MyCity » Ambulanta -> Arhiva Ambulante » Problem sa nepoznatim mailovima

Problem sa nepoznatim mailovima

Napisano na dan: 5.5.2007

Strana:
1
2
3
4

Problem sa nepoznatim mailovima

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

vl Poslao: 07 Maj 2007 13:08 Idi na vrh
offline vl Novi MyCity građanin Pridružio: 05 Maj 2007 Poruke: 18	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini. Bio sam zaboravio da deštrikiram hide file extensions for known types, ali sad sam to uradio pa opet ga ne vidim. Ova dva sam obrisao.

Profil

DEMIAN Poslao: 07 Maj 2007 13:16 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokreni HJT, uradi "Do a system scan only" pronađi i označi sledeće linije: O2 - BHO: (no name) - {5488E24F-B8E4-43B7-8726-F314FF7FEE98} - c:\windows\system32\dmhadmh.dll (file missing) O2 - BHO: MS Explorer - {9B5A95FA-DFAF-31AB-A1AF-8A9FA7F8A98E} - C:\WINDOWS\system\wmecst32.dll (file missing) O4 - HKLM\..\Run: [mrwmhlft] C:\WINDOWS\system32\mrwmhlft.exe O4 - HKLM\..\Run: [mrwmhlft] C:\WINDOWS\system32\mrwmhlft.exe O20 - Winlogon Notify: poibqqbc - dmhadmh.dll (file missing) Klikni na "Fix Checked". Kada to uradiš, restartuj računar, snimi i pošalji mi svež HJT log da vidim razvoj situacije..

Profil

vl Poslao: 07 Maj 2007 13:30 Idi na vrh
offline vl Novi MyCity građanin Pridružio: 05 Maj 2007 Poruke: 18	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo loga: Logfile of HijackThis v1.99.1 Scan saved at 13:34:18, on 7.5.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\r_server.exe C:\Program Files\F-Secure\Anti-Virus\fsqh.exe C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsrw.exe C:\WINDOWS\Explorer.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\LClock\LClock.exe C:\Program Files\VisualTooltip\VisualToolTip.exe C:\Program Files\Styler\Styler.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\DOCUME~1\vlado\LOCALS~1\Temp\{D660466C-1657-4E6A-A875-9CC99599089F}\Blaero Start Orb.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\DOCUME~1\vlado\LOCALS~1\Temp\{9AEE1512-EBB3-4453-BF94-DD48873A58FF}\sidebar.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\vlado\Desktop\vlado1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = kingkongsearch.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = windowsxlive.net R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?LinkId=488 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5488E24F-B8E4-43B7-8726-F314FF7FEE98} - c:\windows\system32\dmhadmh.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nikbanka.cg.rs O17 - HKLM\System\CCS\Services\Tcpip\..\{4F5325BC-2881-4CE2-9419-BF5F4C41D508}: NameServer = 172.16.1.5,172.16.1.15 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nikbanka.cg.rs O17 - HKLM\System\CS1\Services\Tcpip\..\{4F5325BC-2881-4CE2-9419-BF5F4C41D508}: NameServer = 172.16.1.5,172.16.1.15 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: poibqqbc - dmhadmh.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

Profil

DEMIAN Poslao: 07 Maj 2007 13:39 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imao si nekoliko različitih infekcija na racunaru, nesto smo sredili ali ima još toga. Trebalo bi da ovo bude poslednji korak ako sve protekne kako treba. Postupi po ovom uputstvu ispod. ------------------------ VundoFix: http://www.atribune.org/ccount/click.php?id=4 * Dvoklikom se startuje fajl VundoFix.exe. * Izabere opcija Scan for Vundo. * Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK. * Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo. * Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes. * Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a. * Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK. * Uključi se računar i podigne sistem iznova. * Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu.

