MyCity » Ambulanta -> Arhiva Ambulante » Sumnjam na keylogger...

Sumnjam na keylogger...

Napisano na dan: 20.1.2013

Sumnjam na keylogger...

Sledeća strana

Pagination

Odgovori

WF_Jay Poslao: 20 Jan 2013 17:52 Idi na vrh
offline WF_Jay Građanin Windows Server Administration-ITAcademy Pridružio: 16 Apr 2010 Poruke: 152 Gde živiš: Negde u svetu	1Ovo se svidja korisniku: mcrule Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: DDS DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.9.2 Run by Berci at 17:27:02 on 2013-01-20 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.387.1033.18.2046.794 [GMT 1:00] . AV: avast! Antivirus Enabled/Updated {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus Enabled/Updated {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender Disabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spybot - Search and Destroy Enabled/Outdated {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} . ============== Running Processes ================ . D:\Windows\system32\wininit.exe D:\Windows\system32\lsm.exe D:\Windows\system32\nvvsvc.exe D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe D:\Windows\system32\nvvsvc.exe D:\Program Files\AVAST Software\Avast\AvastSvc.exe D:\Windows\system32\Dwm.exe D:\Windows\System32\spoolsv.exe D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe D:\Windows\system32\taskhost.exe D:\Windows\Explorer.EXE D:\Windows\System32\alg.exe D:\Program Files\AVAST Software\Avast\AvastUI.exe D:\Program Files\Common Files\Java\Java Update\jusched.exe D:\Program Files\NVIDIA Corporation\Display\nvtray.exe D:\Windows\RtHDVCpl.exe D:\Windows\PixArt\PAC7302\Monitor.exe D:\Program Files\Windows Sidebar\sidebar.exe D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe D:\Windows\system32\taskhost.exe D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe D:\Windows\system32\PnkBstrA.exe G:\Program Files\Steam\Steam.exe D:\Users\Berci\Documents\DCSCMIN\IMDCSC.exe D:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe D:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe D:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe D:\Program Files\Spybot - Search & Destroy 2\SDScan.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\WinRAR\WinRAR.exe D:\Users\Berci\AppData\Local\Temp\Rar$EX00.013\i-hate-keyloggers.exe D:\Windows\system32\WUDFHost.exe D:\Windows\system32\wbem\wmiprvse.exe D:\Windows\system32\sppsvc.exe D:\Windows\system32\AUDIODG.EXE D:\Windows\system32\conhost.exe D:\Windows\system32\svchost.exe -k DcomLaunch D:\Windows\system32\svchost.exe -k RPCSS D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted D:\Windows\system32\svchost.exe -k netsvcs D:\Windows\system32\svchost.exe -k LocalService D:\Windows\system32\svchost.exe -k NetworkService D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . mStart Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzytD0FyCyDtBtCtAtBzy0FtC0D0DtByEtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1039632134 mWinlogon: Userinit = d:\windows\system32\userinit.exe,d:\users\berci\documents\dcscmin\IMDCSC.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\program files\avast software\avast\aswWebRepIE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\program files\avast software\avast\aswWebRepIE.dll uRun: [Sidebar] d:\program files\windows sidebar\sidebar.exe /autoRun uRun: [DarkComet RAT] d:\users\berci\documents\dcscmin\IMDCSC.exe mRun: [avast] "d:\program files\avast software\avast\avastUI.exe" /nogui mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [PAC7302_Monitor] d:\windows\pixart\pac7302\Monitor.exe mRun: [HWiNFO32] "d:\program files\hwinfo32\HWiNFO32.EXE" mRun: [SDTray] "d:\program files\spybot - search & destroy 2\SDTray.exe" mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: Interfaces\{69662956-18F9-4D90-B61E-C0E1362B2A00}\77830323D2376796C6F6A65667F6 : DHCPNameServer = 93.186.64.12 93.186.74.12 TCP: Interfaces\{8D2793A4-6148-4325-9E13-6FFEEF529C9B} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{D12CB484-1E15-4452-AA26-EA8BC0F3F027} : NameServer = 8.8.8.8 89.216.41.3 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\windows\system32\skype4com.dll Notify: SDWinLogon - SDWinLogon.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - d:\users\berci\appdata\roaming\mozilla\firefox\profiles\r5xlyafq.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - plugin: d:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: d:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: d:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: d:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: d:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: d:\programdata\id software\quakelive\npquakezero.dll FF - plugin: d:\users\berci\appdata\roaming\rckr\plugins\nprcplugin.dll FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - plugin: d:\windows\system32\npDeployJava1.dll FF - plugin: d:\windows\system32\npmproxy.dll FF - ExtSQL: 2012-12-05 01:29; wrc@avast.com; d:\program files\avast software\avast\webrep\FF FF - ExtSQL: 2012-12-23 21:39; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; d:\users\berci\appdata\roaming\mozilla\firefox\profiles\r5xlyafq.