Možda tražite i:
Pomagajte drugovi
pomagajte drugovi - povezivanje mobilnog telefona na comp
Pomagajte drugovi...

MyCity » Ambulanta -> Arhiva Ambulante » Pomagajte drugovi !!!

Pomagajte drugovi !!!

Napisano na dan: 18.5.2007

Strana:
1
2

Pomagajte drugovi !!!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Senior Poslao: 18 Maj 2007 20:34 Idi na vrh
offline Senior Građanin Pridružio: 08 Jul 2005 Poruke: 56 Gde živiš: United States of Serbia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imam nekog bivseg prijatelja koji mi na Skype-u promijeni moj licni profil (ime, sliku, telefon, ... ) i stavi gluposti. Ljudi, na koji nacin to uradi, odnosno, kako da se zastitim od tih gluposti. Reinstalirao sam Zone alarm, ponovo podesio postavke, ali koristim Azureus za skidanje fajlova. Unapred hvala !

Profil

bobby Poslao: 18 Maj 2007 20:39 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! http://www.mycity.rs/Ambulanta/Procitati-pre-otvaranja-teme.html

Profil

Senior Poslao: 18 Maj 2007 21:30 Idi na vrh
offline Senior Građanin Pridružio: 08 Jul 2005 Poruke: 56 Gde živiš: United States of Serbia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo nalaza ! Konekcija 128/64, flat, OK. Logfile of HijackThis v1.99.1 Scan saved at 21:31:07, on 18.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Hide The IP\HideTheIP.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Opera\Opera.exe C:\Program Files\GetRight\getright_.exe C:\Documents and Settings\Ljubiša\Desktop\Hijack\Hijack.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Hide-The-IP] "C:\Program Files\Hide The IP\HideTheIP.exe" /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....5204976593 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....5205518171 O17 - HKLM\System\CCS\Services\Tcpip\..\{E15DD953-CF4A-4882-BE39-2FBD1F4B9126}: NameServer = 87.250.124.1 87.250.125.3 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Profil

bobby Poslao: 18 Maj 2007 21:33 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U ovom logu se ne vidi nista sumnjivo. Jesi li pokusavao da promenis svoje login podatke na Skypeu? Mislim, jesi li pokusao da promenis svoju lozinku ili sta se vec koristi na Skypeu? Ukoliko jesi, da li je on uspeo da ti promeni te podatke i nakon menjanja lozinke?

Profil

Senior Poslao: 18 Maj 2007 21:50 Idi na vrh
offline Senior Građanin Pridružio: 08 Jul 2005 Poruke: 56 Gde živiš: United States of Serbia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kad otvorim Skype, prolazi kroz proces instalacije, i odbija ulaz, jer je promjenjena lozinka. Onda se konektujem preko zaboravljene lozinke, dobijem token broj emailom, odem na Skype, i koriscenjem token broja promijenim lozinku. Otvorim Skype, i karambol, sedam puta mjenjani licni podaci. Znaci, promijene lozinke ne pomazu, ima pristup mrezi, koristimo istog provajdera. Koliko znam od prije ima pristup mrezi, wirelles, mjenja pristupne tacke - mjesta zbog smetnji. Pomagajte !

Profil

bobby Poslao: 18 Maj 2007 22:00 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa nekog od sledecih linkova: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Klikni "1" kada te upita. Na kraju skeniranja ce da otvori log, iskopiraj ga ovde. ============================ Skeniraj komp sa GMER-om i postavi log da proverimo da nema nekih rootkitova... Uradi sledeće: Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili

