MyCity » Ambulanta -> Arhiva Ambulante » abnow.com problem

abnow.com problem

Napisano na dan: 2.3.2012

abnow.com problem
Sledeća strana Pagination

Idi na vrh

Poslao: 02 Mar 2012 21:47
Idi na vrh
offline
  • Pridružio: 02 Mar 2012
  • Poruke: 5

Pozdrav, koristim adsl 516 kb/s. Problem je poceo da se ispoljava danas oko 5 sati kad sam upalio kompjuter.Google pretrazivac mi funkcionise i kada trazim zeljenu stranicu nadje je ali kada trebam da udjem na zeljenu stranicu usmeri me na sajt abnow.com i to nikako ne mogu da izmenim svaki put kad hocu da udjem na neki sajt uvek me sumeri na taj abnow.com
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Run by dejan at 19:15:14 on 2012-03-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.224.26 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\iPScan5x.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=14597
mStart Page = hxxp://www.yahoo.com
uWinlogon: Shell=c:\documents and settings\dejan\local settings\application data\d2d4a883\X
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [POEngine5]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Vagex] c:\docume~1\dejan\locals~1\temp\rar$ex00.312\vagex\Vagex.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [ASUS Probe] c:\program files\asus\probe\AsusProb.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [iPScan5x] c:\windows\iPScan5x.EXE
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7142B915-EC55-4825-96E4-C99C298CA578} : NameServer = 212.200.191.166,212.200.190.166,208.67.222.222,208.67.220.220
TCP: Interfaces\{7142B915-EC55-4825-96E4-C99C298CA578} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dejan\application data\mozilla\firefox\profiles\9armk4j2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com/?l=dis&o=14597
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mapsgalaxy_39ei\installr\1.bin\NP39EISb.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-6-29 54760]
S3 cpuz134;cpuz134;\??\c:\docume~1\dejan\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\dejan\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
.
=============== Created Last 30 ================
.
2012-03-02 05:36:13 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-03-02 05:32:44 -------- d-sh--w- c:\documents and settings\dejan\local settings\application data\d2d4a883
2012-02-18 23:37:50 -------- d-----w- c:\program files\MapsGalaxy_39EI
.
==================== Find3M ====================
.
.
============= FINISH: 19:16:19.39 ===============


mycity.rs/must-login.png
Kod koraka 3 postupka javio mi se problem Gmer mi je skenirao skoro 2 i po sata da bi mi na kraju izbacio ovo: WARNING !!!
GMER has found system modification caused by ROOTKIT activity.
I bila je opcija ok koju sam pritisnuo i nakon toga je prestao da skenira ali se nije zavrsilo skeniranje jednostavno je stalo.
Zarim sam probao sa Root Repeak programom ali mi on izbacuje:
Error - Invalid PE Image found.
Molim za pomoc sta da radim?Hvala unapred.

Poslao: 03 Mar 2012 00:56
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Exclamation

U toku riješavanja slučaja, zamolio bih te da se pridržavaš sledećeg:
Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamjenjivati) i raditi isključivo po njima;
Ne tražiti istovremeno pomoć na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio;
Ukoliko ne odgovorim u roku od 48h, osvježi temu novim post-om;
Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj.
Za više informacija o pravilima Ambulante MyCity foruma: LINK



Arrow

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Poslao: 03 Mar 2012 16:10
Idi na vrh
offline
  • Pridružio: 02 Mar 2012
  • Poruke: 5

