MyCity » Ambulanta -> Arhiva Ambulante » glupi smajliji

glupi smajliji

Napisano na dan: 7.8.2008

glupi smajliji
Sledeća strana Pagination

Idi na vrh

Poslao: 07 Avg 2008 18:30
Idi na vrh
offline
  • Pridružio: 07 Avg 2008
  • Poruke: 2528
  • Gde živiš: VII kat

Logfile of HijackThis v1.99.1
Scan saved at 18:15:42, on 7.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAB4LAK.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tebza\Desktop\Valjda radi\TR3.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - Global Startup: Canon LBP2900 Status Window.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAB4LAK.EXE
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.02\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.02\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe





Pozdrav,
uf, ne znam odakle da pocnem. Unapred se izvinjavam sto je ovaj post malo duzi. Prvo, meni je poodavno istekla pretplata na neki ez antivirus i ja bas nisam mnogo obracala paznju na to. Onda sam pre pet, sest dana nasela na smileycentral i aktivirala onaj nesretni toolbar mywebsearch ili kako vec bese. A sve vreme mislim u sebi nemoj to da radis, nemoj ali sta cu, svi smo po malo autodestruktivni...
I kada sam se izigrala smajlijima posle dan, dva resim da proverim sta sam to skinula, i imam sta da vidim, svi redom pisu o tome kako je to cudo puno raznih zaraza. Prvo uninstall-iram to cudo preko control panell-a i onda resim da skinem spyware terminator i antivirus sa njim ( i sada mi i dalje nije jasno da li je to bila velika greska broj dva ili ne?) I kada je odskenirao sve javi da imam dva, valjda, virusa:

C\Program Files\Uninstal Funweb Products.dll
Documents & Settings\Tebza\Local settings\Temporary Internet Files\Content.IE5\KXER4RMD\Smiley Central FWP\Setup 1.0.1.0.[1].exe

Otprilike tako, to sam zapisala pa sad prekucavam. I obrise ih. Onda resim da restartujem windowse na raniji datum, racunam nece da skodi, ali sam tu opet zabrljala I vise puta restartovala na razlicite datume ne secam se vise ni zasto. Sledeceg dana vidim da mi je instaliran neki crawler toolbar tako nekako, odlucim da se resim toga, nemam pojma kao je dospelo na comp. Onda shvatim da je to doslo sa terminatorom pa resim da uninstall-iram i spyware terminator-a ali on se tu nesto bas nije dao, pa onda ni explorer ni firefox ni outlook nece da se povezu na internet a veza je normalno uspostavljena, opet restartujem komp na neki drugi datum, nema terminatora, rade svi programi i onda skinem AVG. I posle tri sata (jos imam dial up) i jos sat i nesto skeniranja ima sta i da mi javi. I sta sada da radim, el moje stanje opasno, el ima neke pomoci? Comp se inace sada savrseno normalno ponasa, ali se ja plasim da ce iz cista mira da se zablesavi. Ranije nisam imala nikakve probleme (a da sam bila svesna njih) osim sto je internet explorer voleo da se zamrzne obicno kad ne treba.
Izmedju drugog I treceg skeniranja AVG-om sam slusajuci neciji savet pokrenula i ComboFix nadam se da to nije bio pogresan potez, svakako je bio ocajnicki. Sve te izvestaje uredno prilazem. I onda sam saznala za ovaj forum.
Uz sve te peripetije ja sam i svasta nesto skidala sa neta, preko www.download.com valjda je to sve uredu.
Pretpostavljam da se oni koji ovo citaju mrste i razmisljaju nema ovoj pomoci, ali uveravam vas da nisam potpuni debil i da cu pazljivo slediti sva uputstva, tj. necete se nervirati zbog mene. Stariji brat mi je na vreme citirao nekog svog omiljenog autora iz pc press-a, koji je savetovao svoje citaoce da ne rade ne secam se sta “da se posle ne bi pitali zasto je benzin tako skup” ja se nadam da cu se samo pitati sto je internet tako spor, da ce me neko savetovati online i da necu morati da nosim comp negde na reinstalaciju windowsa ili nesto jos gore. Hvala unapred na svakoj pomoci.