Profil

Senior Poslao: 18 Maj 2007 23:15 Idi na vrh
offline Senior Građanin Pridružio: 08 Jul 2005 Poruke: 56 Gde živiš: United States of Serbia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sve uradjeno ! Evo logova : Gmer - Rootkit: GMER 1.0.12.12244 - gmer.net Rootkit scan 2007-05-18 22:50:15 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver INT 0x20 srescan.sys F82809B0 ---- Kernel code sections - GMER 1.0.12 ---- .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ F0, D1, DE, B2, 80, 34, DF, ... ] .text ntoskrnl.exe!_abnormal_termination + 465 804E2AC1 3 Bytes [ 75, DE, B2 ] ? srescan.sys The system cannot find the file specified. ? C:\WINDOWS\system32\DRIVERS\update.sys .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ F0, D1, DE, B2, 80, 34, DF, ... ] .text ntoskrnl.exe!_abnormal_termination + 465 804E2AC1 3 Bytes [ 75, DE, B2 ] ---- User code sections - GMER 1.0.12 ---- .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2020] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes [ CD, 20 ] ---- Devices - GMER 1.0.12 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [B2DFE8A0] vsdatant.sys ---- Registry - GMER 1.0.12 ---- Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 5455F3BF7AFB0BEBEE3A618BB5E4189CE0D6B503995BB7E8C55C5D66DE5EF61F6CACC1CA3EB809DB479499B347854725A31809A9853E75FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DBA7FD869164D67945D575E7D6A3B9808D803CF6ABB4B1CD5DC3B620B3CC7B15F1EA42790BE8638BE7084236F34B71757DE84F4F35EA92BBBBEF914DF6C6E58F1DDE7B3DB2DCB310B35E02A334B06A58CAB3768ED9C7046ABF36E8B257F5097D0ED15F141C894F4749CD4E46C485CFEC632E958EECCC225A39ED7B0C84A8EAF61BEF79F230B1E6BE70B570E13E131D494E3E4152705F75E78E2678CCBE8FEC05D47CF20F8A9DA6020665500B112B53BD838DE13D6239CF1D1E8C2CC46352852D000CF7A4F266F02B11AADB9E91A4BAA4BAC86EB52C5EE3FAADC0442E151C74F9B679ED8C341B4E40014B461707C88FE75BFFADB04D3E28DD4713AE4DC23CE83F47ED70B0A82B800C447B23D8C7F397AB5F454456971A005F158E6CD89525FA4E2CB0904E9313EAF8FA9E33A9AAF5ABEC0D318AA138D03B27A4D803ACDCE5547C3D7B659BDDE39B1C0B677670C5A9F551CE945B626581989BA0BEF0D25C5BA6648B158C6F65B53A9106D1179E394ED2C23C4CC36DC4527DD515293CB1CAFD160F36A57AB163E6BA005C ---- Files - GMER 1.0.12 ---- ADS C:\Documents and Settings\Ljubi:favicon ADS C:\Documents and Settings\Ljubi:favicon ADS D:\Dokumenta\:SummaryInformation ADS D:\Dokumenta\:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ---- EOF - GMER 1.0.12 ---- ______________________________________________________________________________________________________ Gmer - Autostart GMER 1.0.12.12244 - gmer.net Rootkit scan 2007-05-18 23:09:23 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver INT 0x20 srescan.sys F82809B0 ---- Kernel code sections - GMER 1.0.12 ---- .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ F0, D1, DE, B2, 80, 34, DF, ... ] .text ntoskrnl.exe!_abnormal_termination + 465 804E2AC1 3 Bytes [ 75, DE, B2 ] ? srescan.sys The system cannot find the file specified. ? C:\WINDOWS\system32\DRIVERS\update.sys .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ F0, D1, DE, B2, 80, 34, DF, ... ] .text ntoskrnl.exe!_abnormal_termination + 465 804E2AC1 3 Bytes [ 75, DE, B2 ] ---- User code sections - GMER 1.0.12 ---- .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[2020] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes [ CD, 20 ] ---- Devices - GMER 1.0.12 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [B2DFE8A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [B2DFE8A0] vsdatant.sys ---- Registry - GMER 1.0.12 ---- Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 