problem sa ucitawanjem facebook - a

2

problem sa ucitawanjem facebook - a

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Jos uvek nemoj prikljucivati USB memorijske uredjaje!!!





Arrow Korak 1

Na racunaru imas ostatke AVG anti-virusa.
Preuzmi AVG Remover (32-bit);
Startuj racunar u Safe mode i tamo pokreni AVG Remover alat.



Arrow Korak 2

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\unrar.exe

Folder::
c:\users\Administrator\Application Data\dwm
c:\windows\ufa
c:\windows\rpcminer
c:\windows\phoenix
c:\windows\update.3
c:\windows\av_ico
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0-lnk

Firefox::
FF - ProfilePath - c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\jm2qpstb.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=grupo


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Arrow Korak 3

Nemas instaliran antivirus na racunaru. Obavezno instaliraj jedan.
Moj predlog ti je da instaliras i koristis neku besplatnu varijantu (ukoliko nemas regularno nabavljenu licencu za komercijalni AV) tipa: Avast, Avira, Panda Cloud, Microsoft Security Essentials. Ukoliko ti treba link za download nekog AV-a, javi za koji si se odlucio i ja cu ti ostaviti link u sledecoj poruci.










goran9888 (AMF Tim)

offline
  • Pridružio: 19 Jul 2011
  • Poruke: 22

Napisano: 20 Jul 2011 16:29

Pokusao sam da pokrenem ''safe mode'' i ''safe mode with networing'' i nece, lap-top iz mog nepoznatog razloga neprihwata tu opciju... pokusawao sam nekoliko puta i bez uspeha.... sta da radim po tom pitanju, da li da pokrenem AVG remover u '' windows normaly? ''

Dopuna: 20 Jul 2011 16:32

i kako uopste da snimim iz notepad-a kao ''cfc script''

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Vezano za Safe mode, kako ne prihvata tu opciju?
Dok se racunar pali odmah pritiskaj F8 (brzo, non-stop) dok se ne pojavi crna pozadina sa belim slovima. Tu bi trebalo prva opcija da bude Safe mode (izaberi je, strelicom na gore dodjes do nje i pritisnes Enter). To izgleda ovako:



Tek ukoliko ne uspes da pokrenes racunar u Safe mode-u, pokreni AVG Remover iz Normal mode-a Windows-a.






Notepad pokreces ovako:
Start -> Run -> Notepad

Prekopiras kod iz skripte koju sam postavio u prethodnoj poruci;
Ides na File -> Save as (otvorice se prozor u kome biras gde da snimis skriptu);
Za lokaciju izaberi Desktop a za naziv fajla ukucaj CFScript.

Slikovit primer:








goran9888 (AMF Tim)

offline
  • Pridružio: 19 Jul 2011
  • Poruke: 22

Napisano: 20 Jul 2011 17:13

jos da dodam da mi se u donjem desnom uglu pojawljuje non - stop ikonica za ''automatic update'' - - - sta da radim po tom pitanju ''on'' ili ''off''

Dopuna: 20 Jul 2011 17:19

mycity.rs/must-login.png

Dopuna: 20 Jul 2011 17:24

ok- - - - a sta da radim po pitanju te modifikacije?

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Jesi li instalirao Anti-Virus? Ukoliko nisi, instaliraj ga obavezno.
Nakon sto ga instaliras pre pokretanja ComboFix-a potrebno je da iskljucis njegovu real-time zastitu. U zavisnosti od AV-a koji budes instalirao, deaktiviraj ga pre pokretanja CF-a: http://www.mycity.rs/Uputstva/Iskljucivanje-zastitnog-softvera.html






Arrow Korak 1

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
c:\program files\Common Files\Spigot

RegLock::
[HKEY_USERS\S-1-5-21-823518204-1563985344-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
 d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,06,da,ec,fa,a8,d7,46,a3,10,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
 d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,06,da,ec,fa,a8,d7,46,a3,10,40,\


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.





Arrow Korak 2

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).