Prvo skeniranje AVG-a

Scan "Scan whole computer" was finished.
Infections found:;"1"
Infected objects removed or healed:;"1"
Not removed or healed:;"0"
Spyware found:;"1"
Spyware removed:;"1"
Not removed:;"0"
Warnings count:;"0"
Information count:;"0"
Scan started:;"7. август 2008, 5:31:26"
Scan finished:;"7. август 2008, 6:30:00 (58 minute(s) 33 second(s))"
Total object scanned:;"535037"
User who launched the scan:;"Tebza"

Infections
File;"Infection";"Result"
C:\Documents and Settings\Tebza\Local Settings\Temp\wJQs.exe;"Virus found Pakes";"Moved to Virus Vault"

Spyware
File;"Infection";"Result"
C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll;"Adware Generic.VRD";"Moved to Virus Vault"

Warnings
File;"Infection";"Result"
C:\Documents and Settings\Tebza\Cookies\tebza@2o7[2].txt;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@2o7[2].txt:\2o7.net.e7e7d917;"Found Tracking cookie.2o7";"Moved to Virus Vault"
HKLM\SOFTWARE\Classes\Interface\{7529153F-4EA9-4C50-830A-7504B9274C67};"Found Adware.CoolWebSearch";"Moved to Virus Vault"


I onda jos jedan izvestaj

Scan "Scheduled scan" was finished.
Infections found:;"0"
Infected objects removed or healed:;"0"
Not removed or healed:;"0"
Spyware found:;"1"
Spyware removed:;"1"
Not removed:;"0"
Warnings count:;"0"
Information count:;"0"
Scan started:;"7. август 2008, 12:00:01"
Scan finished:;"7. август 2008, 13:41:45 (1 hour(s) 41 minute(s) 43 second(s))"
Total object scanned:;"633820"
User who launched the scan:;"SYSTEM"

Spyware
File;"Infection";"Result"
C:\System Volume Information\_restore{B397DAF7-7D6A-451E-865B-08F52A5CA114}\RP324\A0059534.dll;"Adware Generic.VRD";"Moved to Virus Vault"

Warnings
File;"Infection";"Result"
C:\Documents and Settings\Tebza\Cookies\tebza@atdmt[2].txt;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@atdmt[2].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@revsci[2].txt;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@revsci[2].txt:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@revsci[2].txt:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@revsci[2].txt:\revsci.net.55564293;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@revsci[2].txt:\revsci.net.e9dbeb91;"Found Tracking cookie.Revsci";"Moved to Virus Vault"

I najsveziji

Scan "Scan whole computer" was finished.
Infections found:;"0"
Infected objects removed or healed:;"0"
Not removed or healed:;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"0"
Information count:;"0"
Scan started:;"7. август 2008, 14:52:30"
Scan finished:;"7. август 2008, 15:44:29 (51 minute(s) 58 second(s))"
Total object scanned:;"524591"
User who launched the scan:;"Tebza"

Warnings
File;"Infection";"Result"
C:\Documents and Settings\Tebza\Cookies\tebza@ad.yieldmanager[2].txt;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@ad.yieldmanager[2].txt:\ad.yieldmanager.com.e762f029;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@bs.serving-sys[2].txt;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@doubleclick[2].txt;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@doubleclick[2].txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@fastclick[1].txt;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@fastclick[1].txt:\fastclick.net.57e8da10;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@fastclick[1].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@fastclick[1].txt:\fastclick.net.fac3d6f0;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@questionmarket[1].txt;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@questionmarket[1].txt:\questionmarket.com.3eb5a9f1;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@questionmarket[1].txt:\questionmarket.com.4dd5e426;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@questionmarket[1].txt:\questionmarket.com.767e4302;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@serving-sys[2].txt;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@serving-sys[2].txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@serving-sys[2].txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@serving-sys[2].txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@serving-sys[2].txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@serving-sys[2].txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@serving-sys[2].txt:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@statcounter[1].txt;"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
C:\Documents and Settings\Tebza\Cookies\tebza@statcounter[1].txt:\statcounter.com.2d32c3b;"Found Tracking cookie.Statcounter";"Moved to Virus Vault"



ComboFix 08-08-06.02 - Tebza 2008-08-07 14:23:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.119 [GMT 2:00]
Running from: C:\Documents and Settings\Tebza\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))
.