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi FF - ExtSQL: 2012-12-31 19:44; firefox@ghostery.com; d:\users\berci\appdata\roaming\mozilla\firefox\profiles\r5xlyafq.default\extensions\firefox@ghostery.com . ---- FIREFOX POLICIES ---- FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzytD0FyCyDtBtCtAtBzy0FtC0D0DtByEtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1039632134 FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzytD0FyCyDtBtCtAtBzy0FtC0D0DtByEtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1039632134 FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzytD0FyCyDtBtCtAtBzy0FtC0D0DtByEtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1039632134&q= FF - user.js: extensions.funmoods.id - 90F6521329F1DD24 FF - user.js: extensions.funmoods.instlDay - 15676 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2222:52:41 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - download FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - download FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [2012-11-6 738504] R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2012-11-6 361032] R1 HWiNFO32;HWiNFO32/64 Kernel Driver;d:\windows\system32\drivers\HWiNFO32.SYS [2012-12-28 20712] R1 nm3;Microsoft Network Monitor 3 Driver;d:\windows\system32\drivers\nm3.sys [2010-6-9 39736] R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2012-11-6 21256] R2 aswMonFlt;aswMonFlt;d:\windows\system32\drivers\aswMonFlt.sys [2012-11-6 58680] R2 avast! Antivirus;avast! Antivirus;d:\program files\avast software\avast\AvastSvc.exe [2012-12-4 44808] R2 BstHdDrv;BlueStacks Hypervisor;d:\program files\bluestacks\HD-Hypervisor-x86.sys [2012-12-5 63864] R2 SDScannerService;Spybot-S&D 2 Scanner Service;d:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-20 1103392] R2 SDWSCService;Spybot-S&D 2 Security Center Service;d:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-20 168384] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;d:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-11-30 382824] R2 TeamViewer8;TeamViewer 8;d:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-1-17 3467768] R3 athur;Wireless Network Adapter Service;d:\windows\system32\drivers\athur.sys [2012-11-6 1500160] R3 RTL8167;Realtek 8167 NT Driver;d:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776] R3 SDUpdateService;Spybot-S&D 2 Updating Service;d:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-20 1369624] S2 BstHdAndroidSvc;BlueStacks Android Service;d:\program files\bluestacks\HD-Service.exe [2012-12-5 393080] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;d:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 dmvsc;dmvsc;d:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;d:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] S3 RTCore32;RTCore32;d:\program files\msi afterburner\RTCore32.sys [2011-9-6 5632] S3 Synth3dVsc;Synth3dVsc;d:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184] S3 taphss6;Anchorfree HSS VPN Adapter;d:\windows\system32\drivers\taphss6.sys [2012-11-15 35592] S3 terminpt;Microsoft Remote Desktop Input Driver;d:\windows\system32\drivers\terminpt.sys [2010-11-21 25600] S3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;d:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 tsusbhub;tsusbhub;d:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640] S3 WatAdminSvc;Windows Activation Technologies Service;d:\windows\system32\wat\WatAdminSvc.exe [2012-11-6 1343400] S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;d:\program files\bluestacks\HD-LogRotatorService.exe [2012-12-5 384888] S4 SkypeUpdate;Skype Updater;d:\program files\skype\updater\Updater.exe [2012-11-9 160944] . =============== Created Last 30 ================ . 2013-01-20 15:25:32 209008 ----a-w- d:\windows\system32\kbhookdll.dll 2013-01-20 15:25:32 102912 ----a-w- d:\windows\system32\VB6STKIT.DLL 2013-01-20 15:08:09 -------- d-----w- d:\programdata\Spybot - Search & Destroy 2013-01-20 15:07:56 15224 ----a-w- d:\windows\system32\sdnclean.exe 2013-01-20 15:07:48 -------- d-----w- d:\program files\Spybot - Search & Destroy 2 2013-01-20 14:49:16 -------- d-----w- d:\users\berci\appdata\roaming\dclogs 2013-01-20 14:20:29 -------- d-----w- d:\users\berci\appdata\roaming\Spark 2013-01-19 17:24:53 682280 ----a-w- d:\windows\system32\pbsvc.exe 2013-01-19 13:09:43 -------- d-----w- d:\users\berci\appdata\roaming\Tencent 2013-01-19 13:09:43 -------- d-----w- d:\programdata\Tencent 2013-01-18 18:47:30 -------- d-----w- d:\users\berci\appdata\roaming\.hu-minecraft.net 2013-01-17 19:13:42 -------- d-----w- d:\users\berci\appdata\roaming\TS3Client 2013-01-17 19:12:46 -------- d-----w- d:\program files\TeamSpeak 3 Client 2013-01-17 18:01:35 -------- d-----w- d:\users\berci\appdata\roaming\TeamViewer 2013-01-17 17:57:45 -------- d-----w- d:\program files\TeamViewer 2013-01-17 02:31:42 -------- d-----w- d:\programdata\ElectricSheep 2013-01-17 02:31:42 -------- d-----w- d:\program files\Electric Sheep 2013-01-16 19:39:54 -------- d-----w- d:\users\berci\.thumbnails 2013-01-15 13:30:20 -------- d-----w- d:\users\berci\appdata\local\fontconfig 2013-01-15 13:30:18 -------- d-----w- d:\users\berci\appdata\local\gegl-0.2 2013-01-15 13:30:18 -------- d-----w- d:\users\berci\.gimp-2.8 2013-01-15 13:28:00 -------- d-----w- d:\program files\GIMP 2 2013-01-14 14:53:44 -------- d-----w- d:\users\berci\appdata\local\GHISLER 2013-01-14 14:53:13 545 ----a-w- d:\windows\UC.PIF 2013-01-14 14:53:13 545 ----a-w- d:\windows\RAR.PIF 2013-01-14 14:53:13 545 ----a-w- d:\windows\PKZIP.PIF 2013-01-14 14:53:13 545 ----a-w- d:\windows\PKUNZIP.PIF 2013-01-14 14:53:13 545 ----a-w- d:\windows\NOCLOSE.PIF 2013-01-14 14:53:13 545 ----a-w- d:\windows\LHA.PIF 2013-01-14 14:53:13 545 ----a-w- d:\windows\ARJ.PIF 2013-01-14 14:53:12 -------- d-----w- d:\users\berci\appdata\roaming\GHISLER 2013-01-12 14:49:12 -------- d-----w- d:\users\berci\appdata\local\Chromium 2013-01-12 13:41:14 22328 ----a-w- d:\users\berci\appdata\roaming\PnkBstrK.sys 2013-01-12 13:40:53 3130440 ----a-w- d:\windows\system32\pbsvc_blr.exe 