MyCity » Ambulanta -> Arhiva Ambulante » [bobby]Web strane

[bobby]Web strane

Napisano na dan: 28.6.2008

Strana:
1
2

[bobby]Web strane

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Dejan123 Poslao: 28 Jun 2008 20:26 Idi na vrh
offline Dejan123 Počasni građanin Pridružio: 29 Avg 2005 Poruke: 720 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 8:15:41 PM, on 6/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20627) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Admin\Desktop\New Folder\nacika.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {0CFF493C-5ED3-4D24-BF90-8D529D22395F} - C:\WINDOWS\system32\tuvWnKDw.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A1E716C4-D172-4FCB-9C66-21BEF1DD2D44} - C:\WINDOWS\system32\mlJAtqoN.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [BMdf8fa7b8] Rundll32.exe "C:\WINDOWS\system32\ykidecws.dll",s O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici] O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]*\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O11 - Options group: [INTERNATIONAL] International O11 - Options group: [TABS] Tabbed Browsing O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: mlJAtqoN - mlJAtqoN.dll (file missing) O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe Problem je sledeci... na drugom kompu ne mogu da otvaram odredjene sajtove ( yahoo mail, google results itd ) probao sam IE, firefox , operu ali isti problem, jednostavno ne ucitava stranu ISP: SBB ( kazu da do njih nije kvar )

