MyCity » Ambulanta -> Arhiva Ambulante » ne mogu da saljem mejlove sa atacmentom

ne mogu da saljem mejlove sa atacmentom

Napisano na dan: 2.6.2008

Strana:
1
2

ne mogu da saljem mejlove sa atacmentom

Sledeća strana

Pagination

Odgovori

Strana:
1
2

oposum Poslao: 02 Jun 2008 10:14 Idi na vrh
offline oposum Novi MyCity građanin Pridružio: 01 Jun 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ne mogu da saljem mejlove sa atacmentom ni preko outluk ekspresa, a ni preko web maila Logfile of HijackThis v1.99.1 Scan saved at 10:09:17, on 2.6.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\S3trayp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Dejan\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" -r (file missing)

Profil

bobby Poslao: 02 Jun 2008 10:51 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pomoglo bi kada bi napisao kakvu ti poruku o gresci daje. Mozda pokusavas da posaljes preveliki attachment, ili attachment sadrzi EXE fajlove itd. itd.

Profil

oposum Poslao: 02 Jun 2008 11:12 Idi na vrh
offline oposum Novi MyCity građanin Pridružio: 01 Jun 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! taj je racunar na lokalnoj mrezi gde pojedini racunari uop[te nemogu slati mejlove ni sa atacmentom ni bez njega a racunar izbacuje poruku o gresci: Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Subject '111111', Account: 'mail.annt.gov.ba', Server: 'mail.annt.gov.ba', Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error: 10053, Error Number: 0x800CCC0F

Profil

bobby Poslao: 02 Jun 2008 13:57 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne verujem da ovo ima veze sa malwareom, ali za svaki slucaj uradi sledece: Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

oposum Poslao: 02 Jun 2008 14:19 Idi na vrh
offline oposum Novi MyCity građanin Pridružio: 01 Jun 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! combo fix .txt je ComboFix 08-05-29.1 - Dejan 2008-06-02 14:09:03.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.163 [GMT 2:00] Running from: C:\Documents and Settings\Dejan\Desktop\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))) . 2008-06-02 11:43 . 2008-06-02 11:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-02 11:43 . 2008-06-02 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-02 10:33 . 2008-06-02 10:33 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-02 10:04 . 2008-06-02 10:04 1,160 --a------ C:\WINDOWS\mozver.dat 2008-06-02 10:01 . 2008-06-02 10:01 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\Talkback 2008-06-02 10:00 . 2008-06-02 10:00 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-02 08:47 . 2008-03-01 15:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-06-02 08:47 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-06-02 08:47 . 2007-03-08 07:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-06-02 08:47 . 2008-03-01 15:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-06-02 08:47 . 2008-03-01 15:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-06-02 08:47 . 2008-03-01 15:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-06-02 08:47 . 2008-03-01 15:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-06-02 08:47 . 2008-03-01 15:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-06-02 08:47 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-02 08:44 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2008-06-02 08:44 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys 2008-05-30 17:10 . 2001-08-17 15:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2008-05-30 17:09 . 2004-08-04 00:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2008-05-30 17:09 . 2004-08-04 01:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-05-30 17:09 . 2004-08-04 02:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-05-30 17:08 . 2004-08-04 02:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2008-05-30 17:08 . 2004-08-04 01:07 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS 2008-05-30 17:06 . 2008-06-02 12:45 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2008-05-30 17:06 . 2008-05-30 15:16 <DIR> dr------- C:\Documents and Settings\All Users\Documents 2008-05-30 17:05 . 2008-05-30 15:21 261 --a------ C:\WINDOWS\system32\$winnt$.inf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-02 12:16 118,816 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-02 12:16 1,870,880 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-02 10:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-02 10:43 26,168 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-02 10:43 13,040 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-30 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-30 14:39 --------- d-----w C:\Program Files\Microsoft Works 2008-05-30 14:38 --------- d-----w C:\Program Files\MSBuild 2008-05-30 14:14 --------- d-----w C:\Program Files\Analog Devices 2008-05-30 14:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-30 14:11 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-30 14:08 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-05-30 14:08 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-05-30 14:08 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-05-30 13:56 --------- d-----w C:\Program Files\Kaspersky Lab 2008-05-30 13:18 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-02_ 9.13.49.79 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-02 07:05:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-02 10:44:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-03-24 18:21:00 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll + 2008-03-24 18:21:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe - 2008-06-02 07:11:53 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-02 10:49:05 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-06-02 07:11:53 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-02 10:49:05 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "SpyClean"="C:\Program Files\Netcom3 Cleaner\SpyClean.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2006-08-03 08:53 53248 C:\WINDOWS\system32\VTTimer.exe] "S3Trayp"="S3trayp.exe" [2006-07-10 20:33 176128 C:\WINDOWS\system32\S3Trayp.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-02-28 14:00 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-12 04:43] S3 Netcom3;NetCom3 Service;C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe [] Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-06-02 14:16:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-06-02 14:17:20 ComboFix-quarantined-files.txt 2008-06-02 12:17:15 ComboFix2.txt 2008-06-02 07:48:04 ComboFix3.txt 2008-06-02 07:44:44 ComboFix4.txt 2008-06-02 07:27:57 ComboFix5.txt 2008-06-02 07:14:19 Pre-Run: 36,467,228,672 bytes free Post-Run: 36,456,939,520 bytes free 121 --- E O F --- 2008-06-02 06:55:01