2013-01-12 13:40:51 -------- d-----w- d:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP 2013-01-12 13:40:41 -------- d-----w- d:\program files\common files\Wise Installation Wizard 2013-01-11 16:42:14 357888 ----a-w- d:\users\berci\appdata\roaming\Tekkit.exe 2013-01-11 16:29:38 -------- d-----w- d:\users\berci\appdata\roaming\logs 2013-01-11 16:29:38 -------- d-----w- d:\users\berci\appdata\roaming\.techniclauncher 2013-01-08 00:49:23 -------- d-----w- d:\users\berci\appdata\local\SKIDROW 2013-01-08 00:49:23 -------- d-----w- d:\users\berci\appdata\local\BIT.TRIP RUNNER 2013-01-01 17:00:35 137176 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys 2013-01-01 17:00:30 281768 ----a-w- d:\windows\system32\PnkBstrB.ex0 2013-01-01 17:00:30 268952 ----a-w- d:\windows\system32\PnkBstrB.exe 2013-01-01 17:00:27 281768 ----a-w- d:\windows\system32\PnkBstrB.xtr 2013-01-01 17:00:20 75136 ----a-w- d:\windows\system32\PnkBstrA.exe 2013-01-01 17:00:11 -------- d-----w- d:\users\berci\appdata\local\PunkBuster 2013-01-01 12:37:17 48128 ----a-w- d:\windows\system32\Remove.exe 2013-01-01 12:37:16 6656 ----a-w- d:\windows\system32\CoInst_071029.dll 2013-01-01 12:37:16 461824 ----a-w- d:\windows\system32\drivers\PAC7302.SYS 2013-01-01 12:37:15 -------- d-----w- d:\program files\KYE SYSTEMS CORP 2013-01-01 12:37:14 141824 ----a-w- d:\windows\system32\SP7302.AX 2013-01-01 12:37:14 -------- d-----w- d:\windows\PixArt 2013-01-01 12:37:14 -------- d-----w- d:\program files\common files\PAC7302 2012-12-31 20:08:44 -------- d-----w- d:\program files\VideoLAN 2012-12-30 21:21:10 -------- d-----w- d:\users\berci\appdata\local\Sony 2012-12-30 21:17:52 -------- d-----w- d:\program files\Sony 2012-12-30 14:56:51 -------- d-----w- d:\program files\Boson Software 2012-12-28 14:05:45 -------- d-----w- d:\users\berci\appdata\roaming\Canneverbe Limited 2012-12-28 14:05:45 -------- d-----w- d:\programdata\Canneverbe Limited 2012-12-28 14:02:49 20712 ----a-w- d:\windows\system32\drivers\HWiNFO32.SYS 2012-12-28 14:02:38 -------- d-----w- d:\program files\HWiNFO32 2012-12-27 18:05:50 -------- d-----w- d:\programdata\id Software 2012-12-27 14:13:33 -------- d-----w- d:\program files\FinalWire 2012-12-25 17:49:28 -------- d-----w- d:\windows\system32\appmgmt 2012-12-25 17:42:39 -------- d-----w- d:\users\berci\appdata\local\ElevatedDiagnostics 2012-12-25 17:23:47 -------- d-----w- d:\users\berci\VirtualBox VMs 2012-12-25 17:23:12 -------- d-----w- d:\users\berci\.VirtualBox 2012-12-25 17:22:34 188328 ----a-w- d:\windows\system32\drivers\VBoxDrv.sys 2012-12-25 17:22:20 94632 ----a-w- d:\windows\system32\drivers\VBoxUSBMon.sys 2012-12-24 00:16:38 -------- d-----w- d:\users\berci\appdata\roaming\Mirillis 2012-12-24 00:16:38 -------- d-----w- d:\programdata\Mirillis 2012-12-24 00:16:36 -------- d-----w- d:\users\berci\appdata\local\Mirillis 2012-12-24 00:15:57 -------- d-----w- d:\program files\Mirillis . ==================== Find3M ==================== . 2013-01-01 19:12:55 73656 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-01 19:12:55 697272 ----a-w- d:\windows\system32\FlashPlayerApp.exe 2012-12-19 14:36:10 104872 ----a-w- d:\windows\system32\drivers\VBoxNetAdp.sys 2012-12-19 14:35:14 175016 ------w- d:\windows\system32\VBoxNetFltNobj.dll 2012-12-17 18:10:39 319456 ----a-w- d:\windows\DIFxAPI.dll 2012-12-17 18:10:01 315392 ----a-w- d:\windows\HideWin.exe 2012-12-09 22:28:08 93672 ----a-w- d:\windows\system32\WindowsAccessBridge.dll 2012-12-09 22:28:05 821736 ----a-w- d:\windows\system32\npDeployJava1.dll 2012-12-09 22:28:05 746984 ----a-w- d:\windows\system32\deployJava1.dll 2012-12-03 15:39:40 9373032 ----a-w- d:\windows\system32\drivers\nvlddmkm.sys 2012-12-03 15:39:40 889192 ----a-w- d:\windows\system32\nvdispgenco32.dll 2012-12-03 15:39:40 7819016 ----a-w- d:\windows\system32\nvcuda.dll 2012-12-03 15:39:40 6149904 ----a-w- d:\windows\system32\nvopencl.dll 2012-12-03 15:39:40 2606440 ----a-w- d:\windows\system32\nvcuvid.dll 2012-12-03 15:39:40 2496976 ----a-w- d:\windows\system32\nvapi.dll 2012-12-03 15:39:40 20335976 ----a-w- d:\windows\system32\nvoglv32.dll 2012-12-03 15:39:40 1874280 ----a-w- d:\windows\system32\nvcuvenc.dll 2012-12-03 15:39:40 17559912 ----a-w- d:\windows\system32\nvcompiler.dll 2012-12-03 15:39:40 15122280 ----a-w- d:\windows\system32\nvd3dum.dll 2012-12-03 15:39:40 12603960 ----a-w- d:\windows\system32\nvwgf2um.dll 2012-12-03 15:39:40 1011048 ----a-w- d:\windows\system32\nvdispco32.dll 2012-12-01 04:38:18 2869608 ----a-w- d:\windows\system32\nvsvc.dll 2012-12-01 04:38:13 3984744 ----a-w- d:\windows\system32\nvcpl.dll 2012-12-01 04:37:55 645480 ----a-w- d:\windows\system32\nvvsvc.exe 2012-12-01 04:37:55 62312 ----a-w- d:\windows\system32\nvshext.dll 2012-12-01 04:37:55 108392 ----a-w- d:\windows\system32\nvmctray.dll 2012-11-30 21:43:52 438632 ----a-w- d:\windows\system32\nvStreaming.exe 2012-11-15 01:36:52 35592 ----a-w- d:\windows\system32\drivers\taphss6.sys 2012-11-15 01:29:54 35592 ----a-w- d:\windows\system32\drivers\hssdrv6.sys 2012-11-06 19:58:11 691696 ----a-w- d:\windows\system32\drivers\sptd.sys 2012-11-06 13:02:35 811520 ----a-w- d:\windows\system32\user32.dll 2012-11-06 13:02:35 409088 ----a-w- d:\windows\system32\systemcpl.dll 2012-11-06 13:02:35 13824 ----a-w- d:\windows\system32\slwga.dll 2012-10-30 22:51:58 738504 ----a-w- d:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51:57 58680 ----a-w- d:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51:07 41224 ----a-w- d:\windows\avastSS.scr . ============= FINISH: 17:32:30,97 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png nije mi hteo da skenira Autostart :S

