MyCity » Ambulanta -> Arhiva Ambulante » Pokupio sam neku zarazu!!!

Pokupio sam neku zarazu!!!

Napisano na dan: 28.11.2007

Strana:
1
2

Pokupio sam neku zarazu!!!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Evil Ghost Poslao: 28 Nov 2007 04:15 Idi na vrh
offline Evil Ghost Ugledni građanin Pridružio: 15 Feb 2007 Poruke: 443	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Instalirao sam neke glupe vinkove i smajlije za MSN i popasao neku zarazu. Nod32 3.0,551 ne nalazi ništa, ali mi u IE stalno iskaču neki prozori kako mi je komp zaražen i nudi mi da skidam neke glupe anti-trojan, anti-spayware i anti-virus programe. Evo i loga Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:07:08, on 28.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Protexis\License Service\PSIService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Video Add-on\icthis.exe C:\Program Files\Video Add-on\isfmntr.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Video Add-on\icmntr.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Video Add-on\isfmm.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\autoclk.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\POP Peeper\POPPeeper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\ASUS USB ADSL Modem\ASUS USB ADSL Modem\dslmon.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ActivationManager Class - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {E8249E69-A809-4544-832F-64EB65747A92} - C:\Program Files\Video Add-on\isfmdl.dll O3 - Toolbar: IE Custom Tools - {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6} - C:\Program Files\Video Add-on\ictmdl.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [autoclk] autoclk.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtins.....plugin.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll O21 - SSODL: E404Helper - {4f817334-e39b-44cf-a958-9d96ad57864f} - e404d.dll (file missing) O22 - SharedTaskScheduler: aldoa - {adf64b1b-c68c-4ce8-bb55-258b7b8b0f81} - (no file) O22 - SharedTaskScheduler: arsenicism - {075a465d-0af2-4b79-8db3-2fda0fd8d74c} - (no file) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 7420 bytes

Profil

dr_Bora Poslao: 28 Nov 2007 09:24 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Upakuj sledeće file-ove u jedan zip: C:\WINDOWS\autoclk.exe C:\WINDOWS\SYSTEM32\winjyg32.dll i uploaduj ga preko sledeće forme: http://www.mycity.rs/ambulanta-upload.php ------------------------------------------------------------------------------------- Preimenuj file programa HijackThis i folder u kome se nalazi pre dalje upotrebe. 1) Preuzmi program SmitfraudFix sa ovog linka. 2.) Extract-uj program na desktop. (Takodje na ovaj način pripremi i program Hijack This koje će se kasnije koristiti) 3.) Restartuj računar i podigni sistem u Safe Mode-u. [ Safe Mode info link 4.) Pronadji na desktop-u folder gde si raspakovao SmitfraudFix program i dvoklikom pokreni fajl SmitfraudFix.cmd. Kada se alat za uklanjanje prvi put startuje pokazaće ti se ekran za odobrenje. Jednostavno pretisni bilo koje dugme na tastaturi da bi prešao na sledeći nivo. 5.) 6.) Program će početi sa čišćenjem kompjutera. Posle završenog čišćenja SmitfraudFix-om pokrenuće ti se Windows-ov program Disk Cleanup. Nakon sto SmitFraudFix zavrsi svoj posao, postavi nam ovde log koji se nalazi na C:\rapport.txt i svez HJT log.

Profil

Evil Ghost Poslao: 28 Nov 2007 13:42 Idi na vrh
offline Evil Ghost Ugledni građanin Pridružio: 15 Feb 2007 Poruke: 443	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Prvi fajl sam poslao, drzgog nema ni kada uključim prikaz skrivenih fajlova i fascikli. HJT sam preimenovao, ali je ova nova verzija instalirana kao program u Program Files, pa je možda tu problem. SmitFraudFix v2.256 Scan done at 13:29:28,64, sre 28.11.2007 Run from C:\Documents and Settings\korisnik\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{adf64b1b-c68c-4ce8-bb55-258b7b8b0f81}"="aldoa" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{075a465d-0af2-4b79-8db3-2fda0fd8d74c}"="arsenicism" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 127.0.0.1 Web2Pop »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\korisnik\FAVORI~1\Online Security Test.url Deleted C:\Program Files\Video Add-on\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{075a465d-0af2-4b79-8db3-2fda0fd8d74c}"="arsenicism" »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:35:59, on 28.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Protexis\License Service\PSIService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\autoclk.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\POP Peeper\POPPeeper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\ASUS USB ADSL Modem\ASUS USB ADSL Modem\dslmon.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Reši ovo\HijackThis.exe R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ActivationManager Class - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {E8249E69-A809-4544-832F-64EB65747A92} - C:\Program Files\Video Add-on\isfmdl.dll (file missing) O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [autoclk] autoclk.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtins.....plugin.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{7C316C31-68E5-49BD-9B6D-3B8F479592FF}: NameServer = 80.74.164.249 80.74.160.38 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll O21 - SSODL: E404Helper - {4f817334-e39b-44cf-a958-9d96ad57864f} - e404d.dll (file missing) O22 - SharedTaskScheduler: arsenicism - {075a465d-0af2-4b79-8db3-2fda0fd8d74c} - (no file) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 6811 bytes

