MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom

Problem sa virusom

Napisano na dan: 6.1.2012

Strana:
1
2
3
4

Problem sa virusom

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

cilitis Poslao: 06 Jan 2012 03:12 Idi na vrh
offline cilitis Građanin Stefanovic Pridružio: 02 Nov 2011 Poruke: 144 Gde živiš: Nis	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 06 Jan 2012 2:00 Preso sam sa Telekomovog ADSL-a na kablovski internet IKOM,i kako sam prikljucio komp poludeo je od virusa,pokusao da obrisem Avirom i Malwarebytes Anti-Malware-om ali bezuspesno.....uradio sistem re na raniji datum i nista,ko postoji resenje bio bih vam zahvalan,ako ne da reinstalirAM xp3 inace imam 32-bit-ni....hvala unapred mycity.rs/must-login.png . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by owner at 11:16:30 on 2012-01-05 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.512.103 [GMT 1:00] . AV: Avira Desktop Enabled/Updated {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\VisualTaskTips\VisualTaskTips.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\YoWindow\yowindow.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\owner\Application Data\2.tmp C:\Documents and Settings\owner\Application Data\3.tmp C:\WINDOWS\aadrive32.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch mWinlogon: Taskman=c:\recycler\s-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,Explorer.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [VisualTaskTips] c:\program files\visualtasktips\VisualTaskTips.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [AdobeBridge] uRun: [zaber0] c:\recycler\s-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe uRun: [zaber0] c:\recycler\s-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Microsoft Driver Setup] c:\windows\aadrive32.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t mExplorerRun: [Microsoft Driver Setup] c:\windows\aadrive32.exe StartupFolder: c:\docume~1\owner\startm~1\programs\startup\yowindow.lnk - c:\program files\yowindow\yowindow.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Free YouTube Download - c:\documents and settings\owner\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\documents and settings\owner\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177316463750 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 95.180.0.18 95.180.1.2 TCP: Interfaces\{15E13B7F-0590-4AEE-9375-86D10DA96DE7} : DhcpNameServer = 192.168.0.1 192.168.1.1 TCP: Interfaces\{328A07BF-0A62-4771-A364-4F693F54BF25} : DhcpNameServer = 95.180.0.18 95.180.1.2 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\kwcbr7em.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: RapidShare DownloadHelper: rsDownloadHelper@yevgenyandrov.net - %profile%\extensions\rsDownloadHelper@yevgenyandrov.net FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com FF - Ext: Facebook Phishing Protector: {023e9ca0-63f3-47b1-bcb2-9badf9d9ef28} - %profile%\extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28} FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-4 36000] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-3 232512] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-4 74640] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-4 86224] S2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-4 110032] S2 jyblwxk;Microsoft Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336] S3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;c:\windows\system32\drivers\n100325.sys [2007-4-23 128000] . =============== Created Last 30 ================ . 2012-01-05 10:12:29 52736 --sh--r- c:\windows\aadrive32.exe 2012-01-05 10:12:28 52736 ----a-w- c:\documents and settings\owner\application data\4.tmp 2012-01-05 10:12:26 27648 ----a-w- c:\documents and settings\owner\application data\3.tmp 2012-01-05 10:12:24 135024 ----a-w- c:\documents and settings\owner\application data\2.tmp 2012-01-05 00:04:18 135024 ----a-w- c:\documents and settings\owner\application data\10.tmp 2012-01-04 22:53:17 52736 ----a-w- c:\documents and settings\owner\application data\B.tmp 2012-01-04 21:23:35 29696 ----a-w- c:\windows\system32\02.exe 2012-01-04 21:21:51 29696 ----a-w- c:\windows\system32\65.exe 2012-01-04 21:19:50 29696 ----a-w- c:\windows\system32\38.exe 2012-01-04 21:14:17 52736 ----a-w- c:\documents and settings\owner\application data\A.tmp 2012-01-04 08:12:37 29696 ----a-w- c:\windows\system32\12.exe 2012-01-04 06:59:28 29696 ----a-w- c:\windows\system32\51.exe 2012-01-04 03:28:56 29696 ----a-w- c:\windows\system32\64.exe 2012-01-04 03:26:13 29696 ----a-w- c:\windows\system32\22.exe 2012-01-04 03:18:12 83456 ----a-w- c:\documents and settings\owner\vfdewd.exe 2012-01-04 03:17:06 29696 ----a-w- c:\windows\system32\74.exe 2012-01-04 02:52:41 135024 ------w- c:\documents and settings\owner\application data\5.tmp 2012-01-04 02:24:51 274288 ----a-w- c:\windows\system32\mucltui.dll 2012-01-04 02:24:51 215920 ----a-w- c:\windows\system32\muweb.dll 2012-01-04 02:24:51 16736 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-01-04 02:24:13 21728 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-01-04 02:24:12 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-01-04 02:24:12 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-01-04 02:24:12 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-01-04 02:05:12 135024 ----a-w- c:\documents and settings\owner\application data\21.tmp 2012-01-04 02:04:21 29696 ----a-w- c:\windows\system32\03.exe 2012-01-04 01:50:09 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-01-04 01:50:09 -------- d-----w- c:\windows\system32\wbem\Repository 2012-01-03 11:05:50 -------- d-----w- c:\windows\LastGood(2) 2012-01-02 10:28:53 -------- d-----w- c:\documents and settings\owner\local settings\application data\Google . ==================== Find3M ==================== . 2011-12-10 14:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-02 14:30:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-27 21:18:04 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-27 21:18:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-26 18:23:55 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-11-26 18:23:55 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-11-03 16:24:05 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-10-19 06:28:06 689664 ----a-w- c:\windows\system32\yowindow.scr . ============= FINISH: 11:17:43,96 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png Dopuna: 06 Jan 2012 2:12 mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 06 Jan 2012 03:34 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav cilitis! U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ------------------------------------------------------------------------------------- Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. goran9888 (AMF Tim)

