MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom

Problem sa virusom

Napisano na dan: 6.4.2011
1

Problem sa virusom
Sledeća strana Pagination

Idi na vrh

Poslao: 06 Apr 2011 21:48
Idi na vrh
offline
  • Dragan Đurašinović
  • Pridružio: 20 Dec 2008
  • Poruke: 82

Juče sam skidao neke obične slike sa neta i kada sam pokušao jednu da skinem NOD mi je javio da je adresa blokirana, ja sam zatvorio tu stranicu, ali sad mi NOD prikazuje istu poruku kad god pokušam da otvorim bilo koju stranicu, uspem da otvorim bilo šta, ali se ponavlja da je blokirana ona URL adresa, malo pre mi javlja da je istekao username i pasword kod NOD-a iako je trebalo da istekne tek u avgustu.
Poslao sam vam i sliku kako izgleda to upozorenje NOD-a.
Ako se ne vidi baš dobro URL je: d3lvr7yuk4uaui.cloudfront.net/items/domains/p...

Evo kopija DDS-a:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Sandra at 20:08:00,76 on sre 06.04.2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.294 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MP4 Player\mp4Player.exe
svchost.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\mts mobilni internet\mts mobilni internet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Sandra\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
mWinlogon: Taskman=c:\recycler\s-1-5-21-1019106874-9735547860-812991959-5784\nissan.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\imesh\iMeshIEHelper.dll
BHO: GamePlayLabsBHO Class: {984a9162-8891-4d19-8cfe-17648bb4e1ec} - c:\documents and settings\sandra\local settings\application data\gameplaylabs plugin\BHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BS.Player ControlBar: {2c688203-7eb3-4327-9995-1cb417ba23f9} - c:\program files\bs.player controlbar\BSToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MP4 Player] "c:\program files\mp4 player\mp4Player.exe" hmw
uRun: [DU Meter] c:\program files\du meter\DUMeter.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [bind] c:\docume~1\sandra\locals~1\temp\mosc.exe
mRun: [configuration] c:\windows\configuration\configuration.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [Link mogu videti samo ulogovani korisnici]
TCP: {260D4581-E819-4305-B0FB-672FE8DA593E} = 195.178.38.3 195.178.38.8
TCP: {3DFA0C82-18A6-4616-980F-9208B2472EE0} = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\sandra\applic~1\mozilla\firefox\profiles\f5igsa94.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: network.proxy.ftp - proxy.uns.ac.rs
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.uns.ac.rs
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.uns.ac.rs
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.uns.ac.rs
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.uns.ac.rs
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\sandra\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\sandra\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: GamePlayLabs Plugin: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\plugin2@gameplaylabs.com
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/10/22 21:02:25];c:\program files\cyberlink\powerdvd8\000.fcl [2009-8-28 87536]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-1-1 100480]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-7 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2009-2-26 250240]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2009-2-26 476160]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\documents and settings\sandra\desktop\temeratura\WinRing0.sys [2009-9-17 14416]
.
=============== Created Last 30 ================
.
2011-04-05 17:22:12 -------- d-----w- c:\docume~1\sandra\locals~1\applic~1\GamePlayLabs Plugin
2011-03-25 23:48:06 4284416 begin_of_the_skype_highlighting              06 4284416      end_of_the_skype_highlighting ----a-w- c:\windows\system32\GPhotos.scr
2011-03-12 10:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 10:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:42:25 439808 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:31 290048 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 20:08:49,00 ===============

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]



Poslao: 07 Apr 2011 01:31
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav, draganela!











U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.
Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------




Arrow


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.






goran9888 (AMF Tim)



Poslao: 07 Apr 2011 13:35
Idi na vrh
offline
  • Dragan Đurašinović
  • Pridružio: 20 Dec 2008
  • Poruke: 82

