MyCity » Ambulanta -> Arhiva Ambulante » usao mi trojanac pored avasta 4.6

usao mi trojanac pored avasta 4.6

Napisano na dan: 13.1.2008

Strana:
1
2

usao mi trojanac pored avasta 4.6

Sledeća strana

Pagination

Odgovori

Strana:
1
2

andrej007 Poslao: 13 Jan 2008 22:04 Idi na vrh
offline andrej007 Građanin Pridružio: 13 Jan 2008 Poruke: 40	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! treba mi pomoc!!! skidao sam sa neta neke sifre za igricu counter strike 1.6 i uleteo mi virus trojanac. Pa vas pitam dali mi neko moze pomoci kako da ga se resim a de nerusim sistem UNAPRED HWALA.

Profil

bobby Poslao: 14 Jan 2008 05:58 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Procitaj prvo sledecu temu: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html Nakon toga postavi ovde HijackThis log onako kako je opisano u toj temi.

Profil

andrej007 Poslao: 14 Jan 2008 10:28 Idi na vrh
offline andrej007 Građanin Pridružio: 13 Jan 2008 Poruke: 40	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo sve kako je tamo: Logfile of HijackThis v1.99.1 Scan saved at 10:23:23 PM, on 1/15/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Macrogaming\SweetIM\SweetIM .exe C:\Program Files\DAEMON Tools\daemon .exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Ivan\Desktop\New Folder\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = daemon-search.com/startpage R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnlk.exe O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {69F775D8-F9D6-49D2-BD72-EA7B355C479B} - C:\WINDOWS\system32\pmnlk.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\ssqopom.dll (file missing) O2 - BHO: {5c2745cb-f5ae-c638-9104-f19383a9030e} - {e0309a38-391f-4019-836c-ea5fbc5472c5} - C:\WINDOWS\system32\jrfqksfp.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [4c13996e] rundll32.exe "C:\WINDOWS\system32\cacatceh.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: ssqopom - ssqopom.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ML-2010 Status Monitor Service (SM_ml1600_FUService) - Unknown owner - C:\Program.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Profil

bobby Poslao: 14 Jan 2008 17:29 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Na racunaru imas vise infekcija. Pokusaj da mi uploadujes ova dva fajla na proveru: C:\WINDOWS\system32\pmnlk.exe C:\WINDOWS\system32\cacatceh.dll Upload uradi preko sledece forme: http://www.mycity.rs/ambulanta-upload.php Nakon toga skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

andrej007 Poslao: 14 Jan 2008 18:56 Idi na vrh
offline andrej007 Građanin Pridružio: 13 Jan 2008 Poruke: 40	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nisam te bas najbolje razumeo... gde da uzmem to da ti dam na upload nnerazumem odakle da ga uzmem da ti stavim na upload pa te molim da mi kazes kako to??? Dopuna: 14 Jan 2008 18:56 dali da udjem na C pa onda WINDOWS pa u sistem32 i tu onda da nadjem jel takoove fajlove

Profil

bobby Poslao: 14 Jan 2008 18:58 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preskoci taj korak ukoliko ne umes. Predji na deo sa ComboFixom.

