MyCity » Ambulanta -> Arhiva Ambulante » hakovan TELNET (+ sumnjiv WebFldr)

hakovan TELNET (+ sumnjiv WebFldr)

Napisano na dan: 8.9.2009

hakovan TELNET (+ sumnjiv WebFldr)

Sledeća strana

Pagination

Odgovori

bestragamuglava Poslao: 08 Sep 2009 00:48 Idi na vrh
offline bestragamuglava Novi MyCity građanin Pridružio: 07 Sep 2009 Poruke: 3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Zdravo, Jako mi je drago da ovakav forum postoji na srpskom (i ostalim jezicima koji se tako osecaju ). Imate sve pohvale od mene. Javljam se sa sinovljevog PC-ja, koji ponekad koristi i cerka (otuda HFSS), a i ja se prosvercujem. Radi na XP SP2. Verovatni uzrok nize opisanog je sto je momak (ma sta momak, momcina!) instalirao igricu AngelsOnline ao.igg.com Alternativno je da je neki od spyware/rootkit programa koje povremeno brisem sa usb diska kojim rukuje cerka (najnoviji su bili MAIL.bin MAIL.dll i MAIL.exe) ipak dospeo u PC. Ili nesto trece sto mi je promaklo. Simptomi i testovi: 1 - firewall (drugi PC) registrovao traffic sa radnom porta, medju kojima udp port 34 (unassigned) sinovljevog PC, na random port, medju kojima port 7024 (vmsc - Vormetric services) razlicitih IP adresa, uglavnom nekih internet gateways i peer hosting (nisam bas sve pregledao); 2 - KAV detektovao sledece (uklonjeno, ali je tu verovatno bilo jos ponecega sto nema veze sa opisanim, ali .exe u System Volume Information je definitivno rootkit; a SMART CARD definitivno ne postoji na PC) : ====== Status: Deleted (events: 1) 14/08/2009 14:57:08 Deleted legal software that can be used by criminals for damaging your computer or personal data not-a-virus:RiskTool.Win32.Reboot.e C:\System Volume Information\_restore{2B036B4B-74BE-4BC3-ACAE-8C6718844E6F}\RP28\A0000818.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Gemplus GemSAFE Card CSP v1.0 C:\WINDOWS\system32\gpkcsp.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Infineon SICRYPT Base Smart Card CSP C:\WINDOWS\system32\sccbase.dll ===== 3 - u servisima ( Control Panel > Administrative Services > Services)TELNET nije moguce pokrenuti, jer: a) TELNET zavisi od RPC (Remote Procedure Call) ??? b) TELNET zavisi od TCP/IP Protocol Driver ??? c) TCP/IP Protocol Driver zavisi od IPSEC Driver ??? Iz ovoga zakljucujem da je od sinovljevog PC napravljen ssh server. 4 - u printerima (Control Panel > Printers) instaliran Microsoft XPS Document Writer, koji definitivno niko nije instalirao (izuzev ako nije dodat instalacijom .NET aplikacija ili Power Shell - to jos nisam stigao da proverim) Iz ovoga zakljucujem da je "IPSEC Driver" instaliran kao printer drajver. 5 - ClamWin antiwirus scan dao sledece zanimljive fajlove kojima nije mogao da pristupi ( Crypto i Smart Card su mi najzanimljiviji - niko od nas troje korisnika nije enkriptovao nista, niti je pravio sertifikate, niti postoji Smart Card): =========== ion denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07511f10d21b064730111f65e381ef85_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0944f34ded68387fd2b39f413fc286da_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0986dcf06b795f8cbb8dc3872a6c2b2d_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09a813383fc6dd45ffd2ca03eb079656_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c166ef15c7fc84a9484b27b0ecccd4f_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e8c61baa1857ee4c07df6d71bcb8d6c_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f1421963ef40b5506a7c8b5d412b902_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f33c9268db53a9921a1340c0ea1d468_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\101dba6e08e7663270ecc50f56c9d141_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\106fa537ff95a4395c281f7e35401eaa_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\11ac00e92323d919a312e7734a63f994_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\13ec8c9dce8a8d0ac5c708b929e6e886_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15b0845b56b46be6d734e58eda8eeeb3_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15b76c9c678e01374a16d323ae17ba20_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19451258c1835ed8b8c84be95e4936cb_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a4c451d57cdd994afa7359281dd16ff_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a65053a9f39011561db7190448662fc_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a7a2afee6475fb4a23804a55d07319a_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e26b93352ed20b8d35e5fb3ccd20ff0_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\210bcc21bab639f7569ab7121f6cc93d_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23ee2f33ebafe5a12679d64e593db295_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\25843e3ea2ce8c902ea23da174645200_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\265b07320212d199cae84300e9a93af4_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2665547664cbc3577a104d78a4571fe2_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2bf82fd696458e71c521a36566243f5b_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c731f9022f3862e19403186380519c4_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ce478a99cc2f3027999f0fe2cd6ee12_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d80cb1fd286068010a275ab57bccb30_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\301ddd1e413950ba320f8ff53ae43888_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\312115dd663c40f3d2ef717101a96537_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\34d9e2b8daa2713f