MyCity » Ambulanta -> Arhiva Ambulante » [bobby] Pomoć u vezi loga - 7322.com problem

[bobby] Pomoć u vezi loga - 7322.com problem

Napisano na dan: 22.4.2008

Strana:
1
2
3

[bobby] Pomoć u vezi loga - 7322.com problem

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

doida Poslao: 22 Apr 2008 11:18 Idi na vrh
offline doida Novi MyCity građanin Pridružio: 22 Apr 2008 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 14:22:44, on 21.4.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\MSEB\smss.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Documents and Settings\ljiljar\Desktop\Terminator.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.zhaodao123.com/?h R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.200.15:8080 R3 - URLSearchHook: SrchspHook Class - {22F86F33-9CBB-49a8-BB12-CDBE51B4C294} - C:\PROGRA~1\OCINS\srchsp.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush1.dll (file missing) O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll O2 - BHO: Invoke Class - {42A3A616-FF3C-4713-A5C2-4F1B566CEF51} - C:\WINDOWS\system32\9fb1.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Browser Security Objects - {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\mcmRsJOnmJ.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PictureShow] "C:\Program Files\PictureShow\poco_tools.exe" -p PictureShow O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ò×È¤¹ºÎï - C:\Program Files\AD4All\link1\eachlink.htm O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: N»CdR´NôRÖÉçÇr - {7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} - http://www.yiqilai.com (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: N×C¤asÎd - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=824 (file missing) O9 - Extra 'Tools' menuitem: N×C¤asÎd - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=824 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{A53B441B-F17B-44B8-B8B3-B59503493DB5}: NameServer = 192.168.200.15,195.66.160.1,195.66.160.2 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: 597EB - Unknown owner - C:\WINDOWS\system32\597EB.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: ms_2fax - Unknown owner - C:\WINDOWS\system32\fb481.exe (file missing) O23 - Service: Windows Management PrintSystem (spoo1sv) - Unknown owner - spoo1sv.exe (file missing) O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing) O23 - Service: N»CdR´NôRÖÖúEÖ (Yiqilai) - Unknown owner - C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe (file missing) Molim za pomoć u vezi loga koji vam šaljem. Problem je preusmeravanje na www.7322.com adresu.

Profil

helen1 Poslao: 22 Apr 2008 15:05 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Boga mi si se dobro zarazila. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

