C:\Program Files\MessengerDiscovery\Resources\Settings\AlertSel2.png C:\Program Files\MessengerDiscovery\Resources\Settings\AlertSel3.png C:\Program Files\MessengerDiscovery\Resources\Settings\imicon0.png C:\Program Files\MessengerDiscovery\Resources\Settings\imicon0_disabled.png C:\Program Files\MessengerDiscovery\Resources\Settings\imicon1.png C:\Program Files\MessengerDiscovery\Resources\Settings\imicon1_disabled.png C:\Program Files\MessengerDiscovery\Resources\Settings\imicon2.png C:\Program Files\MessengerDiscovery\Resources\Settings\imicon2_disabled.png C:\Program Files\MessengerDiscovery\Resources\Settings\imicon3.png C:\Program Files\MessengerDiscovery\Resources\Settings\imicon3_disabled.png C:\Program Files\MessengerDiscovery\Resources\Settings\imicon4.png C:\Program Files\MessengerDiscovery\Resources\Settings\imicon4_disabled.png C:\Program Files\MessengerDiscovery\Resources\Settings\imicon5.png C:\Program Files\MessengerDiscovery\Resources\Settings\imicon5_disabled.png C:\Program Files\MessengerDiscovery\Resources\Settings\imicon6.png C:\Program Files\MessengerDiscovery\Resources\Settings\imicon6_disabled.png C:\Program Files\MessengerDiscovery\Resources\Settings\MenuSel0.png C:\Program Files\MessengerDiscovery\Resources\Settings\MenuSel1.png C:\Program Files\MessengerDiscovery\Resources\Settings\MenuSel2.png C:\Program Files\MessengerDiscovery\Resources\Settings\MenuSel3.png C:\Program Files\MessengerDiscovery\Resources\Settings\MenuSel4.png C:\Program Files\MessengerDiscovery\Resources\Settings\MenuSel5.png C:\Program Files\MessengerDiscovery\Resources\Settings\MenuSel6.png C:\Program Files\MessengerDiscovery\Resources\Settings\MenuSel7.png C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon0.png C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon0_disabled.png C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon1.png C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon1_disabled.png C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon2.png C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon2_disabled.png C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon3.png C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon3_disabled.png C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon4.png C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon4_disabled.png C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon5.png C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon5_disabled.png C:\Program Files\MessengerDiscovery\Resources\Sounds\Alert.wav C:\Program Files\MessengerDiscovery\Resources\Sounds\Sounds Copyright.txt C:\Program Files\MessengerDiscovery\ristovivan@hotmail.com\ContactManager.mdl C:\Program Files\MessengerDiscovery\ristovivan@hotmail.com\Encrypted.mdl C:\Program Files\MessengerDiscovery\ristovivan@hotmail.com\PSMHistory.mdl C:\Program Files\MessengerDiscovery\SpellCHK.exe C:\Program Files\MessengerDiscovery\unins000.dat C:\Program Files\MessengerDiscovery\unins000.exe C:\Program Files\MessengerDiscovery\unzip.dll C:\Program Files\MessengerDiscovery\Webcam Record.exe . ((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 ))))))))))))))))))))))))))))))) . 2008-07-20 23:40 . 2008-07-20 23:40 <DIR> d-------- C:\Program Files\Electronic Arts 2008-07-14 22:22 . 2008-07-14 22:22 <DIR> d-------- C:\Program Files\Vimicro 2008-07-14 21:58 . 2008-07-14 21:58 <DIR> d-------- C:\Program Files\Common Files\Vimicro Corporation 2008-07-14 21:57 . 2008-07-14 21:57 <DIR> d-------- C:\Program Files\Vimicro Corporation 2008-07-14 21:57 . 2008-07-14 21:57 <DIR> d-------- C:\Documents and Settings\PC\Application Data\InstallShield 2008-07-14 21:57 . 2007-04-30 15:31 32,768 --a------ C:\WINDOWS\merit.exe 2008-07-14 16:38 . 2008-07-14 16:44 <DIR> d-------- C:\Documents and Settings\PC\Application Data\BSplayer PRO 2008-07-14 09:42 . 2008-07-14 09:42 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-07-14 09:42 . 2008-07-23 19:36 3,834,912 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-07-14 09:42 . 2008-07-23 19:36 565,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-07-14 09:42 . 2008-07-14 09:48 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-07-14 09:42 . 2008-07-14 09:48 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-07-14 09:42 . 2008-07-23 19:36 32,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-07-14 09:42 . 2008-07-23 19:36 4,060 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-07-11 11:28 . 2008-07-11 11:28 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-07-10 20:00 . 2008-07-10 20:01 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-07-10 20:00 . 2008-07-10 20:00 <DIR> d-------- C:\Program Files\Windows Live Favorites 2008-07-10 19:58 . 2008-07-10 19:58 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-07-10 19:49 . 2008-07-10 19:52 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-07-10 01:53 . 2008-07-21 10:40 <DIR> d-------- C:\Documents and Settings\PC\Application Data\uTorrent 2008-07-09 17:28 . 