Izveštaj ComboFix-a

ComboFix 11-04-06.03 - Sandra 07.04.2011 13:17:19.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.533 [GMT 2:00]
Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin\BHO.dll
C:\Win
c:\win\1.exe
c:\windows\CIDD_P
c:\windows\CIDD_P\53616E647261\10.exe
c:\windows\CIDD_P\53616E647261\br.dll
c:\windows\CIDD_P\53616E647261\clm.dll
c:\windows\CIDD_P\53616E647261\nam.dll
c:\windows\CIDD_P\53616E647261\nfie.dll
c:\windows\CIDD_P\53616E647261\sys.dll
c:\windows\configuration
c:\windows\nigzss.txt
c:\windows\system32\ctfmon.exe.tmp
c:\windows\system32\Temp
c:\windows\system32\Temp\KSKD87SFDS
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-05 17:22 . 2011-04-07 11:20 -------- d-----w- c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin
2011-03-25 23:48 . 2011-03-25 23:48 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-12 10:28 . 2011-03-12 10:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 10:28 . 2011-03-12 10:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 20:40 . 2010-10-29 09:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2010-01-12 15:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2009-02-23 14:41 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-02-23 14:41 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:42 . 2008-04-14 12:00 439808 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-05-27 17:29 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-08-13 13:51 . 2009-03-07 16:15 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2009-05-04 10:54 398768 ----a-w- c:\program files\iMesh Applications\iMesh\iMeshIEHelper.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2008-11-06 772096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-13 30192]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 16:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 16:49 94360]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/10/22 21:02];c:\program files\CyberLink\PowerDVD8\000.fcl [28.8.2009 18:36 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 16:47 731840]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7.3.2009 18:15 30192]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1.1.2010 23:19 100480]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [26.2.2009 23:55 250240]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [26.2.2009 23:55 476160]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\documents and settings\Sandra\Desktop\Temeratura\WinRing0.sys [17.9.2009 16:09 14416]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-03-06 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2011-02-20 15:06]
.
2011-02-27 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-02-20 15:06]
.
2011-02-27 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-02-20 15:04]
.
2011-02-24 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-02-20 15:05]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {3DFA0C82-18A6-4616-980F-9208B2472EE0} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: network.proxy.ftp - proxy.uns.ac.rs
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.uns.ac.rs
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.uns.ac.rs
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.uns.ac.rs
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.uns.ac.rs
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: GamePlayLabs Plugin: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\plugin2@gameplaylabs.com
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DU Meter - c:\program files\DU Meter\DUMeter.exe
HKLM-Run-configuration - c:\windows\configuration\configuration.exe
AddRemove-HijackThis - c:\documents and settings\Sandra\Desktop\pomoc\HijackThis.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files\YouTube Downloader\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2011-04-07 13:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-1220945662-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{178BA037-E4FD-9BB8-98F1-1EB44879AD54}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iacapkhdpfpigldomj"=hex:69,61,62,6c,6c,65,67,63,6c,61,64,65,70,69,62,62,6f,66,
00,00
"haiajipcaghiflej"=hex:6a,61,70,6c,66,66,6c,63,6a,66,68,70,6c,6f,6f,6c,6d,61,
67,64,00,f2
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(676)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\docume~1\Sandra\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2011-04-07 13:30:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-07 11:30
.
Pre-Run: 5.256.925.184 bytes free
Post-Run: 7.521.804.288 bytes free
.
- - End Of File - - C122C6142B1CA3DB15B7CBDA6DDF6832

Poslao: 07 Apr 2011 18:32
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Nisi ispratio uputstvo koje sam ti dao. Potrebno je da iskljucis antivirus. Za ubuduce, detaljno prati uputstva.




Arrow


Otvoriti Notepad i iskopirati sledeci tekst:

FireFox::
FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\
FF - Ext: GamePlayLabs Plugin: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\plugin2@gameplaylabs.com


RegNull::
[HKEY_USERS\S-1-5-21-1085031214-1220945662-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{178BA037-E4FD-9BB8-98F1-1EB44879AD54}*]


Folder::
c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.






Arrow



- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.









goran9888 (AMF Tim)

Poslao: 07 Apr 2011 19:37
Idi na vrh
offline
  • Dragan Đurašinović
  • Pridružio: 20 Dec 2008
  • Poruke: 82

Bio sam isključio NOD i prošli put, samo kad se kompijuter restartovao u toku skeniranja ComboFix-a, Nod se ponovo aktivirao, ja sam ga opet isključio i onda je ComboFix izbacio log.