Profil

TwinHeadedEagle Poslao: 20 Jan 2013 18:55 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	2Ovo se svidja korisnicima: WF_Jay, mcrule Registruj se da bi pohvalio/la poruku! Pozdrav, WF_Jay Korak 1. Preuzmi program OTM na Desktop. Dvoklikom pokreni OTM.exe U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja: `:reg [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="d:\windows\system32\userinit.exe," [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DarkComet RAT"=- :files d:\users\berci\documents\dcscmin :commands [emptytemp]` Klikni MoveIt! Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu. Ukoliko se pojavi upit: Confirm ::The system requires a reboot to finish removing files. Do you want to reboot now? kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen. Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu. Potrebno je iskopirati sadržaj tog loga u poruku na forumu. Korak 2. Ponovo pokreni DDS i dostavi mi svez DDS.txt izvestaj.

Profil

WF_Jay Poslao: 20 Jan 2013 19:27 Idi na vrh
offline WF_Jay Građanin Windows Server Administration-ITAcademy Pridružio: 16 Apr 2010 Poruke: 152 Gde živiš: Negde u svetu	2Ovo se svidja korisnicima: mcrule, TwinHeadedEagle Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: ovaaaaaj nije se otvorilo notepad kad sam restartovao system :\ al' evo DDS DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.9.2 Run by Berci at 19:24:45 on 2013-01-20 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.387.1033.18.2046.1216 [GMT 1:00] . AV: avast! Antivirus Enabled/Updated {2B2D1395-420B-D5C9-657E- 930FE358FC3C} SP: avast! Antivirus Enabled/Updated {904CF271-6431-DA47-5FCE- A87D98DFB681} SP: Windows Defender Disabled/Outdated {D68DDC3A-831F-4fae-9E44- DA132C1ACF46} SP: Spybot - Search and Destroy Enabled/Outdated {9BC38DF1-3CCA-732D- A930-C1CA5F20A4B0} . ============== Running Processes ================ . D:\Windows\system32\wininit.exe D:\Windows\system32\lsm.exe D:\Windows\system32\nvvsvc.exe D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe D:\Windows\system32\AUDIODG.EXE D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe D:\Windows\system32\nvvsvc.exe D:\Program Files\AVAST Software\Avast\AvastSvc.exe D:\Windows\System32\spoolsv.exe D:\Windows\system32\Dwm.exe D:\Windows\Explorer.EXE D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe D:\Windows\system32\PnkBstrA.exe D:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe D:\Windows\system32\taskhost.exe D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe D:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe D:\Windows\System32\alg.exe D:\Windows\system32\WUDFHost.exe D:\Windows\System32\rundll32.exe D:\Program Files\NVIDIA Corporation\Display\nvtray.exe D:\Program Files\AVAST Software\Avast\AvastUI.exe D:\Windows\RtHDVCpl.exe D:\Windows\PixArt\PAC7302\Monitor.exe D:\Program Files\HWiNFO32\HWiNFO32.EXE D:\Program Files\Spybot - Search & Destroy 2\SDTray.exe D:\Program Files\Windows Sidebar\sidebar.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Windows\system32\taskeng.exe D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe D:\Windows\system32\conhost.exe D:\Windows\system32\wbem\wmiprvse.exe D:\Windows\system32\svchost.exe -k DcomLaunch D:\Windows\system32\svchost.exe -k RPCSS D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted D:\Windows\system32\svchost.exe -k netsvcs D:\Windows\system32\svchost.exe -k LocalService D:\Windows\system32\svchost.exe -k NetworkService D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . mStart Page = hxxp://searchfunmoods.com/? f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzytD0FyCyDtBtCtAtBzy0FtC0D0 DtByEtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1039632134 BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d: \program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\program files\avast software\avast\aswWebRepIE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\program files\avast software\avast\aswWebRepIE.dll uRun: [Sidebar] d:\program files\windows sidebar\sidebar.exe /autoRun mRun: [avast] "d:\program files\avast software\avast\avastUI.exe" /nogui mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [PAC7302_Monitor] d:\windows\pixart\pac7302\Monitor.exe mRun: [HWiNFO32] "d:\program files\hwinfo32\HWiNFO32.EXE" mRun: [SDTray] "d:\program files\spybot - search & destroy 2\SDTray.exe" mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - d: \progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C- F5F514E3486C} - d:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B- 96E929D65503} TCP: Interfaces\{69662956-18F9-4D90-B61E- C0E1362B2A00}\77830323D2376796C6F6A65667F6 : DHCPNameServer = 93.186.64.12 93.186.74.12 TCP: Interfaces\{8D2793A4-6148-4325-9E13-6FFEEF529C9B} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{D12CB484-1E15-4452-AA26-EA8BC0F3F027} : NameServer = 8.8.8.8 89.216.41.3 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d: \program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\windows \system32\skype4com.dll Notify: SDWinLogon - SDWinLogon.