Prijava na forum:
Ime:
Lozinka:
Prijavi me trajno:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:

ConQUIZtador
Trenutno vreme je: 28. Mar 2024, 16:00:11
nazadnapred
Korisnici koji su trenutno na forumu 0 članova i 1 gost pregledaju ovu temu.

 Napomena: Za sva pitanja u vezi kupovine novog hardware-a ili procene vrednosti i preporuke koristite - ovu temu

Spyware,sta je,kako radi,kako se zastititi? :: Kako rade mreze :: Burek Anti-virus software review :: Index tema koje ne treba propustiti

Idi dole
Stranice:
2 3 4
Počni novu temu Nova anketa Odgovor Štampaj Dodaj temu u favorite Pogledajte svoje poruke u temi
Tema: lsass.exe  (Pročitano 14280 puta)
22. Jun 2009, 18:07:02
Poznata licnost


???

Zodijak
Pol Muškarac
Poruke 3144
Zastava Kapiri Mposhi
OS
Windows XP
Browser
Mozilla Firefox 3.5
mob
HTC 
Znam da postoji sistemski fajl lsass ali takodje postoji i virus pod istim imenom. Sad ne znam da li je normalno da u Task menager-u imam dva pokrenuta lsass fajla ili je jedan od njih virus? Imam instaliran KIS, malwarebytes i ad-aware koji nista ne detektuju, jedino cudno sto se sa kompom desava je to da dok sam na netu preko firefoxa ponekad se na sekund-dva pokrene internet explorer i nestane?!? I jos nesto, mozda nema veze s ovima ali cisto da napomenem, tastautra mi je nekako 'poludela'. Dok kucam ovu poruku ili nesto u word-u i kada hocu veliko slovo preko shift+slovo ono nece, ako drzim shift i pritisnem recimo slovo A nista se ne pojavljuje, ako drzeci shift pritisnem nekoli okputa slovo A tek kad pustim shift on ispali aaaaaaaaaaaa (mala slova, onoliko koliko sam puta pritisnuo to slovo.)

skinucu hijack pa cu okaciti log

Smile chelavi  Smile bilo ko

Fajlovi prikačeni uz poruku (kliknite na slike za punu veličinu)

untitled.jpg
(52.1 KB, 392x454)
« Poslednja izmena: 22. Jun 2009, 18:11:09 od avanguardia »
IP sačuvana
social share
MALO NAS JE - AL SMO GOVNA!!!
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Poznata licnost


???

Zodijak
Pol Muškarac
Poruke 3144
Zastava Kapiri Mposhi
OS
Windows XP
Browser
Mozilla Firefox 3.5
mob
HTC 
Evo ga i HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:06 PM, on 6/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Programi\AdAware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Conexant\Adsl\dslstat.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Programi\java\bin\jusched.exe
C:\Win\lsass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Programi\java\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programi\java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programi\java\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programi\java\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [run32] C:\Win\lsass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Vuk"
O8 - Extra context menu item: Dodaj u zaštitu od reklama - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Stastistika zaštite mrežnog saobracaja - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1487410-955D-4D39-AC81-ACDAB0AD4999}: NameServer = 77.105.0.19 77.105.0.18
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programi\AdAware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programi\java\bin\jqs.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 7770 bytes
IP sačuvana
social share
MALO NAS JE - AL SMO GOVNA!!!
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Prijatelj foruma
Poznata licnost

MC- argus

Zodijak
Pol Muškarac
Poruke 4467
Zastava
OS
Windows XP
Browser
Mozilla Firefox 3.0.11
mob
HTC 
Da imas crva, evo ga     C:\Win\lsass.exe
Ovaj je legitiman         C:\WINDOWS\system32\lsass.exe

Vidis li razliku ?

« Poslednja izmena: 22. Jun 2009, 18:52:59 od Filip93 »
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Moderator
Legenda foruma


Zodijak Taurus
Pol Muškarac
Poruke 31625
Zastava Beograd
OS
Windows XP
Browser
Opera 9.64
mob
Nokia 6120
Pozdrav, skini sledeci tool, i skeniraj sa njime racunar: Link
Uputstvo se nalazi na linku iznad, a kada zavrsis daj sve Hijackthis log. Smile
IP sačuvana
social share
Pogledaj profil WWW
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Poznata licnost


???

