MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom

Problem sa virusom

Napisano na dan: 6.4.2011

Strana:
1
2

Problem sa virusom

Sledeća strana

Pagination

Odgovori

Strana:
1
2

draganela Poslao: 06 Apr 2011 21:48 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Juče sam skidao neke obične slike sa neta i kada sam pokušao jednu da skinem NOD mi je javio da je adresa blokirana, ja sam zatvorio tu stranicu, ali sad mi NOD prikazuje istu poruku kad god pokušam da otvorim bilo koju stranicu, uspem da otvorim bilo šta, ali se ponavlja da je blokirana ona URL adresa, malo pre mi javlja da je istekao username i pasword kod NOD-a iako je trebalo da istekne tek u avgustu. Poslao sam vam i sliku kako izgleda to upozorenje NOD-a. Ako se ne vidi baš dobro URL je: d3lvr7yuk4uaui.cloudfront.net/items/domains/p... Evo kopija DDS-a: . DDS (Ver_11-03-05.01) - NTFSx86 Run by Sandra at 20:08:00,76 on sre 06.04.2011 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.294 [GMT 2:00] . AV: ESET NOD32 Antivirus 4.0 Enabled/Updated {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MP4 Player\mp4Player.exe svchost.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\mts mobilni internet\mts mobilni internet.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Sandra\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.facebook.com/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mWinlogon: Taskman=c:\recycler\s-1-5-21-1019106874-9735547860-812991959-5784\nissan.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\imesh\iMeshIEHelper.dll BHO: GamePlayLabsBHO Class: {984a9162-8891-4d19-8cfe-17648bb4e1ec} - c:\documents and settings\sandra\local settings\application data\gameplaylabs plugin\BHO.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: BS.Player ControlBar: {2c688203-7eb3-4327-9995-1cb417ba23f9} - c:\program files\bs.player controlbar\BSToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [MP4 Player] "c:\program files\mp4 player\mp4Player.exe" hmw uRun: [DU Meter] c:\program files\du meter\DUMeter.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe mRun: [bind] c:\docume~1\sandra\locals~1\temp\mosc.exe mRun: [configuration] c:\windows\configuration\configuration.exe mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe" mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {260D4581-E819-4305-B0FB-672FE8DA593E} = 195.178.38.3 195.178.38.8 TCP: {3DFA0C82-18A6-4616-980F-9208B2472EE0} = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\sandra\applic~1\mozilla\firefox\profiles\f5igsa94.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.rs/ FF - prefs.js: network.proxy.ftp - proxy.uns.ac.rs FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - proxy.uns.ac.rs FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - proxy.uns.ac.rs FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - proxy.uns.ac.rs FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - proxy.uns.ac.rs FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\sandra\application data\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\sandra\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com . ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/10/22 21:02:25];c:\program files\cyberlink\powerdvd8\000.fcl [2009-8-28 87536] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-1-1 100480] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-7 30192] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2009-2-26 250240] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2009-2-26 476160] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\documents and settings\sandra\desktop\temeratura\WinRing0.sys [2009-9-17 14416] . =============== Created Last 30 ================ . 2011-04-05 17:22:12 -------- d-----w- c:\docume~1\sandra\locals~1\applic~1\GamePlayLabs Plugin 2011-03-25 23:48:06 4284416 begin_of_the_skype_highlighting 06 4284416 end_of_the_skype_highlighting ----a-w- c:\windows\system32\GPhotos.scr 2011-03-12 10:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2011-03-12 10:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 18:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:42:25 439808 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:31 290048 ----a-w- c:\windows\system32\atmfd.dll . ============= FINISH: 20:08:49,00 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 07 Apr 2011 01:31 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, draganela! U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ------------------------------------------------------------------------------------- Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. goran9888 (AMF Tim)

