MyCity » Ambulanta -> Arhiva Ambulante » Zlob

Zlob

Napisano na dan: 29.4.2010

Zlob
Sledeća strana Pagination

Idi na vrh

Poslao: 29 Apr 2010 07:29
Idi na vrh
offline
  • Pridružio: 20 Apr 2009
  • Poruke: 12
  • Gde živiš: U zgradi

Napisano: 29 Apr 2010 7:12

Pozdrav,pre neki dan sam sasvim slucajno primetio u pretrazi(spybot-search&destroy)datoteku Zlob.downloader.bs i jos nekoliko koje pocinju sa Zlob ali ne mogu da stignem da vidim sta dalje pise.http://www.speedtest.net/result/202722121.png.
Ni jedan program nije detektovao nista(Malwarebaytes'Anti-Malware,Spybot,Avast!4.8 professional,Rising pc doctor..
Interesuje me da li mi je zarazen komp i da li se moze uraditi nesto?Komp dosta dobro radi samo sto mi kursor cesto poludi..

Unapred hvala!

Dopuna: 29 Apr 2010 7:29

DDS (Ver_10-03-17.01) - NTFSx86
Run by --Vlado-- at 7:29:03,47 on cet 29.04.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.177 [GMT 2:00]

AV: avast! antivirus 4.8.1368 [VPS 100428-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Rising\AntiSpyware\rstray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe

============== Pseudo HJT Report ===============

uStart Page = [Link mogu videti samo ulogovani korisnici]
uSearch Page =
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Rising PC Doctor: {98b7c13a-e9cd-4959-8b46-fbeab41e42a8} - c:\windows\system32\UrlFilter.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} -
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [runeip] "c:\program files\rising\antispyware\rstray.exe" /startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRunOnce: [KKDelay] c:\program files\rising\antispyware\RunOnce.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
IE: &Search - ?p=ZKfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [Link mogu videti samo ulogovani korisnici]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [Link mogu videti samo ulogovani korisnici]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: kmon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Authentication Packages = msv1_0 nwprovau
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\--vlad~1\applic~1\mozilla\firefox\profiles\wa3so7jp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections-per-server - 8
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-4 114768]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-4 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-11-4 138680]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-22 54752]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-12-18 1044808]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-4 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-11-4 352920]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 Kwinzy Service;Kwinzy Service; [x]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2010-04-28 20:26:16 0 d-----w- c:\docume~1\alluse~1\applic~1\espionServerData
2010-04-28 20:11:49 0 d-----w- c:\program files\common files\Macrovision Shared
2010-04-28 19:08:35 306688 ----a-w- c:\windows\IsUninst.exe
2010-04-28 18:37:45 0 d-----w- c:\windows\_ISTMP2.DIR
2010-04-28 18:37:45 0 d-----w- c:\windows\_ISTMP1.DIR
2010-04-28 18:37:45 0 d-----w- C:\_ISTMP4.DIR
2010-04-28 18:37:45 0 d-----w- C:\_ISTMP3.DIR
2010-04-28 18:37:45 0 d-----w- C:\_ISTMP2.DIR
2010-04-28 18:37:45 0 d-----w- C:\_ISTMP1.DIR
2010-04-28 14:57:04 0 d-----w- c:\program files\common files\Jasc Software Inc
2010-04-28 14:56:54 0 d-----w- c:\docume~1\--vlad~1\applic~1\Jasc Software Inc
2010-04-28 14:53:49 0 d-----w- c:\program files\Jasc Software Inc
2010-04-28 12:03:49 0 d-----w- c:\docume~1\alluse~1\applic~1\HideIPEasy
2010-04-28 12:03:49 0 d-----w- c:\docume~1\--vlad~1\applic~1\HideIPEasy
2010-04-27 22:06:51 0 d-----w- c:\docume~1\--vlad~1\applic~1\Publish Providers
2010-04-27 21:43:08 0 d-----w- c:\docume~1\--vlad~1\applic~1\Sony
2010-04-27 21:40:58 0 d-----w- c:\program files\Sony
2010-04-27 11:11:35 0 d-----w- c:\program files\Microsoft Expression
2010-04-27 11:07:16 39 ----a-w- c:\windows\vbaddin.ini
2010-04-27 11:06:19 162 ----a-w- c:\windows\ODBC.INI
2010-04-27 11:01:05 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-27 10:55:35 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-04-26 18:16:57 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-26 16:28:52 0 d-----w- C:\MFT 16168
2010-04-26 16:25:42 0 d-----w- C:\MFT 14672
2010-04-26 16:25:07 0 d-----w- C:\MFT 17197
2010-04-26 15:12:25 0 d-----w- C:\MFT 3521
2010-04-25 18:49:28 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-25 18:49:26 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-25 18:49:04 0 d-----w- c:\program files\TuneUp Utilities 2010
2010-04-25 17:51:27 0 d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-25 15:21:54 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-18 19:07:03 0 d-----r- c:\documents and settings\--vlado--\Favorites
2010-04-08 21:10:46 0 d-----w- c:\docume~1\--vlad~1\applic~1\DAEMON Tools Lite
2010-04-08 21:10:25 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-04-08 20:56:39 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2010-04-08 20:51:25 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-08 20:51:16 0 d-----w- c:\docume~1\--vlad~1\applic~1\DAEMON Tools Pro
2010-04-08 17:09:58 0 d-----w- c:\program files\Vuze
2010-04-06 14:41:40 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-03 16:50:35 0 d-----w- c:\docume~1\--vlad~1\applic~1\DivX
2010-04-03 16:50:24 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-04-03 16:50:24 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-03 16:50:01 0 d-----w- c:\program files\common files\DivX Shared
2010-04-03 16:44:14 0 d-----w- c:\program files\DivX
2010-04-03 16:42:15 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-03-31 01:58:24 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

