Možda tražite i:
[bobby] infekcija msn-a
Gadna infekcija...
Bagle infekcija
AdobeR.exe infekcija, potrebna pomoc

MyCity » Ambulanta -> Arhiva Ambulante » Infekcija

Infekcija

Napisano na dan: 7.4.2009

Infekcija

Sledeća strana

Pagination

Odgovori

Juice_93fu Poslao: 07 Apr 2009 16:49 Idi na vrh
offline Juice_93fu Ugledni građanin Pridružio: 26 Dec 2008 Poruke: 440	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:26:02 PM, on 4/7/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Defender\MSASCui.exe D:\internet\zarko92.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 5243 bytes

Profil

dr_Bora Poslao: 07 Apr 2009 19:36 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Juice_93fu ::Infekcija Kako znaš da je infekcija; koja je; gde je?

Profil

Juice_93fu Poslao: 07 Apr 2009 19:58 Idi na vrh
offline Juice_93fu Ugledni građanin Pridružio: 26 Dec 2008 Poruke: 440	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvara po 20 puta my computer ili mozilu, ne radi refresh itd.

Profil

dr_Bora Poslao: 07 Apr 2009 20:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Proverićemo, mada se ne bih kladio da malware ima veze sa time... Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin : Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje). * Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora; * Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection. * Na sledece pitanje klikni Yes. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Juice_93fu Poslao: 08 Apr 2009 12:51 Idi na vrh
offline Juice_93fu Ugledni građanin Pridružio: 26 Dec 2008 Poruke: 440	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-04-04.01 - Windows User 2009-04-08 12:43:02.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1023.324 [GMT 2:00] Running from: d:\internet\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 ))))))))))))))))))))))))))))))) . 2009-04-07 16:21 . 2009-04-07 16:21 <DIR> d-------- c:\windows\Downloaded Installations 2009-04-07 16:21 . 2009-04-07 16:21 <DIR> d-------- c:\program files\GiPo@Utilities 2009-04-07 16:21 . 2009-04-07 16:21 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared 2009-04-07 15:57 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll 2009-04-07 15:57 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe 2009-04-07 15:57 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe 2009-04-07 15:57 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll 2009-04-07 15:57 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll 2009-04-07 15:57 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll 2009-04-07 15:57 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl 2009-04-07 15:57 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll 2009-04-07 14:20 . 2008-10-22 03:22 2,048 --a------ c:\windows\System32\tzres.dll 2009-04-07 14:15 . 2009-01-15 05:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-04-07 14:15 . 2009-01-15 08:11 827,392 --a------ c:\windows\System32\wininet.dll 2009-04-07 13:50 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll 2009-04-07 13:50 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll 2009-04-07 13:50 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll 2009-04-07 13:50 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll 2009-04-07 13:50 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll 2009-04-07 13:45 . 2009-04-07 13:45 <DIR> d-------- c:\program files\MSXML 4.0 2009-04-07 13:42 . 2008-06-26 03:45 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll 2009-04-07 13:42 . 2008-06-26 03:45 2,644,480 --a------ c:\windows\System32\NlsLexicons0009.dll 2009-04-07 13:42 . 2008-06-26 05:29 801,280 --a------ c:\windows\System32\NaturalLanguage6.dll 2009-04-07 13:38 . 