Možda tražite i:
I tako se ja cudim cudu
Pomozite sa meni cudnim "virusom"(ilivid cudo)!
Cudan ulaz.. sve cudno
Čuda

MyCity » Ambulanta -> Arhiva Ambulante » Neki dialeri i čuda

Neki dialeri i čuda

Napisano na dan: 20.1.2009

Strana:
1
2
3
4

Neki dialeri i čuda

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

Panonsky Poslao: 20 Jan 2009 17:12 Idi na vrh
offline Panonsky Verni jaran gazda Pece ... i pozdravite Vašu mamu... Mi smo sve podigli u ovom gradu. Pridružio: 20 Mar 2006 Poruke: 3894	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pre dva dana je počeo NOD da mi prijavljuje neke viruse, dialere, trojance, podivljali su mi i messengeri pa mi izbacuju neke linkove. Skype mi stalno nudi da skinem gole slike moje mame. Yahoo messenger mi je od svih kontakata poslao isti link, da vidim svoje gole slike... I tako. Ja sam pročešljao komp svime šta imam instalirano: CCleaner, TuneUp, SpyBot, Ad-Aware i NOD 32. Našlo se par sitnica, valjda 4 neka maliciozna fajla koje sam obrisao. Ali i dalje mi izbacuje nešto NOD, pa evo slike prozorčića: A evo i log fajla: https://www.mycity.rs/must-login.png Molim vas za pomoć. I da, dok sam kucao ovo, opet je izbacio prozore, ali sada su drugi brojevi u pitanju. Ono na slikama što je 702.exe, sad je 2.exe izbacio... Izgleda se brojevi menjaju... Logfile of HijackThis v1.99.1 Scan saved at 17:02:15, on 20.1.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\WINDOWS\VMSnap23.exe C:\WINDOWS\Domino.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\SafeSignCertReg.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe D:\Install\MAGICM~1\Magic.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\ApexDC++_Gusari_XY6\ApexDC.exe C:\DOCUME~1\IVANPE~1\LOCALS~1\Temp\075.exe C:\DOCUME~1\IVANPE~1\LOCALS~1\Temp\361.exe C:\DOCUME~1\IVANPE~1\LOCALS~1\Temp\232.exe C:\DOCUME~1\IVANPE~1\LOCALS~1\Temp\380.exe C:\DOCUME~1\IVANPE~1\LOCALS~1\Temp\485.exe C:\DOCUME~1\IVANPE~1\LOCALS~1\Temp\240.exe C:\DOCUME~1\IVANPE~1\LOCALS~1\Temp\579.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Opera\opera.exe C:\Program Files\totalcmd\TC PowerPack\totalcmd_.exe C:\Program Files\ACD Systems\ACDSee\8.0\ACDSee8.exe D:\Install\HJT\H3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medfax.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID} R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [CertificateRegistration] SafeSignCertReg.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Windows Service help] C:\RECYCLER\S-1-5-21-3117105925-7748888398-658117204-9010\winservices.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V.....4481138734 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)