5455F3BF7AFB0BEBEE3A618BB5E4189CE0D6B503995BB7E8C55C5D66DE5EF61F6CACC1CA3EB809DB479499B347854725A31809A9853E75FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DBA7FD869164D67945D575E7D6A3B9808D803CF6ABB4B1CD5DC3B620B3CC7B15F1EA42790BE8638BE7084236F34B71757DE84F4F35EA92BBBBEF914DF6C6E58F1DDE7B3DB2DCB310B35E02A334B06A58CAB3768ED9C7046ABF36E8B257F5097D0ED15F141C894F4749CD4E46C485CFEC632E958EECCC225A39ED7B0C84A8EAF61BEF79F230B1E6BE70B570E13E131D494E3E4152705F75E78E2678CCBE8FEC05D47CF20F8A9DA6020665500B112B53BD838DE13D6239CF1D1E8C2CC46352852D000CF7A4F266F02B11AADB9E91A4BAA4BAC86EB52C5EE3FAADC0442E151C74F9B679ED8C341B4E40014B461707C88FE75BFFADB04D3E28DD4713AE4DC23CE83F47ED70B0A82B800C447B23D8C7F397AB5F454456971A005F158E6CD89525FA4E2CB0904E9313EAF8FA9E33A9AAF5ABEC0D318AA138D03B27A4D803ACDCE5547C3D7B659BDDE39B1C0B677670C5A9F551CE945B626581989BA0BEF0D25C5BA6648B158C6F65B53A9106D1179E394ED2C23C4CC36DC4527DD515293CB1CAFD160F36A57AB163E6BA005C ---- Files - GMER 1.0.12 ---- ADS C:\Documents and Settings\Ljubi:favicon ADS C:\Documents and Settings\Ljubi:favicon ADS D:\Dokumenta\:SummaryInformation ADS D:\Dokumenta\:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ---- EOF - GMER 1.0.12 ---- ______________________________________________________________________________________________________ Combo fix "Ljubiça" - 2007-05-18 22:57:23 Service Pack 2 ComboFix 07-05.17.6.V - Running from: "D:\Dokumenta\Dovnloadovanje\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-18 )))))))))))))))))))))))))))))))))) 2007-05-18 20:07 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-05-18 20:07 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2007-05-18 18:45 <DIR> d-------- C:\Program Files\PowerISO 2007-05-18 16:03 0 -rahs---- C:\MSDOS.SYS 2007-05-18 16:03 0 -rahs---- C:\IO.SYS 2007-05-18 08:57 26 -r------- C:\WINDOWS\system32\system32.DLL 2007-05-17 23:22 <DIR> d-------- C:\DOCUME~1\LJUBIA~1\APPLIC~1\Ahead 2007-05-17 09:30 61,440 --a------ C:\WINDOWS\system32\W32N50.dll 2007-05-17 09:30 16,292 --a------ C:\WINDOWS\system32\Pcandis5.sys 2007-05-17 09:30 16,112 --a------ C:\WINDOWS\system32\Pcandis4.sys 2007-05-16 21:58 <DIR> d-------- C:\Program Files\Hide The IP 2007-05-15 18:58 <DIR> d-------- C:\WINDOWS\vf_hip 2007-05-15 16:46 <DIR> d-------- C:\WINDOWS\Performance 2007-05-15 16:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation 2007-05-15 12:27 <DIR> d-------- C:\DOCUME~1\LJUBIA~1\APPLIC~1\Symantec 2007-05-15 12:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec 2007-05-15 12:25 41 --a------ C:\WINDOWS\WFXDEL.BAT 2007-05-15 12:25 159,744 --a------ C:\WINDOWS\system32\MFCANS32.DLL 2007-05-15 12:25 <DIR> d-------- C:\Program Files\WinFax 2007-05-15 12:24 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-05-15 07:56 <DIR> d-------- C:\Program Files\Common Files\Skype 2007-05-14 23:39 361,984 --a------ C:\WINDOWS\system32\APFAXCNV.DLL 2007-05-14 23:39 197,696 --a------ C:\WINDOWS\system32\Unidrv.dll 2007-05-14 23:39 12,288 --a------ C:\WINDOWS\system32\APFMON40.DLL 2007-05-14 23:39 118,128 --a------ C:\WINDOWS\system32\Iconlib.dll 2007-05-14 23:39 <DIR> d-------- C:\DOCUME~1\LJUBIA~1\APPLIC~1\Snappy Fax 2000 2007-05-14 15:16 <DIR> d--h----- C:\WINDOWS\PIF 2007-05-12 10:48 <DIR> d-------- C:\DOCUME~1\LJUBIA~1\APPLIC~1\Help 2007-05-11 22:59 143 --a------ C:\rapidhacker.dll 2007-05-11 21:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hagel Technologies 2007-05-10 07:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cadsoft 2007-05-10 07:27 <DIR> d-------- C:\Program Files\Common Files\Cadsoft 2007-05-10 07:26 <DIR> d-------- C:\Program Files\3D Home Architect 2007-05-08 22:41 <DIR> d-------- C:\Program Files\MagicISO 2007-05-08 01:40 <DIR> d-------- C:\Program Files\Azureus 2007-05-08 01:39 <DIR> d-------- C:\DOCUME~1\LJUBIA~1\APPLIC~1\Azureus 2007-05-07 18:59 0 --a------ C:\WINDOWS\nsreg.dat 2007-05-07 18:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet 2007-05-07 18:23 <DIR> d-------- C:\Program Files\Bonjour 2007-05-07 18:09 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2007-05-07 11:16 <DIR> d-------- C:\DOCUME~1\LJUBIA~1\APPLIC~1\WinRAR 2007-05-07 08:05 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-05-07 07:21 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-05-07 