Profil

draganela Poslao: 07 Apr 2011 13:35 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izveštaj ComboFix-a ComboFix 11-04-06.03 - Sandra 07.04.2011 13:17:19.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.533 [GMT 2:00] Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 Enabled/Updated {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin\BHO.dll C:\Win c:\win\1.exe c:\windows\CIDD_P c:\windows\CIDD_P\53616E647261\10.exe c:\windows\CIDD_P\53616E647261\br.dll c:\windows\CIDD_P\53616E647261\clm.dll c:\windows\CIDD_P\53616E647261\nam.dll c:\windows\CIDD_P\53616E647261\nfie.dll c:\windows\CIDD_P\53616E647261\sys.dll c:\windows\configuration c:\windows\nigzss.txt c:\windows\system32\ctfmon.exe.tmp c:\windows\system32\Temp c:\windows\system32\Temp\KSKD87SFDS . . ((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 ))))))))))))))))))))))))))))))) . . 2011-04-05 17:22 . 2011-04-07 11:20 -------- d-----w- c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin 2011-03-25 23:48 . 2011-03-25 23:48 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2011-03-12 10:28 . 2011-03-12 10:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2011-03-12 10:28 . 2011-03-12 10:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 20:40 . 2010-10-29 09:59 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 18:19 . 2010-01-12 15:09 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2009-02-23 14:41 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2009-02-23 14:41 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:42 . 2008-04-14 12:00 439808 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2008-05-27 17:29 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-08-13 13:51 . 2009-03-07 16:15 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] 2009-05-04 10:54 398768 ----a-w- c:\program files\iMesh Applications\iMesh\iMeshIEHelper.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056] "MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2008-11-06 772096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184] "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-13 30192] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 16:47 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 16:49 94360] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/10/22 21:02];c:\program files\CyberLink\PowerDVD8\000.fcl [28.8.2009 18:36 87536] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 16:47 731840] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7.3.2009 18:15 30192] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1.1.2010 23:19 100480] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [26.2.2009 23:55 250240] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [26.2.2009 23:55 476160] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\documents and settings\Sandra\Desktop\Temeratura\WinRing0.sys [17.9.2009 16:09 14416] . Contents of the 'Scheduled Tasks' folder . 2011-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2011-03-06 c:\windows\Tasks\mixpadShakeIcon.job - c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2011-02-20 15:06] . 2011-02-27 c:\windows\Tasks\photostageShakeIcon.job - c:\program files\NCH Software\PhotoStage\photostage.exe [2011-02-20 15:06] . 2011-02-27 c:\windows\Tasks\videopadShakeIcon.job - c:\program files\NCH Software\VideoPad\videopad.exe [2011-02-20 15:04] . 2011-02-24 c:\windows\Tasks\wavepadShakeIcon.job - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-02-20 15:05] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.facebook.com/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: {3DFA0C82-18A6-4616-980F-9208B2472EE0} = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.rs/ FF - prefs.js: network.proxy.ftp - proxy.uns.ac.rs FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - proxy.uns.ac.rs FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - proxy.uns.ac.rs FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - proxy.uns.ac.rs FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - proxy.uns.ac.rs FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 4 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com . - - - - ORPHANS REMOVED - - - - . HKCU-Run-DU Meter - c:\program files\DU Meter\DUMeter.exe HKLM-Run-configuration - c:\windows\configuration\configuration.exe AddRemove-HijackThis - c:\documents and settings\Sandra\Desktop\pomoc\HijackThis.exe AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files\YouTube Downloader\uninstall.exe . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2011-04-07 13:26 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1085031214-1220945662-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{178BA037-E4FD-9BB8-98F1-1EB44879AD54}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iacapkhdpfpigldomj"=hex:69,61,62,6c,6c,65,67,63,6c,61,64,65,70,69,62,62,6f,66, 00,00 "haiajipcaghiflej"=hex:6a,61,70,6c,66,66,6c,63,6a,66,68,70,6c,6f,6f,6c,6d,61, 67,64,00,f2 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(676) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\windows\system32\igfxsrvc.exe c:\windows\RTHDCPL.EXE c:\docume~1\Sandra\LOCALS~1\Temp\RtkBtMnt.exe . ************************************************************************* . Completion time: 2011-04-07 13:30:08 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-07 11:30 . Pre-Run: 5.256.925.184 bytes free Post-Run: 7.521.804.288 bytes free . - - End Of File - - C122C6142B1CA3DB15B7CBDA6DDF6832