Hvala puno na odazivu i instrukcijama.Evo odradio sam se kako si naveo da treba.
ComboFix 12-03-02.01 - dejan 03/03/2012 15:45:58.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.224.62 [GMT 1:00]
Running from: c:\documents and settings\dejan\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\dejan\Application Data\Microsoft\~DFK322279.tmp
c:\documents and settings\dejan\Application Data\Microsoft\~DFK32292f.tmp
c:\documents and settings\dejan\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\dejan\Application Data\Microsoft\bass.dll
c:\documents and settings\dejan\Application Data\Microsoft\engine_vx.dll
c:\documents and settings\dejan\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\dejan\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\dejan\Application Data\Microsoft\peaadje.dll
c:\documents and settings\dejan\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\dejan\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\dejan\Local Settings\Application Data\d2d4a883\U
c:\documents and settings\dejan\Local Settings\Application Data\d2d4a883\U\00000001.@
c:\documents and settings\dejan\Local Settings\Application Data\d2d4a883\U\000000c0.@
c:\documents and settings\dejan\Local Settings\Application Data\d2d4a883\U\000000cb.@
c:\documents and settings\dejan\Local Settings\Application Data\d2d4a883\U\000000cf.@
c:\documents and settings\dejan\Local Settings\Application Data\d2d4a883\U\80000000.@
c:\documents and settings\dejan\Local Settings\Application Data\d2d4a883\U\800000c0.@
c:\documents and settings\dejan\Local Settings\Application Data\d2d4a883\U\800000cb.@
c:\documents and settings\dejan\Local Settings\Application Data\d2d4a883\U\800000cf.@
c:\documents and settings\dejan\Local Settings\Application Data\d2d4a883\X
c:\windows\$NtUninstallKB34216$
c:\windows\$NtUninstallKB34216$\3443362167
c:\windows\$NtUninstallKB34216$\3537152131\@
c:\windows\$NtUninstallKB34216$\3537152131\L\ioiuaqyr
c:\windows\$NtUninstallKB34216$\3537152131\loader.tlb
c:\windows\$NtUninstallKB34216$\3537152131\U\@00000001
c:\windows\$NtUninstallKB34216$\3537152131\U\@000000c0
c:\windows\$NtUninstallKB34216$\3537152131\U\@000000cb
c:\windows\$NtUninstallKB34216$\3537152131\U\@000000cf
c:\windows\$NtUninstallKB34216$\3537152131\U\@80000000
c:\windows\$NtUninstallKB34216$\3537152131\U\@800000c0
c:\windows\$NtUninstallKB34216$\3537152131\U\@800000cb
c:\windows\$NtUninstallKB34216$\3537152131\U\@800000cf
c:\windows\system32\avg7core.dll
c:\windows\system32\oobe\msoobe.exe
c:\windows\system32\oobe\oobebaln.exe
.
Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected
Restored copy from - The cat found it Smile
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_regsrvc
-------\Service_regsrvc
.
.
((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-03 14:32 . 2008-07-30 12:09 455936 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2012-03-03 14:32 . 2008-07-30 12:09 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-03-02 05:36 . 2012-03-03 14:09 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-03-02 05:32 . 2012-03-03 14:55 -------- d-sh--w- c:\documents and settings\dejan\Local Settings\Application Data\d2d4a883
2012-02-18 23:37 . 2012-02-18 23:37 -------- d-----w- c:\program files\MapsGalaxy_39EI
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 05:24 . 2011-06-04 02:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-25_15.20.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-15 21:27 . 2005-08-01 15:01 57344 c:\windows\twain_32\SNPSTD3D\TwainUI.dll
- 2011-06-15 21:27 . 2005-08-01 14:01 57344 c:\windows\twain_32\SNPSTD3D\TwainUI.dll
+ 2011-06-15 21:27 . 2005-08-01 15:01 57344 c:\windows\twain_32\SNPSTD3C\TwainUI.dll
- 2011-06-15 21:27 . 2005-08-01 14:01 57344 c:\windows\twain_32\SNPSTD3C\TwainUI.dll
- 2011-06-15 21:27 . 2005-08-01 14:01 57344 c:\windows\twain_32\SNPSTD3B\TwainUI.dll
+ 2011-06-15 21:27 . 2005-08-01 15:01 57344 c:\windows\twain_32\SNPSTD3B\TwainUI.dll
- 2011-06-15 21:27 . 2005-08-01 14:01 57344 c:\windows\twain_32\SNPSTD3A\TwainUI.dll
+ 2011-06-15 21:27 . 2005-08-01 15:01 57344 c:\windows\twain_32\SNPSTD3A\TwainUI.dll
+ 2011-11-11 02:08 . 2010-06-02 03:55 74072 c:\windows\system32\XAPOFX1_5.dll
+ 2011-11-11 02:08 . 2010-02-04 09:01 74072 c:\windows\system32\XAPOFX1_4.dll
+ 2011-11-11 02:08 . 2009-09-04 16:44 69464 c:\windows\system32\XAPOFX1_3.dll
