Možda tražite i:
Nepobedivi virus VIRUT W32.CF
virus,virusi ili....
mbam i sas nasli viruse dali su to stvarno virusi?

MyCity » Ambulanta -> Arhiva Ambulante » Recycler virus

Recycler virus

Napisano na dan: 22.11.2010

Strana:
1
2
3
4

Recycler virus

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

coconut8 Poslao: 22 Nov 2010 04:55 Idi na vrh
offline coconut8 Građanin Pridružio: 22 Nov 2010 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Postovanje svima, Danas sam zakacio preko memory stick-a recycler virus i zarazio sam jedan racunar sa njim. Znaci, reycler folder se pojavio na stick-u, i na C i D particiji racunara. DDS (Ver_10-11-10.01) - NTFSx86 Run by Hermann at 4:33:37.91 on Mon 11/22/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.462 [GMT 1:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Genius\ioCentre\gTaskBar.exe C:\Genius\ioCentre\gMouseTask.exe C:\Genius\ioCentre\gKbdTask.exe C:\Genius\ioCentre\gAutoPan.exe C:\Genius\ioCentre\gAutoScroll.exe C:\Genius\ioCentre\gZoom.exe C:\Genius\ioCentre\gMGlass.exe C:\Genius\ioCentre\gIMMgm.exe C:\Genius\ioCentre\gKbStatus.exe C:\Genius\ioCentre\gDeskMgm.exe C:\Genius\ioCentre\gTaskSwitch.exe C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe C:\Program Files\CPUID\HWMonitorPro\HWMonitorPro.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Hermann.HERMANN-1729E88\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = about:blank uURLSearchHooks: H - No File mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\watermark.exe BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [SpeedswitchXP] c:\program files\speedswitchxp\SpeedswitchXP.exe mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [ioCentre] c:\genius\iocentre\gTaskBar.exe mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: bancaintesabeograd.com\online DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: Antiwpa - antiwpa.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} - c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\herman~1.her\applic~1\mozilla\firefox\profiles\hh64r8ec.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13 FF - plugin: c:\documents and settings\hermann.hermann-1729e88\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified ============= SERVICES / DRIVERS =============== R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-22 237632] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-22 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-22 656320] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-5-30 20200] R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [2010-8-26 17408] S2 ATE_PROCMON;ATE_PROCMON; [x] S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2010-8-26 16384] S3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\drivers\gMouUsb16.sys [2010-8-26 9216] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-11-22 366840] S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-11-22 1145304] S3 tmeter;TMeter Service;c:\windows\system32\drivers\tmeter.sys --> c:\windows\system32\drivers\tmeter.sys [?] S3 tmeterMP;tmeterMP;c:\windows\system32\drivers\tmeter.sys --> c:\windows\system32\drivers\tmeter.sys [?] =============== Created Last 30 ================ 2010-11-22 01:24:38 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\PC Tools 2010-11-22 00:31:55 -------- d-----w- c:\program files\Microsoft ==================== Find3M ==================== 2010-11-04 08:05:57 6656 ----a-w- c:\windows\system32\lpcio.dll ============= FINISH: 4:34:23.93 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 22 Nov 2010 12:11 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, coconut8! U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ------------------------------------------------------------------------------------- Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. goran9888 (AMF Tim)