2009-04-07 13:38 <DIR> d-------- c:\users\All Users\ESET 2009-04-07 13:38 . 2009-04-07 13:38 <DIR> d-------- c:\programdata\ESET 2009-04-07 13:38 . 2009-04-07 13:38 <DIR> d-------- c:\program files\ESET 2009-04-07 13:38 . 2008-11-01 03:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll 2009-04-07 13:38 . 2008-03-08 06:21 1,695,744 --a------ c:\windows\System32\gameux.dll 2009-04-07 13:38 . 2008-11-01 05:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll 2009-04-07 13:36 . 2008-02-29 09:11 988,216 --a------ c:\windows\System32\winload.exe 2009-04-07 13:36 . 2008-02-29 09:11 927,288 --a------ c:\windows\System32\winresume.exe 2009-04-07 13:36 . 2008-02-22 07:05 615,992 --a------ c:\windows\System32\ci.dll 2009-04-07 13:36 . 2008-02-29 08:53 378,368 --a------ c:\windows\System32\srcore.dll 2009-04-07 13:36 . 2008-02-29 06:12 318,464 --a------ c:\windows\System32\rstrui.exe 2009-04-07 13:36 . 2008-02-29 08:53 46,592 --a------ c:\windows\System32\setbcdlocale.dll 2009-04-07 13:36 . 2008-02-29 08:53 40,960 --a------ c:\windows\System32\srclient.dll 2009-04-07 13:36 . 2008-02-29 09:14 19,000 --a------ c:\windows\System32\kd1394.dll 2009-04-07 13:36 . 2008-02-29 06:12 14,848 --a------ c:\windows\System32\srdelayed.exe 2009-04-07 13:36 . 2008-02-29 08:35 6,656 --a------ c:\windows\System32\kbd106n.dll 2009-04-07 13:34 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-04-07 13:34 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-04-07 13:34 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-04-07 13:34 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-04-07 13:33 . 2008-09-18 07:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe 2009-04-07 13:33 . 2008-09-18 07:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe 2009-04-07 13:33 . 2008-06-23 03:59 2,868,736 --a------ c:\windows\System32\mf.dll 2009-04-07 13:33 . 2008-06-23 03:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2009-04-07 13:33 . 2008-04-26 10:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys 2009-04-07 13:33 . 2008-04-12 05:32 784,896 --a------ c:\windows\System32\rpcrt4.dll 2009-04-07 13:33 . 2008-10-21 07:25 296,960 --a------ c:\windows\System32\gdi32.dll 2009-04-07 13:33 . 2008-08-27 03:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2009-04-07 13:33 . 2008-06-23 03:58 94,720 --a------ c:\windows\System32\logagent.exe 2009-04-07 13:33 . 2008-04-05 03:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys 2009-04-07 13:33 . 2008-04-05 05:34 15,360 --a------ c:\windows\System32\pacerprf.dll 2009-04-07 13:32 . 2008-09-05 07:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2009-04-07 13:32 . 2008-06-19 05:31 361,984 --a------ c:\windows\System32\IPSECSVC.DLL 2009-04-07 13:32 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys 2009-04-07 13:32 . 2008-04-18 07:48 269,312 --a------ c:\windows\System32\es.dll 2009-04-07 13:30 . 2008-10-29 08:29 2,927,104 --a------ c:\windows\explorer.exe 2009-04-07 13:30 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-04-07 13:30 . 2008-04-26 10:08 1,314,816 --a------ c:\windows\System32\quartz.dll 2009-04-07 13:30 . 2008-04-10 07:12 738,304 --a------ c:\windows\System32\inetcomm.dll 2009-04-07 13:30 . 2008-08-12 05:39 443,392 --a------ c:\windows\System32\win32spl.dll 2009-04-07 13:23 . 2008-10-16 23:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2009-04-07 13:23 . 2008-10-16 22:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2009-04-07 13:23 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2009-04-07 13:23 . 2008-10-16 23:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2009-04-07 13:23 . 2008-10-16 23:09 43,544 --a------ c:\windows\System32\wups2.dll 2009-04-07 13:23 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2009-04-07 12:58 . 