Profil

helen1 Poslao: 20 Jan 2009 17:21 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------ Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Panonsky Poslao: 20 Jan 2009 18:47 Idi na vrh
offline Panonsky Verni jaran gazda Pece ... i pozdravite Vašu mamu... Mi smo sve podigli u ovom gradu. Pridružio: 20 Mar 2006 Poruke: 3894	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, skenirao sam sa NOD-om opet kako si reko, isključio sam AMON. Ništa nije našao... Onda sam pokrenuo ComboFix i odmah mi je restartovao komp. Onda je izbacio tri prozora Error u kojima ništa nije pisalo, samo sam kliknuo OK... Onda sam ga opet pokrenuo i pogasio sve zaštite koje imam. Nešto je brisao Cache i radio uglavnom nešto i opet restartovao komp. E onda kaže, nemoj paliti druge programe dok on ne završi. I tu mi NOD opet izbaci prozor da je našao neki virus, opet 2.exe. I krenu programi iz start up-a da se dižu, to nisam mogao da sprečim... Anyway, evo log fajla koje je generisao ComboFix: ComboFix 09-01-19.05 - Ivan Pear 2009-01-20 18:31:14.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1539 [GMT 1:00] Running from: c:\documents and settings\Ivan Pear\Desktop\ComboFix.exe AV: Eset NOD32 antivirus system 2.51 On-access scanning enabled (Updated) FW: Outpost Firewall Pro disabled * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Agnitum\Outpost Firewall\wl_hook.dll c:\windows\system32\Cache . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VFILT -------\Service_VFILT ((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-20 17:36 --------- d-----w c:\documents and settings\Ivan Pear\Application Data\Skype 2009-01-20 17:23 --------- d-----w c:\documents and settings\Ivan Pear\Application Data\skypePM 2009-01-20 01:49 --------- d-----w c:\program files\CCleaner 2009-01-20 01:49 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-17 19:27 --------- d-----w c:\program files\QuickTime 2008-12-17 19:26 --------- d-----w c:\program files\Common Files\Apple 2008-12-17 19:26 --------- d-----w c:\program files\Apple Software Update 2008-12-17 19:26 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-17 19:26 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2008-12-17 19:12 --------- d-----w c:\documents and settings\Ivan Pear\Application Data\Apple Computer 2008-12-16 21:14 --------- d-----w c:\program files\Opera 2008-12-12 23:33 --------- d-----w c:\program files\MessengerDiscovery 2008-12-11 03:02 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2008-12-10 01:55 --------- d-----w c:\program files\Common Files\Skype 2008-12-04 16:29 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-27 13:59 --------- d-----w c:\program files\K-Lite Codec Pack 2008-11-25 03:08 --------- d-----w c:\documents and settings\Ivan Pear\Application Data\uTorrent 2008-11-11 22:00 410,976 ----a-w c:\windows\system32\deploytk.dll 2008-11-02 14:02 7,680 ----a-w c:\windows\system32\ff_vfw.dll 2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll 2008-10-23 16:18 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe 2007-11-30 15:36 22,328 ----a-w c:\documents and settings\Ivan Pear\Application Data\PnkBstrK.sys 2006-06-23 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-11-05 4347120] "Windows Service help"="c:\recycler\S-1-5-21-3117105925-7748888398-658117204-9010\winservices.exe" [2009-01-18 101888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="c:\windows\TBPanel.exe" [2007-06-26 2173480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152] "BigDogPath323VMSnap"="c:\windows\VMSnap23.exe" [2006-09-19 212992] "BigDogPath323Domino"="c:\windows\Domino.exe" [2006-06-28 49152] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-01-24 917504] "Outpost Firewall"="c:\program files\Agnitum\Outpost Firewall\outpost.exe" [2006-10-20 94720] "OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2006-10-30 335872] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-11 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "nwiz"="nwiz.exe" [2007-07-23 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe] "CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 c:\windows\system32\SafeSignCertReg.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\Ivan Pear\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon "DiskeeperSystray"="c:\program files\Executive Software\Diskeeper\DkIcon.exe" "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\ICQ6\\ICQ.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 SandBox;Outpost Firewall Sandbox Driver;c:\program files\Agnitum\Outpost Firewall\Kernel\SandBox.sys [2008-01-24 256296] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-11-07 38656] R3 TodosAgmII;Driver for Todos Argosmini II USB;c:\windows\system32\drivers\AgmIIusb.sys [2008-03-19 22016] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] R3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-11-07 476672] R3 ZSMC326;VIMICRO USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [2007-11-07 260096] S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\adblock.dll [2008-01-24 33568] S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\arp.dll [2008-01-24 17408] S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\content.dll [2008-01-24 4896] S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\dnscache.dll [2008-01-24 14464] S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\ftpfilt.dll [2008-01-24 9248] S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\htmlfilt.dll [2008-01-24 11552] S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\httpfilt.dll [2008-01-24 13216] S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\imapfilt.dll [2008-01-24 7168] S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\mailfilt.dll [2008-01-24 14880] S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\nntpfilt.dll [2008-01-24 6752] S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\pop3filt.dll [2008-01-24 10048] S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\protect.dll [2008-01-24 15200] S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);c:\program files\Agnitum\Outpost Firewall\Kernel\secret.dll [2008-01-24 12928] S3 UsbCmxp;Scientific Atlanta WebSTAR 2000 series Cable Modem;c:\windows\system32\drivers\sacmxp2.sys [2007-11-07 14336] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44c06ee3-96d3-11dc-a3eb-001d6093bdd7}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bde930dc-2116-11dd-a4c3-001d6093bdd7}] \Shell\AutoRun\command - L:\ \Shell\open\Command - rundll32.exe .\\msatsspc.dll,InstallM [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef1b193e-8296-11dd-a52b-001d6093bdd7}] \Shell\Auto\command - L:\activexdebugger32.exe f \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f \Shell\explore\Command - L:\activexdebugger32.exe f \Shell\open\Command - L:\activexdebugger32.exe f . Contents of the 'Scheduled Tasks' folder 2009-01-09 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17] 2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.medfax.org/ IE: + &Download Express: download this file - c:\program files\Download Express\Add_Url.htm IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: imon.dll Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-20 18:35:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1614895754-688789844-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:c8,69,20,b1,14,a8,81,6b,59,b4,a5,17,b8,ef,b7,42,7d,82,fa,ac,9b,1b,cf, 7b,d6,f6,f5,60,bd,e4,40,7f,da,d1,ca,71,02,b9,0b,cb,06,30,0b,26,4a,47,14,06,\ "??"=hex:c9,32,d9,29,9c,8e,85,25,e8,29,7b,36,24,6d,08,bf . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(888-) c:\windows\system32\imon.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\scardsvr.exe c:\windows\system32\rundll32.exe c:\program files\Executive Software\Diskeeper\DkService.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\ESET\nod32krn.exe c:\windows\system32\nvsvc32.exe c:\program files\Yahoo!\Messenger\YahooMessenger.exe c:\program files\MessengerDiscovery\MessengerDiscovery Live.exe c:\windows\system32\IoctlSvc.exe c:\windows\system32\PnkBstrA.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\totalcmd\TC PowerPack\TCPowerPack.exe c:\program files\totalcmd\TC PowerPack\Totalcmd.exe c:\program files\totalcmd\TC PowerPack\Totalcmd_.exe . ************************************************************************* . Completion time: 2009-01-20 18:37:54 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-20 17:37:52 Pre-Run: 19.802.116.096 bytes free Post-Run: 19,706,535,936 bytes free 214 P.S.: Ako si mi pokvario kompjuter kupićeš mi nov!