Profil

bobby Poslao: 02 Jun 2008 14:27 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vidim da je ComboFix pustan vise puta na ovom kompu. Iskoristi opciju Prikaci fajl ispod polja za pisanje poruke i okaci mi sve ranije logove: ComboFix-quarantined-files.txt ComboFix2.txt ComboFix3.txt ComboFix4.txt ComboFix5.txt Ti logovi bi trebali da su negde u folderu C:\Qoobox

Profil

oposum Poslao: 02 Jun 2008 14:37 Idi na vrh
offline oposum Novi MyCity građanin Pridružio: 01 Jun 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix-quarantined-files.txt je ComboFix-quarantined-files.txt ComboFix2.txt ComboFix 08-05-29.1 - Dejan 2008-06-02 9:46:31.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.197 [GMT 2:00] Running from: C:\Documents and Settings\Dejan\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))) . 2008-06-02 08:47 . 2008-03-01 15:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-06-02 08:47 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-06-02 08:47 . 2007-03-08 07:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-06-02 08:47 . 2008-03-01 15:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-06-02 08:47 . 2008-03-01 15:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-06-02 08:47 . 2008-03-01 15:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-06-02 08:47 . 2008-03-01 15:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-06-02 08:47 . 2008-03-01 15:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-06-02 08:47 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-02 08:44 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2008-06-02 08:44 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys 2008-05-30 17:10 . 2001-08-17 15:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2008-05-30 17:09 . 2004-08-04 00:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2008-05-30 17:09 . 2004-08-04 01:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-05-30 17:09 . 2004-08-04 02:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-05-30 17:08 . 2004-08-04 02:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2008-05-30 17:08 . 2004-08-04 01:07 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS 2008-05-30 17:06 . 2008-06-02 09:30 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2008-05-30 17:06 . 2008-05-30 15:16 <DIR> dr------- C:\Documents and Settings\All Users\Documents 2008-05-30 17:05 . 2008-05-30 15:21 261 --a------ C:\WINDOWS\system32\$winnt$.inf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-02 07:47 108,832 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-02 07:47 1,659,424 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-02 07:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-02 07:28 22,208 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-02 07:28 11,912 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-30 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-30 14:39 --------- d-----w C:\Program Files\Microsoft Works 2008-05-30 14:38 --------- d-----w C:\Program Files\MSBuild 2008-05-30 14:14 --------- d-----w C:\Program Files\Analog Devices 2008-05-30 14:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-30 14:11 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-30 14:08 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-05-30 14:08 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-05-30 14:08 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-05-30 13:56 --------- d-----w C:\Program Files\Kaspersky Lab 2008-05-30 13:18 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-02_ 9.13.49.79 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-02 07:05:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-02 07:29:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-06-02 07:11:53 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-02 07:34:09 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-06-02 07:11:53 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-02 07:34:09 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2006-08-03 08:53 53248 C:\WINDOWS\system32\VTTimer.exe] "S3Trayp"="S3trayp.exe" [2006-07-10 20:33 176128 C:\WINDOWS\system32\S3Trayp.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-02-28 14:00 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-12 04:43] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-06-02 09:47:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-06-02 9:48:04 ComboFix-quarantined-files.txt 2008-06-02 07:47:57 ComboFix2.txt 2008-06-02 07:44:44 ComboFix3.txt 2008-06-02 07:27:57 ComboFix4.txt 2008-06-02 07:14:19 Pre-Run: 36,606,078,976 bytes free Post-Run: 36,595,118,080 bytes free 108 --- E O F --- 2008-06-02 06:55:01 ComboFix3.txt ComboFix 08-05-29.1 - Dejan 2008-06-02 9:36:49.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.175 [GMT 2:00] Running from: C:\Documents and Settings\Dejan\Desktop\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))) . 2008-06-02 08:47 . 2008-03-01 15:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-06-02 08:47 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-06-02 08:47 . 2007-03-08 07:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-06-02 08:47 . 2008-03-01 15:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-06-02 08:47 . 2008-03-01 15:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-06-02 08:47 . 2008-03-01 15:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-06-02 08:47 . 