Možda tražite i:
rundll32 error
Gta Iv greska " fatal error dd3d30 "
Grub Error 22
boot0: error

MyCity » Ambulanta -> Arhiva Ambulante » Hijack this javlja error

Hijack this javlja error

Napisano na dan: 24.6.2009

Strana:
1
2

Hijack this javlja error

Sledeća strana

Pagination

Odgovori

Strana:
1
2

lalanesosa Poslao: 24 Jun 2009 23:38 Idi na vrh
offline lalanesosa Građanin Pridružio: 17 Apr 2006 Poruke: 215 Gde živiš: Novi Sad	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 24 Jun 2009 23:35 Hijack this prijavljuje greshku: Error details: modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue=Shell) Error #5 - Invalid procedure call or argument Windows version: Windows NT 5.01.2600 MSIE version: 6.0.2900.5512 HijackThis version: 2.0.2 Rachunar mi je prepun problema (u startu mi se otvara MYdocuments folder odmah nakon podizanja sistema....... a vec duze vreme na rachunaru nemam niti jedan vid zashtite) pa mi je nekako logichno da se otarasim virusa pre nego instaliram neki firewall i amtivirus program. Vec sa HJT imam problem pa sad ne znam shta da radim. Molim pomoc. Dopuna: 24 Jun 2009 23:38 HJT je ipak izbacio nekakav log i on ovako izgleda: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:34:34 PM, on 6/24/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\UltraVNC\winvnc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\UltraVNC\winvnc.exe C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe C:\Program Files\File Seeker\FSeekerDBUpdater.exe C:\windows\system32\explorĺr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Slavica\Application Data\explorer.exe C:\Documents and Settings\Slavica\Local Settings\Application Data\lsass.exe C:\Documents and Settings\Slavica\Application Data\explorer.exe C:\Documents and Settings\Slavica\Local Settings\Application Data\lsass.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\ZASHTITA RACHUNARA\autostoper.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file) O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun O4 - HKLM\..\Run: [FileSeekerUpdater] "C:\Program Files\File Seeker\FSeekerDBUpdater.exe" -start O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [LanTalk.NET] C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe O4 - HKLM\..\Run: [rundll32] c:\windows\system32\explorar.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: PowerReg Scheduler.exe O4 - Startup: windows.pif = ? O4 - Global Startup: Empty.pif = ? O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebpro......0.1.1.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - https://www.ebank.lhb.rs/DLL/FSINT.dll O16 - DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} (NetSeTManager Class) - https://secure.deltabanka.rs/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - https://online.deltabanka.rs/RetailDLL/SGCMSCCD.DLL O16 - DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} (Archive Class) - https://www.ebank.ppbank.com/DLL/SAWZip.dll O16 - DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} (Ebanking.Utility) - https://www.ebank.ppbank.com/DLL/EbankingWWW.dll O16 - DPF: {E772C6B1-C3D6-4251-990B-1511D7822722} (SecAPI Class) - https://www.ebank.ppbank.com/DLL/EBCSCC2B.dll O16 - DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} (SecAPI Class) - https://www.ebank.ppbank.com/DLL/EBCCDC2.dll O20 - Winlogon Notify: netstraf - C:\WINDOWS\system32\netstraf.dll (file missing) O20 - Winlogon Notify: wmvmgr - wmvmgr32.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\winvnc.exe -- End of file - 7610 bytes

Profil

helen1 Poslao: 24 Jun 2009 23:55 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, izvini, ali gluplju logiku nisam cuo. Instaliraj Antivirus, skeniraj, neka pocisti sta moze, pa cemo nastaviti. Inace, pun si malwera.