2008-08-07 14:04 . 2008-08-07 14:07 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-08-07 13:57 . 2008-08-07 13:57 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-07 13:07 . 2008-08-07 13:07 119,516 --a------ C:\Program Files\youtubegrabberv31.zip
2008-08-07 07:46 . 2008-08-07 07:47 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-08-07 05:34 . 2008-08-07 14:23 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-07 05:17 . 2008-08-07 11:32 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-07 05:17 . 2008-08-07 05:23 <DIR> d-------- C:\Documents and Settings\Tebza\Application Data\AVGTOOLBAR
2008-08-07 05:17 . 2008-08-07 05:17 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-07 05:17 . 2008-08-07 05:17 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-07 05:17 . 2008-08-07 05:17 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-07 05:16 . 2008-08-07 14:03 <DIR> d-------- C:\Program Files\AVG
2008-08-07 05:16 . 2008-08-07 05:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-08-07 04:24 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-07 04:24 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-07 00:09 . 2008-08-07 01:31 <DIR> d-------- C:\Program Files\CA(2)
2008-08-06 02:43 . 2008-08-07 01:33 <DIR> d-------- C:\Documents and Settings\Tebza\Application Data\Spyware Terminator
2008-08-04 01:32 . 2008-08-07 01:33 <DIR> d-------- C:\Documents and Settings\Tebza\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-04-07 10:01 245,760 ----a-w C:\Program Files\Youtube Grabber v31.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2003-05-16 22:24 851968]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-27 13:00 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-12 02:52 1409024]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2008-07-08 16:41 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2006-03-09 22:06 36972]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 21:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-06-04 13:33 1400944]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 20:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-15 00:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-15 01:04 40960]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-04-02 11:00 191488]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 19:00 241714]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-11 08:36 151597]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2006-04-12 08:45 28672]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-12-05 16:22 159744]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-10 22:25 53248]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 17:29 237568]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 08:46 57344]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-07 05:16 1232152]
"bcmwltry"="bcmwltry.exe" [2003-01-13 20:26 274432 C:\WINDOWS\system32\bcmwltry.exe]
"RemoveCpl"="RemoveCpl.exe" [2003-01-15 08:50 24576 C:\WINDOWS\system32\RemoveCpl.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-12 21:17 73728 C:\WINDOWS\SOUNDMAN.EXE]
"VTTrayp"="VTtrayp.exe" [2004-11-12 21:28 143360 C:\WINDOWS\system32\VTTrayp.exe]
"VTTimer"="VTTimer.exe" [2004-11-12 21:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-11-15 15:06 88363 C:\WINDOWS\AGRSMMSG.exe]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2007-10-09 17:32:13 50848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys [2002-06-06 10:07]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-07 05:17]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-07 05:16]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-07 05:16]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-07 05:17]
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2004-11-12 21:21]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Tebza\Application Data\Mozilla\Firefox\Profiles\wjssvs5m.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 14:26:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A???????B???@?$?@?? C?????U?@?????????@?B???A???????A?? ????B???@?????P???$?@???????????A~??????????@???????????????????B?????? ????????????????????????????B

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-07 14:28:51
ComboFix-quarantined-files.txt 2008-08-07 12:28:32

Pre-Run: 28,831,604,736 bytes free
Post-Run: 28,887,117,824 bytes free

128 --- E O F --- 2008-08-07 05:47:13

Poslao: 07 Avg 2008 19:52
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


Da krenemo sa ovim: postavljeni logovi ne pokazuju znakove malware-a.


Pojašnjenja...

Citat:onda resim da skinem spyware terminator i antivirus sa njim ( i sada mi i dalje nije jasno da li je to bila velika greska broj dva ili ne?)

Sam program je legitiman (u priču o kvalitetu nećemo zalaziti ovde).

