Možda tražite i:
Pomagajte ljudi
SVCHOST.EXE pet puta, lele braco pomagajte
Pomagajte!
pomagajte ljudi-usporen komp

MyCity » Ambulanta -> Arhiva Ambulante » Pomagajte

Pomagajte

Napisano na dan: 17.5.2007

Strana:
1
2

Pomagajte

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Gad Poslao: 17 Maj 2007 18:16 Idi na vrh
offline Gad Počasni građanin Pridružio: 19 Maj 2005 Poruke: 932	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: imam tri .exe fajla u c:/ ngfjya.exe pvdsjfp.exe xffjxlk.exe To su virusi, nemogu ih nikako izbrisati... Pogledajte sta kaspersky javlja> https://www.mycity.rs/must-login.png Pomozite, kako da se rijesim ovih napasti... Nisam mogao komp upaliti, pa sam uradio CHKDSK preko WINDOWS XP cd-a Hvala

Profil

bobby Poslao: 17 Maj 2007 20:55 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Daj HijackThis log, pa da vidimo za dalje.

Profil

Gad Poslao: 18 Maj 2007 13:51 Idi na vrh
offline Gad Počasni građanin Pridružio: 19 Maj 2005 Poruke: 932	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kako da vidim to?

Profil

bobby Poslao: 18 Maj 2007 16:16 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Procitas teme oznacene sa Vazno u ovom delu foruma.

Profil

Gad Poslao: 18 Maj 2007 16:36 Idi na vrh
offline Gad Počasni građanin Pridružio: 19 Maj 2005 Poruke: 932	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: https://www.mycity.rs/must-login.png Logfile of HijackThis v1.99.1 Scan saved at 4:37:55 PM, on 5/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Desktop\New Folder\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://paltalk.myway.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {EED92A43-CFCE-4548-BD73-B0A405470ED5} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - (no file) O2 - BHO: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - (no file) O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file) O2 - BHO: (no name) - {6FE732D5-666F-4331-94BF-5AA3DA9C0B4B} - C:\WINDOWS\system32\efccdab.dll O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {D8194FCA-B2A7-1B57-6724-903FB6D110DB} - (no file) O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file) O3 - Toolbar: (no name) - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - (no file) O3 - Toolbar: (no name) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file) O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ScanRegistry] C:\W O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D2EA53D3-C519-4C9B-9A54-ABA69A1AB7CA}: NameServer = 81.93.82.3,81.93.82.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{DBE8DFE6-B7FD-4698-8667-CE6047074303}: NameServer = 81.93.82.3,81.93.82.4 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll" O20 - Winlogon Notify: efccdab - C:\WINDOWS\SYSTEM32\efccdab.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe" --ntservice (file missing) O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe O23 - Service: MySql - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Profil

bobby Poslao: 18 Maj 2007 16:54 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vazno: pre nego sto budes dalje nesto radio sa HijackThisom, promeni ime fajl HijackThis.exe u recimo T3.exe. Ovo je vec bilo napomenuto u temi izdvojenoj sa Vazno Muko, ovo je bas zesce zarazeno. Trebace mi malo vremena dok pregledam sve ovo. Ti za to vreme skini VundoFix: http://www.atribune.org/ccount/click.php?id=4 * Dvoklikom se startuje fajl VundoFix.exe. * Izabere opcija Scan for Vundo. * Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK. * Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo. * Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes. * Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a. * Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK. * Uključi se računar i podigne sistem iznova. * Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HijackThis log u poruku na forumu.

Profil

Gad Poslao: 18 Maj 2007 17:36 Idi na vrh
offline Gad Počasni građanin Pridružio: 19 Maj 2005 Poruke: 932	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! VundoFix V6.3.23 Checking Java version... Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Scan started at 5:21:11 PM 5/18/2007 Listing files found while scanning.... C:\WINDOWS\system32\efccdab.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\efccdab.dll C:\WINDOWS\system32\efccdab.dll Has been deleted! Performing Repairs to the registry. Done! Logfile of HijackThis v1.99.1 Scan saved at 5:37:28 PM, on 5/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Desktop\New Folder\t3.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://paltalk.myway.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {EED92A43-CFCE-4548-BD73-B0A405470ED5} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - (no file) O2 - BHO: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - (no file) O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file) O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {D8194FCA-B2A7-1B57-6724-903FB6D110DB} - (no file) O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file) O3 - Toolbar: (no name) - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - (no file) O3 - Toolbar: (no name) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file) O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ScanRegistry] C:\W O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D2EA53D3-C519-4C9B-9A54-ABA69A1AB7CA}: NameServer = 81.93.82.3,81.93.82.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{DBE8DFE6-B7FD-4698-8667-CE6047074303}: NameServer = 81.93.82.3,81.93.82.4 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll" O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe" --ntservice (file missing) O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe O23 - Service: MySql - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Profil