Profil

lalanesosa Poslao: 26 Jun 2009 22:29 Idi na vrh
offline lalanesosa Građanin Pridružio: 17 Apr 2006 Poruke: 215 Gde živiš: Novi Sad	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 25 Jun 2009 0:08 Eto imam ja svoje momente izliva gluposti al to se desava kada chovek ima polovichno znanje i odredjene predrasude o nekoj materiji (tako recimo mala deca koja nemaju nikakva saznanja chesto uoche srz problema i reshenje koje odraslima nikada ne bi palo na pamet) Daklem instaliracu antivirus-skenirati pa se javljam a u medjuvremenu idem da se stidim i sramotim. Hvala na brzom javljanju ! Dopuna: 26 Jun 2009 22:29 Novi HJTlog nakon chishcenja Simantec antivirusom: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:26:52 PM, on 6/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\UltraVNC\winvnc.exe C:\Program Files\UltraVNC\winvnc.exe C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe C:\Program Files\File Seeker\FSeekerDBUpdater.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\ZASHTITA RACHUNARA\autostoper.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file) O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun O4 - HKLM\..\Run: [FileSeekerUpdater] "C:\Program Files\File Seeker\FSeekerDBUpdater.exe" -start O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [LanTalk.NET] C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec AntiVirus\VPTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [] O4 - Startup: PowerReg Scheduler.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebpro......0.1.1.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - https://www.ebank.lhb.rs/DLL/FSINT.dll O16 - DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} (NetSeTManager Class) - https://secure.deltabanka.rs/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - https://online.deltabanka.rs/RetailDLL/SGCMSCCD.DLL O16 - DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} (Archive Class) - https://www.ebank.ppbank.com/DLL/SAWZip.dll O16 - DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} (Ebanking.Utility) - https://www.ebank.ppbank.com/DLL/EbankingWWW.dll O16 - DPF: {E772C6B1-C3D6-4251-990B-1511D7822722} (SecAPI Class) - https://www.ebank.ppbank.com/DLL/EBCSCC2B.dll O16 - DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} (SecAPI Class) - https://www.ebank.ppbank.com/DLL/EBCCDC2.dll O20 - Winlogon Notify: netstraf - C:\WINDOWS\system32\netstraf.dll (file missing) O20 - Winlogon Notify: wmvmgr - wmvmgr32.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\winvnc.exe -- End of file - 8603 bytes Ne sumljam da ima jos mnogo shta da se ocisti pa molim za pomoc!

Profil

helen1 Poslao: 26 Jun 2009 22:35 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! E, sad mozemo da krenemo: Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop: Bleeping Computer . . . . . Geeks to Go! Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: zatvori pokrenute programe; deaktiviraj zaštitni softver (uputstvo); dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

