torpig virus pomoc

1

torpig virus pomoc

offline
  • frasi 
  • Novi MyCity građanin
  • Pridružio: 14 Jul 2007
  • Poruke: 13

spybot mi nadje neki torpig virus i nemoze da obrise:
c:\windows\temp\$_2341234.tmp
c:\windows\temp\$_2341233.tmp

takodje avg upozorava na neke troyan horse cim se prikljucim na net
A0091403.exe
A0091414.sys
A0091431.dll i.td.

pomagajte

Logfile of HijackThis v1.99.1
Scan saved at 10:21:07 PM, on 16/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\isarvicese4.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\slrundll.exe
C:\Documents and Settings\mario govedarica\Desktop\aawsepersonal.exe
C:\Documents and Settings\mario govedarica\Desktop\aawsepersonal.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\mario govedarica\Desktop\d\d1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = paramountpc.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SvcManager] isarvicese4.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.paramountpc.com.au
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DE7E8E3-6E03-4D26-9FBB-2F5D09970FF7}: NameServer = 203.194.27.57 203.194.56.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{2DE7E8E3-6E03-4D26-9FBB-2F5D09970FF7}: NameServer = 203.194.27.57 203.194.56.150
O17 - HKLM\System\CS3\Services\Tcpip\..\{2DE7E8E3-6E03-4D26-9FBB-2F5D09970FF7}: NameServer = 203.194.27.57 203.194.56.150
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Pokusaj molim te da nadjes fajl isarvicese4.exe na tvom kompu i da ga uploadujes preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

Onda bih te zamolio da uradis sledece:


Iskljucivanje System Restore-a

Na Desktopu, desni klik na My Computer.
Odaberite Properties.
Odaberite System Restore tab.
Stiklirajte Turn off System Restore.
Kliknite na dugme Apply.
Kliknite na dugme OK.


Ukljucivanje System Restore-a

Na Desktopu, desni klik na My Computer.
Odaberite Properties.
Odaberite System Restore tab.
Destiklirajte Turn off System Restore.
Kliknite na dugme Apply.
Kliknite na dugme OK.


Time smo na trenutak iskljucili pa ponovo ukljucili System Restore.
To bi trebalo da te resi oni virusa koje ti AVG prijavljuje. Javi ako smo taj deo uspesno obavili, pa da vidimo za dalje.

Pitanje: koji modem koristis? Jel SmartLink ili ne?

offline
  • frasi 
  • Novi MyCity građanin
  • Pridružio: 14 Jul 2007
  • Poruke: 13

Ovo sam nasao preko search/for files and folders:

ISARVICES4.EXE-1F92C9C2.pf c:\windows\prefetch 67 kb pf file

isarvices4 c:\windows\ system 32 43 kb application




Neznam kako da ovo prebacim na formu za upload.

Iskljucio sam i ukljucio system restore.

Modem mi je Smartlink.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini [url=https://www.mycity.rs/must-login.png
Startuj i klikni na Scan
Nakon zavrsenog skeniranja na Desktopu ces imati fajl catchme.log - otvori u Notepadu i iskopiraj sadrzaj u sledecu poruku.

Sada idi gore na tab Script i unesi tamo sledeci tekst:
files:
D:\WINDOWS\system32\isarvices4.exe

Klikni na Run
Na Desktopu ces imati sada catchme.log i catchme.zip
Log ponovo iskopiraj u poruku a catchme.zip uploaduj preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

offline
  • frasi 
  • Novi MyCity građanin
  • Pridružio: 14 Jul 2007
  • Poruke: 13

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-07-18 17:31:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

bobby editovao zbog duzine linija

Dopuna: 18 Jul 2007 10:05

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-07-18 17:31:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

bobby editovao zbog duzine linija

scan completed successfully
hidden processes: 0
hidden files: 2

disk not found D:WINDOWS\system32\isarvices4.exe
source file error: C:WINDOWS\system32\isarvices4.exe

Dopuna: 18 Jul 2007 10:13

Napravio sam upload od catchme zip preko forme.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

frasi, izvini, ali potkrala mi se greska u skriptu za Catchme koji sam ti napisao. Nista lose po tvoj komp, ali moramo da ponovimo postupak:

Znaci, startuj ponovo Catchme i klikni na Scan
Nakon zavrsenog skeniranja na Desktopu ces imati fajl catchme.log - otvori u Notepadu i iskopiraj sadrzaj u sledecu poruku.