Profil

dr_Bora Poslao: 28 Nov 2007 14:11 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokreni HijackThis, skeniraj i čekiraj sledeće linije: O2 - BHO: ActivationManager Class - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll O2 - BHO: (no name) - {E8249E69-A809-4544-832F-64EB65747A92} - C:\Program Files\Video Add-on\isfmdl.dll (file missing) O4 - HKLM\..\Run: [autoclk] autoclk.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing) O21 - SSODL: E404Helper - {4f817334-e39b-44cf-a958-9d96ad57864f} - e404d.dll (file missing) O22 - SharedTaskScheduler: arsenicism - {075a465d-0af2-4b79-8db3-2fda0fd8d74c} - (no file) Klikni Fix Checked. ------------------------------------------------------------------------------------- Skini CatchMe. Dvoklikom pokreni program i pređi na tab Script. U (beli) prozor programa iskopiraj tekst koji se nalazi unutar kod polja: `files to kill: C:\WINDOWS\SYSTEM32\winjyg32.dll` Klikni na taster Run. Nakon što proces bude završen na Desktop-u će se nalaziti file catchme.zip. Uploaduj ga preko sledeće forme: http://www.mycity.rs/ambulanta-upload.php ------------------------------------------------------------------------------------- Pronađi i obriši: C:\Program Files\ActivationManager\ C:\WINDOWS\autoclk.exe ------------------------------------------------------------------------------------- Iskopiraj u iduću poruku sadržaj file-a catchme.log koji će se nalaziti na desktopu i postavi novi HijackThis log.

Profil

Evil Ghost Poslao: 28 Nov 2007 14:34 Idi na vrh
offline Evil Ghost Ugledni građanin Pridružio: 15 Feb 2007 Poruke: 443	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Processing "Files to kill:" file zipped: C:\WINDOWS\SYSTEM32\winjyg32.dll -> catchme.zip -> winjyg32.dll ( 21504 bytes ) PE file "C:\WINDOWS\SYSTEM32\winjyg32.dll" killed successfully Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:31:09, on 28.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Protexis\License Service\PSIService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\POP Peeper\POPPeeper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\ASUS USB ADSL Modem\ASUS USB ADSL Modem\dslmon.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Reši ovo\HijackThis.exe R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtins.....plugin.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{7C316C31-68E5-49BD-9B6D-3B8F479592FF}: NameServer = 80.74.164.249 80.74.160.38 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll O21 - SSODL: E404Helper - {4f817334-e39b-44cf-a958-9d96ad57864f} - (no file) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 5835 bytes

Profil

dr_Bora Poslao: 28 Nov 2007 15:00 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Restartuj kompjuter. Pokreni HT, skeniraj i čekiraj sledeće linije: O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll O21 - SSODL: E404Helper - {4f817334-e39b-44cf-a958-9d96ad57864f} - (no file) Klikni Fix Checked. Postavi novi HT log.

Profil

Evil Ghost Poslao: 28 Nov 2007 15:24 Idi na vrh
offline Evil Ghost Ugledni građanin Pridružio: 15 Feb 2007 Poruke: 443	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:22:42, on 28.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\POP Peeper\POPPeeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ASUS USB ADSL Modem\ASUS USB ADSL Modem\dslmon.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Protexis\License Service\PSIService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Reši ovo\HijackThis.exe R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtins.....plugin.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{7C316C31-68E5-49BD-9B6D-3B8F479592FF}: NameServer = 80.74.164.249 80.74.160.38 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 5722 bytes

Profil

dr_Bora Poslao: 28 Nov 2007 15:46 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