lalanesosa Poslao: 26 Jun 2009 23:04 Idi na vrh
offline lalanesosa Građanin Pridružio: 17 Apr 2006 Poruke: 215 Gde živiš: Novi Sad	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-06-26.02 - Slavica 06/26/2009 22:49.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.511.230 [GMT 2:00] Running from: c:\documents and settings\Slavica\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition On-access scanning disabled (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Slavica\Application Data\FunWebProducts c:\documents and settings\Slavica\Local Settings\Application Data\lsass.exe c:\program files\FunWebProducts c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache\0002EE6D c:\program files\MyWebSearch\bar\Cache\001D862A c:\program files\MyWebSearch\bar\Cache\00298F29 c:\program files\MyWebSearch\bar\Cache\0039E71E c:\program files\MyWebSearch\bar\Cache\0039F69F.bin c:\program files\MyWebSearch\bar\Cache\0039FC1D.bin c:\program files\MyWebSearch\bar\Cache\003A06CC.bin c:\program files\MyWebSearch\bar\Cache\003A0B02.bin c:\program files\MyWebSearch\bar\Cache\00C5E541.bin c:\program files\MyWebSearch\bar\Cache\00C5E800.bin c:\program files\MyWebSearch\bar\Cache\00C5EB4C c:\program files\MyWebSearch\bar\Cache\01DDB72A.bin c:\program files\MyWebSearch\bar\Cache\02B0D00F.bin c:\program files\MyWebSearch\bar\Cache\02B0D88B.bin c:\program files\MyWebSearch\bar\Cache\02B0DE86.bin c:\program files\MyWebSearch\bar\Cache\02B0E5BA.bin c:\program files\MyWebSearch\bar\Cache\02B0E992.bin c:\program files\MyWebSearch\bar\Cache\0354978C c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search2 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat . ((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 ))))))))))))))))))))))))))))))) . 2009-06-24 22:47 . 2009-06-24 22:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec 2009-06-24 22:28 . 2009-06-24 22:28 -------- d-----w- c:\documents and settings\Slavica\Local Settings\Application Data\Symantec 2009-06-24 22:26 . 2005-09-16 22:20 87768 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-06-24 22:26 . 2005-09-16 22:20 108168 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-06-24 22:26 . 2009-06-24 22:27 -------- d-----w- c:\program files\Symantec 2009-06-24 22:26 . 2009-06-26 20:46 -------- d-----w- c:\program files\Symantec AntiVirus 2009-06-24 22:26 . 2009-06-24 22:43 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-24 22:26 . 2009-06-24 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-06-21 09:15 . 2006-04-24 09:30 59392 ----a-r- c:\documents and settings\Slavica\Application Data\explorer.exe 2009-06-15 11:27 . 2009-06-15 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty 2009-06-15 11:04 . 2009-06-15 11:27 -------- d-----w- c:\documents and settings\Slavica\Application Data\Ashtons. Family Resort 2009-06-15 11:04 . 2009-06-15 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Ashtons. Family Resort 2009-06-15 11:01 . 2009-06-15 11:01 -------- d-----w- c:\program files\Games 2009-06-15 11:00 . 2009-06-15 11:00 -------- d-----w- c:\program files\Farm Frenzy Pizza Party 2009-06-15 11:00 . 2009-06-15 11:00 -------- d-----w- c:\windows\Farm Frenzy Pizza Party 2009-06-15 10:58 . 2009-06-15 10:59 -------- d-----w- c:\program files\Ashtons Family Resort 2009-06-15 10:58 . 2009-06-15 10:58 -------- d-----w- c:\windows\Ashtons Family Resort 2009-06-10 06:21 . 2009-06-10 06:21 152576 ----a-w- c:\documents and settings\Slavica\Application Data\Sun\Java\jre1.6.0_14\lzma.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-26 20:08 . 2008-06-28 08:15 -------- d-----w- c:\program files\Common Files\Akamai 2009-06-26 08:33 . 2007-09-20 09:05 -------- d-----w- c:\program files\File Seeker 2009-06-24 20:54 . 2006-05-03 21:39 27 ----a-w- c:\windows\popcinfo.dat 2009-06-24 07:46 . 2006-05-03 20:12 -------- d-----w- c:\documents and settings\Slavica\Application Data\AdobeUM 2009-06-23 08:17 . 2008-11-17 11:55 -------- d-----w- c:\documents and settings\Slavica\Application Data\Playrix Entertainment 2009-06-15 14:59 . 2007-12-10 13:50 -------- d-----w- c:\documents and settings\Slavica\Application Data\BitTorrent 2009-06-15 11:05 . 2007-12-09 09:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-10 06:22 . 2007-12-08 18:10 -------- d-----w- c:\program files\Java 2009-05-21 09:33 . 2009-04-14 16:44 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-20 14:06 . 2006-08-17 07:47 -------- d-----w- c:\program files\Optimik 2009-04-14 16:31 . 2009-04-14 16:31 152576 ----a-w- c:\documents and settings\Slavica\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2007-12-09 10:07 . 2007-12-27 22:27 241664 ----a-w- c:\program files\Uninstall Ask Toolbar.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2005-10-31 503808] "FileSeekerUpdater"="c:\program files\File Seeker\FSeekerDBUpdater.exe" [2007-01-12 603648] "LanTalk.NET"="c:\program files\CEZEO software\LanTalk NET\LanTalk.exe" [2008-12-21 330920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752] "vptray"="c:\progra~1\Symantec AntiVirus\VPTray.exe" [2005-11-15 85744] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] c:\documents and settings\Slavica\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2007-11-1 256000] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0SsiEfr.e [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=c:\windows\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk backup=c:\windows\pss\Metacafe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Slavica^Start Menu^Programs^Startup^Metacafe.lnk] path=c:\documents and settings\Slavica\Start Menu\Programs\Startup\Metacafe.lnk backup=c:\windows\pss\Metacafe.