Profil

andrej007 Poslao: 14 Jan 2008 19:19 Idi na vrh
offline andrej007 Građanin Pridružio: 13 Jan 2008 Poruke: 40	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-01-14.4 - Ivan 2008-01-16 7:11:26.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.172 [GMT 1:00] Running from: C:\Documents and Settings\Ivan\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Alwil Software\Avast4\ashDisp .exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\WINDOWS\system32\cacatceh.dll C:\WINDOWS\system32\ejxhyjne.dll C:\WINDOWS\system32\epfrtyqq.ini C:\WINDOWS\system32\hectacac.ini C:\WINDOWS\system32\jrfqksfp.dll C:\WINDOWS\system32\klgcsjfq.dll C:\WINDOWS\system32\klnmp.ini C:\WINDOWS\system32\klnmp.ini2 C:\WINDOWS\system32\ngfgjymp.ini C:\WINDOWS\system32\RCX19.tmp C:\WINDOWS\system32\RCX1A.tmp C:\WINDOWS\system32\RCX1B.tmp C:\WINDOWS\system32\RCX1C.tmp C:\WINDOWS\system32\RCX1D.tmp C:\WINDOWS\system32\RCX1E.tmp C:\WINDOWS\system32\RCX1F.tmp C:\WINDOWS\system32\RCX20.tmp C:\WINDOWS\system32\RCX24.tmp C:\WINDOWS\system32\RCX2A.tmp C:\WINDOWS\system32\RCX2B.tmp C:\WINDOWS\system32\tljdrngc.dll `<pre> C:\Program Files\Alwil Software\Avast4\ashDisp .exe ---> QooBox C:\Program Files\DAEMON Tools\daemon .exe ---> daemon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM .exe ---> SweetIM.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe ---> TeaTimer.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr .exe ---> ssmmgr.exe </pre>` . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE ((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))) . 2008-01-16 07:10 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-15 13:45 . 2008-01-15 14:45 147 --a------ C:\WINDOWS\wininit.ini 2008-01-15 13:08 . 2008-01-16 07:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-15 10:47 . 2008-01-15 10:47 <DIR> d-------- C:\Program Files\Winamp 2008-01-15 10:47 . 2008-01-16 07:12 132 --a------ C:\WINDOWS\winamp.ini 2008-01-12 10:32 . 2008-01-12 10:32 <DIR> d-------- C:\Program Files\mIRC 2008-01-12 10:22 . 2008-01-12 13:00 <DIR> d-------- C:\Program Files\ClarioN-ScripTV3 2008-01-12 10:22 . 2008-01-12 10:22 720,896 --a------ C:\WINDOWS\iun6002.exe 2008-01-10 04:27 . 2008-01-10 04:27 102,856 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-01-08 01:57 . 2008-01-08 01:57 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer 2008-01-08 01:56 . 2008-01-16 07:14 <DIR> d-------- C:\Program Files\DAEMON Tools 2008-01-01 11:35 . 2008-01-16 03:29 <DIR> d-------- C:\Program Files\L@V Script v3.0 2008-01-01 06:31 . 2008-01-03 02:54 414 --ahs---- C:\WINDOWS\system32\ekkoeaeb.ini 2007-12-30 03:09 . 2007-12-30 03:09 <DIR> d-------- C:\Program Files\EA GAMES 2007-12-30 03:05 . 2008-01-08 01:50 <DIR> d-------- C:\Program Files\D-Tools 2007-12-28 04:30 . 2007-12-28 04:30 268 --ah----- C:\sqmdata04.sqm 2007-12-28 04:30 . 2007-12-28 04:30 244 --ah----- C:\sqmnoopt04.sqm 2007-12-28 03:32 . 2007-12-28 03:32 268 --ah----- C:\sqmdata03.sqm 2007-12-28 03:32 . 2007-12-28 03:32 244 --ah----- C:\sqmnoopt03.sqm 2007-12-28 02:16 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-12-28 02:16 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-12-28 02:16 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-12-28 02:16 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-28 02:16 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-28 02:16 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-28 02:16 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-28 02:16 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-28 02:16 . 2007-12-28 02:16 268 --ah----- C:\sqmdata02.sqm 2007-12-28 02:16 . 2007-12-28 02:16 244 --ah----- C:\sqmnoopt02.sqm 2007-12-28 02:13 . 2007-12-28 02:13 268 --ah----- C:\sqmdata01.sqm 2007-12-28 02:13 . 2007-12-28 02:13 244 --ah----- C:\sqmnoopt01.sqm 2007-12-28 01:44 . 2007-12-28 01:44 268 --ah----- C:\sqmdata00.sqm 2007-12-28 01:44 . 2007-12-28 01:44 244 --ah----- C:\sqmnoopt00.sqm 2007-12-24 14:45 . <DIR> C:\Program Files\Professional crI_t v.3 Black 2007-12-24 14:24 . 2007-12-24 14:29 32 --a------ C:\WINDOWS\CD_Start.INI 2007-12-24 14:20 . 2007-12-28 02:15 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2007-12-24 14:19 . 2008-01-01 01:46 326,656 --a------ C:\WINDOWS\system32\pmnlk.exe 2007-12-24 14:06 . 2007-12-24 14:39 319 --a------ C:\WINDOWS\game.ini 2007-12-24 13:52 . 2007-12-24 13:52 <DIR> d-------- C:\Program Files\Activision 2007-12-24 13:19 . 2007-12-24 13:19 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-12-24 12:50 . 2007-12-24 14:17 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-24 12:50 . 2007-12-24 14:07 22,328 --a------ C:\Documents and Settings\Ivan\Application Data\PnkBstrK.sys 2007-12-24 12:49 . 2007-12-24 12:49 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-12-24 12:49 . 2007-12-24 14:17 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-12-24 12:49 . 2007-12-24 14:15 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-12-24 12:41 . 2007-12-24 12:46 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\DAEMON Tools 2007-12-24 12:40 . 2007-12-24 12:40 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-24 11:33 . 2007-12-24 11:33 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-12-24 10:35 . 2007-12-24 11:43 <DIR> d-------- C:\Program Files\Ubisoft 2007-12-24 09:58 . 2007-12-24 09:58 <DIR> d-------- C:\Program Files\RTL 2007-12-24 03:49 . 2007-12-24 12:04 <DIR> d-------- C:\Program Files\Grobari Jug Black 2007-12-19 11:57 . 2007-12-19 11:57 <DIR> d-------- C:\Program Files\InterVideo 2007-12-19 11:57 . 2007-12-19 11:57 <DIR> d-------- C:\Program Files\Common Files\InterVideo 2007-12-19 11:57 . 2007-12-19 11:57 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\InterVideo 2007-12-19 11:57 . 2002-11-21 10:57 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll 2007-12-19 11:57 . 2002-11-21 10:57 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll 2007-12-19 11:57 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll 2007-12-19 11:57 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll 2007-12-19 11:57 . 2002-11-21 10:57 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll 2007-12-19 11:57 . 2002-11-21 10:57 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll 2007-12-19 11:56 . 2007-12-19 11:57 <DIR> d-------- C:\Program Files\InterActual 2007-12-19 11:56 . 2007-12-19 11:56 <DIR> d-------- C:\Program Files\Creative 2007-12-19 11:56 . 2003-01-27 16:32 831,600 --a------ C:\WINDOWS\system32\Ctaa1.dat 2007-12-19 11:56 . 2003-11-11 10:44 333,600 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys 2007-12-19 11:56 . 