80e1c40afca708db_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\36650b1f12f9828034db5594d3c7d697_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3820fbcde681865f57b4b57409934c2a_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a4abb273dfc005fbe646ba221da85e2_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3b2f4cdff5e81db25f2ea846c84f1f80_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c56cf1d112fc0b22b6e4d63e5e025ba_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3eeef496f15358c31ff54f4edefd60e3_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\422a96936edd443744f9f3bb8469ab21_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\42407aa99b11a00312281f3074a2a22c_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\42798302e6cb202af2799ff08a46cf84_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\428a839fcdd1f526f135a3e8597447c7_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\44003c28bc48ba652bc67ad807f8d5de_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\462ac6f66339ac73427cf8c9b672ce16_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47f2b3dfc6762e76b1d7fb9cb1a7004a_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4951d26dce6ed203c4a89be8be1abb25_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d709dfa802c00d2ccf82f69bba61dd5_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5014b5d39c87df0006ffb3eac66cb9e1_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5136e3295cda41ed8494c2e14e07cca0_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\515c3ba14cb49e440cf71aae9041cd9d_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\577d978ecd01b64e3bb1e7445dd62ac1_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\580202260791b4cf83f254a42923b0f0_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5836b29bac9d367c4db0f7fce4a086d3_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\58bb52de45fc14450993326a0b671309_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b2e533c94ed57d6b9ddcfaedce876d9_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c108a05e339b1548bf67b81c53ca0a9_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ee7695c7f815c9cf8cdab850ef441ab_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f427364a834b6b62fe71bec8cf99211_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\607320a25a92c0e061ca159716961630_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\613d2bd173facd77795d0121d43d5c51_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\627839d48027ba0646aca66a9ff94ef3_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\635c65d8ccf6d980e79790119016cd52_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6480bf441b9cb19e68e4662e28ee53dd_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6585f436f9741e65c0c96dc500b84fee_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6616b95b934f2eef152d92345ab29c5a_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\678bf79c6fc7f5f4df4a349070f26f0d_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\68faf4b8fd55068b88d9bcc55fd07372_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6996b910379b7cb326c0b208602d8e52_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6af83748fdf35cdce465ed07a0a02157_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e774de07cbf70222c94c0df40606ffb_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e7db6e40dab479580cc4297f5a08784_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\70be4565e5c36e54e0fc2735e9d60989_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\739e81231eed23ba3b060330c42627d9_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7694ebf02fb598b2b4088adf2e03cbd1_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\774ef78510a77b47ca113da24504a569_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\78e6b0248940d1c4d5bccd33e441ff17_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\79a5790331c3290be96c45998e566ec3_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ae11b257b2da7a120db23633bc371fc_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b762b1f825f848903d1810a6bfe274c_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d21a40bb1a52765cab73c03b9bb6b78_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84c4cc52b0099f96469ff885afb9e013_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84ebb7023f492fb7e4dd89c2d01baef5_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86bee72e46727f1527eac67bd863255e_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\873b9a359ae1d43f8694a2ba2a61f5cf_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\874b98e81837c5386f42d3123f2ced58_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\88d97c67db7cccb4a44c4d2af6c358ea_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8aee278683de0f8ef7a042579c5751bc_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8ecc2ea73824153d231962a109ab9a84_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90b1a6e093d4b030cdddd851449878b5_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9136a5245f04f7a5f31a443ad32a9d22_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\917507c67ee8560caad1d007b9ae7586_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\91ccb4b362da3835b4b91c49fb367962_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\948db94ebc4c6f9c0282e54184119691_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\978256d1aa500590521b5696297c9ebd_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a420a4e1dea0c54ce3e530cf497e96f_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ad79a0a7b4723d944946631