Profil

coconut8 Poslao: 22 Nov 2010 16:29 Idi na vrh
offline coconut8 Građanin Pridružio: 22 Nov 2010 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 22 Nov 2010 12:49 Hvala na dobrodoslici Gorane!. Evo ga log fajl, i jos jedno pitanje uz to, da li cemo obuhvatiti istovremeno dok cistimo zarazeni racunar i ciscenje zarazenog memory stick-a? Hvala! ComboFix 10-11-21.02 - Hermann 11/22/2010 12:40:32.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.1094 [GMT 1:00] Running from: c:\documents and settings\Hermann.HERMANN-1729E88\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\microsoft\watermark.exe c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe c:\windows\system32\dmlconf.dat c:\windows\XSxS . ((((((((((((((((((((((((( Files Created from 2010-10-22 to 2010-11-22 ))))))))))))))))))))))))))))))) . 2010-11-22 00:31 . 2010-11-22 11:43 -------- d-----w- c:\program files\Microsoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-22 03:57 . 2008-04-14 12:00 6656 ----a-w- c:\windows\system32\lpcio.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpeedswitchXP"="c:\program files\SpeedswitchXP\SpeedswitchXP.exe" [2006-07-14 626688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 61440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2010-03-15 02:08 1158872 ----a-w- c:\progra~1\Eraser\Eraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-06 17:56 136176 ----atw- c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 16:18 479653 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2005-12-23 13:40 90112 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2010-03-09 02:52 80877 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "SharedAccess"=2 (0x2) "SamSs"=2 (0x2) "ERSvc"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "idsvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/22/2010 2:29 AM 237632] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/22/2010 2:29 AM 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/22/2010 2:29 AM 656320] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [5/30/2010 10:37 PM 20200] R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [8/26/2010 11:47 AM 17408] S2 ATE_PROCMON;ATE_PROCMON; [x] S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [8/26/2010 11:47 AM 16384] S3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\drivers\gMouUsb16.sys [8/26/2010 11:47 AM 9216] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [11/22/2010 2:29 AM 366840] S3 tmeter;TMeter Service;c:\windows\system32\DRIVERS\tmeter.sys --> c:\windows\system32\DRIVERS\tmeter.sys [?] S3 tmeterMP;tmeterMP;c:\windows\system32\DRIVERS\tmeter.sys --> c:\windows\system32\DRIVERS\tmeter.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-1417001333-1003Core.job - c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-06 17:56] 2010-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-1417001333-1003UA.job - c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-06 17:56] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: bancaintesabeograd.com\online FF - ProfilePath - c:\documents and settings\Hermann.HERMANN-1729E88\Application Data\Mozilla\Firefox\Profiles\hh64r8ec.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13 FF - plugin: c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSConfigStartUp-TrafMonitor - c:\program files\TMeter\trafmonitor.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-11-22 12:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(576) c:\windows\system32\Ati2evxx.dll c:\windows\system32\antiwpa.dll . Completion time: 2010-11-22 12:45:27 ComboFix-quarantined-files.txt 2010-11-22 11:45 Pre-Run: 13,055,840,256 bytes free Post-Run: 13,554,585,600 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - BA96AC81B19421FBF591E6ECC939B95C Dopuna: 22 Nov 2010 16:29 Mali dodatak, kako primecujem recycler folder je obrisan sa c: particije, ali je ostao na d: particiji i na memory stick-u.

Profil

1l padr1n0 Poslao: 22 Nov 2010 19:28 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvinjavam se sto kasnim sa odgovorom, ali bitno je da cemo problem resiti; nadam se da se ti nigde ne zuris. - Napisao sam da ne prikljucujes USB memorijske uredjaje dok to ne budem zatrazio Potrebno je da detaljno ispratis sledece korake, redosledom kojim sam ih napisao. --------------------------------------- Korak 1 Nemas niti jedan Anti Virus instaliran na racunaru. Potrebno je da odmah instaliras jedan AV. Od besplatnih, mogu ti preporuciti: Avast, Avira, AVG, Panda Cloud, ... Korak 2 Arhiviraj (zip, rar) folder C:\QooBox\Quarantine i upload-uj ga preko sledećeg link-a: http://www.mycity.rs/ambulanta-upload.php Korak 3 Postavi mi svez (novi) DDS log Korak 4 - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd. goran9888 (AMF Tim)

