MyCity » Ambulanta -> Arhiva Ambulante » Zarazen racunar, Hijackthis nece da se pokrene...

Zarazen racunar, Hijackthis nece da se pokrene...

Napisano na dan: 30.11.2008

Zarazen racunar, Hijackthis nece da se pokrene...

Sledeća strana

Pagination

Odgovori

snoop Poslao: 30 Nov 2008 01:24 Idi na vrh
offline snoop Genghis Khan Pridružio: 18 Apr 2003 Poruke: 8134 Gde živiš: U kesici gumenih bombona...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zvao me drug. Komp mu pored sata izbacuje baloon tooltip koji mu govori da mu je komp zarazen, a kada klikne na taj tooltip, sa Interneta skida neki program. Elem, ja sam bio tamo i doneo Hijackthis, instalacija je prosla, ali nazalost nisam mogao da ga pokrenem. Jel postoji neki nacin da pokrenem Hijack ili mozda neki drugi program kojim bih ocistio komp?

Profil

bobby Poslao: 30 Nov 2008 01:29 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Promeni ime exe fajla HijackThisa, kao i ime foldera u koji si ga instalirao. Promeni u nesto sto ne asocira na HijackThis. Dopuna: 30 Nov 2008 1:29 Da se ne bi puno setao, uradi odmah i sledece: Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati. Isto, ukoliko nece da se pokrene - menjaj ime exe fajlu. Mozda je najbolje da ga promenis jos u Save dijalogu kada ga skidas.