Citat: kada je odskenirao sve javi da imam dva, valjda, virusa:

C\Program Files\Uninstal Funweb Products.dll
Documents & Settings\Tebza\Local settings\Temporary Internet Files\Content.IE5\KXER4RMD\Smiley Central FWP\Setup 1.0.1.0.[1].exe

Ono drugo je instalacioni file za ono prvo - inače adware.

Citat:Sledeceg dana vidim da mi je instaliran neki crawler toolbar tako nekako, odlucim da se resim toga, nemam pojma kao je dospelo na comp. Onda shvatim da je to doslo sa terminatorom

Da, CT biva instaliran sa ST-om.

Citat:...sam slusajuci neciji savet pokrenula i ComboFix nadam se da to nije bio pogresan potez, svakako je bio ocajnicki.

Ubuduće ne prihvataj takve savete. ComboFix nije igračka.



Citat:Infections
File;"Infection";"Result"
C:\Documents and Settings\Tebza\Local Settings\Temp\wJQs.exe;"Virus found Pakes";"Moved to Virus Vault"
Ovo je bilo maliciozno.

Citat:Spyware
File;"Infection";"Result"
C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll;"Adware Generic.VRD";"Moved to Virus Vault"

Ovo je pogrešna detekcija - u pitanju je legitiman program.

Ovo ostalo su cookie-ji i nešto iz System Restore-a.

Tebi sada preostaje još da isključiš System Restore i da ga zatim ponovo uključiš.

http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kak.....WinXP.html

Ako ima neka nejasnoća, samo reci...

Poslao: 07 Avg 2008 22:07
Idi na vrh
offline
  • Pridružio: 07 Avg 2008
  • Poruke: 2528
  • Gde živiš: VII kat

Dr Boro hvala, sta da kazem.
System restore ukljucen i iskljucen. Salim se obrnut redosled Smile Savet sa ComboFix-om primljen k' znanju. Samo jos jedno pitanjce, AVG ima podeseno skeniranje diska na svaki dan, da to menjam na neki duzi vremenski period, ili da ostane ovako...
I da li postoji neki korisni link sa dos and donts na netu za nas koji smo malo internet challenged, ja se sada plasim i google pretrazivanja.
I ako smem da pitam, vidim da AVG svaki put registuje nesto novo, da li to znaci da je svaka poseta internetu potencijalno opasna bez obzira da li nesto skidate ili ne?
Mozda ovo nije dobro mesto za postavljanje svih ovih pitanja, razumecu sasvim ako mi ne odgovorite.
Eto opet sam se raspisala a samo sam htela da se zahvalim, odistinski, zaista pomazete ljudima. Hvala!!

Poslao: 08 Avg 2008 13:37
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Citat:AVG ima podeseno skeniranje diska na svaki dan, da to menjam na neki duzi vremenski period, ili da ostane ovako...

Ne škodi da ostane tako.

Citat:vidim da AVG svaki put registuje nesto novo, da li to znaci da je svaka poseta internetu potencijalno opasna bez obzira da li nesto skidate ili ne?

Da. Zato je i potrebno imati stalno aktivan antivirus.

Citat:da li postoji neki korisni link sa dos and donts na netu

Doista nisam siguran šta tačno pitaš, stoga bih preporučio da razmisliš u koji od MC-ovih foruma bi takvo pitanje išlo i da ga tamo postaviš (mnogo veća šansa da ćeš tako dobiti precizan i korisan odgovor).


Poz...

MyCity » Ambulanta -> Arhiva Ambulante » glupi smajliji

Ko je trenutno na forumu
 

Ukupno su 749 korisnika na forumu :: 44 registrovanih, 6 sakrivenih i 699 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., amaterSRB, Andrija357, Apok, Areal84, bojcistv, Boris90, cemix, Denaya, dragoljub11987, FileFinder, Frunze, Futurama, gomago, h8propaganda, jackreacher011011, Joja, Karla, Koca Popovic, kybonacci, LUDI, Maksim 3, Maschinekalibar, mercedesamg, Mi lao shu, mikrimaus, milenko crazy north, panonski mornar, Parker, Pohovani_00, Regrut Boskica, solic, stegonosa, tubular, Vatreni Zmaj, vlad4, Vlada78, voja64, wulfy, YU-UKI, YugoSlav, zzapNDjuric99, šumar bk2