SrdjanM989\ ::jos da dodam da mi se u donjem desnom uglu pojawljuje non - stop ikonica za \'\'automatic update\'\' - - - sta da radim po tom pitanju \'\'on\'\' ili \'\'off\'\'


Vidi, ti imas modifikovan Windows.
Taj neko ko ti je instalirao Windows, nije ti instalirao originalnu verziju Windows-a vec tu, modifikovanu. U toj modifikovanoj verziji su uklonjene neke stavke koje se nalaze u originalu, iskljuceni su neki servisi, procesi, dodati programi, itd itd ...

To sto ti se pojavljuje u donjem desnom uglu je Automatic Update koji je CF ukljucio. Legitimna stvar koju ima svaki operativni sistem; obavestava te o novim nadogadjama za tvoj OS i nudi mogucnost skidanja i instaliranja istih. Ukoliko budes zeleo, iskljucicemo je kasnije. U svakom slucaju preporucuje se da sistem bude uvek update-ovan pa bi opcija trebala da bude ukljucena.







goran9888 (AMF Tim)

offline
  • Pridružio: 19 Jul 2011
  • Poruke: 22

ComboFix 11-07-19.04 - Administrator 21.07.2011 17:50:39.3.2 - x86
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
.
c:\windows\system32\logonui.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-06-21 to 2011-07-21 )))))))))))))))))))))))))))))))
.
.
2011-11-30 23:28 . 2011-11-30 23:28 -------- d--h--w- c:\users\All Users\Application Data\Common Files
2011-11-30 23:16 . 2011-07-16 23:41 -------- d-----w- c:\users\All Users\Application Data\MFAData
2011-11-13 02:56 . 2011-11-13 02:56 -------- d-----w- c:\users\Administrator\Application Data\Search Settings
2011-11-13 02:56 . 2011-11-13 02:56 -------- d-----w- c:\program files\Application Updater
2011-11-13 02:56 . 2011-11-13 02:56 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-11-13 01:55 . 2011-11-13 01:55 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Corel
2011-11-13 01:55 . 2011-11-13 01:55 -------- d-----w- c:\users\Administrator\Application Data\Corel
2011-11-09 09:03 . 2011-11-09 09:03 -------- d-----w- c:\users\All Users\Application Data\CanonIJ
2011-11-09 08:25 . 2011-11-09 08:25 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Canon Easy-PhotoPrint EX
2011-11-09 08:20 . 2011-11-09 08:20 -------- d-----w- c:\users\All Users\Application Data\CanonEPP
2011-11-09 08:04 . 2011-11-09 08:04 -------- d-----w- c:\program files\Common Files\CANON
2011-11-09 07:57 . 2011-11-09 08:04 -------- d-----w- c:\program files\Canon
2011-07-20 04:14 . 2011-07-20 04:14 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\PCHealth
2011-07-20 04:13 . 2011-07-20 04:13 -------- d-sh--w- c:\users\Administrator\IECompatCache
2011-07-20 04:12 . 2011-07-20 04:12 -------- d-sh--w- c:\users\Administrator\PrivacIE
2011-07-20 04:10 . 2011-07-20 04:10 -------- d-sh--w- c:\users\Administrator\IETldCache
2011-07-20 04:02 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-07-20 04:01 . 2011-04-25 16:11 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-07-20 04:01 . 2011-04-25 16:11 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-20 04:01 . 2011-04-25 16:11 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-20 03:58 . 2011-07-20 04:00 -------- dc-h--w- c:\windows\ie8
2011-07-20 02:37 . 2011-04-25 15:49 78336 ------w- c:\windows\system32\ieencode.dll
2011-07-20 02:37 . 2011-04-25 15:49 78336 ------w- c:\windows\system32\dllcache\ieencode.dll
2011-07-20 02:37 . 2009-06-12 12:31 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
2011-07-20 02:37 . 2009-06-12 12:31 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2011-07-20 02:36 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2011-07-20 02:36 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2011-07-20 02:36 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2011-07-20 02:36 . 2010-11-18 18:12 81920 ------w- c:\windows\system32\dllcache\isign32.dll
2011-07-20 02:36 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-07-20 02:36 . 2010-02-12 04:27 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2011-07-20 02:36 . 2011-03-04 06:37 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2011-07-20 02:36 . 2011-03-04 06:37 420864 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2011-07-20 02:36 . 2010-12-20 17:32 551936 ------w- c:\windows\system32\dllcache\oleaut32.dll
2011-07-20 02:36 . 2009-08-26 08:00 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2011-07-20 02:36 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
2011-07-20 02:35 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-07-20 02:35 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-07-20 02:32 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-07-20 02:32 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-07-20 02:26 . 2008-06-12 14:23 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2011-07-20 02:26 . 2008-06-12 14:23 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2011-07-20 02:26 . 2008-06-12 14:23 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2011-07-20 02:26 . 2008-06-12 14:23 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2011-07-20 02:26 . 2008-06-12 14:23 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2011-07-20 02:25 . 2010-11-09 14:50 253952 ------w- c:\windows\system32\dllcache\odbc32.dll
