Poslao: 26 Jul 2011 22:13
|
offline
- Pridružio: 01 Sep 2007
- Poruke: 137
|
i ja sam jedan od zrtava ovog novog virusa koji ide preko fejsa.
javio mi se prijatelj na engleski,dao link videa gde sam ja,ja kliknuo za nadogradnju adoba i onda je sve pocelo.poznata vam prica.
avira antivirus mi je ugasen,kisobran sklopljen i dok je nisam izbrisao stalno mi je isla na neki scan na koji mi komp uvek zablokira.iako je internet ukljucen kao da nije jer nista ne reaguje sto trebam preko neta.a probao sam i neke antiviruse da instaliram ali nije bilo moguce.
problem se poceo ispoljavat jutros cim sam upalio komp sam to uradio.
malwer bytes je detektovao 4 virusa ali sam ih preko njega ondma i izbrisao.
tako sam mislio da cu resit problem ali on je ostao isti.jos sam probao preko hijacka ali ni on ne funkcionise.
imam bezicni internet sto je na flesku,neynam tacno brzinu ali je dobra.
DDS
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Run by Srdjan at 21:44:45 on 2011-07-26
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2047.1546 [GMT 2:00]
.
.
============== Running Processes ===============
.
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\winser.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sdaemon.exe
C:\WINDOWS\winwd.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
svchost.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\T-Mobile Internet Manager\UIExec.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Srdjan\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\PROGRA~1\DUMETE~1\DUMeter.exe
C:\Program Files\WinAlarm\WinAlarm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\T-Mobile Internet Manager\AssistantServices.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\MCShield\MCShieldTray.exe
C:\WINDOWS\system32\mshta.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2465030
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSof1.dll
uURLSearchHooks: SrchHook Class: {f4f10c1d-87c7-404a-b4b3-000000000000} - c:\progra~1\dap\SBSearch.dll
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
uURLSearchHooks: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files\babylon-english\tbBaby.dll
uURLSearchHooks: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~1\SEARCH~1.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live pomagaè za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSof1.dll
BHO: URLHooker2 Class: {93935f7f-9c88-42f8-8445-95251d27fabc} - c:\progra~1\flashv~1\URLHOO~1.DLL
BHO: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files\babylon-english\tbBaby.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll
TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSof1.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files\babylon-english\tbBaby.dll
TB: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RGSC] c:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
uRun: [Web Video Downloader] "c:\program files\sourcetec\sothink web video downloader stand-alone\VideoDownloader.exe"
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [TurboNet] c:\docume~1\srdjan\locals~1\temp\b.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [Google Update] "c:\documents and settings\srdjan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [HKCU] c:\windows\system32\install\server.exe
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [PicoZip] c:\program files\picozip\PicoZipTray.exe
uRun: [DU Meter] c:\program files\du meter\DUMeter.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe
uRun: [MCShieldTray] c:\program files\mcshield\MCShieldTray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SDaemon] c:\windows\sdaemon.exe
mRun: [SWd] c:\windows\winwd.exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -onlytray
mRun: [DataLayer] c:\program files\common files\pcsuite\datalayer\DataLayer.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Smart Start UP] c:\program files\newsoft\smart start up\PnPDetect.exe /Automation
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [HKLM] c:\windows\system32\install\server.exe
mRun: [UIExec] "c:\program files\t-mobile internet manager\UIExec.exe"
uExplorerRun: [Policies] c:\windows\system32\install\server.exe
mExplorerRun: [Policies] c:\windows\system32\install\server.exe
StartupFolder: c:\docume~1\srdjan\startm~1\programs\startup\shortc~1.lnk - c:\program files\winalarm\WinAlarm.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\securenet.dll
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
Hosts: 5.107.120.52 pes09pcgate-e.winning-eleven.net
Hosts: 5.107.120.52 pes2009web.winning-eleven.net
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2465030&SearchSource=13
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{aa994882-f391-4d2e-806f-8908da4814ed}\components\kikin_3_0.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{aa994882-f391-4d2e-806f-8908da4814ed}\components\kikin_3_6.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{b88b1d29-b49c-455d-9fd2-3acd06af56b8}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{b88b1d29-b49c-455d-9fd2-3acd06af56b8}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\{d3dc5de2-0384-43b1-bea5-80d202086138}\components\FFExternalAlert.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files\mozilla firefox\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFAlert.dll
FF - component: c:\program files\speedbit video downloader\spfirefox\components\Engine.dll
FF - component: c:\program files\t-mobile internet manager\addon\components\bmboc_addon3.dll
FF - plugin: c:\documents and settings\srdjan\application data\mozilla\firefox\profiles\0vat2lnb.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\srdjan\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\srdjan\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\npkimi.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Hide My IP: staff@hide-my-ip.com - c:\program files\mozilla firefox\extensions\staff@hide-my-ip.com
FF - Ext: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\mozilla firefox\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Zwangie: {FD47CF56-E0F7-42FB-91D5-03E50A5CBE8C} - c:\program files\mozilla firefox\extensions\{FD47CF56-E0F7-42FB-91D5-03E50A5CBE8C}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: RapidShare DownloadHelper: rsDownloadHelper@yevgenyandrov.net - %profile%\extensions\rsDownloadHelper@yevgenyandrov.net
FF - Ext: Ask.com Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: kikin plugin: {AA994882-F391-4d2e-806F-8908DA4814ED} - %profile%\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Theme XP Toolbar: {d3dc5de2-0384-43b1-bea5-80d202086138} - %profile%\extensions\{d3dc5de2-0384-43b1-bea5-80d202086138}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - %profile%\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
FF - Ext: EN - Real Madrid FC Toolbar: {b88b1d29-b49c-455d-9fd2-3acd06af56b8} - %profile%\extensions\{b88b1d29-b49c-455d-9fd2-3acd06af56b8}
FF - Ext: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - %profile%\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\SPFireFox
FF - Ext: Bytemobile Optimization Client: ff-bmboc@bytemobile.com - c:\program files\t-mobile internet manager\addon
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\dap\DAPFireFox
.
