neko mi je uhakovao facebook + usporen rad racunara

1

neko mi je uhakovao facebook + usporen rad racunara

Idi na vrh
offline
  • Pridružio: 29 Sep 2010
  • Poruke: 138
Uloguj se preko Facebooka da bi skinuo fajl:

Dakle, svim mojim prijateljima se poslao neki link ka sendspaceu..ne znam sta se dogadja..
uglavnom, evo logova, pa vidite, da, i nisam siguran za GMER da li je do kraja odradio posao, jer je prekinuo skeniranje sa informacijom, da je neko "ceprkao" po sistemskim fajlovima ROOTKIT..?


DDS (Ver_09-07-30.01) - NTFSx86
Run by Stefan at 12:56:24.89 on Wed 09/05/2012
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1154 [GMT 2:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\MPK\MPK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ROCCAT\Kone Mouse\osd.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\plugin-container.exe
E:\PROGRAMI\GDBack_FAT_NTFS_balkandownload.org\App\GetDataBack\ZA NE DAJ BOZE\dds.scr

============== Pseudo HJT Report ===============

uStart Page =
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\mpk\MPK.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Kone] "c:\program files\roccat\kone mouse\KoneHID.EXE"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Bonus.SSR.FR11] "c:\program files\abbyy finereader 11\Bonus.ScreenshotReader.exe" /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Windows Media DHCP] c:\windows\system32\wmpdr64.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\stefan\applic~1\mozilla\firefox\profiles\hof9oxrw.default\
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll

============= SERVICES / DRIVERS ===============

R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2012-6-19 21624]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-6-20 565552]
R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [2010-4-21 46280]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe [2011-4-24 202296]
R2 NeroMediaHomeService.4;Nero MediaHome 4 Service;c:\program files\nero\nero mediahome 4\NMMediaServerService.exe [2010-10-29 517416]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-8-14 1262400]
R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [2010-4-21 1242480]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2012-3-6 38656]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [2012-3-8 13056]
R3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2010-4-21 3328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-14 250056]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-7-4 25088]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-14 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2012-09-04 17:34 <DIR> --d----- C:\wamp
2012-09-03 21:14 262,144 ---sh--- c:\windows\system32\wmpdr64.exe
2012-09-01 19:32 <DIR> --d----- c:\program files\GRETECH
2012-08-25 04:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2012-08-24 23:19 <DIR> --d----- c:\docume~1\stefan\applic~1\ABBYY
2012-08-24 23:08 <DIR> --d----- c:\program files\ABBYY FineReader 11
2012-08-24 23:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ABBYY
2012-08-24 23:01 <DIR> --d----- c:\documents and settings\all users\Microsoft
2012-08-24 23:00 <DIR> --d----- c:\temp\ABBYY FineReader 11
2012-08-24 23:00 <DIR> --d----- C:\Temp
2012-08-24 22:59 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2012-08-24 22:57 <DIR> --d----- c:\program files\Microsoft Analysis Services
2012-08-24 22:56 <DIR> --d----- c:\windows\SHELLNEW
2012-08-17 22:03 587 a------- c:\windows\system32\runkgb.lnk
2012-08-17 22:03 <DIR> --dsh--- c:\windows\system32\MPK
2012-08-17 22:03 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\MPK
2012-08-15 21:16 10,264 a------- c:\windows\system32\nvinfo.pb
2012-08-14 19:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2012-08-14 19:56 65,536 a------- c:\windows\system32\OpenCL.dll
2012-08-14 19:56 1,074,636 a------- c:\windows\system32\nvdrsdb1.bin
2012-08-14 19:56 1,074,636 a------- c:\windows\system32\nvdrsdb0.bin
2012-08-14 19:56 1 a------- c:\windows\system32\nvdrssel.bin
2012-08-14 19:56 0 a------- c:\windows\system32\nvdrswr.lk
2012-08-14 19:56 883,008 a------- c:\windows\system32\nvgenco32.dll
2012-08-14 19:56 6,012,928 a------- c:\windows\system32\nvcuda.dll
2012-08-14 19:56 2,807,708 a------- c:\windows\system32\nvdata.data
2012-08-14 19:56 2,530,624 a------- c:\windows\system32\nvcuvid.dll
2012-08-14 19:56 2,445,120 a------- c:\windows\system32\nvcuvenc.dll
2012-08-14 19:56 1,000,768 a------- c:\windows\system32\nvdispco32.dll
2012-08-14 19:56 17,543,168 a------- c:\windows\system32\nvcompiler.dll
2012-08-14 19:55 <DIR> --d----- c:\program files\NVIDIA Corporation
2012-08-14 19:55 <DIR> --d----- C:\NVIDIA
2012-08-14 15:36 426,184 a------- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 15:36 70,344 a------- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 15:32 <DIR> --d----- c:\program files\Mozilla Maintenance Service
2012-08-11 23:12 <DIR> --d--r-- c:\program files\Skype
2012-08-11 17:06 1,703,936 a------- c:\windows\system32\gdiplus.dll
2012-08-11 17:06 991,232 a------- c:\windows\system32\imageviewer2.ocx
2012-08-11 17:06 608,448 a------- c:\windows\system32\comctl32.ocx
2012-08-11 17:06 224,016 a------- c:\windows\system32\tabctl32.ocx
2012-08-11 17:06 200,704 a------- c:\windows\system32\threed32.ocx
2012-08-11 17:06 164,144 a------- c:\windows\system32\comct232.ocx
2012-08-11 17:06 151,552 a------- c:\windows\system32\ccrpfd6.ocx
2012-08-11 17:06 110,592 a------- c:\windows\system32\ccrpbds6.dll
2012-08-11 17:06 106,496 a------- c:\windows\system32\mbprgbar.ocx
2012-08-11 17:06 <DIR> --d----- c:\program files\PIXresizer
2012-08-09 00:34 <DIR> --d----- c:\documents and settings\stefan\VSWebCache
2012-08-08 22:15 50,200 a------- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-08-08 22:14 79,896 a------- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-08-08 22:13 <DIR> --d----- c:\windows\system32\RsFx
2012-08-08 22:08 <DIR> --d----- c:\program files\Microsoft SQL Server
2012-08-08 22:07 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2012-08-08 22:07 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2012-08-08 22:00 <DIR> --d----- c:\program files\Microsoft ASP.NET
2012-08-08 22:00 <DIR> --d----- c:\program files\IIS
2012-08-08 21:51 <DIR> --d----- c:\program files\Microsoft F#
2012-08-08 21:51 <DIR> --d----- c:\program files\HTML Help Workshop
2012-08-08 21:51 <DIR> --d----- c:\program files\Microsoft Visual Studio 10.0
2012-08-08 21:51 <DIR> --d----- c:\program files\Microsoft Help Viewer
2012-08-08 21:51 <DIR> --d----- c:\program files\common files\Merge Modules
2012-08-08 21:42 165 a------- c:\windows\system32\spupdsvc.inf

