MyCity » Ambulanta -> Arhiva Ambulante » Trojanac mozda....

Trojanac mozda....

Napisano na dan: 6.6.2008

Strana:
1
2

Trojanac mozda....

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Acid_Burn Poslao: 06 Jun 2008 04:29 Idi na vrh
offline Acid_Burn Moderator foruma Glavni moderator foruma Zabava Hellraiser Demon to some. Angel to others Pridružio: 07 Jan 2005 Poruke: 25503 Gde živiš: Beneath the Black Sky	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:26:57, on 6.6.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\system32\taskeng.exe C:\Program Files\Trust\Trust R-Series Keyboard\StartAutorun.exe C:\Program Files\Trust\Trust R-Series Keyboard\KMConfig.exe C:\Windows\RTHDCPL.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\AltBinz\altbinz.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Trust\Trust R-Series Keyboard\KMProcess.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\stunnel\stunnel.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Trust\Trust R-Series Keyboard\StartAutorun.exe KMConfig.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: altbinz.lnk = C:\Program Files\AltBinz\altbinz.exe O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: DVD - Unknown owner - C:\Users\Siki\AppData\Local\Temp\DVD.exe (file missing) O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-Series Keyboard\KMWDSrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe -- End of file - 5972 bytes

Profil

bobby Poslao: 06 Jun 2008 13:34 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Acid_Burn Poslao: 07 Jun 2008 21:24 Idi na vrh
offline Acid_Burn Moderator foruma Glavni moderator foruma Zabava Hellraiser Demon to some. Angel to others Pridružio: 07 Jan 2005 Poruke: 25503 Gde živiš: Beneath the Black Sky	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-06-07.1 - Siki 2008-06-07 21:08:56.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.988 [GMT 2:00] Running from: C:\Users\Siki\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 ))))))))))))))))))))))))))))))) . 2008-06-05 15:53 . 2008-06-05 15:53 39,918 -r-hs---- C:\Windows\winudpmgr.exe 2008-06-05 07:34 . 2008-06-05 07:34 <DIR> d-------- C:\Users\All Users\Sandlot Games 2008-06-05 07:34 . 2008-06-05 07:34 <DIR> d-------- C:\ProgramData\Sandlot Games 2008-06-05 07:34 . 2008-06-05 07:34 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared 2008-06-01 08:05 . 2008-06-01 14:42 <DIR> d-------- C:\Users\Siki\AppData\Roaming\Xfire 2008-06-01 08:05 . 2008-06-03 05:54 <DIR> d-------- C:\Users\All Users\Xfire 2008-06-01 08:05 . 2008-06-03 05:54 <DIR> d-------- C:\ProgramData\Xfire 2008-06-01 08:05 . 2008-06-01 08:12 <DIR> d-------- C:\Program Files\Xfire 2008-05-27 17:54 . 2008-05-27 17:54 <DIR> d-------- C:\Users\Siki\AppData\Roaming\EA 2008-05-27 17:53 . 2008-05-27 17:53 <DIR> d-------- C:\Users\All Users\EA 2008-05-27 17:53 . 2008-05-27 17:53 <DIR> d-------- C:\ProgramData\EA 2008-05-23 21:31 . 2008-05-23 21:31 <DIR> d-------- C:\Program Files\stunnel 2008-05-23 21:29 . 2008-06-05 19:59 16 --a------ C:\Windows\popcinfo.dat 2008-05-23 21:13 . 2008-05-23 21:13 <DIR> d-------- C:\Windows\SSMaui Wowee 2008-05-23 21:13 . 1999-02-16 08:02 49,664 --a------ C:\Windows\SSMaui Wowee.scr 2008-05-23 21:11 . 2004-09-20 16:00 802,816 --a------ C:\Windows\FeedingFrenzy.scr 2008-05-23 21:11 . 2005-01-07 11:39 57,344 --a------ C:\Windows\System32\Big Kahuna Reef.scr 2008-05-23 21:10 . 2005-08-03 13:48 389,120 --a------ C:\Windows\Adventure Inlay.scr 2008-05-21 19:02 . 2008-05-21 19:02 <DIR> d-------- C:\Users\Siki\AppData\Roaming\GameHouse 2008-05-21 19:02 . 2008-05-21 19:02 <DIR> d-------- C:\Users\All Users\n7-89-o9-3r-4t-r9 2008-05-21 19:02 . 2008-05-21 19:02 <DIR> d-------- C:\ProgramData\n7-89-o9-3r-4t-r9 2008-05-21 15:54 . 2004-11-11 13:28 18,004 --a------ C:\Windows\System32\drivers\slnt.sys 2008-05-21 15:52 . 2008-05-21 15:52 <DIR> d-------- C:\Windows\silan 2008-05-21 15:52 . 2003-11-20 12:58 18,004 --a------ C:\Windows\System32\slnt.sys 2008-05-21 15:52 . 2003-11-07 11:05 12,653 --a------ C:\Windows\sl95.sys 2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\Windows\System32\xfcodec.dll 2008-05-12 20:09 . 