ec980a29_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9cf211fa03d2ae1ffa3aa32e5690d8e3_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a55711e4a1bca92dd435dab7c88ff0a0_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a64f9b979c9bfdcad994afe48ca96270_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a6fc8c0d3f08e20a6b3dd28fb54097f1_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae162412af94f918e62b6d7d383851fb_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b067491fa1dae979ebc0aa4939158d6c_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b15ee3a14cb4b4659b3314c41fd18bfb_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7a0de7d23995c3bcb7b7d93a6b57e4f_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7afccedfb91b7727b3a5745ce4f0748_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b8e8bac5c6d31e2ba4d270ef1f0b28ed_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc3ef4f64fcab00347ed934d603a6b8c_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc6bde1b5661bab78ca600a0922e8293_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bffa90b1def13f69450376bc1f314f91_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2668c960873b944ed8e7fce1e192b67_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c29ec85b5427ff03c9d2f365a694427a_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c544338733aa6e242fdde40a08b3f476_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c54ce61f635ce4e83145f274167898bd_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c607dc7e79013fb3f8a569a6f48c611f_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c69eef64be1648d6f0b1d9071271b0bf_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7b3538b62fb46a2d521e2ee46c017e7_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8cb27861d1fcac83529e12653f81d61_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf1bac4a8fe3546428dbad35f8cb3802_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf3dbf51bf04ce8956a722d47c3bdc29_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf5557ff8ca6b2b238ced3f3f0172193_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cfc63ce32437ae4be215535413bd2fd6_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d43d90778f9bf12982e16f1ee2300156_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d44402c768fc9dbab15c966f77facf9b_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4d1c65a390f29f40bb2eab4f02dc7c0_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9002dc79e4cd4dbcd7e914ebc212190_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d98366f820b3d524329f69bd497291d2_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db144728964e0a1e422eafade54a7e0f_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dca40186d9d4dc0f1db4ee901d8f0f92_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df7aa778f8886b7c299b2c8862ab88be_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e03737d83ec066ba908f49a3817873ff_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e38447323a3b8a58cef2d9e51fa1fba3_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e3911e37cc48771da0db3b859ca50ebe_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e3ccc92bb9b5680b4226fd1c04c0b793_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e3feaab07ae6b87cfd404cf83399a1c0_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4950116fb6e3cf38e922e4df428bbc0_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e572afee9d8f06ab47afcaff5e3d31da_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e9336f16b62adaf7f98d1e783e9f8c57_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e96cec074b6641939cc1f514a3bd5fb8_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f5424d5865d9d557724692b9ff013e6a_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f7d4aa95dc9a8df634feb8667ad16add_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f995f6205c105368e50fea1affbd4166_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc77aa9d9307851f144d2b04c6339802_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd16fda2d43b1458d7c95e2287082870_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\feeb0760d0e2d6712c8325af3c9d063d_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff6d069902df0f88c4465a6e779ccd5e_c422e14b-b2a6-4765-af01-6ee6d468d350: Permission denied C:\Documents and Settings\lazar\Application Data\OnlineArmor\client.dat: Permission denied C:\Documents and Settings\lazar\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db: Permission denied C:\Documents and Settings\lazar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Permission denied C:\Documents and Settings\lazar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Permission denied C:\Documents and Settings\lazar\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\79CB2F99-4BE7-4BF6-99B8-9064148262C1: Permission denied C:\Documents and Settings\lazar\NTUSER.DAT: Permission denied C:\Documents and Settings\lazar\NTUSER.DAT.LOG: Permission denied C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Permission denied C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Permission denied C:\Documents and Settings\LocalService\NTUSER.DAT: Permission denied C:\Documents and Settings\LocalService\ntuser.dat.LOG: Permission denied C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Permission denied C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Permission denied C:\Documents and Settings\NetworkService\NTUSER.DAT: Permission denied C:\Documents and Settings\NetworkService\ntuser.dat.LOG: Permission denied C:\hiberfil.sys: Permission denied C:\pagefile.sys: Permission denied C:\Program Files\Tall Emu\Online Armor\firewall.dat: Permission denied C:\Program Files\Tall Emu\Online Armor\fwdata.dat: Permission denied C:\Program Files\Tall Emu\Online Armor\oacached.dat: Permission denied C:\Program Files\Tall Emu\Online Armor\programs.dat: Permission denied C:\Program Files\Tall Emu\Online Armor\reference.dat: Permission denied C:\Program Files\Tall Emu\Online Armor\server.dat: Permission denied C:\Program Files\Tall Emu\Online Armor\signs.dat: Permission denied C:\Program Files\Tall Emu\Online Armor\sites.dat: Permission denied C:\Program Files\Tall Emu\Online Armor\taskman.dat: Permission denied C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb: Permission denied C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log: Permission denied C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb: Permission denied C:\WINDOWS\system32\CatRoot2\edb.log: Permission denied C:\WINDOWS\system32\CatRoot2\tmp.edb: Permission denied C:\WINDOWS\system32\config\default: Permission denied C:\WINDOWS\system32\config\default.LOG: Permission denied C:\WINDOWS\system32\config\SAM: Permission denied C:\WINDOWS\system32\config\SAM.LOG: Permission denied C:\WINDOWS\system32\config\SECURITY: Permission denied C:\WINDOWS\system32\config\SECURITY.LOG: Permission denied C:\WINDOWS\system32\config\software: Permission denied C:\WINDOWS\system32\config\software.LOG: Permission denied C:\WINDOWS\system32\config\system: Permission denied C:\WINDOWS\system32\config\system.LOG: Permission denied C:\WINDOWS\system32\drivers\ISwift3.dat: Permission denied C:\WINDOWS\Temp\cchC04.tmp: Permission denied C:\WINDOWS\Temp\cchC05.tmp: Permission denied C:\WINDOWS\Temp\cchC0A.tmp: Permission denied C:\WINDOWS\Temp\cchC0B.tmp: Permission denied ----------- SCAN SUMMARY ----------- Known viruses: 608810 Engine version: 0.95.2 Scanned directories: 4755 Scanned files: 34475 Infected files: 0 Data scanned: 7932.14 MB Data read: 12662.59 MB (ratio 0.63:1) Time: 4663.141 sec (77 m 43 s) -------------------------------------- Completed -------------------------------------- =========== 6 - nmap scan (spolja) oktrio: PORT STATE SERVICE VERSION 1110/tcp open tcpwrapped 19780/tcp open unknown? 7 - Windows Defender i Malicious Software Removal Tool Windows Defender found no unwanted or harmful software Malicious Software Removal Tool detected no malicious software 8 - HijackThis ======== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:17:42, on 15/08/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ClamWin\bin\ClamTray.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Privoxy\privoxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\regedit.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118 R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{6DBE63B4-E78A-43C3-BE4A-C4A2EED2DF5F}: NameServer = OVOSAMIZMENIO O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 4817 bytes ================= Pre nego sto okacim DDS i GMER, da kazem da je prilicno jasno da je od PC-ja napravljen remote ssh server, verovatno instaliranjem "printera" i njegovog "drajvera", sto je omoguceno prebrzim kliktanjem na opciju dozvoli u OnlineArmor fajreval. Ono sto pokusavam da utvrdim, u meri u kojoj je to moguce, je sta je sve, i kako, spyware uradio, da bih, nakon ciste instalacije, sinu mogao da dozvolim da igricu ponovo instalira, ali ovaj put bez pratecih efekata. Zahvalan sam za svaku pomoc i pristupicu formatiranju i novoj instalaciji tek kada bude iscrpljena potreba za dodatnim testovima. Napomena: C:\openbsd.pbr nije maliciozno, a WebFldrs NE KORISTI NIKO sa ovog PC (link en.kioskea.net/faq/sujet-854-what-is-webfldrs ) =========== DDS DDS (Ver_09-07-30.01) - NTFSx86 Run by lazar at 18:35:33.95 on 07/09/2009 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.472 [GMT 2:00] FW: Online Armor Firewall enabled {B797DAA0-7E2E-4711-8BB3-D12744F1922A} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ClamWin\bin\ClamTray.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Privoxy\privoxy.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\regedit.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\lazar\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118 uInternet Settings,ProxyOverride = <local> uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\WidgiToolbarIE.dll BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\WidgiToolbarIE.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [SearchSettings] c:\program files\pdfforge toolbar\SearchSettings.exe mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe" mRun: [SoundMan] SOUNDMAN.EXE mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\privoxy.lnk - c:\program files\privoxy\privoxy.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 TCP: {6DBE63B4-E78A-43C3-BE4A-C4A2EED2DF5F} = 212.200.191.166,192.168.1.254 SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\lazar\applic~1\mozilla\firefox\profiles\9e514zdv.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8118 FF - prefs.js: network.proxy.type - 1 FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ============= SERVICES / DRIVERS =============== R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-6-17 198224] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-6-17 31824] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-6-17 29776] R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-6-17 361672] R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2009-6-17 3052744] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 mbr;mbr;\??