MyCity » Ambulanta -> Arhiva Ambulante » Security Alert:Spyware found-molim za pomoc

Security Alert:Spyware found-molim za pomoc

Napisano na dan: 15.2.2008

Security Alert:Spyware found-molim za pomoc

Sledeća strana

Pagination

Odgovori

dexon303 Poslao: 15 Feb 2008 23:59 Idi na vrh
offline dexon303 Građanin Pridružio: 18 Avg 2006 Poruke: 37	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Your computer is infected with last version of PSW.x-Vir trojan.PSW trojans steal your private information such as:passwords,IP-address,credit card information,registration details,doccuments,etc.Click this baloon to remove PSW.x-Vir spyware.Stalno mi izbacuje ovo,sta da radim?kako da uklonim to?Unapred sam zahvalan ako neko zna da mi objasni sta je to i da li postoji nacin da uklonim to?Logfile of HijackThis v1.99.1 Scan saved at 22:42:10, on 15/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NetProject\sbmntr.exe C:\Program Files\NetProject\scit.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NetProject\scm.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NetProject\sbsm.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = uk.rd.yahoo.com/customize/ycomp/defaults/sb/http://uk.docs.yahoo.com/info/ie6.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = uk.rd.yahoo.com/customize/ycomp/defaults/sp/http://uk.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: ContextHelper - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: e404 helper - {8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} - C:\Program Files\Helper\1203095929.dll (file missing) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Microsoft Office Outlook] C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE /recycle O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - explorertool.net/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - explorertool.net/redirect.php (file missing) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Profil

dr_Bora Poslao: 16 Feb 2008 00:29 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Zašto nemaš antivirus instaliran? -------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