2008-05-12 20:09 <DIR> d-------- C:\Windows\System32\Lang 2008-05-12 20:06 . 2008-05-12 20:06 <DIR> d-------- C:\Users\Siki\{8d7a5308-bfe3-4a43-b072-86357c6799a2} 2008-05-12 20:05 . 2008-05-12 20:05 <DIR> d-------- C:\Windows\System32\RTCOM 2008-05-12 20:05 . 2006-05-16 18:04 2,879,488 --a------ C:\Windows\SkyTel.exe 2008-05-12 20:05 . 2006-03-09 17:45 364,544 --a------ C:\Windows\RtlUpd.exe 2008-05-12 20:05 . 2006-01-10 13:58 266,240 --a------ C:\Windows\System32\RTSndMgr.Cpl 2008-05-12 20:05 . 2005-10-31 18:17 135,168 --a------ C:\Windows\System32\RtlCPAPI.dll 2008-05-12 20:05 . 2006-05-04 16:22 86,016 --a------ C:\Windows\SoundMan.exe 2008-05-12 20:05 . 2005-07-15 16:48 40,960 --a------ C:\Windows\System32\ChCfg.exe 2008-05-12 20:04 . 2008-05-12 20:04 <DIR> d-------- C:\Program Files\Realtek 2008-05-12 20:04 . 2006-05-27 10:47 16,208,384 --a------ C:\Windows\RTHDCPL.exe 2008-05-12 20:04 . 2006-05-04 16:35 9,709,568 --a------ C:\Windows\RTLCPL.exe 2008-05-12 20:04 . 2006-05-26 13:20 4,279,296 --a------ C:\Windows\System32\drivers\RtkHDAud.Sys 2008-05-12 20:04 . 2006-05-04 16:26 2,808,832 --a------ C:\Windows\alcwzrd.exe 2008-05-12 20:04 . 2006-03-10 19:32 2,158,592 --a------ C:\Windows\MicCal.exe 2008-05-12 20:04 . 2005-04-16 22:20 487,424 --a------ C:\Windows\RtlExUpd.dll 2008-05-12 20:04 . 2005-09-21 10:25 299,008 --a------ C:\Windows\System32\ALSndMgr.Cpl 2008-05-12 20:04 . 2005-05-03 18:43 69,632 --a------ C:\Windows\Alcmtr.exe 2008-05-12 20:02 . 2008-05-12 20:02 <DIR> d-------- C:\Program Files\Realtek Sound Manager 2008-05-12 20:02 . 2008-05-12 20:02 <DIR> d-------- C:\Program Files\AvRack 2008-05-12 20:02 . 2001-07-05 18:19 164 -r------- C:\Windows\avrack.ini 2008-05-12 20:01 . 2008-05-12 20:01 <DIR> d-------- C:\Program Files\Realtek AC97 2008-05-12 20:01 . 2006-03-20 05:48 315,392 -r------- C:\Windows\alcupd.exe 2008-05-12 20:01 . 2005-11-18 05:20 217,088 -r------- C:\Windows\alcrmv.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-05 18:14 --------- d---a-w C:\ProgramData\TEMP 2008-06-05 17:20 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-06-05 17:20 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-06-03 13:24 --------- d-----w C:\Users\Siki\AppData\Roaming\uTorrent 2008-06-02 03:27 --------- d-----w C:\ProgramData\DVD Shrink 2008-05-30 19:04 --------- d-----w C:\Program Files\FlashGet 2008-05-21 13:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys 2008-05-05 20:33 --------- d-----w C:\ProgramData\Ubisoft 2008-05-05 20:32 22,328 ----a-w C:\Users\Siki\AppData\Roaming\PnkBstrK.sys 2008-05-05 20:32 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe 2008-05-05 20:30 --------- d-----w C:\Program Files\DriverCleanerDotNET 2008-04-27 15:44 --------- d-----w C:\ProgramData\Nero 2008-04-27 15:44 --------- d-----w C:\Program Files\Common Files\Ahead 2008-04-24 16:32 --------- d-----w C:\Program Files\Unlocker 2008-04-24 15:12 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-24 14:57 --------- d-----w C:\Users\Siki\AppData\Roaming\CDBurnerXP_Soft 2008-04-24 14:52 --------- d-----w C:\Program Files\Nero 2008-04-24 14:52 --------- d-----w C:\Program Files\Common Files\Nero 2008-04-19 19:05 --------- d-----w C:\Users\Siki\AppData\Roaming\Microsoft Games 2008-04-19 18:56 --------- d-----w C:\Program Files\Common Files\Microsoft Games 2008-04-19 18:15 --------- d-----w C:\Program Files\Microsoft Games 2008-04-12 06:28 --------- d-----w C:\Program Files\Google 2008-03-20 04:56 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-01-26 23:05 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:33 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464] "KMCONFIG"="C:\Program Files\Trust\Trust R-Series Keyboard\StartAutorun.exe" [2007-03-06 14:51 212992] "RTHDCPL"="RTHDCPL.EXE" [2006-05-27 10:47 16208384 C:\Windows\RTHDCPL.exe] "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208] C:\Users\Siki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ altbinz.lnk - C:\Program Files\AltBinz\altbinz.exe [2007-09-27 12:14:44 1069568] Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2005-03-01 