2011-07-20 02:25 . 2010-11-09 14:50 200704 ------w- c:\windows\system32\dllcache\msadox.dll
2011-07-20 02:25 . 2010-11-09 14:50 180224 ------w- c:\windows\system32\dllcache\msadomd.dll
2011-07-20 02:25 . 2010-11-09 14:50 143360 ------w- c:\windows\system32\dllcache\msadco.dll
2011-07-20 02:25 . 2010-11-09 14:50 102400 ------w- c:\windows\system32\dllcache\msjro.dll
2011-07-20 02:25 . 2009-10-13 10:38 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2011-07-20 02:25 . 2011-02-08 13:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-07-20 02:24 . 2009-11-27 16:07 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2011-07-20 02:24 . 2009-11-27 16:07 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2011-07-20 02:24 . 2009-11-27 16:07 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2011-07-20 02:24 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2011-07-20 02:24 . 2009-11-27 16:07 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2011-07-20 02:24 . 2010-03-05 14:37 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
2011-07-20 02:24 . 2008-12-16 12:30 354304 ------w- c:\windows\system32\dllcache\winhttp.dll
2011-07-20 02:24 . 2011-02-09 13:53 270848 ------w- c:\windows\system32\dllcache\sbe.dll
2011-07-20 02:24 . 2011-02-09 13:53 186880 ------w- c:\windows\system32\dllcache\encdec.dll
2011-07-20 02:24 . 2009-03-21 06:29 991744 ------w- c:\windows\system32\dllcache\kernel32.dll
2011-07-20 02:24 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2011-07-20 02:24 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-07-20 02:23 . 2010-03-29 23:24 317440 ------w- c:\windows\system32\dllcache\mp4sdecd.dll
2011-07-20 02:23 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-07-20 02:23 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-07-20 02:23 . 2009-12-08 09:23 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2011-07-20 02:23 . 2009-06-10 06:17 134144 ------w- c:\windows\system32\dllcache\wkssvc.dll
2011-07-20 02:23 . 2009-04-01 10:02 604160 ------w- c:\windows\system32\dllcache\wmspdmod.dll
2011-07-20 02:23 . 2011-04-26 11:07 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2011-07-20 02:23 . 2011-04-26 11:07 293376 ------w- c:\windows\system32\dllcache\winsrv.dll
2011-07-20 02:23 . 2009-06-09 15:21 2067968 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-07-20 02:22 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-07-20 02:22 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-07-20 02:22 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-07-20 02:22 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2011-07-20 02:22 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-07-20 02:22 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2011-07-20 02:22 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-07-20 02:22 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-07-20 02:22 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2011-07-20 02:22 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-07-20 02:22 . 2009-05-07 15:14 346112 ------w- c:\windows\system32\dllcache\localspl.dll
2011-07-20 02:20 . 2011-01-21 14:44 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2011-07-20 02:19 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-07-20 02:19 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-07-20 02:19 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-07-19 20:32 . 2011-07-19 20:32 -------- d-----w- c:\program files\YouTube Downloader
2011-07-19 20:09 . 2011-07-19 20:09 -------- d-----w- c:\users\All Users\Application Data\Avira
2011-07-17 00:44 . 2011-07-17 12:49 -------- d-----w- c:\windows\system32\NtmsData
2011-07-16 23:46 . 2011-07-16 23:46 -------- d-----w- c:\users\Administrator\Application Data\Sammsoft
2011-07-16 23:03 . 2011-07-16 23:03 -------- d-----w- c:\program files\ATI
2011-07-16 22:57 . 2011-07-16 22:57 -------- d-----w- C:\ATI
2011-07-16 22:56 . 2011-07-16 23:33 -------- d-----w- c:\users\Administrator\Application Data\YouTube Downloader
2011-07-15 00:18 . 2003-09-02 13:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-07-15 00:18 . 2003-09-02 13:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-07-15 00:18 . 2003-09-02 13:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-07-15 00:18 . 2003-09-02 13:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-07-15 00:18 . 2003-09-02 13:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-07-15 00:18 . 2003-09-02 13:23 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-07-15 00:18 . 2011-07-15 00:18 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-07-15 00:18 . 2011-07-15 00:18 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-07-11 23:35 . 2011-07-14 03:14 -------- d-----w- C:\games
2011-07-05 23:43 . 2011-07-05 23:43 -------- d-----w- C:\$AVG
2011-07-01 02:40 . 2011-07-01 02:40 -------- d--h--w- c:\windows\PIF
2011-06-30 23:59 . 2011-07-21 03:23 -------- d-----w- c:\program files\Onda Connection Manager
