MyCity » Ambulanta -> Arhiva Ambulante » Provera nakon infekcije

Provera nakon infekcije

Napisano na dan: 3.9.2010

Provera nakon infekcije

Sledeća strana

Pagination

Odgovori

elzike7 Poslao: 03 Sep 2010 09:56 Idi na vrh
offline elzike7 Počasni građanin Pridružio: 15 Maj 2009 Poruke: 963	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Dobio mi kompjuter neku gadnu prehladu ... Ja sam pustio AVG i MBAM da skeniraju... Svi potrebni logovi su ispod. Vidim da DDS spominje AntiVir firewall... Imao sam ranije Aviru IS, sad koristim Windows firewall. Postavio sam RootRepeal logove umesto GMER jer mi GMER nesto koci kompjuter, a i dugo skenira a ja bas nemam puno vremena. AVG: Full Scan: "C:\WINDOWS\system32\svchost.exe (1632):\memory_009c0000";"Trojan horse Cryptic.AMH";"Object is inaccessible." "C:\WINDOWS\system32\svchost.exe (1632)";"Trojan horse Cryptic.AMH";"" "C:\System Volume Information\_restore{F39CD5EB-3C00-4E02-9E15-456C8A3ED439}\RP199\A0088650.sys";"Trojan horse Rootkit-Agent.EU";"Moved to Virus Vault" Resident Shield: https://www.mycity.rs/must-login.png MBAM: https://www.mycity.rs/must-login.png DDS: DDS (Ver_10-03-17.01) - NTFSx86 Run by kole017 at 9:29:12,71 on pet 03.09.2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19 Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1918.1133 [GMT 2:00] AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Avira FireWall enabled {11638345-E4FC-4BEE-BB73-EC754659C5F6} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\VistaDrive\VistaDrive.exe C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe -k Akamai C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\kole017\Desktop\Ambulanta\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.rs/ uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {259F616C-A300-44F5-B04A-ED001A26C85C} - No File BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\users\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\kole017\application data\mozilla\firefox\profiles\8a028nhw.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ABBYY Screenshot Reader Bonus] "c:\program files\abbyy pdf transformer 3.0\Bonus.ScreenshotReader.exe" -autorun mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1 mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE uPolicies-explorer: NoSetActiveDesktop = 30 mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1) mPolicies-explorer: NoSimpleStartMenu = 1 (0x1) mPolicies-explorer: StartMenuFavorites = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265113017140 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265113007281 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: {BB8BD4B8-6E1A-4B6E-B6F7-A5235CB6D591} = 208.67.222.222,208.67.220.220 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\users\kole017\application data\mozilla\firefox\profiles\8a028nhw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.rs FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\users\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\users\kole017\application data\mozilla\firefox\profiles\8a028nhw.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\users\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\kole017\application data\mozilla\firefox\profiles\8a028nhw.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-26 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-26 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-26 243024] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-18 308136] R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968] R3 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [2010-3-29 60008] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-12-8 279680] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664] S2 OMSCAN;OMSCAN;\Sysyo --> \Sysyo [?] S3 FXDrv32;FXDrv32;\??\f:\fxdrv32.sys --> f:\FXDrv32.sys [?] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064] =============== Created Last 30 ================ 2063-09-19 05:50:50 5501 ----a-w- c:\windows\system32\rtclmg32.dll 2010-09-02 17:50:34 0 d-----w- c:\program files\Foxit Software 2010-09-02 14:32:31 181760 ----a-w- c:\windows\system32\drivers\78.exe 2010-09-02 13:58:44 181760 ----a-w- c:\windows\system32\drivers\31.exe 2010-09-02 10:55:26 578048 ----a-w- c:\windows\system32\dllcache\user32.dll 2010-09-02 10:29:32 0 d-----w- c:\users\alluse~1\applic~1\ABBYY 2010-09-02 09:22:52 27456 ----a-w- c:\windows\system32\solidlocalmon.dll 2010-09-02 09:22:52 18752 ----a-w- c:\windows\system32\solidlocalui.dll 2010-09-02 09:20:13 167 ----a-w- c:\windows\ConverterCore.INI 2010-09-02 09:17:05 0 d-----w- c:\users\kole017\application data\SolidDocuments 2010-09-02 09:17:03 0 d-----w- c:\program files\SolidDocuments 2010-09-02 09:14:14 0 d-----w- c:\users\alluse~1\applic~1\SolidDocuments 2010-08-31 15:02:52 235008 ----a-w- c:\windows\system32\Winlie.exe 2010-08-31 15:02:52 0 d-----w- c:\program files\PDF to Word Converter 2010-08-30 14:27:34 0 d-----w- C:\vb08sbs 2010-08-29 09:58:31 0 d-----w- c:\windows\system32\QuickTime 2010-08-27 13:08:39 0 d-sh--w- c:\users\kole017\IECompatCache 2010-08-27 06:43:12 0 d-----w- c:\program files\Icons from File 2010-08-26 15:05:06 69120 ----a-w- c:\windows\system32\Notepad.EXE 2010-08-26 15:05:06 69120 ----a-w- c:\windows\system32\dllcache\notepad.exe 2010-08-26 11:52:48 0 d-----w- c:\users\kole017\application data\GetRightToGo 2010-08-24 06:19:49 240128 ----a-w- c:\windows\system32\comctl32.oca 2010-08-23 18:40:56 0 d-----w- c:\program files\Intelore 2010-08-18 10:26:23 52224 ----a-w- c:\windows\system32\COMCT232.oca 2010-08-18 09:31:50 90624 ----a-w- c:\windows\system32\MSHFLXGD.oca 2010-08-18 09:31:50 69632 ----a-w- c:\windows\system32\MSDATLST.oca 2010-08-18 09:31:50 48640 ----a-w- c:\windows\system32\MSMASK32.oca 2010-08-18 09:31:50 35840 ----a-w- c:\windows\system32\MSADODC.oca 2010-08-18 09:31:50 18944 ----a-w- c:\windows\system32\PICCLP32.oca 2010-08-18 09:31:50 17408 ----a-w- c:\windows\system32\SYSINFO.oca 2010-08-18 09:31:49 64000 ----a-w- c:\windows\system32\RICHTX32.oca 2010-08-18 09:31:49 43008 ----a-w- c:\windows\system32\MSMAPI32.oca 2010-08-18 09:31:49 29184 ----a-w- c:\windows\system32\MSINET.oca 2010-08-18 09:31:49 22016 ----a-w- c:\windows\system32\MSWINSCK.oca 2010-08-18 09:31:49 135168 ----a-w- c:\windows\system32\MSCOMCT2.oca 2010-08-18 09:31:48 76288 ----a-w- c:\windows\system32\MSFLXGRD.oca 2010-08-16 16:36:08 35328 ----a-w- c:\windows\system32\COMCT332.oca 2010-08-16 16:36:08 265728 ----a-w- c:\windows\system32\MSCOMCTL.oca 2010-08-15 16:04:45 0 d-----w- c:\windows\Odlikas za drugake 2010-08-15 16:04:45 0 d-----w- c:\program files\Odlikas za drugake ==================== Find3M ==================== 2010-07-28 09:00:23 0 ----a-w- C:\sudoku.dat 2010-07-18 10:53:34 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-18 10:53:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-18 10:53:27 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-08 17:41:26 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-07-08 17:41:26 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-06-22 20:30:48 411480 ----a-w- c:\windows\system32\tsccvid.dll 2010-04-05 07:38:30 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat 2009-12-08 03:06:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009120820091209\index.dat 2010-02-27 15:20:11 32768 --sha-w- c:\windows\temp\cookies\index.dat 2010-02-27 15:20:11 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat 2010-02-27 15:20:11 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 9:29:43,18 =============== https://www.mycity.rs/must-login.png RootRepeal: https://www.mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 03 Sep 2010 18:16 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav i dobro dosao u Ambulantu MyCity foruma. U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ---------------------------------------------------------------------------------- Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. goran9888 (AMF Tim)