Profil

cilitis Poslao: 06 Jan 2012 04:40 Idi na vrh
offline cilitis Građanin Stefanovic Pridružio: 02 Nov 2011 Poruke: 144 Gde živiš: Nis	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: ComboFix 12-01-05.04 - owner 06.01.2012 4:10.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.512.144 [GMT 1:00] Running from: c:\documents and settings\owner\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\owner\Application Data\10.tmp c:\documents and settings\owner\Application Data\2.tmp c:\documents and settings\owner\Application Data\21.tmp c:\documents and settings\owner\Application Data\3.tmp c:\documents and settings\owner\Application Data\34.tmp c:\documents and settings\owner\Application Data\35.tmp c:\documents and settings\owner\Application Data\36.tmp c:\documents and settings\owner\Application Data\37.tmp c:\documents and settings\owner\Application Data\38.tmp c:\documents and settings\owner\Application Data\39.tmp c:\documents and settings\owner\Application Data\3A.tmp c:\documents and settings\owner\Application Data\3B.tmp c:\documents and settings\owner\Application Data\3C.tmp c:\documents and settings\owner\Application Data\3D.tmp c:\documents and settings\owner\Application Data\3E.tmp c:\documents and settings\owner\Application Data\3F.tmp c:\documents and settings\owner\Application Data\4.tmp c:\documents and settings\owner\Application Data\40.tmp c:\documents and settings\owner\Application Data\5.tmp c:\documents and settings\owner\Application Data\6.tmp c:\documents and settings\owner\Application Data\7.tmp c:\documents and settings\owner\Application Data\8.tmp c:\documents and settings\owner\Application Data\96.tmp c:\documents and settings\owner\Application Data\97.tmp c:\documents and settings\owner\Application Data\98.tmp c:\documents and settings\owner\Application Data\A.tmp c:\documents and settings\owner\Application Data\B.tmp c:\documents and settings\owner\vfdewd.exe c:\windows\aadrive32.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\02.exe c:\windows\system32\03.exe c:\windows\system32\12.exe c:\windows\system32\22.exe c:\windows\system32\38.exe c:\windows\system32\51.exe c:\windows\system32\64.exe c:\windows\system32\65.exe c:\windows\system32\74.exe c:\windows\system32\drivers\etc\hosts.txt c:\windows\system32\msssc.dll c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 ))))))))))))))))))))))))))))))) . . 2012-01-04 03:21 . 2012-01-04 03:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2012-01-04 02:24 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2012-01-04 02:24 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll 2012-01-04 02:24 . 2009-08-06 18:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-01-04 02:24 . 2009-08-06 18:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-01-04 02:24 . 2009-08-06 18:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-01-04 02:24 . 2009-08-06 18:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-01-04 01:50 . 2012-01-04 01:50 -------- d-----w- c:\windows\system32\wbem\Repository 2012-01-03 11:05 . 2012-01-04 01:41 -------- d-----w- c:\windows\LastGood(2) 2012-01-02 10:28 . 2012-01-04 01:48 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Google 2011-12-29 02:49 . 2011-12-29 02:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Mozilla . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 14:24 . 2011-11-03 16:37 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-02 14:30 . 2011-11-03 16:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-27 21:18 . 2011-11-27 21:18 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-27 21:18 . 2011-11-27 21:18 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-26 18:23 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-11-26 18:23 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-11-03 16:24 . 2011-11-03 16:24 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-10-19 06:28 . 2011-10-19 06:28 689664 ----a-w- c:\windows\system32\yowindow.scr . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2006-03-14 34816] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] "AdobeBridge"="" [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 98304] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008] "nwiz"="nwiz.exe" [2007-09-16 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2011-11-26 202256] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . c:\documents and settings\owner\Start Menu\Programs\Startup\ YoWindow.lnk - c:\program files\YoWindow\yowindow.exe [2011-9-17 759808] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "8559:TCP"= 8559:TCP:qjbudnlz . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/4/2011 7:50 PM 36000] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11/3/2011 5:24 PM 232512] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/3/2011 5:37 PM 652872] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/3/2011 5:37 PM 20464] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/4/2011 7:50 PM 86224] S2 jyblwxk;Microsoft Windows;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 11:56 PM 14336] S3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;c:\windows\system32\drivers\n100325.sys [4/23/2007 9:13 AM 128000] . --- Other Services/Drivers In Memory --- . NewlyCreated - IPFILTERDRIVER NewlyCreated - MBAMPROTECTOR NewlyCreated - MBAMSERVICE NewlyCreated - RSVP . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs jyblwxk . Contents of the 'Scheduled Tasks' folder . 2012-01-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-670792205-2225589205-3563514748-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02] . 2011-12-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-670792205-2225589205-3563514748-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02] . 2012-01-06 c:\windows\Tasks\User_Feed_Synchronization-{EF5539D9-73C2-488E-899E-A6A99A167973}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Free YouTube Download - c:\documents and settings\owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\documents and settings\owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 95.180.0.18 95.180.1.2 FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\kwcbr7em.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: RapidShare DownloadHelper: rsDownloadHelper@yevgenyandrov.net - %profile%\extensions\rsDownloadHelper@yevgenyandrov.net FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com FF - Ext: Facebook Phishing Protector: {023e9ca0-63f3-47b1-bcb2-9badf9d9ef28} - %profile%\extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28} FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - ORPHANS REMOVED - - - - . HKCU-Run-AdobeBridge - (no file) MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2012-01-06 04:22 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwEnumerateValueKey, ZwQueryDirectoryFile . scanning hidden processes ... . scanning hidden autostart entries ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run Rcaeav = c:\documents and settings\owner\Application Data\Rcaeav.exe . scanning hidden files ... . . c:\documents and settings\owner\Application Data\Rcaeav.exe 83456 bytes executable . scan completed successfully hidden files: 1 . ************************************************************************ . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rcaeav"="c:\\Documents and Settings\\owner\\Application Data\\Rcaeav.exe" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jyblwxk] "ServiceDll"="c:\windows\system32\iimsikty.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(640) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\system32\WININET.dll . Completion time: 2012-01-06 04:26:17 ComboFix-quarantined-files.txt 2012-01-06 03:26 . Pre-Run: 34.518.896.640 bytes free Post-Run: 34.732.343.296 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - FF3FE5BAD0953C0D965F45CD8FF71DDF mycity.rs/must-login.png Posle ComboFix-a restartovao sam komp i izasla su ova 3 prozorcica

Profil

1l padr1n0 Poslao: 06 Jan 2012 13:36 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nadam se da nisi, i nemoj dok ti to ne zatrazim, prikljucivao usb memorijske uredjaje. Otvoriti Notepad i iskopirati sledeci tekst: `KillAll:: File:: c:\documents and settings\owner\Application Data\Rcaeav.exe c:\windows\system32\iimsikty.dll Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8559:TCP"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rcaeav"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"=dword:00000001 Driver:: jyblwxk NetSvc:: jyblwxk` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. goran9888 (AMF Tim)

Profil

cilitis Poslao: 07 Jan 2012 08:44 Idi na vrh
offline cilitis Građanin Stefanovic Pridružio: 02 Nov 2011 Poruke: 144 Gde živiš: Nis	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nisam prikljucivao nikakve usb memorijske uredjaje.......niti sam do sada na kompu Kada prevucem snimljeni skript/tekst na ComboFix ,pocfne da radi i ukoci komp ,tako da je sve "mrtvo" i moram ga resetovati da bih mogao ponovo i isto se desava ,ComboFix izbaci propzorcic i ne odradi vec zablokiraju sve funkcije.......pa popnovo restart ..... Sta uraditi dalje?