bobby Poslao: 18 Maj 2007 17:47 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Skini sledeci program: https://www.mycity.rs/must-login.png Startuj i klikni na dugme Scan na prvom tabu. Kada zavrsi skeniranje iskopiraj mi ovde sadzaj liste koju bude napravio. Klikni i na dugme ZIP, sto ce sve skrivene fajlove da spakuje u Catchme.zip koji ce da se nalazi na Desktopu. Posalji na taj ZIP preko sledece forme: http://www.mycity.rs/ambulanta-upload.php =============================== 1) Preuzmi program SmitfraudFix sa ovog linka. 2.) Extract-uj program na desktop. (Takodje na ovaj način pripremi i program Hijack This koje će se kasnije koristiti) 3.) Restartuj računar i podigni sistem u Safe Mode-u. [ Safe Mode info link 4.) Pronadji na desktop-u folder gde si raspakovao SmitfraudFix program i dvoklikom pokreni fajl SmitfraudFix.cmd. Kada se alat za uklanjanje prvi put startuje pokazaće ti se ekran za odobrenje. Jednostavno pretisni bilo koje dugme na tastaturi da bi prešao na sledeći nivo. 5.) 6.) Program će početi sa čišćenjem kompjutera. Posle završenog čišćenja SmitfraudFix-om pokrenuće ti se Windows-ov program Disk Cleanup. Nakon sto SmitFraudFix zavrsi svoj posao, postavi nam ovde log koji se nalazi na C:\rapport.txt i svez HJT log.