2009-04-07 12:58 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com 2009-04-07 12:58 . 2009-04-07 12:58 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com 2009-04-07 12:57 . 2009-04-07 12:57 <DIR> d-------- c:\users\Windows User\AppData\Roaming\SUPERAntiSpyware.com 2009-04-07 12:57 . 2009-04-07 12:57 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-04-07 12:51 . 2009-04-07 12:51 <DIR> d-------- c:\users\Windows User\AppData\Roaming\TuneUp Software 2009-04-07 12:51 . 2009-04-07 12:51 <DIR> d-------- c:\users\All Users\TuneUp Software 2009-04-07 12:51 . 2009-04-07 12:51 <DIR> d-------- c:\programdata\TuneUp Software 2009-04-07 12:51 . 2009-04-07 12:51 355,584 --a------ c:\windows\System32\TuneUpDefragService.exe 2009-04-07 12:51 . 2008-05-29 09:28 28,416 --a------ c:\windows\System32\uxtuneup.dll 2009-04-07 12:51 . 2008-05-29 09:28 16,640 --a------ c:\windows\System32\authuitu.dll 2009-04-07 12:50 . 2009-04-07 12:51 <DIR> d-------- c:\program files\TuneUp Utilities 2008 2009-04-07 12:50 . 2009-04-07 12:57 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-04-07 12:44 . 2009-04-07 12:44 <DIR> d-------- c:\users\Windows User\AppData\Roaming\Thinstall 2009-04-07 12:31 . 2009-04-07 12:31 0 --a------ c:\windows\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-07 14:14 --------- d-----w c:\users\Windows User\AppData\Roaming\skypePM 2009-04-07 14:14 --------- d-----w c:\users\Windows User\AppData\Roaming\Skype 2009-04-07 14:06 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-07 11:26 --------- d-----w c:\users\Windows User\AppData\Roaming\Winamp 2009-04-07 11:26 --------- d-----w c:\program files\Winamp 2009-04-07 11:17 --------- d-----w c:\program files\Google 2009-04-07 11:13 --------- d-----w c:\program files\Triptych 2009-04-07 11:13 --------- d-----w c:\program files\Passage 3 2009-04-07 11:12 --------- d-----w c:\program files\Varmintz Deluxe 2009-04-07 11:11 --------- d-----w c:\program files\Spin & Win 2009-04-07 11:07 --------- d-----w c:\program files\Incadia 2009-04-07 11:02 --------- d-----w c:\program files\Playtonium Jigsaw Atlantic Lighthouses 2009-04-07 10:38 --------- d-----w c:\programdata\WinZip 2009-03-25 21:48 --------- d-----w c:\program files\Java 2009-03-09 04:19 410,984 ----a-w c:\windows\System32\deploytk.dll 2009-03-06 10:38 --------- d-----w c:\program files\Live Billiards 2009-02-09 12:42 --------- d-----w c:\program files\Common Files\Adobe 2009-02-09 12:41 --------- d-----w c:\programdata\Spybot - Search & Destroy 2009-02-09 12:06 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-09 12:06 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-05 05:55 1,579 ----a-w C:\ma477.bin 2009-01-24 18:03 1,073 ----a-w c:\program files\Play.lnk 2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 92704] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-11-10 1980200] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-12 c:\windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized "SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4145006369-1702334277-2870752167-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{AA0E8BF6-4420-42E7-90BA-A787C20D7B3F}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{ED99674F-F676-44D1-804C-5DFDA933BFDB}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008 (2).exe:Pro Evolution Soccer 2008 "{41D81DB0-B3CF-416C-B19B-6D9A088D8118}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008 (2).exe:Pro Evolution Soccer 2008 "{1997A3F0-9837-447F-9BCF-9E6AE271CE3D}"= UDP:d:\pes\Fairlight\PES2008.exe:Pro Evolution Soccer 2008 "{F8946384-7EE3-4E8B-AA5C-55D254DFE643}"= TCP:d:\pes\Fairlight\PES2008.exe:Pro Evolution Soccer 2008 "{7A72C1DB-048E-447A-8FE0-5780B44F24A2}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008 "{AA12A242-6A23-4881-A810-92976D363E9E}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008 "{0F4BEFF6-E4A9-423B-B676-78E913002000}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008 "{6762885C-0A4E-43BB-88AA-747272A2AEA3}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008 "{0631E7EC-B9DE-494C-8C73-B48D16FEE1D9}"= c:\program files\Skype\Phone\Skype.exe:Skype "{CDB218E1-70D1-495C-A131-F801E4AD2609}"= c:\program files\Skype\Phone\Skype.exe:Skype "{C1ED44DD-F44B-4A41-AB1D-F5110AACC91C}"= c:\program files\Skype\Phone\Skype.exe:Skype "{73B51B5C-5FBD-455D-93FE-C426AF0DD8DD}"= c:\program files\Skype\Phone\Skype.exe:Skype "{2580947A-D35F-4DC3-BB57-B58C7C52F592}"= c:\program files\Skype\Phone\Skype.exe:Skype "{E0F4B766-6FD8-4BA6-87BD-BC7E723D38E3}"= c:\program files\Skype\Phone\Skype.exe:Skype "{71901D3A-BE0D-4481-9064-C9EA3B61438F}"= c:\program files\Skype\Phone\Skype.exe:Skype "{5B552B50-4F74-4961-B6C9-684D19845A43}"= c:\program files\Skype\Phone\Skype.exe:Skype "{053A3748-982A-43B8-AB25-47BFCAA44E67}"= c:\program files\Skype\Phone\Skype.exe:Skype "{600EF7C9-3CE6-4E68-920E-3D6AA1AEAB26}"= c:\program files\Skype\Phone\Skype.exe:Skype "{A95B6172-05B3-4DA9-8842-1880353BE560}"= c:\program files\Skype\Phone\Skype.exe:Skype "{E77F3474-5AC8-4941-A391-7083A73A3890}"= c:\program files\Skype\Phone\Skype.exe:Skype "{340CC0CA-8B82-41A6-9955-0B0EAD4E7341}"= c:\program files\Skype\Phone\Skype.exe:Skype "{559A1B64-CE3B-4CEB-A528-08BC6E797E81}"= c:\program files\Skype\Phone\Skype.exe:Skype "{77C7A9B1-6ABC-4222-99D0-361B2E8AC950}"= c:\program files\Skype\Phone\Skype.exe:Skype "{8C89D60B-8A18-4C5E-A05C-C560C2789656}"= c:\program files\Skype\Phone\Skype.exe:Skype "{474FF471-6DFF-4775-AD4B-1C92AAC86605}"= c:\program files\Skype\Phone\Skype.exe:Skype "{3E603A68-5E20-4675-BDC8-E7A0568F2974}"= c:\program files\Skype\Phone\Skype.exe:Skype "{F42BAF74-2C51-4D59-BFFF-1D297110789B}"= c:\program files\Skype\Phone\Skype.exe:Skype "{A72D9C2D-FF3A-41AC-B1F9-2086E200CC9E}"= c:\program files\Skype\Phone\Skype.exe:Skype "{EA21243B-3E21-4CAF-921A-F176B7F333FD}"= c:\program files\Skype\Phone\Skype.exe:Skype "{C0457A15-937D-449F-8026-FE46F1CAC2BE}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6F0F1592-5314-431D-A170-080674A7A227}"= c:\program files\Skype\Phone\Skype.exe:Skype "{0CE1454C-8B43-4EBE-A1A9-7B9C22EDE9BB}"= c:\program files\Skype\Phone\Skype.exe:Skype "{E300E162-1167-4BFE-B022-434AD7B25D14}"= UDP:d:\pes\Fairlight\PES2008.exe:Pro Evolution Soccer 2008 "{CFA6C564-24ED-4B6D-9F9A-1358CC020E32}"= TCP:d:\pes\Fairlight\PES2008.exe:Pro Evolution Soccer 2008 "{7399FD95-B3E0-4FA7-90ED-B0AD980027C1}"= c:\program files\Skype\Phone\Skype.exe:Skype "{913711AB-ED4F-4E42-BE5F-752B48B2C237}"= c:\program files\Skype\Phone\Skype.exe:Skype "{DE47812D-5615-46DF-A8FA-D97DBF5287FF}"= c:\program files\Skype\Phone\Skype.exe:Skype "{C45AC876-DCA2-46FF-AC68-438FFB1778B1}"= c:\program files\Skype\Phone\Skype.exe:Skype "{1F16ACCD-B352-4F66-A70E-E1938648AAD4}"= c:\program files\Skype\Phone\Skype.exe:Skype "{863387B5-CAF7-47B2-8A86-AC2459A5A126}"= c:\program files\Skype\Phone\Skype.exe:Skype "{94057244-5BCB-4004-B4F7-AFCBE9E00F11}"= c:\program files\Skype\Phone\Skype.exe:Skype "{C01DD949-04E2-4AA7-94FA-211FDD0F62F2}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6034B49C-2B9B-4CDD-88DD-921E707AEC0D}"= c:\program files\Skype\Phone\Skype.exe:Skype "{5AC6ECDF-DDDB-446A-A396-D4693EFAD0DA}"= c:\program files\Skype\Phone\Skype.exe:Skype "{CC404065-482A-4541-A340-1C7785D6CF59}"= c:\program files\Skype\Phone\Skype.exe:Skype "{F0B7935C-C7D8-4B83-AE35-E7CCFF3890D3}"= c:\program files\Skype\Phone\Skype.exe:Skype "{64C0DFE6-AF59-424B-B926-861A32F5A1F5}"= c:\program files\Skype\Phone\Skype.exe:Skype "{FBD5EFA1-D30C-4333-BF86-E4430976B224}"= c:\program