Profil

elzike7 Poslao: 03 Sep 2010 18:49 Idi na vrh
offline elzike7 Počasni građanin Pridružio: 15 Maj 2009 Poruke: 963	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ja sam iskljucio Resident Shield po uputstvu ali ComboFix ga jos uvek pronalazi.

Profil

1l padr1n0 Poslao: 03 Sep 2010 19:38 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ignorisi to upozorenje, tj. klik na Ok i isprati naredne korake za postavljanje CF log-a.

Profil

elzike7 Poslao: 03 Sep 2010 20:09 Idi na vrh
offline elzike7 Počasni građanin Pridružio: 15 Maj 2009 Poruke: 963	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-09-02.04 - kole017 03.09.2010 20:00:58.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1918.1407 [GMT 2:00] Running from: c:\users\kole017\Desktop\Ambulanta\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Avira FireWall enabled {11638345-E4FC-4BEE-BB73-EC754659C5F6} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\kole017\Recent\Thumbs.db c:\windows\system32\drivers\31.exe c:\windows\system32\drivers\78.exe c:\windows\system32\sleep.exe c:\windows\system32\Thumbs.db c:\windows\system32\drivers\cdrom.sys was missing Restored copy from - c:\system volume information\_restore{F39CD5EB-3C00-4E02-9E15-456C8A3ED439}\RP199\A0089036.sys . ((((((((((((((((((((((((( Files Created from 2010-08-03 to 2010-09-03 ))))))))))))))))))))))))))))))) . 2063-09-19 05:50 . 2063-09-19 05:50 5501 ----a-w- c:\windows\system32\rtclmg32.dll 2010-09-03 18:05 . 2010-09-02 16:08 49536 ----a-w- c:\windows\system32\drivers\cdrom.sys 2010-09-03 18:05 . 2010-09-02 16:08 49536 ----a-w- c:\windows\system32\dllcache\cdrom.sys 2010-09-03 17:24 . 2010-09-03 17:24 -------- d-----w- c:\program files\VeryPDF PDF2Word v3.0 2010-09-03 17:16 . 2010-09-03 17:16 1024 ----a-w- c:\windows\system32\pdfeditor.dat 2010-09-03 17:16 . 2010-09-03 17:17 -------- d-----w- c:\program files\VeryPDF PDF Editor v2.6 2010-09-02 10:55 . 2010-09-02 17:20 578048 ----a-w- c:\windows\system32\dllcache\user32.dll 2010-09-02 10:33 . 2010-09-02 10:33 -------- d-----w- c:\users\kole017\Local Settings\Application Data\ABBYY 2010-09-02 10:29 . 2010-09-02 10:29 -------- d-----w- c:\users\All Users\Application Data\ABBYY 2010-09-02 09:23 . 2010-09-02 09:23 2686232 ----a-w- c:\users\All Users\Application Data\SolidDocuments\Installer\Solid Converter PDF\kole017\SolidSFX_Data\components\vcredist_x86.exe 2010-09-02 09:22 . 2009-10-23 19:21 18752 ----a-w- c:\windows\system32\solidlocalui.dll 2010-09-02 09:22 . 2009-10-23 19:20 27456 ----a-w- c:\windows\system32\solidlocalmon.dll 2010-09-02 09:17 . 2010-09-02 09:40 -------- d-----w- c:\users\kole017\Application Data\SolidDocuments 2010-09-02 09:17 . 2010-09-02 09:42 -------- d-----w- c:\program files\SolidDocuments 2010-09-02 09:14 . 2010-09-02 09:14 -------- d-----w- c:\users\All Users\Application Data\SolidDocuments 2010-08-31 15:02 . 2010-08-31 15:13 -------- d-----w- c:\program files\PDF to Word Converter 2010-08-31 15:02 . 2005-12-22 14:32 235008 ----a-w- c:\windows\system32\Winlie.exe 2010-08-30 14:27 . 2010-08-30 14:27 -------- d-----w- C:\vb08sbs 2010-08-29 09:58 . 2010-08-29 09:58 -------- d-----w- c:\windows\system32\QuickTime 2010-08-28 10:18 . 2010-08-28 10:18 -------- d-----w- c:\users\tata\Application Data\GlarySoft 2010-08-28 10:15 . 2010-08-28 10:15 -------- d-sh--w- c:\users\tata\IECompatCache 2010-08-28 09:19 . 2010-08-28 09:22 -------- d-----w- c:\users\tata\Local Settings\Application Data\Temporary Projects 2010-08-27 13:08 . 2010-08-27 13:08 -------- d-sh--w- c:\users\kole017\IECompatCache 2010-08-27 12:47 . 2010-08-27 12:47 -------- d-----w- c:\users\car017\Application Data\BSplayer Pro 2010-08-27 06:43 . 2010-08-27 06:46 -------- d-----w- c:\program files\Icons from File 2010-08-26 15:05 . 2004-08-04 09:00 69120 ----a-w- c:\windows\system32\Notepad.EXE 2010-08-26 15:05 . 2004-08-04 09:00 69120 ----a-w- c:\windows\system32\dllcache\notepad.exe 2010-08-26 14:57 . 2010-08-29 14:42 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2010-08-26 14:30 . 2010-08-26 14:30 -------- d-----w- c:\users\tata\Local Settings\Application Data\Microsoft Help 2010-08-26 11:52 . 2010-08-26 11:53 -------- d-----w- c:\users\kole017\Application Data\GetRightToGo 2010-08-23 18:40 . 2010-08-23 18:40 -------- d-----w- c:\program files\Intelore 2010-08-15 16:04 . 2010-08-15 16:04 -------- d-----w- c:\windows\Odlikas za drugake 2010-08-15 16:04 . 2010-08-15 16:04 -------- d-----w- c:\program files\Odlikas za drugake 2010-08-13 17:09 . 2010-07-31 15:37 3862016 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll 2010-08-13 17:09 . 2010-07-28 18:52 24576 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll 2010-08-13 17:09 . 