MyCity » Ambulanta -> Arhiva Ambulante » provera ostatka malware

provera ostatka malware

Napisano na dan: 24.6.2012

Strana:
1
2
3

provera ostatka malware

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

sasakg Poslao: 24 Jun 2012 17:25 Idi na vrh
offline sasakg Građanin Pridružio: 22 Apr 2003 Poruke: 94 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 24 Jun 2012 17:13 ComboFix 12-06-23.06 - Korisnik 24.06.2012 17:09:06.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.913 [GMT 2:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt . . ((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 ))))))))))))))))))))))))))))))) . . 2012-06-24 12:58 . 2012-06-24 12:58 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Temp 2012-06-24 10:55 . 2012-06-24 10:55 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-24 10:55 . 2012-06-24 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2012-06-23 15:52 . 2012-06-23 15:52 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\ESET 2012-06-23 13:16 . 2012-05-11 14:42 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2012-06-23 13:16 . 2012-05-11 14:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2012-06-23 13:16 . 2012-05-11 14:42 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-06-23 13:16 . 2012-05-11 14:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-06-23 13:16 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-23 13:16 . 2012-05-11 14:42 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll 2012-06-23 13:16 . 2012-05-11 14:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-06-23 13:12 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-06-23 13:12 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2012-06-23 13:04 . 2012-06-23 13:11 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys 2012-06-23 13:03 . 2012-06-23 13:03 -------- d-----w- c:\program files\HitmanPro 2012-06-23 13:03 . 2012-06-23 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2012-06-23 12:15 . 2012-06-23 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos 2012-06-08 15:22 . 2012-06-08 15:22 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-08 15:22 . 2012-06-08 15:22 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-24 10:55 . 2012-02-28 18:55 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-24 10:55 . 2012-02-07 19:36 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-23 15:12 . 2012-04-17 16:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 15:12 . 2012-02-06 11:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 13:19 . 2009-08-06 18:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2007-10-29 09:43 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2007-10-29 09:43 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2007-10-29 09:43 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2007-10-29 09:43 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2007-10-29 09:43 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2004-08-04 01:07 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2009-08-06 18:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2007-10-29 09:43 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2007-10-29 09:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-05-31 13:22 . 2004-08-04 01:07 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08 . 2004-08-04 01:07 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 16:33 . 2012-05-15 16:33 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-05-15 16:33 . 2012-05-15 16:33 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-05-15 13:20 . 2004-08-04 01:07 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42 . 2004-08-04 01:07 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2004-08-04 01:07 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2004-08-04 01:07 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:16 . 2004-08-04 01:07 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2007-10-29 09:41 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-09 17:25 . 2012-04-09 17:25 54016 ----a-w- c:\windows\system32\drivers\bits.sys 2012-04-04 13:56 . 2012-02-07 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-16 11:35 . 2012-05-13 10:09 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2009-06-30 339968] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-09 10:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR] 2012-04-01 11:46 21416 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-08-08 07:25 1828136 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "KiesHelper"=c:\program files\Samsung\Kies\KiesHelper.exe /s "KiesPDLR"=c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "High Definition Audio Property Page Shortcut"=HDAShCut.exe "KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.2.2012 21:56 654408] R3 ip100xp;TP-LINK 10/100Mbps PCI Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [6.2.2012 15:03 26752] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.2.2012 21:56 22344] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 09:16 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [17.4.2012 18:51 250056] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [1.4.2012 13:42 20032] S3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [23.6.2012 15:04 27424] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27.4.2012 22:58 113120] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [1.4.2012 14:01 98432] . Contents of the 'Scheduled Tasks' folder . 2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 15:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{717FADF5-250B-449A-871D-C3FDA8F0E47F}: NameServer = 192.168.10.254 FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\6k35gotf.default\ FF - prefs.js: browser.search.selectedEngine - WOT Safe Search FF - prefs.js: browser.startup.homepage - google.com . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2012-06-24 17:11 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(728) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(4068) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-06-24 17:12:27 ComboFix-quarantined-files.txt 2012-06-24 15:12 ComboFix2.txt 2012-06-24 13:37 . Pre-Run: 3.741.753.344 bytes free Post-Run: 3.731.972.096 bytes free . - - End Of File - - D021C7A4CA4A2398B3F83EFD90B949D9 Dopuna: 24 Jun 2012 17:22 upload C:\Qoobox\Quarantine odradjen, ali priliko rar i zip arhiviranja prijavljuje gresku, slika u prilogu, Dopuna: 24 Jun 2012 17:25 Sass Drake, hvala ti na angazovanju i strpljenju.

