MyCity » Ambulanta -> Arhiva Ambulante » Nemogu da pronadjem virus 3 dana a hackovan sam..

Nemogu da pronadjem virus 3 dana a hackovan sam..

Napisano na dan: 30.7.2009

Strana:
1
2

Nemogu da pronadjem virus 3 dana a hackovan sam..

Sledeća strana

Pagination

Odgovori

Strana:
1
2

still Poslao: 30 Jul 2009 20:56 Idi na vrh
offline still Zaslužni građanin Pridružio: 25 Feb 2005 Poruke: 639 Gde živiš: beli_grad>gistro	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 30 Jul 2009 20:34 Cao pre 3 dana na sajtu Worldofraids.com koji se bavi vestima o igrici World of Warcraft sam inficiran sa virusom, dosao sam do tog zakljucka jel sam posecivao navedeni sajt dana kada su bili hakovani a pomenuta igrica je pocela da dobija errors cim je startujem. Kao sto sam rekao to se desilo pre 3 dana, ja sam od tada radi sigurnosti svog world of warcraft accounta uradio in Deep scan sa Avira Pro podesenom na MAX detaljnost. AV nije nista pronasao ali sobzirom da sam manuelno nasao taj fajl "6to4ex.dll" rucno sam ga orbisao. World of Raids: Citat:The trojan appears to have been an exploit affecting Adobe Flash Player. It was run via javascript after detecting the browser and would download the trojan files a.exe, b.exe, c.exe and 6to4ex.dll. The source of these files has currently been traced to China. Uglavnom da budem siguran da sam cist. unistall sam Aviru i install Kaspersky trial, uradio full deep scan i KAV nista nije pronasao. Unistall sam Kaspersky i vratio Aviru. Odradio online scan sa Trend micro AV. Odradio scan sa Search and destroy i Ad_Aware. Podesio svoj Firewall (Comodo) da nijedan novi procecs na sistemu neda da se upali i ode na net. (Defense+) Promenio svoju sifru od Mail-a i WOW accounta. 3 dana kasnije (danas) konektujem se online na svoj WOW acc i saznajem da sam bio hackovan u toku noci, tacnije od 13h do 18h botovi su runnovali na mom acc, farmovali gold, prodalali sve sto sam imao u torbama na 4 high lvl charrs, prodali sav gear, opljackali banku na svim charrs ukljucujuci i Guild bank do limita. Takodje verujem da su moji MoneyBookers i Visa card ugrozeni ovime (Nalog od moneybookers je prazan kao i Visa card) Al se plasim da ako odradim uplatu budem scamovan za taj novac. Uglavnom zamolicu strucna lica sa MyCity da mi pomognu da se uverim 100% da je moj PC cist i da posle sto mi Blizzard vrati account budem siguran da necu biti hackovan opet. Mislim licno da je moj slucaj dosta ozbiljan jel za razliku od varijanti gde ljudi imaju gomilu virusa godinama a opet nista neizgube moj PC prolazi kao cist na toliko razlicitih security softwera a opet sam hackovan. Hvala unapred! _ Koristim Win XP sa SP3 (iskljuceni win update) System restore je disabled. Update svih security softwera radim svakodnevno. Firefox 3.5 sa NO Scipt. (nazalost NO Script je bio podesen da pusta sve skripte na datom sajtu) Avira anti vir Pro podesen na max Comodo Firewall Pro odlicno podesen Spy Both sa non stop ukljucenim residentom AD_Aware samo za on demand scan. Takodje zelim da napomenem da za moj sistem virus je veoma retka pojava. Nikada neposecujem sumljive sajtove i koristim addon za mozilu WOT. Malocas sam morao da Unistall Aviru jel je pocela da mi restartuje PC, sa porukom tipa "Avira je pretrpela error i mora da se ugasi" posle toga mi se sistem restartuje cim upalim PC, tako da sam iz safe mode unistall Aviru za sad. Evo HijackThis log upravo uradjen (Ne u Safe modu) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:25:40 PM, on 7/30/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Aston\aston.exe C:\PROGRA~1\Aston\XP\internat.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ASUS\PC Probe II\Probe2.exe C:\Program Files\ASUS\GamerOSD\GamerOSD.exe C:\Program Files\Analog Devices\SoundMAX\SMax4.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\OCZ Technology\Mouse\Amoumain.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Portrait Displays\forteManager\DTHtml.exe C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NetLimiter 2 Pro\nlsvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NetLimiter 2 Pro\NLClient.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Stillo\Desktop\Ubica.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ati.com/online/cccwelcome/drivers.html F2 - REG:system.ini: Shell=C:\PROGRA~1\Aston\aston.exe ,svchost.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -LGE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1 O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\OCZ Technology\Mouse\Amoumain.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 7405 bytes -- Dopuna: 30 Jul 2009 20:56 DSS Log: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-07-30.