07:20 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007 2007-05-07 07:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-07 07:11 <DIR> d-------- C:\ProgDVB 2007-05-07 07:04 95,232 --a------ C:\WINDOWS\system\LFKODAK.DLL 2007-05-07 07:04 93,184 --a------ C:\WINDOWS\system\LFTIF70N.DLL 2007-05-07 07:04 89,600 --a------ C:\WINDOWS\system32\lfjbg12n.dll 2007-05-07 07:04 73,216 --a------ C:\WINDOWS\system32\lffax12n.dll 2007-05-07 07:04 61,440 --a------ C:\WINDOWS\system\BPEnhan.dll 2007-05-07 07:04 55,808 --a------ C:\WINDOWS\system\LFFAX70N.DLL 2007-05-07 07:04 55,296 --a------ C:\WINDOWS\system\LTFIL70N.DLL 2007-05-07 07:04 49,664 --a------ C:\WINDOWS\system32\Lfwmf12n.dll 2007-05-07 07:04 388,608 --a------ C:\WINDOWS\system32\ltkrn12n.dll 2007-05-07 07:04 350,208 --a------ C:\WINDOWS\system\LTKRN70N.DLL 2007-05-07 07:04 35,328 --a------ C:\WINDOWS\system\LFFPX70N.DLL 2007-05-07 07:04 341,504 --a------ C:\WINDOWS\system32\LFCMP12n.DLL 2007-05-07 07:04 32,768 --a------ C:\WINDOWS\system\LFGIF70N.DLL 2007-05-07 07:04 32,256 --a------ C:\WINDOWS\system32\lflmb12n.dll 2007-05-07 07:04 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll 2007-05-07 07:04 28,672 --a------ C:\WINDOWS\system\LFLMA70N.DLL 2007-05-07 07:04 26,624 --a------ C:\WINDOWS\system32\lfpcx12n.dll 2007-05-07 07:04 26,112 --a------ C:\WINDOWS\system\LFICA70N.DLL 2007-05-07 07:04 25,088 --a------ C:\WINDOWS\system\LFLMB70N.DLL 2007-05-07 07:04 248,832 --a------ C:\WINDOWS\system32\LFJ2K12n.dll 2007-05-07 07:04 24,576 --a------ C:\WINDOWS\system\LFBMP70N.DLL 2007-05-07 07:04 24,064 --a------ C:\WINDOWS\system\LFPCT70N.DLL 2007-05-07 07:04 224,768 --a------ C:\WINDOWS\system\LFCMP70N.DLL 2007-05-07 07:04 20,992 --a------ C:\WINDOWS\system32\lfimg12n.dll 2007-05-07 07:04 20,992 --a------ C:\WINDOWS\system\LFTGA70N.DLL 2007-05-07 07:04 20,480 --a------ C:\WINDOWS\system\LFIMG70N.DLL 2007-05-07 07:04 19,968 --a------ C:\WINDOWS\system\LFCAL70N.DLL 2007-05-07 07:04 19,456 --a------ C:\WINDOWS\system\LFPCD70N.DLL 2007-05-07 07:04 18,944 --a------ C:\WINDOWS\system\LFMAC70N.DLL 2007-05-07 07:04 17,920 --a------ C:\WINDOWS\system\LFAVI70N.DLL 2007-05-07 07:04 165,888 --a------ C:\WINDOWS\system32\ltimg12n.dll 2007-05-07 07:04 141,824 --a------ C:\WINDOWS\system32\lftif12n.dll 2007-05-07 07:04 130,048 --a------ C:\WINDOWS\system32\ltfil12n.DLL 2007-05-07 07:04 <DIR> d-------- C:\Program Files\Temp 2007-05-07 07:04 <DIR> d-------- C:\Program Files\BearPaw 1200CU Plus (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-18 20:56:33 -------- d-----w C:\DOCUME~1\LJUBIA~1\APPLIC~1\Skype 2007-05-18 20:23:25 -------- d-----w C:\Program Files\GetRight 2007-05-18 19:15:46 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2007-05-18 18:07:27 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat 2007-05-18 17:30:55 -------- d-----w C:\DOCUME~1\LJUBIA~1\APPLIC~1\MailWasherPro 2007-05-17 21:47:07 -------- d-----w C:\Program Files\Ahead 2007-05-15 10:43:21 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-05-15 05:56:54 -------- d-----w C:\Program Files\Skype 2007-05-14 23:26:08 298,104 ----a-w C:\WINDOWS\system32\imon.dll 2007-05-14 23:26:07 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-05-14 23:26:07 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2007-05-10 05:18:34 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-04 08:41:10 -------- d-----w C:\Program Files\C-Media 3D Audio 2007-04-04 06:32:54 -------- d-----w C:\Program Files\Mv2Player 2007-03-31 17:43:14 -------- d-----w C:\Program Files\SkyGrabber275 2007-03-31 17:43:11 -------- d-----w C:\Program Files\TC PowerPack 2007-03-31 16:10:53 -------- d-----w C:\Program Files\IncrediMail 2007-03-31 13:46:44 121,980 ----a-w C:\WINDOWS\ProgDVB Uninstaller.exe 2007-03-31 13:41:11 -------- d-----w C:\Program Files\Common Files\Elecard 2007-03-31 13:41:10 -------- d-----w C:\Program Files\Elecard 2007-03-31 