dexon303 Poslao: 16 Feb 2008 01:47 Idi na vrh
offline dexon303 Građanin Pridružio: 18 Avg 2006 Poruke: 37	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav,nemam antivirus jer sam ga bio izbrisao,imao sam nos ali nije uspeo da mi ukloni ovaj problem pa sam se iznervirao i zibrisao ga.Evo ovo sam iskopirao: ComboFix 08-02-16.2 - Administrator 2008-02-16 0:37:47.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.82 [GMT 0:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Administrator\ravmonlog C:\Program Files\ContextTool C:\Program Files\ContextTool\ContextHelper.dat C:\Program Files\ContextTool\pcre3.dll C:\toolbar.exe C:\WINDOWS\adober.exe C:\WINDOWS\prefs_bg.dll C:\WINDOWS\system32\msssc.dll . ((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 ))))))))))))))))))))))))))))))) . 2008-02-15 22:41 . 2008-02-15 22:41 218,112 --a------ C:\HijackThis.exe 2008-02-15 21:59 . 2008-02-15 21:59 40,960 --a------ C:\Look2Me-Destroyer.exe 2008-02-15 21:54 . 2008-02-15 21:54 50,688 --a------ C:\ATF-Cleaner.exe 2008-02-15 21:21 . 2008-02-15 21:51 <DIR> d-------- C:\VundoFix Backups 2008-02-15 21:21 . 2008-02-15 21:21 132,608 --a------ C:\VundoFix.exe 2008-02-15 17:53 . 2008-02-15 17:53 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-15 17:52 . 2008-02-15 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-15 17:50 . 2008-02-15 17:50 21,364,592 --a------ C:\aaw2007.exe 2008-02-15 17:20 . 2008-02-15 17:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-15 17:18 . 2008-02-15 18:19 <DIR> d-------- C:\Program Files\Sotfone 2008-02-15 17:18 . 2008-02-15 17:18 <DIR> d-------- C:\Program Files\NetProject 2008-02-13 23:57 . 2008-02-13 23:58 <DIR> d-------- C:\Program Files\FLV Player 2008-02-13 22:22 . 2008-02-13 22:22 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-02-13 22:21 . 2008-02-13 22:22 <DIR> d-------- C:\Program Files\Real 2008-02-13 22:21 . 2008-02-13 22:21 <DIR> d-------- C:\Program Files\Common Files\Real 2008-02-13 22:19 . 2008-02-13 22:19 14,104,072 --a------ C:\RealPlayer11BETA.exe 2008-02-13 17:06 . 2008-02-13 17:06 2,604,659 --a------ C:\redtube_d_setup.exe 2008-02-10 20:44 . 2008-02-10 20:44 4,096 --a------ C:\WINDOWS\d3dx.dat 2008-02-10 20:06 . 2008-02-12 18:16 <DIR> d-------- C:\Program Files\Playtonium Jigsaw Atlantic Lighthouses 2008-02-10 19:29 . 1998-11-17 13:44 328,704 --a------ C:\WINDOWS\IsUn0407.exe 2008-02-10 19:24 . 2008-02-10 19:24 <DIR> d-------- C:\Program Files\Freecell3D 2008-02-10 19:24 . 2008-02-10 19:24 <DIR> d-------- C:\Program Files\Common Files\Amber Mango 2008-02-10 19:06 . 2008-02-10 19:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\funkitron 2008-02-10 19:05 . 2008-02-12 18:17 <DIR> d-------- C:\Program Files\3D Live Pool 2008-02-05 14:17 . 2008-02-05 14:17 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-02-05 14:17 . 2008-02-05 14:17 3,558,791 --a------ C:\youtubedownloader.exe 2008-02-02 22:15 . 2008-02-02 22:15 1,158 --a------ C:\WINDOWS\mozver.dat 2008-02-02 22:11 . 2008-02-02 22:11 0 --a------ C:\WINDOWS\nsreg.dat 2008-02-02 22:06 . 2008-02-02 22:10 5,828,336 --a------ C:\Firefox Setup 2.0.0.11.exe 2008-01-29 00:48 . 2008-01-29 00:54 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-29 00:47 . 2008-01-29 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-20 17:19 . 2008-02-05 16:22 <DIR> d-------- C:\Program Files\ESET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-15 18:43 --------- d-----w C:\Program Files\Yahoo! 2008-02-15 17:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-13 22:21 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-02-13 22:21 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-02-13 22:21 13,312 --s-a-w C:\WINDOWS\system32\eeioq.dll 2008-02-11 22:40 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire 2008-02-05 16:19 --------- d-----w C:\Program Files\Google 2008-01-05 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-01-04 17:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM 2007-12-29 01:18 --------- d-----w C:\Program Files\Mv2Player 2007-12-27 19:28 --------- d--h--w C:\Documents and Settings\Administrator\Application Data\yahoo! 2007-12-19 18:34 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-17 16:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Globe7 2007-12-16 19:43 --------- d-----w C:\Program Files\MostFun 2007-12-15 15:16 22,589,736 ----a-w C:\SkypeSetup.exe 2007-12-14 11:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-13 19:57 8,454,656 ----a-w C:\winamp55_full_emusic-7plus_en-us.exe 2007-12-13 19:57 10,604,032 ----a-w C:\TU2007TrialEN.exe 2007-12-13 19:54 6,586,368 ----a-w C:\Opera_9.24_International_Setup.exe 2007-12-13 19:54 437,760 ----a-w C:\msgr8us.exe 2007-12-13 19:54 3,381,760 ----a-w C:\LimeWireWin.exe 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll 2007-11-27 21:21 155,995 ----a-w C:\WINDOWS\java\Packages\9357357P.ZIP . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2}] C:\Program Files\Helper\1203095929.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}] 2008-02-16 00:22 9728 --a------ C:\Program Files\NetProject\sbmdl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11D4-9B18-009027A5CD4F} {81705D67-3F73-4983-859B-97D0922E5ABE} [HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 12:00 15360] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704] "Microsoft Office Outlook"="C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-13 22:21 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 12:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "start"= C:\Program Files\NetProject\sbmntr.exe "some"= C:\Program Files\NetProject\scit.exe [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{917f93bf-6714-4e11-8982-59db2e0f88fc}"= C:\WINDOWS\system32\eeioq.dll [2008-02-13 22:21 13312] . Contents of the 'Scheduled Tasks' folder "2008-02-15 17:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-02-15 22:00:17 C:\WINDOWS\Tasks\At1.job" - C:\\Look2Me-Destroyer.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-16 00:39:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\WINDOWS\system32\eeioq.dll . Completion time: 2008-02-16 0:39:45 ComboFix-quarantined-files.txt 2008-02-16 00:39:28 . 2008-02-13 17:59:34 --- E O F --- Ako znas sta treba da uradim molim te help me jer mi se non stop pojavljuju neke infekcije.Unapred sam zahvalan.