Profil

coconut8 Poslao: 22 Nov 2010 21:49 Idi na vrh
offline coconut8 Građanin Pridružio: 22 Nov 2010 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini Gorane, moja greska za memory stick. Prvo se pojavilo jedno iznenadjenje da mi se Windows XP nije hteo pokrenuti, jer je trazio aktiviranje sto sam i uradio. Preuzeo sam Avast, instalirao ga, pokrenuo Firefox, otvorio tab za upload mycity.rs/ambulanta-upload.php, medjutim kada kliknem na browse nista se ne desava ne otvara se interfejs za trazenje. Pokusao sam otvoriti Internet Explorer, ali bez uspeha Avast je prepoznao prvo neku infekciju, a posle toga mi se IE ni ne zeli otvoriti. Sta mi savetujes kako da okacim Quarantine fajl posto mi Firefox ne da da otvorim browse funkciju? Inace recycler folder se ponovo pojavio na c: particiji. Hvala na strpljenju. DDS (Ver_10-11-10.01) - NTFSx86 Run by Hermann at 21:24:33.70 on Mon 11/22/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.695 [GMT 1:00] AV: avast! Antivirus On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Genius\ioCentre\gTaskBar.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe C:\WINDOWS\system32\ctfmon.exe C:\Genius\ioCentre\gMouseTask.exe C:\Genius\ioCentre\gKbdTask.exe C:\Genius\ioCentre\gAutoPan.exe C:\Genius\ioCentre\gAutoScroll.exe C:\Genius\ioCentre\gZoom.exe C:\Genius\ioCentre\gMGlass.exe C:\Genius\ioCentre\gIMMgm.exe C:\Genius\ioCentre\gKbStatus.exe C:\Genius\ioCentre\gDeskMgm.exe C:\Genius\ioCentre\gTaskSwitch.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Hermann.HERMANN-1729E88\Desktop\Opera\OperaPortable\OperaPortable.exe C:\Documents and Settings\Hermann.HERMANN-1729E88\Desktop\Opera\OperaPortable\App\Opera\opera.exe C:\Documents and Settings\Hermann.HERMANN-1729E88\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = about:blank uURLSearchHooks: H - No File mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\watermark.exe BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [SpeedswitchXP] c:\program files\speedswitchxp\SpeedswitchXP.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ioCentre] c:\genius\iocentre\gTaskBar.exe mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: bancaintesabeograd.com\online DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\herman~1.her\applic~1\mozilla\firefox\profiles\hh64r8ec.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13 FF - plugin: c:\documents and settings\hermann.hermann-1729e88\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified ============= SERVICES / DRIVERS =============== R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-22 237632] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-22 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-22 656320] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-22 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-22 17744] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-5-30 20200] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384] R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [2010-8-26 17408] S2 ATE_PROCMON;ATE_PROCMON; [x] S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2010-8-26 16384] S3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\drivers\gMouUsb16.sys [2010-8-26 9216] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-11-22 366840] S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-11-22 1145304] S3 tmeter;TMeter Service;c:\windows\system32\drivers\tmeter.sys --> c:\windows\system32\drivers\tmeter.sys [?] S3 tmeterMP;tmeterMP;c:\windows\system32\drivers\tmeter.sys --> c:\windows\system32\drivers\tmeter.sys [?] =============== Created Last 30 ================ 2010-11-22 19:58:05 38848 ----a-w- c:\windows\avastSS.scr 2010-11-22 19:57:50 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Alwil Software 2010-11-22 19:45:45 -------- d-----w- c:\windows\system32\SoftwareDistribution 2010-11-22 11:46:14 61869 ----a-w- c:\program files\mozilla firefox\firefoxmgr.exe 2010-11-22 11:39:45 -------- d-sha-r- C:\cmdcons 2010-11-22 11:38:28 98816 ----a-w- c:\windows\sed.exe 2010-11-22 11:38:28 89088 ----a-w- c:\windows\MBR.exe 2010-11-22 11:38:28 256512 ----a-w- c:\windows\PEV.exe 2010-11-22 11:38:28 161792 ----a-w- c:\windows\SWREG.exe 2010-11-22 01:24:38 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\PC Tools 2010-11-22 00:31:55 -------- d-----w- c:\program files\Microsoft ==================== Find3M ==================== 2010-11-22 03:57:09 6656 ----a-w- c:\windows\system32\lpcio.dll ============= FINISH: 21:25:13.95 =============== USBNoRisk 2.6 (08 September 2010) by bobby Started at 11/22/2010 9:45:22 PM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {aa90afc3-388f-11de-97c2-806d6172696f} D: {aa90afc4-388f-11de-97c2-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for aa90afc3-388f-11de-97c2-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for aa90afc4-388f-11de-97c2-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 11/22/2010 9:46:24 PM Scanning for connected USB mass storage... ---------------------------------------- F: {6c68e86a-3886-11de-9665-0013d3f02825} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for 6c68e86a-3886-11de-9665-0013d3f02825 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ========================================