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/18/2009 11:39:26 PM System Uptime: 7/30/2009 6:35:52 PM (2 hours ago) Motherboard: ASUSTeK Computer INC. \| \| M2N Processor: AMD Processor model unknown \| CPU 1 \| 3013/200mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 59 GiB total, 17.301 GiB free. D: is CDROM () E: is FIXED (NTFS) - 90 GiB total, 17.343 GiB free. ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== µTorrent ACDSee 9 Photo Manager Acrobat.com Ad-Aware Adobe AIR Adobe Flash Player 10 Plugin Adobe Reader 9.1 Aston.1.9.6 ASUS Gamer OSD ASUS Smart Doctor ASUS Utilities ASUS VGA Driver ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver AusLogics Disk Defrag BS.Player PRO Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center HydraVision Full ccc-core-preinstall ccc-core-static ccc-utility CCC Help English Choice Guard Command & Conquer 3 COMODO Internet Security Counter-Strike: Source Texture Pack 1.00 Counter-Strike: Source v17 Curse Client DH Driver Cleaner Professional Edition EVE Online (remove only) forteManager HijackThis 2.0.2 Hitman Blood Money Hotfix for Windows XP (KB938759) Java(TM) 6 Update 13 Java(TM) 6 Update 14 Junk Mail filter update K-Lite Codec Pack 4.7.0 (Full) Logitech iTouch Software Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 Microsoft .NET Framework 3.5 Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Mozilla Firefox (3.5.1) MSVCRT MSXML 6.0 Parser (KB925673) neroxml NetLimiter 2 Pro (remove only) NVIDIA Drivers NVIDIA ForceWare Network Access Manager OCZ Technology Laser Gaming Mouse OpenOffice.org 3.1 PC Probe II PowerDVD PowerISO Recover Files 2.0 SDK Segoe UI Skype™ 4.1 SoundMAX Spybot - Search & Destroy Total Commander (Remove or Repair) Update for Windows XP (KB898461) VCRedistSetup Ventrilo Client WebFldrs XP Winamp Windows Driver Package - Advanced Micro Devices (AmdK8-) Processor (05/27/2006 1.3.2.0) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Format Runtime Windows Presentation Foundation WinRAR archiver WinZip World of Warcraft XML Paper Specification Shared Components Pack 1.0 XviD MPEG-4 Video Codec ==== Event Viewer Messages From Past Week ======== 7/30/2009 6:34:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 AsIO asuskbnt avgio avipbb cmdGuard cmdHlp EIO_XP Fips IPSec MRxSmb NetBIOS NetBT nltdi RasAcd Rdbss SCDEmu ssmdrv Tcpip WS2IFSL 7/30/2009 6:34:50 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 7/30/2009 6:34:50 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/30/2009 6:34:50 PM, error: Service Control Manager [7001] - The Forceware Web Interface service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 7/30/2009 6:34:50 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/30/2009 6:34:50 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 7/30/2009 6:34:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 7/30/2009 6:33:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/27/2009 3:56:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ativvaxx.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.1.9. 7/27/2009 3:56:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ati3duag.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.231. 7/27/2009 3:56:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ati2mtag.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.6462. 7/27/2009 3:56:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ati2dvag.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.6462. 7/27/2009 3:56:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ati2cqag.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.233. 7/27/2009 3:38:22 PM, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s). 7/27/2009 3:38:19 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s). 7/26/2009 10:15:35 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\ativvaxx.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.221. 7/26/2009 10:15:35 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\ati3duag.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.655. 7/26/2009 10:15:35 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\ati2dvag.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.6936. 7/26/2009 10:15:35 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\ati2cqag.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.419. 7/26/2009 10:14:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\ati2mtag.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.6947. ==== End Of File ===========================