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA- 52453494E6CD} - d:\program files\microsoft office \office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - d:\users\berci\appdata\roaming\mozilla\firefox\profiles \r5xlyafq.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - plugin: d:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: d:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: d:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: d:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: d:\program files\nvidia corporation\3d vision \npnv3dvstreaming.dll FF - plugin: d:\programdata\id software\quakelive\npquakezero.dll FF - plugin: d:\users\berci\appdata\roaming\rckr\plugins\nprcplugin.dll FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - plugin: d:\windows\system32\npDeployJava1.dll FF - plugin: d:\windows\system32\npmproxy.dll FF - ExtSQL: 2012-12-05 01:29; wrc@avast.com; d:\program files\avast software\avast\webrep\FF FF - ExtSQL: 2012-12-23 21:39; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; d: \users\berci\appdata\roaming\mozilla\firefox\profiles\r5xlyafq.default \extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi FF - ExtSQL: 2012-12-31 19:44; firefox@ghostery.com; d:\users\berci \appdata\roaming\mozilla\firefox\profiles\r5xlyafq.default\extensions \firefox@ghostery.com . ---- FIREFOX POLICIES ---- FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/? f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzytD0FyCyDtBtCtAtBzy0FtC0D0 DtByEtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1039632134 FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/? f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzytD0FyCyDtBtCtAtBzy0FtC0D0 DtByEtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1039632134 FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/? f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzytD0FyCyDtBtCtAtBzy0FtC0D0 DtByEtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1039632134&q= FF - user.js: extensions.funmoods.id - 90F6521329F1DD24 FF - user.js: extensions.funmoods.instlDay - 15676 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2222:52:41 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - download FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - download FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [2012-11-6 738504] R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2012-11-6 361032] R1 HWiNFO32;HWiNFO32/64 Kernel Driver;d:\windows\system32\drivers \HWiNFO32.SYS [2012-12-28 20712] R1 nm3;Microsoft Network Monitor 3 Driver;d:\windows\system32\drivers \nm3.sys [2010-6-9 39736] R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2012-11-6 21256] R2 aswMonFlt;aswMonFlt;d:\windows\system32\drivers\aswMonFlt.sys [2012-11-6 58680] R2 avast! Antivirus;avast! Antivirus;d:\program files\avast software\avast \AvastSvc.exe [2012-12-4 44808] R2 BstHdDrv;BlueStacks Hypervisor;d:\program files\bluestacks\HD- Hypervisor-x86.sys [2012-12-5 63864] R2 SDScannerService;Spybot-S&D 2 Scanner Service;d:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-20 1103392] R2 SDWSCService;Spybot-S&D 2 Security Center Service;d:\program files \spybot - search & destroy 2\SDWSCSvc.exe [2013-1-20 168384] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;d:\program files \nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-11-30 382824] R2 TeamViewer8;TeamViewer 8;d:\program files\teamviewer \version8\TeamViewer_Service.exe [2013-1-17 3467768] R3 athur;Wireless Network Adapter Service;d:\windows\system32\drivers \athur.sys [2012-11-6 1500160] R3 RTL8167;Realtek 8167 NT Driver;d:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776] S2 BstHdAndroidSvc;BlueStacks Android Service;d:\program files\bluestacks \HD-Service.exe [2012-12-5 393080] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;d:\windows \system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 dmvsc;dmvsc;d:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;d:\windows \system32\drivers\rdpvideominiport.sys [2010-11-20 15872] S3 RTCore32;RTCore32;d:\program files\msi afterburner\RTCore32.sys [2011-9 -6 5632] S3 SDUpdateService;Spybot-S&D 2 Updating Service;d:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-20 1369624] S3 Synth3dVsc;Synth3dVsc;d:\windows\system32\drivers\Synth3dVsc.sys [2010- 11-21 77184] S3 taphss6;Anchorfree HSS VPN Adapter;d:\windows\system32\drivers \taphss6.sys [2012-11-15 35592] S3 terminpt;Microsoft Remote Desktop Input Driver;d:\windows \system32\drivers\terminpt.sys [2010-11-21 25600] S3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;d:\windows\system32\drivers \TsUsbGD.sys [2010-11-20 27264] S3 tsusbhub;tsusbhub;d:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640] S3 WatAdminSvc;Windows Activation Technologies Service;d:\windows \system32\wat\WatAdminSvc.exe [2012-11-6 1343400] S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;d:\program files \bluestacks\HD-LogRotatorService.exe [2012-12-5 384888] S4 SkypeUpdate;Skype Updater;d:\program files\skype\updater\Updater.exe [2012-11-9 160944] . =============== Created Last 30 ================ . 2013-01-20 18:18:18 -------- d-----w- D:\_OTM 2013-01-20 15:25:32 209008 ----a-w- d:\windows \system32\kbhookdll.dll 2013-01-20 15:25:32 102912 ----a-w- d:\windows \system32\VB6STKIT.DLL 2013-01-20 15:08:09 -------- d-----w- d:\programdata \Spybot - Search & Destroy 2013-01-20 15:07:56 15224 ----a-w- d:\windows \system32\sdnclean.exe 2013-01-20 15:07:48 -------- d-----w- d:\program files \Spybot - Search & Destroy 2 2013-01-20 14:49:16 -------- d-----w- d:\users\berci \appdata\roaming\dclogs 2013-01-20 14:20:29 -------- d-----w- d:\users\berci \appdata\roaming\Spark 2013-01-19 17:24:53 682280 ----a-w- d:\windows \system32\pbsvc.exe 2013-01-19 13:09:43 -------- d-----w- d:\users\berci \appdata\roaming\Tencent 2013-01-19 13:09:43 -------- d-----w- d:\programdata \Tencent 2013-01-18 18:47:30 -------- d-----w- d:\users\berci \appdata\roaming\.hu-minecraft.net 2013-01-17 19:13:42 -------- d-----w- d:\users\berci \appdata\roaming\TS3Client 2013-01-17 19:12:46 -------- d-----w- d:\program files \TeamSpeak 3 Client 2013-01-17 18:01:35 -------- d-----w- d:\users\berci \appdata\roaming\TeamViewer 2013-01-17 17:57:45 -------- d-----w- d:\program files \TeamViewer 2013-01-17 02:31:42 -------- d-----w- d:\programdata \ElectricSheep 2013-01-17 02:31:42 -------- d-----w- d:\program files \Electric Sheep 2013-01-16 19:39:54 -------- d-----w- d:\users\berci \.thumbnails 2013-01-15 13:30:20 -------- d-----w- d:\users\berci \appdata\local\fontconfig 2013-01-15 13:30:18 -------- d-----w- d:\users\berci \appdata\local\gegl-0.2 2013-01-15 13:30:18 -------- d-----w- d:\users\berci \.gimp-2.8 2013-01-15 13:28:00 -------- d-----w- d:\program files \GIMP 2 2013-01-14 14:53:44 -------- d-----w- d:\users\berci \appdata\local\GHISLER 2013-01-14 14:53:13 545 ----a-w- d:\windows\UC.PIF 2013-01-14 14:53:13 545 ----a-w- d:\windows\RAR.PIF 2013-01-14 14:53:13 545 ----a-w- d:\windows\PKZIP.PIF 2013-01-14 14:53:13 545 ----a-w- d:\windows\PKUNZIP.PIF 2013-01-14 14:53:13 545 ----a-w- d:\windows\NOCLOSE.PIF 2013-01-14 14:53:13 545 ----a-w- d:\windows\LHA.PIF 2013-01-14 14:53:13 545 ----a-w- d:\windows\ARJ.PIF 2013-01-14 14:53:12 -------- d-----w- d:\users\berci \appdata\roaming\GHISLER 2013-01-12 14:49:12 -------- d-----w- d:\users\berci \appdata\local\Chromium 2013-01-12 13:41:14 22328 ----a-w- d:\users\berci\appdata \roaming\PnkBstrK.sys 2013-01-12 13:40:53 3130440 ----a-w- d:\windows \system32\pbsvc_blr.exe 2013-01-12 13:40:41 -------- d-----w- d:\program files \common files\Wise Installation Wizard 2013-01-11 16:42:14 357888 ----a-w- d:\users\berci\appdata \roaming\Tekkit.exe 2013-01-11 16:29:38 -------- d-----w- d:\users\berci \appdata\roaming\logs 2013-01-11 16:29:38 -------- d-----w- d:\users\berci \appdata\roaming\.techniclauncher 2013-01-08 00:49:23 -------- d-----w- d:\users\berci \appdata\local\SKIDROW 2013-01-08 00:49:23 -------- d-----w- d:\users\berci \appdata\local\BIT.TRIP RUNNER 2013-01-01 17:00:35 137176 ----a-w- d:\windows \system32\drivers\PnkBstrK.sys 2013-01-01 17:00:30 281768 ----a-w- d:\windows \system32\PnkBstrB.ex0 2013-01-01 17:00:30 268952 ----a-w- d:\windows \system32\PnkBstrB.exe 2013-01-01 17:00:27 281768 ----a-w- d:\windows \system32\PnkBstrB.xtr 2013-01-01 17:00:20 75136 ----a-w- d:\windows \system32\PnkBstrA.exe 2013-01-01 17:00:11 -------- d-----w- d:\users\berci \appdata\local\PunkBuster 2013-01-01 12:37:17 48128 ----a-w- d:\windows \system32\Remove.exe 2013-01-01 