2010-06-25 01:37 110592 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll 2010-08-13 17:09 . 2010-02-04 20:16 40960 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-03 18:00 . 2010-07-03 16:57 -------- d-----w- c:\program files\Common Files\Akamai 2010-09-03 17:29 . 2010-06-10 10:54 -------- d-----w- c:\program files\SomePDF 2010-09-03 07:10 . 2009-12-15 18:35 -------- d-----w- c:\users\kole017\Application Data\Skype 2010-09-03 07:04 . 2009-12-15 18:37 -------- d-----w- c:\users\kole017\Application Data\skypePM 2010-08-30 05:22 . 2010-02-17 21:23 -------- d-----w- c:\program files\JDownloader 2010-08-29 14:43 . 2010-07-26 13:11 -------- d-----w- c:\users\All Users\Application Data\Microsoft Help 2010-08-29 10:10 . 2010-01-24 17:06 -------- d-----w- c:\program files\TechSmith 2010-08-29 10:10 . 2010-01-24 17:06 -------- d-----w- c:\users\All Users\Application Data\TechSmith 2010-08-27 10:59 . 2010-02-16 11:10 -------- d-----w- c:\users\car017\Application Data\Winamp 2010-08-26 14:59 . 2010-07-26 13:18 193824 ----a-w- c:\users\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll 2010-08-26 14:59 . 2010-07-26 13:17 416 ----a-w- c:\users\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll 2010-08-26 11:39 . 2009-12-16 08:07 -------- d---a-w- c:\users\All Users\Application Data\TEMP 2010-08-17 16:29 . 2010-01-29 20:57 -------- d-----w- c:\program files\Glary Utilities 2010-08-15 11:46 . 2009-12-28 23:54 -------- d-----w- c:\users\tata\Application Data\Winamp 2010-08-15 06:56 . 2009-12-18 15:56 297232 ----a-w- c:\users\tata\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-03 18:46 . 2009-12-14 06:11 -------- d-----w- c:\users\tata\Application Data\Skype 2010-08-03 18:22 . 2010-01-01 12:54 -------- d-----w- c:\users\tata\Application Data\skypePM 2010-07-30 12:15 . 2009-12-09 06:04 -------- d-----w- c:\users\All Users\Application Data\NOS 2010-07-28 09:00 . 2010-07-28 09:00 0 ----a-w- C:\sudoku.dat 2010-07-27 06:32 . 2009-12-28 12:41 -------- d-----w- c:\users\kole017\Application Data\Winamp 2010-07-27 06:29 . 2009-12-08 03:59 -------- d-----w- c:\program files\Winamp 2010-07-27 02:25 . 2009-12-08 03:29 500856 ----a-w- c:\users\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-07-26 17:38 . 2010-07-26 17:36 -------- d-----w- c:\users\All Users\Application Data\Apple Computer 2010-07-26 17:36 . 2010-07-26 17:36 -------- d-----w- c:\program files\QuickTime 2010-07-26 17:19 . 2010-07-26 17:19 -------- d-----w- c:\users\kole017\Application Data\Apple Computer 2010-07-26 13:21 . 2009-12-08 04:32 297624 ----a-w- c:\users\kole017\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-26 13:19 . 2010-07-26 13:19 -------- d-----w- c:\program files\Microsoft SQL Server 2010-07-26 13:19 . 2010-07-26 13:19 -------- d-----w- c:\program files\Microsoft Synchronization Services 2010-07-26 13:19 . 2010-07-26 13:19 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-07-26 13:11 . 2010-07-26 13:11 -------- d-----w- c:\program files\Microsoft SDKs 2010-07-21 07:23 . 2010-07-21 07:16 136374 ----a-w- c:\windows\Help\hhcolreg.dat 2010-07-21 07:15 . 2010-07-21 07:14 -------- d-----w- c:\program files\MagicDisc 2010-07-21 07:13 . 2010-07-21 07:13 -------- d-----w- c:\program files\MagicISO 2010-07-20 06:07 . 2010-07-19 11:13 -------- d-----w- c:\program files\Web Publish 2010-07-18 11:39 . 2010-07-18 11:39 -------- d-----w- c:\users\kole017\Application Data\Publish Providers 2010-07-18 11:39 . 2010-07-18 11:39 -------- d-----w- c:\program files\VSTplugins 2010-07-18 11:38 . 2010-07-18 11:38 -------- d-----w- c:\users\kole017\Application Data\Sony 2010-07-18 11:36 . 2010-07-18 11:36 -------- d-----w- c:\users\All Users\Application Data\Sony 2010-07-18 11:17 . 2010-07-18 11:17 -------- d-----w- c:\program files\Sony 2010-07-18 11:16 . 2010-07-18 11:16 -------- d-----w- c:\program files\Sony Setup 2010-07-18 10:53 . 2010-06-26 18:28 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-18 10:53 . 2010-07-18 10:53 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-18 10:53 . 2010-06-26 18:28 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-14 18:42 . 2009-12-08 16:02 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-09 14:16 . 2010-07-09 12:43 -------- d-----w- c:\users\car017\Application Data\PCToolsFirewallPlus 2010-07-09 06:47 . 2010-07-09 06:46 -------- d-----w- c:\users\kole017\Application Data\PCToolsFirewallPlus 2010-07-08 17:42 . 2010-07-08 17:42 45056 ----a-w- c:\users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-07-08 17:42 . 2010-05-29 18:20 45056 ----a-w- c:\users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-07-08 17:42 . 2010-07-08 17:42 45056 ----a-w- c:\users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-07-08 17:42 . 