doida Poslao: 22 Apr 2008 15:38 Idi na vrh
offline doida Novi MyCity građanin Pridružio: 22 Apr 2008 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nadam se da ćemo nešto uraditi. ComboFix 08-04-20.5 - ljiljar 2008-04-22 15:21:21.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.164 [GMT 2:00] Running from: C:\Documents and Settings\ljiljar\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\microsoft\office\system C:\Documents and Settings\All Users\Application Data\microsoft\office\system\finder.dll C:\Documents and Settings\All Users\Application Data\microsoft\office\system\ntptdb.sys C:\Documents and Settings\All Users\Application Data\microsoft\office\userdata C:\Documents and Settings\All Users\Application Data\microsoft\office\userdata\ lottery.sina lottery C:\Documents and Settings\All Users\Application Data\microsoft\office\userdata\_keepfile C:\Documents and Settings\All Users\Application Data\microsoft\office\userdata\øÖ· sina C:\Documents and Settings\All Users\Application Data\microsoft\office\userdata\eyword C:\Documents and Settings\All Users\Application Data\microsoft\office\userdata\mcmRsJOnmJ.dll C:\Documents and Settings\All Users\Application Data\microsoft\pctools C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll C:\Documents and Settings\All Users\Application Data\t C:\Documents and Settings\All Users\Application Data\t\a2001.dat C:\Documents and Settings\All Users\Application Data\t\b2001.dat C:\Documents and Settings\All Users\Application Data\t\k2001.dat C:\Documents and Settings\All Users\Application Data\t\p2001.dat C:\Documents and Settings\All Users\Application Data\t\r2001.dat C:\Documents and Settings\All Users\Application Data\td C:\Documents and Settings\All Users\Application Data\td\a1003.dat C:\Documents and Settings\All Users\Application Data\td\b1003.dat C:\Documents and Settings\All Users\Application Data\td\k1003.dat C:\Documents and Settings\All Users\Application Data\td\p1003.dat C:\Documents and Settings\All Users\Application Data\td\r1003.dat C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\_inifid C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\_inimac C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\_loaderfiletime2 C:\Documents and Settings\ljiljar\Favorites\Ò»ÆðÀ´ÒôÀÖÉçÇø.url C:\Documents and Settings\ljiljar\Favorites\4bb6~1.lnk C:\Documents and Settings\ljiljar\icsetup.exe C:\Documents and Settings\ljiljar\Local Settings\Temporary Internet Files\__utipkdzbjipgk C:\Documents and Settings\ljiljar\Local Settings\Temporary Internet Files\_inifid C:\Documents and Settings\ljiljar\Local Settings\Temporary Internet Files\_inifiletime3 C:\Documents and Settings\ljiljar\Local Settings\Temporary Internet Files\_inimac C:\Documents and Settings\ljiljar\Local Settings\Temporary Internet Files\_loaderfiletime2 C:\Documents and Settings\ljiljar\Local Settings\Temporary Internet Files\_rtiwcitljgh3 C:\Documents and Settings\ljiljar\ravmonlog C:\Program Files\ad4all C:\Program Files\ad4all\Install.exe C:\Program Files\ad4all\install.ini C:\Program Files\ad4all\link1\eachlink.htm C:\Program Files\ad4all\link1\eachlink.ico C:\Program Files\ad4all\link1\ebaylink.ico C:\Program Files\ad4all\link1\install.ini C:\Program Files\ad4all\link1\Thumbs.db C:\Program Files\Common Files\cpush C:\Program Files\Common Files\cpush\Uninst.exe C:\Program Files\OCINS C:\Program Files\OCINS\ocinfo.dat C:\Program Files\OCINS\srchsp.dll C:\Program Files\Yiqilai C:\Program Files\Yiqilai\html\default.html C:\Program Files\Yiqilai\html\default.jpg C:\Program Files\Yiqilai\html\mini.html C:\Program Files\Yiqilai\wmp\_inifid C:\Program Files\Yiqilai\wmp\_inimac C:\Program Files\Yiqilai\wmp\_keepfile C:\Program Files\Yiqilai\wmp\icon2.ico C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.dll C:\WINDOWS\KB611311.log C:\WINDOWS\ocinfo.dat C:\WINDOWS\system32\d3d1caps.srg C:\WINDOWS\system32\drivers\chl4.sys C:\WINDOWS\system32\drivers\iexa4.sys C:\WINDOWS\system32\drivers\mxdispdr.sys C:\WINDOWS\system32\mprmsgse.axz C:\WINDOWS\system32\mscpx32r.det C:\WINDOWS\system32\mstacim.sig C:\WINDOWS\system32\sysloader.dll C:\WINDOWS\TEMP\~my1.