MyCity » Ambulanta -> Arhiva Ambulante » Mislim da mi neko ukrao gmail nolog

Mislim da mi neko ukrao gmail nolog

Napisano na dan: 11.1.2009

Mislim da mi neko ukrao gmail nolog
Sledeća strana Pagination

Idi na vrh

Poslao: 11 Jan 2009 11:49
Idi na vrh
offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

Sve je pocelo pre oko 38 sati kad sam primetio da moj mail clinet nece da pristupi mom gmail nalogu. Isiti taj nolog koji sam koristio za gtal nije hteo da se uloguje. Pregledao sam komp sa hijack-om i sve je cisto, medjutim kada sam pokusao da kreiram cf log cf i blokirao dosao bi do dela gde kaze c:\windows\system32 was bot recognized as program or bach command i tu bi stao....
Anti-vius i tea timer nisu bili ukljuceni za vreme rada cf-a.

Ja se izvinjavam AFM timu sto ova tema nije otvorena na klasican nacin, ali ne zelim ljude da maltretiram da citaju hjt log za koji znam da je cist, jer jedan moj log koji je proglasen cistim vec postoji u arhivi ambulante ja sam ih uporedio i utvrdio da su identicni.

[Link mogu videti samo ulogovani korisnici]

Dakle imate li ideju sta je moglo da zakoci combo? Postoji li adekvatna zamena?



Poslao: 11 Jan 2009 12:01
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Iskljuci KIS i uradi sledece:

Skini program RSIT na Desktop:

[Link mogu videti samo ulogovani korisnici]


Pokreni ga dvoklikom a zatim klikni Continue.


Na kraju procesa će se otvoriti dva loga: prvi, log.txt će biti maksimizovan i njega je potrebno iskopirati u temu na forumu, te drugi, info.txt koji će biti minimizovan (koji nam za sada ne treba).


Postavi sadržaj file-a log.txt u iduću poruku (taj file će biti sačuvan kao C:\rsit\log.txt).



Poslao: 11 Jan 2009 12:05
Idi na vrh
offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

Logfile of random's system information tool 1.05 (written by random/random)
Run by Brksi at 2009-01-11 11:57:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 53 GB (63%) free of 84 GB
Total RAM: 3071 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:01, on 11.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Brksi\Desktop\RSIT.exe
C:\Program Files\trend micro\Brksi.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [RunDll32 C:\WINDOWS\system\CMICNFG3.CPL,CMICtrlWnd] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [thebat_startup] C:\Program Files\The Bat!\thebat.exe /minimize
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: BUG's Birthday Buddy.lnk = C:\Program Files\BUG Software\Contact.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: WF_RemCtrl.lnk = C:\Program Files\WinFast\WFTVFM\Remote prog\WF_RemCtrl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistika mrežnog Anti-Virusa - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: APC PBE Agent (APCPBEAgent) - APC - C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
O23 - Service: APC PBE Server (APCPBEServer) - APC - C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - Unknown owner - C:\WINDOWS\System32\vmnat.exe

--
End of file - 8348 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-11 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-11 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-09-17 8491008]
"nwiz"=nwiz.exe /install []
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2005-05-04 282624]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-13 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-13 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-02-22 2209224]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-11 136600]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-14 110592]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"RunDll32 C:\WINDOWS\system\CMICNFG3.CPL,CMICtrlWnd"=RunDll32 CMICNFG3.CPL []
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2007-06-28 218376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=grpconv -o []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"thebat_startup"=C:\Program Files\The Bat!\thebat.exe [2008-02-06 6402408]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2007-09-17 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMDrive]
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe [2007-03-02 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

C:\Documents and Settings\Brksi\Start Menu\Programs\Startup
BUG's Birthday Buddy.lnk - C:\Program Files\BUG Software\Contact.exe
Trillian.lnk - C:\Program Files\Trillian\trillian.exe
WF_RemCtrl.lnk - C:\Program Files\WinFast\WFTVFM\Remote prog\WF_RemCtrl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2007-06-28 206088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:wmplayer.exe"
"C:\Program Files\APC\PowerChute Business Edition\server\pbeserver.exe"="C:\Program Files\APC\PowerChute Business Edition\server\pbeserver.exe:*:Disabled:PowerChute Business Edition Server"
"C:\Program Files\APC\PowerChute Business Edition\agent\pbeagent.exe"="C:\Program Files\APC\PowerChute Business Edition\agent\pbeagent.exe:*:Disabled:PowerChute Business Edition Agent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c188dc1c-5808-11dd-8bf1-806d6172696f}]
shell\AutoRun\command - H:\FarCryAutoCD.exe