============= SERVICES / DRIVERS ===============
.
R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.sys [2009-1-3 25216]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 81688]
R2 DUMeterSvc;DU Meter Service;c:\program files\du meter\DUMeterSvc.exe [2011-1-1 1411616]
R2 NetProbe;NetProbe Packet Driver;c:\windows\system32\drivers\NetProbe.sys [2009-3-24 5365]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 UI Assistant Service;UI Assistant Service;c:\program files\t-mobile internet manager\AssistantServices.exe [2010-11-6 243712]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~2\VideoAcceleratorService.exe -start -scm [?]
R2 winser;winser;c:\windows\system32\winser.exe [2009-1-3 61440]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2009-11-8 4096]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\du meter\DUM_XP32.sys [2011-1-1 16424]
R3 SecureSrv;SecureSrv;c:\program files\hide my ip 2008\SecureSrv.exe [2011-6-15 110880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Zwangie Service;Zwangie Service;c:\documents and settings\all users.windows\application data\zwangie\zwangie127.exe [2010-1-23 58176]
S3 autorun;autorun;C:\huadio.tmp [2008-12-20 5311]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2010-3-6 219264]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-6-17 20328]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-4 133104]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-3-17 100736]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-5-3 55296]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-11-6 7680]
S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\drivers\cmusbser.sys [2008-3-17 97408]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\wpro_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
.
=============== Created Last 30 ================
.
2011-07-26 19:43:44 -------- d-----w- c:\program files\MCShield
2011-07-26 19:43:44 -------- d-----w- c:\documents and settings\srdjan\application data\MCShield
2011-07-26 17:20:48 388096 ----a-r- c:\documents and settings\srdjan\application data\microsoft\installer\{0761c9a8-8f3a-4216-b4a7-b7afbf24a24a}\HiJackThis.exe
2011-07-26 17:20:47 -------- d-----w- c:\program files\hgcj
2011-07-22 15:07:30 -------- d-----w- c:\documents and settings\srdjan\application data\GetRightToGo
.
==================== Find3M ====================
.
.
============= FINISH: 21:45:47.34 ===============
mycity.rs/must-login.png
mycity.rs/must-login.png
|
|
|
|
|
|
Poslao: 27 Jul 2011 12:13
|
offline
- Fil
- Legendarni građanin
- Pridružio: 11 Jun 2009
- Poruke: 16586
|
Hajde da probamo sa ovim:
Preuzmi Rootkit Unhooker na Desktop.
Dvoklikom pokreni program;
odaberi Report karticu;
klikni Scan i u prozoru koji se otvori štrikliraj stavke:
SSDT
Shadow SSDT
Processes
Drivers
Stealth Code
Files
Code Hooks
klikni OK i sačekaj završetak skeniranja.
Kada skeniranje bude završeno, klikni File > Save Report i sačuvaj izveštaj.
Izveštaj programa Rootkit Unhooker priloži uz poruku korišćenjem opcije Prikači fajl.
|
|
|
|
Poslao: 27 Jul 2011 12:42
|
offline
- Pridružio: 01 Sep 2007
- Poruke: 137
|
Napisano: 27 Jul 2011 12:38
preko tog programa sam sve uradio kao sto si reko,ali kad sam stavio scan malo je islo pa mi izbcilo kao koji cu hard,ja izavrao oba i ono izbacilo poruku kao da ceka listu i nista se vise nije desavalo.izaso sam i krenuo opet ali vise nije moglo,cim kliknem na taj program kaze vec je u funkciji,ili je zasticen,....
mozda da opet probam preko Gmera,sinoc sam prekinuo posle skoro dva sata skeniranja jer mi se cinilo da ide samo u krug i da nece nikad zavrsit.
sto mislis jel bolje iz safe moda da scanira ili obicno?