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ACPIDISK -------\Legacy_CNPROV -------\Legacy_MS_2FAX -------\Legacy_MXDISPDR -------\Legacy_SYSLOADER -------\Legacy_YIQILAI -------\Service_ms_2fax -------\Service_mxdispdr -------\Service_sysloader -------\Service_Yiqilai -------\Legacy_chl4 -------\Legacy_iexa4 -------\Legacy_ntptdb -------\Service_chl4 -------\Service_iexa4 -------\Service_ntptdb ((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))) . 2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\kav 2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-16 10:49 . 2008-04-22 15:25 2,048,288 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-16 10:49 . 2008-04-22 15:24 28,484 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-16 10:49 . 2008-04-22 15:25 20,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-16 10:49 . 2008-04-22 15:24 2,876 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-22 13:24 3,145,728 ---ha-w C:\Documents and Settings\ljiljar\NTUSER.DAT 2008-03-19 08:49 --------- d--h--w C:\Program Files\Zenographics 2008-03-19 08:49 --------- d-----w C:\Program Files\Hewlett-Packard 2008-03-05 11:00 --------- d-----w C:\Documents and Settings\ljiljar\Application Data\Wildfire 2007-11-09 11:15 212,291 ----a-w C:\Documents and Settings\ljiljar\sdd.exe 2007-09-14 15:27 188,416 ----a-w C:\Documents and Settings\ljiljar\tsp.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42A3A616-FF3C-4713-A5C2-4F1B566CEF51}] C:\WINDOWS\system32\9fb1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "PictureShow"="C:\Program Files\PictureShow\poco_tools.exe" [2007-11-01 13:38 97616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-04 22:05 344064] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09 139367] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-05-30 15:38:51 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "srhg"= rundll32 "C:\WINDOWS\Downlo~1\srhg.dll",Run [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\PictureShow\\poco_tools.exe"= "C:\\Program Files\\PictureShow\\update.exe"= "C:\\Program Files\\PictureShow\\PictureShow.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17150:TCP"= 17150:TCP:NortonAV "17938:TCP"= 17938:TCP:NortonAV "15839:TCP"= 15839:TCP:NortonAV "15416:TCP"= 15416:TCP:NortonAV "16957:TCP"= 16957:TCP:NortonAV "14103:TCP"= 14103:TCP:NortonAV "18883:TCP"= 18883:TCP:NortonAV "18284:TCP"= 18284:TCP:NortonAV "12677:TCP"= 12677:TCP:NortonAV "13044:TCP"= 13044:TCP:NortonAV "16042:TCP"= 16042:TCP:NortonAV "15202:TCP"= 15202:TCP:NortonAV "18497:TCP"= 18497:TCP:NortonAV "12454:TCP"= 12454:TCP:NortonAV "14164:TCP"= 14164:TCP:NortonAV "15087:TCP"= 15087:TCP:NortonAV "15495:TCP"= 15495:TCP:NortonAV "16515:TCP"= 16515:TCP:NortonAV "18960:TCP"= 18960:TCP:NortonAV "13052:TCP"= 13052:TCP:NortonAV "12118:TCP"= 12118:TCP:NortonAV "14698:TCP"= 14698:TCP:NortonAV "16633:TCP"= 16633:TCP:NortonAV S2 597EB;597EB;C:\WINDOWS\system32\597EB.exe [2008-02-21 12:01] . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-04-22 15:26:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-04-22 15:27:30 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-22 13:27:25 Pre-Run: 68,023,140,352 bytes free Post-Run: 68,451,627,008 bytes free 199 --- E O F --- 2007-11-14 14:58:20