Profil

vl Poslao: 07 Maj 2007 14:05 Idi na vrh
offline vl Novi MyCity građanin Pridružio: 05 Maj 2007 Poruke: 18	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo sadrzaja C:\vundofix.txt ali nije mi doslo do gubljenja ikonica sa desktop-a niti je trazen reset a mislim da sam sve uradio kao sto si mi rekao VundoFix V6.3.21 Checking Java version... Sun Java not detected Scan started at 13:50:31 7.5.2007 Listing files found while scanning.... No infected files were found. Beginning removal... Beginning removal... VundoFix V6.3.21 Checking Java version... Sun Java not detected Scan started at 14:00:20 7.5.2007 Listing files found while scanning.... evo i loga: Logfile of HijackThis v1.99.1 Scan saved at 14:10:57, on 7.5.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\r_server.exe C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsqh.exe C:\Program Files\F-Secure\Anti-Virus\fsrw.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\LClock\LClock.exe C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\Program Files\VisualTooltip\VisualToolTip.exe C:\Program Files\Styler\Styler.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\DOCUME~1\vlado\LOCALS~1\Temp\{89885CB2-0AFC-44C2-A371-60D7A15DB4B5}\sidebar.exe C:\DOCUME~1\vlado\LOCALS~1\Temp\{140AB7D0-354E-40A2-9E10-ABC1EDD21B93}\Blaero Start Orb.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\vlado\Desktop\vlado2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = kingkongsearch.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = windowsxlive.net R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?LinkId=488 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5488E24F-B8E4-43B7-8726-F314FF7FEE98} - c:\windows\system32\dmhadmh.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nikbanka.cg.rs O17 - HKLM\System\CCS\Services\Tcpip\..\{4F5325BC-2881-4CE2-9419-BF5F4C41D508}: NameServer = 172.16.1.5,172.16.1.15 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nikbanka.cg.rs O17 - HKLM\System\CS1\Services\Tcpip\..\{4F5325BC-2881-4CE2-9419-BF5F4C41D508}: NameServer = 172.16.1.5,172.16.1.15 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: poibqqbc - dmhadmh.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing) Ako sam nesto pogrijesio reci mi da ispravim. Izvini unaprijed

Profil

DEMIAN Poslao: 07 Maj 2007 14:23 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hmm.. Prema malicioznim 02 i 020 linijama sam posumnjao na Vundo (to mu je glavna karakteristika) ali te infekcije ili nema na tvom računaru ili je ovo neka novija verzija koju ne detektuje taj fix. Zato ti i nije tražio restart. Otežava mi i to što nemam fajl, koji bih proverio i znao o čemu se tačno radi.. Daj da vidimo da nešto nije rootkitovano (skriveno) na toj mašini. Ako i to ne da rezultat, moraću da se konsultujem sa ostatkom ekipe i bobby-jem a to će biti tek posle 6-7 PM. btw. I nemoj da se izvinjavaš, nema potrebe.. ------------------- Uradi sledeće: Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili.