Zodijak
Pol Muškarac
Poruke 3144
Zastava Kapiri Mposhi
OS
Windows XP
Browser
Mozilla Firefox 3.5
mob
HTC 

Hvala obojici na brzim i efikasnim odgovorima  Smile

skenirao sam malwarebytes-om i evo slike sta mi je sad nasao, ovo prvo na listi mi deluje bas zlokobno.

m-bytes mi trazi restart da bi uspesno uklonio pronadjeno pa cim restartujem skeniracu s combo fix-om da pogledate da li ima jos malicioznih programa.

evo i loga od malwarebytes-a:

Malwarebytes' Anti-Malware 1.38
Verzija baze podataka: 2318
Windows 5.1.2600 Service Pack 3

6/22/2009 6:47:35 PM
mbam-log-2009-06-22 (18-47-35).txt

Tip skeniranja: Kompletno Skeniranje (C:\|D:\|E:\|)
Skeniranih objekata: 206169
Proteklo vreme: 26 minute(s), 2 second(s)

Inficirani procesi u memoriji: 1
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 0
Inficirane vrednosti u registru: 1
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 3

Inficirani procesi u memoriji:
C:\Win\lsass.exe (Worm.Autoit) -> Unloaded process successfully.

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani kljuèevi u registru:
(Maliciozne stavke nisu detektovane)

Inficirane vrednosti u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\run32 (Worm.Autoit) -> Quarantined and deleted successfully.

Inficirani podaci u registru:
(Maliciozne stavke nisu detektovane)

Inficirane fascikle:
(Maliciozne stavke nisu detektovane)

Inficirane datoteke:
c:\system volume information\_restore{f5c2d345-bad3-4162-b6f6-1ce905a02a82}\RP4\A0000457.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Win\lsass.exe (Worm.Autoit) -> Quarantined and deleted successfully.
C:\Win\names.txt (Worm.Autoit) -> Quarantined and deleted successfully.

Fajlovi prikačeni uz poruku (kliknite na slike za punu veličinu)

mallwareb.jpg
(90.87 KB, 754x277)
IP sačuvana
social share
MALO NAS JE - AL SMO GOVNA!!!
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Moderator
Legenda foruma


Zodijak Taurus
Pol Muškarac
Poruke 31625
Zastava Beograd
OS
Windows XP
Browser
Opera 9.64
mob
Nokia 6120
Sacekaj sa ComboFix-om.
Uradi ovo sto sam ti napisao dva posta iznad. Smile
IP sačuvana
social share
Pogledaj profil WWW
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Poznata licnost


???

Zodijak
Pol Muškarac
Poruke 3144
Zastava Kapiri Mposhi
OS
Windows XP
Browser
Mozilla Firefox 3.5
mob
HTC 
Filipe tek sad sam video tvoj zadnji post  Smile  Vec sam uradio scan s combo fix-om

evo ga log:

ComboFix 09-06-21.01 - Vuk 06/22/2009 19:03.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1512 [GMT -7:00]
Running from: c:\documents and settings\Vuk\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mfc45.dll

.
(((((((((((((((((((((((((   Files Created from 2009-05-23 to 2009-06-23  )))))))))))))))))))))))))))))))
.