==================== Find3M ====================

2010-03-31 01:58:04 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58:04 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-17 09:57:54 2063744 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 17:37:57 2186880 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 04:47:05 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-10-29 18:28:28 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 7:29:27,90 ===============


[Link mogu videti samo ulogovani korisnici]



Poslao: 29 Apr 2010 07:46
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav.

Nisi ispratio uputstvo za otvaranje teme do kraja.

-> [Link mogu videti samo ulogovani korisnici]

Obrati paznju na Korak #3: i postavi potrebne logove.



Poslao: 29 Apr 2010 17:05
Idi na vrh
offline
  • Pridružio: 20 Apr 2009
  • Poruke: 12
  • Gde živiš: U zgradi

Napisano: 29 Apr 2010 8:15

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

Dopuna: 29 Apr 2010 17:05

U svakom slucaju video sam da je detektovao prisustvo (Rootkit je u pitanju)Kako da ga se resim jer je ocigledno da me neko spijunira?!Ili sta vec?

Poslao: 30 Apr 2010 13:38
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Izvinjavam se sto si malo cekao na moj odgovor.

Ajmo:

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

MyCity » Ambulanta -> Arhiva Ambulante » Zlob

Ko je trenutno na forumu
 

Ukupno su 2392 korisnika na forumu :: 85 registrovanih, 3 sakrivenih i 2304 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 13297 - dana 20 Jan 2026 17:42

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 6.5lapua, aleksmajstor, Apok, ArchaBasha, Aristotle2002, Aska, awathorn, Ba4e, Blair, Bojke549, Bubimir, BUDDAR70, d.arsenal321, dejno, draganca, draganl, Džekson, Fabius, FOX, GandorCC, GeoM, GT, GveX, ikan, Jager715510, jalos, Jaz, Joksss, JOntra, Južnjak, Kajzer Soze, Kobrim, kolateralnasteta, Kriglord, Kubovac, laurusri, littlebunny, ljuba.b, Lotus, Malahit, MarijaC84, Marko00, mercedesamg, Miki01, Mikisha, mikrimaus, milos97, Mis uz pusku, Misirac, mist-mist, mkukoleca, nesa1962, nobutado, opt1, Orc, Otto Grunf, Parker, pceklic, pein, peradetlić, Pero, Povratak1912, proka89, razumihin, repac, RJ, SamoGledam, shone34, shota91, Sin Boskic, Skywhaler, Solunac na steroidima, spot4chulle, Srki98, Stanislav1970, stevanito, Szigetwar, Tamo neko, Velibor Radoja, Velizar, vlad4, Vlada1389, vukajlo71, Zoran1959, zziko