Profil

vl Poslao: 07 Maj 2007 15:06 Idi na vrh
offline vl Novi MyCity građanin Pridružio: 05 Maj 2007 Poruke: 18	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo sadrzaja prvog fajla: GMER 1.0.12.12244 - gmer.net Rootkit scan 2007-05-07 15:06:35 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateProcess SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateProcessEx SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateSection SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateThread SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwWriteVirtualMemory Code \WINDOWS\System32\drivers\fsndis5.sys IoCreateDevice ---- Kernel code sections - GMER 1.0.12 ---- PAGE ntkrnlpa.exe!IoCreateDevice 80574702 5 Bytes JMP F7524FD0 \WINDOWS\System32\drivers\fsndis5.sys PAGE ntkrnlpa.exe!ObReferenceObjectByHandle + 44F 805BA2A9 7 Bytes JMP F78E8CFE xkwagrvl.sys ? xkwagrvl.sys The system cannot find the file specified. PAGENPNP NDIS.SYS!NdisRegisterProtocol F722B17D 5 Bytes JMP F7524C49 \WINDOWS\System32\drivers\fsndis5.sys PAGENPNP NDIS.SYS!NdisOpenAdapter F722B397 5 Bytes JMP F7524EB4 \WINDOWS\System32\drivers\fsndis5.sys PAGENPNP NDIS.SYS!NdisCloseAdapter F723561E 5 Bytes JMP F7524EE4 \WINDOWS\System32\drivers\fsndis5.sys PAGENPNP NDIS.SYS!NdisDeregisterProtocol F72357FD 5 Bytes JMP F7524CB0 \WINDOWS\System32\drivers\fsndis5.sys PAGENDSP NDIS.SYS!NdisReturnPackets F7238800 5 Bytes JMP F752913A \WINDOWS\System32\drivers\fsndis5.sys PAGENDSP NDIS.SYS!NdisRequest F723896B 5 Bytes JMP F7527578 \WINDOWS\System32\drivers\fsndis5.sys PAGENDSP NDIS.SYS!NdisSend F723B977 5 Bytes JMP F75293FE \WINDOWS\System32\drivers\fsndis5.sys PAGENDSP NDIS.SYS!NdisSendPackets F723B994 5 Bytes JMP F75294D0 \WINDOWS\System32\drivers\fsndis5.sys PAGENDSP NDIS.SYS!NdisTransferData F723B9AF 5 Bytes JMP F752925C \WINDOWS\System32\drivers\fsndis5.sys ? C:\WINDOWS\System32\DRIVERS\update.sys ---- User code sections - GMER 1.0.12 ---- .text C:\Program Files\MSN Messenger\msnmsgr.exe[3692] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe ---- Devices - GMER 1.0.12 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_READ [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_READ [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA [F72579E8] fsdfw.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP [F72579E8] fsdfw.sys ---- EOF - GMER 1.0.12 ---- Evo i drugog fajla: GMER 1.0.12.12244 - gmer.net Autostart scan 2007-05-07 15:09:40 Windows 5.1.2600 Service Pack 2 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>> @UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe, @UIHostvistaui.exe = vistaui.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\poibqqbc@DLLName = dmhadmh.dll /file not found/ HKLM\SYSTEM\CurrentControlSet\Services\ >>> AVG Anti-Spyware Guard /AVG Anti-Spyware Guard/@ = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe BackWeb Plug-in - 7681197 /F-Secure Automatic Update/@ = C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE F-Secure Gatekeeper Handler Starter /FSGKHS/@ = "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe" fsbwsys /fsbwsys/@ = "C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe" FSMA /F-Secure Management Agent/@ = "C:\Program Files\F-Secure\Common\FSMA32.EXE" InCDsrv /InCD Helper/@ = C:\Program Files\Ahead\InCD\InCDsrv.exe InterBaseGuardian /InterBase Guardian/@ = C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe -s /file not found/ MSSQLSERVER /MSSQLSERVER/@ = C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe RichVideo /Cyberlink RichVideo Service(CRVS)/@ = "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" ?????????????????????????????????????????????????????? r_server /Remote Administrator Service/@ = "C:\WINDOWS\system32\r_server.exe" /service ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys Spooler /Print Spooler/@ = %SystemRoot%\system32\spoolsv.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @SiSPowerRundll32.exe SiSPower.dll,ModeAgent = Rundll32.exe SiSPower.dll,ModeAgent @SoundManSOUNDMAN.EXE = SOUNDMAN.EXE @NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe @InCDC:\Program Files\Ahead\InCD\InCD.exe = C:\Program Files\Ahead\InCD\InCD.exe @F-Secure Manager"C:\Program Files\F-Secure\Common\FSM32.EXE" /splash = "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash @F-Secure TNB"C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW = "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW @LClockC:\Program Files\LClock\LClock.exe = C:\Program Files\LClock\LClock.exe @Vista SidebarC:\Program Files\Vista Sidebar\sidebar.exe = C:\Program Files\Vista Sidebar\sidebar.exe @VisualTooltipC:\Program Files\VisualTooltip\VisualToolTip.exe = C:\Program Files\VisualTooltip\VisualToolTip.exe @Blaero Start OrbC:\Program Files\Blaero Start Orb\Blaero Start Orb.exe = C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe @StylerC:\Program Files\Styler\Styler.exe = C:\Program Files\Styler\Styler.exe @RemoteControl"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" @LanguageShortcut"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" = "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" @!AVG Anti-Spyware"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>> @ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe @swgC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe @MsnMsgr"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background @MSMSGS"C:\Program Files\Messenger\msmsgs.exe" = "C:\Program Files\Messenger\msmsgs.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ >>> SharedTaskScheduler@{2BDEC973-B5AC-4e5b-8AB3-5A0500880DA2} = ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{42071714-76d4-11d1-8b24-00a0c9068ff3} /Display Panning CPL Extension/deskpan.dll /file not found/ = deskpan.dll /file not found/ @{32683183-48a0-441b-a342-7c2a440a9478} /Media Band/(null) = @{950FF917-7A57-46BC-8017-59D9BF474000} /Shell Extension for CDRW/C:\Program Files\Ahead\InCD\incdshx.dll = C:\Program Files\Ahead\InCD\incdshx.dll @{596AB062-B4D2-4215-9F74-E9109B0A8153} /Previous Versions Property Page/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll @{9DB7A13C-F208-4981-8353-73CC61AE2783} /Previous Versions/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /Extensions Manager Folder/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /Web Folders/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL @{0006F045-0000-0000-C000-000000000046} /Microsoft Outlook Custom Icon Handler/C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL @{42042206-2D85-11D3-8CFF-005004838597} /Microsoft Office HTML Icon Handler/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /WinRAR shell extension/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll @{23170F69-40C1-278A-1000-000100020000} /7-Zip Shell Extension/C:\Program Files\7-Zip\7-zip.dll = C:\Program Files\7-Zip\7-zip.dll @{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /Messenger Sharing Folders/C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll HKLM\Software\Classes\\shellex\ContextMenuHandlers\ >>> 7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKLM\Software\Classes\\shellex\ContextMenuHandlers@{23814B80-52A2-11d0-BC1A-004095606CB9} = C:\Program Files\F-Secure\Common\fpshx.dll HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>> 7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{23814B80-52A2-11d0-BC1A-004095606CB9} = C:\Program Files\F-Secure\Common\fpshx.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll @{5488E24F-B8E4-43B7-8726-F314FF7FEE98}c:\windows\system32\dmhadmh.dll /file not found/ = c:\windows\system32\dmhadmh.dll /file not found/ @{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll @{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar2.dll = c:\program files\google\googletoolbar2.dll HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\Programi\SCREEN~1\Bubbles\bubbles.scr HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome @Start Pagehttp://www.windowsxlive.net = windowsxlive.net @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main >>> @Start Pagehttp://www.google.com/ = google.com/ @Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL HKLM\Software\Classes\PROTOCOLS\Handler\ >>> cdo@CLSID = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll its@CLSID = C:\WINDOWS\System32\itss.dll lid@CLSID = C:\WINDOWS\System32\msvidctl.dll livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll ms-its@CLSID = C:\WINDOWS\System32\itss.dll msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL tv@CLSID = C:\WINDOWS\system32\msvidctl.dll wia@CLSID = C:\WINDOWS\System32\wiascr.dll HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain = nikbanka.cg.rs HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4F5325BC-2881-4CE2-9419-BF5F4C41D508} /Local Area Connection/ >>> @IPAddress172.16.1.107 = 172.16.1.107 @NameServer172.16.1.5,172.16.1.15 = 172.16.1.5,172.16.1.15 @DefaultGateway172.16.1.1 = 172.16.1.1 @Domain = HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>> 000000000001@PackedCatalogItem = C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL 000000000002@PackedCatalogItem = C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014@PackedCatalogItem = C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL C:\Documents and Settings\vlado\Start Menu\Programs\Startup = Adobe Gamma.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>> Adobe Reader Speed Launch.lnk = Adobe Reader Speed Launch.lnk Adobe Reader Synchronizer.lnk = Adobe Reader Synchronizer.lnk F-Secure Automatic Update.lnk = F-Secure Automatic Update.lnk Microsoft Office.lnk = Microsoft Office.lnk Service Manager.lnk = Service Manager.lnk ---- EOF - GMER 1.0.12 ----