2008-07-09 17:30 <DIR> d-------- C:\Program Files\Pool Sharks 2008-07-09 12:39 . 2008-07-23 19:19 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Skype 2008-07-09 10:03 . 2008-07-09 10:03 268 --ah----- C:\sqmdata00.sqm 2008-07-09 10:03 . 2008-07-09 10:03 244 --ah----- C:\sqmnoopt00.sqm 2008-07-09 02:05 . 2008-07-09 02:05 <DIR> d-------- C:\Documents and Settings\PC\Application Data\TuneUp Software 2008-07-09 02:05 . 2008-07-09 02:05 <DIR> d-------- C:\Documents and Settings\PC\Application Data\ESET 2008-07-09 02:03 . 2008-07-09 02:03 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET 2008-07-07 22:10 . 2008-07-07 22:13 <DIR> d-------- C:\Program Files\Wtm Copy Protection 2008-07-07 11:31 . 2008-07-11 10:32 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Ahead 2008-07-04 22:46 . 2008-07-04 22:46 <DIR> d-------- C:\Documents and Settings\PC\Application Data\CyberLink 2008-07-02 08:42 . 2008-07-02 08:42 <DIR> d-------- C:\Documents and Settings\PC\Application Data\AdobeUM 2008-06-30 23:30 . 2008-07-21 10:35 <DIR> d-------- C:\Documents and Settings\PC\Application Data\VMware 2008-06-30 23:25 . 2008-06-30 23:25 <DIR> d-------- C:\Documents and Settings\PC\Application Data\GRETECH 2008-06-27 10:49 . 2008-06-27 10:49 <DIR> d-------- C:\Program Files\IMMonitor 2008-06-26 00:01 . 2008-06-26 00:01 <DIR> d-------- C:\Program Files\GRETECH 2008-06-26 00:01 . 2008-06-26 00:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\GRETECH 2008-06-25 23:07 . 2008-06-27 10:51 <DIR> d-------- C:\Program Files\USB Disk Security 2008-06-25 23:03 . 2008-06-25 23:03 <DIR> d-------- C:\Program Files\Save My Desktop! . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-23 17:40 --------- d-sh--w C:\Documents and Settings\All Users.WINDOWS\Application Data\MPK 2008-07-23 17:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2008-07-21 09:28 --------- d-----w C:\Program Files\tr2 2008-07-20 22:24 --------- d-----w C:\Program Files\Hitman Contracts 2008-07-20 21:53 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-07-20 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-20 21:30 --------- d-----w C:\Program Files\Atari 2008-07-14 13:14 --------- d-----w C:\Program Files\Windows Live 2008-07-14 13:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WindowsLiveInstaller 2008-07-10 17:56 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2008-07-07 21:55 --------- d-----w C:\Program Files\PowerCmd 2008-07-07 08:59 --------- d-----w C:\Program Files\Google 2008-06-27 08:49 --------- d-----w C:\Program Files\WinPcap 2008-06-26 10:25 --------- d-----w C:\Program Files\nLite 2008-06-25 21:45 --------- d-----w C:\Program Files\Wireshark 2008-06-18 08:18 --------- d-----w C:\Program Files\AVIConverter 2008-06-11 22:32 --------- d-----w C:\Program Files\PhotoScape 2008-06-10 07:55 --------- d-----w C:\Program Files\hkSFV 2008-05-27 08:17 --------- d-----w C:\Program Files\Serials 2005 2008-05-26 20:40 --------- d-----w C:\Program Files\Serials 2005-2 2008-02-06 17:54 88 --sh--r C:\Documents and Settings\All Users.WINDOWS\Application Data\C45735968D.sys 2008-02-06 17:54 2,516 --sha-w C:\Documents and Settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys 2008-02-05 16:01 1,024 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\1doc2pdf.dll 2007-06-26 12:16 271 --sh--w C:\Program Files\desktop.ini 2007-06-26 12:16 21,952 ---ha-w C:\Program Files\folder.htt 2007-07-17 08:36 245,760 ----a-w C:\Program Files\opera\program\plugins\dapop.dll 2008-03-28 09:39 2 --shatr C:\WINDOWS\winstart.bat 2007-07-03 22:38 56 --sh--r C:\WINDOWS\system32\C1B4FE6355.sys 2007-09-29 18:44 2,880 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- C:\WINDOWS\merit.exe ---- Company: File Description: setup File Version: 0, 0, 0, 0 Product Name: application Copyright: Copyright (C) 2007 Original file name: merit.exe MD5: e0aba5e75d32bc40ad4f205cecec3350 ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-23 13:29:49 169,948 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2008-07-23 17:40:58 169,955 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-05-23 15:22 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB Antivirus"="C:\Program Files\USB Disk Security\USBGuard.exe" [2008-05-09 15:42 798720] "BigDog305"="C:\WINDOWS\VM305_STI.EXE" [2007-01-05 13:37 61440] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-05-23 15:22 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "Mpk.exe"="C:\Program Files\KGB\Mpk.exe" [2008-02-08 18:24 880128] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.YV12"= yv12vfw.dll "msacm.ac3filter"= ac3filter.acm "msacm.divxa32"= msaud32_divx.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^BlueSoleil.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Control Center.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Control Center.lnk backup=C:\WINDOWS\pss\Control Center.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^LNSS Status Monitor.