12:37:16 6656 ----a-w- d:\windows \system32\CoInst_071029.dll 2013-01-01 12:37:16 461824 ----a-w- d:\windows \system32\drivers\PAC7302.SYS 2013-01-01 12:37:15 -------- d-----w- d:\program files \KYE SYSTEMS CORP 2013-01-01 12:37:14 141824 ----a-w- d:\windows \system32\SP7302.AX 2013-01-01 12:37:14 -------- d-----w- d:\windows\PixArt 2013-01-01 12:37:14 -------- d-----w- d:\program files \common files\PAC7302 2012-12-31 20:08:44 -------- d-----w- d:\program files \VideoLAN 2012-12-30 21:21:10 -------- d-----w- d:\users\berci \appdata\local\Sony 2012-12-30 21:17:52 -------- d-----w- d:\program files \Sony 2012-12-30 14:56:51 -------- d-----w- d:\program files \Boson Software 2012-12-28 14:05:45 -------- d-----w- d:\users\berci \appdata\roaming\Canneverbe Limited 2012-12-28 14:05:45 -------- d-----w- d:\programdata \Canneverbe Limited 2012-12-28 14:02:49 20712 ----a-w- d:\windows \system32\drivers\HWiNFO32.SYS 2012-12-28 14:02:38 -------- d-----w- d:\program files \HWiNFO32 2012-12-27 18:05:50 -------- d-----w- d:\programdata\id Software 2012-12-27 14:13:33 -------- d-----w- d:\program files \FinalWire 2012-12-25 17:49:28 -------- d-----w- d:\windows \system32\appmgmt 2012-12-25 17:42:39 -------- d-----w- d:\users\berci \appdata\local\ElevatedDiagnostics 2012-12-25 17:23:47 -------- d-----w- d:\users\berci \VirtualBox VMs 2012-12-25 17:23:12 -------- d-----w- d:\users\berci \.VirtualBox 2012-12-25 17:22:34 188328 ----a-w- d:\windows \system32\drivers\VBoxDrv.sys 2012-12-25 17:22:20 94632 ----a-w- d:\windows \system32\drivers\VBoxUSBMon.sys 2012-12-24 00:16:38 -------- d-----w- d:\users\berci \appdata\roaming\Mirillis 2012-12-24 00:16:38 -------- d-----w- d:\programdata \Mirillis 2012-12-24 00:16:36 -------- d-----w- d:\users\berci \appdata\local\Mirillis 2012-12-24 00:15:57 -------- d-----w- d:\program files \Mirillis . ==================== Find3M ==================== . 2013-01-01 19:12:55 73656 ----a-w- d:\windows \system32\FlashPlayerCPLApp.cpl 2013-01-01 19:12:55 697272 ----a-w- d:\windows \system32\FlashPlayerApp.exe 2012-12-19 14:36:10 104872 ----a-w- d:\windows \system32\drivers\VBoxNetAdp.sys 2012-12-19 14:35:14 175016 ------w- d:\windows \system32\VBoxNetFltNobj.dll 2012-12-17 18:10:39 319456 ----a-w- d:\windows\DIFxAPI.dll 2012-12-17 18:10:01 315392 ----a-w- d:\windows\HideWin.exe 2012-12-09 22:28:08 93672 ----a-w- d:\windows \system32\WindowsAccessBridge.dll 2012-12-09 22:28:05 821736 ----a-w- d:\windows \system32\npDeployJava1.dll 2012-12-09 22:28:05 746984 ----a-w- d:\windows \system32\deployJava1.dll 2012-12-03 15:39:40 9373032 ----a-w- d:\windows \system32\drivers\nvlddmkm.sys 2012-12-03 15:39:40 889192 ----a-w- d:\windows \system32\nvdispgenco32.dll 2012-12-03 15:39:40 7819016 ----a-w- d:\windows \system32\nvcuda.dll 2012-12-03 15:39:40 6149904 ----a-w- d:\windows \system32\nvopencl.dll 2012-12-03 15:39:40 2606440 ----a-w- d:\windows \system32\nvcuvid.dll 2012-12-03 15:39:40 2496976 ----a-w- d:\windows \system32\nvapi.dll 2012-12-03 15:39:40 20335976 ----a-w- d:\windows \system32\nvoglv32.dll 2012-12-03 15:39:40 1874280 ----a-w- d:\windows \system32\nvcuvenc.dll 2012-12-03 15:39:40 17559912 ----a-w- d:\windows \system32\nvcompiler.dll 2012-12-03 15:39:40 15122280 ----a-w- d:\windows \system32\nvd3dum.dll 2012-12-03 15:39:40 12603960 ----a-w- d:\windows \system32\nvwgf2um.dll 2012-12-03 15:39:40 1011048 ----a-w- d:\windows \system32\nvdispco32.dll 2012-12-01 04:38:18 2869608 ----a-w- d:\windows \system32\nvsvc.dll 2012-12-01 04:38:13 3984744 ----a-w- d:\windows \system32\nvcpl.dll 2012-12-01 04:37:55 645480 ----a-w- d:\windows \system32\nvvsvc.exe 2012-12-01 04:37:55 62312 ----a-w- d:\windows \system32\nvshext.dll 2012-12-01 04:37:55 108392 ----a-w- d:\windows \system32\nvmctray.dll 2012-11-30 21:43:52 438632 ----a-w- d:\windows \system32\nvStreaming.exe 2012-11-15 01:36:52 35592 ----a-w- d:\windows \system32\drivers\taphss6.sys 2012-11-15 01:29:54 35592 ----a-w- d:\windows \system32\drivers\hssdrv6.sys 2012-11-06 19:58:11 691696 ----a-w- d:\windows \system32\drivers\sptd.sys 2012-11-06 13:02:35 811520 ----a-w- d:\windows \system32\user32.dll 2012-11-06 13:02:35 409088 ----a-w- d:\windows \system32\systemcpl.dll 2012-11-06 13:02:35 13824 ----a-w- d:\windows \system32\slwga.dll 2012-10-30 22:51:58 738504 ----a-w- d:\windows \system32\drivers\aswSnx.sys 2012-10-30 22:51:57 58680 ----a-w- d:\windows \system32\drivers\aswMonFlt.sys 2012-10-30 22:51:07 41224 ----a-w- d:\windows\avastSS.scr . ============= FINISH: 19:25:15,38 =============== mycity.rs/must-login.png