2009-06-23 01:09 . 2009-06-23 01:09   --------   d-----w-   c:\program files\Trend Micro
2009-06-19 05:33 . 2009-06-19 05:33   --------   d-----w-   c:\windows\Sun
2009-06-12 20:25 . 2009-06-12 20:25   --------   d-----w-   c:\program files\Common Files\Pointstone
2009-06-12 20:15 . 2009-06-12 20:15   64   --sh--r-   c:\windows\system32\SESdemo.drv
2009-06-12 19:54 . 2009-06-12 19:54   410984   ----a-w-   c:\windows\system32\deploytk.dll
2009-06-12 19:53 . 2009-06-12 19:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2009-06-12 19:53 . 2009-06-12 19:53   152576   ----a-w-   c:\documents and settings\Vuk\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-11 08:02 . 2009-06-11 08:02   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2009-06-10 08:26 . 2009-04-30 21:22   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2009-06-10 08:26 . 2009-04-30 21:22   1985024   -c----w-   c:\windows\system32\dllcache\iertutil.dll
2009-06-10 08:26 . 2009-04-30 21:22   246272   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 08:26 . 2009-04-30 21:22   11064832   -c----w-   c:\windows\system32\dllcache\ieframe.dll
2009-06-09 10:58 . 2009-06-09 10:58   --------   d-----w-   c:\documents and settings\Administrator.VUK-48F2113C5B2\Application Data\Malwarebytes
2009-06-09 10:58 . 2009-06-09 10:58   --------   d-sh--w-   c:\documents and settings\Administrator.VUK-48F2113C5B2\IETldCache
2009-06-09 10:26 . 2009-06-09 10:26   --------   d-----w-   c:\program files\Ontrack
2009-06-03 23:10 . 2001-08-17 20:56   7552   -c--a-w-   c:\windows\system32\dllcache\sonypvu1.sys
2009-06-03 23:10 . 2001-08-17 20:56   7552   ----a-w-   c:\windows\system32\drivers\SONYPVU1.SYS
2009-06-03 23:01 . 2009-06-03 23:01   --------   d-----w-   c:\documents and settings\Vuk\Application Data\Sony Corporation
2009-06-03 22:41 . 2002-10-16 05:41   102220   ----a-w-   c:\windows\system32\drivers\sonypvs1.sys
2009-06-03 22:41 . 2001-11-05 16:23   299923   ----a-w-   c:\windows\system32\drivers\sonyhcs.sys
2009-06-03 22:41 . 2001-11-05 16:23   38739   ----a-w-   c:\windows\system32\drivers\sonyhcc.sys
2009-06-03 22:41 . 2001-11-05 16:23   6097   ----a-w-   c:\windows\system32\drivers\sonyhcb.sys
2009-06-03 22:41 . 2001-07-04 03:39   3654   ----a-w-   c:\windows\system32\drivers\Sonyhcp.dll
2009-06-03 22:41 . 2001-07-04 03:33   53248   ----a-w-   c:\windows\system32\SONYHCY.DLL
2009-06-03 22:41 . 2009-06-03 22:41   --------   d-----w-   C:\Drivers
2009-05-31 21:47 . 2009-05-31 21:47   --------   d-----w-   c:\program files\OpenXML-ODF Translator
2009-05-31 21:46 . 2009-05-31 21:46   197920   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-31 21:46 . 2009-05-31 21:46   --------   d-----w-   c:\windows\system32\XPSViewer
2009-05-31 21:46 . 2009-05-31 21:46   --------   d-----w-   c:\program files\Reference Assemblies
2009-05-31 21:45 . 2006-06-29 20:07   14048   ------w-   c:\windows\system32\spmsg2.dll
2009-05-31 21:08 . 2009-05-31 21:08   --------   d-----w-   c:\program files\Classic Menu for Office
2009-05-31 21:07 . 2009-01-01 05:34   528744   ----a-w-   c:\windows\system32\OGAVerify.exe
2009-05-31 21:07 . 2009-01-01 05:34   502120   ----a-w-   c:\windows\system32\OGAAddin.dll
2009-05-31 21:07 . 2009-02-21 15:25   691592   ----a-w-   c:\windows\system32\OGACheckControl.DLL
2009-05-31 21:02 . 2008-11-10 18:41   32656   ----a-w-   c:\windows\system32\msonpmon.dll
2009-05-31 21:01 . 2009-05-31 21:05   --------   d-----w-   c:\program files\Microsoft Works
2009-05-31 21:01 . 2009-05-31 21:01   --------   d-----w-   c:\program files\MSBuild
2009-05-31 21:00 . 2009-05-31 21:00   --------   d-----w-   c:\program files\Microsoft.NET
2009-05-31 20:58 . 2009-05-31 20:58   --------   d-----w-   c:\program files\Microsoft Visual Studio 8
2009-05-31 20:58 . 2009-05-31 21:00   --------   d-----w-   c:\windows\SHELLNEW
2009-05-31 20:58 . 2009-05-31 20:58   --------   d-----w-   c:\documents and settings\Vuk\Local Settings\Application Data\Microsoft Help
2009-05-31 20:57 . 2009-06-10 10:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-31 20:56 . 2009-05-31 20:56   --------   d--h--r-   C:\MSOCache
