MyCity » Ambulanta -> Arhiva Ambulante » Win Defender 2009 (ili ko zna šta)?

Win Defender 2009 (ili ko zna šta)?

Napisano na dan: 6.12.2008

Win Defender 2009 (ili ko zna šta)?

Sledeća strana

Pagination

Odgovori

Dusan Poslao: 06 Dec 2008 20:26 Idi na vrh
offline Dusan SuperModerator Supermoderator opštih foruma Pridružio: 26 Jul 2006 Poruke: 11118	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Snašlo me neko čudo... Komp je počeo da se čudno ponaša i radi po svome... Otvara IE, nudi na silu neki Win Defender 2009. Skeniranjem,Malwarebytes' Anti-Malware 1.31 otkrio je brdo gamadi . Uklonio sam to što je našao [url=https://www.mycity.rs/must-login.png(izveštaj)[/url], no klikom na MyComp/C/bilo koji folder... pri "povratku" izbacuje "Warning!" upozorenje: ... pokreće IE i nudi taj WinDefender2009.exe... (sa adrese: 91.203.93.26) i pri tome nudi neki antispajver program. Uporno odbijam, no on... Još ću se zapetljati u objašnjavanju - evo HJT loga Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:53:32, on 6.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\eagle2.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Gigabyte\Gigabyte GN-WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig61.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\FREEDO~1\fdm.exe C:\Documents and Settings\Dušan\Desktop\Nova fascikla\napad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mycity.rs R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.mycity.rs R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.mycity.rs R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: LopeNinja - {93811B7D-621D-4230-A7D2-851BF93CBBAF} - C:\WINDOWS\system32\gzo.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTorr.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [BigDog302] C:\WINDOWS\eagle2.EXE Vimicro USB PC Camera (ZC0302) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: GN-WP01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig61.exe O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Preuzmi sa Free Download Managerom - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlall.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - https://online.bancaintesabeograd.com/RetailDLL/FSINT.dll O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://ns.zigns.rs/ActiveX/mgaxctrl.cab O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - https://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL O16 - DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} (FileInterface Class) - https://online.bancaintesabeograd.com/RetailDLL/FSINT.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{7D8B4217-E8FB-4B29-B941-1F2BF1C9B129}: NameServer = 195.252.109.4 194.106.162.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe -- End of file - 7308 bytes