Profil

Gad Poslao: 18 Maj 2007 18:50 Idi na vrh
offline Gad Počasni građanin Pridružio: 19 Maj 2005 Poruke: 932	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-18 18:29:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Mozilla\Firefox\Profiles\tbqtdaiq.default\cookies-1345.txt C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Mozilla\Firefox\Profiles\tbqtdaiq.default\sessionstore-1452.js C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Mozilla\Firefox\Profiles\tbqtdaiq.default\sessionstore-1453.js C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFD.jpg C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFE.gif C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFF.htm C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFG.gif C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFH.gif C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFI.gif C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFJ.gif C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFK.jpg C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFM.htm C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFN.jpg C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFO.htm C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFQ.htm C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFR.htm C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\temporary_download C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\thumbnails C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\dcache4.url C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr048LO.jpeg C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr048PR.jpg C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr049GC.htm C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04AE0.jpg C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04AGL.css C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04AYW.htm C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04BCM.css C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04BGQ.gif C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04BH9.js C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04CEF.gif C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04CRK.swf C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04D57.jpg C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04D8C.swf C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DAP.css C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DBB.png C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DBW.gif C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DCG.gif C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DD0.gif C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DDK.gif C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DE3.gif C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DEO.htm C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFC.htm C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\blentava_88@hotmail.com\DFSR\Staging\CS{309F11D8-7D26-216D-BDC4-8CB5F4A2A072}\01\10-{309F11D8-7D26-216D-BDC4-8CB5F4A2A072}-v1-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\crazy_lemonka@msn.com\DFSR\Staging\CS{5E9A2EE9-494D-B838-B5B4-BB89976D68B0}\01\14-{5E9A2EE9-494D-B838-B5B4-BB89976D68B0}-v1-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\crazy_lemonka@msn.com\DFSR\Staging\CS{5E9A2EE9-494D-B838-B5B4-BB89976D68B0}\14\16-{DCA23694-FAD7-4882-AB58-2C52292A04D4}-v14-{DCA23694-FAD7-4882-AB58-2C52292A04D4}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8166 bytes hidden from API C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\crazy_lemonka@msn.com\DFSR\Staging\CS{5E9A2EE9-494D-B838-B5B4-BB89976D68B0}\14\16-{DCA23694-FAD7-4882-AB58-2C52292A04D4}-v14-{DCA23694-FAD7-4882-AB58-2C52292A04D4}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 904 bytes hidden from API C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\lejlasivic@hotmail.com\DFSR\Staging\CS{A1826674-14FD-393C-3CC2-FABA32969FE4}\01\12-{A1826674-14FD-393C-3CC2-FABA32969FE4}-v1-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\lejlasivic@hotmail.com\DFSR\Staging\CS{A1826674-14FD-393C-3CC2-FABA32969FE4}\13\13-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v13-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\seky_zory@hotmail.com\DFSR\Staging\CS{F5C08AB6-2C0C-65E1-024E-F0D06ED641E1}\01\11-{F5C08AB6-2C0C-65E1-024E-F0D06ED641E1}-v1-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\zoranjanjic@hotmail.com\DFSR\Staging\CS{AA617338-76A6-03BC-A5D4-B29214F5449E}\01\15-{AA617338-76A6-03BC-A5D4-B29214F5449E}-v1-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\WINDOWS\system32:lzx32.sys 79094 bytes executable hidden from API scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 50 file zipped: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Mozilla\Firefox\Profiles\tbqtdaiq.default\cookies-1345.txt -> catchme.zip -> cookies-1345.txt ( 4879 bytes ) zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Mozilla\Firefox\Profiles\tbqtdaiq.default\sessionstore-1452.js zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Mozilla\Firefox\Profiles\tbqtdaiq.default\sessionstore-1453.js zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFD.jpg zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFE.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFF.htm zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFG.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFH.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFI.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFJ.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFK.jpg source file error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFM.htm zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFN.jpg zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFO.htm zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFQ.htm source file error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFR.htm zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\dcache4.url source file error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr048LO.jpeg zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr048PR.jpg zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr049GC.htm zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04AE0.jpg zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04AGL.css zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04AYW.htm zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04BCM.css zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04BGQ.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04BH9.js source file error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04CEF.gif source file error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04CRK.swf source file error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04D57.jpg source file error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04D8C.swf zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DAP.css zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DBB.png zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DBW.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DCG.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DD0.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DDK.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DE3.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DEO.htm zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFC.htm zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\blentava_88@hotmail.com\DFSR\Staging\CS{309F11D8-7D26-216D-BDC4-8CB5F4A2A072}\01\10-{309F11D8-7D26-216D-BDC4-8CB5F4A2A072}-v1-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\crazy_lemonka@msn.com\DFSR\Staging\CS{5E9A2EE9-494D-B838-B5B4-BB89976D68B0}\01\14-{5E9A2EE9-494D-B838-B5B4-BB89976D68B0}-v1-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\crazy_lemonka@msn.com\DFSR\Staging\CS{5E9A2EE9-494D-B838-B5B4-BB89976D68B0}\14\16-{DCA23694-FAD7-4882-AB58-2C52292A04D4}-v14-{DCA23694-FAD7-4882-AB58-2C52292A04D4}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\crazy_lemonka@msn.com\DFSR\Staging\CS{5E9A2EE9-494D-B838-B5B4-BB89976D68B0}\14\16-{DCA23694-FAD7-4882-AB58-2C52292A04D4}-v14-{DCA23694-FAD7-4882-AB58-2C52292A04D4}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\lejlasivic@hotmail.com\DFSR\Staging\CS{A1826674-14FD-393C-3CC2-FABA32969FE4}\01\12-{A1826674-14FD-393C-3CC2-FABA32969FE4}-v1-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\lejlasivic@hotmail.com\DFSR\Staging\CS{A1826674-14FD-393C-3CC2-FABA32969FE4}\13\13-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v13-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\seky_zory@hotmail.com\DFSR\Staging\CS{F5C08AB6-2C0C-65E1-024E-F0D06ED641E1}\01\11-{F5C08AB6-2C0C-65E1-024E-F0D06ED641E1}-v1-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\zoranjanjic@hotmail.com\DFSR\Staging\CS{AA617338-76A6-03BC-A5D4-B29214F5449E}\01\15-{AA617338-76A6-03BC-A5D4-B29214F5449E}-v1-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS zip error: C:\WINDOWS\system32:lzx32.sys file zipped: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Mozilla\Firefox\Profiles\tbqtdaiq.default\cookies-1345.txt -> catchme.zip -> cookies-1345.txt ( 4879 bytes ) zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Mozilla\Firefox\Profiles\tbqtdaiq.default\sessionstore-1452.js zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Mozilla\Firefox\Profiles\tbqtdaiq.default\sessionstore-1453.js zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFD.jpg zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFE.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFF.htm zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFG.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFH.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFI.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFJ.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFK.jpg source file error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFM.htm zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFN.jpg zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFO.htm zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFQ.htm source file error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFR.htm zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\dcache4.url source file error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr048LO.jpeg zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr048PR.jpg zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr049GC.htm zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04AE0.jpg zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04AGL.css zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04AYW.htm zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04BCM.css zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04BGQ.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04BH9.js source file error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04CEF.gif source file error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04CRK.swf source file error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04D57.jpg source file error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04D8C.swf zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DAP.css zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DBB.png zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DBW.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DCG.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DD0.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DDK.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DE3.gif zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DEO.htm zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Application Data\Opera\Opera 9\profile\cache4\opr04DFC.htm zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\blentava_88@hotmail.com\DFSR\Staging\CS{309F11D8-7D26-216D-BDC4-8CB5F4A2A072}\01\10-{309F11D8-7D26-216D-BDC4-8CB5F4A2A072}-v1-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\crazy_lemonka@msn.com\DFSR\Staging\CS{5E9A2EE9-494D-B838-B5B4-BB89976D68B0}\01\14-{5E9A2EE9-494D-B838-B5B4-BB89976D68B0}-v1-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\crazy_lemonka@msn.com\DFSR\Staging\CS{5E9A2EE9-494D-B838-B5B4-BB89976D68B0}\14\16-{DCA23694-FAD7-4882-AB58-2C52292A04D4}-v14-{DCA23694-FAD7-4882-AB58-2C52292A04D4}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\crazy_lemonka@msn.com\DFSR\Staging\CS{5E9A2EE9-494D-B838-B5B4-BB89976D68B0}\14\16-{DCA23694-FAD7-4882-AB58-2C52292A04D4}-v14-{DCA23694-FAD7-4882-AB58-2C52292A04D4}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\lejlasivic@hotmail.com\DFSR\Staging\CS{A1826674-14FD-393C-3CC2-FABA32969FE4}\01\12-{A1826674-14FD-393C-3CC2-FABA32969FE4}-v1-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\lejlasivic@hotmail.com\DFSR\Staging\CS{A1826674-14FD-393C-3CC2-FABA32969FE4}\13\13-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v13-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\seky_zory@hotmail.com\DFSR\Staging\CS{F5C08AB6-2C0C-65E1-024E-F0D06ED641E1}\01\11-{F5C08AB6-2C0C-65E1-024E-F0D06ED641E1}-v1-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS zip error: C:\Documents and Settings\Bojan.JANJIC-2805CFA4\Local Settings\Application Data\Microsoft\Messenger\prof.dr.bojan@hotmail.com\SharingMetadata\zoranjanjic@hotmail.com\DFSR\Staging\CS{AA617338-76A6-03BC-A5D4-B29214F5449E}\01\15-{AA617338-76A6-03BC-A5D4-B29214F5449E}-v1-{6445BC37-88B4-4420-9D47-ABBA51BD807A}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS zip error: C:\WINDOWS\system32:lzx32.sys Uploadovo sam ZIP. Nemogu uci u Safe Mode, ocitava drajvere i kada dodje do BlackDrv.sys stane i ne ide dalje.