Profil

1l padr1n0 Poslao: 07 Apr 2011 18:32 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	1Ovo se svidja korisniku: Springfield Registruj se da bi pohvalio/la poruku! Nisi ispratio uputstvo koje sam ti dao. Potrebno je da iskljucis antivirus. Za ubuduce, detaljno prati uputstva. Otvoriti Notepad i iskopirati sledeci tekst: `FireFox:: FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\ FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com RegNull:: [HKEY_USERS\S-1-5-21-1085031214-1220945662-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{178BA037-E4FD-9BB8-98F1-1EB44879AD54}*] Folder:: c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd. goran9888 (AMF Tim)

Profil

draganela Poslao: 07 Apr 2011 19:37 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Bio sam isključio NOD i prošli put, samo kad se kompijuter restartovao u toku skeniranja ComboFix-a, Nod se ponovo aktivirao, ja sam ga opet isključio i onda je ComboFix izbacio log. Evo sad sam uradio ove korake, tu su izveštaji: ComboFix 11-04-06.03 - Sandra 07.04.2011 19:20:51.6.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.515 [GMT 2:00] Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Sandra\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 Disabled/Updated {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com\chrome.manifest c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com\chrome\content\ff-overlay.xul c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com\chrome\content\icon.png c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com\chrome\content\overlay.js c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com\chrome\locale\en-US\overlay.properties c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com\defaults\preferences\prefs.js c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com\install.rdf c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com\setup.ini c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin\gplplugin.crx c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin\gplplugin.xpi c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin\setup.ini c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin\Uninstall.exe . . ((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 ))))))))))))))))))))))))))))))) . . 2011-03-25 23:48 . 2011-03-25 23:48 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2011-03-12 10:28 . 2011-03-12 10:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2011-03-12 10:28 . 2011-03-12 10:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 20:40 . 2010-10-29 09:59 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 18:19 . 2010-01-12 15:09 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2009-02-23 14:41 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2009-02-23 14:41 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:42 . 2008-04-14 12:00 439808 ----a-w- c:\windows\system32\shimgvw.dll 2010-08-13 13:51 . 2009-03-07 16:15 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-04-07_11.26.39 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-14 12:00 . 2011-04-07 11:05 68558 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2011-04-07 11:30 68558 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2011-04-07 11:30 435828 c:\windows\system32\perfh009.dat - 2008-04-14 12:00 . 2011-04-07 11:05 435828 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] 2009-05-04 10:54 398768 ----a-w- c:\program files\iMesh Applications\iMesh\iMeshIEHelper.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056] "MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2008-11-06 772096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184] "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-13 30192] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 16:47 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 16:49 94360] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/10/22 21:02];c:\program files\CyberLink\PowerDVD8\000.fcl [28.8.2009 18:36 87536] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 16:47 731840] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1.1.2010 23:19 100480] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7.3.2009 18:15 30192] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [26.2.2009 23:55 250240] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [26.2.2009 23:55 476160] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\documents and settings\Sandra\Desktop\Temeratura\WinRing0.sys [17.9.2009 16:09 14416] . Contents of the 'Scheduled Tasks' folder . 