Profil

helen1 Poslao: 22 Apr 2008 17:33 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj sledece fajlove: C:\Documents and Settings\ljiljar\sdd.exe C:\Documents and Settings\ljiljar\tsp.exe preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

Profil

doida Poslao: 23 Apr 2008 09:06 Idi na vrh
offline doida Novi MyCity građanin Pridružio: 22 Apr 2008 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala na pomoći. I to sam završila. Izvinjavam se zbog kašnjenja, reč je o računaru na poslu pa me nema posle 16h. Pozdrav

Profil

helen1 Poslao: 23 Apr 2008 17:27 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\Downlo~1\srhg.dll C:\WINDOWS\system32\9fb1.dll C:\Documents and Settings\ljiljar\sdd.exe C:\Documents and Settings\ljiljar\tsp.exe C:\WINDOWS\system32\597EB.exe Folder:: C:\Program Files\PictureShow Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "srhg"=- [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42A3A616-FF3C-4713-A5C2-4F1B566CEF51}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PictureShow"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\PictureShow\\poco_tools.exe"=- "C:\\Program Files\\PictureShow\\update.exe"=- "C:\\Program Files\\PictureShow\\PictureShow.exe"=- Driver:: 597EB Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

doida Poslao: 24 Apr 2008 10:09 Idi na vrh
offline doida Novi MyCity građanin Pridružio: 22 Apr 2008 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo, stiže novi log. Preusmeravanje je i dalje prisutno. Hvala na pomoći. Pozdrav ComboFix 08-04-20.5 - ljiljar 2008-04-24 9:45:43.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.160 [GMT 2:00] Running from: C:\Documents and Settings\ljiljar\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\ljiljar\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Documents and Settings\ljiljar\sdd.exe C:\Documents and Settings\ljiljar\tsp.exe C:\WINDOWS\Downlo~1\srhg.dll C:\WINDOWS\system32\597EB.exe C:\WINDOWS\system32\9fb1.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\ljiljar\sdd.exe C:\Documents and Settings\ljiljar\tsp.exe C:\Program Files\PictureShow C:\Program Files\PictureShow\config.ini C:\Program Files\PictureShow\FileExt.inf C:\Program Files\PictureShow\PictureShow.exe C:\Program Files\PictureShow\poco_tools.exe C:\Program Files\PictureShow\temp\script.ini C:\Program Files\PictureShow\Uninstall.exe C:\Program Files\PictureShow\update.exe C:\WINDOWS\system32\597EB.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_597EB -------\Service_597EB ((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))) . 2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\kav 2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-16 10:49 . 2008-04-24 09:49 2,281,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-16 10:49 . 2008-04-24 09:47 31,604 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-16 10:49 . 2008-04-24 09:48 25,888 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-16 10:49 . 2008-04-24 09:47 3,452 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-24 07:47 3,145,728 ---ha-w C:\Documents and Settings\ljiljar\NTUSER.DAT 2008-03-19 08:49 --------- d--h--w C:\Program Files\Zenographics 2008-03-19 08:49 --------- d-----w C:\Program Files\Hewlett-Packard 2008-03-05 11:00 --------- d-----w C:\Documents and Settings\ljiljar\Application Data\Wildfire . ((((((((((((((((((((((((((((( snapshot@2008-04-22_15.27.10.06 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-22 13:25:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-24 07:48:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-04-22 13:25:47 94,208 ---h--w C:\WINDOWS\system32\A7008.exe + 2008-04-24 06:15:35 94,208 ---h--w C:\WINDOWS\system32\A7008.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-04 22:05 344064] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09 139367] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-05-30 15:38:51 118784] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17150:TCP"= 17150:TCP:NortonAV "17938:TCP"= 17938:TCP:NortonAV "15839:TCP"= 15839:TCP:NortonAV "15416:TCP"= 15416:TCP:NortonAV "16957:TCP"= 16957:TCP:NortonAV "14103:TCP"= 14103:TCP:NortonAV "18883:TCP"= 18883:TCP:NortonAV "18284:TCP"= 18284:TCP:NortonAV "12677:TCP"= 12677:TCP:NortonAV "13044:TCP"= 13044:TCP:NortonAV "16042:TCP"= 16042:TCP:NortonAV "15202:TCP"= 15202:TCP:NortonAV "18497:TCP"= 18497:TCP:NortonAV "12454:TCP"= 12454:TCP:NortonAV "14164:TCP"= 14164:TCP:NortonAV "15087:TCP"= 15087:TCP:NortonAV "15495:TCP"= 15495:TCP:NortonAV "16515:TCP"= 16515:TCP:NortonAV "18960:TCP"= 18960:TCP:NortonAV "13052:TCP"= 13052:TCP:NortonAV "12118:TCP"= 12118:TCP:NortonAV "14698:TCP"= 14698:TCP:NortonAV "16633:TCP"= 16633:TCP:NortonAV . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-04-24 09:49:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-04-24 9:50:28 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-24 07:50:23 ComboFix2.txt 2008-04-22 13:27:30 Pre-Run: 68,801,781,760 bytes free Post-Run: 68,794,372,096 bytes free 131 --- E O F --- 2007-11-14 14:58:20

Profil

helen1 Poslao: 25 Apr 2008 17:20 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mozes li da das link na koji te preusmeri? Ili jos bolje, da postavis screenshot sajta na koji te prusmeri.

Profil

doida Poslao: 05 Maj 2008 15:23 Idi na vrh
offline doida Novi MyCity građanin Pridružio: 22 Apr 2008 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png Izvinjavam se što se ranije nisam javljala, malo smo praznovali Link je 7322.com/?d, a lika ekrana se nalazi u prikačenom fajlu. Hvala i pozdrav.

Profil

helen1 Poslao: 05 Maj 2008 22:04 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo daljih uputstva: Klikni Start dole levo. Izaberi My Computer Selektuj Tools meni i klikni na Folder Options. Selektuj View na vrhu, unutar Hidden files and folders grupe selektuj Show hidden files and folders. Skini kvacicu sa Hide protected operating system files (recommended) Klikni YES Klikni OK ----------------------- Kad to uradis uploaduj mi sledeci fajl na proveru: C:\WINDOWS\system32\A7008.exe preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php ----------------------------- Kad i to zavrsis onda uradi ovo: Skeniraj komp sa GMER-om i postavi log da proverimo da nema nekih rootkitova... Uradi sledeće: Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard. Otvori Notepad, desni klik i Paste, sacuvaj log na Desktop i prikaci ga uz poruku na forum(opcija: prikaci fajl).

Profil

MyCity » Ambulanta -> Arhiva Ambulante » [bobby] Pomoć u vezi loga - 7322.com problem

Ko je trenutno na forumu

Ukupno su 989 korisnika na forumu :: 34 registrovanih, 4 sakrivenih i 951 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Bane san, Boskovic, Bubimir, cifra, cikadeda, Djokislav, djuradj, Doca, Dorcolac, dozorni, dule10savic, Haris, kikisp, kinez88, Klecaviks, Lazarus, LUDI, mane123, MiG-29M2, Miki01, Millennium, Ognjen27, PEGIN, pein, perko91, platana., prle122, Regrut Boskica, SR-3m, theNedjeljko, VJ, Vlada1389, ZetaMan

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by