2003-07-14 16:49 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll 2007-12-19 11:56 . 2003-11-11 10:43 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll 2007-12-18 13:24 . 2007-12-18 13:29 220,133,376 -rah----- C:\Video1218-1324(TV118-).mpg . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-16 06:13 --------- d-----w C:\Program Files\Professional §©®ÎÞt v.3 Black 2008-01-12 12:00 --------- d-----w C:\Program Files\Professional §©®ÎÞt v.2 2007-12-27 11:42 --------- d-----w C:\Program Files\QuickTime 2007-12-27 11:42 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-12-27 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime 2007-12-25 03:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-25 03:21 --------- d-----w C:\Program Files\Common Files\ACD Systems 2007-12-24 09:00 101,376 ----a-w C:\WINDOWS\system32\drivers\ACEDRV07.sys 2007-12-14 23:11 --------- d-----w C:\Program Files\Macrogaming 2007-12-13 08:56 --------- d-----w C:\Program Files\Real 2007-12-13 08:55 --------- d-----w C:\Program Files\MSN Messenger 2007-12-11 03:32 --------- d-----w C:\Program Files\Autodesk 2007-12-11 03:32 --------- d-----w C:\Program Files\AutoCAD 2004 2007-12-11 03:32 --------- d-----w C:\Documents and Settings\Ivan\Application Data\Autodesk 2007-12-11 03:31 54,784 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE 2007-12-11 03:31 12,464 ----a-w C:\WINDOWS\system32\drivers\CDAC15BA.SYS 2007-12-11 03:31 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2007-12-11 03:31 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2007-12-11 03:31 --------- d-----w C:\Program Files\AnswerWorks 4.0 2007-12-11 03:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2007-12-06 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth 2007-12-06 11:26 --------- d-----w C:\Program Files\Webteh 2007-12-06 08:58 --------- d-----w C:\Program Files\IVT Corporation 2007-12-05 04:50 --------- d-----w C:\Program Files\Anti-Blaxx 2007-12-03 21:28 --------- d-----w C:\Program Files\Common Files\DirectX 2007-12-03 21:22 --------- d-----w C:\Program Files\GameSpy Arcade 2007-12-03 21:14 --------- d-----w C:\Program Files\Alcohol Soft 2007-12-02 23:29 --------- d-----w C:\Documents and Settings\Ivan\Application Data\CyberLink 2007-12-02 04:57 --------- d-----w C:\Program Files\Valve 2007-11-30 07:41 --------- d-----w C:\Documents and Settings\Ivan\Application Data\MSNInstaller 2007-11-30 06:56 --------- d-----w C:\Program Files\Opera 2007-11-30 06:46 --------- d-----w C:\Program Files\MT882 2007-11-29 22:12 --------- d-----w C:\Documents and Settings\Ivan\Application Data\ACD Systems 2007-11-29 21:17 --------- d-----w C:\Program Files\Alwil Software 2007-11-29 21:16 --------- d-----w C:\Program Files\Avast4 2007-11-29 10:31 --------- d-----w C:\Documents and Settings\Ivan\Application Data\SumatraPDF 2007-11-29 08:09 --------- d-----w C:\Program Files\Samsung ML-2010 Series 2007-11-29 08:01 --------- d-----w C:\Program Files\Microsoft.NET 2007-11-29 08:01 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-11-29 08:01 --------- d-----w C:\Program Files\Common Files\L&H 2007-11-29 08:00 --------- d-----w C:\Program Files\Microsoft Works 2007-11-29 07:54 --------- d-----w C:\Program Files\BSPlayer 2007-11-29 07:53 --------- d-----w C:\Program Files\CyberLink 2007-11-29 07:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2007-11-29 07:52 --------- d-----w C:\Program Files\ACD Systems 2007-11-29 07:45 --------- d-----w C:\Program Files\Common Files\Ahead 2007-11-29 07:45 --------- d-----w C:\Program Files\Ahead 2007-11-29 07:39 --------- d-----w C:\Program Files\totalcmd 2007-11-29 07:37 --------- d-----w C:\Program Files\Common Files\Ulead Systems 2007-11-29 07:36 --------- d-----w C:\Program Files\WinFast 2007-11-29 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems 2007-11-29 07:17 --------- d-----w C:\Program Files\ASUSTeK 2007-11-29 07:16 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-29 07:14 --------- d-----w C:\Program Files\Silicon Image 2007-11-29 07:14 --------- d-----w C:\Program Files\Java 2007-11-29 07:14 --------- d-----w C:\Program Files\Common Files\Java 2007-11-29 07:11 --------- d-----w C:\Program Files\Realtek Sound Manager 2007-11-29 07:11 --------- d-----w C:\Program Files\AvRack 2007-11-29 06:59 --------- d-----w C:\Program Files\microsoft frontpage . `<pre> ----a-w 40,048 2007-12-25 03:19:43 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe ----a-w 81,920 2008-01-08 00:49:19 C:\Program Files\D-Tools\daemon .exe ----a-w 1,694,208 2007-12-31 22:24:23 C:\Program Files\Messenger\msmsgs .exe ----a-w 15,360 2007-12-28 01:15:28 C:\WINDOWS\system32\ctfmon .exe </pre>` ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ] "MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-16 02:53 103712] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-16 02:53 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-04 00:15 4554752] "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2008-01-16 06:34 372736] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-16 02:53 103712] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-01-16 02:53 157592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqopom] ssqopom.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk backup=C:\WINDOWS\pss\SATARAID5.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2004-09-04 00:15 4554752 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2004-09-04 00:15 86016 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2004-09-04 00:15 921600 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2004-02-22 23:44 32881 C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC7Player] C:\Program Files\HHVcdV7Sys\VC7Play.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule] --a------ 2006-04-27 16:18 344064 C:\Program Files\WinFast\WFTVFM\WFWIZ.exe R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 14:50] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 15:20] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 14:49] R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32] S1 vdrv7000;vdrv7000;C:\WINDOWS\system32\DRIVERS\vdrv7000.sys [] S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32] S3 SM_ml1600_FUService;ML-2010 Status Monitor Service;"C:\Program Files\Samsung ML-2010 Series\CommonSM\ssmsrvc [] S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8254a0a9-9e4a-11dc-aa3e-806d6172696f}] \Shell\AutoRun\command - F:\ASUSACPI.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-01-16 07:14:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-16 7:15:57 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-16 06:15:47 . 2008-01-10 22:17:11 --- E O F ---