Evo sad sam uradio ove korake, tu su izveštaji:

ComboFix 11-04-06.03 - Sandra 07.04.2011 19:20:51.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.515 [GMT 2:00]
Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sandra\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com
c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com\chrome.manifest
c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com\chrome\content\ff-overlay.xul
c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com\chrome\content\icon.png
c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com\chrome\content\overlay.js
c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com\chrome\locale\en-US\overlay.properties
c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com\defaults\preferences\prefs.js
c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com\install.rdf
c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\extensions\plugin2@gameplaylabs.com\setup.ini
c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin
c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin\gplplugin.crx
c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin\gplplugin.xpi
c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin\setup.ini
c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin\Uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-03-25 23:48 . 2011-03-25 23:48 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-12 10:28 . 2011-03-12 10:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 10:28 . 2011-03-12 10:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 20:40 . 2010-10-29 09:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2010-01-12 15:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2009-02-23 14:41 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-02-23 14:41 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:42 . 2008-04-14 12:00 439808 ----a-w- c:\windows\system32\shimgvw.dll
2010-08-13 13:51 . 2009-03-07 16:15 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 12:00 . 2011-04-07 11:05 68558 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2011-04-07 11:30 68558 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2011-04-07 11:30 435828 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2011-04-07 11:05 435828 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2009-05-04 10:54 398768 ----a-w- c:\program files\iMesh Applications\iMesh\iMeshIEHelper.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2008-11-06 772096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-13 30192]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 16:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 16:49 94360]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/10/22 21:02];c:\program files\CyberLink\PowerDVD8\000.fcl [28.8.2009 18:36 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 16:47 731840]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1.1.2010 23:19 100480]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7.3.2009 18:15 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [26.2.2009 23:55 250240]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [26.2.2009 23:55 476160]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\documents and settings\Sandra\Desktop\Temeratura\WinRing0.sys [17.9.2009 16:09 14416]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-03-06 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2011-02-20 15:06]
.
2011-02-27 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-02-20 15:06]
.
2011-02-27 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-02-20 15:04]
.
2011-02-24 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-02-20 15:05]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {3DFA0C82-18A6-4616-980F-9208B2472EE0} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\f5igsa94.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: network.proxy.ftp - proxy.uns.ac.rs
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.uns.ac.rs
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.uns.ac.rs
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.uns.ac.rs
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.uns.ac.rs
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-GamePlayLabs Plugin - c:\documents and settings\Sandra\Local Settings\Application Data\GamePlayLabs Plugin\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2011-04-07 19:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
Completion time: 2011-04-07 19:27:06
ComboFix-quarantined-files.txt 2011-04-07 17:26
ComboFix2.txt 2011-04-07 11:30
.
Pre-Run: 4.951.990.272 bytes free
Post-Run: 4.938.108.928 bytes free
.
- - End Of File - - 59AD346BFC835DC53A6091DD2835626A





evo i od USBNoRisk-a

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 7.4.2011 19:29:00

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {56bbb064-01bd-11de-8788-806d6172696f}
C: {56bbb066-01bd-11de-8788-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 56bbb066-01bd-11de-8788-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 56bbb064-01bd-11de-8788-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================
========================================

========================================


New device connected at 7.4.2011 19:29:22

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 7.4.2011 19:29:24

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 7.4.2011 19:29:30

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 7.4.2011 19:29:30

Scanning for connected removable storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 7.4.2011 19:29:44

Scanning for connected USB mass storage...
----------------------------------------
H: {bf23d0ba-0a77-11de-b67f-001b385469e0}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No Autorun.inf files found on H:
No mountpoint found for bf23d0ba-0a77-11de-b67f-001b385469e0
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
========================================

Inače, instalirao sam ponovo NOD i sad mi više ne prijavljuje onu poruku.

Poslao: 07 Apr 2011 21:28
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Izbrsi tu verziju USBNoRisk-a, skini novu verziju sa linka koji sam ti dao u prethodnoj poruci i izvrsi ponovo skeniranje.


Okaci izvestaj u sledecoj poruci da pogledam.





Kakvo je sada stanje racunara?









goran9888 (AMF Tim)

Poslao: 07 Apr 2011 21:46
Idi na vrh
offline
  • Dragan Đurašinović
  • Pridružio: 20 Dec 2008
  • Poruke: 82

Sad mi se komp čini dobro, ne vidim nikakve probleme.