2009-05-31 20:45 . 2009-06-21 23:27   3561743   ----a-w-   c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-31 00:18 . 2009-05-31 18:52   1   ----a-w-   c:\documents and settings\Vuk\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-31 00:18 . 2009-05-31 00:18   --------   d-----w-   c:\documents and settings\Vuk\Application Data\OpenOffice.org
2009-05-31 00:16 . 2009-06-09 20:53   --------   d-----w-   c:\program files\OpenOffice.org 3
2009-05-30 01:03 . 2009-06-19 07:34   --------   d-----w-   c:\documents and settings\Vuk\Application Data\mIRC
2009-05-30 01:03 . 2009-06-19 05:54   --------   d-----w-   c:\program files\mIRC
2009-05-29 21:34 . 2009-06-11 07:10   --------   d-----w-   c:\documents and settings\Vuk\dwhelper
2009-05-28 20:42 . 2009-05-30 23:01   --------   d-----w-   c:\documents and settings\Vuk\Local Settings\Application Data\Eraser
2009-05-28 20:42 . 2009-05-28 20:42   --------   d--h--w-   c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2009-05-28 20:42 . 2007-12-31 09:46   2375336   ----a-w-   c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe
2009-05-28 19:05 . 2009-05-28 19:05   --------   d-----w-   c:\documents and settings\Vuk\Application Data\Webroot
2009-05-28 19:05 . 2009-05-28 19:05   --------   d-----w-   c:\program files\Common Files\Webroot Shared
2009-05-28 19:05 . 2009-05-28 19:05   --------   d-----w-   c:\program files\Webroot
2009-05-28 19:05 . 2009-05-28 19:05   --------   d-----w-   c:\documents and settings\All Users\Application Data\Webroot
2009-05-28 19:05 . 2007-11-26 21:47   194888   ----a-w-   c:\windows\Unwash6.exe
2009-05-27 21:11 . 2009-05-27 21:11   --------   d-----w-   c:\documents and settings\Vuk\Application Data\Ashampoo
2009-05-27 21:11 . 2009-05-27 21:11   --------   d-----w-   c:\documents and settings\Vuk\Local Settings\Application Data\ashampoo
2009-05-27 21:11 . 2009-05-27 21:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\ashampoo
2009-05-27 21:01 . 2009-05-27 21:02   --------   d-----w-   c:\documents and settings\Vuk\Application Data\BSplayer PRO
2009-05-27 20:50 . 2009-05-27 20:50   --------   d-----w-   c:\documents and settings\Vuk\Application Data\Media Player Classic
2009-05-27 20:11 . 2009-05-27 20:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-26 06:43 . 2009-05-26 06:43   518   ----a-w-   c:\documents and settings\Vuk\Application Data\iolo\Registry\Last\restore.bat
2009-05-26 05:11 . 2009-05-26 05:11   --------   d-sh--w-   c:\documents and settings\Vuk\IECompatCache
2009-05-26 03:23 . 2002-08-30 02:00   1703936   ----a-w-   c:\windows\system32\gdiplus.dll
2009-05-26 03:23 . 2000-05-02 06:02   110592   ----a-w-   c:\windows\system32\ccrpbds6.dll
2009-05-26 03:01 . 2009-05-26 03:01   --------   d-----w-   c:\documents and settings\All Users\Application Data\WinZip
2009-05-26 02:38 . 2009-05-26 02:38   --------   d-----w-   c:\documents and settings\Vuk\Local Settings\Application Data\ACD Systems
2009-05-26 02:38 . 2009-05-26 02:38   --------   d-----w-   c:\documents and settings\Vuk\Application Data\ACD Systems
2009-05-26 02:38 . 2009-05-26 02:38   --------   d-----w-   c:\documents and settings\All Users\Application Data\ACD Systems
2009-05-26 02:38 . 2009-05-26 02:38   --------   d-----w-   c:\program files\Common Files\ACD Systems
2009-05-26 02:38 . 2009-05-26 02:38   --------   d-----w-   c:\program files\ACD Systems
2009-05-26 01:13 . 2009-05-26 01:13   44384   ----a-w-   c:\windows\system32\drivers\tifsfilt.sys
2009-05-26 01:13 . 2009-05-26 01:13   441760   ----a-w-   c:\windows\system32\drivers\timntr.sys
2009-05-26 01:13 . 2009-05-26 01:13   129248   ----a-w-   c:\windows\system32\drivers\snapman.sys
2009-05-26 01:13 . 2009-05-26 01:13   368544   ----a-w-   c:\windows\system32\drivers\tdrpman.sys
2009-05-26 01:13 . 2009-05-26 01:13   --------   d-----w-   c:\program files\Common Files\Acronis
2009-05-26 01:13 . 2009-05-26 01:13   --------   d-----w-   c:\program files\Acronis
2009-05-26 01:10 . 2008-10-16 21:06   268648   ----a-w-   c:\windows\system32\mucltui.dll
2009-05-26 01:10 . 2008-10-16 21:06   208744   ----a-w-   c:\windows\system32\muweb.dll