Profil

dr_Bora Poslao: 30 Jul 2009 21:53 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Vidim da se nešto "dogodilo" pri startovanju Windows-a danas u 18:34. Gomila drivera se nije pokrenula. Šta se dogodilo? Da li se PC restartovao u toku boot-a? Preuzmi SysProt AntiRootkit sa sledeće stranice: SysProt downlaod Na strani koja se otvori treba kliknuti "here" link. Raspakuj arhivu u neki folder (uputstvo), a zatim: dvoklikom pokreni program i pređi na Log karticu; štikliraj svih osam stavki i klikni Create log; nakon određenog vremena će se pojaviti upit u kome treba obeležiti Scan root drive only i kliknuti Start; po završetku skeniranja pojaviće se obaveštenje koje treba zatvoriti klikom na OK; izveštaj (log) će biti sačuvan u istom folderu u kome se nalazi i sam program. Priloži kreirani izveštaj uz poruku korišćenjem opcije Prikači fajl.

Profil

still Poslao: 30 Jul 2009 22:10 Idi na vrh
offline still Zaslužni građanin Pridružio: 25 Feb 2005 Poruke: 639 Gde živiš: beli_grad>gistro	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Cao, Hvala ti na odgovoru. Sto se tice tog restarta, predpostavljam da je to kada je PC poceo da se restartuje cim krene dizanje sistema, resio sam to tako sto sam preko safe mode unistall Aviru. Sto se tice ovog programa, odradio sam sve kao sto si reko, ali nailazim na problem, kada krene Scan posle par sekundi PC krene da mi izbacuje gresku da je Flopy otvoren i da probam da ga zatvorim pa nastavim sken,Ja flopi hard nemam u kompijuteru i neznam kako da zaobidjem taj part gde ovaj program "Zabode" inace morao sam da ga gasim na End process posto ostane tako ubagovan ..

Profil

dr_Bora Poslao: 30 Jul 2009 22:14 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obeležio si Scan root drive only ? Ako jesi, a ipak nije radio, koristi donji program. Preuzmi program RootRepeal sa jednog od sledećih linkova na Desktop: http://rootrepeal.googlepages.com/RootRepeal.zip http://ad13.geekstogo.com/RootRepeal.zip http://rootrepeal.psikotick.com/RootRepeal.zip Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Raspakuj RootRepeal.zip u neki folder (uputstvo). Dvoklikom pokreni RootRepeal.exe. Pređi na Report karticu (klikom na Report taster, dole, desno). Klikni Scan taster. U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK. U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK. Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju. Iskopiraj sadržaj tog izveštaja u iduću poruku.

Profil

still Poslao: 30 Jul 2009 22:36 Idi na vrh
offline still Zaslužni građanin Pridružio: 25 Feb 2005 Poruke: 639 Gde živiš: beli_grad>gistro	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Sto se tice prvog programa, nije mi nudio opciju koju spominjes. cim stikliram svih 7 (da 7 nema vise) opcija, kliknem create log, nista me vise nepita, krene da skenira i tad "spuca" Evo log koji je drugi program napravio. (okacen fajl) https://www.mycity.rs/must-login.png

Profil

dr_Bora Poslao: 30 Jul 2009 23:02 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