Profil

helen1 Poslao: 20 Jan 2009 18:52 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Panonian :: P.S.: Ako si mi pokvario kompjuter kupićeš mi nov! Hahah, znas kako kazu u Muckama "Nema novca natrag, nema garancije". btw. Ugasio si FW, Nod je radio. Aj, probaj ponovo. Ugasi Nod pa skeniraj ComboFixom.

Profil

Panonsky Poslao: 20 Jan 2009 19:05 Idi na vrh
offline Panonsky Verni jaran gazda Pece ... i pozdravite Vašu mamu... Mi smo sve podigli u ovom gradu. Pridružio: 20 Mar 2006 Poruke: 3894	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! I meni je izbacio da je NOD uključen, a ugasio sam ga! Ono, desni klik na ikonu u Tray-u pa Quit... A on kaže "radi ti NOD". E sad ti njega ubedi da sam ga isključio... Aj pokušaću opet, makar da ga ubijem u procesima, ne znam stvarno šta mu je.

Profil

bobby Poslao: 20 Jan 2009 19:28 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imas gore uputstvo kako se gasi NOD32, molim te da ga ispostujes. Ne gasi se NOD tako kako si ti ucinio. Ti si ugasio samo graficki interfejs, a ne i sam engine. Ako ti budemo pokvarili komp, to ce biti zato sto ti ne sledis uputstva, a ne nasom krivicom.