Profil

bobby Poslao: 06 Dec 2008 20:28 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo Dule Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Dusan Poslao: 06 Dec 2008 20:46 Idi na vrh
offline Dusan SuperModerator Supermoderator opštih foruma Pridružio: 26 Jul 2006 Poruke: 11118	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo i tebi... Hvala ti na smešku kojim hoćeš da me ohrabriš, no i dalje mi nije toplo oko srca... ComboFix 08-12-06.03 - Dušan 2008-12-06 20:33:27.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.248 [GMT 1:00] Running from: d:\svaštara ii\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 ))))))))))))))))))))))))))))))) . 2008-12-06 16:51 . 2008-12-06 16:51 102,400 --a------ c:\windows\system32\gzo.dll 2008-12-04 15:34 . 2008-12-04 15:34 <DIR> d-------- c:\documents and settings\Dušan\Application Data\Songbird2 2008-12-04 15:34 . 2008-12-04 15:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\SongbirdVLC 2008-12-02 20:09 . 2008-12-02 20:09 <DIR> d-------- c:\program files\Auslogics 2008-11-27 11:49 . 2008-11-27 11:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-23 00:17 . 2008-11-23 00:17 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-11 22:51 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-11 22:50 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-06 10:01 . 2008-11-06 10:01 <DIR> d-------- c:\program files\ConvertHelper 2008-11-06 09:51 . 2008-11-06 09:51 <DIR> d-------- c:\windows\Applian FLV Player 2008-11-06 09:51 . 2008-11-28 19:39 <DIR> d-------- c:\program files\FLV Player . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-06 19:31 --------- d-----w c:\documents and settings\Dušan\Application Data\Free Download Manager 2008-12-06 15:13 --------- d-----w c:\program files\WinASO 2008-12-05 21:48 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-12-04 15:25 --------- d-----w c:\program files\XoftSpySE 2008-12-04 11:27 --------- d-----w c:\program files\Weather Watcher 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-11-30 18:11 --------- d-----w c:\documents and settings\Dušan\Application Data\foobar2000 2008-11-29 19:09 --------- d-----w c:\documents and settings\Dušan\Application Data\ACD Systems 2008-11-27 10:46 --------- d-----w c:\documents and settings\Dušan\Application Data\POP Peeper 2008-11-26 23:27 --------- d-----w c:\documents and settings\Dušan\Application Data\Skype 2008-11-26 23:23 --------- d-----w c:\documents and settings\Dušan\Application Data\skypePM 2008-11-26 17:42 --------- d-----w c:\documents and settings\Dušan\Application Data\uTorrent 2008-11-22 23:17 --------- d-----w c:\program files\Java 2008-11-14 10:13 --------- d-----w c:\program files\Common Files\Adobe 2008-11-14 07:54 --------- d-----w c:\program files\Mozilla Thunderbird 2008-11-12 17:26 --------- d-----w c:\program files\POP Peeper 2008-11-03 00:22 --------- d-----w c:\documents and settings\Dušan\Application Data\Media Player Classic 2008-11-03 00:15 --------- d-----w c:\documents and settings\Dušan\Application Data\Thinstall 2008-10-26 13:36 --------- d-----w c:\program files\Readon Technology 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-18 23:42 --------- d-----w c:\program files\CDBurnerXP 2008-10-18 23:42 --------- d-----w c:\documents and settings\Dušan\Application Data\Canneverbe_Limited 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-10 23:19 --------- d-----w c:\program files\SpeedFan 2008-10-07 06:49 --------- d-----w c:\program files\MSN Messenger 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-02-16 23:38 32 ------w c:\documents and settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93811B7D-621D-4230-A7D2-851BF93CBBAF}] 2008-12-06 16:51 102400 --a------ c:\windows\system32\gzo.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BigDog302"="c:\windows\eagle2.EXE" [2005-04-30 49152] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-23 136600] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-05 185872] "SoundMan"="SOUNDMAN.EXE" [2002-10-16 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ GN-WP01GS Utility.lnk - c:\program files\Gigabyte\Gigabyte GN-WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig61.exe [2008-02-16 716800] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "VIDC.ZDSV"= scrvid.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Dušan^Start Menu^Programs^Startup^Pravoslavac 2008.lnk] backup=c:\windows\pss\Pravoslavac 2008.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Dušan^Start Menu^Programs^Startup^TempCleaner.lnk] backup=c:\windows\pss\TempCleaner.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Dušan^Start Menu^Programs^Startup^Xcalday.lnk] backup=c:\windows\pss\Xcalday.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager] --------- 2008-02-13 18:02 2453551 c:\program files\Free Download Manager\fdm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2004-02-18 18:55 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 04:42 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --------- 2007-01-19 12:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] --------- 2007-12-14 10:36 50472 c:\program files\CyberLink\PowerDVD8\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] --------- 2008-03-20 19:23 83240 c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -r------- 2008-02-01 17:22 21898024 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag] --a------ 2008-04-09 14:11 1758464 c:\program files\IObit\IObit SmartDefrag\IsdNew.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\INSTALACIJE\\utorrent\\utorrent.exe"= "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-30 111184] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-30 20560] R2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\instalacije\HWiNFO32\HWiNFO32.SYS [2008-11-02 15976] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\DRIVERS\RMSPPPOE.SYS [2008-04-18 33792] R3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys [2006-12-27 9006] R3 ZSMC302;Vimicro USB PC Camera (ZC0302);c:\windows\system32\Drivers\usbVM302.sys [2008-02-16 389492] S0 rseb;rseb; [] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"c:\program files\MSN Messenger\usnsvc.exe" [2007-01-19 97136] Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-12-06 c:\windows\Tasks\XoftSpySE 2.job - c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 14:44] 2008-12-01 c:\windows\Tasks\XoftSpySE.job - c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 14:44] . . ------- Supplementary Scan ------- . uStart Page = www.mycity.rs mStart Page = www.mycity.rs IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Preuzmi odabrano Free Download Manager-om - file://c:\program files\Free Download Manager\dlselected.htm IE: Preuzmi sa Free Download Managerom - file://c:\program files\Free Download Manager\dllink.htm IE: Preuzmi sve sa Free Download Manager-om - file://c:\program files\Free Download Manager\dlall.htm TCP: {7D8B4217-E8FB-4B29-B941-1F2BF1C9B129} = 195.252.109.4 194.106.162.2 c:\windows\Downloaded Program Files\FSINT.dll - O16 -: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll c:\windows\Downloaded Program Files\SGCMSCCD.DLL - O16 -: {76326493-E84F-4D4B-939C-1E07B50037F2} hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL c:\windows\Downloaded Program Files\CONFLICT.1\FSINT.dll - O16 -: {A7C346A3-B076-46B3-97F0-D00F6B479451} hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll FireFox -: Profile - c:\documents and settings\Dušan\Application Data\Mozilla\Firefox\Profiles\ump7t4am.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329536&SearchSource=3&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://speeddial/content/speeddial.xul . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-06 20:36:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-12-06 20:38:06 ComboFix-quarantined-files.txt 2008-12-06 19:37:32 Pre-Run: 3.232.878.592 bytes free Post-Run: 3,220,135,936 bytes free 173 --- E O F --- 2008-11-13 09:35:47 p.s. Ne znam koliko je bitno, no u jednom momentu (dok je program radio) računar se diskonektovao na momenat sa net-a (jako kratko)...