======List of files/folders created in the last 1 months======

2009-01-11 11:57:51 ----D---- C:\Program Files\trend micro
2009-01-11 11:57:50 ----D---- C:\rsit
2009-01-11 10:42:02 ----D---- C:\ComboFix
2009-01-10 21:18:43 ----A---- C:\WINDOWS\system32\CF4195.exe
2009-01-10 20:50:03 ----D---- C:\WINDOWS\temp
2009-01-10 20:47:13 ----A---- C:\WINDOWS\system32\CF30811.exe
2009-01-10 20:45:14 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-10 20:31:08 ----A---- C:\WINDOWS\system32\CF27644.exe
2009-01-10 20:13:30 ----D---- C:\WINDOWS\ERDNT
2009-01-10 20:13:29 ----A---- C:\WINDOWS\system32\CF24195.exe
2009-01-08 15:18:11 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2008-12-25 15:07:44 ----D---- C:\Program Files\Microprose
2008-12-18 19:44:27 ----D---- C:\Temp
2008-12-18 18:12:18 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-12-18 16:47:08 ----D---- C:\Documents and Settings\Brksi\Application Data\VMware
2008-12-18 16:28:19 ----A---- C:\WINDOWS\system32\vnetlib.dll
2008-12-18 16:28:14 ----A---- C:\WINDOWS\system32\vmnetdhcp.exe
2008-12-18 16:28:11 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2008-12-18 16:28:11 ----A---- C:\WINDOWS\system32\vmnat.exe
2008-12-18 16:27:30 ----D---- C:\Program Files\VMware

======List of files/folders modified in the last 1 months======

2009-01-11 11:57:51 ----RD---- C:\Program Files
2009-01-11 11:24:59 ----D---- C:\Program Files\Mozilla Firefox
2009-01-11 11:22:59 ----D---- C:\Documents and Settings\Brksi\Application Data\Skype
2009-01-11 11:10:49 ----D---- C:\Documents and Settings\Brksi\Application Data\The Bat!
2009-01-11 11:08:42 ----SHD---- C:\WINDOWS\Installer
2009-01-11 11:08:42 ----HD---- C:\Config.Msi
2009-01-11 11:08:37 ----D---- C:\Program Files\The Bat!
2009-01-11 11:08:32 ----D---- C:\WINDOWS\Prefetch
2009-01-11 10:42:49 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-11 10:42:49 ----D---- C:\WINDOWS
2009-01-11 10:42:43 ----SHD---- C:\System Volume Information
2009-01-11 10:42:38 ----D---- C:\WINDOWS\system32
2009-01-11 10:22:15 ----D---- C:\Program Files\BUG Software
2009-01-11 10:21:26 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-11 10:21:22 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-01-10 22:35:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-10 21:22:22 ----D---- C:\WINDOWS\system32\drivers
2009-01-10 21:22:21 ----D---- C:\WINDOWS\AppPatch
2009-01-10 21:22:21 ----D---- C:\Program Files\Common Files
2009-01-10 20:43:39 ----D---- C:\Program Files\Trillian
2009-01-09 16:40:49 ----D---- C:\Documents and Settings\Brksi\Application Data\uTorrent
2009-01-09 14:42:28 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-09 10:38:20 ----D---- C:\Program Files\WinRAR
2009-01-07 20:08:48 ----A---- C:\WINDOWS\vbaddin.ini
2009-01-05 11:02:03 ----HD---- C:\WINDOWS\inf
2008-12-30 11:59:38 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-30 10:53:32 ----D---- C:\Documents and Settings\All Users\Application Data\RFA_Backups
2008-12-25 18:17:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-25 15:07:42 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-23 19:11:07 ----A---- C:\Documents and Settings\Brksi\Application Data\ex_log.txt
2008-12-20 20:18:53 ----RAS---- C:\BOOTSECT.BAK
2008-12-20 20:18:53 ----H---- C:\Boot.BAK
2008-12-20 20:18:51 ----SHD---- C:\Boot
2008-12-20 14:47:21 ----SHD---- C:\$RECYCLE.BIN
2008-12-20 11:26:26 ----RSH---- C:\boot.ini
2008-12-18 19:43:10 ----D---- C:\Program Files\Xilisoft
2008-12-16 00:39:52 ----D---- C:\WINDOWS\system32\Restore
2008-12-14 14:45:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-14 14:43:28 ----A---- C:\WINDOWS\cdplayer.ini
2008-12-14 14:42:42 ----A---- C:\WINDOWS\Forge32.ini
2008-12-14 14:42:29 ----D---- C:\Program Files\Sound Forge