2009-05-25 22:19 . 2009-05-25 22:19   33808   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-25 22:19 . 2009-05-25 22:19   206088   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-25 22:19 . 2009-05-25 22:19   226832   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-25 22:11 . 2009-05-25 22:19   94643   ----a-w-   c:\windows\system32\drivers\klick.dat
2009-05-25 22:11 . 2009-05-25 22:19   105395   ----a-w-   c:\windows\system32\drivers\klin.dat
2009-05-25 22:10 . 2009-06-23 02:07   475168   --sha-w-   c:\windows\system32\drivers\fidbox2.dat
2009-05-25 22:10 . 2009-06-23 02:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-25 22:10 . 2009-06-23 02:05   3813408   --sha-w-   c:\windows\system32\drivers\fidbox.dat
2009-05-25 22:10 . 2009-05-25 22:10   --------   d-----w-   c:\program files\Kaspersky Lab
2009-05-25 22:10 . 2009-05-25 22:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-25 22:09 . 2009-05-25 22:15   --------   d-----w-   c:\documents and settings\Vuk\Application Data\TrueCrypt
2009-05-25 22:09 . 2009-05-25 22:09   235840   ----a-w-   c:\windows\system32\drivers\truecrypt.sys
2009-05-25 22:05 . 2008-08-20 17:58   9200   ------w-   c:\windows\system32\drivers\cdralw2k.sys
2009-05-25 22:05 . 2008-08-20 17:58   9072   ------w-   c:\windows\system32\drivers\cdr4_xp.sys
2009-05-25 22:05 . 2008-08-20 17:58   44944   ------w-   c:\windows\system32\drivers\PxHelp20.sys
2009-05-25 22:05 . 2008-08-20 17:58   129520   ------w-   c:\windows\system32\pxafs.dll
2009-05-25 22:04 . 2009-05-25 22:06   --------   d-----w-   c:\documents and settings\Vuk\Application Data\Winamp
2009-05-25 21:44 . 2008-05-29 16:28   28416   ----a-w-   c:\windows\system32\uxtuneup.dll
2009-05-25 21:44 . 2009-05-25 21:44   355584   ----a-w-   c:\windows\system32\TuneUpDefragService.exe
2009-05-25 21:44 . 2009-05-25 21:44   --------   d-----w-   c:\documents and settings\Vuk\Application Data\TuneUp Software
2009-05-25 21:43 . 2009-05-25 21:43   --------   d-----w-   c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-25 21:43 . 2009-05-25 21:44   --------   d-----w-   c:\program files\TuneUp Utilities 2008
2009-05-25 21:43 . 2009-06-08 17:20   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-05-25 21:38 . 2009-05-25 21:38   --------   d-sh--w-   c:\documents and settings\Vuk\IETldCache
2009-05-25 20:47 . 2009-05-25 20:47   --------   d-----w-   c:\windows\ie8updates
2009-05-25 20:46 . 2009-05-25 20:47   --------   dc-h--w-   c:\windows\ie8
2009-05-25 20:45 . 2009-04-25 05:30   102400   -c----w-   c:\windows\system32\dllcache\iecompat.dll
2009-05-25 20:40 . 2009-06-19 05:20   --------   d-----w-   c:\documents and settings\Vuk\Tracing
2009-05-25 20:37 . 2009-05-31 21:08   --------   d-----w-   c:\program files\Microsoft
2009-05-25 20:37 . 2009-05-25 20:37   --------   d-----w-   c:\program files\Windows Live SkyDrive
2009-05-25 20:37 . 2009-05-25 20:37   --------   d-----w-   c:\program files\Windows Live
2009-05-25 20:28 . 2009-05-25 20:28   --------   d-----w-   c:\program files\Common Files\Windows Live
2009-05-25 20:20 . 2009-05-25 20:20   --------   d-----w-   c:\documents and settings\LocalService\Application Data\iolo
2009-05-25 19:56 . 2009-06-22 04:50   --------   d-----w-   c:\documents and settings\Vuk\Application Data\uTorrent
2009-05-25 19:55 . 2009-05-25 19:55   --------   d-----w-   c:\documents and settings\Vuk\Local Settings\Application Data\Google
2009-05-25 19:29 . 2009-06-23 00:58   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-05-25 19:23 . 2009-05-25 19:23   --------   d-----w-   c:\windows\system32\drivers\umdf
2009-05-25 08:41 . 2009-05-25 08:41   --------   d-----w-   c:\program files\WinASO
2009-05-25 08:25 . 2008-04-14 12:42   294912   -c----w-   c:\windows\system32\dllcache\dlimport.exe
2009-05-25 07:22 . 2009-05-25 07:22   --------   d-----w-   c:\program files\ESET
2009-05-25 07:09 . 2009-05-26 06:43   --------   d-----w-   c:\documents and settings\Vuk\Application Data\iolo
2009-05-25 07:09 . 2009-05-25 20:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\iolo
2009-05-25 07:04 . 2009-05-25 07:04   --------   d-----w-   c:\documents and settings\Vuk\Application Data\Malwarebytes