\c:\docume~1\lazar\locals~1\temp\mbr.sys --> c:\docume~1\lazar\locals~1\temp\mbr.sys [?] S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [2009-8-20 61536] S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\drivers\se46mdfl.sys [2009-8-20 9360] S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\drivers\se46mdm.sys [2009-8-20 97088] S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se46mgmt.sys [2009-8-20 88624] S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\drivers\se46nd5.sys [2009-8-20 18704] S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\drivers\se46obex.sys [2009-8-20 86432] S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\drivers\se46unic.sys [2009-8-20 90800] =============== Created Last 30 ================ 2009-08-21 22:50 <DIR> --d----- c:\program files\MSXML 4.0 2009-08-20 20:15 18,704 a----r-- c:\windows\system32\drivers\se46nd5.sys 2009-08-20 20:14 90,800 a----r-- c:\windows\system32\drivers\se46unic.sys 2009-08-20 20:14 4,128 a----r-- c:\windows\system32\drivers\se46cr.sys 2009-08-20 20:14 88,624 a----r-- c:\windows\system32\drivers\se46mgmt.sys 2009-08-20 20:14 86,432 a----r-- c:\windows\system32\drivers\se46obex.sys 2009-08-20 20:14 97,088 a----r-- c:\windows\system32\drivers\se46mdm.sys 2009-08-20 20:14 9,360 a----r-- c:\windows\system32\drivers\se46mdfl.sys 2009-08-20 20:14 6,240 a----r-- c:\windows\system32\drivers\se46cmnt.sys 2009-08-20 20:14 6,240 a----r-- c:\windows\system32\drivers\se46cm.sys 2009-08-20 20:14 61,536 a----r-- c:\windows\system32\drivers\se46bus.sys 2009-08-20 20:14 5,872 a----r-- c:\windows\system32\drivers\se46whnt.sys 2009-08-20 20:14 5,872 a----r-- c:\windows\system32\drivers\se46wh.sys 2009-08-20 19:58 <DIR> --d----- c:\docume~1\lazar\applic~1\Teleca 2009-08-20 19:55 <DIR> --d----- c:\docume~1\lazar\applic~1\Sony Ericsson 2009-08-20 19:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Ericsson 2009-08-20 19:43 <DIR> --d----- c:\program files\common files\Sony Ericsson Shared 2009-08-20 19:43 <DIR> --d----- c:\program files\common files\Teleca Shared 2009-08-20 19:43 <DIR> --d----- c:\program files\Sony Ericsson 2009-08-20 19:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Teleca 2009-08-20 19:43 <DIR> --d----- c:\windows\Downloaded Installations 2009-08-16 10:32 512 a------- C:\openbsd.pbr 2009-08-15 15:16 <DIR> --d----- c:\program files\Trend Micro 2009-08-14 16:51 <DIR> --d----- c:\program files\ClamWin 2009-08-14 16:51 <DIR> --d----- c:\documents and settings\all users\.clamwin 2009-08-14 12:04 <DIR> --d----- c:\docume~1\lazar\applic~1\.clamwin 2009-08-14 11:07 <DIR> --d----- c:\windows\system32\XPSViewer 2009-08-14 11:06 <DIR> --d----- C:\7d86d39ec326ceed86630a9bf1a5 2009-08-14 11:06 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-08-14 11:06 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-08-14 11:06 117,760 -------- c:\windows\system32\prntvpt.dll 2009-08-14 11:03 <DIR> --d----- c:\program files\MSXML 6.0 2009-08-12 23:35 <DIR> --d----- c:\windows\ServicePackFiles ==================== Find3M ==================== 2009-08-17 18:30 194,984 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat 2009-08-05 11:11 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 20:55 58,880 a------- c:\windows\system32\atl.dll 2009-07-16 23:09 47,616 a------- c:\windows\system32\drivers\Haspnt.sys 2009-07-16 23:09 6,656 a------- c:\windows\system32\haspvdd.dll 2009-07-13 02:18 233,472 a------- c:\windows\system32\wmpdxm.dll 2009-06-26 18:18 659,456 a------- c:\windows\system32\wininet.dll 2009-06-26 18:18 81,920 a------- c:\windows\system32\ieencode.dll 2009-06-25 20:36 661,504 a------- c:\windows\system32\mqqm.dll 2009-06-25 20:36 517,120 a------- c:\windows\system32\mqsnap.dll 2009-06-25 20:36 471,552 a------- c:\windows\system32\mqutil.dll 2009-06-25 20:36 225,280 a------- c:\windows\system32\mqoa.dll 2009-06-25 20:36 186,880 a------- c:\windows\system32\mqtrig.dll 2009-06-25 20:36 177,152 a------- c:\windows\system32\mqrt.dll 2009-06-25 20:36 138,240 a------- c:\windows\system32\mqad.dll 2009-06-25 20:36 123,392 a------- c:\windows\system32\mqrtdep.dll 2009-06-25 20:36 95,744 a------- c:\windows\system32\mqsec.dll 2009-06-25 20:36 48,640 a------- c:\windows\system32\mqupgrd.dll 2009-06-25 20:36 47,104 a------- c:\windows\system32\mqdscli.dll 2009-06-25 20:36 16,896 a------- c:\windows\system32\mqise.dll 2009-06-25 10:44 724,480 a------- c:\windows\system32\lsasrv.dll 2009-06-25 10:44 298,496 a------- c:\windows\system32\kerberos.dll 2009-06-25 10:44 168,448 a------- c:\windows\system32\schannel.dll 2009-06-25 10:44 133,632 a------- c:\windows\system32\msv1_0.dll 2009-06-25 10:44 59,392 a------- c:\windows\system32\wdigest.dll 2009-06-25 10:44 56,320 a------- c:\windows\system32\secur32.dll 2009-06-22 13:49 117,248 a------- c:\windows\system32\mqtgsvc.exe 2009-06-22 13:49 19,968 a------- c:\windows\system32\mqbkup.exe 2009-06-22 13:49 4,608 a------- c:\windows\system32\mqsvc.exe 2009-06-16 16:55 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 16:55 82,432 a------- c:\windows\system32\fontsub.dll 2009-06-12 13:50 80,896 a------- c:\windows\system32\tlntsess.exe 2009-06-12 13:50 76,288 a------- c:\windows\system32\telnet.exe 2009-06-10 16:21 84,992 a------- c:\windows\system32\avifil32.dll 2009-06-10 08:32 132,096 a------- c:\windows\system32\wkssvc.dll ============= FINISH: 18:36:46.90 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