+ 2011-11-11 02:08 . 2008-10-27 09:04 70992 c:\windows\system32\XAPOFX1_2.dll
+ 2011-11-11 02:08 . 2010-02-04 09:01 22360 c:\windows\system32\X3DAudio1_7.dll
+ 2011-11-11 02:08 . 2009-03-16 13:18 22360 c:\windows\system32\X3DAudio1_6.dll
+ 2011-11-11 02:07 . 2008-10-27 09:04 23376 c:\windows\system32\X3DAudio1_5.dll
- 2010-06-29 22:59 . 2007-03-12 09:41 61440 c:\windows\system32\vsnpstd3.dll
+ 2010-06-29 22:59 . 2007-03-30 14:09 61440 c:\windows\system32\vsnpstd3.dll
+ 2008-04-14 12:00 . 2011-10-30 16:12 59148 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2011-04-23 04:04 59148 c:\windows\system32\perfc009.dat
+ 2010-06-29 16:38 . 2011-09-17 00:45 94272 c:\windows\system32\FNTCACHE.DAT
+ 2007-06-25 08:43 . 2007-06-25 08:43 12200 c:\windows\system32\drivers\s117whnt.sys
+ 2007-06-25 08:43 . 2007-06-25 08:43 12200 c:\windows\system32\drivers\s117wh.sys
+ 2007-06-25 08:43 . 2007-06-25 08:43 14888 c:\windows\system32\drivers\s117mdfl.sys
+ 2007-06-25 08:43 . 2007-06-25 08:43 12200 c:\windows\system32\drivers\s117cmnt.sys
+ 2007-06-25 08:43 . 2007-06-25 08:43 12200 c:\windows\system32\drivers\s117cm.sys
+ 2007-06-25 08:43 . 2007-06-25 08:43 82984 c:\windows\system32\drivers\s117bus.sys
+ 2011-06-15 21:27 . 2005-11-23 12:55 53248 c:\windows\system32\csnpstd3.dll
- 2011-06-15 21:27 . 2005-11-23 10:55 53248 c:\windows\system32\csnpstd3.dll
+ 2011-12-03 02:09 . 2008-09-06 06:29 98304 c:\windows\iPScan5x.exe
+ 2011-12-03 02:09 . 2008-09-03 13:35 53248 c:\windows\iPInst5x.dll
+ 2011-09-26 20:53 . 2011-09-26 20:53 75656 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\ProductName.chm.de_D066A77819B7480BA99CC79FB02C9357.exe
+ 2011-09-26 20:53 . 2011-09-26 20:53 75656 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.pt_6CF114D33913468CBA2AA6967939B819.exe
+ 2011-09-26 20:53 . 2011-09-26 20:53 75656 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.it_251B66F1CA924E82A1EE29E85D5EC5A1.exe
+ 2011-09-26 20:53 . 2011-09-26 20:53 75656 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.fr_E1678746353A46E3A9150D3E8B3832B1.exe
+ 2011-09-26 20:53 . 2011-09-26 20:53 75656 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.es_654C8EA5162D4D4084239A5EDD67F462.exe
+ 2011-12-03 02:01 . 2005-11-23 12:55 53248 c:\windows\csnpstd3.dll
+ 2011-09-26 20:54 . 2011-09-26 20:54 77824 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\e86cc8657647ff469312f3f619280c17\Microsoft.Vsa.ni.dll
+ 2011-09-26 20:54 . 2011-09-26 20:54 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\ExceptionLogging\973213bedc0d024c88e0439ba1e6354e\ExceptionLogging.ni.dll
+ 2011-11-11 02:07 . 2011-11-11 02:07 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2010-06-29 23:04 . 2010-06-29 23:04 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-11-11 02:07 . 2011-11-11 02:07 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2010-06-29 23:04 . 2010-06-29 23:04 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-06-15 21:28 . 2006-07-03 08:31 94208 c:\windows\amcap.exe
+ 2011-06-15 21:28 . 2006-07-03 09:31 94208 c:\windows\amcap.exe
+ 2011-06-15 21:27 . 2006-09-18 13:12 843776 c:\windows\vsnpstd3.exe
- 2011-06-15 21:27 . 2006-06-19 09:43 262144 c:\windows\tsnpstd3.exe
+ 2011-06-15 21:27 . 2007-03-30 16:44 262144 c:\windows\tsnpstd3.exe
+ 2011-11-11 02:08 . 2010-06-02 03:55 527192 c:\windows\system32\XAudio2_7.dll
+ 2011-11-11 02:08 . 2010-02-04 09:01 528216 c:\windows\system32\XAudio2_6.dll
+ 2011-11-11 02:08 . 2009-09-04 16:44 515416 c:\windows\system32\XAudio2_5.dll
+ 2011-11-11 02:08 . 2009-03-16 13:18 517448 c:\windows\system32\XAudio2_4.dll
+ 2011-11-11 02:08 . 2008-10-27 09:04 514384 c:\windows\system32\XAudio2_3.dll
+ 2011-11-11 02:08 . 2010-06-02 03:55 239960 c:\windows\system32\xactengine3_7.dll
+ 2011-11-11 02:08 . 2010-02-04 09:01 238936 c:\windows\system32\xactengine3_6.dll
+ 2011-11-11 02:08 . 2009-09-04 16:44 238936 c:\windows\system32\xactengine3_5.dll
+ 2011-11-11 02:08 . 2009-03-16 13:18 235352 c:\windows\system32\xactengine3_4.dll
+ 2011-11-11 02:08 . 2008-10-27 09:04 235856 c:\windows\system32\xactengine3_3.dll
+ 2011-06-15 21:27 . 2007-03-21 14:23 172032 c:\windows\system32\rsnpstd3.dll
+ 2008-04-14 12:00 . 2011-10-30 16:12 392958 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2011-04-23 04:04 392958 c:\windows\system32\perfh009.dat