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 02:07 . 2009-05-25 22:10   5848   --sha-w-   c:\windows\system32\drivers\fidbox2.idx
2009-06-23 02:05 . 2009-05-25 22:10   34016   --sha-w-   c:\windows\system32\drivers\fidbox.idx
2009-06-19 03:32 . 2009-05-25 02:23   --------   d-----w-   c:\program files\Common Files\Adobe
2009-06-09 10:48 . 2009-05-25 02:16   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-06-01 04:10 . 2009-05-25 02:32   73408   ----a-w-   c:\documents and settings\Vuk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-25 22:19 . 2008-01-30 00:29   33808   ----a-w-   c:\windows\system32\drivers\klbg.sys
2009-05-25 19:25 . 2009-05-25 19:23   --------   d-----w-   c:\program files\Microsoft LifeCam
2009-05-25 08:29 . 2009-05-25 02:07   86327   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-25 02:44 . 2009-05-25 02:44   0   ----a-w-   c:\windows\nsreg.dat
2009-05-25 02:40 . 2009-05-25 02:40   --------   d-----w-   c:\program files\Conexant
2009-05-25 02:32 . 2009-05-25 02:32   --------   d-----w-   c:\documents and settings\Vuk\Application Data\ATI
2009-05-25 02:32 . 2009-05-25 02:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\ATI
2009-05-25 02:32 . 2009-05-25 02:32   0   ----a-w-   c:\windows\ativpsrm.bin
2009-05-25 02:30 . 2009-05-25 02:25   --------   d-----w-   c:\program files\ATI Technologies
2009-05-25 02:28 . 2009-05-25 02:15   --------   d-----w-   c:\program files\Common Files\InstallShield
2009-05-25 02:28 . 2009-05-25 02:28   9158   ----a-r-   c:\documents and settings\Vuk\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-05-25 02:28 . 2009-05-25 02:28   --------   d-----w-   c:\program files\Common Files\ATI Technologies
2009-05-25 02:18 . 2009-05-25 02:18   --------   d-----w-   c:\program files\Realtek
2009-05-25 02:17 . 2009-05-25 02:17   315392   ----a-w-   c:\windows\HideWin.exe
2009-05-25 02:08 . 2009-05-25 02:08   --------   d-----w-   c:\program files\microsoft frontpage
2009-05-25 02:05 . 2009-05-25 02:05   21640   ----a-w-   c:\windows\system32\emptyregdb.dat
2009-05-24 18:56 . 2009-05-24 18:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-24 18:48 . 2009-05-24 18:48   --------   d-----w-   c:\program files\Bonjour
2009-05-24 18:46 . 2009-05-24 18:46   --------   d-----w-   c:\program files\Common Files\Macrovision Shared
2009-05-13 05:15 . 2004-08-03 22:56   915456   ----a-w-   c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-03 22:56   345600   ----a-w-   c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-03 21:17   1847168   ----a-w-   c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-03 22:56   585216   ----a-w-   c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Index Washer"="c:\program files\Webroot\Washer\WashIdx.exe" [2007-11-26 55624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"DSLSTATEXE"="c:\program files\Conexant\Adsl\dslstat.exe" [2006-12-17 376832]
"DSLAGENTEXE"="c:\program files\Conexant\Adsl\dslagent.exe" [2006-12-17 90112]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-25 206088]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-31 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-31 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-31 140568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="d:\programi\java\bin\jusched.exe" [2009-06-12 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-10 16384000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programi\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [5/28/2009 12:05 PM 598856]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-23 23:53]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {C1487410-955D-4D39-AC81-ACDAB0AD4999} = 77.105.0.19 77.105.0.18
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 19:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1216)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1272)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(5904)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
d:\programi\AdAware\aawservice.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\programi\java\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-23 19:08 - machine was rebooted
ComboFix-quarantined-files.txt  2009-06-23 02:08

