[ jvcdrama @ 31.05.2012. 18:00 ] @
Pozdrav,
danas sam primetio da mi je neko hakovao (?) sifru na fejsbuku. Kad sam hteo da je promenim, tj. da mi posalju "reset code" na telefon i e-mail adresu, nista od toga mi nije stiglo ni na jedno navedeno. Tako da sad ne mogu da se ulogujem. Proverio sam, uneo sam tacnu e-mail adresu i tacan broj telefona, tako da nije greska do mene. Sta ciniti? I da, pre 10-ak dana mi je hakovan g-mail, kao pisalo mi da je neko iz Angole ulogovan bio na mejl... Ali to sam lako sredio promenom sifre (doduse, stavio sam istu sifru kao na fejsbuk koji je danas hakovan).

Od zastite koristim samo Panda cloud AV i nista vise... Znam, trebam i firewall neki nemajkrosoftov, al' stedih resurse...

I interesuje me, sta ima ko mene da hakuje?? Nisam niko i nista, normaleverydayregularguy...

I evo loga hijackthis-a


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:54:37, on 31-May-12
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files (x86)\AIMP3\AIMP3.exe
C:\Users\JVC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JVC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JVC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JVC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JVC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JVC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JVC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JVC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JVC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JVC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JVC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\JVC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JVC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JVC\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_MX_Plus_Download_Version\TrayServer_en.exe
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CEDA0C6-5E91-4A5B-9EA7-3C22C718F3A7}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 7858 bytes

[Ovu poruku je menjao jvcdrama dana 31.05.2012. u 20:42 GMT+1]
[ jvcdrama @ 31.05.2012. 20:38 ] @
Evo sad sam kod drugara i kod njega mogu da se ulogujem na fejsbuk
[ Dashkes @ 31.05.2012. 21:58 ] @
Štiklirajte sledeće objekte i kliknite “Fix checked”
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CEDA0C6-5E91-4A5B-9EA7-3C22C718F3A7}: NameServer = 8.26.56.26,156.154.70.22
Posle toga restartujte računar.

• Preuzmite i instalirajte program Malwarebytes` Anti-Malware
• Pokrenite ga i izvršite update (Update > Check for Updates) i po završetku potvrdite sa OK.
• Posle update-a odaberi Scanner, oznacite Perform full scan i pritisnite Scan.
• Kada se skeniranje završi pritisnite OK, pa Show Results da vidite izveštaj.
• Proverite da li su svi pronađeni fajlovi štiklirani (ako nisu selektujte ih), pritisnite Remove Selected i potvrdite sa OK.
• Program će vas upitati da restartujes računar i vi to potvrdite.
• Takođe posle ukljanjanje malware-a sa računara dobićete log fajl (izveštaj) koji ćete iskopirati ovde.
[ jvcdrama @ 01.06.2012. 12:04 ] @
Danas sam se ulogovao na fejsbuk iz prve, pre brisanja gore pomenutog i pre skeniranja mb-om. Nije mi i dalje jasno u cemu je bio problem. Evo loga mb-a


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.01.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
JVC :: JVC-PC [administrator]

01-Jun-12 06:10:23
mbam-log-2012-06-01 (12-05-08).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 429352
Time elapsed: 44 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\System32\msvfd32.exe (Trojan.Clicker.CT) -> No action taken.
D:\Install\Fruity Loops\Pluginovi\IZotope.Trash.VST.DX.AS.RTAS.HTDM.v1.14.incl.Keygen-AiR\keygen.exe (Trojan.Agent.ck) -> No action taken.
D:\Install\Native.Instruments.Traktor.DJ.Studio.3.Cracked-DjNilo\Crack\TRAKTOR_DJ_STUDIO_3_KEYGEN.EXE (Malware.Packer.Gen) -> No action taken.

(end)
[ ekof9 @ 01.06.2012. 12:13 ] @
^
Sto nisi uklonio ove fajlove, ili bar prvi, ako keygen-e neces?
[ Aleksandar Maletic @ 01.06.2012. 12:18 ] @
@jvcdrama,
Ponovi skeniranje Malwarebytes-om. Kada se skeniranje završi, klikni na Show Result, zatim Remove Selected. Restartuj računar i malware će biti uklonjen.
Nakon toga preuzmi OSPC Privacy Cleaner Portable, proveri da li je na listi sa leve strane sve selektovano. Pokreni program, klikni na Analyze. Kada program završi sa skeniranjem klikni na Clear.
[ jvcdrama @ 01.06.2012. 12:37 ] @
Uklonio sam prvi fajl, ova 2 kigena nisam, samo sam ih zipovao. Restartovao racunar, obrisao i sa ovim OSPC-om. To je to?
[ Aleksandar Maletic @ 01.06.2012. 15:20 ] @
Da li problem i dalje postoji ili ne?
[ jvcdrama @ 01.06.2012. 15:37 ] @
Od danas ga nema i pre brisanja i ciscenja. Ne znam kako, ali eto.. Hvala lepo