2008-03-01 15:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-06-02 08:47 . 2008-03-01 15:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-06-02 08:47 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-02 08:44 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2008-06-02 08:44 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys 2008-05-30 17:10 . 2001-08-17 15:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2008-05-30 17:09 . 2004-08-04 00:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2008-05-30 17:09 . 2004-08-04 01:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-05-30 17:09 . 2004-08-04 02:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-05-30 17:08 . 2004-08-04 02:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2008-05-30 17:08 . 2004-08-04 01:07 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS 2008-05-30 17:06 . 2008-06-02 09:30 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2008-05-30 17:06 . 2008-05-30 15:16 <DIR> dr------- C:\Documents and Settings\All Users\Documents 2008-05-30 17:05 . 2008-05-30 15:21 261 --a------ C:\WINDOWS\system32\$winnt$.inf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-02 07:43 106,784 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-02 07:43 1,585,952 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-02 07:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-02 07:28 22,208 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-02 07:28 11,912 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-30 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-30 14:39 --------- d-----w C:\Program Files\Microsoft Works 2008-05-30 14:38 --------- d-----w C:\Program Files\MSBuild 2008-05-30 14:14 --------- d-----w C:\Program Files\Analog Devices 2008-05-30 14:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-30 14:11 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-30 14:08 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-05-30 14:08 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-05-30 14:08 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-05-30 13:56 --------- d-----w C:\Program Files\Kaspersky Lab 2008-05-30 13:18 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-02_ 9.13.49.79 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-02 07:05:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-02 07:29:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-06-02 07:11:53 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-02 07:34:09 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-06-02 07:11:53 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-02 07:34:09 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2006-08-03 08:53 53248 C:\WINDOWS\system32\VTTimer.exe] "S3Trayp"="S3trayp.exe" [2006-07-10 20:33 176128 C:\WINDOWS\system32\S3Trayp.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-02-28 14:00 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-12 04:43] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-06-02 09:43:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-06-02 9:44:42 ComboFix-quarantined-files.txt 2008-06-02 07:44:38 ComboFix2.txt 2008-06-02 07:27:57 ComboFix3.txt 2008-06-02 07:14:19 Pre-Run: 36,570,890,240 bytes free Post-Run: 36,566,695,936 bytes free 108 --- E O F --- 2008-06-02 06:55:01 ComboFix4.txt 2008-06-02 07:27:57 ComboFix 08-05-29.1 - Dejan 2008-06-02 9:20:55.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.173 [GMT 2:00] Running from: C:\Documents and Settings\Dejan\Desktop\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))) . 2008-06-02 08:47 . 2008-03-01 15:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-06-02 08:47 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-06-02 08:47 . 2007-03-08 07:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-06-02 08:47 . 2008-03-01 15:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-06-02 08:47 . 2008-03-01 15:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-06-02 08:47 . 2008-03-01 15:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-06-02 08:47 . 2008-03-01 15:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-06-02 08:47 . 2008-03-01 15:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-06-02 08:47 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-02 08:44 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2008-06-02 08:44 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys 2008-05-30 17:10 . 2001-08-17 15:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2008-05-30 17:09 . 2004-08-04 00:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2008-05-30 17:09 . 2004-08-04 01:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-05-30 17:09 . 2004-08-04 02:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-05-30 17:08 . 2004-08-04 02:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2008-05-30 17:08 . 2004-08-04 01:07 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS 2008-05-30 17:06 . 2008-06-02 09:18 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2008-05-30 17:06 . 2008-05-30 15:16 <DIR> dr------- C:\Documents and Settings\All Users\Documents 2008-05-30 17:05 . 