Winoffice.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U folderu: C:\Qoobox\Quarantine\ potrazi fajl SoundDriverReg.exe.vir i uploaduj mi ga preko:

Ovo sam nasao i uploadovao a ova dva druga ne postoje

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

RegLock::
[HKEY_USERS\S-1-5-21-1285926362-3488048106-1201779807-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):b8,85,8b,6a,2d,3b,bd,9b,02,12,04,bc,1a,65,2f,e4,90,f3,0f,47,1f,
82,df,a1,28,15,b0,12,b9,bb,1a,b6,82,dd,1a,ba,cf,6e,f3,24,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-1285926362-3488048106-1201779807-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):12,39,4c,5c,2f,7d,db,20,d0,cd,c5,36,bc,9b,77,b5,b5,c6,97,a6,1c,
b5,ff,6e,f1,a9,ea,3d,6e,66,1b,54,15,2a,6b,34,0d,cf,9a,3a,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-1285926362-3488048106-1201779807-1000_Classes\CLSID\{b5093046-0e64-40dc-a6d2-bfb6ca31445b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
[HKEY_USERS\S-1-5-21-1285926362-3488048106-1201779807-1000_Classes\CLSID\{c58a53ea-4f02-45c7-ae1d-ba8763d70f58}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000141
"Therad"=dword:00000022
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,76,63,b3,77,0d,4a,ec,df,45,74,63,24,3c,17,49,93,91,bf,75,10,b9,30,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)





Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 11-02-05.01 - User 02/06/2011 17:12:16.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.2154 [GMT 1:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-06 to 2011-02-06 )))))))))))))))))))))))))))))))
.

2011-02-06 16:19 . 2011-02-06 16:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-06 10:41 . 2011-02-06 10:41 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D6121763-2262-4CDA-8647-68CAFF848D0E}\MpKsl9419f16f.sys
2011-02-06 01:10 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D6121763-2262-4CDA-8647-68CAFF848D0E}\mpengine.dll
2011-02-05 09:19 . 2011-02-06 16:19 -------- d-----w- c:\users\User\AppData\Local\temp
2011-01-30 10:26 . 2011-01-30 10:32 -------- d-----w- C:\Portable
2011-01-29 22:46 . 2011-02-02 15:53 -------- d-----w- c:\program files\JDownloader
2011-01-29 21:19 . 2011-01-29 21:19 -------- d-----w- c:\users\User\AppData\Local\ODUI
2011-01-29 21:17 . 2011-01-29 21:17 -------- d-----w- c:\users\User\AppData\Roaming\Stardock
2011-01-29 21:17 . 2011-01-29 21:17 -------- dc-h--w- c:\programdata\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
2011-01-29 21:17 . 2011-01-29 21:17 -------- d-----w- c:\programdata\Stardock
2011-01-29 21:17 . 2011-01-29 21:17 -------- d-----w- c:\users\User\AppData\Local\PackageAware
2011-01-29 20:57 . 2011-01-29 20:57 -------- d-----w- c:\program files\Yahoo!
2011-01-29 16:02 . 2010-11-01 23:03 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-01-29 16:02 . 2010-11-01 22:59 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-29 15:12 . 2011-01-29 15:12 -------- d-----w- c:\program files\Feedback Tool
2011-01-29 14:00 . 2011-01-29 14:32 -------- d-----w- c:\users\User\DoctorWeb
2011-01-29 13:02 . 2011-01-29 13:02 -------- d-----w- c:\program files\Common Files\Java
2011-01-29 13:01 . 2011-01-29 13:01 -------- d-----w- c:\program files\Java
2011-01-26 10:44 . 2011-01-26 10:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{87895768-45AB-4348-98E6-12BE6D0DCE7E}\gapaengine.dll
2011-01-25 21:03 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-25 21:02 . 2011-01-25 21:03 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-25 21:02 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-13 20:19 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2011-01-13 18:14 . 2011-01-30 10:39 -------- d-----w- C:\Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-29 13:01 . 2010-04-19 08:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-13 09:41 . 2010-10-29 20:27 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-03 12:15 . 2010-12-03 12:15 1409 ----a-w- c:\windows\QTFont.for
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-20 6265376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-12 202256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-1-29 4142448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

R0 kyisujp;kyisujp;c:\windows\System32\drivers\reyxt.sys [x]
R0 vwhmofye;vwhmofye;c:\windows\System32\drivers\glcik.sys [x]
R2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-08 133104]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R3 CFcatchme;CFcatchme;c:\users\User\AppData\Local\Temp\CFcatchme.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys [2007-05-31 20864]
S1 cdrport;cdrport;c:\windows\system32\DRIVERS\cdrport.sys [2005-03-11 4608]
S1 MpKsl9419f16f;MpKsl9419f16f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D6121763-2262-4CDA-8647-68CAFF848D0E}\MpKsl9419f16f.sys [2011-02-06 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-12-09 24636]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-08-13 1051968]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-07 97536]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPKSL9419F16F

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2011-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-08 19:52]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-08 19:52]

2011-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1285926362-3488048106-1201779807-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-13 02:22]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1285926362-3488048106-1201779807-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-13 02:22]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {729E18B3-9D65-41F3-8FC2-070143BE1935} = 208.67.222.222,208.67.220.220
TCP: {B5941270-CD6A-41E3-A8EA-98DC97DA264F} = 208.67.222.222,208.67.220.220
TCP: 847453230336 = 208.67.222.222,208.67.220.220
TCP: 84745323033737 = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ss6eqjiy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5024)
c:\program files\Stardock\ObjectDockPlus2\DockShellHook.dll
.
Completion time: 2011-02-06 17:21:28
ComboFix-quarantined-files.txt 2011-02-06 16:21
ComboFix2.txt 2011-02-05 09:18
ComboFix3.txt 2011-02-04 17:20

Pre-Run: 38,525,358,080 bytes free
Post-Run: 38,471,921,664 bytes free

- - End Of File - - A40ACB339C8143D0B57746CF4C525ACA

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uploaduj mi: WinOffice11.exe.vir koji se nalazi u C:\Qoobox\Quarantine\

preko: http://www.mycity.rs/ambulanta-upload.php



Kako sad radi komp?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Radi normalno.....nista ne koci..nista ne baguje...vise se ne pojavljuje ni ovaj winoffice....Uploadovao sam...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Drago mi je da smo pomogli.

Jos ovo:

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

Pozz

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 06 Feb 2011 19:07

Hvala puno na pomoci

Dopuna: 07 Feb 2011 14:48

Izvinjavam se sto pokrecem zavrsenu temu, ali zanima me jos jedno, posto sam video po nekim postovima da predlazete da neke od programa treba update izvrsiti, postoji li kod mene neki program koji treba da update. posto volim da mi sve bude oke D.. Nadam se da nije OT

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Za proveru verzija programa ja koristim program sa ovog linka: http://www.filehippo.com/updatechecker/

Tu imas uptstvo kako radi, pa ako ti odgovara mozes ga koristiti.