Profil

dr_Bora Poslao: 16 Feb 2008 09:43 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Citat:Ako znas sta treba da uradim molim te help me jer mi se non stop pojavljuju neke infekcije. Ovo ćemo srediti, ali bez AV-a ćeš opet uskoro imati probleme sa malware-om. ------------------------------------------------------------------------------------- U logu su vidljivi i tragovi infekcija koje se prenose putem USB drive-ova. Ukoliko imaš neki takav uređaj, potrebno je da ga priključiš u toku narednog postupka. Preuzmi program Flash_Disinfector. program se pokreće dvoklikom na Flash_Disinfector.exe kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay) kliknuti na OK i sačekati da se proces završi kada se pojavi poruka Done !!, kliknuti na OK. ------------------------------------------------------------------------------------- Zatim... Otvoriti Notepad i iskopirati sledeci tekst (sve što se nalazi unutar ''Kod'' polja): File:: C:\WINDOWS\system32\eeioq.dll Folder:: C:\Program Files\NetProject C:\Program Files\Sotfone C:\Program Files\Helper DirLook:: C:\Documents and Settings\All Users\Application Data\TEMP Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{81705D67-3F73-4983-859B-97D0922E5ABE}"=- [-HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "start"=- "some"=- [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{917f93bf-6714-4e11-8982-59db2e0f88fc}"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}] [-HKEY_CURRENT_USER\Software\NetProject] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