+ 2011-11-21 18:55 . 2011-11-21 18:55 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-11-21 18:55 . 2011-11-21 18:55 335520 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2011-09-17 01:46 . 2011-01-13 14:06 892928 c:\windows\system32\iconv.dll
+ 2007-06-25 08:43 . 2007-06-25 08:43 108456 c:\windows\system32\drivers\s117mdm.sys
+ 2011-11-11 02:08 . 2010-05-26 10:41 248672 c:\windows\system32\d3dx11_43.dll
+ 2011-11-11 02:08 . 2009-09-04 16:29 235344 c:\windows\system32\d3dx11_42.dll
+ 2011-11-11 02:08 . 2010-05-26 10:41 470880 c:\windows\system32\d3dx10_43.dll
+ 2011-11-11 02:08 . 2009-09-04 16:29 453456 c:\windows\system32\d3dx10_42.dll
+ 2011-11-11 02:08 . 2009-03-09 14:27 453456 c:\windows\system32\d3dx10_41.dll
+ 2011-11-11 02:08 . 2008-10-10 03:52 452440 c:\windows\system32\d3dx10_40.dll
+ 2011-09-17 17:40 . 2011-08-22 18:23 175864 c:\windows\system32\BytescoutVideoMixerFilter.dll
+ 2011-09-17 17:40 . 2011-08-22 18:23 257784 c:\windows\system32\BytescoutScreenCapturingFilter.dll
+ 2011-09-17 17:40 . 2011-08-22 18:23 421624 c:\windows\system32\BytescoutScreenCapturing.dll
- 2006-03-31 09:27 . 2006-03-31 09:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 09:27 . 2006-03-31 10:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
- 2005-09-28 12:11 . 2005-09-28 12:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 12:11 . 2005-09-28 13:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 15:21 . 2005-07-22 16:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
- 2005-07-22 15:21 . 2005-07-22 15:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
- 2005-05-26 13:15 . 2005-05-26 13:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 13:15 . 2005-05-26 14:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2011-09-26 20:55 . 2011-09-26 20:55 139264 c:\windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\6569b1c2fc1eb2429e3541ac982ddf6a\XPBurnComponent.ni.dll
+ 2011-09-26 20:54 . 2011-09-26 20:54 372736 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\a4ad1316b333cf478b1d09f4bee8b69e\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll
+ 2011-09-26 20:55 . 2011-09-26 20:55 356352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\392f4270b0d2f84aa87d584eff4e6423\Microsoft.Practices.ObjectBuilder.ni.dll
+ 2011-09-26 20:55 . 2011-09-26 20:55 167936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\2145025fd115f7448860367933f40282\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
+ 2011-09-26 20:54 . 2011-09-26 20:54 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\7700b0218a94b747b70315575c662e80\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2011-09-26 20:54 . 2011-09-26 20:54 208896 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WUApiLib\b85b46903cb66f4bbbcf3c428fa4035b\Interop.WUApiLib.ni.dll
+ 2011-09-26 20:54 . 2011-09-26 20:54 598016 c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\da193fcb4830a24ba6e433066545cde1\ICSharpCode.SharpZipLib.ni.dll
+ 2011-09-26 20:54 . 2011-09-26 20:54 466944 c:\windows\assembly\NativeImages_v2.0.50727_32\Agent.Communication\1548c0782fc36e4795354bfcc4085f77\Agent.Communication.ni.dll
+ 2011-09-26 20:54 . 2011-09-26 20:54 409600 c:\windows\assembly\NativeImages_v2.0.50727_32\Agent.Common\073ec32271894349812e185bd3dee541\Agent.Common.ni.dll
+ 2011-11-11 02:07 . 2011-11-11 02:07 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2010-06-29 23:04 . 2010-06-29 23:04 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-11-11 02:07 . 2011-11-11 02:07 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-06-29 23:04 . 2010-06-29 23:04 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-06-29 23:04 . 2010-06-29 23:04 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-11-11 02:07 . 2011-11-11 02:07 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-11-11 02:07 . 2011-11-11 02:07 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-06-29 23:04 . 2010-06-29 23:04 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-06-29 23:04 . 2010-06-29 23:04 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-11-11 02:07 . 2011-11-11 02:07 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-11-11 02:07 . 2011-11-11 02:07 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 02:07 . 2011-11-11 02:07 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 02:07 . 2011-11-11 02:07 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 02:07 . 2011-11-11 02:07 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 02:07 . 2011-11-11 02:07 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 02:07 . 2011-11-11 02:07 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 02:07 . 2011-11-11 02:07 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 02:07 . 2011-11-11 02:07 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2010-06-29 23:04 . 2010-06-29 23:04 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-11-11 02:08 . 2010-05-26 10:41 1998168 c:\windows\system32\D3DX9_43.dll