Profil

bobby Poslao: 28 Jun 2008 21:32 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Dejan123 Poslao: 29 Jun 2008 12:56 Idi na vrh
offline Dejan123 Počasni građanin Pridružio: 29 Avg 2005 Poruke: 720 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-06-20.4 - Admin 2008-06-29 12:46:03.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.584 [GMT 2:00] Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\vtmp2 C:\Temp\vtmp2\ktnv33.log C:\WINDOWS\BMdf8fa7b8.xml C:\WINDOWS\Fonts\a.zip C:\WINDOWS\pskt.ini C:\WINDOWS\system32\apesvhmj.dll C:\WINDOWS\system32\audwwqgt.ini C:\WINDOWS\system32\dtwwgxtj.dll C:\WINDOWS\system32\fuvecyma.ini C:\WINDOWS\system32\hwveqsqj.ini C:\WINDOWS\system32\jtxgwwtd.ini C:\WINDOWS\system32\lhujjucg.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\nlncikqt.ini C:\WINDOWS\system32\npddaedi.ini C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\pskill.exe C:\WINDOWS\system32\tjqaokhc.ini C:\WINDOWS\system32\tvtsqdfk.ini C:\WINDOWS\system32\wDKnWvut.ini C:\WINDOWS\system32\wDKnWvut.ini2 C:\WINDOWS\system32\ykidecws.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_NETWORK_MONITOR ((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))) . 2008-06-29 12:49 . 2008-06-29 12:49 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-06-29 12:48 . 2008-06-29 12:48 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-06-28 19:50 . 2008-06-28 19:50 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-06-28 19:50 . 2008-06-29 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-28 19:50 . 2008-06-29 12:48 1,437,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-28 19:50 . 2008-06-29 12:49 270,368 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-28 19:50 . 2008-06-28 20:03 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-06-28 19:50 . 2008-06-28 20:03 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-06-28 19:50 . 2008-06-29 12:48 13,356 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-28 19:50 . 2008-06-29 12:49 2,004 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-06-26 00:15 . 2008-06-26 00:18 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Mount&Blade 2008-06-26 00:14 . 2008-06-27 16:35 <DIR> d-------- C:\Program Files\Mount&Blade 2008-06-22 21:00 . 2008-06-22 21:00 <DIR> d-------- C:\Program Files\Activision 2008-06-22 20:57 . 2008-06-22 20:57 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-06-22 20:52 . 2008-06-22 20:52 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\DAEMON Tools 2008-06-22 20:52 . 2008-06-22 20:52 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-06-15 10:17 . 2008-06-15 10:17 <DIR> d-------- C:\Program Files\Ali Keshavarz 2008-06-14 21:20 . 2008-06-28 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-06-10 11:36 . 2008-06-18 19:38 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Winamp 2008-06-10 11:30 . 2008-06-10 11:37 <DIR> d-------- C:\Program Files\Winamp 2008-06-08 15:38 . 2008-06-08 15:40 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2008-06-08 15:38 . 2008-06-08 15:38 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\SystemRequirementsLab 2008-06-08 13:56 . 2008-06-08 13:56 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2008-06-07 09:14 . 2008-06-07 09:14 32,764 --a------ C:\WINDOWS\17PHolmes1188.exe 2008-06-06 17:48 . 2008-06-06 17:48 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-06-06 17:40 . 2008-06-07 15:47 <DIR> d--hs---- C:\WINDOWS\VXNlcg 2008-06-06 17:39 . 2008-06-15 10:07 <DIR> d-------- C:\WINDOWS\system32\zabD 2008-06-06 17:39 . 2008-06-15 00:19 <DIR> d-------- C:\WINDOWS\system32\vntiho18 2008-06-06 17:39 . 2008-06-15 00:20 <DIR> d-------- C:\WINDOWS\system32\izo 2008-06-06 17:39 . 2008-06-29 12:46 <DIR> d-------- C:\Temp 2008-06-06 17:31 . 2008-06-14 11:28 <DIR> d-------- C:\Program Files\BrowsingEnhancer 2008-06-06 17:29 . 2008-06-10 09:50 <DIR> d-------- C:\Program Files\FBrowsingAdvisor 2008-06-06 17:29 . 2008-06-06 17:30 <DIR> d-------- C:\Program Files\FBrowserAdvisor 2008-06-04 15:02 . 2008-06-04 15:03 <DIR> d-------- C:\Program Files\Spider-Man 2 2008-06-01 17:58 . 2008-06-01 18:04 <DIR> d-------- C:\Program Files\Durex game 2008-06-01 17:58 . 2008-06-01 17:58 <DIR> d-------- C:\Program Files\Durex 2008-06-01 17:58 . 2000-09-09 16:25 650,685 --a------ C:\WINDOWS\screenSaver_.flc 2008-06-01 17:58 . 2000-09-09 18:46 406,771 --a------ C:\WINDOWS\Durex Sperm Screensaver.scr 2008-06-01 17:58 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-06-01 17:58 . 2000-05-03 13:20 282,112 --a------ C:\WINDOWS\Cncs232.dll 2008-06-01 17:54 . 2008-06-01 18:05 607 --a------ C:\WINDOWS\cncscore.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-28 17:44 --------- d-----w C:\Program Files\LimeWire 2008-06-23 13:19 --------- d-----w C:\Documents and Settings\Admin\Application Data\uTorrent 2008-06-22 19:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-22 19:00 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-06-20 11:14 --------- d-----w C:\Program Files\The Dark Legions 2008-06-19 20:12 --------- d-----w C:\Documents and Settings\Admin\Application Data\LimeWire 2008-06-18 20:29 --------- d-----w C:\Documents and Settings\Admin\Application Data\Nettalk 2008-06-16 16:25 --------- d-----w C:\Program Files\Battleship 2008-06-15 09:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-11 20:05 --------- d-----w C:\Program Files\Omerta Script 2008-06-11 08:48 --------- d-----w C:\Program Files\8BallClub 2008-06-10 09:19 --------- d-----w C:\Program Files\War Chess 2008-06-08 13:13 --------- d-----w C:\Program Files\uTorrent 2008-05-28 06:30 --------- d-----w C:\Program Files\Nettalk6 2008-05-27 18:39 --------- d-----w C:\Documents and Settings\Admin\Application Data\BSplayer Pro 2008-05-25 10:21 --------- d-----w C:\Documents and Settings\Admin\Application Data\PC Suite 2008-05-24 10:20 --------- d-----w C:\Program Files\Nokia 2008-04-29 19:05 --------- d-----w C:\Program Files\Rockstar Games 2008-04-25 16:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll 2008-02-22 17:32 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2008-02-26 19:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2008-02-26 19:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2008-02-26 19:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008022620080227\index.dat 2008-02-26 19:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat 2005-07-29 14:24 472 --sha-r C:\WINDOWS\VXNlcg\prh5w0.vbs . ------- Sigcheck ------- 2007-12-27 23:34 360704 90671a9a8f189262be5224c497c2e0c7 C:\WINDOWS\system32\drivers\tcpip.sys 2007-12-27 23:39 2221824 86889d12db125d402d618ed36bf7e166 C:\WINDOWS\system32\ntkrnlpa.exe 2007-12-27 23:34 2345216 31610d15a02ce89554172a03e5268efa C:\WINDOWS\system32\ntoskrnl.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CFF493C-5ED3-4D24-BF90-8D529D22395F}] C:\WINDOWS\system32\tuvWnKDw.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] 2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 06:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 19:49 88363 C:\WINDOWS\AGRSMMSG.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 13:03 94208 C:\WINDOWS\KHALMNPR.Exe] "BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" [] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-22 22:05 344064] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-12-27 23:33 124928 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Shortcut to RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2008-02-26 21:07:40 495616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJAtqoN] mlJAtqoN.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-21 08:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\8BallClub\\GameDirector.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29] R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2006-02-26 17:21] R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 14:55] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 06:00] R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-26 21:00] S3 vmmouse;VMware Pointing Device;C:\WINDOWS\system32\DRIVERS\vmmouse.sys [2007-05-02 04:21] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register . Contents of the 'Scheduled Tasks' folder "2008-06-27 15:16:53 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe "2008-06-29 09:58:31 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-06-29 12:49:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************ . Completion time: 2008-06-29 12:52:16 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-29 10:52:14 Pre-Run: 15,061,327,872 bytes free Post-Run: 15,305,412,608 bytes free 205