Profil

1l padr1n0 Poslao: 07 Jan 2012 12:59 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! cilitis ::Kada prevucem snimljeni skript/tekst na ComboFix ,pocfne da radi i ukoci komp ,tako da je sve "mrtvo" i moram ga resetovati da bih mogao ponovo i isto se desava ,ComboFix izbaci propzorcic i ne odradi vec zablokiraju sve funkcije.......pa popnovo restart ..... Sta uraditi dalje? AV (Avira) je iskljucen u tom trenutku? Obrisi taj ComboFix sa Desktop-a, skini novu verziju sa ove adrese i snimi je opet na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Zatim pokusaj ponovo da napravis skriptu i prevuces je na ComboFix ikonu. goran9888 (AMF Tim)

Profil

cilitis Poslao: 08 Jan 2012 02:05 Idi na vrh
offline cilitis Građanin Stefanovic Pridružio: 02 Nov 2011 Poruke: 144 Gde živiš: Nis	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png ComboFix 12-01-07.02 - owner 08.01.2012 1:44.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.512.190 [GMT 1:00] Running from: d:\my documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt . FILE :: "c:\documents and settings\owner\Application Data\Rcaeav.exe" "c:\windows\system32\iimsikty.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\owner\Application Data\2.tmp c:\documents and settings\owner\Application Data\21.tmp c:\documents and settings\owner\Application Data\3.tmp c:\documents and settings\owner\Application Data\4.tmp c:\documents and settings\owner\Application Data\5.tmp c:\documents and settings\owner\Application Data\6.tmp c:\documents and settings\owner\Application Data\7.tmp c:\documents and settings\owner\Application Data\8.tmp c:\documents and settings\owner\Application Data\9.tmp c:\documents and settings\owner\Application Data\A.tmp c:\documents and settings\owner\Application Data\A6.tmp c:\documents and settings\owner\Application Data\A7.tmp c:\documents and settings\owner\Application Data\A8.tmp c:\documents and settings\owner\Application Data\Rcaeav.exe c:\windows\aadrive32.exe c:\windows\system32\iimsikty.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_JYBLWXK -------\Service_jyblwxk . . ((((((((((((((((((((((((( Files Created from 2011-12-08 to 2012-01-08 ))))))))))))))))))))))))))))))) . . 2012-01-07 07:19 . 2012-01-07 07:19 -------- d-----w- c:\documents and settings\owner\Application Data\Qualys 2012-01-04 03:21 . 2012-01-04 03:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2012-01-04 02:24 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2012-01-04 02:24 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll 2012-01-04 02:24 . 2009-08-06 18:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-01-04 02:24 . 2009-08-06 18:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-01-04 02:24 . 2009-08-06 18:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-01-04 02:24 . 2009-08-06 18:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-01-04 01:50 . 2012-01-04 01:50 -------- d-----w- c:\windows\system32\wbem\Repository 2012-01-03 11:05 . 2012-01-04 01:41 -------- d-----w- c:\windows\LastGood(2) 2012-01-02 10:28 . 2012-01-04 01:48 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Google 2011-12-29 02:49 . 2011-12-29 02:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Mozilla . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 14:24 . 2011-11-03 16:37 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-02 14:30 . 2011-11-03 16:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-27 21:18 . 2011-11-27 21:18 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-27 21:18 . 2011-11-27 21:18 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-26 18:23 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-11-26 18:23 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-11-03 16:24 . 2011-11-03 16:24 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-10-19 06:28 . 2011-10-19 06:28 689664 ----a-w- c:\windows\system32\yowindow.scr . . ((((((((((((((((((((((((((((( SnapShot@2012-01-06_03.22.48 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-08 00:56 . 2012-01-08 00:56 16384 c:\windows\temp\Perflib_Perfdata_4b4.dat + 2001-08-23 12:00 . 2012-01-08 00:32 67312 c:\windows\system32\perfc009.dat - 2001-08-23 12:00 . 2012-01-06 01:46 67312 c:\windows\system32\perfc009.dat + 2001-08-23 12:00 . 2012-01-08 00:32 432356 c:\windows\system32\perfh009.dat - 2001-08-23 12:00 . 2012-01-06 01:46 432356 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2006-03-14 34816] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 98304] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008] "nwiz"="nwiz.exe" [2007-09-16 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2011-11-26 202256] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . c:\documents and settings\owner\Start Menu\Programs\Startup\ YoWindow.lnk - c:\program files\YoWindow\yowindow.exe [2011-9-17 759808] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/4/2011 7:50 PM 36000] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11/3/2011 5:24 PM 232512] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/3/2011 5:37 PM 20464] S3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;c:\windows\system32\drivers\n100325.sys [4/23/2007 9:13 AM 128000] . Contents of the 'Scheduled Tasks' folder . 2012-01-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-670792205-2225589205-3563514748-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02] . 2011-12-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-670792205-2225589205-3563514748-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02] . 2012-01-08 c:\windows\Tasks\User_Feed_Synchronization-{EF5539D9-73C2-488E-899E-A6A99A167973}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Free YouTube Download - c:\documents and settings\owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\documents and settings\owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 95.180.0.18 95.180.1.2 FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\kwcbr7em.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: RapidShare DownloadHelper: rsDownloadHelper@yevgenyandrov.net - %profile%\extensions\rsDownloadHelper@yevgenyandrov.net FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com FF - Ext: Facebook Phishing Protector: {023e9ca0-63f3-47b1-bcb2-9badf9d9ef28} - %profile%\extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28} FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: QualysBrowserCheck: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} - %profile%\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2012-01-08 01:56 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(648-) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . - - - - - - - > 'explorer.exe'(3100) c:\windows\system32\WININET.dll c:\program files\Unlocker\UnlockerHook.dll c:\program files\VisualTaskTips\VttHooks.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wdfmgr.exe c:\program files\Avira\AntiVir Desktop\sched.exe c:\windows\system32\wscntfy.exe c:\windows\system32\dwwin.exe c:\program files\Internet Explorer\IEXPLORE.EXE c:\program files\Internet Explorer\IEXPLORE.EXE . ************************************************************************ . Completion time: 2012-01-08 01:58:47 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-08 00:58 ComboFix2.txt 2012-01-06 03:26 . Pre-Run: 34.653.261.824 bytes free Post-Run: 34.566.922.240 bytes free . - - End Of File - - C5AC624AC62A5F9C1C9348E04371D0FD