2011-06-30 23:51 . 2011-06-30 23:51 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:07 . 2009-03-08 09:02 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 10:44 . 2011-05-24 10:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 10:44 . 2011-05-24 10:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 10:43 . 2011-05-24 10:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-02 15:30 . 2009-12-17 05:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:23 . 2009-03-08 09:02 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:47 . 2009-03-08 09:01 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2009-03-08 09:12 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2008-04-14 03:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:11 . 2009-03-08 09:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2009-03-08 09:10 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:11 . 2009-03-08 09:03 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2009-03-08 09:03 385024 ------w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-03-08 . FF267FF1D773BEA5522295E3A79701E9 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\SP3GDR\tcpip.sys
.
[-] 2009-03-08 09:09 . 403EBA8EE2967BA93E07138400972EE3 . 1443840 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2009-03-08 . 3D1ABDC3009D6B7CA7F9E66769C126CA . 568832 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2009-03-08 . 57961D44B5C17BAB6D44C4C13B79429B . 575488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2009-03-08 . E1F5F729264C8AF1D6A95ECD1C8086DD . 1723904 . . [6.00.2900.5634] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . 200EA506B86F7E9E6C37820D2BB5F39B . 210944 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2009-03-08 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot_2011-07-21_04.03.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-21 04:53 . 2011-07-21 04:53 53248 c:\windows\temp\catchme.dll
- 2011-07-21 04:03 . 2011-07-21 04:03 53248 c:\windows\temp\catchme.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD2.dll" [2011-01-17 175912]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoft\prxtbDVD2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD2.dll" [2011-01-17 175912]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\prxtbDVD2.dll" [2011-01-17 175912]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 785520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-05-14 344064]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2007-03-15 32768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-01 1185112]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-03-08 37376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]
"NewUser"="c:\windows\LastXP\NewUser.cmd" [2009-02-18 2375]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\windows\\system32\\sessmgr.exe"=
"d:\\kanter\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R2 ONDA_MW823UP_cpo;ONDA MW823UP Install;c:\windows\system32\DRIVERS\ONDA_MW823UP_cpo.sys [2010-01-27 9728]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [x]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [x]
S0 ahci6xx;ahci6xx; [x]
S0 amdide1;amdide1; [x]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-05-06 393112]
S2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S3 ONDA_MW823UP_cdc_acm;ONDA MW823UP CDC-ACM driver;c:\windows\system32\DRIVERS\ONDA_MW823UP_cdc_acm.sys [2010-01-27 86016]
S3 ONDA_MW823UP_cdc_ecm;ONDA_MW823UP_cdc_ecm;c:\windows\system32\DRIVERS\ONDA_MW823UP_cdc_ecm.sys [2010-01-27 49920]
S3 ONDA_MW823UP_dc_enum;ONDA MW823UP DC Enumerator;c:\windows\system32\DRIVERS\ONDA_MW823UP_dc_enum.sys [2010-01-27 80000]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-29 23:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:56889
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: Interfaces\{225DBB18-2646-4BEF-8224-C6B3EBB431E2}: NameServer = 193.70.152.25 193.70.192.25
TCP: Interfaces\{DB83E9E8-22D7-47F5-94A0-DBD9E03C26BB}: NameServer = 77.105.0.18,77.105.0.19
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\jm2qpstb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18837
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56889
FF - prefs.js: network.proxy.type - 1
FF - Ext: Adblock Filterset.G Updater: filtersetg@updater - c:\program files\Mozilla Firefox\extensions\filtersetg@updater
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - c:\program files\Mozilla Firefox\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - c:\program files\Mozilla Firefox\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\program files\Mozilla Firefox\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - %profile%\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
FF - Ext: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-07-21 17:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1048-)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1104)
c:\windows\system32\setupapi.dll
.
Completion time: 2011-07-21 17:54:49
ComboFix-quarantined-files.txt 2011-07-21 04:54
ComboFix2.txt 2011-07-21 04:04
ComboFix3.txt 2011-07-20 01:43
.
Pre-Run: 1.618.493.440 bytes free
Post-Run: 1.597.456.384 bytes free
.
- - End Of File - - 19BBB70358301EF9116B49F0A67D2778