14:39:43 118784] Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-09 13:00:15 3450608] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 04:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 18:43 69632 C:\Windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-11 18:06 81920 C:\Windows\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] --a------ 2007-12-11 18:06 86016 C:\Windows\system32\nvsvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian] --a------ 2005-09-18 19:40 1421824 C:\Program Files\PeerGuardian2\pg2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-01-27 00:50 1232896 C:\Program Files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2007-06-25 22:42 1006264 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows UDP Control Center] -r-hs---- 2008-06-05 15:53 39918 C:\Windows\winudpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] --a------ 2006-11-02 14:32 2159104 C:\Windows\System32\oobefldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2006-11-02 14:33 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-690428932-4065060906-875063553-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{797B56FA-9440-4B44-8D26-54835DFC06A9}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet "UDP Query User{DD55FB16-E5EC-4654-A6BA-D6AA34A39923}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet "{2299C258-5274-43D0-8526-3CC4D7A4FC22}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "{FAEF3C19-F823-4108-B01B-5B86AAA01C48}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "{9194C592-D687-45E1-99FB-11787ED459D8}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{338F6580-5C98-4D49-B8F9-9A040BAEA164}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{D5873FDF-74A8-4C00-A539-35DF687C7842}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{034B5F9F-B134-4C34-BF75-6571E5E4D5D2}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{F52AB04D-669C-4C5E-8B58-9940111AD174}"= UDP:E:\Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{80236CCF-BD57-44EF-A96F-C67AB23CF3F8}"= TCP:E:\Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{A7A48A7D-15CB-45EF-80E7-8A4DACF307FF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{70EEC4B3-07EC-43FA-95E6-3A84E4898B79}C:\\program files\\stunnel\\stunnel.exe"= UDP:C:\program files\stunnel\stunnel.exe:stunnel "UDP Query User{A67452D4-C2BD-4251-ABE5-A2B4584C3044}C:\\program files\\stunnel\\stunnel.exe"= TCP:C:\program files\stunnel\stunnel.exe:stunnel "{577FFDCF-345E-4BB4-89E4-6DA75AF6E01E}"= UDP:E:\Games\Bin32\Crysis.exe:Crysis_32 "{DEC8E4A7-1C58-4294-9B19-D35EC7BCC4BD}"= TCP:E:\Games\Bin32\Crysis.exe:Crysis_32 "{F62DED0F-5D70-4298-BFC9-4E25737C3DEA}"= UDP:E:\Games\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{93AE53CD-637B-4D20-AA50-AC106FE09CCE}"= TCP:E:\Games\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "TCP Query User{E442FD3C-D670-4635-A501-4978860D1B2A}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire "UDP Query User{40607226-F71A-469E-89C0-575A41F0EA26}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire "{94C53DDC-6413-472A-8A29-B392E391F8C9}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "{0A23AAE0-5FF0-4CB7-8403-B0FCB2D44B04}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18] R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Trust\Trust R-Series Keyboard\KMWDSrv.exe [2007-04-05 10:29] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31] S3 DVD;DVD;C:\Users\Siki\AppData\Local\Temp\DVD.exe [] S3 slnt;Realtek Rtl-8139d PCI Fast Ethernet Adapter;C:\Windows\system32\DRIVERS\slnt.sys [2004-11-11 13:28] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] \shell\AutoRun\command - K:\Setup\rsrc\autorun.exe \shell\dinstall\command - K:\Directx\dxsetup.exe Newly Created Service - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-07 21:21:03 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll . Completion time: 2008-06-07 21:21:44 ComboFix-quarantined-files.txt 2008-06-07 19:21:40 Pre-Run: 1,271,181,312 bytes free Post-Run: 1,341,693,952 bytes free 193 --- E O F --- 2008-03-07 15:46:23