==================== Find3M ====================

2006-06-24 00:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe

============= FINISH: 12:56:57.20 ===============


mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Idi na vrh
offline
  • Dazdingo
  • public static void main
  • Pridružio: 09 Avg 2011
  • Poruke: 13387
  • Gde živiš: Beograd

Pozdrav, kravman89


Korak 1.


Preuzmi program OTM na Desktop.

  • Dvoklikom pokreni OTM.exe

  • U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja:
    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="c:\windows\system32\userinit.exe,"

    :files
    C:\WINDOWS\system32\MPK
    c:\windows\system32\runkgb.lnk
    c:\documents and settings\all users\application data\MPK

    :commands
    [emptytemp]
    [purity]
    [emptyflash]

  • Klikni MoveIt!

Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu.


Ukoliko se pojavi upit:

Confirm ::The system requires a reboot to finish removing files.
Do you want to reboot now?


kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen.

Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu.
Potrebno je iskopirati sadržaj tog loga u poruku na forumu.



Korak 2.

Arrow Preuzmi program CatchMe.

Dvoklikom pokreni catchme.exe i klikni na tab Script.
U (beli) prozor programa iskopiraj sledeći tekst:

C:\WINDOWS\system32\wmpdr64.exe

Klikni na dugme Run.

Kada se pojavi poruka sa obaveštenjem, klikni na dugme OK.

Po završetku procesa, na Desktopu će se nalaziti datoteka catchme.zip.
Tu datoteku je neophodno postaviti (uploadovati) na forum preko sledeće forme:
http://www.mycity.rs/ambulanta-upload.php


Korak 3.