13:21:37 -------- d-----w C:\Program Files\MSBuild 2007-03-31 13:18:01 -------- d-----w C:\Program Files\Reference Assemblies 2007-03-31 08:54:19 -------- d-----w C:\Program Files\Messenger 2007-03-30 22:28:53 -------- d-----w C:\Program Files\DVBViewerTE 2007-03-30 22:28:41 -------- d-----w C:\Program Files\TechniSat DVB 2007-03-30 20:33:58 -------- d-----w C:\Program Files\Driver-Soft 2007-03-30 00:16:16 -------- d-----w C:\Program Files\ROUTE66 2007-03-29 23:58:28 -------- d-----w C:\Program Files\Planplus 2007-03-29 23:58:19 -------- d-----w C:\Program Files\Sveto pismo 2007-03-29 23:57:13 -------- d-----w C:\Program Files\Pravoslavac 2007-03-29 23:40:55 3,140 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-03-29 23:32:20 -------- d-----w C:\DOCUME~1\LJUBIA~1\APPLIC~1\Corel 2007-03-29 23:26:49 -------- d-----w C:\Program Files\Corel 2007-03-29 23:26:49 -------- d-----w C:\Program Files\Common Files\Corel 2007-03-29 23:17:47 -------- d-----w C:\DOCUME~1\LJUBIA~1\APPLIC~1\ABBYY 2007-03-29 23:17:06 -------- d-----w C:\Program Files\ABBYY FineReader 8.0 Professional Edition 2007-03-29 23:12:15 -------- d-----w C:\DOCUME~1\LJUBIA~1\APPLIC~1\TuneUp Software 2007-03-29 23:09:49 -------- d-----w C:\Program Files\OO Software 2007-03-29 23:07:26 -------- d-----w C:\Program Files\Your Uninstaller 2006 2007-03-29 23:05:22 -------- d-----w C:\DOCUME~1\LJUBIA~1\APPLIC~1\URSoft 2007-03-29 22:59:49 30,080 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys 2007-03-29 22:59:49 217,664 ----a-w C:\WINDOWS\system32\drivers\timntr.sys 2007-03-29 22:59:47 96,032 ----a-w C:\WINDOWS\system32\drivers\snapman.sys 2007-03-29 22:59:42 -------- d-----w C:\Program Files\Common Files\Acronis 2007-03-29 22:59:42 -------- d-----w C:\Program Files\Acronis 2007-03-29 21:53:59 -------- d-----w C:\DOCUME~1\LJUBIA~1\APPLIC~1\Real 2007-03-29 21:53:31 -------- d-----w C:\Program Files\Luxor 2 2007-03-29 21:53:05 10 ----a-w C:\WINDOWS\popcinfo.dat 2007-03-29 21:51:41 -------- d-----w C:\Program Files\Pappocom 2007-03-29 21:51:38 -------- d-----w C:\Program Files\Common Files\MimarSinan 2007-03-29 21:39:06 -------- d-----w C:\Program Files\Winamp 2007-03-29 21:27:04 -------- d-----w C:\Program Files\Common Files\xing shared 2007-03-29 21:27:02 -------- d-----w C:\Program Files\Common Files\Real 2007-03-29 21:26:35 -------- d-----w C:\Program Files\Real 2007-03-29 21:23:14 -------- d-----w C:\Program Files\Common Files\Ahead 2007-03-29 21:20:51 -------- d-----w C:\DOCUME~1\LJUBIA~1\APPLIC~1\CyberLink 2007-03-29 21:19:15 -------- d-----w C:\Program Files\CyberLink 2007-03-29 21:17:45 -------- d-----w C:\Program Files\K-Lite Codec Pack 2007-03-29 21:13:06 552 ----a-w C:\WINDOWS\system32\d3d8caps.dat 2007-03-29 21:11:55 -------- d-----w C:\DOCUME~1\LJUBIA~1\APPLIC~1\ACD Systems 2007-03-29 21:11:31 -------- d-----w C:\Program Files\Windows Media Connect 2 2007-03-29 21:10:09 -------- d-----w C:\Program Files\Common Files\ACD Systems 2007-03-29 21:09:50 -------- d-----w C:\Program Files\ACD Systems 2007-03-29 21:09:32 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys 2007-03-29 21:05:25 -------- d-----w C:\Program Files\Opera 2007-03-29 20:09:41 -------- d-----w C:\DOCUME~1\LJUBIA~1\APPLIC~1\Lavasoft 2007-03-29 20:03:10 -------- d-----w C:\DOCUME~1\LJUBIA~1\APPLIC~1\Opera 2007-03-29 19:43:12 -------- d-----w C:\Program Files\FireTrust 2007-03-29 19:25:33 -------- d-----w C:\Program Files\Lavasoft 2007-03-29 19:20:01 -------- d-----w C:\Program Files\Super Bounce Out 2007-03-29 19:18:35 -------- d-----w C:\Program Files\Kasparov Chessmate 2007-03-29 19:18:18 -------- d-----w C:\Program Files\ReflexiveArcade 2007-03-29 19:18:01 -------- d-----w C:\DOCUME~1\LJUBIA~1\APPLIC~1\SolSuite 2007-03-29 19:15:50 -------- d-----w C:\Program Files\SolSuite 2007-03-29 18:59:57 -------- d-----w C:\Program Files\Microsoft Calculator Plus 2007-03-29 18:03:44 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-03-29 