Profil

helen1 Poslao: 20 Jan 2009 20:38 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvori sledeci fajl u Notepadu, i iskopiraj mi sadrzaj ovde: C:\Qoobox\ComboFix-quarantined-files.txt

Profil

Panonsky Poslao: 20 Jan 2009 20:48 Idi na vrh
offline Panonsky Verni jaran gazda Pece ... i pozdravite Vašu mamu... Mi smo sve podigli u ovom gradu. Pridružio: 20 Mar 2006 Poruke: 3894	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! @helen1: 2008-01-24 21:17:27 A------- 322,560 C:\Qoobox\Quarantine\C\Program Files\Agnitum\Outpost Firewall\wl_hook.dll.vir 2009-01-20 18:20:28 A------- 556 C:\Qoobox\Quarantine\catchme.log 2009-01-20 18:20:51 A------- 144,023 C:\Qoobox\Quarantine\C\Program Files\Agnitum\Outpost Firewall\_wl_hook_.dll.zip 2009-01-20 18:32:16 A------- 10,704 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2009-01-20 18:32:22 A------- 1,398 C:\Qoobox\Quarantine\Registry_backups\Legacy_VFILT.reg.dat 2009-01-20 18:33:03 A------- 156,650 C:\Qoobox\Quarantine\Registry_backups\Service_VFILT.reg.dat 2009-01-20 20:30:19 A------- 182 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Windows Service help.reg.dat @bobby: Šalio sam se za kvarenje kompa... Nemoj odmah da se ljutiš. Pregledao sam sve teme koje su obeležene kao važne, pregledao sam podforum Uputstva i Googlao. Nikako nisam uspeo da nađem upustvo da isključim NOD. Nisam našao ono uputstvo "gore"... Na Google sam našao da ga isključim u msconfig, ali ni to nije pomoglo, opet je pokazao ComboFix da radi NOD. Pokušao sam da ga ubijem u procesima, ali se iznova pojavljuje... Ne znam kako da ugasim NOD, pa ako nije problem, da mi date link ili kratko kažete šta da uradim... Sada mi ne izbacuje NOD više one prozore, ali skype je uporan i pojavljuje se nekoliko prozorčića odjednom da skinem slike moje gole mame!!! Užas...

Profil

bobby Poslao: 20 Jan 2009 20:59 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U poruci u kojoj ti je helen1 napisao da skines i pustis ComboFix, u istoj poruci ti prvo pise kako se iskljucuje NOD32. I naravno da se ne ljutim Izvinjavam se kolegi za offtopic u njegovoj temi.

Profil

helen1 Poslao: 20 Jan 2009 21:35 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljuci NOD i uradi sledece: Otvoriti Notepad i iskopirati sledeci tekst: DeQuarantine:: C:\Qoobox\Quarantine\C\Program Files\Agnitum\Outpost Firewall\_wl_hook_.dll.zip File:: c:\recycler\S-1-5-21-3117105925-7748888398-658117204-9010\winservices.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44c06ee3-96d3-11dc-a3eb-001d6093bdd7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bde930dc-2116-11dd-a4c3-001d6093bdd7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef1b193e-8296-11dd-a52b-001d6093bdd7}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Service help"=- Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Neki dialeri i čuda

Ko je trenutno na forumu

Ukupno su 1085 korisnika na forumu :: 49 registrovanih, 11 sakrivenih i 1025 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Apok, bankulen, bladesu, Bokiboks, bokisha253, Boris BM, cavatina, cinoeye, darkangel, Dimitrise93, dragoljub11987, drimer, esx66, Fog of War, galerija, gomago, goxin, HogarStrashni, hyla, ivan1973, Karla, kokodakalo, Krvava Devetka, kunktator, kybonacci, laganini123, Marko Marković, mercedesamg, Metanoja, milenko crazy north, mnn2, nemkea71, NoOneEver Dreams, rajkoplje, repac, RJ, sevenino, slonic_tonic, stalja, Stoilkovic, Trpe Grozni, TwinHeadedEagle, uruk, vathra, Vatreni Zmaj, Vlada1389, vladulns, wizzardone

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by