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\LNSS Status Monitor.lnk backup=C:\WINDOWS\pss\LNSS Status Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Monitor Apache Servers.lnk backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^REALTEK RTL8185 Wireless LAN Utility.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\REALTEK RTL8185 Wireless LAN Utility.lnk backup=C:\WINDOWS\pss\REALTEK RTL8185 Wireless LAN Utility.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] --a------ 2007-06-30 00:53 4177920 C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-03-12 22:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2007-05-23 15:22 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2003-12-28 05:43 81920 C:\Program Files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] --a------ 2007-07-17 10:36 4376328 C:\Program Files\DAP\DAP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter] --a------ 2007-10-15 16:19 2582288 C:\Program Files\DU Meter\DUMeter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series] --a------ 2004-01-13 20:00 99840 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0T1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series (Copy 1)] --a------ 2004-01-13 20:00 99840 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0T1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] -ra------ 2006-03-23 06:13 77824 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] -ra------ 2006-03-23 06:17 118784 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] -ra------ 2006-03-23 06:17 94208 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2007-02-07 16:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Webcam Recorder] --a------ 2007-11-27 05:03 110592 C:\Program Files\MSN Webcam Recorder\ml20gui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-10 03:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-08-11 15:43 7630848 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-03-15 01:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-02-07 16:24 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-03-04 03:36 36975 C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray] --a------ 2007-10-08 10:26 55856 C:\Program Files\VMware\VMware Workstation\hqtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray] --a------ 2007-10-08 10:27 72240 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-08-11 15:43 86016 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2007-09-19 19:14 16844800 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WZCSVC"=2 (0x2) "wuauserv"=3 (0x3) "wscsvc"=2 (0x2) "WLSetupSvc"=3 (0x3) "usnjsvc"=3 (0x3) "Symantec Core LC"=3 (0x3) "STI Simulator"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "vmount2"=2 (0x2) "VMware NAT Service"=2 (0x2) "VMnetDHCP"=2 (0x2) "VMAuthdService"=2 (0x2) "ufad-ws60"=3 (0x3) "NVSvc"=2 (0x2) "NBService"=3 (0x3) "DUMeterSvc"=2 (0x2) "BlueSoleil Hid Service"=2 (0x2) "Adobe LM Service"=3 (0x3) "UserAccess7"=2 (0x2) "NMIndexingService"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "MDM"=2 (0x2) "IDriverT"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\WinPcap\\rpcapd.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\pnp script\\mirc32.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-28 05:42] R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 11:38] R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51] R2 A4S2;A4S2;C:\WINDOWS\system32\drivers\a4s2.sys [1997-05-12 19:51] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2007-05-23 15:34] R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07] S3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2007-04-03 13:20] S3 mpr_freader;MPR FileReader Driver;C:\Program Files\Multi Password Recovery\mpr_freader.sys [] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [] S3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys [] S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 04:54] S3 vvftav;vvftav;C:\WINDOWS\system32\drivers\vvftav.sys [2007-02-02 21:38] S3 XScanPF;XScanPF;C:\Documents and Settings\PC\Desktop\X-Scan-v3.3-en\X-Scan-v3.3\dat\xpf.sys [] S3 ZSMC0305;USB PC Camera VC305;C:\WINDOWS\system32\Drivers\usbVM305.sys [2007-03-08 19:05] S4 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 16:19] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2008-05-15 20:48:02 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-07-10 18:01:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-07-23 19:40:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc] "ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\KGB\MPK.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE . ************************************************************************ . Completion time: 2008-07-23 19:43:40 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-23 17:43:35 ComboFix2.txt 2008-07-23 13:34:06 Pre-Run: 2,748,411,904 bytes free Post-Run: 2,728,771,584 bytes free 411 --- E O F --- 2007-10-23 08:01:01