Profil

bobby Poslao: 07 Jun 2008 21:44 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pre nego sto nastavim, jedno pitanje: Jel ti je AltBinz neki program koji koristis ili ti nije poznato?

Profil

Acid_Burn Poslao: 07 Jun 2008 21:53 Idi na vrh
offline Acid_Burn Moderator foruma Glavni moderator foruma Zabava Hellraiser Demon to some. Angel to others Pridružio: 07 Jan 2005 Poruke: 25503 Gde živiš: Beneath the Black Sky	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! bobby ::Jel ti je AltBinz neki program koji koristis ili ti nije poznato? Da on mi sluzi sa skidanje sa news servera a sa njim je vezan i program stunnel....

Profil

bobby Poslao: 07 Jun 2008 22:00 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Probaj da mi posaljes sledeca dva fajla na proveru: C:\Users\Siki\AppData\Local\Temp\DVD.exe C:\Windows\winudpmgr.exe Upload uradi preko sledece forme: http://www.mycity.rs/ambulanta-upload.php Kako su oba ta fajla u upotrebi, mozda neces moci direktno da ih uploadujes, pa ih zato prvo spakuj u jedan ZIP.

Profil

Acid_Burn Poslao: 07 Jun 2008 22:10 Idi na vrh
offline Acid_Burn Moderator foruma Glavni moderator foruma Zabava Hellraiser Demon to some. Angel to others Pridružio: 07 Jan 2005 Poruke: 25503 Gde živiš: Beneath the Black Sky	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hmm ne mogu nikako ova dva fajla da nadjem....ukljucio sam i prikaz skrivenih fajlova ali ih nema.... Evo screenova....