Profil

snoop Poslao: 30 Nov 2008 20:20 Idi na vrh
offline snoop Genghis Khan Pridružio: 18 Apr 2003 Poruke: 8134 Gde živiš: U kesici gumenih bombona...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Promenio sam ime (fajla, ime foldera nisam dirao), ali se i dalje nije hteo pokrenuti. Probacu sa promenom imena u Save dijalogu. Dopuna: 30 Nov 2008 20:02 Evo me sa hjt i combofix logom. Doneo sam od mene oba progija sa izmenjenim imenima, pa su se pokrenuli. Onaj baloon tooltip se vise ne prikazuje. Evo logova: Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:37:27, on 30.11.2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\urmyhero\hero.exe O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c5.cab O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c8.....c06cc46aff O20 - AppInit_DLLs: karna.dat O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing) O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - ckds16.dll (file missing) O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 3726 bytes ComboFix: ComboFix 08-11-29.03 - Administrator 2008-11-30 18:43:11.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.97 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\h.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - svchost.exe: deleted 68 bytes in 1 streams. ADS - ntoskrnl.exe: deleted 68 bytes in 1 streams. ADS - explorer.exe: deleted 132 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Administrator.exe c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\exybades._sy c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\itanom.pif c:\documents and settings\Administrator\My Documents\Veterina\Sudska vet.med\sudska 4\Desktop_.ini c:\documents and settings\Administrator\My Documents\Veterina\Sudska vet.med\sudska 5\Desktop_.ini c:\program files\AntiSpywareXP2009 c:\program files\AntiSpywareXP2009\Uninstall.exe c:\program files\Microsoft Common c:\program files\Microsoft Common\wuauclt.exe c:\windows\brastk.exe c:\windows\karna.dat c:\windows\system32\_scui.cpl c:\windows\system32\brastk.exe c:\windows\system32\DelSelf.bat c:\windows\system32\dllcache\beep.sys c:\windows\system32\drivers\Winim15.sys c:\windows\system32\drivers\Winuy26.sys c:\windows\system32\karna.dat c:\windows\system32\rs32net.exe c:\windows\system32\sft.res c:\windows\system32\sn.txt c:\windows\system32\sxmg4.dll c:\windows\system32\WinCtrl32.dll c:\windows\system32\wini10603.exe F:\autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINUY26 -------\Service_Winim15 -------\Service_Winuy26 ((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 ))))))))))))))))))))))))))))))) . 2008-11-30 18:36 . 2008-11-30 18:37 <DIR> d-------- c:\program files\urmyhero 2008-11-29 19:42 . 2008-11-29 19:42 33,792 --a------ c:\windows\system32\ckds16.dll 2008-11-07 14:32 . 2008-11-07 14:32 91,492 --a------ c:\windows\system32\drivers\klin.dat 2008-11-07 14:32 . 2008-11-07 14:32 85,860 --a------ c:\windows\system32\drivers\klick.dat 2008-11-07 14:31 . 2008-11-07 14:31 <DIR> d-------- c:\program files\Kaspersky Lab 2008-11-07 14:31 . 2008-11-07 14:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-11-07 14:31 . 2008-11-30 18:57 1,636,384 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-11-07 14:31 . 2008-11-30 18:55 20,204 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-11-07 14:31 . 2008-11-30 18:56 12,064 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2008-11-07 14:31 . 2008-11-30 18:55 2,132 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2008-11-07 14:30 . 2008-11-07 14:30 <DIR> d-------- C:\kav 2008-11-07 14:29 . 2008-11-07 14:30 <DIR> d-------- c:\program files\Kasperski 2008-10-30 20:53 . 2008-10-30 20:53 19,344 --a------ c:\windows\acyjujox.vbs 2008-10-30 20:53 . 2008-10-30 20:53 17,988 --a------ c:\windows\system32\zusivy.pif 2008-10-30 20:53 . 2008-10-30 20:53 17,975 --a------ c:\program files\Common Files\fesisoril.sys 2008-10-30 20:53 . 2008-10-30 20:53 17,739 --a------ c:\windows\akyfujecoh.ban 2008-10-30 20:53 . 2008-10-30 20:53 16,549 --a------ c:\documents and settings\All Users\Application Data\eguwywilo.dat 2008-10-30 20:53 . 2008-10-30 20:53 15,546 --a------ c:\windows\moby.db 2008-10-30 20:53 . 2008-10-30 20:53 15,296 --a------ c:\documents and settings\All Users\Application Data\ynobam.bin 2008-10-30 20:53 . 2008-10-30 20:53 14,785 --a------ c:\program files\Common Files\ugyg.dll 2008-10-30 20:53 . 2008-10-30 20:53 14,560 --a------ c:\documents and settings\All Users\Application Data\vizoloxyv.bin 2008-10-30 20:53 . 2008-10-30 20:53 13,569 --a------ c:\program files\Common Files\seweq.vbs 2008-10-30 20:53 . 2008-10-30 20:53 13,455 --a------ c:\windows\system32\olyrejusyk._sy 2008-10-30 20:53 . 2008-10-30 20:53 12,330 --a------ c:\documents and settings\Administrator\Application Data\ytici.dll 2008-10-30 20:53 . 2008-10-30 20:53 11,896 --a------ c:\windows\enifyhon.com 2008-10-30 20:53 . 2008-10-30 20:53 11,654 --a------ c:\windows\omokerify.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-29 18:27 --------- d-----w c:\program files\Andrex Puppy 2008-11-29 18:27 --------- d-----w c:\documents and settings\Administrator\Application Data\Andrex Puppy 2008-11-29 18:21 --------- d-----w c:\program files\Trend Micro 2008-10-30 19:53 16,550 ----a-w c:\program files\Common Files\asel._dl 2006-03-24 21:49 134,448 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT 2006-02-13 16:42 2,777,088 ----a-w c:\program files\FoxitReader.exe 1998-04-26 23:00 570,128 ----a-w c:\program files\DAO350.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-29 13312] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region-Free\DVDShell.dll" [2002-10-29 40960] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= ir41_32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GStartup.lnk backup=c:\windows\pss\GStartup.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Andrex Puppy] --a------ 2003-01-08 13:35 771264 c:\program files\Andrex Puppy\Andrex Puppy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] --a------ 2007-12-18 00:43 227856 c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL] --a------ 2002-11-02 07:33 45056 c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys] --a------ 2004-06-29 23:24 90112 c:\program files\Common Files\CMEII\CMESys.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2002-08-29 03:41 13312 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery] --a------ 2003-05-21 17:37 229437 c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] --a------ 2003-10-23 18:51 233472 c:\program files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2003-06-25 10:24 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a------ 2003-09-01 12:42 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] -ra------ 2003-07-28 08:19 4841472 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2005-05-16 18:56 77824 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE] --------- 2002-02-04 22:32 53248 c:\program files\REGSHAVE\REGSHAVE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] --a------ 2002-10-11 17:26 98304 c:\program files\Analog Devices\SoundMAX\SMTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] -ra------ 2003-07-28 08:19 323584 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -ra------ 2003-08-15 08:34 57344 c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\System32\DRIVERS\IntelH51.sys [2007-08-07 469935] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\System32\DRIVERS\klim5.sys [2007-12-13 24592] R3 msloop;Microsoft Loopback Adapter Driver;c:\windows\System32\DRIVERS\loop.sys [2005-07-25 4992] S4 hpt3xx;hpt3xx; [] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A744F16C-B2D5-4138-81A2-085CDFCDE83A}] rundll32 ckds16.dll,InitModule . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Administrator - c:\documents and settings\Administrator\Administrator.exe MSConfigStartUp-AMP Agent - c:\program files\Common Files\ARS Company\Agent\Agent.exe MSConfigStartUp-AntiSpywareXP 2009 - c:\program files\AntiSpywareXP2009\AntiSpywareXP2009.exe MSConfigStartUp-rs32net - c:\windows\System32\rs32net.exe MSConfigStartUp-usbn - c:\windows\system32\usbn.exe MSConfigStartUp-brastk - brastk.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: Download &all with DAP - c:\progra~1\DAP\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm - Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd O16 -: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab c:\windows\Downloaded Program Files\start.INF O16 -: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab c:\windows\Downloaded Program Files\eied.inf . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-30 18:56:45 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(832) c:\windows\System32\ODBC32.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\windows\System32\klogon.dll - - - - - - - > 'lsass.exe'(888-) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll c:\windows\System32\dssenh.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe . ************************************************************************ . Completion time: 2008-11-30 19:01:29 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-30 18:01:25 Pre-Run: 26.701.520.896 bytes free Post-Run: 27,002,081,280 bytes free 211 Dopuna: 30 Nov 2008 20:20 Zaboravih napisati. Video sam da ima SP1, pa sam mu rekao da ne ide na net dok mu ne instaliram SP2, sto bi trebalo biti sutra.