Profil

bobby Poslao: 06 Dec 2008 20:57 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ocekivano je da na trenutak prekine konekciju, nemoj da se sekiras Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\gzo.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93811B7D-621D-4230-A7D2-851BF93CBBAF}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Dusan Poslao: 06 Dec 2008 21:10 Idi na vrh
offline Dusan SuperModerator Supermoderator opštih foruma Pridružio: 26 Jul 2006 Poruke: 11118	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-12-06.03 - Dušan 2008-12-06 20:59:51.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.236 [GMT 1:00] Running from: d:\svaštara ii\ComboFix.exe Command switches used :: d:\svaštara ii\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\windows\system32\gzo.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\gzo.dll . ((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 ))))))))))))))))))))))))))))))) . 2008-12-04 15:34 . 2008-12-04 15:34 <DIR> d-------- c:\documents and settings\Dušan\Application Data\Songbird2 2008-12-04 15:34 . 2008-12-04 15:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\SongbirdVLC 2008-12-02 20:09 . 2008-12-02 20:09 <DIR> d-------- c:\program files\Auslogics 2008-11-27 11:49 . 2008-11-27 11:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-23 00:17 . 2008-11-23 00:17 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-11 22:51 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-11 22:50 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-06 10:01 . 2008-11-06 10:01 <DIR> d-------- c:\program files\ConvertHelper 2008-11-06 09:51 . 2008-11-06 09:51 <DIR> d-------- c:\windows\Applian FLV Player 2008-11-06 09:51 . 2008-11-28 19:39 <DIR> d-------- c:\program files\FLV Player . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-06 19:31 --------- d-----w c:\documents and settings\Dušan\Application Data\Free Download Manager 2008-12-06 15:13 --------- d-----w c:\program files\WinASO 2008-12-05 21:48 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-12-04 15:25 --------- d-----w c:\program files\XoftSpySE 2008-12-04 11:27 --------- d-----w c:\program files\Weather Watcher 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-11-30 18:11 --------- d-----w c:\documents and settings\Dušan\Application Data\foobar2000 2008-11-29 19:09 --------- d-----w c:\documents and settings\Dušan\Application Data\ACD Systems 2008-11-27 10:46 --------- d-----w c:\documents and settings\Dušan\Application Data\POP Peeper 2008-11-26 23:27 --------- d-----w c:\documents and settings\Dušan\Application Data\Skype 2008-11-26 23:23 --------- d-----w c:\documents and settings\Dušan\Application Data\skypePM 2008-11-26 17:42 --------- d-----w c:\documents and settings\Dušan\Application Data\uTorrent 2008-11-22 23:17 --------- d-----w c:\program files\Java 2008-11-14 10:13 --------- d-----w c:\program files\Common Files\Adobe 2008-11-14 07:54 --------- d-----w c:\program files\Mozilla Thunderbird 2008-11-12 17:26 --------- d-----w c:\program files\POP Peeper 2008-11-03 00:22 --------- d-----w c:\documents and settings\Dušan\Application Data\Media Player Classic 2008-11-03 00:15 --------- d-----w c:\documents and settings\Dušan\Application Data\Thinstall 2008-10-26 13:36 --------- d-----w c:\program files\Readon Technology 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-18 23:42 --------- d-----w c:\program files\CDBurnerXP 2008-10-18 23:42 --------- d-----w c:\documents and settings\Dušan\Application Data\Canneverbe_Limited 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-10 23:19 --------- d-----w c:\program files\SpeedFan 2008-10-07 06:49 --------- d-----w c:\program files\MSN Messenger 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-02-16 23:38 32 ------w c:\documents and settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BigDog302"="c:\windows\eagle2.EXE" [2005-04-30 49152] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-23 136600] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-05 185872] "SoundMan"="SOUNDMAN.EXE" [2002-10-16 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ GN-WP01GS Utility.lnk - c:\program files\Gigabyte\Gigabyte GN-WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig61.exe [2008-02-16 716800] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "VIDC.ZDSV"= scrvid.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Dušan^Start Menu^Programs^Startup^Pravoslavac 2008.lnk] backup=c:\windows\pss\Pravoslavac 2008.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Dušan^Start Menu^Programs^Startup^TempCleaner.lnk] backup=c:\windows\pss\TempCleaner.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Dušan^Start Menu^Programs^Startup^Xcalday.lnk] backup=c:\windows\pss\Xcalday.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager] --------- 2008-02-13 18:02 2453551 c:\program files\Free Download Manager\fdm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2004-02-18 18:55 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 04:42 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --------- 2007-01-19 12:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] --------- 2007-12-14 10:36 50472 c:\program files\CyberLink\PowerDVD8\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] --------- 2008-03-20 19:23 83240 c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -r------- 2008-02-01 17:22 21898024 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag] --a------ 2008-04-09 14:11 1758464 c:\program files\IObit\IObit SmartDefrag\IsdNew.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\INSTALACIJE\\utorrent\\utorrent.exe"= "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-30 111184] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-30 20560] R2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\instalacije\HWiNFO32\HWiNFO32.SYS [2008-11-02 15976] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\DRIVERS\RMSPPPOE.SYS [2008-04-18 33792] R3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys [2006-12-27 9006] R3 ZSMC302;Vimicro USB PC Camera (ZC0302);c:\windows\system32\Drivers\usbVM302.sys [2008-02-16 389492] S0 rseb;rseb; [] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"c:\program files\MSN Messenger\usnsvc.exe" [2007-01-19 97136] Newly Created Service - CATCHME Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-12-06 c:\windows\Tasks\XoftSpySE 2.job - c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 14:44] 2008-12-01 c:\windows\Tasks\XoftSpySE.job - c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 14:44] . . ------- Supplementary Scan ------- . uStart Page = www.mycity.rs mStart Page = www.mycity.rs IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Preuzmi odabrano Free Download Manager-om - file://c:\program files\Free Download Manager\dlselected.htm IE: Preuzmi sa Free Download Managerom - file://c:\program files\Free Download Manager\dllink.htm IE: Preuzmi sve sa Free Download Manager-om - file://c:\program files\Free Download Manager\dlall.htm TCP: {7D8B4217-E8FB-4B29-B941-1F2BF1C9B129} = 195.252.109.4 194.106.162.2 c:\windows\Downloaded Program Files\FSINT.dll - O16 -: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll c:\windows\Downloaded Program Files\SGCMSCCD.DLL - O16 -: {76326493-E84F-4D4B-939C-1E07B50037F2} hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL c:\windows\Downloaded Program Files\CONFLICT.1\FSINT.dll - O16 -: {A7C346A3-B076-46B3-97F0-D00F6B479451} hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll FireFox -: Profile - c:\documents and settings\Dušan\Application Data\Mozilla\Firefox\Profiles\ump7t4am.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329536&SearchSource=3&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://speeddial/content/speeddial.xul . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-06 21:02:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-12-06 21:04:02 ComboFix-quarantined-files.txt 2008-12-06 20:03:29 ComboFix2.txt 2008-12-06 19:38:09 Pre-Run: 3.263.590.400 bytes free Post-Run: 3,250,319,360 bytes free 179 --- E O F --- 2008-11-13 09:35:47