still Poslao: 30 Jul 2009 23:36 Idi na vrh
offline still Zaslužni građanin Pridružio: 25 Feb 2005 Poruke: 639 Gde živiš: beli_grad>gistro	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 30 Jul 2009 23:35 ComboFix 09-07-29.04 - Stillo 07/30/2009 23:23.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1613 [GMT 2:00] Running from: c:\documents and settings\Stillo\Desktop\ComboFix.exe FW: ActiveArmor Firewall disabled {EDC10449-64D1-46c7-A59A-EC20D662F26D} FW: COMODO Firewall enabled {043803A3-4F86-4ef6-AFC5-F6E02A79969B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\program files\Mozilla Firefox\extensions\{D2F6E1F6-1CE2-426E-9F1B-A1CB8D8B34B5} c:\program files\Mozilla Firefox\extensions\{D2F6E1F6-1CE2-426E-9F1B-A1CB8D8B34B5}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{D2F6E1F6-1CE2-426E-9F1B-A1CB8D8B34B5}\chrome\content\overlay.xul c:\program files\Mozilla Firefox\extensions\{D2F6E1F6-1CE2-426E-9F1B-A1CB8D8B34B5}\install.rdf c:\windows\system32\Ati2mdxx.exe c:\windows\system32\Iasex.dll ----- BITS: Possible infected sites ----- hxxp://ccp.vo.llnwd.net . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IAS -------\Service_Ias ((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 ))))))))))))))))))))))))))))))) . 2009-07-27 22:12 . 2009-07-27 22:10 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-07-27 22:09 . 2009-07-27 22:13 -------- d-----w- c:\documents and settings\Stillo\.housecall6.6 2009-07-27 02:31 . 2009-07-27 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2009-07-27 01:57 . 2009-07-02 10:12 593920 ------w- c:\windows\system32\ati2sgag.exe 2009-07-27 01:57 . 2009-07-27 01:57 -------- d-----w- C:\ATI 2009-07-26 20:18 . 2009-02-09 11:18 453152 ----a-w- c:\windows\system32\nvudisp.exe 2009-07-24 11:56 . 2009-07-24 11:56 -------- d-----w- c:\program files\Eidos 2009-07-14 20:22 . 2009-07-14 20:22 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-07-14 20:22 . 2009-07-26 19:02 -------- d-----w- c:\documents and settings\Stillo\Application Data\skypePM 2009-07-14 19:54 . 2009-07-26 20:20 -------- d-----w- c:\documents and settings\Stillo\Application Data\Skype 2009-07-14 19:53 . 2009-07-14 19:53 -------- d-----w- c:\program files\Common Files\Skype 2009-07-14 19:53 . 2009-07-14 20:03 -------- d-----r- c:\program files\Skype 2009-07-14 19:53 . 2009-07-14 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-07-14 17:26 . 2008-04-13 22:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys 2009-07-14 17:26 . 2008-04-13 22:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2009-07-14 17:26 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-07-14 17:26 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-07-13 22:41 . 2009-07-18 16:12 -------- d-----w- c:\program files\CryptLoad_1.1.6 2009-07-10 06:09 . 2009-07-15 13:59 1 ----a-w- c:\documents and settings\Stillo\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-07-10 06:08 . 2009-07-10 06:08 -------- d-----w- c:\documents and settings\Stillo\Application Data\OpenOffice.org 2009-07-10 06:05 . 2009-07-10 06:05 -------- d-----w- c:\program files\JRE 2009-07-10 06:05 . 2009-07-10 06:05 -------- d-----w- c:\program files\OpenOffice.org 3 2009-07-05 19:34 . 2009-07-05 19:34 -------- d-----w- c:\documents and settings\Stillo\Local Settings\Application Data\CCP 2009-07-04 23:47 . 2009-07-04 23:47 -------- d-----w- c:\program files\CCP 2009-07-04 23:47 . 2009-07-04 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\CCP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-30 16:44 . 2009-03-20 23:11 -------- d-----w- c:\program files\World of Warcraft 2009-07-30 16:36 . 2009-03-19 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-07-30 16:31 . 2009-03-19 00:56 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-27 02:29 . 2009-04-17 21:39 -------- d-----w- c:\program files\ATI Technologies 2009-07-27 02:00 . 2009-03-20 17:38 -------- d-----w- c:\documents and settings\Stillo\Application Data\ATI 2009-07-27 01:57 . 2009-03-18 23:50 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-26 20:13 . 2009-03-18 23:55 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-07-25 23:29 . 2009-03-19 00:34 -------- d-----w- c:\documents and settings\Stillo\Application Data\uTorrent 2009-07-12 06:13 . 2009-06-21 06:10 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll 2009-07-12 06:13 . 2009-06-21 06:10 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2009-07-12 06:12 . 2009-06-21 06:10 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-07-10 15:42 . 