Profil

dr_Bora Poslao: 23 Jul 2008 20:18 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ativiraj prikaz skrivenih i zaštićenih sistemskih file-ova: [Link mogu videti samo ulogovani korisnici] Uploaduj sledeće 2 file-a: C:\Program Files\desktop.ini C:\Program Files\folder.htt Upload link: [Link mogu videti samo ulogovani korisnici]

Profil

BaDMaN19 Poslao: 23 Jul 2008 21:20 Idi na vrh
offline BaDMaN19 Građanin Pridružio: 21 Avg 2007 Poruke: 56	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! fajlovite koi gi baravte se uploudirani ....cekam odgovor pozz

Profil

dr_Bora Poslao: 23 Jul 2008 21:33 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Proverka

Ko je trenutno na forumu

Ukupno su 764 korisnika na forumu :: 89 registrovanih, 11 sakrivenih i 664 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: advokat84, AleksSE, alonso, Apok, asdfjklc, Asteker, Batko.VD.65, Ben Roj, blankspace, boromir, boxbole, Citalac, Clouseau, cuvarkuca, darkojbn, Desmond, Dioniss, Doc, drimer, dskrlec33, dukajov, Dungorth, Dzumanga, Electron, elenemste, fijufijukrozkapiju55, Filip1, frankavoort, GrammaticalAnalysis, Gudza, igorpet, ikan, In_hero, istina, istokzapad, ivan_8282, Ivica1102, ivran064, Jakonjveliki, kibihrchak, kori, kozhedub, Kudun, larix, lucko1, LUDI, maiden6657, Malahit, Mamadu, markoskjk, marsi, Miha79, Milan Miscevic, Mitrast, Mldo, mmelezovic, nebidrag, nekdo, Nemanja.M, neutrino, NNPD, Orc, OtacMakarije, Papadubi, PC_Liu94, pein, Pero Petković, Pikac-47, Plavi Jadran, Primus17, raptorsi, renvoi, SamoGledam, Sirius, Siti2, Srpska zauvjek, ssekir75, sspp, stegonosa, Tribal, udbas, ujke, uros, v0idmp3, Vanderx, Velibor Radoja, vensla, zillbg, Žrnov

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by