argus Poslao: 08 Sep 2009 09:36 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

bestragamuglava Poslao: 08 Sep 2009 16:29 Idi na vrh
offline bestragamuglava Novi MyCity građanin Pridružio: 07 Sep 2009 Poruke: 3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-09-07.05 - lazar 08/09/2009 15:54.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.672 [GMT 2:00] Running from: c:\documents and settings\lazar\Desktop\ComboFix.exe FW: Online Armor Firewall enabled {B797DAA0-7E2E-4711-8BB3-D12744F1922A} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\lazar\LOCALS~1\Temp\catchme.dll c:\documents and settings\lazar\Local Settings\Temp\catchme.dll c:\program files\pdfforge Toolbar\SearchSettings.dll c:\windows\Installer\1d7dc72.msi . ((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 ))))))))))))))))))))))))))))))) . 2009-08-26 21:03 . 2009-08-26 21:03 -------- d-----w- c:\documents and settings\sanja\Application Data\Teleca 2009-08-26 21:03 . 2009-08-26 21:03 -------- d-----w- c:\documents and settings\sanja\Application Data\.clamwin 2009-08-26 21:03 . 2009-08-26 21:03 -------- d-----w- c:\documents and settings\sanja\Application Data\Sony Ericsson 2009-08-21 20:50 . 2009-08-21 20:50 -------- d-----w- c:\program files\MSXML 4.0 2009-08-20 18:15 . 2006-11-30 13:11 18704 ----a-r- c:\windows\system32\drivers\se46nd5.sys 2009-08-20 18:14 . 2006-11-30 13:11 90800 ----a-r- c:\windows\system32\drivers\se46unic.sys 2009-08-20 18:14 . 2006-11-30 13:11 4128 ----a-r- c:\windows\system32\drivers\se46cr.sys 2009-08-20 18:14 . 2006-11-30 13:11 88624 ----a-r- c:\windows\system32\drivers\se46mgmt.sys 2009-08-20 18:14 . 2006-11-30 13:11 86432 ----a-r- c:\windows\system32\drivers\se46obex.sys 2009-08-20 18:14 . 2006-11-30 13:11 97088 ----a-r- c:\windows\system32\drivers\se46mdm.sys 2009-08-20 18:14 . 2006-11-30 13:11 9360 ----a-r- c:\windows\system32\drivers\se46mdfl.sys 2009-08-20 18:14 . 2006-11-30 13:11 6240 ----a-r- c:\windows\system32\drivers\se46cmnt.sys 2009-08-20 18:14 . 2006-11-30 13:11 6240 ----a-r- c:\windows\system32\drivers\se46cm.sys 2009-08-20 18:14 . 2006-11-30 13:11 5872 ----a-r- c:\windows\system32\drivers\se46whnt.sys 2009-08-20 18:14 . 2006-11-30 13:11 5872 ----a-r- c:\windows\system32\drivers\se46wh.sys 2009-08-20 18:14 . 2006-11-30 13:11 61536 ----a-r- c:\windows\system32\drivers\se46bus.sys 2009-08-20 17:58 . 2009-08-20 17:58 -------- d-----w- c:\documents and settings\lazar\Application Data\Teleca 2009-08-20 17:55 . 2009-08-20 17:55 -------- d-----w- c:\documents and settings\lazar\Application Data\Sony Ericsson 2009-08-20 17:44 . 2009-08-20 17:47 -------- dc----w- c:\windows\system32\DRVSTORE 2009-08-20 17:44 . 2009-08-20 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson 2009-08-20 17:43 . 2009-08-20 17:44 -------- d-----w- c:\program files\Common Files\Sony Ericsson Shared 2009-08-20 17:43 . 2009-08-20 17:44 -------- d-----w- c:\program files\Common Files\Teleca Shared 2009-08-20 17:43 . 2009-08-20 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca 2009-08-20 17:43 . 2009-08-20 17:43 -------- d-----w- c:\program files\Sony Ericsson 2009-08-20 17:43 . 2009-08-20 17:43 -------- d-----w- c:\windows\Downloaded Installations 2009-08-15 13:16 . 2009-08-15 13:16 -------- d-----w- c:\program files\Trend Micro 2009-08-14 14:51 . 2009-08-14 15:00 -------- d-----w- c:\documents and settings\sanja\.clamwin 2009-08-14 14:51 . 2009-08-14 14:51 -------- d-----w- c:\program files\ClamWin 2009-08-14 14:51 . 2009-08-14 14:51 -------- d-----w- c:\documents and settings\All Users\.clamwin 2009-08-14 14:35 . 2009-08-14 14:35 -------- d-----w- c:\program files\Windows Defender 2009-08-14 10:04 . 2009-08-14 10:06 -------- d-----w- c:\documents and settings\lazar\Application Data\.clamwin 2009-08-14 09:07 . 2009-08-14 09:07 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-14 09:07 . 2009-08-14 09:07 -------- d-----w- c:\program files\MSBuild 2009-08-14 09:07 . 2009-08-14 09:07 -------- d-----w- c:\program files\Reference Assemblies 2009-08-14 09:06 . 2009-08-14 09:06 -------- d-----w- C:\7d86d39ec326ceed86630a9bf1a5 2009-08-14 09:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-14 09:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-14 09:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-14 09:03 . 2009-08-14 09:03 -------- d-----w- c:\program files\MSXML 6.0 2009-08-12 21:35 . 2009-08-12 21:35 -------- d-----w- c:\windows\ServicePackFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-08 14:04 . 2009-06-01 07:31 -------- d-----w- c:\program files\pdfforge Toolbar 2009-09-03 10:09 . 2009-07-29 20:40 -------- d-----w- c:\program files\Angels Online 2009-08-26 21:03 . 2009-06-03 19:22 12328 ----a-w- c:\documents and settings\sanja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-25 20:05 . 2009-07-12 12:43 -------- d-----w- c:\documents and settings\lazar\Application Data\vlc 2009-08-14 15:33 . 2009-06-01 06:01 -------- d-----w- c:\program files\Privoxy 2009-08-14 12:16 . 2009-06-01 05:16 12328 ----a-w- c:\documents and settings\lazar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-14 09:00 . 2009-06-17 11:06 -------- d-----w- c:\documents and settings\lazar\Application Data\OnlineArmor 2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-01 19:29 . 2009-08-01 19:29 -------- d-----w- c:\program files\MrEdSoftware 2009-07-22 17:17 . 