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Slavica^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk] path=c:\documents and settings\Slavica\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "CiSvc"=3 (0x3) "PolicyAgent"=2 (0x2) "helpsvc"=2 (0x2) "TrkWks"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\DAP\\DAP.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\ICQ6\\ICQ.exe"= "c:\\Program Files\\DC++\\DCPlusPlus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\CEZEO software\\LanTalk NET\\LanTalk.exe"= "c:\\Program Files\\UltraVNC\\vncviewer.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\explorĺr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 "1055:TCP"= 1055:TCP:Akamai NetSession Interface "1057:TCP"= 1057:TCP:Akamai NetSession Interface "1079:TCP"= 1079:TCP:Akamai NetSession Interface "1197:TCP"= 1197:TCP:Akamai NetSession Interface "1205:TCP"= 1205:TCP:Akamai NetSession Interface "1214:TCP"= 1214:TCP:Akamai NetSession Interface "1243:TCP"= 1243:TCP:Akamai NetSession Interface "1253:TCP"= 1253:TCP:Akamai NetSession Interface "1047:TCP"= 1047:TCP:Akamai NetSession Interface "1221:TCP"= 1221:TCP:Akamai NetSession Interface "1639:TCP"= 1639:TCP:Akamai NetSession Interface "1050:TCP"= 1050:TCP:Akamai NetSession Interface "1062:TCP"= 1062:TCP:Akamai NetSession Interface "1095:TCP"= 1095:TCP:Akamai NetSession Interface "1113:TCP"= 1113:TCP:Akamai NetSession Interface "1054:TCP"= 1054:TCP:Akamai NetSession Interface "1706:TCP"= 1706:TCP:Akamai NetSession Interface "1092:TCP"= 1092:TCP:Akamai NetSession Interface "1053:TCP"= 1053:TCP:Akamai NetSession Interface "1088:TCP"= 1088:TCP:Akamai NetSession Interface "1825:TCP"= 1825:TCP:Akamai NetSession Interface "1068:TCP"= 1068:TCP:Akamai NetSession Interface "1094:TCP"= 1094:TCP:Akamai NetSession Interface "1162:TCP"= 1162:TCP:Akamai NetSession Interface "1517:TCP"= 1517:TCP:Akamai NetSession Interface "1336:TCP"= 1336:TCP:Akamai NetSession Interface "1354:TCP"= 1354:TCP:Akamai NetSession Interface "1193:TCP"= 1193:TCP:Akamai NetSession Interface "1228:TCP"= 1228:TCP:Akamai NetSession Interface "1258:TCP"= 1258:TCP:Akamai NetSession Interface "1099:TCP"= 1099:TCP:Akamai NetSession Interface "1133:TCP"= 1133:TCP:Akamai NetSession Interface "1139:TCP"= 1139:TCP:Akamai NetSession Interface "1065:TCP"= 1065:TCP:Akamai NetSession Interface R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 2:00 PM 14336] R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [9/25/1998 10:55 AM 52800] R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [1/19/2009 11:03 PM 1519168] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2009 12:43 AM 101936] S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 1:27 PM 169200] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . - - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl Notify-netstraf - c:\windows\system32\netstraf.dll . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Trusted Zone: bancaintesabeograd.com\online Trusted Zone: deltabanka.rs\online Trusted Zone: lhb.rs\www.ebank Trusted Zone: ppbank.com\www.ebank Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://www.ebank.lhb.rs/DLL/FSINT.dll DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://secure.deltabanka.rs/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.deltabanka.rs/RetailDLL/SGCMSCCD.DLL DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://www.ebank.ppbank.com/DLL/SAWZip.dll DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://www.ebank.ppbank.com/DLL/EbankingWWW.dll DPF: {E772C6B1-C3D6-4251-990B-1511D7822722} - hxxps://www.ebank.ppbank.com/DLL/EBCSCC2B.dll DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} - hxxps://www.ebank.ppbank.com/DLL/EBCCDC2.dll FF - ProfilePath - c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.pimpmysearch.com/home.html?gname=Stolica FF - component: c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll FF - component: c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\piclens@cooliris.com\components\piclensstub.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: capability.policy.policynames - localfilelinks FF - user.js: capability.policy.localfilelinks.sites - hxxp://www.travian.org http://www.travian.at http://welt1.travian.de http://welt2.travian.de http://welt3.travian.de http://welt4.travian.de http://welt5.travian.de http://welt6.travian.de http://welt7.travian.de http://welt8.travian.de http://welt9.travian.de http://welt10.travian.de http://speed.travian.de rs1.travian.com FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess. *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-26 22:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(604) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-06-26 23:00 ComboFix-quarantined-files.txt 2009-06-26 21:00 Pre-Run: 20,749,803,520 bytes free Post-Run: 20,767,195,136 bytes free