17:15:20 -------- d-----w C:\Program Files\Form Pilot Pro Demo 2007-03-29 17:15:20 -------- d-----w C:\Program Files\Common Files\Invention Pilot Shared 2007-03-29 17:13:39 -------- d-----w C:\Program Files\Recnik20 2007-03-29 17:11:16 -------- d-----w C:\Program Files\Common Files\L&H 2007-03-29 17:11:05 -------- d-----w C:\Program Files\Microsoft.NET 2007-03-29 17:10:55 -------- d-----w C:\Program Files\Microsoft ActiveSync 2007-03-29 17:10:20 -------- d-----w C:\Program Files\Microsoft Works 2007-03-29 16:22:09 -------- d-----w C:\Program Files\microsoft frontpage 2007-03-29 16:20:10 -------- d-----w C:\Program Files\Online Services 2007-03-29 16:19:28 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-03-29 16:19:21 -------- d-----w C:\Program Files\Movie Maker 2007-03-29 16:18:33 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-03-29 16:17:57 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-03-29 16:17:50 -------- d-----w C:\Program Files\Windows NT 2007-03-23 04:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll 2007-03-23 04:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll 2007-03-22 18:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll 2007-03-21 18:54:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL 2007-03-21 18:54:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE 2007-03-21 18:54:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-21 05:00:00 545 ----a-w C:\WINDOWS\UC.PIF 2007-02-21 05:00:00 545 ----a-w C:\WINDOWS\RAR.PIF 2007-02-21 05:00:00 545 ----a-w C:\WINDOWS\PKZIP.PIF 2007-02-21 05:00:00 545 ----a-w C:\WINDOWS\PKUNZIP.PIF 2007-02-21 05:00:00 545 ----a-w C:\WINDOWS\NOCLOSE.PIF 2007-02-21 05:00:00 545 ----a-w C:\WINDOWS\LHA.PIF 2007-02-21 05:00:00 545 ----a-w C:\WINDOWS\ARJ.PIF 2007-02-15 20:51:20 167,936 ------w C:\WINDOWS\system32\fpres532.dll 2007-02-15 20:49:25 311,296 ------w C:\WINDOWS\system32\fpmon5.dll 2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2007-01-04 23:57] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-03-29 23:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-05-15 01:26] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-03-29 23:06] "FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2007-02-15 22:51] "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2006-06-01 07:09] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-29 20:11] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-29 23:26] "Hide-The-IP"="C:\Program Files\Hide The IP\HideTheIP.exe" [2007-02-16 20:02] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages msv1_0 relog_ap Security Packages kerberos msv1_0 schannel wdigest Notification Packages scecli [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c" "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\"" "TrueImageMonitor.exe"="C:\\Program Files\\Acronis\\TrueImage\\TrueImageMonitor.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "AtiPTA"="atiptaxx.exe" "Device Detector"="DevDetect.exe -autorun" "LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\"" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HTTPFilter HTTPFilter LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV NetworkService DnsCache DcomLaunch DcomLaunch TermService rpcss RpcSs imgsvc StiSvc termsvcs TermService WudfServiceGroup WUDFSvc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost netsvcs UxTuneUp [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ac1da1a-de1d-11db-8a8c-806d6172696f}] Shell\AutoRun\command G:\setup.exe Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Click Maintenance.job ****************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, gmer.net Rootkit scan 2007-05-18 23:02:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ****************************************************************** Completion time: 2007-05-18 23:04:26 C:\ComboFix-quarantined-files.txt ... 2007-05-18 23:04 --- E O F ---