Kada završiš prethodna dva koraka, postavi mi svež DDS izveštaj.



TwinHeadedEagle (AMFTim)

Idi na vrh
offline
  • Pridružio: 29 Sep 2010
  • Poruke: 138
Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 05 Sep 2012 22:49

za catchme izbacuje error : script command not found...

Dopuna: 05 Sep 2012 22:50

mycity.rs/must-login.png

Idi na vrh
offline
  • Dazdingo
  • public static void main
  • Pridružio: 09 Avg 2011
  • Poruke: 13387
  • Gde živiš: Beograd

Korak 1.

Da probamo jos jednom.


Arrow Preuzmi program CatchMe.

Dvoklikom pokreni catchme.exe i klikni na tab Script.
U (beli) prozor programa iskopiraj sledeći tekst:

files:
C:\WINDOWS\system32\wmpdr64.exe


Klikni na dugme Run.

Kada se pojavi poruka sa obaveštenjem, klikni na dugme OK.

Po završetku procesa, na Desktopu će se nalaziti datoteka catchme.zip.
Tu datoteku je neophodno postaviti (uploadovati) na forum preko sledeće forme:
http://www.mycity.rs/ambulanta-upload.php


Drugi nacin je sledeci, ukoliko prvi ne radi:

Arrow Potrebno je da ukljucis prikaz skrivenih fajlova, na ovaj nacin:

  1. Klikni Start taster (u levom donjem uglu).
  2. Izaberi My Computer.
  3. Selektuj Tools meni i klikni na Folder Options.
  4. Selektuj View na vrhu, unutar Hidden files and folders grupe selektuj Show hidden files and folders.
  5. Skini kvačicu sa Hide file extensions for known types.
  6. Skini kvačicu sa Hide protected operating system files (recommended).
  7. Klikni YES.
  8. Klikni OK.


Uploaduj mi fajl preko sledeće forme:

http://www.mycity.rs/ambulanta-upload.php

Klikneš na Choose File, pronađeš fajl i klikneš sa Upload.

C:\WINDOWS\system32\wmpdr64.exe



Korak 2.

Zaboravio si da ispratiš treći korak u prethodnoj poruci?



TwinHeadedEagle (AMFTim)

Idi na vrh
offline
  • Pridružio: 29 Sep 2010
  • Poruke: 138
Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 06 Sep 2012 10:50

ok, sad cu ovo da uradim, mada sam pokusavao da iskopiram komandu, i izbacuje mi error..nisam ti kacio svez dds, jer sam zaribao sa ovim catchme Smile
Evo za par minuta kacim sta sam uradio. Hvala ti.

Dopuna: 06 Sep 2012 10:57

Uploadovao sam preko one forme (greska je bila sto nisam stavio files:: ranije, sada je sve bez problema proslo) posto ne znam koji dds, kacim oba...
mycity.rs/must-login.png

Dopuna: 06 Sep 2012 10:58

zaboravio sam drugi...evo drugog (attach)
mycity.rs/must-login.png

Idi na vrh
offline
  • Dazdingo
  • public static void main
  • Pridružio: 09 Avg 2011
  • Poruke: 13387
  • Gde živiš: Beograd

Korak 1.

  • Ponovo pokreni OTM.exe

  • U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja:
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Media DHCP"=-

    :files
    C:\WINDOWS\system32\wmpdr64.exe

    :commands
    [emptytemp]

  • Klikni MoveIt!

Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu.


Ukoliko se pojavi upit:

Confirm ::The system requires a reboot to finish removing files.
Do you want to reboot now?


kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen.

Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu.
Potrebno je iskopirati sadržaj tog loga u poruku na forumu.


Korak 2.

Ponovo pokreni DDS i postavi svez izvestaj.


Korak 3.

Kakvo je sada stanje?