Profil

helen1 Poslao: 27 Jun 2009 00:27 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\WINDOWS\system32\explorĺr.exe c:\documents and settings\Slavica\Application Data\explorer.exe Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\explorĺr.exe"=- DDS:: IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

lalanesosa Poslao: 30 Jun 2009 22:49 Idi na vrh
offline lalanesosa Građanin Pridružio: 17 Apr 2006 Poruke: 215 Gde živiš: Novi Sad	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 27 Jun 2009 23:15 ComboFix 09-06-26.02 - Slavica 06/27/2009 22:57.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.511.160 [GMT 2:00] Running from: c:\documents and settings\Slavica\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Slavica\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition On-access scanning disabled (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\documents and settings\Slavica\Application Data\explorer.exe" "c:\windows\system32\explorĺr.exe" . ((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 ))))))))))))))))))))))))))))))) . 2009-06-26 22:34 . 2009-06-26 22:08 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-06-26 22:07 . 2009-06-26 22:07 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-06-26 22:07 . 2009-06-26 22:07 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-06-26 22:07 . 2009-06-26 22:07 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe 2009-06-26 22:07 . 2009-06-26 22:07 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-06-26 22:07 . 2009-06-26 22:07 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-06-26 22:02 . 2009-06-26 22:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-06-26 22:02 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe 2009-06-26 22:02 . 2009-06-26 22:02 -------- d-----w- c:\program files\Lavasoft 2009-06-26 22:02 . 2009-06-26 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-06-26 20:59 . 2009-06-26 20:59 -------- dc----w- c:\windows\system32\dllcache\cache 2009-06-24 22:47 . 2009-06-24 22:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec 2009-06-24 22:28 . 2009-06-24 22:28 -------- d-----w- c:\documents and settings\Slavica\Local Settings\Application Data\Symantec 2009-06-24 22:26 . 2005-09-16 22:20 87768 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-06-24 22:26 . 2005-09-16 22:20 108168 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-06-24 22:26 . 2009-06-24 22:27 -------- d-----w- c:\program files\Symantec 2009-06-24 22:26 . 2009-06-27 20:56 -------- d-----w- c:\program files\Symantec AntiVirus 2009-06-24 22:26 . 2009-06-24 22:43 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-24 22:26 . 2009-06-24 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-06-15 11:27 . 2009-06-15 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty 2009-06-15 11:04 . 2009-06-15 11:27 -------- d-----w- c:\documents and settings\Slavica\Application Data\Ashtons. Family Resort 2009-06-15 11:04 . 2009-06-15 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Ashtons. Family Resort 2009-06-15 11:01 . 2009-06-15 11:01 -------- d-----w- c:\program files\Games 2009-06-15 11:00 . 2009-06-15 11:00 -------- d-----w- c:\program files\Farm Frenzy Pizza Party 2009-06-15 11:00 . 2009-06-15 11:00 -------- d-----w- c:\windows\Farm Frenzy Pizza Party 2009-06-15 10:58 . 2009-06-15 10:59 -------- d-----w- c:\program files\Ashtons Family Resort 2009-06-15 10:58 . 2009-06-15 10:58 -------- d-----w- c:\windows\Ashtons Family Resort 2009-06-10 06:21 . 2009-06-10 06:21 152576 ----a-w- c:\documents and settings\Slavica\Application Data\Sun\Java\jre1.6.0_14\lzma.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-27 20:49 . 2008-06-28 08:15 -------- d-----w- c:\program files\Common Files\Akamai 2009-06-27 10:17 . 2006-05-03 21:39 27 ----a-w- c:\windows\popcinfo.dat 2009-06-27 08:35 . 2007-09-20 09:05 -------- d-----w- c:\program files\File Seeker 2009-06-24 07:46 . 2006-05-03 20:12 -------- d-----w- c:\documents and settings\Slavica\Application Data\AdobeUM 2009-06-23 08:17 . 2008-11-17 11:55 -------- d-----w- c:\documents and settings\Slavica\Application Data\Playrix Entertainment 2009-06-15 14:59 . 2007-12-10 13:50 -------- d-----w- c:\documents and settings\Slavica\Application Data\BitTorrent 2009-06-15 11:05 . 2007-12-09 09:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-10 06:22 . 2007-12-08 18:10 -------- d-----w- c:\program files\Java 2009-05-21 09:33 . 2009-04-14 16:44 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-20 14:06 . 2006-08-17 07:47 -------- d-----w- c:\program files\Optimik 2009-04-14 16:31 . 2009-04-14 16:31 152576 ----a-w- c:\documents and settings\Slavica\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2007-12-09 10:07 . 