2009-03-18 23:57 17480 ----a-w- c:\documents and settings\Stillo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-10 06:04 . 2009-03-19 00:30 -------- d-----w- c:\program files\Java 2009-07-08 03:54 . 2009-03-19 00:48 179792 ----a-w- c:\windows\system32\guard32.dll 2009-07-08 03:54 . 2009-03-19 00:48 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-07-06 04:37 . 2009-03-19 00:48 86976 ----a-w- c:\windows\system32\drivers\inspect.sys 2009-07-06 04:37 . 2009-03-19 00:48 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-07-05 06:11 . 2009-06-21 06:10 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-07-05 06:11 . 2009-06-21 06:10 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-07-05 06:10 . 2009-06-21 06:10 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-07-05 06:10 . 2009-06-21 06:10 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-07-05 06:10 . 2009-05-28 01:34 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-07-05 06:10 . 2009-05-28 01:34 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-07-05 06:10 . 2009-05-28 01:34 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-07-05 06:10 . 2009-06-21 06:10 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe 2009-07-05 06:10 . 2009-06-21 06:10 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-07-05 06:10 . 2009-06-21 06:10 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-07-05 06:10 . 2009-06-21 06:10 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-07-05 06:10 . 2009-06-21 06:10 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe 2009-07-05 06:10 . 2009-06-21 06:10 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-07-05 06:10 . 2009-06-21 06:10 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-07-03 00:23 . 2009-05-25 16:25 -------- d-----w- c:\program files\Rawr v2.2.5 2009-07-02 17:49 . 2007-10-16 14:40 4125696 ----a-w- c:\windows\system32\drivers\ati2mtag.sys 2009-07-02 17:25 . 2009-04-29 02:18 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2009-07-02 17:24 . 2007-10-16 14:04 335872 ----a-w- c:\windows\system32\ati2dvag.dll 2009-07-02 17:07 . 2009-04-29 02:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll 2009-07-02 17:06 . 2009-04-29 02:07 204800 ----a-w- c:\windows\system32\atipdlxx.dll 2009-07-02 17:05 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll 2009-07-02 17:05 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2009-07-02 17:05 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\ati2evxx.dll 2009-07-02 17:04 . 2009-04-29 02:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe 2009-07-02 17:02 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL 2009-07-02 16:56 . 2007-10-16 13:44 3014272 ----a-w- c:\windows\system32\ati3duag.dll 2009-07-02 16:54 . 2009-04-29 01:45 11698176 ----a-w- c:\windows\system32\atioglxx.dll 2009-07-02 16:44 . 2007-10-16 13:33 2139904 ----a-w- c:\windows\system32\ativvaxx.dll 2009-07-02 16:44 . 2009-04-29 01:42 887724 ----a-w- c:\windows\system32\ativva6x.dat 2009-07-02 16:44 . 2009-04-29 01:42 3 ----a-w- c:\windows\system32\ativva5x.dat 2009-07-02 16:31 . 2009-04-29 01:26 49664 ----a-w- c:\windows\system32\atimpc32.dll 2009-07-02 16:31 . 2009-04-29 01:26 49664 ----a-w- c:\windows\system32\amdpcom32.dll 2009-07-02 16:28 . 2009-04-29 01:22 487424 ----a-w- c:\windows\system32\atikvmag.dll 2009-07-02 16:27 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalrt.dll 2009-07-02 16:26 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll 2009-07-02 16:26 . 2009-04-29 01:20 151552 ----a-w- c:\windows\system32\atiadlxx.dll 2009-07-02 16:26 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll 2009-07-02 16:25 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2009-07-02 16:25 . 2009-04-29 01:18 3248128 ----a-w- c:\windows\system32\aticaldd.dll 2009-07-02 16:24 . 2009-04-29 01:17 376832 ----a-w- c:\windows\system32\atiok3x2.dll 2009-07-02 16:20 . 2007-10-16 13:11 651264 ----a-w- c:\windows\system32\ati2cqag.dll 2009-06-26 16:54 . 2009-03-20 18:27 -------- d-----w- c:\documents and settings\Stillo\Application Data\Ventrilo 2009-06-26 16:53 . 2009-06-26 16:53 -------- d-----w- c:\program files\Ventrilo 2009-06-26 16:49 . 2009-06-26 16:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-19 22:29 . 2009-03-19 21:55 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-06-19 14:58 . 2009-06-19 14:58 -------- d-----w- c:\program files\OCZ Technology 2009-06-19 14:52 . 2009-03-19 00:03 -------- d-----w- c:\program files\Logitech 2009-06-19 14:52 . 2009-03-19 00:03 -------- d-----w- c:\program files\Common Files\Logitech 2009-06-18 19:29 . 