Profil

bobby Poslao: 29 Jun 2008 13:08 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\tuvWnKDw.dll C:\WINDOWS\system32\mlJAtqoN.dll C:\WINDOWS\17PHolmes1188.exe Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CFF493C-5ED3-4D24-BF90-8D529D22395F}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJAtqoN] DirLook:: C:\WINDOWS\VXNlcg C:\WINDOWS\system32\zabD C:\WINDOWS\system32\vntiho18 C:\WINDOWS\system32\izo` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Jel ti to imas maticnu sa nVidia chipsetom a ATi graficku?

Profil

Dejan123 Poslao: 29 Jun 2008 13:17 Idi na vrh
offline Dejan123 Počasni građanin Pridružio: 29 Avg 2005 Poruke: 720 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! kaze windows cannot access the specified device, path or file. you may not have the appropriate premissions to access te item.

Profil

bobby Poslao: 29 Jun 2008 13:31 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kada to kaze? Kod prevlacenja skripta na ikonicu ComboFixa ili u toku rada ComboFixa?

Profil

Dejan123 Poslao: 29 Jun 2008 13:35 Idi na vrh
offline Dejan123 Počasni građanin Pridružio: 29 Avg 2005 Poruke: 720 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! kad se prevuce, btw i ja sam se cudio sto su uzeli takvu konfiguraciju al jbg....

Profil

bobby Poslao: 29 Jun 2008 13:40 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hmmm... mozes li da probas ponovo. Proveri i da nemas duplih ekstenzija na ta dva fajla (CFScript i ComboFix). Ja ne mogu sada nista vise da pomognem do veceras jer moram da izadjem iz stana. Ako ti je hitno, cimnucu nekoga da preuzme.