Profil

bobby Poslao: 18 Maj 2007 19:36 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Opaa, imamo i rootkit na kompu. Da objasnim samo ovo oko Safe Moda pre nego sto krenemo dalje. Kada se BalckDrv.sys vec pojavio na spisku, to znaci da je on uspesno ucitan. Blokirao je kod sledeceg drajvera kog je trebao da ucita, a cije ime nazalost ne mozemo da vidimo. ============= prvi korak ============ Skini program GMER odavde: www.gmer.net Gore odaberi tab Rootkit Klikni na dugme Scan Kada zavrsi skeniranje klikni desno dugme na sledecu liniju: C:WINDOWS/system32:lzx32.sys Odaberi opciju Delete the service Nakon toga restartuj racunar ============ drugi korak ============= Skini ComboFix sa nekog od sledecih linkova: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Klikni "1" kada te upita. Na kraju skeniranja ce da otvori log, iskopiraj ga ovde. ============ treci korak ============= Napravi novi HijackThis log i postavi ga ovde.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pomagajte

Ko je trenutno na forumu

Ukupno su 1034 korisnika na forumu :: 36 registrovanih, 8 sakrivenih i 990 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: airsuba, babaroga, bojcistv, cikadeda, DeerHunter, DPera, dragoljub11987, Haris, Japidson, JOntra, Konda, kunktator, KUZMAR, laki_bb, lcc, mane123, mercedesamg, milenko crazy north, Milometer, Milos ZA, nazgul75, nenad81, Nikola70, novator, Povratak1912, procesor, rovac, ruseskij, saputnik plavetnila, sasa87, Sir Budimir, Srle993, stegonosa, vasa.93, voja64, wolverined4

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by