MyCity » Ambulanta -> Arhiva Ambulante » Agent.Trojan.ORG

Agent.Trojan.ORG

Napisano na dan: 22.6.2009

Strana:
1
2

Agent.Trojan.ORG

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Zelezni Poslao: 22 Jun 2009 18:57 Idi na vrh
offline Zelezni Građanin Pridružio: 08 Apr 2009 Poruke: 57 Gde živiš: Indjija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:53:09, on 22.6.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\WINDOWS\livemessenger.com C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\dllcache.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Rasa\Desktop\Trojan\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = search.bearshare.com/sidebar.html?src=ssb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM\..\Run: [Custom System Service] C:\WINDOWS\SERVICE\SERVICE.EXE O4 - HKLM\..\Run: [Microsoft Update] livemessenger.com O4 - HKLM\..\Run: [Windows Dynamic Library Cache] dllcache.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....0801603129 O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 4609 bytes

Profil

argus Poslao: 22 Jun 2009 19:02 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop: Bleeping Computer . . . . . Geeks to Go! Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: zatvori pokrenute programe; deaktiviraj zaštitni softver (uputstvo); dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

Zelezni Poslao: 22 Jun 2009 19:22 Idi na vrh
offline Zelezni Građanin Pridružio: 08 Apr 2009 Poruke: 57 Gde živiš: Indjija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Konekcija: ADSL Telekom 1024/124

Profil

argus Poslao: 22 Jun 2009 19:28 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zelezni ::Konekcija: ADSL Telekom 1024/124 Ne razumem ovo, odradi po uputstvu koje sam ti dao.

Profil

Zelezni Poslao: 22 Jun 2009 20:26 Idi na vrh
offline Zelezni Građanin Pridružio: 08 Apr 2009 Poruke: 57 Gde živiš: Indjija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-06-21.01 - Rasa 22.06.2009 20:08.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.239.44 [GMT 2:00] Running from: c:\documents and settings\Rasa\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\windows\desktop c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\windows\admintxt.txt c:\windows\jestertb.dll c:\windows\livemessenger.com c:\windows\system32\drivers\SKYNETeqgvagua.sys c:\windows\system32\SKYNETcbrmtkro.dll c:\windows\system32\SKYNETmiravpwa.dll c:\windows\system32\SKYNETnkodurqe.dat c:\windows\system32\SKYNETpwvoupqh.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SKYNETeultpowx ((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 ))))))))))))))))))))))))))))))) . 2009-06-21 17:20 . 2009-06-21 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-06-21 17:19 . 2009-06-21 00:49 56370 --sh--r- c:\windows\dllcache.exe 2009-06-19 20:14 . 2009-06-19 20:14 -------- d-----w- c:\program files\Webteh 2009-06-19 16:38 . 2009-06-19 16:38 -------- d-----w- c:\windows\SERVICE 2009-06-19 16:37 . 2006-09-29 14:26 94208 ----a-w- c:\windows\OEMDEL.EXE 2009-06-19 16:37 . 2006-12-28 12:36 78336 ----a-w- c:\windows\DEVCON.X64.EXE 2009-06-19 16:37 . 2006-12-28 12:35 73216 ----a-w- c:\windows\DEVCON.X86.EXE 2009-06-19 16:23 . 2009-06-19 16:23 -------- d-----w- c:\program files\ATI Technologies 2009-06-19 16:20 . 2009-06-19 16:20 -------- dc----w- c:\windows\system32\DRVSTORE 2009-06-19 16:19 . 2009-06-19 16:19 -------- d-----w- c:\documents and settings\Rasa\Application Data\InstallShield 2009-06-19 15:48 . 2009-06-19 15:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2009-06-19 07:42 . 2009-06-19 07:42 603904 ----a-w- c:\windows\system32\TUProgSt.exe 2009-06-19 07:42 . 2008-11-12 14:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll 2009-06-19 07:42 . 2009-06-19 07:42 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-06-19 07:42 . 2009-06-19 07:42 -------- d-----w- c:\documents and settings\Rasa\Application Data\TuneUp Software 2009-06-19 07:40 . 2009-06-19 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-06-19 07:40 . 2009-06-19 07:42 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-06-19 07:39 . 2009-06-19 07:39 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-06-19 07:35 . 2009-06-19 07:35 -------- d-----w- c:\documents and settings\Rasa\Local Settings\Application Data\ACD Systems 2009-06-19 07:28 . 2009-06-19 07:28 -------- d-----w- c:\program files\Yahoo! 2009-06-19 07:27 . 2009-06-19 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems 2009-06-19 07:26 . 2009-06-19 07:26 -------- d-----w- c:\program files\ACD Systems 2009-06-19 05:17 . 2002-05-27 11:37 233525 ------w- c:\windows\system32\isutil.dll 2009-06-19 05:17 . 2002-05-27 11:37 90112 ------w- c:\windows\apptune.exe 2009-06-19 05:17 . 2002-05-27 11:37 36864 ------w- c:\windows\system32\zpppcl.dll 2009-06-19 05:17 . 2002-05-27 11:37 1953792 ------w- c:\windows\system32\pcldll6l.dll 2009-06-19 05:17 . 2002-05-27 11:37 45056 ------w- c:\windows\system32\zpp.dll 2009-06-19 05:17 . 2002-05-27 11:37 151552 ------w- c:\windows\system32\SDhp1000.DLL 2009-06-19 05:17 . 2009-06-19 05:17 -------- d-----w- c:\program files\hp LaserJet 1000 2009-06-19 05:16 . 2009-06-19 05:16 32768 ----a-w- c:\windows\closewnd.exe 2009-06-18 21:41 . 2009-06-18 21:41 -------- d-----w- c:\documents and settings\Rasa\Local Settings\Application Data\GHISLER 2009-06-18 20:46 . 2009-06-18 20:46 -------- d-----w- c:\documents and settings\Rasa\Local Settings\Application Data\ESET 2009-06-16 21:38 . 2009-06-16 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2009-06-16 21:24 . 2006-03-20 07:32 30336 ----a-w- c:\windows\system32\drivers\glauiad.sys 2009-06-16 21:24 . 2005-08-22 09:22 38400 ----a-w- c:\windows\system32\CoInst.dll 2009-06-16 21:24 . 2009-06-16 21:24 -------- d-----w- c:\program files\MT882 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-21 17:20 . 2007-03-30 23:36 -------- d--h--r- c:\documents and settings\Rasa\Application Data\yahoo! 2009-06-19 19:58 . 2006-02-24 14:21 51952 -c--a-w- c:\documents and settings\Rasa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-19 16:37 . 2006-02-24 16:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-19 16:17 . 2006-02-24 16:30 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-19 07:27 . 2006-02-24 16:39 -------- d-----w- c:\program files\Common Files\ACD Systems 2009-06-16 21:49 . 2008-03-05 20:08 -------- d-----w- c:\program files\ESET 2009-06-08 08:44 . 2007-03-01 08:11 -------- d-----w- c:\program files\SWiSH v2.0 2009-06-08 08:43 . 2007-12-01 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-05-14 13:49 . 2009-05-14 13:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys 2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640] "Custom System Service"="c:\windows\SERVICE\SERVICE.EXE" [2007-07-08 86016] "Windows Dynamic Library Cache"="dllcache.exe" - c:\windows\dllcache.exe [2009-06-21 56370] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [19.6.2009 9:42 603904] R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [16.6.2009 23:24 30336] S3 FGUARD32;FGUARD32;\??\c:\program files\Folder Guard XP\FGUARD32.SYS --> c:\program files\Folder Guard XP\FGUARD32.SYS [?] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [7.10.2005 12:45 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [7.10.2005 12:46 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [7.10.2005 12:46 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [7.10.2005 12:47 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [7.10.2005 12:48 83344] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-06-22 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 14:28] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Device Detector - DevDetect.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: krstarica.com\www FF - ProfilePath - ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-06-22 20:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-06-22 20:21 ComboFix-quarantined-files.txt 2009-06-22 18:21 Pre-Run: 8.573.169.664 bytes free Post-Run: 8.581.779.456 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 195 --- E O F --- 2008-08-22 05:52