Profil

Dejan123 Poslao: 29 Jun 2008 16:22 Idi na vrh
offline Dejan123 Počasni građanin Pridružio: 29 Avg 2005 Poruke: 720 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ma nema frke, veceras Dopuna: 29 Jun 2008 16:09 evo loga ComboFix 08-06-20.4 - Admin 2008-06-29 16:02:06.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.613 [GMT 2:00] Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\17PHolmes1188.exe C:\WINDOWS\system32\mlJAtqoN.dll C:\WINDOWS\system32\tuvWnKDw.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\17PHolmes1188.exe . ((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))) . 2008-06-29 12:49 . 2008-06-29 12:49 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-06-29 12:48 . 2008-06-29 12:48 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-06-28 19:50 . 2008-06-28 19:50 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-06-28 19:50 . 2008-06-29 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-28 19:50 . 2008-06-29 15:50 2,347,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-28 19:50 . 2008-06-29 15:47 278,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-28 19:50 . 2008-06-28 20:03 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-06-28 19:50 . 2008-06-28 20:03 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-06-28 19:50 . 2008-06-29 15:50 20,468 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-28 19:50 . 2008-06-29 15:51 2,032 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-06-26 00:15 . 2008-06-26 00:18 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Mount&Blade 2008-06-26 00:14 . 2008-06-27 16:35 <DIR> d-------- C:\Program Files\Mount&Blade 2008-06-22 21:00 . 2008-06-22 21:00 <DIR> d-------- C:\Program Files\Activision 2008-06-22 20:57 . 2008-06-22 20:57 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-06-22 20:52 . 2008-06-22 20:52 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\DAEMON Tools 2008-06-22 20:52 . 2008-06-22 20:52 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-06-15 10:17 . 2008-06-15 10:17 <DIR> d-------- C:\Program Files\Ali Keshavarz 2008-06-14 21:20 . 2008-06-28 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-06-10 11:36 . 2008-06-18 19:38 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Winamp 2008-06-10 11:30 . 2008-06-10 11:37 <DIR> d-------- C:\Program Files\Winamp 2008-06-08 15:38 . 2008-06-08 15:40 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2008-06-08 15:38 . 2008-06-08 15:38 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\SystemRequirementsLab 2008-06-08 13:56 . 2008-06-08 13:56 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2008-06-06 17:48 . 2008-06-06 17:48 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-06-06 17:40 . 2008-06-07 15:47 <DIR> d--hs---- C:\WINDOWS\VXNlcg 2008-06-06 17:39 . 2008-06-15 10:07 <DIR> d-------- C:\WINDOWS\system32\zabD 2008-06-06 17:39 . 2008-06-15 00:19 <DIR> d-------- C:\WINDOWS\system32\vntiho18 2008-06-06 17:39 . 2008-06-15 00:20 <DIR> d-------- C:\WINDOWS\system32\izo 2008-06-06 17:39 . 2008-06-29 12:46 <DIR> d-------- C:\Temp 2008-06-06 17:31 . 2008-06-14 11:28 <DIR> d-------- C:\Program Files\BrowsingEnhancer 2008-06-06 17:29 . 2008-06-10 09:50 <DIR> d-------- C:\Program Files\FBrowsingAdvisor 2008-06-06 17:29 . 2008-06-06 17:30 <DIR> d-------- C:\Program Files\FBrowserAdvisor 2008-06-04 15:02 . 2008-06-04 15:03 <DIR> d-------- C:\Program Files\Spider-Man 2 2008-06-01 17:58 . 2008-06-01 18:04 <DIR> d-------- C:\Program Files\Durex game 2008-06-01 17:58 . 2008-06-01 17:58 <DIR> d-------- C:\Program Files\Durex 2008-06-01 17:58 . 2000-09-09 16:25 650,685 --a------ C:\WINDOWS\screenSaver_.flc 2008-06-01 17:58 . 2000-09-09 18:46 406,771 --a------ C:\WINDOWS\Durex Sperm Screensaver.scr 2008-06-01 17:58 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-06-01 17:58 . 2000-05-03 13:20 282,112 --a------ C:\WINDOWS\Cncs232.dll 2008-06-01 17:54 . 2008-06-01 18:05 607 --a------ C:\WINDOWS\cncscore.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-28 17:44 --------- d-----w C:\Program Files\LimeWire 2008-06-23 13:19 --------- d-----w C:\Documents and Settings\Admin\Application Data\uTorrent 2008-06-22 19:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-22 19:00 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-06-20 11:14 --------- d-----w C:\Program Files\The Dark Legions 2008-06-19 20:12 --------- d-----w C:\Documents and Settings\Admin\Application Data\LimeWire 2008-06-18 20:29 --------- d-----w C:\Documents and Settings\Admin\Application Data\Nettalk 2008-06-16 16:25 --------- d-----w C:\Program Files\Battleship 2008-06-15 09:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-11 20:05 --------- d-----w C:\Program Files\Omerta Script 2008-06-11 08:48 --------- d-----w C:\Program Files\8BallClub 2008-06-10 09:19 --------- d-----w C:\Program Files\War Chess 2008-06-08 13:13 --------- d-----w C:\Program Files\uTorrent 2008-05-28 06:30 --------- d-----w C:\Program Files\Nettalk6 2008-05-27 18:39 --------- d-----w C:\Documents and Settings\Admin\Application Data\BSplayer Pro 2008-05-25 10:21 --------- d-----w C:\Documents and Settings\Admin\Application Data\PC Suite 2008-05-24 10:20 --------- d-----w C:\Program Files\Nokia 2008-04-29 19:05 --------- d-----w C:\Program Files\Rockstar Games 2008-04-25 16:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll 2008-02-22 17:32 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2008-02-26 19:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2008-02-26 19:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2008-02-26 19:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008022620080227\index.dat 2008-02-26 19:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat 2005-07-29 14:24 472 --sha-r C:\WINDOWS\VXNlcg\prh5w0.vbs . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\WINDOWS\system32\izo ---- ---- Directory of C:\WINDOWS\system32\vntiho18 ---- ---- Directory of C:\WINDOWS\system32\zabD ---- ---- Directory of C:\WINDOWS\VXNlcg ---- 2005-07-29 16:24 472 -rahs---- C:\WINDOWS\VXNlcg\prh5w0.vbs ------- Sigcheck ------- 2007-12-27 23:34 360704 90671a9a8f189262be5224c497c2e0c7 C:\WINDOWS\system32\drivers\tcpip.sys 2007-12-27 23:39 2221824 86889d12db125d402d618ed36bf7e166 C:\WINDOWS\system32\ntkrnlpa.exe 2007-12-27 23:34 2345216 31610d15a02ce89554172a03e5268efa C:\WINDOWS\system32\ntoskrnl.exe . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-29 10:48:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-29 13:48:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] 2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 06:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 19:49 88363 C:\WINDOWS\AGRSMMSG.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 13:03 94208 C:\WINDOWS\KHALMNPR.Exe] "BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" [] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-22 22:05 344064] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-12-27 23:33 124928 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Shortcut to RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2008-02-26 21:07:40 495616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-21 08:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\8BallClub\\GameDirector.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29] R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2006-02-26 17:21] R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 14:55] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 06:00] R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-26 21:00] S3 vmmouse;VMware Pointing Device;C:\WINDOWS\system32\DRIVERS\vmmouse.sys [2007-05-02 04:21] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp Newly Created Service - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register . Contents of the 'Scheduled Tasks' folder "2008-06-27 15:16:53 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe "2008-06-29 13:56:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-06-29 16:03:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\natasha_bg_92@hotmail.com\SharingMetadata\Working\database_1ADC_BCBD_DCBC_948B\$db_clean$ 0 bytes scan completed successfully hidden files: 1 ************************************************************************ . Completion time: 2008-06-29 16:04:54 ComboFix-quarantined-files.txt 2008-06-29 14:04:46 ComboFix2.txt 2008-06-29 10:52:17 Pre-Run: 13,253,816,320 bytes free Post-Run: 15,280,017,408 bytes free 186 Dopuna: 29 Jun 2008 16:22 sad je prob izgleda resen, al komp je poceo da koci mnogo... u task manageru nema nista zanimljivo, kaspersky je podesen..