2007-12-27 22:27 241664 ----a-w- c:\program files\Uninstall Ask Toolbar.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-26_20.57.54 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2008-07-29 04:07 . 2008-07-29 04:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll + 2008-07-29 04:07 . 2008-07-29 04:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll + 2009-06-27 20:48 . 2009-06-27 20:48 16384 c:\windows\Temp\Perflib_Perfdata_7f4.dat + 2009-06-26 22:08 . 2009-06-26 22:08 64160 c:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys + 2009-06-26 22:08 . 2009-06-26 22:08 64160 c:\windows\system32\drivers\Lbd.sys + 2009-06-26 20:59 . 2008-04-14 04:42 82432 c:\windows\system32\dllcache\cache\ws2_32.dll + 2009-06-26 20:59 . 2008-04-14 04:42 26112 c:\windows\system32\dllcache\cache\userinit.exe + 2009-06-26 20:59 . 2008-04-14 04:42 14336 c:\windows\system32\dllcache\cache\svchost.exe + 2009-06-26 20:59 . 2008-04-14 04:42 57856 c:\windows\system32\dllcache\cache\spoolsv.exe + 2009-06-26 20:59 . 2008-04-14 04:42 17408 c:\windows\system32\dllcache\cache\powrprof.dll + 2009-06-26 20:59 . 2008-04-14 04:42 13312 c:\windows\system32\dllcache\cache\lsass.exe + 2009-06-26 20:59 . 2008-04-13 23:09 24576 c:\windows\system32\dllcache\cache\kbdclass.sys + 2009-06-26 20:59 . 2008-04-13 23:23 36608 c:\windows\system32\dllcache\cache\ip6fw.sys + 2009-06-26 20:59 . 2008-04-14 04:42 15360 c:\windows\system32\dllcache\cache\ctfmon.exe + 2008-07-29 06:05 . 2008-07-29 06:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll + 2008-07-29 01:54 . 2008-07-29 01:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll + 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2009-06-26 20:59 . 2005-05-26 02:16 124184 c:\windows\system32\dllcache\cache\wuauclt.exe + 2009-06-26 20:59 . 2008-04-14 04:42 507904 c:\windows\system32\dllcache\cache\winlogon.exe + 2009-06-26 20:59 . 2008-04-14 04:42 666112 c:\windows\system32\dllcache\cache\wininet.dll + 2009-06-26 20:59 . 2008-04-14 04:42 578560 c:\windows\system32\dllcache\cache\user32.dll + 2009-06-26 20:59 . 2008-04-14 04:42 295424 c:\windows\system32\dllcache\cache\termsrv.dll + 2009-06-26 20:59 . 2008-04-13 23:50 361344 c:\windows\system32\dllcache\cache\tcpip.sys + 2009-06-26 20:59 . 2008-04-14 04:42 108544 c:\windows\system32\dllcache\cache\services.exe + 2009-06-26 20:59 . 2008-04-13 23:50 182656 c:\windows\system32\dllcache\cache\ndis.sys + 2009-06-26 20:59 . 2008-04-14 04:41 989696 c:\windows\system32\dllcache\cache\kernel32.dll + 2009-06-26 20:59 . 2008-04-14 04:41 110080 c:\windows\system32\dllcache\cache\imm32.dll + 2009-06-26 20:59 . 2008-04-14 04:41 167936 c:\windows\system32\dllcache\cache\appmgmts.dll + 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2008-07-29 06:05 . 2008-07-29 06:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll + 2008-07-29 06:05 . 2008-07-29 06:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll + 2008-07-29 06:05 . 2008-07-29 06:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll + 2009-06-26 20:59 . 2008-04-14 04:42 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll + 2009-06-26 20:59 . 2008-04-13 23:57 2188928 c:\windows\system32\dllcache\cache\ntoskrnl.exe + 2009-06-26 20:59 . 2008-04-13 23:01 2065792 c:\windows\system32\dllcache\cache\ntkrnlpa.exe + 2009-06-26 20:59 . 2008-04-14 04:42 1033728 c:\windows\system32\dllcache\cache\explorer.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2005-10-31 503808] "FileSeekerUpdater"="c:\program files\File Seeker\FSeekerDBUpdater.exe" [2007-01-12 603648] "LanTalk.NET"="c:\program files\CEZEO software\LanTalk NET\LanTalk.exe" [2008-12-21 330920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752] "vptray"="c:\progra~1\Symantec AntiVirus\VPTray.exe" [2005-11-15 85744] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-26 518488] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] c:\documents and settings\Slavica\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2007-11-1 256000] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0SsiEfr.e\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=c:\windows\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk backup=c:\windows\pss\Metacafe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Slavica^Start Menu^Programs^Startup^Metacafe.lnk] path=c:\documents and settings\Slavica\Start Menu\Programs\Startup\Metacafe.lnk backup=c:\windows\pss\Metacafe.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Slavica^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk] path=c:\documents and settings\Slavica\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "CiSvc"=3 (0x3) "PolicyAgent"=2 (0x2) "helpsvc"=2 (0x2) "TrkWks"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\DAP\\DAP.