Profil

Sass Drake Poslao: 24 Jun 2012 17:26 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zanemari grešlu i upload-uj napravljenu arhivu.

Profil

sasakg Poslao: 24 Jun 2012 17:27 Idi na vrh
offline sasakg Građanin Pridružio: 22 Apr 2003 Poruke: 94 Gde živiš: Kragujevac	1Ovo se svidja korisniku: Sass Drake Registruj se da bi pohvalio/la poruku! Poslao sam ja odmah, samo kazem......

Profil

Sass Drake Poslao: 24 Jun 2012 18:09 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	1Ovo se svidja korisniku: TwinHeadedEagle Registruj se da bi pohvalio/la poruku! Korak 1 Otvoriti Notepad i iskopirati sljedeći tekst: `DeQuarantine:: C:\QooBox\Quarantine\c\windows\system32\muzapp.exe.vir Quit::` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sljedećoj poruci log koji bude bio napravljen na kraju čišćenja/skeniranja. Korak 2 Otvori Notepad i kopiraj sljedeći tekst: `rmdir /S /Q "c:\documents and settings\All Users\Application Data\McAfee" >> shellrep.txt 2>&1 rmdir /S /Q "c:\documents and settings\Korisnik\Local Settings\Application Data\ESET" >> shellrep.txt 2>&1 notepad shellrep.txt` Snimi ga na Desktop pod imenom shellscript.bat Obrati pažnju na ekstenziju .bat Pokreni shellscript.bat i kopiraj u poruku tekst koji će ti se otvoriti u Notepad-u. Ako se u Notepad-u ne pojavi nikakav tekst to znači da je sve prošlo kako treba i potrebno je samo da to napomeneš u poruci. Ukoliko ti se Notepad ne otvori, otvori ručno fajl shellrep.txt i postavi njegov sadržaj na forum.

Profil

sasakg Poslao: 24 Jun 2012 19:00 Idi na vrh
offline sasakg Građanin Pridružio: 22 Apr 2003 Poruke: 94 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 24 Jun 2012 18:56 C:\QooBox\Quarantine\c\windows\system32\muzapp.exe.vir -> c:\windows\system32\muzapp.exe ( 172032 bytes ) idem na drugi korak Dopuna: 24 Jun 2012 19:00 nema nista u Notepad-u, prazno. Kad sam zavrsio sa prvim korakom, nisam imao pristup net, pa sam morao restartovati. Sada radi.

Profil

Sass Drake Poslao: 24 Jun 2012 19:09 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sljedeće: ComboFix /Uninstall Primjeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Korak 2 Potrebno je da instaliraš AV program. Ukoliko nemaš novaca ili ne želiš da ga izdvojiš za neki komercijalni AV program, na raspolaganju ti se nalaze kvalitetni besplatni AV programi poput Avast Free, AVG Free, Avira Free, Microsoft Security Essentials, Panda Cloud AV, itd. Nemoj koristiti piratske verzije AV programa!!! Korak 3 Nakon što instaliraš AV program, postavi mi svjež DDS izvještaj. Kakvo je sad stanje sistema?

Profil

sasakg Poslao: 24 Jun 2012 19:14 Idi na vrh
offline sasakg Građanin Pridružio: 22 Apr 2003 Poruke: 94 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! sad sve radi bez problema, da skinem neki free AV pa da instaliram

Profil

Sass Drake Poslao: 24 Jun 2012 19:53 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kako želiš.