Profil

bobby Poslao: 29 Jun 2008 19:23 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ostao je sledeci fajl: C:\WINDOWS\VXNlcg\prh5w0.vbs Otvori ga u Notepadu (nemoj nikako dupli klik na fajl) i iskopiraj mi sadrzaj ovde. Sledece foldere obrisi, trebalo bi da su prazni: C:\WINDOWS\system32\zabD C:\WINDOWS\system32\vntiho18 C:\WINDOWS\system32\izo C:\Temp Dalje, jel postoji na ovom kompu instaliran VMWare? Za svaki slucaj, salji sledeci fajl na proveru: C:\WINDOWS\system32\DRIVERS\vmmouse.sys Uploaduj ga preko sledece forme: [Link mogu videti samo ulogovani korisnici]

Profil

MyCity » Ambulanta -> Arhiva Ambulante » [bobby]Web strane

Ko je trenutno na forumu

Ukupno su 2212 korisnika na forumu :: 60 registrovanih, 3 sakrivenih i 2149 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 5253 - dana 09 Dec 2025 16:26

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 015, amonsrb, Ba4e, babaroga, Ben Roj, Bosnjo, BrcakRS, CikaKURE, Coficab, darionis, DejanSt, Dioniss, Djota1, djuradj, doktor097, Electron, esx66, Filip1, gasha, Georgius, GveX, Hardenberg, hyla, Ibar131, ikan, Jakonjveliki, Jeremiah, Kajzer Soze, Koca Popovic, Kudun, ljuba.b, LostInSpaceandTime, luka35, Magistar78, Markisa, Mi lao shu, miki kv, Milan A. Nikolic, nekdo, Nemanja.M, Niki2024, Nole, Oscar, Petrusci, Pilence, Plavi1, procesor, raketaš, rodoljub, scout81, Shinobi, Slingshot, Snorks, Stod, tamno.nebo, tomo2, vlahale, VonDrobac, Vrač, yufighter

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by