Profil

DEMIAN Poslao: 07 Maj 2007 16:17 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dosta sumnjivog i nepoznatog imaš ovde.. Pokušaj da pronađeš ove fajlove na disku i opet nam uploaduješ. C:\WINDOWS\system32\drivers\xkwagrvl.sys C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\vistaui.exe Takođe preko Windows Search-a ("Files and Folders" unos) propusti ove upite da vidiš da li će naći nešto. Ako nađeš, takođe - upload. poibqqbc dmhadmh U svakom slučaju moraću da se konsultujem sa ostalima iz tima u vezi ovog. Svrati na forum oko 7-8 da rešimo to.. Pozz

Profil

vl Poslao: 07 Maj 2007 16:43 Idi na vrh
offline vl Novi MyCity građanin Pridružio: 05 Maj 2007 Poruke: 18	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovaj prvi sam bio nasao preko search-a ali kada sam krenuo da ga iskopiram nije mi dao. Kada sam ga posle ponovo potrazio nisam ga vise nasao ni sa drugom ekstenzijom. Ova druga dva sam nasao. Poslednja dva nisam Dopuna: 07 Maj 2007 16:43 Malo cu biti odsutan pa cu vratiti tamo oko 7-8. Dako se rijesi ovo

Profil

bobby Poslao: 07 Maj 2007 20:54 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozz vl, ja cu da preuzmem odavde, posto DeM14n ima nekih obaveza veceras. Skini sledeci program: https://www.mycity.rs/must-login.png Startuj i klikni na dugme Scan na prvom tabu. Kada zavrsi skeniranje iskopiraj mi ovde sadzaj liste koju bude napravio. Klikni i na dugme ZIP, sto ce sve skrivene fajlove da spakuje u Catchme.zip koji ce da se nalazi na Desktopu. Posalji na taj ZIP preko upload linka koji ti je DeM14n vec dao u ranijim postovima.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa nepoznatim mailovima

Ko je trenutno na forumu

Ukupno su 912 korisnika na forumu :: 36 registrovanih, 5 sakrivenih i 871 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., anbeast, CikaKURE, cinoeye, debeli, dejoglina, Dimitrise93, djboj, Djokislav, FileFinder, Georgius, ivan1973, kolle.the.kid, Leonov, Lieutenant, Lucije Kvint, mercedesamg, Mi lao shu, Milos ZA, Mixelotti, moldway, MrNo, nenad81, nikoladim, NikolaGTR, pein, powSrb, RiV, S2M, Srle993, TheBeastOfMG, tubular, vandrej, vathra, Vlad000, vladetije

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by