Profil

1l padr1n0 Poslao: 22 Nov 2010 22:45 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moras samo detaljno citati moje poruke i raditi iskljucivo sta ti napisem. Ukoliko nesto nije jasno, pitas. Idemo dalje ... Prikljucivanjem USB mem. uredjaja si ponovo zarazio racunar, pa je potrebno ponoviti jedan od prethodnih koraka. -------------------------------------------------------- Korak 1 Citat:Arhiviraj (zip, rar) folder C:\QooBox\Quarantine i upload-uj ga preko sledećeg link-a: http://www.mycity.rs/ambulanta-upload.php Imas WinRar na racunaru, tako da ne vidim sta je tu problem. Potrebno je da doticni folder zip-ujes (desni klik na folder Quarantine -> Add to Archive) i taj novonastali fajl posaljes preko onog linka. Ukoliko se ne snadjes, zanemari ovaj korak. Korak 2 Isprati ponovo, samo sada detaljnije (jer sada imas AV), uputstvo za pokretanje i skeniranje ComboFix-om i postavi mi log. Korak 3 - Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje. - Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj. - Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `{6c68e86a-3886-11de-9665-0013d3f02825} folder_list:%DRIVE% no_sh:` - Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci. goran9888 (AMF Tim)

Profil

coconut8 Poslao: 22 Nov 2010 23:32 Idi na vrh
offline coconut8 Građanin Pridružio: 22 Nov 2010 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 22 Nov 2010 23:28 Gorane, problem je bio malo veci jer mi se sada i Firefox totalno zaledio, pa sam na srecu aktivirao uspesno chrome. ComboFix 10-11-22.02 - Hermann 11/22/2010 23:15:35.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.951 [GMT 1:00] Running from: c:\documents and settings\Hermann.HERMANN-1729E88\Desktop\ComboFix.exe AV: avast! Antivirus On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\microsoft\watermark.exe c:\windows\system32\dmlconf.dat . ((((((((((((((((((((((((( Files Created from 2010-10-22 to 2010-11-22 ))))))))))))))))))))))))))))))) . 2010-11-22 20:47 . 2010-11-22 20:53 -------- d-----w- C:\USBNoRisk 2010-11-22 19:58 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-11-22 19:58 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-11-22 19:58 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-11-22 19:58 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-11-22 19:58 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-11-22 19:58 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-11-22 19:58 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-11-22 19:58 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr 2010-11-22 19:58 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-11-22 19:57 . 2010-11-22 19:57 -------- d-----w- c:\program files\Alwil Software 2010-11-22 19:57 . 2010-11-22 19:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software 2010-11-22 11:46 . 2010-11-22 11:46 61869 ----a-w- c:\program files\Mozilla Firefox\firefoxmgr.exe 2010-11-22 00:31 . 2010-11-22 22:18 -------- d-----w- c:\program files\Microsoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-22 03:57 . 2008-04-14 12:00 6656 ----a-w- c:\windows\system32\lpcio.dll . ((((((((((((((((((((((((((((( SnapShot@2010-11-22_11.43.39 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2010-11-22 21:56 . 2010-11-22 21:56 16384 c:\windows\Temp\Perflib_Perfdata_980.dat + 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll + 2010-01-01 19:40 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll + 2010-01-01 19:40 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe + 2010-11-22 19:45 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll - 2008-04-14 12:00 . 2010-10-31 08:42 67714 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2010-11-22 19:48 67714 c:\windows\system32\perfc009.dat + 2010-01-01 19:40 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll + 2010-01-01 19:40 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll + 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll + 2010-01-01 19:40 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll + 2010-01-01 19:40 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll + 2010-01-01 19:40 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll - 2008-04-14 12:00 . 2010-10-31 08:42 432924 c:\windows\system32\perfh009.dat + 2008-04-14 12:00 . 2010-11-22 19:48 432924 c:\windows\system32\perfh009.dat + 2010-01-01 19:40 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2010-01-01 19:40 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2010-01-01 19:40 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2010-11-22 19:58 . 