2008-05-30 15:21 261 --a------ C:\WINDOWS\system32\$winnt$.inf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-02 07:27 1,465,888 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-02 07:26 104,224 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-02 07:15 20,648 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-02 07:15 11,720 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-06-02 07:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-30 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-30 14:39 --------- d-----w C:\Program Files\Microsoft Works 2008-05-30 14:38 --------- d-----w C:\Program Files\MSBuild 2008-05-30 14:14 --------- d-----w C:\Program Files\Analog Devices 2008-05-30 14:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-30 14:11 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-30 14:08 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-05-30 14:08 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-05-30 14:08 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-05-30 13:56 --------- d-----w C:\Program Files\Kaspersky Lab 2008-05-30 13:18 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-02_ 9.13.49.79 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-02 07:05:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-02 07:16:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-06-02 07:11:53 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-02 07:20:35 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-06-02 07:11:53 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-02 07:20:35 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2006-08-03 08:53 53248 C:\WINDOWS\system32\VTTimer.exe] "S3Trayp"="S3trayp.exe" [2006-07-10 20:33 176128 C:\WINDOWS\system32\S3Trayp.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-02-28 14:00 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-12 04:43] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-06-02 09:26:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-06-02 9:27:56 ComboFix-quarantined-files.txt 2008-06-02 07:27:52 ComboFix2.txt 2008-06-02 07:14:19 Pre-Run: 36,618,428,416 bytes free Post-Run: 36,604,411,904 bytes free 107 --- E O F --- 2008-06-02 06:55:01 ComboFix5.txt ComboFix 08-05-29.1 - Dejan 2008-06-02 9:06:06.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.152 [GMT 2:00] Running from: C:\Documents and Settings\Dejan\Desktop\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))) . 2008-06-02 08:47 . 2008-03-01 15:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-06-02 08:47 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-06-02 08:47 . 2007-03-08 07:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-06-02 08:47 . 2008-03-01 15:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-06-02 08:47 . 2008-03-01 15:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-06-02 08:47 . 2008-03-01 15:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-06-02 08:47 . 2008-03-01 15:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-06-02 08:47 . 2008-03-01 15:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-06-02 08:47 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-02 08:44 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2008-06-02 08:44 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys 2008-05-30 17:10 . 2001-08-17 15:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2008-05-30 17:09 . 2004-08-04 00:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2008-05-30 17:09 . 2004-08-04 01:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-05-30 17:09 . 2004-08-04 02:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-05-30 17:08 . 2004-08-04 02:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2008-05-30 17:08 . 2004-08-04 01:07 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS 2008-05-30 17:06 . 2008-06-02 09:05 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2008-05-30 17:06 . 2008-05-30 15:16 <DIR> dr------- C:\Documents and Settings\All Users\Documents 2008-05-30 17:05 . 2008-05-30 15:21 261 --a------ C:\WINDOWS\system32\$winnt$.inf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-02 07:13 102,176 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-02 07:13 1,277,728 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-02 07:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-02 06:56 17,576 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-02 06:56 11,288 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-30 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-30 14:39 --------- d-----w C:\Program Files\Microsoft Works 2008-05-30 14:38 --------- d-----w C:\Program Files\MSBuild 2008-05-30 14:14 --------- d-----w C:\Program Files\Analog Devices 2008-05-30 14:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-30 14:11 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-30 14:08 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-05-30 14:08 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-05-30 14:08 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-05-30 13:56 --------- d-----w C:\Program Files\Kaspersky Lab 2008-05-30 13:18 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2006-08-03 08:53 53248 C:\WINDOWS\system32\VTTimer.exe] "S3Trayp"="S3trayp.exe" [2006-07-10 20:33 176128 C:\WINDOWS\system32\S3Trayp.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-02-28 14:00 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-12 04:43] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-06-02 09:13:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-06-02 9:14:18 ComboFix-quarantined-files.txt 2008-06-02 07:14:13 Pre-Run: 36,585,144,320 bytes free Post-Run: 36,559,552,512 bytes free 97 --- E O F --- 2008-06-02 06:55:01