Sada idi gore na tab Script i unesi tamo sledeci tekst:
files:
C:\WINDOWS\system32\isarvices4.exe

Klikni na Run
Na Desktopu ces imati sada catchme.log i catchme.zip
Log ponovo iskopiraj u poruku a catchme.zip uploaduj preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

Izvini jos jednom na gresci i sto te maltretiram da ponovo ovo uradis.

offline
  • frasi 
  • Novi MyCity građanin
  • Pridružio: 14 Jul 2007
  • Poruke: 13

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-07-19 18:03:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

bobby izbacio deo loga zbog duzine linija
catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-07-19 18:03:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

bobby izbacio deo loga zbog duzine linija
source file error: C:\WINDOWS\system32\isarvices4.exe


Daje mi nesto script completed with errors.Inace sad mi konekcija pada svako pet minuta.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Hmmm...
Moracu da te uputim na Ewido Micro. Nadam se da ti 8mb downloada nije problem.

Skini Ewido micro odavde :
http://downloads.ewido.net/ewido_micro.exe

Kako se radi sa Ewido micro:
- na prvom ekranu odaberi sve particije (štikliraj polja ispred njih)
- klikni na dugme Start Scan
- nakon završenog skeniranja klikni na Save Report i snimi log fajl na sigurno mesto
- klikni na Remove Infections
- iskopiraj nam ovde sadržaj log fajla koji je malopre snimljen

Nakon skeniranja sa Ewidom i postavljanja log fajla, postavi nam i svez log programa HijackThis.

offline
  • frasi 
  • Novi MyCity građanin
  • Pridružio: 14 Jul 2007
  • Poruke: 13

Zaboravio sam ti reci kad spybot nadje ovaj "TORPIG'' takodje nadje i ovo:

-Microsoft.WindowsSecurityCentar.AntiVirusOverride
-Microsoft.WindowsSecurityCentar.FirewallOverride

Spybot obrise sve ovo u safe modu,ali opet se pojavi kad se vratim u normalni windows. Evo ti logs od Ewido i HijackThis:__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.247realmedia
Path: :mozilla.11:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.12:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.13:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.23:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.24:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.25:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.26:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.27:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.28:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.29:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.30:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.35:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.36:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.37:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.38:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: :mozilla.39:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: :mozilla.40:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.59:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.60:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.61:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.62:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.63:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.68:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.103:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.104:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Com
Path: :mozilla.109:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Connextra
Path: :mozilla.110:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Connextra
Path: :mozilla.111:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.113:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.114:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Esomniture
Path: :mozilla.131:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hotlog
Path: :mozilla.176:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.193:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.194:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.263:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.285:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Qksrv
Path: :mozilla.301:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Qksrv
Path: :mozilla.302:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.304:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.305:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Real
Path: :mozilla.322:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.323:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.324:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.329:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.330:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.331:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.332:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.333:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revenue
Path: :mozilla.334:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.335:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.336:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.337:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.338:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.376:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.377:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.378:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.379:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.380:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.381:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.399:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: :mozilla.403:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: :mozilla.404:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.409:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.410:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.411:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.412:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.413:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.418:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Weborama
Path: :mozilla.426:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yadro
Path: :mozilla.434:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.437:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.450:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.451:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.452:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.453:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.454:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.456:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Masterstats
Path: :mozilla.532:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sitestat
Path: :mozilla.533:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sitestat
Path: :mozilla.534:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstbeacon
Path: :mozilla.548:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Paypal
Path: :mozilla.573:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium

Name: Backdoor.Hupigon
Path: C:\PROGRAMI\NERO 7.0\Nero 7.0 KeyGen.zip/Nero 7.0 KeyGen.exe
Risk: High
Logfile of HijackThis v1.99.1
Scan saved at 7:40:31 PM, on 20/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\isarvicese4.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\slrundll.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\mario govedarica\Desktop\d\d1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = paramountpc.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SvcManager] isarvicese4.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.paramountpc.com.au
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DE7E8E3-6E03-4D26-9FBB-2F5D09970FF7}: NameServer = 203.194.27.57 203.194.56.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{2DE7E8E3-6E03-4D26-9FBB-2F5D09970FF7}: NameServer = 203.194.27.57 203.194.56.150
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ajmo ponovo Catchme:

Unesi sledeci script:
files:
C:\WINDOWS\system32\isarvicese4.exe
i klikni Run.
Nakon toga uploaduj ponovo preko one forme Catchme.zip sa desktopa.

Ja sam se prosli put poveo onim sto si ti otkucao, a pojeo si bio jedno slovo iz imena fajla, pa sam ti otkucao pogresnu skriptu.

Ko je trenutno na forumu
 

Ukupno su 1242 korisnika na forumu :: 41 registrovanih, 6 sakrivenih i 1195 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, AK - 230, Asparagus, babaroga, BORUTUS, cifra, croato, darcaud, dragoljub11987, Duh sa sekirom, Dvojac005, Excalibur13, FOX, GenZee, Georgius, hooraay, Istman, krkalon, Kruger, Krusarac, Krvava Devetka, lord sir giga, Lubica, Marko Marković, mercedesamg, naki011, nemkea71, NoOneEver Dreams, opt1, pera bager, Sančo, sombrero, Srky Boy, theNedjeljko, vasa.93, virked, VJ, Vlad000, voja64, VP6919, zdrebac