Profil

bobby Poslao: 19 Maj 2007 16:18 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! I dalje nista... Jesi li menjao i lozinku na mailboxu? Mozda on dobija tvoje nove lozinke kada resetujes lozinku tako sto zna tvoje podatke za mailbox, pa cita tvoje mailove.

Profil

Senior Poslao: 19 Maj 2007 19:38 Idi na vrh
offline Senior Građanin Pridružio: 08 Jul 2005 Poruke: 56 Gde živiš: United States of Serbia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Lozinku mjenjas u IE, ili Operi, tako da ne ide preko poste. Stavljao sam bas jake lozinke, ali ... . Posto ovaj koristi Linux, ali i Windows, sve je moguce. Otkako sam reinstalirao Zone alarm, sve je za sada OK. Prijavljuje napada, a stavio sam i ona njihov NetTools, bas da vidim konekcije ! Uglavnom, ni Nod, ni Zone alarm ni Adaware pro nisu nista pronasli, sve je cisto. Hvala ! Dopuna: 19 Maj 2007 19:38 Ukljucen Skype, na cekanju, i opet izmjena lozinke i promjena podataka !

Profil

bobby Poslao: 19 Maj 2007 19:47 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini Ewido micro (8Mb) : http://downloads.ewido.net/ewido_micro.exe Kako se radi sa Ewido micro: - na prvom ekranu odaberi sve particije (štikliraj polja ispred njih) - klikni na dugme Start Scan - nakon završenog skeniranja klikni na Save Report i snimi log fajl na sigurno mesto - klikni na Remove Infections - iskopiraj nam ovde sadržaj log fajla koji je malopre snimljen Nakon skeniranja sa Ewidom i postavljanja log fajla, postavi nam i svez log programa HijackThis.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pomagajte drugovi !!!

Ko je trenutno na forumu

Ukupno su 845 korisnika na forumu :: 9 registrovanih, 1 sakriven i 835 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: ALBION101, dule10savic, Kriglord, LUDI, radionica1, Sančo, saputnik plavetnila, VJ, Živković

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by