Profil

bobby Poslao: 07 Jun 2008 22:17 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Probacemo nesto, mada nisam siguran kako ce da radi posto nemam nekog iskustva sa Vistom. Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\Users\Siki\AppData\Local\Temp\DVD.exe C:\Windows\winudpmgr.exe Driver:: DVD` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Acid_Burn Poslao: 07 Jun 2008 22:44 Idi na vrh
offline Acid_Burn Moderator foruma Glavni moderator foruma Zabava Hellraiser Demon to some. Angel to others Pridružio: 07 Jan 2005 Poruke: 25503 Gde živiš: Beneath the Black Sky	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-06-07.1 - Siki 2008-06-07 22:24:10.2 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1233 [GMT 2:00] Running from: C:\Users\Siki\Desktop\ComboFix.exe Command switches used :: C:\Users\Siki\Desktop\CFScript.txt . ((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 ))))))))))))))))))))))))))))))) . 2008-06-05 15:53 . 2008-06-05 15:53 39,918 -r-hs---- C:\Windows\winudpmgr.exe 2008-06-05 07:34 . 2008-06-05 07:34 <DIR> d-------- C:\Users\All Users\Sandlot Games 2008-06-05 07:34 . 2008-06-05 07:34 <DIR> d-------- C:\ProgramData\Sandlot Games 2008-06-05 07:34 . 2008-06-05 07:34 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared 2008-06-01 08:05 . 2008-06-01 14:42 <DIR> d-------- C:\Users\Siki\AppData\Roaming\Xfire 2008-06-01 08:05 . 2008-06-03 05:54 <DIR> d-------- C:\Users\All Users\Xfire 2008-06-01 08:05 . 2008-06-03 05:54 <DIR> d-------- C:\ProgramData\Xfire 2008-06-01 08:05 . 2008-06-01 08:12 <DIR> d-------- C:\Program Files\Xfire 2008-05-27 17:54 . 2008-05-27 17:54 <DIR> d-------- C:\Users\Siki\AppData\Roaming\EA 2008-05-27 17:53 . 2008-05-27 17:53 <DIR> d-------- C:\Users\All Users\EA 2008-05-27 17:53 . 2008-05-27 17:53 <DIR> d-------- C:\ProgramData\EA 2008-05-23 21:31 . 2008-05-23 21:31 <DIR> d-------- C:\Program Files\stunnel 2008-05-23 21:29 . 2008-06-05 19:59 16 --a------ C:\Windows\popcinfo.dat 2008-05-23 21:13 . 2008-05-23 21:13 <DIR> d-------- C:\Windows\SSMaui Wowee 2008-05-23 21:13 . 1999-02-16 08:02 49,664 --a------ C:\Windows\SSMaui Wowee.scr 2008-05-23 21:11 . 2004-09-20 16:00 802,816 --a------ C:\Windows\FeedingFrenzy.scr 2008-05-23 21:11 . 2005-01-07 11:39 57,344 --a------ C:\Windows\System32\Big Kahuna Reef.scr 2008-05-23 21:10 . 2005-08-03 13:48 389,120 --a------ C:\Windows\Adventure Inlay.scr 2008-05-21 19:02 . 2008-05-21 19:02 <DIR> d-------- C:\Users\Siki\AppData\Roaming\GameHouse 2008-05-21 19:02 . 2008-05-21 19:02 <DIR> d-------- C:\Users\All Users\n7-89-o9-3r-4t-r9 2008-05-21 19:02 . 2008-05-21 19:02 <DIR> d-------- C:\ProgramData\n7-89-o9-3r-4t-r9 2008-05-21 15:54 . 2004-11-11 13:28 18,004 --a------ C:\Windows\System32\drivers\slnt.sys 2008-05-21 15:52 . 2008-05-21 15:52 <DIR> d-------- C:\Windows\silan 2008-05-21 15:52 . 2003-11-20 12:58 18,004 --a------ C:\Windows\System32\slnt.sys 2008-05-21 15:52 . 2003-11-07 11:05 12,653 --a------ C:\Windows\sl95.sys 2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\Windows\System32\xfcodec.dll 2008-05-12 20:09 . 2008-05-12 20:09 <DIR> d-------- C:\Windows\System32\Lang 2008-05-12 20:06 . 2008-05-12 20:06 <DIR> d-------- C:\Users\Siki\{8d7a5308-bfe3-4a43-b072-86357c6799a2} 2008-05-12 20:05 . 2008-05-12 20:05 <DIR> d-------- C:\Windows\System32\RTCOM 2008-05-12 20:05 . 2006-05-16 18:04 2,879,488 --a------ C:\Windows\SkyTel.exe 2008-05-12 20:05 . 2006-03-09 17:45 364,544 --a------ C:\Windows\RtlUpd.exe 2008-05-12 20:05 . 2006-01-10 13:58 266,240 --a------ C:\Windows\System32\RTSndMgr.Cpl 2008-05-12 20:05 . 2005-10-31 18:17 135,168 --a------ C:\Windows\System32\RtlCPAPI.dll 2008-05-12 20:05 . 2006-05-04 16:22 86,016 --a------ C:\Windows\SoundMan.exe 2008-05-12 20:05 . 2005-07-15 16:48 40,960 --a------ C:\Windows\System32\ChCfg.exe 2008-05-12 20:04 . 2008-05-12 20:04 <DIR> d-------- C:\Program Files\Realtek 2008-05-12 20:04 . 2006-05-27 10:47 16,208,384 --a------ C:\Windows\RTHDCPL.exe 2008-05-12 20:04 . 2006-05-04 16:35 9,709,568 --a------ C:\Windows\RTLCPL.exe 2008-05-12 20:04 . 2006-05-26 13:20 4,279,296 --a------ C:\Windows\System32\drivers\RtkHDAud.Sys 2008-05-12 20:04 . 2006-05-04 16:26 2,808,832 --a------ C:\Windows\alcwzrd.exe 2008-05-12 20:04 . 2006-03-10 19:32 2,158,592 --a------ C:\Windows\MicCal.exe 2008-05-12 20:04 . 