Profil

Evil Ghost Poslao: 28 Nov 2007 16:43 Idi na vrh
offline Evil Ghost Ugledni građanin Pridružio: 15 Feb 2007 Poruke: 443	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 07-11-19.4C - Dejan 2007-11-28 16:20:56.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.202 [GMT 1:00] Running from: E:\P R O G R A M I\Nenarezani programi\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\dat.txt C:\WINDOWS\rs.txt C:\WINDOWS\system32\bsnzafqa.bin C:\WINDOWS\system32\cfg.dat . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))) . 2007-11-28 13:35 <DIR> d-------- C:\Program Files\Reši ovo 2007-11-27 02:14 <DIR> d-------- C:\Program Files\Windows Live 2007-11-27 02:14 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2007-11-27 02:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-11-26 16:53 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime 2007-11-26 16:53 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime 2007-11-26 16:53 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime 2007-11-26 16:53 79,360 --a--c--- C:\WINDOWS\system32\dllcache\winar30.ime 2007-11-26 16:53 69,120 --a--c--- C:\WINDOWS\system32\dllcache\wingb.ime 2007-11-26 16:53 65,536 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime 2007-11-26 16:53 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll 2007-11-26 16:53 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys 2007-11-26 16:53 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls 2007-11-26 16:52 15,872 --a--c--- C:\WINDOWS\system32\dllcache\padrs404.dll 2007-11-26 16:52 7,680 --a--c--- C:\WINDOWS\system32\dllcache\kbdnecnt.dll 2007-11-26 16:51 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_20290.nls 2007-11-26 16:51 54,528 --a--c--- C:\WINDOWS\system32\dllcache\cap7146.sys 2007-11-26 16:51 24,632 --a--c--- C:\WINDOWS\system32\dllcache\fpadmcgi.exe 2007-11-26 16:51 20,541 --a--c--- C:\WINDOWS\system32\dllcache\fpadmdll.dll 2007-11-26 16:50 275,968 --a--c--- C:\WINDOWS\system32\dllcache\certwiz.ocx 2007-11-26 16:50 189,440 --a--c--- C:\WINDOWS\system32\dllcache\smtpadm.dll 2007-11-26 16:50 188,494 --a--c--- C:\WINDOWS\system32\dllcache\fpcount.exe 2007-11-26 16:50 188,480 --a--c--- C:\WINDOWS\system32\dllcache\cfgwiz.exe 2007-11-26 16:50 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx 2007-11-26 16:50 76,800 --a--c--- C:\WINDOWS\system32\dllcache\logui.ocx 2007-11-26 16:50 76,288 --a--c--- C:\WINDOWS\system32\dllcache\cnfgprts.ocx 2007-11-26 16:50 68,608 --a--c--- C:\WINDOWS\system32\dllcache\iisext51.dll 2007-11-26 16:50 45,056 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll 2007-11-26 16:50 20,536 --a--c--- C:\WINDOWS\system32\dllcache\shtml.dll 2007-11-26 16:50 16,437 --a--c--- C:\WINDOWS\system32\dllcache\shtml.exe 2007-11-26 16:50 7,168 --a--c--- C:\WINDOWS\system32\dllcache\wamregps.dll 2007-11-26 16:50 5,632 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll 2007-11-26 16:49 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2007-11-26 16:40 1,042,903 --a--c--- C:\WINDOWS\system32\dllcache\SP2.CAT 2007-11-26 16:40 31,281 --a--c--- C:\WINDOWS\system32\dllcache\FP4.CAT 2007-11-26 16:40 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2007-11-26 16:40 13,753 --a--c--- C:\WINDOWS\system32\dllcache\IMS.CAT 2007-11-26 16:40 13,472 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT 2007-11-26 16:40 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-11-26 16:40 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll 2007-11-26 16:40 9,581 --a--c--- C:\WINDOWS\system32\dllcache\MSMSGS.CAT 2007-11-26 10:00 <DIR> d-------- C:\Program Files\CryptLoad - Download Manager 2007-11-25 14:12 <DIR> d-------- C:\Documents and Settings\korisnik\Application Data\Winamp 2007-11-24 16:22 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-11-24 16:22 127,456 --a------ C:\WINDOWS\system32\IPDETECT.EXE 2007-11-24 16:22 46,892 --a------ C:\WINDOWS\system32\ADADIX16.DLL 2007-11-24 16:22 32,768 --a------ C:\WINDOWS\adiras.exe 2007-11-24 16:22 4,981 --a------ C:\WINDOWS\system32\ADADIX2K.DLL 2007-11-24 02:22 44,544 --a------ C:\WINDOWS\AWuninstall.exe 2007-11-23 11:31 147,456 --a------ C:\WINDOWS\AVUNTOOL.EXE 2007-11-18 20:36 7,334 --a--c--- C:\WINDOWS\system32\dllcache\wmerrenu.cat 2007-11-18 18:27 <DIR> d-------- C:\Program Files\Nero 2007-11-18 18:27 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-11-17 16:51 <DIR> d-------- C:\Program Files\LightWave 3D 9.2 2007-11-17 16:51 1,219,950 --a------ C:\WINDOWS\LightWave 3D 9.2 Uninstaller.exe 2007-11-17 12:34 <DIR> d-------- C:\Documents and Settings\korisnik\Application Data\Thinstall 2007-11-16 21:02 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-11-16 21:01 <DIR> d-------- C:\Program Files\Microsoft.NET 2007-11-14 16:48 <DIR> d-------- C:\Program Files\MSECache 2007-11-12 18:58 <DIR> d-------- C:\Program Files\MakeHuman 2007-11-12 12:00 <DIR> d-------- C:\Program Files\QuickTime 2007-11-12 11:59 <DIR> d-------- C:\Program Files\Apple Software Update 2007-11-12 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-11-12 11:44 <DIR> d-------- C:\Documents and Settings\korisnik\Application Data\Poser 7 2007-11-12 11:42 90,112 --a------ C:\WINDOWS\unvise32.exe 2007-11-12 11:20 <DIR> d-------- C:\Program Files\Poser 7 2007-11-11 01:43 <DIR> d-------- C:\Program Files\MSN Messenger 2007-11-07 16:21 <DIR> d-------- C:\Documents and Settings\korisnik\Application Data\ESET 2007-11-07 02:34 <DIR> dr------- C:\FlexLM 2007-11-07 02:18 <DIR> d-------- C:\Program Files\Common Files\Alias Shared 2007-11-07 02:18 <DIR> d-------- C:\Program Files\Autodesk 2007-11-06 12:36 <DIR> d-------- C:\Program Files\InfinaDyne 2007-11-06 01:01 <DIR> d-------- C:\Documents and Settings\korisnik\Application Data\InfinaDyne 2007-11-06 00:58 <DIR> d-------- C:\Program Files\Shared 2007-11-05 23:29 <DIR> d-------- C:\Documents and Settings\korisnik\Application Data\Imagenomic 2007-11-05 23:17 <DIR> d-------- C:\Program Files\Imagenomic 2007-11-05 23:07 <DIR> d-------- C:\Program Files\Bonjour 2007-11-05 14:39 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-11-05 14:26 <DIR> d-------- C:\Program Files\WinXP Manager 2007-11-04 18:06 <DIR> d-------- C:\Documents and Settings\korisnik\Application Data\Ahead 2007-11-03 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2007-10-30 08:32 87,040 --a------ C:\WINDOWS\UnGins.exe 2007-10-29 19:26 <DIR> d-------- C:\Program Files\Folderico 2007-10-29 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH 2007-10-29 19:20 <DIR> d-------- C:\Program Files\Gom Player 2007-10-29 19:20 <DIR> d-------- C:\Documents and Settings\korisnik\Application Data\GRETECH 2007-10-28 23:47 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-10-28 21:11 <DIR> d-------- C:\Program Files\Screamer Radio 2007-10-28 14:40 <DIR> d-------- C:\WINDOWS\system32\RNBOSENT 2007-10-28 14:40 20,032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-28 03:16 --------- d-----w C:\Documents and Settings\korisnik\Application Data\POP Peeper 2007-11-28 01:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-26 17:55 --------- d-----w C:\Program Files\Tutorials 2007-11-25 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-11-25 13:17 --------- d-----w C:\Program Files\Winamp 2007-11-24 15:25 26 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2007-11-24 15:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-24 15:10 --------- d-----w C:\Program Files\Bluetooth 2007-11-18 15:17 85 --sh--w C:\Program Files\desktop.ini 2007-11-18 15:17 15,086 --sha-w C:\Program Files\ShedkoFolderico3_0627.ico 2007-11-18 13:46 --------- d-----w C:\Program Files\POP Peeper 2007-11-13 20:14 --------- d-----w C:\Program Files\Microsoft 2007-11-07 21:47 --------- d-----w C:\Program Files\Opera 2007-11-05 22:07 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-05 13:56 --------- d-----w C:\Program Files\YuRecnik 2007-11-05 13:56 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-05 13:56 --------- d-----w C:\Program Files\Lexmark_HostCD 2007-10-28 13:41 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys 2007-10-27 19:35 --------- d-----w C:\Program Files\Java 2007-10-25 08:27 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys 2007-10-25 08:27 50,696 ----a-w C:\WINDOWS\system32\drivers\epfw.sys 2007-10-25 08:27 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys 2007-10-25 08:25 33,800 ----a-w C:\WINDOWS\system32\drivers\eamon.sys 2007-10-25 08:25 27,144 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2007-10-22 13:07 --------- d-----w C:\Program Files\Corel 2007-10-22 13:06 --------- d-----w C:\Documents and Settings\korisnik\Application Data\Corel 2007-10-22 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel 2007-10-21 13:01 --------- d-----w C:\Program Files\MSBuild 2007-10-21 03:41 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-21 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield 2007-10-21 03:39 --------- d-----w C:\Program Files\Common Files\Protexis 2007-10-21 03:29 --------- d--h--w C:\Program Files\Give4Free Plugin 2007-10-17 20:46 --------- d-----w C:\Program Files\Common Files\WhenU 2007-10-17 20:35 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-15 13:59 --------- d-----w C:\Program Files\MP3, WAV, WMA, OGG Converter 2007-10-14 02:51 --------- d-----w C:\Program Files\Common Files\Download Manager 2007-10-01 12:43 --------- d-----w C:\Program Files\CCleaner 2007-10-01 10:03 --------- d-----w C:\Program Files\Boilsoft MOV Converter - QuickTime(.mov, .qt), 3GP, mp4 to avi, mpeg, vcd, dvd, wmv 2007-09-29 19:44 --------- d-----w C:\Documents and Settings\korisnik\Application Data\ACD Systems 2007-09-29 18:36 --------- d-----w C:\Program Files\Common Files\ACD Systems 2007-09-29 18:36 --------- d-----w C:\Program Files\ACD Systems 2007-09-10 07:43 2,380,800 ----a-w C:\WINDOWS\SaveTo.exe 2007-09-03 18:32 47,360 ----a-w C:\Documents and Settings\korisnik\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2006-11-16 05:02] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-10-25 09:26] "SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ DSLMON.lnk - C:\Program Files\ASUS USB ADSL Modem\ASUS USB ADSL Modem\dslmon.exe [2007-11-24 16:22:21] VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2007-08-03 19:03:54] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLogOff"= 1 "NoRecentDocsMenu"= 1 "NoToolbarCustomize"= 0 (0x0) "NoBandCustomize"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^korisnik^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-02-07 15:21 54832 --a------ C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-02-07 15:24 71216 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 00:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client] R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdi;epfwtdi;C:\WINDOWS\system32\DRIVERS\epfwtdi.sys R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET Smart Security\ekrn.exe" R2 epfw;epfw;C:\WINDOWS\system32\DRIVERS\epfw.sys R3 Epfwndis;Eset Personal Firewall;C:\WINDOWS\system32\DRIVERS\Epfwndis.sys S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\MSN Messenger\usnsvc.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7ae3923-8dfc-11dc-b5ef-4d6564696130}] \Shell\Auto\command - activexdebugger32.exe f \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f \Shell\explore\Command - activexdebugger32.exe f \Shell\open\Command - activexdebugger32.exe f . Contents of the 'Scheduled Tasks' folder "2007-11-12 10:59:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-28 16:29:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2007-11-28 16:32:12 . --- E O F ---