2011-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2011-03-06 c:\windows\Tasks\mixpadShakeIcon.job - c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2011-02-20 15:06] . 2011-02-27 c:\windows\Tasks\photostageShakeIcon.job - c:\program files\NCH Software\PhotoStage\photostage.exe [2011-02-20 15:06] . 2011-02-27 c:\windows\Tasks\videopadShakeIcon.job - c:\program files\NCH Software\VideoPad\videopad.exe [2011-02-20 15:04] . 2011-02-24 c:\windows\Tasks\wavepadShakeIcon.job - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-02-20 15:05] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.facebook.com/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: {3DFA0C82-18A6-4616-980F-9208B2472EE0} = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.rs/ FF - prefs.js: network.proxy.ftp - proxy.uns.ac.rs FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - proxy.uns.ac.rs FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - proxy.uns.ac.rs FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - proxy.uns.ac.rs FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - proxy.uns.ac.rs FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 4 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} . - - - - ORPHANS REMOVED - - - - . AddRemove-GamePlayLabs Plugin - c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin\Uninstall.exe . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2011-04-07 19:25 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . Completion time: 2011-04-07 19:27:06 ComboFix-quarantined-files.txt 2011-04-07 17:26 ComboFix2.txt 2011-04-07 11:30 . Pre-Run: 4.951.990.272 bytes free Post-Run: 4.938.108.928 bytes free . - - End Of File - - 59AD346BFC835DC53A6091DD2835626A evo i od USBNoRisk-a USBNoRisk 2.5 (26 July 2009) by bobby Started at 7.4.2011 19:29:00 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {56bbb064-01bd-11de-8788-806d6172696f} C: {56bbb066-01bd-11de-8788-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 56bbb066-01bd-11de-8788-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 56bbb064-01bd-11de-8788-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== ======================================== ======================================== New device connected at 7.4.2011 19:29:22 Scanning for connected USB mass storage... ---------------------------------------- ======================================== New drive connected, but USBNoRisk can't find it ======================================== New device connected at 7.4.2011 19:29:24 Scanning for connected USB mass storage... ---------------------------------------- ======================================== New drive connected, but USBNoRisk can't find it ======================================== New device connected at 7.4.2011 19:29:30 Scanning for connected USB mass storage... ---------------------------------------- ======================================== New drive connected, but USBNoRisk can't find it ======================================== New device connected at 7.4.2011 19:29:30 Scanning for connected removable storage... ---------------------------------------- ======================================== New drive connected, but USBNoRisk can't find it ======================================== New device connected at 7.4.2011 19:29:44 Scanning for connected USB mass storage... ---------------------------------------- H: {bf23d0ba-0a77-11de-b67f-001b385469e0} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on H: ---------------------------------------- No Autorun.inf files found on H: No mountpoint found for bf23d0ba-0a77-11de-b67f-001b385469e0 ---------------------------------------- No Desktop.ini files found on H: ---------------------------------------- No mimics found on drive H: ======================================== Inače, instalirao sam ponovo NOD i sad mi više ne prijavljuje onu poruku.

Profil

1l padr1n0 Poslao: 07 Apr 2011 21:28 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izbrsi tu verziju USBNoRisk-a, skini novu verziju sa linka koji sam ti dao u prethodnoj poruci i izvrsi ponovo skeniranje. Okaci izvestaj u sledecoj poruci da pogledam. Kakvo je sada stanje racunara? goran9888 (AMF Tim)