2010-07-08 17:42 45056 ----a-w- c:\users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-07-08 17:42 . 2010-07-08 17:42 40960 ----a-w- c:\users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-07-08 17:42 . 2010-07-08 17:42 14848 ----a-w- c:\users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll 2010-07-08 17:42 . 2010-05-29 18:20 49152 ----a-w- c:\users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-07-08 17:42 . 2010-05-29 18:20 308808 ----a-w- c:\users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-07-08 17:42 . 2010-07-08 17:42 341600 ----a-w- c:\users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-07-08 17:42 . 2010-07-08 17:41 -------- d-----w- c:\program files\Real 2010-07-08 17:41 . 2009-10-29 04:48 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-07-08 17:41 . 2006-09-25 15:39 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-06-27 07:22 . 2010-06-26 18:28 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-06-22 20:30 . 2010-06-22 20:30 411480 ----a-w- c:\windows\system32\tsccvid.dll . ------- Sigcheck ------- [-] 2004-08-04 . BB4D3A8E6F7EB1D370BC4AD27AB23368 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-08 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016] "VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-07-12 29896704] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-18 2065760] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSimpleStartMenu"= 1 (0x1) "StartMenuFavorites"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-18 10:53 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk] backup=c:\windows\pss\Device Detector 3.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-01-10 13:27 385024 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-12-08 15:58 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-07-08 17:41 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "VirtualDrive"="c:\program files\FarStone\VirtualDrivePro\VDTask.exe" /AutoRestore [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\games\\CS 1.6 v42 FULL\\hl.exe"= "c:\\Users\\All Users\\Application Data\\YoYoGames\\yoyo61.exe"= "c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\FarStone\\VirtualDrivePro\\MGR.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1040:TCP"= 1040:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26.6.2010 20:28 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26.6.2010 20:28 243024] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4.8.2004 11:00 14336] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [18.7.2010 12:53 308136] R3 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [29.3.2010 14:43 60008] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8.12.2009 18:01 279680] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.2.2010 18:55 135664] S2 OMSCAN;OMSCAN;\Sysl --> \Sysl [?] S3 FXDrv32;FXDrv32;\??\f:\fxdrv32.sys --> f:\FXDrv32.sys [?] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6.4.2009 14:19 23064] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.3.2010 17:45 685816] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder 2010-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-09-03 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-01-29 09:21] 2010-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 16:55] 2010-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 16:55] 2010-09-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-2147080141-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-09-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-2147080141-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-09-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-2147080141-839522115-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-09-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-2147080141-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-09-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-2147080141-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-09-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-2147080141-839522115-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.rs/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: {BB8BD4B8-6E1A-4B6E-B6F7-A5235CB6D591} = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.rs FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\users\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-03 20:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN] "ImagePath"="\Sys" . Completion time: 2010-09-03 20:07:17 ComboFix-quarantined-files.txt 2010-09-03 18:07 Pre-Run: 32.565.923.840 bytes free Post-Run: 32.795.348.992 bytes free - - End Of File - - F54F041A925CC21EFA9DAC55153CC89A