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R1 nltdi;nltdi; \??\C:\WINDOWS\system32\drivers\nltdi.sys []
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R2 hcmon;hcmon; C:\WINDOWS\system32\drivers\hcmon.sys [2003-04-03 17668]
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2003-04-03 21086]
R2 VMnetuserif;VMware Network Application Interface; C:\WINDOWS\System32\drivers\vmnetuserif.sys [2003-04-03 10270]
R2 VMparport;VMparport; C:\WINDOWS\system32\drivers\VMparport.sys [2003-04-03 7611]
R2 vmx86;vmx86; C:\WINDOWS\system32\drivers\vmx86.sys [2003-04-03 32762]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 208851]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 10324]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 34789]
R3 cmuda3;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmuda3.sys [2008-05-25 800192]
R3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
R3 fcdabus;fcdabus; C:\WINDOWS\system32\DRIVERS\fcdabus.sys [2007-03-02 17840]
R3 fsRamDsk;RamDisk Drive Service; C:\WINDOWS\system32\DRIVERS\fsRamDsk.sys [2007-06-22 43408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-09-17 6853088]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-07-24 10368]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-04-06 81664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-13 273024]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-12 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2003-04-03 8752]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 APCPBEAgent;APC PBE Agent; C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe [2006-08-22 28672]
R2 APCPBEServer;APC PBE Server; C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE [2006-08-22 45134]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-11 152984]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-10-19 141848]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [2007-04-23 491520]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-09-17 155716]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2003-11-12 49152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2003-04-03 94288]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\System32\vmnetdhcp.exe [2003-04-03 143440]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\System32\vmnat.exe [2003-04-03 139337]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
S2 AVP;Kaspersky Internet Security 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2007-06-28 218376]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 65536]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------

Poslao: 11 Jan 2009 13:08
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Log je cist. Moraces da trazis pomoc u nekom drugom forumu.

MyCity » Ambulanta -> Arhiva Ambulante » Mislim da mi neko ukrao gmail nolog

Ko je trenutno na forumu
 

Ukupno su 988 korisnika na forumu :: 98 registrovanih, 6 sakrivenih i 884 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 100jan, airsuba, amonsrb, arsa, banebeograd, Belac91, bestguarder, Bloody, boban977, boj.an, bojank, bojankrstc, Boroš, boxbole, bpop, Buzdovan, BZ, C-Gun, Ciri1994, cojapop, Dambi, dexteroza, Dimitrise93, Dorcolac, Dragan1998, E_Kurir, Georgius, gomago, GrobarPovratak, ikan, Ivan Campo, Japidson, Jeremiah, jimi_agf, Jomini, Kaneda, Kenanjoz, kib, kn19, komsija1, Litostroton, M74AB3, MarkoD, Martin543, Milan1996, milenko crazy north, MiloradKomadic, mix1, Mldo, Mrav Obrad, musa, nebkv, nenooo, nextyamb, nikoladim, NMNJ, Nobunaga, nuke92, Pantelejmon, Peruta, Petar888, Plavi1, PlayerOne, Profica, Ran, RJ, robertino, ruma, sabros, sap, sekretar, shone34, sluga, Soncogor, SOVO515, srpskasparta, StalniPromatrač, Stoilkovic, Stojan Mrsavi, strela, theNedjeljko, Titan, travisrise, TRZH92, VanZan, Vaske8990, vathra, Vlado82, vukan0799, Weteran, YU-UKI, zeo, ZetaMan, Zmaj001, Zoran Rapajić, Zorge, |_MeD_|, 79693