files\Skype\Phone\Skype.exe:Skype "{CAE243D4-852D-4EA0-9F72-F19A202DB82C}"= c:\program files\Skype\Phone\Skype.exe:Skype "{269A26D8-857B-4EA0-A1A1-DF260EC260DD}"= c:\program files\Skype\Phone\Skype.exe:Skype "{BFA9AC5E-8957-4934-AB12-C51074DD652B}"= c:\program files\Skype\Phone\Skype.exe:Skype "{FC10D1E0-D05B-4458-A7DA-2F6115C39CE1}"= c:\program files\Skype\Phone\Skype.exe:Skype "{0B5CD0CA-4794-4F06-B86B-1A68300E14DE}"= c:\program files\Skype\Phone\Skype.exe:Skype "{38F83AEB-B47C-4E89-B192-5053CAA9AF3D}"= c:\program files\Skype\Phone\Skype.exe:Skype "{F933D2D4-53EA-4F4F-B6F4-CEC30F4AF4A0}"= c:\program files\Skype\Phone\Skype.exe:Skype "{347DCA05-E962-478C-8889-5C3F9BEC05CA}"= c:\program files\Skype\Phone\Skype.exe:Skype "{FDD16D52-7181-4606-9117-E258EBE96B55}"= c:\program files\Skype\Phone\Skype.exe:Skype "{347E43F7-9CD8-4980-8EE1-4A57AD6BB534}"= c:\program files\Skype\Phone\Skype.exe:Skype "{EED3671F-AF31-4766-B2DE-4CE3F8A1BCEC}"= c:\program files\Skype\Phone\Skype.exe:Skype "{D3C6C2B6-D434-4246-9FC4-6F52ECECA4EB}"= c:\program files\Skype\Phone\Skype.exe:Skype "{323E2E17-D92A-44BC-A4BE-DB250ED35D69}"= c:\program files\Skype\Phone\Skype.exe:Skype "{4306F34B-3567-455E-B596-2BA98B1299AE}"= c:\program files\Skype\Phone\Skype.exe:Skype "{709CBEA1-DB68-4A99-BCAE-C6E717A7622C}"= c:\program files\Skype\Phone\Skype.exe:Skype "{BDC43DF2-1DAB-4022-99E8-D25C37FC5158}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6F4B4647-F290-4FDA-9B3A-5C3500E55648}"= c:\program files\Skype\Phone\Skype.exe:Skype "{5B4A07DB-0FF2-48F1-A68A-A2ACEA6E5379}"= c:\program files\Skype\Phone\Skype.exe:Skype "{93C13AEB-397C-49C3-AE0E-1C3BFAEAE630}"= c:\program files\Skype\Phone\Skype.exe:Skype R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [2008-11-10 104456] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-08-19 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-08-19 55024] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-11-10 711240] R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [2008-11-10 90632] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-02-09 1125208] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-19 7408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50623409-d8c7-11dd-a0b5-001d92472b1c}] \shell\AutoRun\command - wscript.exe .\.vbs \shell\open\command - wscript.exe .\.vbs . Contents of the 'Scheduled Tasks' folder 2009-04-08 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.rs/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Windows User\AppData\Roaming\Mozilla\Firefox\Profiles\h48sd0a2.default\ FF - prefs.js: network.proxy.type - 1 FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-08 12:44:45 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-04-08 12:46:58 ComboFix-quarantined-files.txt 2009-04-08 10:46:56 Pre-Run: 8,139,403,264 bytes free Post-Run: 8,638,025,728 bytes free 267 --- E O F --- 2009-04-07 12:23:52

Profil

dr_Bora Poslao: 08 Apr 2009 16:31 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Ovde nema aktivnog malware-a. Samo jedna stavka u registru od neke ranije infekcije. Da bi to uklonio, skini na Desktop: https://www.mycity.rs/must-login.png Dvoklikni na taj file i kada se pojavi upit, klikni Yes. Deinstalacija ComboFix-a: Klikni START a zatim RUN. U liniju za unos teksta ukucaj (iskopiraj) sledeće: Combofix /u a zatim klikni OK. Sačekaj da se proces deinstalacije završi. Za savete oko preostalih problema se obrati u odgovarajući forum.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Infekcija

Ko je trenutno na forumu

Ukupno su 998 korisnika na forumu :: 3 registrovanih, 0 sakrivenih i 995 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: branko7, MilosKop, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by