Profil

TwinHeadedEagle Poslao: 20 Jan 2013 20:26 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	1Ovo se svidja korisniku: mcrule Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje?

Profil

WF_Jay Poslao: 20 Jan 2013 20:39 Idi na vrh
offline WF_Jay Građanin Windows Server Administration-ITAcademy Pridružio: 16 Apr 2010 Poruke: 152 Gde živiš: Negde u svetu	1Ovo se svidja korisniku: mcrule Registruj se da bi pohvalio/la poruku! Napisano: 20 Jan 2013 20:30 sve radi normalno! ostavicu spybot preko noci da skenira. ako budem imao problema vraticu se u topic! hvala puno na pomoci! Dopuna: 20 Jan 2013 20:39 evo izvestaj od OTM sad sam ga pokrenuo i izbacio izvestaj! All processes killed ========== REGISTRY ========== HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\\"Userinit"\|"d:\windows\system32\userinit.exe," /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DarkComet RAT deleted successfully. ========== FILES ========== d:\users\berci\documents\DCSCMIN folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Berci ->Temp folder emptied: 768558042 bytes ->Temporary Internet Files folder emptied: 8071140 bytes ->Java cache emptied: 23347 bytes ->FireFox cache emptied: 436895798 bytes ->Flash cache emptied: 18130 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 10146143 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95409 bytes RecycleBin emptied: 1769793 bytes Total Files Cleaned = 1.169,00 mb OTM by OldTimer - Version 3.1.21.0 log created on 01202013_191818 Files moved on Reboot... File move failed. D:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... izvinjavam se na double post!

Profil

TwinHeadedEagle Poslao: 20 Jan 2013 22:23 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	2Ovo se svidja korisnicima: WF_Jay, mcrule Registruj se da bi pohvalio/la poruku! To bi bilo to, keylogger je uklonjen. Ako te jos nesto interesuje, pitaj. Sto se tice Spybot-a, taj softver je pregazilo vreme, nije ono sto je nekad bio. Ako zelis pouzdan program, preporuka je MalwareBytes. Apdejtuj Javu, u poslednje vreme su propusti u okviru nje mnogo korisceni za distribuciju malware-a i inficiranje racunara... Ponovo pokreni OTM i klikni na CleanUp Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan. Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/ Više o MCShield-u možeš saznati u ovim temama: v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj. Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html Takode, isprati i temu "Kako izbeci i ukloniti toolbar-ove" , procitaj i isprati korake u njoj. Link do teme je: http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html TwinHeadedEagle (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Sumnjam na keylogger...

Ko je trenutno na forumu

Ukupno su 739 korisnika na forumu :: 29 registrovanih, 5 sakrivenih i 705 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Bobrock1, Boris BM, darkangel, Djokislav, draganca, DragoslavS, indja, janbo, Komentator, krkalon, Lazarus, loon123, Mi lao shu, Mixelotti, naki011, nenad81, nikoladim, pein, Petar35, RecA, Srle993, Trpe Grozni, vladetije, vladulns, vukovi, W123, x9, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by