2010-11-22 19:58 219648 c:\windows\Installer\d02ae.msi + 2010-01-01 19:40 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll + 2010-01-01 19:40 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpeedswitchXP"="c:\program files\SpeedswitchXP\SpeedswitchXP.exe" [2006-07-14 692633] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 127472] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2010-03-15 02:08 1158872 ----a-w- c:\progra~1\Eraser\Eraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-06 17:56 136176 ----atw- c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 16:18 479653 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2005-12-23 13:40 90112 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2010-03-09 02:52 80877 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "SharedAccess"=2 (0x2) "SamSs"=2 (0x2) "ERSvc"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "idsvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/22/2010 2:29 AM 237632] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/22/2010 2:29 AM 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/22/2010 2:29 AM 656320] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/22/2010 8:58 PM 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/22/2010 8:58 PM 17744] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [5/30/2010 10:37 PM 20200] R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [8/26/2010 11:47 AM 17408] S2 ATE_PROCMON;ATE_PROCMON; [x] S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [8/26/2010 11:47 AM 16384] S3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\drivers\gMouUsb16.sys [8/26/2010 11:47 AM 9216] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [11/22/2010 2:29 AM 366840] S3 tmeter;TMeter Service;c:\windows\system32\DRIVERS\tmeter.sys --> c:\windows\system32\DRIVERS\tmeter.sys [?] S3 tmeterMP;tmeterMP;c:\windows\system32\DRIVERS\tmeter.sys --> c:\windows\system32\DRIVERS\tmeter.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-1417001333-1003Core.job - c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-06 17:56] 2010-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-1417001333-1003UA.job - c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-06 17:56] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: bancaintesabeograd.com\online FF - ProfilePath - c:\documents and settings\Hermann.HERMANN-1729E88\Application Data\Mozilla\Firefox\Profiles\hh64r8ec.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13 FF - plugin: c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-11-22 23:19 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(584) c:\windows\system32\Ati2evxx.dll . Completion time: 2010-11-22 23:21:07 ComboFix-quarantined-files.txt 2010-11-22 22:20 ComboFix2.txt 2010-11-22 11:45 Pre-Run: 13,283,692,544 bytes free Post-Run: 13,275,205,632 bytes free - - End Of File - - 3F13C248CD38326261570AC1CD5390DD USBNoRisk 2.6 (08 September 2010) by bobby Started at 11/22/2010 11:24:52 PM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {aa90afc3-388f-11de-97c2-806d6172696f} D: {aa90afc4-388f-11de-97c2-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No autorun.inf files found on C: No mountpoint found for C: No mountpoint found for aa90afc3-388f-11de-97c2-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No autorun.inf files found on D: No mountpoint found for D: No mountpoint found for aa90afc4-388f-11de-97c2-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 11/22/2010 11:25:18 PM Scanning for connected USB mass storage... ---------------------------------------- F: {6c68e86a-3886-11de-9665-0013d3f02825} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No autorun.inf files found on F: No mountpoint found for 6c68e86a-3886-11de-9665-0013d3f02825 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== Processing script ---------------------------------------- 6c68e86a-3886-11de-9665-0013d3f02825 Drive letter for GUID: F: SectionStart = 0 SectionEnd = 2 ---------------------------------------- Folder list for F:\: ---------------------------------------- `dr-hs 0 F:\RECYCLER F:\RECYCLER -rahs 14724 F:\aut[b][/b]orun.inf F:\aut[b][/b]orun.inf --a-- 711 F:\COPYOF~1.LNK F:\Copy of Shortcut to (1).lnk --a-- 702 F:\COPYOF~2.LNK F:\Copy of Shortcut to (2).lnk --a-- 903 F:\COPYOF~3.LNK F:\Copy of Shortcut to (3).lnk --a-- 917 F:\COPYOF~4.LNK F:\Copy of Shortcut to (4).lnk` ---------------------------------------- Unhide superhidden for F:\ ---------------------------------------- dra-- F:\RECYCLER > unhidden dra-- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 > unhidden --a-- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini > unhidden -ra-- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe > unhidden -ra-- F:\autorun.inf > unhidden ---------------------------------------- Dopuna: 22 Nov 2010 23:32 Samo da dodam da sam ti uplodovao Quarantine.rar