Profil

bobby Poslao: 30 Nov 2008 20:51 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\ckds16.dll c:\program files\Common Files\asel._dl c:\windows\acyjujox.vbs c:\windows\system32\zusivy.pif c:\program files\Common Files\fesisoril.sys c:\windows\akyfujecoh.ban c:\documents and settings\All Users\Application Data\eguwywilo.dat c:\windows\moby.db c:\documents and settings\All Users\Application Data\ynobam.bin c:\program files\Common Files\ugyg.dll c:\documents and settings\All Users\Application Data\vizoloxyv.bin c:\program files\Common Files\seweq.vbs c:\windows\system32\olyrejusyk._sy c:\documents and settings\Administrator\Application Data\ytici.dll c:\windows\enifyhon.com c:\windows\omokerify.exe c:\eied_s7.cab c:\ex.cab c:\windows\Downloaded Program Files\eied.inf c:\windows\Downloaded Program Files\start.INF c:\program files\Common Files\CMEII\CMESys.exe Folder:: c:\program files\Common Files\CMEII Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A744F16C-B2D5-4138-81A2-085CDFCDE83A}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Interesuje me sta je sledeci program: c:\program files\Andrex Puppy Idi na www.virustotal.com i uploaduj tamo Andrex Puppy.exe, pa vidi da li je neki malware ili ne. Dopuna: 30 Nov 2008 20:51 Vundo ljudi uglavnom zaglave zbog matore verzije Jave. Kod njega ne vidim javu u logovima. Imao je jos i Gator, a to je matori malware koji dolazi sa instalacijama pojedinih programa (Kazaa recimo).

Profil

snoop Poslao: 30 Nov 2008 21:16 Idi na vrh
offline snoop Genghis Khan Pridružio: 18 Apr 2003 Poruke: 8134 Gde živiš: U kesici gumenih bombona...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Trebalo bi sutra da odem do njega, pa cemo odraditi ovaj deo. A Andex Puppy mu je aplikacija koja šeta kuče po ekranu, tako da je to clean.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Zarazen racunar, Hijackthis nece da se pokrene...

Ko je trenutno na forumu

Ukupno su 803 korisnika na forumu :: 3 registrovanih, 0 sakrivenih i 800 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: DonRumataEstorski, HrcAk47, wizzardone

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by