Profil

1l padr1n0 Poslao: 08 Jan 2012 02:11 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje sistema? Imas li problema? - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd. goran9888 (AMF Tim)

Profil

cilitis Poslao: 08 Jan 2012 02:30 Idi na vrh
offline cilitis Građanin Stefanovic Pridružio: 02 Nov 2011 Poruke: 144 Gde živiš: Nis	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Gorane hvala puno ,sad sam restartovao komp posle savega uiradjenog, prvo je sve ukocio ,znaci opet mrtav pa sam ponovo restartovao i izbacio je ova dva prozorcica I upozorenje iz windows security alerts da mi je sistem nezasticen...... Da li trebam sada pustiti Malwarebytes Anti-Malware da proverim ili vec sta mi predlazes

Profil

1l padr1n0 Poslao: 08 Jan 2012 02:36 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Reinstaliraj Aviru - deinstaliraj je iz Control panel -> Add or Remove programs, restartuj sistem pa je ponovo instaliraj. Odavde mozes da je skines: http://www.avira.com/en/avira-free-antivirus Pokreni slobodno MBAM i ostavi izvestaj ovde ako nesto bude detektovano. Samo idi na Quick Scan. goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom

Ko je trenutno na forumu

Ukupno su 1076 korisnika na forumu :: 43 registrovanih, 6 sakrivenih i 1027 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 9k38, A.R.Chafee.Jr., ajo baba, Apok, bojanM84, bokisha253, Boris BM, BORUTUS, crnitrn, d bos, Denaya, Djokislav, Dorcolac, DragoslavS, drimer, dushan, FOX, Frunze, gasha, ikan, Lucije Kvint, maiden6657, Marko Marković, mercedesamg, Mercury, Metanoja, MiG-29M2, milanovic, mocnijogurt, ObelixSRB, operniki, procesor, radoznao, raptorsi, sevenino, Singidunumac, sokars, stankolich, Sumadija34, vathra, vladulns, x9, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by