Profil

argus Poslao: 22 Jun 2009 21:49 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ajmo ovako, ukljuci prikaz skrivenih fajlova i foldera. Prikaz skrivenih fajlova i foldera Windows XP 1. Klikni Start taster (u levom donjem uglu). 2. Izaberi My Computer. 3. Selektuj Tools meni i klikni na Folder Options. 4. Selektuj View na vrhu, unutar Hidden files and folders grupe selektuj Show hidden files and folders. 5. Skini kvacicu sa Hide file extensions for known types. 6. Skini kvacicu sa Hide protected operating system files (recommended). 7. Klikni YES. 8. Klikni OK. Pronadji i posalji mi sledece fajlove preko ovog linka http://www.mycity.rs/ambulanta-upload.php Fajlovi: c:\windows\dllcache.exe c:\windows\OEMDEL.EXE c:\windows\DEVCON.X64.EXE c:\windows\DEVCON.X86.EXE Takodje posalji mi sve fajlove koji se nalaze u ovom folderu: c:\windows\SERVICE

Profil

Zelezni Poslao: 22 Jun 2009 22:54 Idi na vrh
offline Zelezni Građanin Pridružio: 08 Apr 2009 Poruke: 57 Gde živiš: Indjija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uspesno sam uplodovao fajlove koje ste trazili osim DLLCACHC.EXE koji nisam nasao u c:/Windows

Profil

bobby Poslao: 22 Jun 2009 22:56 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Samo je c:\windows\OEMDEL.EXE uploadovan.

Profil

Zelezni Poslao: 22 Jun 2009 23:36 Idi na vrh
offline Zelezni Građanin Pridružio: 08 Apr 2009 Poruke: 57 Gde živiš: Indjija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 22 Jun 2009 23:10 Uspesno sam uplodovao fajlove koje ste trazili osim DLLCACHC.EXE koji nisam nasao u c:/Windows Dopuna: 22 Jun 2009 23:36 NOD32 Antivirus 4 nije za sad nasao virus u Operatinoj memoriji, mozdciscen? Scan Log Version of virus signature database: 4083 (20090518-) Date: 22.6.2009 Time: 23:34:00 Scanned disks, folders and files: Operating memory Number of scanned objects: 312 Number of threats found: 0 Time of completion: 23:34:23 Total scanning time: 23 sec (00:00:23)

Profil

bobby Poslao: 22 Jun 2009 23:45 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Posto vidim da cekas, a argus je izgleda vec posao na spavanjac, evo ti sledeceg koraka: Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\dllcache.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Dynamic Library Cache"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Agent.Trojan.ORG

Ko je trenutno na forumu

Ukupno su 1088 korisnika na forumu :: 32 registrovanih, 4 sakrivenih i 1052 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, _Rade, A.R.Chafee.Jr., amaterSRB, babaroga, banebeograd, bufanje, Djokislav, Dorcolac, draganl, esx66, FileFinder, FOX, gomago, havoc995, hyla, kolle.the.kid, Kubovac, Lucije Kvint, mrav pesadinac, Nemanja.M, Neutral-M, Niko Bitan, raykan, Romibrat, stalja, Tila Painen, tmanda323, VJ, x9, zafon031, Žoržo

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by