offline
  • Pridružio: 19 Jul 2011
  • Poruke: 22

Malwarebytes' Anti-Malware 1.51.1.1800
malwarebytes.org

Database version: 7211

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.7.2011 18:11:05
mbam-log-2011-07-21 (18-11-05).txt

Scan type: Quick scan
Objects scanned: 148808
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Zasto nisi instalirao Anti-Virus?
Zamolio bih te da pratis detaljno ono sto ti pisem.



Izvestaj Malwarebytes-a nije celokupan. Fali deo izvestaja.

offline
  • Pridružio: 19 Jul 2011
  • Poruke: 22

Napisano: 20 Jul 2011 18:15

jesam ga instalirao, imam ga na desktop-u i swe ostalo

Dopuna: 20 Jul 2011 18:22

malwarebytes mi je trazio restart lap-topa . . . restartowao sam ga i otowrio izwestaj - - - - izgleda owako

Malwarebytes' Anti-Malware 1.51.1.1800
malwarebytes.org

Database version: 7211

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.7.2011 18:11:05
mbam-log-2011-07-21 (18-11-05).txt

Scan type: Quick scan
Objects scanned: 148808
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow

Koji AV si instalirao?




Arrow

Za zastitu USB memorijskih uredjaja ti predlazem da koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/

Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html



Nakon instaliranja MCShield-a, ubodi jedan po jedan USB memorijski uredjaj; sacekaj da ih MCShield skenira. Kada zavrsi skeniranje zadnjeg uredjaja okaci mi izvestaj pod nazivom: AllScans.txt.

Start -> Run -> %UserProfile%\Application Data\MCShield\AllScans.txt -> Enter


Posalji mi sadrzaj izvestaja koji ce ti se otvoriti u Notepad-u.






goran9888 (AMF Tim)

23 Jul 2011 17:31 1l padr1n0 Zaključavanje topica Razlog: Već je odgovoreno, dalja diskusija nema svrhu  
Ko je trenutno na forumu
 

Ukupno su 713 korisnika na forumu :: 3 registrovanih, 0 sakrivenih i 710 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Nikolaa11, wizzardone, zziko