Virus sa Fejsa

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Juče mi je drugarica u poruci na fb poslala link...kliknula za update Adobe Flash Player...i tada mi se pojavila neka animacija- Goodbye! Malwarebytes Anti-Malware je registrovao Trojance...uključila sam potpuno skeniranje, našao je 25 zaraženih datoteka, ali nisam mogla da ih izbrišem...Od tada je sve počelo da mi blokira. Ne mogu da pokrenem ni jedan antivirus program ( Avast, Avira, Malware), piše Windows cannot access specified device, path, or file......dalje...ne mogu da pristupim fejsu, a za većinu sajtova me prebaci na Tube Downloader ili neki sajt sa automobilima...Pokušala sam da ga skeniram sa Hijack This ali, započne skeniranje i nestane ceo program, kasnije ne mogu da ga pokrenem... E toliko od mene...
Ako neko može da mi pomogne...neka se javi! Pliz!!!

• 2Ovo se svidja korisnicima: bobo 75, mcrule
  
  Registruj se da bi pohvalio/la poruku!

Pozdrav, Kostolomka

Postoji odgovarajuća procedura koju moraš ispoštovati kako bi ti pomogli

Postavi neophodne izveštaje (logove) po ovom uputstvu:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Upomoć! Uputstva koja ste mi dali, da pokrenem GMER nisam uspela. Komp je reagovao isto kao i za Malware, skenirao je par minuta i sve je u trenutku nestalo...komp se zablokirao, da tako kažem, nisam mogla ni kursor miša da upotrebim, pa sam ga ugasila...kasnije sam ponovila...skinula Gmer, počela skeniranje i opet isto. Šta da radim? Još uvek ne mogu na fb i još uvek mi prebacuje na ...onaj sajt.

• 2Ovo se svidja korisnicima: bobo 75, mcrule
  
  Registruj se da bi pohvalio/la poruku!

Pozdrav, Kostolomka

Pažljivo pročitaj uputstvo koje sam ti dao. Tamo piše sledeće:

"U slučaju da gornji program ne radi stabilno (ili uopšte) na vašem računaru, kao alternativu možete koristiti RootRepeal."

Dakle, pošto ti GMER ne radi stabilno, postavi RootRepeal izveštaj, prema datom uputstvu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Jelena at 16:30:36 on 2011-07-25
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3580.2515 [GMT 2:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Jelena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Jelena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: QuickTime: {d4704207-c86b-4811-951e-6f322f9cede7} - c:\users\jelena\appdata\locallow\quicktime\ie\QuickTime.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Google Update] "c:\users\jelena\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [tray_ico]
mRun: [tray_ico1]
mRun: [tray_ico2]
mRun: [tray_ico3]
mRun: [tray_ico4]
mRun: [sysdriver32.exe] "c:\windows\sysdriver32.exe" rezerv
mRun: [sysdriver32_.exe] "c:\windows\sysdriver32_.exe" rezerv
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9BA835CD-B36C-4C98-8D7B-D07AD2EBF952} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ABCD58D1-C4EA-411F-B4E9-21EC55D4D2B6} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-24 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-24 309848]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-4 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-24 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-24 54104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-24 22712]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-5-31 167936]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-24 42184]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-5-31 8192]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-24 366640]
S2 QuickTimeUpdater;QuickTime Updater;c:\users\jelena\appdata\locallow\quicktime\ie\QuickTimeUpdater.exe [2011-7-12 20480]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
.
=============== Created Last 30 ================
.
2011-07-24 16:49:21 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-24 16:49:17 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-24 16:49:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-24 16:22:30 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-24 16:22:29 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-24 16:22:22 40112 ----a-w- c:\windows\avastSS.scr
2011-07-24 16:06:11 -------- d-----w- c:\windows\system32\appmgmt
2011-07-24 14:44:27 -------- d-----w- c:\programdata\AVSoftware
2011-07-24 14:44:25 -------- d-----w- c:\program files\UnThreat AntiVirus
2011-07-24 14:43:47 -------- d-----w- c:\users\jelena\appdata\local\PackageAware
2011-07-24 14:11:29 -------- d-----w- c:\programdata\Alwil Software
2011-07-24 13:34:23 -------- d-----w- c:\programdata\AVAST Software
2011-07-24 13:34:23 -------- d-----w- c:\program files\AVAST Software
2011-07-24 13:02:45 -------- d--h--w- c:\windows\update.5.0
2011-07-24 12:54:58 -------- d--h--w- c:\windows\update.3
2011-07-24 12:53:33 -------- d--h--w- c:\windows\update.2
2011-07-24 12:48:52 246272 ----a-w- c:\windows\unrar.exe
2011-07-24 12:45:16 -------- d-----w- c:\windows\av_ico
2011-07-24 12:44:14 -------- d--h--w- c:\windows\update.1
2011-07-24 12:44:11 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-24 12:44:11 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-10 11:57:34 -------- d-----w- c:\program files\Recnik20
2011-07-05 09:17:25 -------- d-----w- c:\users\jelena\appdata\local\Microsoft Games
2011-07-02 15:19:38 -------- d-----w- c:\program files\FinalWire
.
==================== Find3M ====================
.
2011-05-31 16:26:41 431672 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-31 16:15:43 0 ----a-w- c:\windows\ativpsrm.bin
2011-05-31 16:09:24 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-05-24 17:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 16:31:02.76 ===============

mycity.rs/must-login.png


Root Repeal je prilikom pokretanja skeniranja izbacivao ERROR
mycity.rs/must-login.png
Izvinite što vas maltretiram...ali šta ću kad nemam pojma o ovome...