+ 2011-11-11 02:08 . 2009-09-04 16:29 1892184 c:\windows\system32\D3DX9_42.dll
+ 2011-11-11 02:08 . 2009-03-09 14:27 4178264 c:\windows\system32\D3DX9_41.dll
+ 2011-11-11 02:08 . 2008-10-10 03:52 4379984 c:\windows\system32\D3DX9_40.dll
- 2006-03-31 10:40 . 2006-03-31 10:40 2388176 c:\windows\system32\d3dx9_30.dll
+ 2006-03-31 10:40 . 2006-03-31 11:40 2388176 c:\windows\system32\d3dx9_30.dll
+ 2011-11-11 02:08 . 2010-05-26 10:41 1868128 c:\windows\system32\d3dcsx_43.dll
+ 2011-11-11 02:08 . 2009-09-04 16:29 5501792 c:\windows\system32\d3dcsx_42.dll
+ 2011-11-11 02:08 . 2010-05-26 10:41 2106216 c:\windows\system32\D3DCompiler_43.dll
+ 2011-11-11 02:08 . 2009-09-04 16:29 1974616 c:\windows\system32\D3DCompiler_42.dll
+ 2011-11-11 02:08 . 2009-03-09 14:27 1846632 c:\windows\system32\D3DCompiler_41.dll
+ 2011-11-11 02:08 . 2008-10-10 03:52 2036576 c:\windows\system32\D3DCompiler_40.dll
+ 2004-09-29 10:38 . 2004-09-29 11:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
- 2004-09-29 10:38 . 2004-09-29 10:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2011-09-26 20:54 . 2011-09-26 20:54 1060864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\4d2b9f15dab63549b8123490d549db82\System.Management.ni.dll
+ 2011-09-26 20:54 . 2011-09-26 20:54 2441216 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\1fa7fa82b482bd49a6d637b209da9d67\Microsoft.JScript.ni.dll
+ 2011-09-26 20:54 . 2011-09-26 20:54 1261568 c:\windows\assembly\NativeImages_v2.0.50727_32\Common\1a13bb3b91c8804581f28e946dd18284\Common.ni.dll
+ 2011-09-26 20:54 . 2011-09-26 20:54 5120000 c:\windows\assembly\NativeImages_v2.0.50727_32\Agent\0e73a7032c2124418edf41b1ef607369\Agent.ni.exe
+ 2011-11-11 02:07 . 2011-11-11 02:07 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-11 02:07 . 2011-11-11 02:07 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-06-15 21:27 . 2007-04-03 18:25 10246144 c:\windows\system32\drivers\snpstd3.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POEngine5"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"iPScan5x"="c:\windows\iPScan5x.EXE" [2008-09-06 98304]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
c:\program files\IObit\Advanced SystemCare 3\AWC.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Tray]
2003-10-30 12:10 667648 -c--a-w- c:\windows\system32\sistray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
2003-10-30 12:09 249856 -c--a-w- c:\windows\system32\Keyhook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2003-05-05 06:57 143360 -c--a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-18 13:12 843776 ----a-w- c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-03-30 16:44 262144 ----a-w- c:\windows\tsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
S3 cpuz134;cpuz134;\??\c:\docume~1\dejan\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\dejan\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
regsrvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=14597
mStart Page = hxxp://www.yahoo.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7142B915-EC55-4825-96E4-C99C298CA578}: NameServer = 212.200.191.166,212.200.190.166,208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\dejan\Application Data\Mozilla\Firefox\Profiles\9armk4j2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com/?l=dis&o=14597
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2012-03-03 16:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1924)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-03-03 16:07:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-03 15:06
ComboFix2.txt 2011-08-24 21:40
ComboFix3.txt 2011-08-24 17:46
.
Pre-Run: 4,545,171,456 bytes free
Post-Run: 4,876,673,024 bytes free
.
- - End Of File - - 3A47C6CCE272F11D2CC6D4657F0FD829