dexon303 Poslao: 16 Feb 2008 16:42 Idi na vrh
offline dexon303 Građanin Pridružio: 18 Avg 2006 Poruke: 37	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo drug uradeo sam sve kako si mi objasnio i vise mi se ne pojavljuje onaj eror sa porukom,svaka pohvala za tebe uspeo si da mi pomognes da otklonim ovaj problem.Hvala ti puno drug.Postujem ovaj tvoj gest.Jos jednom svaka pohvala i hvala ti. ComboFix 08-02-16.2 - Administrator 2008-02-16 15:23:02.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.46 [GMT 0:00]Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\system32\eeioq.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\NetProject C:\Program Files\NetProject\ot.ico C:\Program Files\NetProject\sbmdl.dll C:\Program Files\NetProject\sbmntr.exe C:\Program Files\NetProject\sbsm.exe C:\Program Files\NetProject\sbun.exe C:\Program Files\NetProject\scit.exe C:\Program Files\NetProject\scm.exe C:\Program Files\NetProject\scu.exe C:\Program Files\NetProject\ts.ico C:\Program Files\NetProject\wamdl.dll C:\Program Files\NetProject\waun.exe C:\Program Files\Sotfone C:\WINDOWS\system32\eeioq.dll . ((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 ))))))))))))))))))))))))))))))) . 2008-02-15 22:41 . 2008-02-15 22:41 218,112 --a------ C:\HijackThis.exe 2008-02-15 21:59 . 2008-02-15 21:59 40,960 --a------ C:\Look2Me-Destroyer.exe 2008-02-15 21:54 . 2008-02-15 21:54 50,688 --a------ C:\ATF-Cleaner.exe 2008-02-15 21:21 . 2008-02-15 21:21 132,608 --a------ C:\VundoFix.exe 2008-02-15 17:53 . 2008-02-15 17:53 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-15 17:52 . 2008-02-15 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-15 17:50 . 2008-02-15 17:50 21,364,592 --a------ C:\aaw2007.exe 2008-02-15 17:20 . 2008-02-15 17:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-13 23:57 . 2008-02-13 23:58 <DIR> d-------- C:\Program Files\FLV Player 2008-02-13 22:22 . 2008-02-13 22:22 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-02-13 22:21 . 2008-02-13 22:22 <DIR> d-------- C:\Program Files\Real 2008-02-13 22:21 . 2008-02-13 22:21 <DIR> d-------- C:\Program Files\Common Files\Real 2008-02-13 22:19 . 2008-02-13 22:19 14,104,072 --a------ C:\RealPlayer11BETA.exe 2008-02-13 17:06 . 2008-02-13 17:06 2,604,659 --a------ C:\redtube_d_setup.exe 2008-02-10 20:44 . 2008-02-10 20:44 4,096 --a------ C:\WINDOWS\d3dx.dat 2008-02-10 20:06 . 2008-02-12 18:16 <DIR> d-------- C:\Program Files\Playtonium Jigsaw Atlantic Lighthouses 2008-02-10 19:29 . 1998-11-17 13:44 328,704 --a------ C:\WINDOWS\IsUn0407.exe 2008-02-10 19:24 . 2008-02-10 19:24 <DIR> d-------- C:\Program Files\Freecell3D 2008-02-10 19:24 . 2008-02-10 19:24 <DIR> d-------- C:\Program Files\Common Files\Amber Mango 2008-02-10 19:06 . 2008-02-10 19:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\funkitron 2008-02-10 19:05 . 2008-02-12 18:17 <DIR> d-------- C:\Program Files\3D Live Pool 2008-02-05 14:17 . 2008-02-05 14:17 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-02-05 14:17 . 2008-02-05 14:17 3,558,791 --a------ C:\youtubedownloader.exe 2008-02-02 22:15 . 2008-02-02 22:15 1,158 --a------ C:\WINDOWS\mozver.dat 2008-02-02 22:11 . 2008-02-02 22:11 0 --a------ C:\WINDOWS\nsreg.dat 2008-02-02 22:06 . 2008-02-02 22:10 5,828,336 --a------ C:\Firefox Setup 2.0.0.11.exe 2008-01-29 00:48 . 2008-01-29 00:54 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-29 00:47 . 2008-01-29 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-20 17:19 . 2008-02-05 16:22 <DIR> d-------- C:\Program Files\ESET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-15 18:43 --------- d-----w C:\Program Files\Yahoo! 2008-02-15 17:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-13 22:21 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-02-13 22:21 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-02-11 22:40 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire 2008-02-05 16:19 --------- d-----w C:\Program Files\Google 2008-01-05 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-01-04 17:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM 2007-12-29 01:18 --------- d-----w C:\Program Files\Mv2Player 2007-12-27 19:28 --------- d--h--w C:\Documents and Settings\Administrator\Application Data\yahoo! 2007-12-19 18:34 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-17 16:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Globe7 2007-12-16 19:43 --------- d-----w C:\Program Files\MostFun 2007-12-15 15:16 22,589,736 ----a-w C:\SkypeSetup.exe 2007-12-14 11:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-13 19:57 8,454,656 ----a-w C:\winamp55_full_emusic-7plus_en-us.exe 2007-12-13 19:57 10,604,032 ----a-w C:\TU2007TrialEN.exe 2007-12-13 19:54 6,586,368 ----a-w C:\Opera_9.24_International_Setup.exe 2007-12-13 19:54 437,760 ----a-w C:\msgr8us.exe 2007-12-13 19:54 3,381,760 ----a-w C:\LimeWireWin.exe 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll 2007-11-27 21:21 155,995 ----a-w C:\WINDOWS\java\Packages\9357357P.ZIP . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\Documents and Settings\All Users\Application Data\TEMP ---- ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 12:00 15360] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704] "Microsoft Office Outlook"="C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-13 22:21 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 12:00 15360] . Contents of the 'Scheduled Tasks' folder "2008-02-15 17:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-02-15 22:00:17 C:\WINDOWS\Tasks\At1.job" - C:\\Look2Me-Destroyer.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-16 15:24:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-02-16 15:25:39 ComboFix-quarantined-files.txt 2008-02-16 15:25:23 . 2008-02-13 17:59:34 --- E O F --- Dopuna: 16 Feb 2008 16:42 Da li trebam jos nesto da uradim ili bi to bilo to?

Profil

dr_Bora Poslao: 16 Feb 2008 17:15 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

dexon303 Poslao: 16 Feb 2008 17:28 Idi na vrh
offline dexon303 Građanin Pridružio: 18 Avg 2006 Poruke: 37	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Log je cist,perfektno si odradeo ovo sve,bravo,pozdrav!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Security Alert:Spyware found-molim za pomoc

Ko je trenutno na forumu

Ukupno su 723 korisnika na forumu :: 30 registrovanih, 2 sakrivenih i 691 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Atomski čoban, babaroga, Boris BM, Boris Bosiljčić, dankisha, debeli, doklevise, dragon986, Georgius, GUARIN, hurmiza, jackreacher011011, JOntra, Kubovac, KUZMAR, MrNo, Nemanja.M, raso76, Skakac7, stokssone, Tragač, virked, Vlada1389, vladetije, wolf431, x9, yrraf, zmajbre, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by