Dopuna: 27 Jul 2011 12:42
jos je problem sve te programe koje sam stavio na desktop nemogu izbrisat kad bi htio opet da stavim novi,jer mi izbaci poruku kao da je u upotrebi.
stavio sam da mi se skenira preko Gmera sa fleske,samo C hard disk.
|
|
|
|
Poslao: 27 Jul 2011 15:36
|
offline
- Fil
- Legendarni građanin
- Pridružio: 11 Jun 2009
- Poruke: 16586
|
Pozdrav,
Jako je bitno da temeljno ispratiš uputstva koja ćeš dobiti:
Preuzmi Kaspersky Lab-ov TDSSKiller sa sledece adrese na Desktop:
TDSSKiller
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slicnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sacuvati file, odaberi Desktop i klikni Save.
Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
preimenuj TDSSKiller.exe u MyCity.exe;
dvoklikom pokreni program MyCity.exe;
klik na dugme Start Scan.
Ukoliko maliciozni (malicious) objekti budu pronadjeni, uveri se da je za njih odabrana akcija "Cure" (primer) i klikni Continue, a zatim klikni Reboot Now.
Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)
Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:
Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.
Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.
Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.
Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.
|
|
|
|
Poslao: 27 Jul 2011 16:36
|
offline
- Pridružio: 01 Sep 2007
- Poruke: 137
|
vec sam spomenuo da mi je pristup internetu onemogucen i sve ovo pisem,downloadujem i uploadujem sa drugog kompjutera sa kojeg fleskom prebacujem na zarazeni.ubacio sam u oba kompjutera onaj program sto je neko od vas preporucio da je dobar za fleske tako da mi valjda nece sa zarazenog prec i na ovaj.
evo ti od tdsskillera,a combofix nemogu koristit bez interneta,tako ako imas neku drugu soluciju bilo bi super.
ja cu redovno pratit sto ti pises i radim sve kao sto kazes koliko mi dozvoljavaju mogucnosti.
eto cisto jos jednom da kazem da na zarazeni nemogu ic na internet,pa ako moze ikako da sa ovog skidam sve sto treba i prebacujem sa jednog na drugi?
mycity.rs/must-login.png
|
|
|
|
Poslao: 27 Jul 2011 18:05
|
offline
- Fil
- Legendarni građanin
- Pridružio: 11 Jun 2009
- Poruke: 16586
|
Pozdrav,
Neophodno je da log (izveštaj) dobijen od TDSS-a arhiviraš, prema ovom uputstvu:
Desni klik na izveštaj, pa biraj Send to i odaberi stavku Compressed. Prilažem i sliku.
Pojaviće se datoteka sa istim imenom kao i izveštaj, ali drugom ekstenzijom (ZIP). Nju treba da zakačiš na forum.
Ubuduće sve izveštaje koje budemo formirali, šalji u ovoj arhiviranoj formi.
Nakon što arhiviraš izveštaj, prebaci ga na USB flash uređaj i prikači arhivu na forum, sa računara na kojem imaš Internet.
------------------
Na zaraženom računaru:
Proveri da li imaš Internet kada uđeš u Safe Mode with Networking. Uputstvo za ulazak u Safe Mode with Networking imaš na ovome linku:
http://www.mycity.rs/Uputstva/Kako-uci-u-Safe-Mode-2.html
Ukoliko je u Safe Modu funkcionalan Internet, pokreni Combofix po već datom uputstvu.
Ukoliko tu nemaš Internet, instaliraćemo Recovery Console na alternativni način (jer Combofix koristi Internet kako bi instaliao Recovery konzolu).
Da li imaš instalacioni disk od Windowsa XP?
Ukoliko imaš, isprati sledeće uputstvo za instaliranje Recovery Console:
Postavi instalacioni Windows CD u CD-rom jedinicu;
Klikni Start > Run;
U okvir Open iskopirati sledeći tekst:
X:\i386\winnt32.exe /cmdcons
Napomena:Zameniti X: sa oznakom CD-rom jedinice u koju je postavljen Windows CD.
Potvrdi klikom na dugme OK ili pritiskom na taster Enter na tastaturi;
Na upit Yes/No odabrati YES.
Sačekati da se proces instalacije Recovery Console završi.
Restartuj računar i proveri da li postoji mogućnost biranja Recovery Console.
Ukoliko ima, pokreni Combofix.
Izveštaj arhiviraj (po uputstvu na početku teme) i zakači na forum.
|
|
|
|
Poslao: 27 Jul 2011 18:34
|
offline
- Pridružio: 01 Sep 2007
- Poruke: 137
|
Napisano: 27 Jul 2011 18:23
meni na ovaj komp nemoze ni ovo da otvori,ali probaj ti mozda tebi moze.
mycity.rs/must-login.png
incae sad cu da vidim za internet.
Dopuna: 27 Jul 2011 18:34
sad sam probao i nemoze ni u safe mode,ubacim fleshku od interneta i kad otvorim program od interneta stoji kao da nije nista prikljuceno na usb.
a cd nemam pa cu ga morat negde nabavit.
|
|
|
|
|