Poslao: 03 Mar 2012 21:10
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Nemaš instaliran AV program na sistemu i moraš instalirati jedan.
Ukoliko nemaš novaca ili ne želiš da ga izdvojiš za neki komercijalni AV program, na raspolaganju ti se nalaze kvalitetni besplatni AV programi poput Avast Free, AVG Free, Avira Free, Microsoft Security Essentials, Panda Cloud AV, itd.
Nemoj koristiti piratske verzije AV programa!!!



Arrow Korak 2

Preuzmi novu verziju ComboFix-a sa sledeće adrese na Desktop:
Bleeping Computer

Isprati upustvo koje sam ti napisao u prethodnoj poruci i kopiraj izvještaj u poruku.



Arrow Korak 3

Spakuj u ZIP, RAR ili 7Z arhivu sledeći folder:

C:\Qoobox\Quarantine

i pošalji ga preko sledećeg linka:

http://www.mycity.rs/ambulanta-upload.php

Poslao: 04 Mar 2012 18:47
Idi na vrh
offline
  • Pridružio: 02 Mar 2012
  • Poruke: 5

Bio mi je sinoc drugar i reinstalirao komp. tako da sada nema problema.Izvinite na smetnji i hvala na pomoci.

MyCity » Ambulanta -> Arhiva Ambulante » abnow.com problem

Ko je trenutno na forumu
 

Ukupno su 910 korisnika na forumu :: 15 registrovanih, 4 sakrivenih i 891 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Acivi, bojank, BSD, Centauro, draganl, dragoljub11987, Kenanjoz, mercedesamg, Mercury, Milen Kovic, Nemanja.M, Neutral-M, radionica1, royst33, VojvodaMisic