Profil

1l padr1n0 Poslao: 03 Sep 2010 22:00 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upload-uj mi fajl: c:\qoobox\quarantine\c\windows\system32\sleep.exe.vir preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php Kakvo je sada stanje racunara?

Profil

elzike7 Poslao: 04 Sep 2010 08:39 Idi na vrh
offline elzike7 Počasni građanin Pridružio: 15 Maj 2009 Poruke: 963	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadovao sam... Sad je dobro... Primetio sam da mi je pre pokretanja CF Windows Security Centar bio ugasen, sad ne mogu da primetim da nesto nije u redu...

Profil

1l padr1n0 Poslao: 04 Sep 2010 10:35 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Potrebno je da vratimo legitimni fajl koji je CF obrisao. Isprati detaljno sledece uputstvo ----------------------------------------------------------------------------------- Otvoriti Notepad i iskopirati sledeci tekst: `DeQuarantine:: c:\qoobox\quarantine\c\windows\system32\sleep.exe.vir Quit::` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. goran9888 (AMF Tim)

Profil

elzike7 Poslao: 04 Sep 2010 11:02 Idi na vrh
offline elzike7 Počasni građanin Pridružio: 15 Maj 2009 Poruke: 963	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! c:\qoobox\quarantine\c\windows\system32\sleep.exe.vir -> c:\windows\system32\sleep.exe ( 26013 bytes )

Profil

1l padr1n0 Poslao: 04 Sep 2010 11:56 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Racunar je cist sto se malware-a tice. Detaljno isprati sledece uputstvo ----------------------------------------------------------------------------------- Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. ----------------------------------------------------------------------------------- Preporuka: - Preporucujem ti da instaliras Service Pack 3. Necu govoriti o njegovim prednostima u odnosu na SP2. Te informacije mozes naci na net-u. Uglavnom, MS je prekinuo podrsku za Service Pack 2 koji je instaliran na tvom racunaru i to je jos jedan od problema. ----------------------------------------------------------------------------------- Ovom mojom porukom zavrsavamo diskusiju u ovoj temi. Hvala sto verujes AMF Tim-u. Pozdrav, goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Provera nakon infekcije

Ko je trenutno na forumu

Ukupno su 1126 korisnika na forumu :: 25 registrovanih, 6 sakrivenih i 1095 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., amaterSRB, Apok, bokisha253, BORUTUS, goxsys, Korida, krasta, Kubovac, laurusri, Marko Marković, mercedesamg, milenko crazy north, milutin134, nenad81, Qwertyuio, radionica1, raptorsi, saputnik plavetnila, savaskytec, sol, stegonosa, vladulns, vukovi

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by