Profil

bobby Poslao: 02 Jun 2008 15:26 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nista, skroz cisto.

Profil

oposum Poslao: 02 Jun 2008 15:58 Idi na vrh
offline oposum Novi MyCity građanin Pridružio: 01 Jun 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! moze li jos jedna provjera za racunara koji nemoze uopste slati mejlove sa iste lokalne mreze.Hvala Logfile of HijackThis v1.99.1 Scan saved at 15:47:51, on 2.6.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\sm56hlpr.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe F:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.ba/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = shell.windows.com/fileassoc/0409/xml/redir.asp?Ext=pdf O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [KAVWks50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe ComboFix 08-05-29.1 - AZNNT 2008-06-02 15:48:45.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.216 [GMT 2:00] Running from: F:\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-13 09:30 --------- d-----w C:\Documents and Settings\AZNNT\Application Data\AdobeUM 2008-04-16 10:52 --------- d-----w C:\Documents and Settings\AZNNT\Application Data\Ashampoo 2008-04-16 10:51 --------- d-----w C:\Program Files\Ashampoo 2008-04-16 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="sm56hlpr.exe" [2004-12-29 00:01 544768 C:\WINDOWS\sm56hlpr.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696] "KAVWks50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-05-18 21:43 98407] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 klmc;KLMC driver;C:\WINDOWS\system32\drivers\klmc.sys [2006-05-18 22:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d1064f9-2013-11dd-ba44-001731d322bf}] \Shell\Auto\command - Autorun.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2312bf7-6b44-11dc-b9af-001731d322bf}] \Shell\1\Command - .\rundll.exe \Shell\2\Command - .\Rundll.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\Rundll.exe Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-06-02 15:51:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-06-02 15:53:42 ComboFix-quarantined-files.txt 2008-06-02 13:53:16 Pre-Run: 30,351,208,448 bytes free Post-Run: 30,555,754,496 bytes free 67 --- E O F --- 2008-05-28 15:22:01

Profil

bobby Poslao: 02 Jun 2008 16:06 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovaj drugi racunar je u proslosti propatio neku infekciju koja se prenosi putem USB stickova ili slicnih uredjaja. Ostali su tragovi infekcije u reg. bazi. Jel ispravan na ovom kompu menij koji se pojavljuje kada kliknes desnim dugmetom misa na ikonicu USB/CD/DVD drajvova? Ima li bilo kakve nepravilnosti u tom meniju? Sledi fix koji bi to trebao da resi. Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2312bf7-6b44-11dc-b9af-001731d322bf}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » ne mogu da saljem mejlove sa atacmentom

Ko je trenutno na forumu

Ukupno su 866 korisnika na forumu :: 31 registrovanih, 4 sakrivenih i 831 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: airsuba, Bluper, Bojadin Strumski, borya90, brundo65, Darko8, dejanru, draggan, dragoljub11987, goxin, HogarStrashni, hologram, ILGromovnik, Ivica1102, kikisp, krkalon, kvcali, mačković, mgolub, mikki jons, mikrimaus, milenko crazy north, Miškić, oldtimer, pein, prle122, sabros, Stanlio, trutcina, yoshich, zodiac94

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by