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\ICQ6\\ICQ.exe"= "c:\\Program Files\\DC++\\DCPlusPlus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\CEZEO software\\LanTalk NET\\LanTalk.exe"= "c:\\Program Files\\UltraVNC\\vncviewer.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\explorĺr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 "1055:TCP"= 1055:TCP:Akamai NetSession Interface "1057:TCP"= 1057:TCP:Akamai NetSession Interface "1079:TCP"= 1079:TCP:Akamai NetSession Interface "1197:TCP"= 1197:TCP:Akamai NetSession Interface "1205:TCP"= 1205:TCP:Akamai NetSession Interface "1214:TCP"= 1214:TCP:Akamai NetSession Interface "1243:TCP"= 1243:TCP:Akamai NetSession Interface "1253:TCP"= 1253:TCP:Akamai NetSession Interface "1047:TCP"= 1047:TCP:Akamai NetSession Interface "1221:TCP"= 1221:TCP:Akamai NetSession Interface "1639:TCP"= 1639:TCP:Akamai NetSession Interface "1050:TCP"= 1050:TCP:Akamai NetSession Interface "1062:TCP"= 1062:TCP:Akamai NetSession Interface "1095:TCP"= 1095:TCP:Akamai NetSession Interface "1113:TCP"= 1113:TCP:Akamai NetSession Interface "1054:TCP"= 1054:TCP:Akamai NetSession Interface "1706:TCP"= 1706:TCP:Akamai NetSession Interface "1092:TCP"= 1092:TCP:Akamai NetSession Interface "1053:TCP"= 1053:TCP:Akamai NetSession Interface "1088:TCP"= 1088:TCP:Akamai NetSession Interface "1825:TCP"= 1825:TCP:Akamai NetSession Interface "1068:TCP"= 1068:TCP:Akamai NetSession Interface "1094:TCP"= 1094:TCP:Akamai NetSession Interface "1162:TCP"= 1162:TCP:Akamai NetSession Interface "1517:TCP"= 1517:TCP:Akamai NetSession Interface "1336:TCP"= 1336:TCP:Akamai NetSession Interface "1354:TCP"= 1354:TCP:Akamai NetSession Interface "1193:TCP"= 1193:TCP:Akamai NetSession Interface "1228:TCP"= 1228:TCP:Akamai NetSession Interface "1258:TCP"= 1258:TCP:Akamai NetSession Interface "1099:TCP"= 1099:TCP:Akamai NetSession Interface "1133:TCP"= 1133:TCP:Akamai NetSession Interface "1139:TCP"= 1139:TCP:Akamai NetSession Interface "1065:TCP"= 1065:TCP:Akamai NetSession Interface R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/27/2009 12:08 AM 64160] R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 2:00 PM 14336] R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [9/25/1998 10:55 AM 52800] R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [1/19/2009 11:03 PM 1519168] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2009 12:43 AM 101936] S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 9:06 PM 1003344] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 1:27 PM 169200] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Trusted Zone: bancaintesabeograd.com\online Trusted Zone: deltabanka.rs\online Trusted Zone: lhb.rs\www.ebank Trusted Zone: ppbank.com\www.ebank Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://www.ebank.lhb.rs/DLL/FSINT.dll DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://secure.deltabanka.rs/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.deltabanka.rs/RetailDLL/SGCMSCCD.DLL DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://www.ebank.ppbank.com/DLL/SAWZip.dll DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://www.ebank.ppbank.com/DLL/EbankingWWW.dll DPF: {E772C6B1-C3D6-4251-990B-1511D7822722} - hxxps://www.ebank.ppbank.com/DLL/EBCSCC2B.dll DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} - hxxps://www.ebank.ppbank.com/DLL/EBCCDC2.dll FF - ProfilePath - c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.pimpmysearch.com/home.html?gname=Stolica FF - component: c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll FF - component: c:\documents and settings\Slavica\Application Data\Mozilla\Firefox\Profiles\k8t9pkfq.default\extensions\piclens@cooliris.com\components\piclensstub.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: capability.policy.policynames - localfilelinks FF - user.js: capability.policy.localfilelinks.sites - hxxp://www.travian.org http://www.travian.at http://welt1.travian.de http://welt2.travian.de http://welt3.travian.de http://welt4.travian.de http://welt5.travian.de http://welt6.travian.de http://welt7.travian.de http://welt8.travian.de http://welt9.travian.de http://welt10.travian.de http://speed.travian.de rs1.travian.com FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess. *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-27 23:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(604) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1232) c:\program files\Microsoft Office\OFFICE11\msohev.dll . Completion time: 2009-06-27 23:10 ComboFix-quarantined-files.txt 2009-06-27 21:10 ComboFix2.txt 2009-06-26 21:00 Pre-Run: 20,527,976,448 bytes free Post-Run: 20,510,748,672 bytes free 306 Dopuna: 30 Jun 2009 22:49 Da li treba i dalje da se chisti shtogod?