Profil

bobby Poslao: 14 Jan 2008 19:30 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Promeni ime HijackThisa. tj. desni klik na HijackThis, pa odaberi Rename, pa promeni da se ne zove vise HijackThis.exe, vec TR2.exe Napravi sada svez HijackThis log i postavi ga da vidim tamo promene. Da napomenem da je infekcija najverovatnije posledica jako stare verzije Jave koja je instalirana na tvom racunaru. Nemoj posecivati nikakve sajtove sve dok ne zavrsimo ciscenje, i dok ne instaliramo novu verziju Jave (to cemo na kraju).

Profil

andrej007 Poslao: 14 Jan 2008 19:52 Idi na vrh
offline andrej007 Građanin Pridružio: 13 Jan 2008 Poruke: 40	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 7:49:30 AM, on 1/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Ivan\Desktop\New Folder\TR2.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = daemon-search.com/startpage R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: ssqopom - ssqopom.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ML-2010 Status Monitor Service (SM_ml1600_FUService) - Unknown owner - C:\Program.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ule

Profil

bobby Poslao: 14 Jan 2008 20:01 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini VundoFix: http://www.atribune.org/ccount/click.php?id=4 * Dvoklikom se startuje fajl VundoFix.exe. * Izabere opcija Scan for Vundo. * Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK. * Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo. * Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes. * Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a. * Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK. * Uključi se računar i podigne sistem iznova. * Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu

Profil

MyCity » Ambulanta -> Arhiva Ambulante » usao mi trojanac pored avasta 4.6

Ko je trenutno na forumu

Ukupno su 750 korisnika na forumu :: 29 registrovanih, 2 sakrivenih i 719 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., aramis s, babaroga, bbogdan, bobomicek, Bubimir, djboj, Djokislav, draganl, drimer, esx66, galerija, HogarStrashni, ikan, laurusri, Lazarus, loon123, mrav pesadinac, nedeljkovici, Parker, powSrb, procesor, rajkoplje, RJ, shaja1, SR-3m, stegonosa, W123, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by