Profil

dr_Bora Poslao: 28 Nov 2007 17:40 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Skini file sa [url=https://www.mycity.rs/must-login.png linka[/url] i pokreni ga dvoklikom. ------------------------------------------------------------------------------------- Pošto su vidljivi tragovi infekcije koja se prenosi putem usb drive-ova, potrebno je da ispratiš sledeće uputstvo. Preuzmi program Flash_Disinfector. program se pokreće dvoklikom na Flash_Disinfector.exe kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay) kliknuti na OK i sačekati da se proces završi kada se pojavi poruka Done !!, kliknuti na OK. ------------------------------------------------------------------------------------- Obriši sledeće foldere: C:\qoobox\ C:\Program Files\Common Files\WhenU\ Obriši sve programe koje smo koristili. ------------------------------------------------------------------------------------- Na kraju, potrebno je resetovati SR. Iskljucivanje System Restore-a Na Desktopu, desni klik na My Computer. Odaberite Properties. Odaberite System Restore tab. Stiklirajte Turn off System Restore. Kliknite na dugme Apply. Kliknite na dugme OK. Restartuj kompjuter. Ukljucivanje System Restore-a Na Desktopu, desni klik na My Computer. Odaberite Properties. Odaberite System Restore tab. Destiklirajte Turn off System Restore. Kliknite na dugme Apply. Kliknite na dugme OK. ------------------------------------------------------------------------------------- To bi bilo sve...

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pokupio sam neku zarazu!!!

Ko je trenutno na forumu

Ukupno su 663 korisnika na forumu :: 14 registrovanih, 0 sakrivenih i 649 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: bigfoot, Boris90, draganl, goxin, Leonov, mikki jons, Mixelotti, Ognjen D., Panter, slonic_tonic, Srle993, stalja, vladetije, wizzardone

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by