2005-04-16 22:20 487,424 --a------ C:\Windows\RtlExUpd.dll 2008-05-12 20:04 . 2005-09-21 10:25 299,008 --a------ C:\Windows\System32\ALSndMgr.Cpl 2008-05-12 20:04 . 2005-05-03 18:43 69,632 --a------ C:\Windows\Alcmtr.exe 2008-05-12 20:02 . 2008-05-12 20:02 <DIR> d-------- C:\Program Files\Realtek Sound Manager 2008-05-12 20:02 . 2008-05-12 20:02 <DIR> d-------- C:\Program Files\AvRack 2008-05-12 20:02 . 2001-07-05 18:19 164 -r------- C:\Windows\avrack.ini 2008-05-12 20:01 . 2008-05-12 20:01 <DIR> d-------- C:\Program Files\Realtek AC97 2008-05-12 20:01 . 2006-03-20 05:48 315,392 -r------- C:\Windows\alcupd.exe 2008-05-12 20:01 . 2005-11-18 05:20 217,088 -r------- C:\Windows\alcrmv.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-07 19:51 --------- d-----w C:\ProgramData\DVD Shrink 2008-06-07 19:47 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-06-07 19:47 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-06-07 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-05 18:14 --------- d---a-w C:\ProgramData\TEMP 2008-06-03 13:24 --------- d-----w C:\Users\Siki\AppData\Roaming\uTorrent 2008-05-30 19:04 --------- d-----w C:\Program Files\FlashGet 2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys 2008-05-05 20:33 --------- d-----w C:\ProgramData\Ubisoft 2008-05-05 20:32 22,328 ----a-w C:\Users\Siki\AppData\Roaming\PnkBstrK.sys 2008-05-05 20:32 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe 2008-05-05 20:30 --------- d-----w C:\Program Files\DriverCleanerDotNET 2008-04-27 15:44 --------- d-----w C:\ProgramData\Nero 2008-04-27 15:44 --------- d-----w C:\Program Files\Common Files\Ahead 2008-04-24 16:32 --------- d-----w C:\Program Files\Unlocker 2008-04-24 15:12 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-24 14:57 --------- d-----w C:\Users\Siki\AppData\Roaming\CDBurnerXP_Soft 2008-04-24 14:52 --------- d-----w C:\Program Files\Nero 2008-04-24 14:52 --------- d-----w C:\Program Files\Common Files\Nero 2008-04-19 19:05 --------- d-----w C:\Users\Siki\AppData\Roaming\Microsoft Games 2008-04-19 18:56 --------- d-----w C:\Program Files\Common Files\Microsoft Games 2008-04-19 18:15 --------- d-----w C:\Program Files\Microsoft Games 2008-04-12 06:28 --------- d-----w C:\Program Files\Google 2008-03-20 04:56 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-01-26 23:05 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-06-07_21.21.23,09 ))))))))))))))))))))))))))))))))))))))))) . + 2008-06-07 19:43:47 10,134 ----a-r C:\Windows\Installer\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\ARPPRODUCTICON.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:33 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464] "KMCONFIG"="C:\Program Files\Trust\Trust R-Series Keyboard\StartAutorun.exe" [2007-03-06 14:51 212992] "RTHDCPL"="RTHDCPL.EXE" [2006-05-27 10:47 16208384 C:\Windows\RTHDCPL.exe] "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208] C:\Users\Siki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ altbinz.lnk - C:\Program Files\AltBinz\altbinz.exe [2007-09-27 12:14:44 1069568] Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2005-03-01 14:39:43 118784] Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-09 13:00:15 3450608] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 04:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 18:43 69632 C:\Windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-11 18:06 81920 C:\Windows\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] --a------ 2007-12-11 18:06 86016 C:\Windows\system32\nvsvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian] --a------ 2005-09-18 19:40 1421824 C:\Program Files\PeerGuardian2\pg2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-01-27 00:50 1232896 C:\Program Files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2007-06-25 22:42 1006264 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows UDP Control Center] -r-hs---- 2008-06-05 15:53 39918 C:\Windows\winudpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] --a------ 2006-11-02 14:32 2159104 C:\Windows\System32\oobefldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2006-11-02 14:33 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-690428932-4065060906-875063553-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{797B56FA-9440-4B44-8D26-54835DFC06A9}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet "UDP Query User{DD55FB16-E5EC-4654-A6BA-D6AA34A39923}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet "{2299C258-5274-43D0-8526-3CC4D7A4FC22}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "{FAEF3C19-F823-4108-B01B-5B86AAA01C48}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "{9194C592-D687-45E1-99FB-11787ED459D8}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{338F6580-5C98-4D49-B8F9-9A040BAEA164}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{D5873FDF-74A8-4C00-A539-35DF687C7842}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{034B5F9F-B134-4C34-BF75-6571E5E4D5D2}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{A7A48A7D-15CB-45EF-80E7-8A4DACF307FF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{70EEC4B3-07EC-43FA-95E6-3A84E4898B79}C:\\program files\\stunnel\\stunnel.exe"= UDP:C:\program files\stunnel\stunnel.exe:stunnel "UDP Query User{A67452D4-C2BD-4251-ABE5-A2B4584C3044}C:\\program files\\stunnel\\stunnel.exe"= TCP:C:\program files\stunnel\stunnel.exe:stunnel "{577FFDCF-345E-4BB4-89E4-6DA75AF6E01E}"= UDP:E:\Games\Bin32\Crysis.exe:Crysis_32 "{DEC8E4A7-1C58-4294-9B19-D35EC7BCC4BD}"= TCP:E:\Games\Bin32\Crysis.exe:Crysis_32 "{F62DED0F-5D70-4298-BFC9-4E25737C3DEA}"= UDP:E:\Games\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{93AE53CD-637B-4D20-AA50-AC106FE09CCE}"= TCP:E:\Games\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "TCP Query User{E442FD3C-D670-4635-A501-4978860D1B2A}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire "UDP Query User{40607226-F71A-469E-89C0-575A41F0EA26}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire "{94C53DDC-6413-472A-8A29-B392E391F8C9}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "{0A23AAE0-5FF0-4CB7-8403-B0FCB2D44B04}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "{DCED08CE-11EA-451D-87ED-5E56F5E88436}"= UDP:E:\Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{682603B8-AFCD-4323-ABE6-F864774B3C58}"= TCP:E:\Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18] R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Trust\Trust R-Series Keyboard\KMWDSrv.exe [2007-04-05 10:29] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31] S3 DVD;DVD;C:\Users\Siki\AppData\Local\Temp\DVD.exe [] S3 slnt;Realtek Rtl-8139d PCI Fast Ethernet Adapter;C:\Windows\system32\DRIVERS\slnt.sys [2004-11-11 13:28] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] \shell\AutoRun\command - K:\Setup\rsrc\autorun.exe \shell\dinstall\command - K:\Directx\dxsetup.exe Newly Created Service - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-07 22:40:19 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Users\Siki\AppData\Local\Microsoft\Messenger\legija84@hotmail.com\SharingMetadata\Logs\Dfsr00004.log.gz 241044 bytes scan completed successfully hidden files: 1 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll . Completion time: 2008-06-07 22:41:04 ComboFix-quarantined-files.txt 2008-06-07 20:41:01 ComboFix2.txt 2008-06-07 19:21:45 Pre-Run: 1,120,088,064 bytes free Post-Run: 1,100,972,032 bytes free 200 --- E O F --- 2008-03-07 15:46:23 Vidim da opet pise u logu dvd.exe ali opet nema tog fajla u direktorijumu....

Profil

bobby Poslao: 07 Jun 2008 22:53 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokreni ponovo skeniranje HijackThisom i stikliraj polje ispred sledecih linija: O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe O23 - Service: DVD - Unknown owner - C:\Users\Siki\AppData\Local\Temp\DVD.exe (file missing) klikni Fix checked Restartuj komp, pa skeniraj ponovo. Javi da li su linije uspesno uklonjene.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Trojanac mozda....

Ko je trenutno na forumu

Ukupno su 908 korisnika na forumu :: 41 registrovanih, 6 sakrivenih i 861 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Amigdala, anta, Bobrock1, Boris90, cenejac111, darkojbn, debeli, Dimitrise93, djboj, dragoljub11987, flash12, GenZee, HrcAk47, ILGromovnik, Karla, kuntalo, Leonov, Lieutenant, mercedesamg, miodrag, Mlav, nebkv, nebojsag, nenad81, Oscar2, Parker, pavlo, radoznao, rajkoplje, sasa87, Simon simonović, Sirius, Skywhaler, Steeeefan, styg, Sumadija34, TheBeastOfMG, Toper, Trpe Grozni, žeks62

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by