2009-06-03 20:30 -------- d-----w- c:\documents and settings\sanja\Application Data\U3 2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-16 22:02 . 2009-07-16 22:02 -------- d-----w- c:\program files\Ansoft 2009-07-16 22:02 . 2009-06-16 16:35 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-16 21:09 . 2009-07-16 21:09 6656 ----a-w- c:\windows\system32\haspvdd.dll 2009-07-16 21:09 . 2009-07-16 21:09 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys 2009-07-16 21:09 . 2009-07-16 21:09 383 ----a-w- c:\windows\system32\haspdos.sys 2009-07-16 14:36 . 2009-06-01 08:56 -------- d-----w- c:\program files\WinBoard-4.2.7 2009-07-13 00:18 . 2004-08-04 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-12 12:42 . 2009-07-12 12:42 -------- d-----w- c:\program files\VideoLAN 2009-06-26 16:18 . 2004-08-04 12:00 659456 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:18 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-06-25 18:36 . 2004-08-04 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2004-08-04 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2004-08-04 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2004-08-04 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2004-08-04 12:00 471552 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2004-08-04 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2004-08-04 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2004-08-04 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2004-08-04 12:00 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2004-08-04 12:00 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 18:36 . 2004-08-04 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-25 08:44 . 2004-08-04 12:00 724480 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:44 . 2004-08-04 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:44 . 2004-08-04 12:00 56320 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:44 . 2004-08-04 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:44 . 2004-08-04 12:00 168448 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:44 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-22 11:49 . 2004-08-04 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 2004-08-04 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 2004-08-04 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 2004-08-04 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys 2009-06-22 11:34 . 2004-08-04 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 11:50 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 11:50 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:21 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] 2009-05-04 14:32 650752 ----a-w- c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-05-04 650752] [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-03-30 970240] "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-04-28 2045128] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2009-06-11 86016] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-07-22 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Privoxy.lnk - c:\program files\Privoxy\privoxy.exe [2009-3-22 315904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-04-28 335048] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [17/06/2009 13:06 198224] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [17/06/2009 13:06 31824] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [17/06/2009 13:06 29776] R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [17/06/2009 13:06 361672] R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [17/06/2009 13:06 3052744] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592] S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [20/08/2009 20:14 61536] S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\drivers\se46mdfl.sys [20/08/2009 20:14 9360] S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\drivers\se46mdm.sys [20/08/2009 20:14 97088] S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se46mgmt.sys [20/08/2009 20:14 88624] S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\drivers\se46nd5.sys [20/08/2009 20:15 18704] S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\drivers\se46obex.sys [20/08/2009 20:14 86432] S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\drivers\se46unic.sys [20/08/2009 20:14 90800] . Contents of the 'Scheduled Tasks' folder 2009-09-08 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118 uInternet Settings,ProxyOverride = <local> TCP: {6DBE63B4-E78A-43C3-BE4A-C4A2EED2DF5F} = 212.200.191.166,192.168.1.254 FF - ProfilePath - c:\documents and settings\lazar\Application Data\Mozilla\Firefox\Profiles\9e514zdv.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8118 FF - prefs.js: network.proxy.type - 1 FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-09-08 16:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\docume~1\lazar\LOCALS~1\Temp\catchme.dll 53248 bytes executable scan completed successfully hidden files: 1 ************************************************************************ . Completion time: 2009-09-08 16:09 ComboFix-quarantined-files.txt 2009-09-08 14:08 Pre-Run: 18,208,927,744 bytes free Post-Run: 19,398,156,288 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect C:\openbsd.pbr "OpenBSD" 198 --- E O F --- 2009-09-06 20:12