Profil

helen1 Poslao: 30 Jun 2009 23:50 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 30 Jun 2009 23:36 Ups, ja zaboravio na tebe, a juce nisam bio tu. Samo da se saberem malo Dopuna: 30 Jun 2009 23:50 Preuzmi program OTM na Desktop. Dvoklikom pokreni OTM.exe U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja: `:files c:\WINDOWS\system32\explorĺr.exe :reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\explorĺr.exe"=-` Klikni MoveIt! Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu. Ukoliko se pojavi upit: Confirm ::The system requires a reboot to finish removing files. Do you want to reboot now? kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen. Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu. Potrebno je iskopirati sadržaj tog loga u poruku na forumu.

Profil

lalanesosa Poslao: 02 Jul 2009 22:24 Idi na vrh
offline lalanesosa Građanin Pridružio: 17 Apr 2006 Poruke: 215 Gde živiš: Novi Sad	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Eve ga log: ========== FILES ========== File/Folder c:\WINDOWS\system32\explorĺr.exe not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\\WINDOWS\\system32\\explorĺr.exe not found. OTM by OldTimer - Version 3.0.0.2 log created on 07022009_222056

Profil

helen1 Poslao: 02 Jul 2009 22:34 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi mi sad novi ComboFix log.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Hijack this javlja error

Ko je trenutno na forumu

Ukupno su 817 korisnika na forumu :: 38 registrovanih, 5 sakrivenih i 774 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: AMCXXL, Apok, babaroga, bobomicek, cavatina, CheefCoach, dankisha, Daxi184, Frunze, Georgius, jackreacher011011, Koca Popovic, Koridor, ksyyaj, lucko1, Luka Blažević, maiden6657, MB120mm, milenko crazy north, mrav pesadinac, nextyamb, Nobunaga, operniki, opt1, panzerwaffe, pein, robytz, royst33, sevenino, shone34, Sirius, suton, theNedjeljko, VJ, VP6919, wizzardone, yufighter, 125

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by