Profil

sasakg Poslao: 24 Jun 2012 19:54 Idi na vrh
offline sasakg Građanin Pridružio: 22 Apr 2003 Poruke: 94 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 24 Jun 2012 19:53 . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33 Run by Korisnik at 19:48:44 on 2012-06-24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.966 [GMT 2:00] . AV: avast! Antivirus Enabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\tsnpstd3.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [snpstd3] c:\windows\vsnpstd3.exe mRun: [tsnpstd3] c:\windows\tsnpstd3.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2888ECD6-B3A2-4DBC-9035-8ABFB604D513} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6B8B9ADA-F9C7-41A0-A6C5-A71D043780AF} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{717FADF5-250B-449A-871D-C3FDA8F0E47F} : NameServer = 192.168.10.254 TCP: Interfaces\{E60213EF-8312-48CA-A00A-61B4576B5F22} : DhcpNameServer = 192.168.1.1 192.168.10.254 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\korisnik\application data\mozilla\firefox\profiles\6k35gotf.default\ FF - prefs.js: browser.search.selectedEngine - WOT Safe Search FF - prefs.js: browser.startup.homepage - google.com FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-24 337880] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-24 20696] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-24 44768] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-7 654408] R3 ip100xp;TP-LINK 10/100Mbps PCI Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2012-2-6 26752] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-7 22344] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-24 612184] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 250056] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2012-4-1 20032] S3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-6-23 27424] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 113120] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2012-4-1 98432] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-06-24 17:18:13 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-06-24 16:50:39 172032 ----a-w- c:\windows\system32\muzapp.exe 2012-06-24 13:24:16 -------- d-sha-r- C:\cmdcons 2012-06-24 12:58:22 -------- d-----w- c:\documents and settings\korisnik\local settings\application data\Temp 2012-06-24 10:55:50 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-23 13:16:14 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2012-06-23 13:16:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2012-06-23 13:16:14 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-06-23 13:16:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-06-23 13:16:13 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-06-23 13:16:13 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-23 13:16:13 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll 2012-06-23 13:12:10 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-06-23 13:12:10 3072 ------w- c:\windows\system32\iacenc.dll 2012-06-23 13:04:07 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys 2012-06-23 13:03:37 -------- d-----w- c:\program files\HitmanPro 2012-06-23 13:03:26 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro 2012-06-23 12:15:14 -------- d-----w- c:\documents and settings\all users\application data\Sophos 2012-06-08 15:22:15 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-06-08 15:22:15 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll . ==================== Find3M ==================== . 2012-06-24 10:55:44 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-24 10:55:44 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-23 15:12:17 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-23 15:12:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-02 13:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 16:33:15 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-09 17:25:23 54016 ----a-w- c:\windows\system32\drivers\bits.sys 2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 19:50:25,98 =============== mycity.rs/must-login.png Dopuna: 24 Jun 2012 19:54 Jel smem da pobrisem Gmer, DDS i ostalo sto smo postavili............... i kako da ti se zahvalim ?

Profil

Sass Drake Poslao: 24 Jun 2012 20:00 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Slobodno obriši DDS, GMER i ostalo što smo koristili u slučaju. Posjeti temu Testirajte da li vam je pretraživač ranjiv, pročitaj i isprati link koji stoji u njoj. Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield. Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja. Home Page MCShield-a: http://amf.mycity.rs/mcshield/ Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html Facebook stranica MCShield-a: http://www.facebook.com/MCShield To bi bilo to. Pozdrav.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » provera ostatka malware

Ko je trenutno na forumu

Ukupno su 1018 korisnika na forumu :: 20 registrovanih, 4 sakrivenih i 994 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: aleksmajstor, Bane san, bozo13, Brana01, dane007, esx66, Georgius, HogarStrashni, ladro, laurusri, Motocar, nebojsag, Prašinar, proka89, samsung, sombrero, Stanlio, Steeeefan, uruk, Vlada78

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by