USBNoRisk 2.7 (28 December 2010) by bobby

Started at 7.4.2011 21:43:39

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {56bbb064-01bd-11de-8788-806d6172696f}
C: {56bbb066-01bd-11de-8788-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 56bbb066-01bd-11de-8788-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 56bbb064-01bd-11de-8788-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================
========================================

========================================


New device connected at 7.4.2011 21:44:07

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 7.4.2011 21:44:14

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 7.4.2011 21:44:15

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 7.4.2011 21:44:15

Scanning for connected removable storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 7.4.2011 21:44:22

Scanning for connected USB mass storage...
----------------------------------------
H: {bf23d0ba-0a77-11de-b67f-001b385469e0}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No autorun.inf files found on H:
No mountpoint found for bf23d0ba-0a77-11de-b67f-001b385469e0
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive H:
========================================

Poslao: 08 Apr 2011 02:47
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.



Arrow


Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
[Link mogu videti samo ulogovani korisnici]

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).




-----------------------------------------------------



Arrow

- Kao prvo, nadam se da koristis legalan NOD, tj. da imas uredno kupljenu licencu za njega. Ukoliko nemas, onda ti svakako predlazem da predjes na koriscenje neke besplatne alternative tipa: Avast, Avira, AVG, Panda Cloud, MSE, itd;

- Koristis Adobe Reader 9.4.3 koji je stara a ujedno i kriticna verzija ovog PDF citaca zbog propusta u sigurnosti. Svakako ti predlazem da instaliras najnoviju verziju (Reader X) ili predjes na alternativu tipa Foxit Reader, Nitro PDF Reader, itd ...;

- Predlazem ti da deinstaliras Facebook Plug-In (mislim da je to vise nego nepotrebna stvar). Takodje deinstaliraj i MP4 Player koji je nepozeljan program s'obzirom da njegov rad nije tipican za programe legalnog porekla (ne kazem da je u pitanju malware). Vise informacija mozes naci ovde: LINK;

- Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a: [Link mogu videti samo ulogovani korisnici]

Vise o MCShield-u mozes saznati u ovoj temi: [Link mogu videti samo ulogovani korisnici]






goran9888 (AMF Tim)

Poslao: 08 Apr 2011 17:11
Idi na vrh
offline
  • Dragan Đurašinović
  • Pridružio: 20 Dec 2008
  • Poruke: 82

Odradio sam i ovo, i hvala na ovim savetima.


Malwarebytes' Anti-Malware 1.50.1.1100
[Link mogu videti samo ulogovani korisnici]

Database version: 6312

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

8.4.2011 17:10:09
mbam-log-2011-04-08 (17-10-09).txt

Scan type: Quick scan
Objects scanned: 141177
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Poslao: 09 Apr 2011 01:16
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Tvoj racunar je cist sto se malware-a tice.






MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom

Ko je trenutno na forumu
 

Ukupno su 1220 korisnika na forumu :: 81 registrovanih, 5 sakrivenih i 1134 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aleksjevt, ArchaBasha, Armadillo, Asteker, Bbbggg1979, Boris BM, Boris90, chitach, comi_pfc, Comyymoc, CraniumWhite, desmeki, Desmond, djonsule, Dogma21, Draganeli, draganl, drgrozozo, drimer, Drugsparrow, dusanobr, g0xy, Giskard, Great White, halkin gol, hatman, igorkozar83, Ir, Jaxupa, jodzula, Jomini, Kalem, krkalon, Kubovac, laganini123, Lance Guest, Leonov, M74AB3, Macalone, Marko Marković, Mickey91, mikrimaus, milenko crazy north, Mitogna, mkukoleca, mnn2, momcilob55, nazgul75, nenad81, nenorodjo, Ognjen D., orfanel, peramitić, precan, royst33, ruma, ruso, SamostalniReferent, Sančo, SD izvidjac, SlaKoj, Smiljkovich, Sonic, SOVO515, suton, Tandrkalo, Tastatura ratnik, Tila Painen, Timočka Divizija, tritonus, vathra, Vica1958, VJ, voja64, vrag81, vukovi, vuksa72, xAlex2, yiyi, ZlatniRez, zzapNDjuric99