2009-04-01 19:59 197654 ----a-w- c:\windows\system32\atiicdxx.dat 2009-06-10 00:56 . 2009-06-10 00:56 152576 ----a-w- c:\documents and settings\Stillo\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-05-28 01:35 . 2009-05-28 01:35 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-05-28 01:35 . 2009-04-12 07:00 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-05-21 09:33 . 2009-03-19 00:30 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-11 21:35 . 2009-03-03 19:56 118784 ----a-w- c:\windows\system32\atibtmon.exe 2009-07-15 20:30 . 2009-03-19 00:11 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ------- Sigcheck ------- [-] 2009-03-19 00:57 361344 8E036EEC565910417EA020CE0962AA24 c:\windows\system32\dllcache\TCPIP.SYS [-] 2009-03-19 00:57 361344 8E036EEC565910417EA020CE0962AA24 c:\windows\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-12-18 1175552] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DT LGE"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2007-10-11 81920] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-07-22 577602] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-07-20 847872] "Launch PC Probe II"="c:\program files\ASUS\PC Probe II\Probe2.exe" [2006-07-28 2129408] "ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2008-08-29 380928] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-05 520024] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "WheelMouse"="c:\program files\OCZ Technology\Mouse\Amoumain.exe" [2006-12-28 196608] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-07-06 1793808] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/12/2009 8:10 AM 64160] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [3/19/2009 2:48 AM 132040] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/19/2009 2:48 AM 25160] R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [4/23/2007 1:03 PM 82200] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [10/31/2008 2:52 PM 93184] S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys --> c:\windows\system32\Drivers\gHidPnp.Sys [?] S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys --> c:\windows\system32\DRIVERS\gMouPS2.sys [?] S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys --> c:\windows\system32\DRIVERS\gMouUsb.sys [?] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 9:06 PM 1029456] S3 SysProtDrv.sys;SysProtDrv.sys;c:\documents and settings\Stillo\Desktop\SysProt\SysProtDrv.sys [7/30/2009 10:26 PM 44288] . Contents of the 'Scheduled Tasks' folder 2009-07-30 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-03-19 14:31] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://www.ati.com/online/cccwelcome/drivers.html FF - ProfilePath - c:\documents and settings\Stillo\Application Data\Mozilla\Firefox\Profiles\1ue3y1nb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2195958&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - divx-titlovi.com FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-30 23:26 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose, ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1060284298-2025429265-682003330-1003\Software\SecuROM\License information] "datasecu"=hex:7b,48,63,2f,ba,c6,01,86,6b,74,bb,eb,2c,44,3b,a3,6f,a9,9c,71,11, da,14,bd,84,b3,fe,c0,e1,6c,25,f5,81,9a,78,6e,8b,9b,e4,b1,d0,ad,de,23,9b,16,\ "rkeysecu"=hex:63,f1,07,32,5f,fa,33,21,78,3b,0a,03,dc,38,db,7c . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(848-) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\COMODO\COMODO Internet Security\cmdagent.exe c:\windows\system32\ati2evxx.exe c:\windows\ATKKBService.exe c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NetLimiter 2 Pro\nlsvc.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\windows\system32\rundll32.exe c:\program files\Portrait Displays\forteManager\dthtml.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe c:\windows\system32\PnkBstrB.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\system32\wdfmgr.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\NetLimiter 2 Pro\NLClient.exe c:\windows\system32\wscntfy.exe . ************************************************************************* . Completion time: 2009-07-30 23:28 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-30 21:28 Pre-Run: 18,412,249,088 bytes free Post-Run: 18,500,505,600 bytes free 294 --- E O F --- 2009-03-18 23:55 Dopuna: 30 Jul 2009 23:36 Inace Combofix mi je obrisao neki file od Aston Shell programa koji pa recimo menja temu windowsa, i vise ne radi, sta da radim da li smem da undo taj delete sa combo fix il ?