Profil

1l padr1n0 Poslao: 23 Nov 2010 16:06 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 - Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje. - Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj. - Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `{6c68e86a-3886-11de-9665-0013d3f02825} f_delete:%DRIVE%autorun.inf f_delete:%DRIVE%RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini f_delete:%DRIVE%RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe folder_list:%DRIVE%` - Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci. Nakon ovog postupka izvadi USB mem. uredjaj i nemoj ga vise prikljucivati dok ti to ne zatrazim. Korak 2 Obrisi sledeci folder sa racunara: c:\program files\Microsoft Ukoliko ne mozes da ga izbrises klasicnom Delete opcijom, obavesti me koju ti gresku izbacuje goran9888 (AMF Tim)

Profil

coconut8 Poslao: 23 Nov 2010 17:03 Idi na vrh
offline coconut8 Građanin Pridružio: 22 Nov 2010 Poruke: 31	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pri pokusaju brisanja c:\program files\Microsoft mi se javlja poruka: Cannot delete WaterMark.exe it is used by another person or program. Inace, Firefox i IE uopste ne funkcionisu, koristim chrome. USBNoRisk 2.6 (08 September 2010) by bobby Started at 11/23/2010 4:58:07 PM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {aa90afc3-388f-11de-97c2-806d6172696f} D: {aa90afc4-388f-11de-97c2-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No autorun.inf files found on C: No mountpoint found for C: No mountpoint found for aa90afc3-388f-11de-97c2-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No autorun.inf files found on D: No mountpoint found for D: No mountpoint found for aa90afc4-388f-11de-97c2-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 11/23/2010 4:58:39 PM Scanning for connected USB mass storage... ---------------------------------------- F: {6c68e86a-3886-11de-9665-0013d3f02825} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No autorun.inf files found on F: No mountpoint found for 6c68e86a-3886-11de-9665-0013d3f02825 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== Processing script ---------------------------------------- 6c68e86a-3886-11de-9665-0013d3f02825 Drive letter for GUID: F: SectionStart = 0 SectionEnd = 4 f_delete: F:\autorun.inf > File does not exist! f_delete: file "F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini" deleted successfully f_delete: file "F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe" deleted successfully ---------------------------------------- Folder list for F:\: ---------------------------------------- `dra-- 0 F:\RECYCLER F:\RECYCLER` ----------------------------------------

Profil

1l padr1n0 Poslao: 23 Nov 2010 17:25 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Instaliraj program MCShield. Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/ Korak 2 Otvoriti Notepad i iskopirati sledeci tekst: `Folder:: c:\program files\Microsoft` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Recycler virus

Ko je trenutno na forumu

Ukupno su 818 korisnika na forumu :: 6 registrovanih, 1 sakriven i 811 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: AMCXXL, bladesu, Koridor, M1los, MB120mm, Vlajman1957

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by