Poslao: 16 Jul 2007 15:01
|
offline
- frasi
- Novi MyCity građanin
- Pridružio: 14 Jul 2007
- Poruke: 13
|
spybot mi nadje neki torpig virus i nemoze da obrise:
c:\windows\temp\$_2341234.tmp
c:\windows\temp\$_2341233.tmp
takodje avg upozorava na neke troyan horse cim se prikljucim na net
A0091403.exe
A0091414.sys
A0091431.dll i.td.
pomagajte
Logfile of HijackThis v1.99.1
Scan saved at 10:21:07 PM, on 16/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\isarvicese4.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\slrundll.exe
C:\Documents and Settings\mario govedarica\Desktop\aawsepersonal.exe
C:\Documents and Settings\mario govedarica\Desktop\aawsepersonal.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\mario govedarica\Desktop\d\d1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SvcManager] isarvicese4.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.paramountpc.com.au
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [Link mogu videti samo ulogovani korisnici]
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DE7E8E3-6E03-4D26-9FBB-2F5D09970FF7}: NameServer = 203.194.27.57 203.194.56.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{2DE7E8E3-6E03-4D26-9FBB-2F5D09970FF7}: NameServer = 203.194.27.57 203.194.56.150
O17 - HKLM\System\CS3\Services\Tcpip\..\{2DE7E8E3-6E03-4D26-9FBB-2F5D09970FF7}: NameServer = 203.194.27.57 203.194.56.150
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
|
|
|
|
Poslao: 16 Jul 2007 17:48
|
offline
- bobby

- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Pokusaj molim te da nadjes fajl isarvicese4.exe na tvom kompu i da ga uploadujes preko sledece forme:
[Link mogu videti samo ulogovani korisnici]
Onda bih te zamolio da uradis sledece:
Iskljucivanje System Restore-a
Na Desktopu, desni klik na My Computer.
Odaberite Properties.
Odaberite System Restore tab.
Stiklirajte Turn off System Restore.
Kliknite na dugme Apply.
Kliknite na dugme OK.
Ukljucivanje System Restore-a
Na Desktopu, desni klik na My Computer.
Odaberite Properties.
Odaberite System Restore tab.
Destiklirajte Turn off System Restore.
Kliknite na dugme Apply.
Kliknite na dugme OK.
Time smo na trenutak iskljucili pa ponovo ukljucili System Restore.
To bi trebalo da te resi oni virusa koje ti AVG prijavljuje. Javi ako smo taj deo uspesno obavili, pa da vidimo za dalje.
Pitanje: koji modem koristis? Jel SmartLink ili ne?
|
|
|
|
Poslao: 17 Jul 2007 10:51
|
offline
- frasi
- Novi MyCity građanin
- Pridružio: 14 Jul 2007
- Poruke: 13
|
Ovo sam nasao preko search/for files and folders:
ISARVICES4.EXE-1F92C9C2.pf c:\windows\prefetch 67 kb pf file
isarvices4 c:\windows\ system 32 43 kb application
Neznam kako da ovo prebacim na formu za upload.
Iskljucio sam i ukljucio system restore.
Modem mi je Smartlink.
|
|
|
|
Poslao: 17 Jul 2007 19:33
|
offline
- bobby

- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Skini [url=https://www.mycity.rs/must-login.png
Startuj i klikni na Scan
Nakon zavrsenog skeniranja na Desktopu ces imati fajl catchme.log - otvori u Notepadu i iskopiraj sadrzaj u sledecu poruku.
Sada idi gore na tab Script i unesi tamo sledeci tekst:
files:
D:\WINDOWS\system32\isarvices4.exe
Klikni na Run
Na Desktopu ces imati sada catchme.log i catchme.zip
Log ponovo iskopiraj u poruku a catchme.zip uploaduj preko sledece forme:
[Link mogu videti samo ulogovani korisnici]
|
|
|
|
Poslao: 18 Jul 2007 10:13
|
offline
- frasi
- Novi MyCity građanin
- Pridružio: 14 Jul 2007
- Poruke: 13
|
catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2007-07-18 17:31:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
bobby editovao zbog duzine linija
Dopuna: 18 Jul 2007 10:05
catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2007-07-18 17:31:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
bobby editovao zbog duzine linija
scan completed successfully
hidden processes: 0
hidden files: 2
disk not found D:WINDOWS\system32\isarvices4.exe
source file error: C:WINDOWS\system32\isarvices4.exe
Dopuna: 18 Jul 2007 10:13
Napravio sam upload od catchme zip preko forme.
|
|
|
|
Poslao: 18 Jul 2007 17:12
|
offline
- bobby

- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
frasi, izvini, ali potkrala mi se greska u skriptu za Catchme koji sam ti napisao. Nista lose po tvoj komp, ali moramo da ponovimo postupak:
Znaci, startuj ponovo Catchme i klikni na Scan
Nakon zavrsenog skeniranja na Desktopu ces imati fajl catchme.log - otvori u Notepadu i iskopiraj sadrzaj u sledecu poruku.
Sada idi gore na tab Script i unesi tamo sledeci tekst:
files:
C:\WINDOWS\system32\isarvices4.exe
Klikni na Run
Na Desktopu ces imati sada catchme.log i catchme.zip
Log ponovo iskopiraj u poruku a catchme.zip uploaduj preko sledece forme:
[Link mogu videti samo ulogovani korisnici]
Izvini jos jednom na gresci i sto te maltretiram da ponovo ovo uradis.
|
|
|
|
Poslao: 19 Jul 2007 10:33
|
offline
- frasi
- Novi MyCity građanin
- Pridružio: 14 Jul 2007
- Poruke: 13
|
catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2007-07-19 18:03:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
bobby izbacio deo loga zbog duzine linija
catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2007-07-19 18:03:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
bobby izbacio deo loga zbog duzine linija
source file error: C:\WINDOWS\system32\isarvices4.exe
Daje mi nesto script completed with errors.Inace sad mi konekcija pada svako pet minuta.
|
|
|
|
Poslao: 19 Jul 2007 19:30
|
offline
- bobby

- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Hmmm...
Moracu da te uputim na Ewido Micro. Nadam se da ti 8mb downloada nije problem.
Skini Ewido micro odavde :
[Link mogu videti samo ulogovani korisnici]
Kako se radi sa Ewido micro:
- na prvom ekranu odaberi sve particije (štikliraj polja ispred njih)
- klikni na dugme Start Scan
- nakon završenog skeniranja klikni na Save Report i snimi log fajl na sigurno mesto
- klikni na Remove Infections
- iskopiraj nam ovde sadržaj log fajla koji je malopre snimljen
Nakon skeniranja sa Ewidom i postavljanja log fajla, postavi nam i svez log programa HijackThis.
|
|
|
|
Poslao: 20 Jul 2007 12:24
|
offline
- frasi
- Novi MyCity građanin
- Pridružio: 14 Jul 2007
- Poruke: 13
|
Zaboravio sam ti reci kad spybot nadje ovaj "TORPIG'' takodje nadje i ovo:
-Microsoft.WindowsSecurityCentar.AntiVirusOverride
-Microsoft.WindowsSecurityCentar.FirewallOverride
Spybot obrise sve ovo u safe modu,ali opet se pojavi kad se vratim u normalni windows. Evo ti logs od Ewido i HijackThis:__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: TrackingCookie.247realmedia
Path: :mozilla.11:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.12:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.13:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.23:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.24:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.25:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.26:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.27:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.28:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.29:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: :mozilla.30:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.35:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.36:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.37:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: :mozilla.38:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adtech
Path: :mozilla.39:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adtech
Path: :mozilla.40:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Falkag
Path: :mozilla.59:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Falkag
Path: :mozilla.60:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Falkag
Path: :mozilla.61:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Falkag
Path: :mozilla.62:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Falkag
Path: :mozilla.63:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: :mozilla.68:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.103:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Burstnet
Path: :mozilla.104:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Com
Path: :mozilla.109:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Connextra
Path: :mozilla.110:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Connextra
Path: :mozilla.111:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Sexcounter
Path: :mozilla.113:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Sexcounter
Path: :mozilla.114:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: :mozilla.131:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Hotlog
Path: :mozilla.176:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Imrworldwide
Path: :mozilla.193:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Imrworldwide
Path: :mozilla.194:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.263:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.285:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Qksrv
Path: :mozilla.301:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Qksrv
Path: :mozilla.302:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Questionmarket
Path: :mozilla.304:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Questionmarket
Path: :mozilla.305:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Real
Path: :mozilla.322:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Realmedia
Path: :mozilla.323:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Realmedia
Path: :mozilla.324:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Valuead
Path: :mozilla.329:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Valuead
Path: :mozilla.330:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Valuead
Path: :mozilla.331:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Valuead
Path: :mozilla.332:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Valuead
Path: :mozilla.333:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Revenue
Path: :mozilla.334:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: :mozilla.335:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: :mozilla.336:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: :mozilla.337:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: :mozilla.338:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.376:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.377:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.378:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.379:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.380:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: :mozilla.381:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Specificclick
Path: :mozilla.399:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Netflame
Path: :mozilla.403:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Netflame
Path: :mozilla.404:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: :mozilla.409:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: :mozilla.410:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: :mozilla.411:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: :mozilla.412:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: :mozilla.413:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tribalfusion
Path: :mozilla.418:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Weborama
Path: :mozilla.426:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yadro
Path: :mozilla.434:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.2o7
Path: :mozilla.437:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.450:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.451:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.452:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.453:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: :mozilla.454:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: :mozilla.456:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Masterstats
Path: :mozilla.532:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Sitestat
Path: :mozilla.533:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Sitestat
Path: :mozilla.534:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Burstbeacon
Path: :mozilla.548:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Paypal
Path: :mozilla.573:C:\Documents and Settings\mario govedarica\Application Data\Mozilla\Firefox\Profiles\ctol1lae.default\cookies.txt
Risk: Medium
Name: Backdoor.Hupigon
Path: C:\PROGRAMI\NERO 7.0\Nero 7.0 KeyGen.zip/Nero 7.0 KeyGen.exe
Risk: High
Logfile of HijackThis v1.99.1
Scan saved at 7:40:31 PM, on 20/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\isarvicese4.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\slrundll.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\mario govedarica\Desktop\d\d1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SvcManager] isarvicese4.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.paramountpc.com.au
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [Link mogu videti samo ulogovani korisnici]
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DE7E8E3-6E03-4D26-9FBB-2F5D09970FF7}: NameServer = 203.194.27.57 203.194.56.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{2DE7E8E3-6E03-4D26-9FBB-2F5D09970FF7}: NameServer = 203.194.27.57 203.194.56.150
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
|
|
|
|
Poslao: 20 Jul 2007 18:00
|
offline
- bobby

- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Ajmo ponovo Catchme:
Unesi sledeci script:
files:
C:\WINDOWS\system32\isarvicese4.exe i klikni Run.
Nakon toga uploaduj ponovo preko one forme Catchme.zip sa desktopa.
Ja sam se prosli put poveo onim sto si ti otkucao, a pojeo si bio jedno slovo iz imena fajla, pa sam ti otkucao pogresnu skriptu.
|
|
|
|