Pre-Run: 8,948,613,120 bytes free
Post-Run: 8,848,195,584 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

334   --- E O F ---   2009-06-12 08:04


Sta je ovo sto je pronasao c:\windows\system32\mfc45.dll?
IP sačuvana
social share
MALO NAS JE - AL SMO GOVNA!!!
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Krajnje beznadezan


Out of Space and Time

Zodijak Scorpio
Pol Muškarac
Poruke 10499
Zastava
OS
Windows XP
Browser
Mozilla SeaMonkey 1.1.16
Nije bilo potrebe za Combofix al nema veze  Smile

Ovaj crv se lako uklanja i bez njega  Smile

Dalje..spakuj u zip folder qoobox koji se nalazi na C particiji i uploaduj ga na primer na rapidshare ili megaupload..mozes i ovde pa ce modovi posle ukloniti attachment

« Poslednja izmena: 22. Jun 2009, 19:38:53 od diarno »
IP sačuvana
social share
I like to pretend I'm alone. Completely alone. Maybe post-apocalypse or plague... Whatever. No-one left to act normal for. No need to hide who I really am. It would be... freeing.
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Prijatelj foruma
Poznata licnost

MC- argus

Zodijak
Pol Muškarac
Poruke 4467
Zastava
OS
Windows XP
Browser
Mozilla Firefox 3.0.11
mob
HTC 
Znam, ali obicno se krije nesto u pozadini  Smile
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Poznata licnost


???

Zodijak
Pol Muškarac
Poruke 3144
Zastava Kapiri Mposhi
OS
Windows XP
Browser
Mozilla Firefox 3.5
mob
HTC 
Svima jos jedno veliko hvala, problem resen. Tema moze pod lock
 Smile
IP sačuvana
social share
MALO NAS JE - AL SMO GOVNA!!!
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Idi gore
Stranice:
2 3 4
Počni novu temu Nova anketa Odgovor Štampaj Dodaj temu u favorite Pogledajte svoje poruke u temi
Trenutno vreme je: 28. Mar 2024, 16:00:11
nazadnapred
Prebaci se na:  

Poslednji odgovor u temi napisan je pre više od 6 meseci.  

Temu ne bi trebalo "iskopavati" osim u slučaju da imate nešto važno da dodate. Ako ipak želite napisati komentar, kliknite na dugme "Odgovori" u meniju iznad ove poruke. Postoje teme kod kojih su odgovori dobrodošli bez obzira na to koliko je vremena od prošlog prošlo. Npr. teme o određenom piscu, knjizi, muzičaru, glumcu i sl. Nemojte da vas ovaj spisak ograničava, ali nemojte ni pisati na teme koje su završena priča.

web design

Forum Info: Banneri Foruma :: Burek Toolbar :: Burek Prodavnica :: Burek Quiz :: Najcesca pitanja :: Tim Foruma :: Prijava zloupotrebe

Izvori vesti: Blic :: Wikipedia :: Mondo :: Press :: Naša mreža :: Sportska Centrala :: Glas Javnosti :: Kurir :: Mikro :: B92 Sport :: RTS :: Danas

Prijatelji foruma: Triviador :: Domaci :: Morazzia :: TotalCar :: FTW.rs :: MojaPijaca :: Pojacalo :: 011info :: Burgos :: Alfaprevod

Pravne Informacije: Pravilnik Foruma :: Politika privatnosti :: Uslovi koriscenja :: O nama :: Marketing :: Kontakt :: Sitemap

All content on this website is property of "Burek.com" and, as such, they may not be used on other websites without written permission.

Copyright © 2002- "Burek.com", all rights reserved. Performance: 0.239 sec za 16 q. Powered by: SMF. © 2005, Simple Machines LLC.