Profil

argus Poslao: 08 Sep 2009 18:59 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! c:\program files\pdfforge Toolbar Ovaj toolbar mozes da deinstaliras, masina je cista. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: combofix /u Primeti da postoji razmak između "ComboFix" i "/u". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

bestragamuglava Poslao: 11 Sep 2009 08:40 Idi na vrh
offline bestragamuglava Novi MyCity građanin Pridružio: 07 Sep 2009 Poruke: 3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 08 Sep 2009 20:34 Hvala lepo. Svako dobro, i napisite ako korisnici mogu negde da Vas pohvale. Dopuna: 11 Sep 2009 8:40 @argus Da li je moguce saznati koji je od alata modifikovao BOOT.INI u BOOT.BAK? Hvala unapred.

Profil

argus Poslao: 11 Sep 2009 12:18 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To je uradio Combofix, ovde imas detaljno objasnjenje i bat fajl za uklanjanje RConsole. http://www.mycity.rs/Windows/Deinstalacija-Recovery-Console.html

Profil

MyCity » Ambulanta -> Arhiva Ambulante » hakovan TELNET (+ sumnjiv WebFldr)

Ko je trenutno na forumu

Ukupno su 961 korisnika na forumu :: 26 registrovanih, 3 sakrivenih i 932 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: BORUTUS, Boskovic, BraneS, brundo65, cikadeda, CrazySerb_MLD, doloress, dragoljub11987, Dragomir1970, koom0001, Kriglord, krkalon, kunktator, m0nstrum_, mikki jons, milenko crazy north, Nemanja.M, novator, Prašinar, Recce, sombrero, SR-3m, tubular, Viktor Petrenko, VladaKG1980, yrraf

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by