Profil

draganela Poslao: 07 Apr 2011 21:46 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sad mi se komp čini dobro, ne vidim nikakve probleme. USBNoRisk 2.7 (28 December 2010) by bobby Started at 7.4.2011 21:43:39 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {56bbb064-01bd-11de-8788-806d6172696f} C: {56bbb066-01bd-11de-8788-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 56bbb066-01bd-11de-8788-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 56bbb064-01bd-11de-8788-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== ======================================== ======================================== New device connected at 7.4.2011 21:44:07 Scanning for connected USB mass storage... ---------------------------------------- ======================================== New drive connected, but USBNoRisk can't find it ======================================== New device connected at 7.4.2011 21:44:14 Scanning for connected USB mass storage... ---------------------------------------- ======================================== New drive connected, but USBNoRisk can't find it ======================================== New device connected at 7.4.2011 21:44:15 Scanning for connected USB mass storage... ---------------------------------------- ======================================== New drive connected, but USBNoRisk can't find it ======================================== New device connected at 7.4.2011 21:44:15 Scanning for connected removable storage... ---------------------------------------- ======================================== New drive connected, but USBNoRisk can't find it ======================================== New device connected at 7.4.2011 21:44:22 Scanning for connected USB mass storage... ---------------------------------------- H: {bf23d0ba-0a77-11de-b67f-001b385469e0} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on H: ---------------------------------------- No autorun.inf files found on H: No mountpoint found for bf23d0ba-0a77-11de-b67f-001b385469e0 ---------------------------------------- No Desktop.ini files found on H: ---------------------------------------- No mimics found on drive H: ---------------------------------------- No .lnk/.pif/.com/.scr files found on drive H: ========================================

Profil

1l padr1n0 Poslao: 08 Apr 2011 02:47 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: http://www.besttechie.net/tools/mbam-setup.exe Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: Update Malwarebytes' Anti-Malware; Launch Malwarebytes Anti-Malware; a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti. Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). ----------------------------------------------------- - Kao prvo, nadam se da koristis legalan NOD, tj. da imas uredno kupljenu licencu za njega. Ukoliko nemas, onda ti svakako predlazem da predjes na koriscenje neke besplatne alternative tipa: Avast, Avira, AVG, Panda Cloud, MSE, itd; - Koristis Adobe Reader 9.4.3 koji je stara a ujedno i kriticna verzija ovog PDF citaca zbog propusta u sigurnosti. Svakako ti predlazem da instaliras najnoviju verziju (Reader X) ili predjes na alternativu tipa Foxit Reader, Nitro PDF Reader, itd ...; - Predlazem ti da deinstaliras Facebook Plug-In (mislim da je to vise nego nepotrebna stvar). Takodje deinstaliraj i MP4 Player koji je nepozeljan program s'obzirom da njegov rad nije tipican za programe legalnog porekla (ne kazem da je u pitanju malware). Vise informacija mozes naci ovde: LINK; - Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja. Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan. Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/ Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html goran9888 (AMF Tim)

Profil

draganela Poslao: 08 Apr 2011 17:11 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odradio sam i ovo, i hvala na ovim savetima. Malwarebytes' Anti-Malware 1.50.1.1100 malwarebytes.org Database version: 6312 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 8.4.2011 17:10:09 mbam-log-2011-04-08 (17-10-09).txt Scan type: Quick scan Objects scanned: 141177 Time elapsed: 3 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Profil

1l padr1n0 Poslao: 09 Apr 2011 01:16 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	1Ovo se svidja korisniku: ThePhilosopher Registruj se da bi pohvalio/la poruku! Tvoj racunar je cist sto se malware-a tice.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom

Ko je trenutno na forumu

Ukupno su 887 korisnika na forumu :: 57 registrovanih, 7 sakrivenih i 823 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, _Rade, A.R.Chafee.Jr., ajo baba, babaroga, Bobrock1, Boris90, cenejac111, darcaud, darkangel, deLacy, Denaya, Dimitrise93, djboj, Dovla, FileFinder, Georgius, ikan, Istman, ivicasimo, kokodakalo, krkalon, kunktator, kybonacci, Lubica, marsovac 2, MB120mm, Mercury, mikrimaus, mile23, milenko crazy north, Miskohd, Mixelotti, mnn2, mrav pesadinac, nebkv, nikoladim, novator, opt1, Panter, Petarvu, prashinar, raptorsi, Romibrat, royst33, shadower78, Sirius, Srle993, stalja, stegonosa, vathra, VJ, vlajkox, vlvl, voja64, zeo, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by