• 2Ovo se svidja korisnicima: bobo 75, mcrule
  
  Registruj se da bi pohvalio/la poruku!

Pozdrav

Probaćemo onda sa ovim:


Preuzmi Rootkit Unhooker na Desktop.

Dvoklikom pokreni program;

odaberi Report karticu;

klikni Scan i u prozoru koji se otvori štrikliraj stavke:

SSDT
Shadow SSDT
Processes
Drivers
Stealth Code
Files
Code Hooks
klikni OK i sačekaj završetak skeniranja.

Kada skeniranje bude završeno, klikni File > Save Report i sačuvaj izveštaj.

Izveštaj programa Rootkit Unhooker priloži uz poruku korišćenjem opcije Prikači fajl.


I bez brige, nema maltretiranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png

• 2Ovo se svidja korisnicima: bobo 75, mcrule
  
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 11-07-31.02 - Jelena 07/31/2011 11:52:09.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3580.2616 [GMT 2:00]
Running from: c:\users\Jelena\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB17200$
c:\windows\$NtUninstallKB17200$\2957264121
c:\windows\7Loader.TAG
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\update.1
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.3
c:\windows\update.5.0
c:\windows\w_distrib_iplist.txt
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 09:57 . 2011-07-31 09:58 -------- d-----w- c:\users\Jelena\AppData\Local\temp
2011-07-31 09:57 . 2011-07-31 09:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-30 22:56 . 2011-07-31 09:41 44560 --sha-w- c:\windows\system32\c_11862.nl_
2011-07-27 15:00 . 2011-07-27 15:00 -------- d--h--w- c:\windows\PIF
2011-07-24 16:49 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-24 16:49 . 2011-07-24 16:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-24 16:49 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-24 16:22 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-24 16:22 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-24 16:22 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-24 16:22 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-24 16:22 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-24 16:22 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-24 16:22 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-24 16:22 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-24 14:44 . 2011-07-24 14:44 -------- d-----w- c:\programdata\AVSoftware
2011-07-24 14:44 . 2011-07-24 16:09 -------- d-----w- c:\program files\UnThreat AntiVirus
2011-07-24 14:43 . 2011-07-24 14:43 -------- d-----w- c:\users\Jelena\AppData\Local\PackageAware
2011-07-24 14:11 . 2011-07-24 16:06 -------- d-----w- c:\programdata\Alwil Software
2011-07-24 14:11 . 2011-07-24 14:11 -------- d-----w- c:\program files\Alwil Software
2011-07-24 13:34 . 2011-07-24 13:34 -------- d-----w- c:\programdata\AVAST Software
2011-07-24 13:34 . 2011-07-24 13:34 -------- d-----w- c:\program files\AVAST Software
2011-07-24 12:48 . 2011-07-24 12:48 246272 ----a-w- c:\windows\unrar.exe
2011-07-24 12:45 . 2011-07-24 12:45 -------- d-----w- c:\windows\av_ico
2011-07-24 12:44 . 2011-07-24 13:26 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-24 12:44 . 2011-07-24 13:26 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-12 15:46 . 2011-07-12 15:46 -------- d-----w- c:\program files\Microsoft Silverlight
2011-07-10 11:57 . 2011-07-10 11:57 -------- d-----w- c:\program files\Recnik20
2011-07-05 09:17 . 2011-07-06 14:13 -------- d-----w- c:\users\Jelena\AppData\Local\Microsoft Games
2011-07-02 15:19 . 2011-07-02 15:19 -------- d-----w- c:\program files\FinalWire
2011-07-01 22:19 . 2011-07-01 22:19 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-31 16:26 . 2011-05-31 16:26 431672 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-31 16:09 . 2011-05-31 16:09 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-05-24 17:14 . 2011-05-31 16:34 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 17:12 . 2011-05-31 16:34 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45A24FB3-28D2-48F1-8A7E-D777F899C08B}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4704207-C86B-4811-951E-6F322F9CEDE7}]
2011-07-12 16:16 270336 ----a-w- c:\users\Jelena\AppData\LocalLow\QuickTime\IE\QuickTime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 17093512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-18 8192]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 QuickTimeUpdater;QuickTime Updater;c:\users\Jelena\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe [2011-07-12 20480]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-546552769-2391818124-2777313086-1000Core.job
- c:\users\Jelena\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 18:44]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-546552769-2391818124-2777313086-1000UA.job
- c:\users\Jelena\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 18:44]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\mcsimgx2.default\
FF - prefs.js: browser.startup.homepage - google.rs
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
MSConfigStartUp-74526773-loader2 - c:\windows\Temp\74526773-loader2.exe
MSConfigStartUp-8728320 - c:\windows\Temp\8728320.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-31 12:00:05
ComboFix-quarantined-files.txt 2011-07-31 10:00
.
Pre-Run: 6,063,599,616 bytes free
Post-Run: 6,313,312,256 bytes free
.
- - End Of File - - 0892082C03A72816090FE0E12BC0C0FA

• 2Ovo se svidja korisnicima: bobo 75, mcrule
  
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\unrar.exe
c:\windows\system32\c_11862.nl_

Folder::
c:\windows\av_ico
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.