Profil

dr_Bora Poslao: 30 Jul 2009 23:42 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Koji Aston-ov file je obrisan? Upakuj u zip/rar kompletan folder: C:\qoobox\quarantine preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

Profil

still Poslao: 31 Jul 2009 00:13 Idi na vrh
offline still Zaslužni građanin Pridružio: 25 Feb 2005 Poruke: 639 Gde živiš: beli_grad>gistro	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 30 Jul 2009 23:42 Takodje mi nije jasno zasto je c:\windows\system32\Ati2mdxx.exe obrisan? kolko vidim to je od Ati drivera deo? da li sam ja nesto pogresno shvatio pa taj file nije obrisan il? Dopuna: 30 Jul 2009 23:44 Okacio sam kompletan Quarantine od combofix. Dopuna: 30 Jul 2009 23:48 Izvinjavam se za ove dopune, al kolko vidim moj problem je bio u c:\windows\system32\Iasex.dll ako negresim to je tacno file od virusa sa kojim sam 99.9% bio zarazen i koji je bio okacen na Worldofraids.com Ono sto me zanima je kako to da Avira pro Kaspersky personal Trend micro AVG free SND AD_Aware Nisu pronasli ovaj fajl kao bilu kakvu opasnost? stvarno mi neide u glavu.. Dopuna: 30 Jul 2009 23:59 Inace sto se tice Aston shell, Combofix nije nista obrisao, u pitanju je bilo vracanje sistema na standardna podesavanja predpostavljam posto Aston je bio disabned kao i Firefox, al sad je to ok oba sam opet ukljucio. Dopuna: 31 Jul 2009 0:13 Ok sad me je vec sramota od ovih dopuna, al kako razmisljam sve vise pitanja imam. Ono sto me zanima je da li bi sad trebalo da bude safe da vratim Avira anti vir na PC posto je to AV koji imam licenciran a i iskreno zadovoljan sam sa njim. (ako se izuzme ovaj slucaj) Pitam posto nisam mogao da dizem sistem dok nisam unistall Aviru, predpostavljam da je nekako virus to radio.

Profil

dr_Bora Poslao: 31 Jul 2009 00:47 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Skini i raspakuj u c:\windows\system32 folder: https://www.mycity.rs/must-login.png Toliko o prvom pitanju... Vezano za detekciju file-a... TrojanDownloader:Win32/Somex.A - detektovan samo od MS-a. Što se tiče Avira-e... Teško je reći. Verovatno će sveža instalacija da radi. U svakom slučaju, instaliraj AV što pre. Ovo sada izgleda ok. Potrebno je da uklonimo korišćene programe: Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: combofix /u Primeti da postoji razmak između "ComboFix" i "/u". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Sve ostalo možeš sam da obrišeš.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Nemogu da pronadjem virus 3 dana a hackovan sam..

Ko je trenutno na forumu

Ukupno su 1088 korisnika na forumu :: 56 registrovanih, 10 sakrivenih i 1022 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Asparagus, Atomski čoban, babaroga, bbogdan, bobomicek, bojank, bojcistv, Brana01, Bubimir, cavatina, Cigi, darcaud, Darko8, DENIRO, Dežurni pod palubom, DH, Dorcolac, draganl, FileFinder, flash12, gomago, GORDI, goxin, hyla, Karla, Koridor, krkalon, Krusarac, kuntalo, kybonacci, Lidija, lord sir giga, Mediator, mercedesamg, Mi lao shu, Mihajlo, milenko crazy north, milos.cbr, mkukoleca, nemkea71, nick79, oldtimer, panzerwaffe, pein, predragc, raketaš, sevenino, sokars, Stanlio, Tandrkalo, VJ, Wrangler, zastavnik, ZetaMan, zg

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by