Profil

bobby Poslao: 06 Dec 2008 21:13 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jesi li proverio da li sada sve radi kako treba?

Profil

Dusan Poslao: 06 Dec 2008 21:16 Idi na vrh
offline Dusan SuperModerator Supermoderator opštih foruma Pridružio: 26 Jul 2006 Poruke: 11118	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Auhh, posle silnog "preznojavanja" sad može kez (da nemam uši smejao bih se oko glave... ). Nema više predhodno spominjanih problema... p.s. A šta me je to snašlo...

Profil

bobby Poslao: 06 Dec 2008 21:22 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ma, pun je internet ti laznih anti-virus programa koji ti navodno nadju 20 infekcija na kompjuteru i traze ti 20-30 evrica ako hoces da ti navodno ociste komp. Ta cuda obicno uvaljuju preko reklama na sajtovima. Pre nego sto se ucita reklama koja je linkovana sa pitaj-Boga kog servera na netu, prvo ti injektuju ovo cudo u komp. Nazalost, internet je prepun ljudi koji pristaju na stavljanje svakojakih reklama na sajt, ne bi li zaradili neku lovu, a pogodi ko ce prvi da ti ponudi neku lovi da stavis njegov baner? I ja za svoja dva sajta svaki dan dobijem barem po jednu takvu ponudu... Hajmo sada da deinstaliramo ComboFix: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

Dusan Poslao: 06 Dec 2008 21:29 Idi na vrh
offline Dusan SuperModerator Supermoderator opštih foruma Pridružio: 26 Jul 2006 Poruke: 11118	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ende... Hvala

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Win Defender 2009 (ili ko zna šta)?

Ko je trenutno na forumu

Ukupno su 1207 korisnika na forumu :: 36 registrovanih, 10 sakrivenih i 1161 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, aramis s, Buzdovan, Denaya, Dimitrise93, DonRumataEstorski, dragoljub11987, Dukelander, FOX, Georgius, ivica976, Karla, kunktator, kybonacci, ladro, Milometer, Mixelotti, nemkea71, Pakito93, Petarvu, RJ, royst33, sasa76, Shinobi, Sirius, slonic_tonic, solic, Srle993, stegonosa, Tvrtko I, vathra, vukovi, wolverined4, zziko, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by