Idi na vrh
offline
  • Pridružio: 29 Sep 2010
  • Poruke: 138
Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 06 Sep 2012 16:54

mycity.rs/must-login.png


DDS (Ver_09-07-30.01) - NTFSx86
Run by Stefan at 16:50:46.65 on Thu 09/06/2012
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1315 [GMT 2:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\ROCCAT\Kone Mouse\osd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rserver30\FamItrf2.Exe
E:\PROGRAMI\GDBack_FAT_NTFS_balkandownload.org\App\GetDataBack\ZA NE DAJ BOZE\dds.scr

============== Pseudo HJT Report ===============

uStart Page =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Kone] "c:\program files\roccat\kone mouse\KoneHID.EXE"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Bonus.SSR.FR11] "c:\program files\abbyy finereader 11\Bonus.ScreenshotReader.exe" /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [Windows Media DHCP] c:\windows\system32\wmpdr64.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\stefan\applic~1\mozilla\firefox\profiles\hof9oxrw.default\
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll

============= SERVICES / DRIVERS ===============

R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2012-6-19 21624]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-6-20 565552]
R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [2010-4-21 46280]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe [2011-4-24 202296]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2011-9-23 641832]
R2 NeroMediaHomeService.4;Nero MediaHome 4 Service;c:\program files\nero\nero mediahome 4\NMMediaServerService.exe [2010-10-29 517416]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-8-14 1262400]
R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [2010-4-21 1242480]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2012-3-6 38656]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [2012-3-8 13056]
R3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2010-4-21 3328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-14 250056]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-7-4 25088]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-14 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2012-09-05 22:23 <DIR> --d----- C:\_OTM
2012-09-04 17:34 <DIR> --d----- C:\wamp
2012-09-01 19:32 <DIR> --d----- c:\program files\GRETECH
2012-08-25 04:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2012-08-24 23:19 <DIR> --d----- c:\docume~1\stefan\applic~1\ABBYY
2012-08-24 23:08 <DIR> --d----- c:\program files\ABBYY FineReader 11
2012-08-24 23:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ABBYY
2012-08-24 23:01 <DIR> --d----- c:\documents and settings\all users\Microsoft
2012-08-24 23:00 <DIR> --d----- c:\temp\ABBYY FineReader 11
2012-08-24 23:00 <DIR> --d----- C:\Temp
2012-08-24 22:59 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2012-08-24 22:57 <DIR> --d----- c:\program files\Microsoft Analysis Services
2012-08-24 22:56 <DIR> --d----- c:\windows\SHELLNEW
2012-08-15 21:16 10,264 a------- c:\windows\system32\nvinfo.pb
2012-08-14 19:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2012-08-14 19:56 65,536 a------- c:\windows\system32\OpenCL.dll
2012-08-14 19:56 1,074,636 a------- c:\windows\system32\nvdrsdb1.bin
2012-08-14 19:56 1,074,636 a------- c:\windows\system32\nvdrsdb0.bin
2012-08-14 19:56 1 a------- c:\windows\system32\nvdrssel.bin
2012-08-14 19:56 0 a------- c:\windows\system32\nvdrswr.lk
2012-08-14 19:56 883,008 a------- c:\windows\system32\nvgenco32.dll
2012-08-14 19:56 6,012,928 a------- c:\windows\system32\nvcuda.dll
2012-08-14 19:56 2,807,708 a------- c:\windows\system32\nvdata.data
2012-08-14 19:56 2,530,624 a------- c:\windows\system32\nvcuvid.dll
2012-08-14 19:56 2,445,120 a------- c:\windows\system32\nvcuvenc.dll
2012-08-14 19:56 1,000,768 a------- c:\windows\system32\nvdispco32.dll
2012-08-14 19:56 17,543,168 a------- c:\windows\system32\nvcompiler.dll
2012-08-14 19:55 <DIR> --d----- c:\program files\NVIDIA Corporation
2012-08-14 19:55 <DIR> --d----- C:\NVIDIA
2012-08-14 15:36 426,184 a------- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 15:36 70,344 a------- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 15:32 <DIR> --d----- c:\program files\Mozilla Maintenance Service
2012-08-11 23:12 <DIR> --d--r-- c:\program files\Skype
2012-08-11 17:06 1,703,936 a------- c:\windows\system32\gdiplus.dll
2012-08-11 17:06 991,232 a------- c:\windows\system32\imageviewer2.ocx
2012-08-11 17:06 608,448 a------- c:\windows\system32\comctl32.ocx
2012-08-11 17:06 224,016 a------- c:\windows\system32\tabctl32.ocx
2012-08-11 17:06 200,704 a------- c:\windows\system32\threed32.ocx
2012-08-11 17:06 164,144 a------- c:\windows\system32\comct232.ocx
2012-08-11 17:06 151,552 a------- c:\windows\system32\ccrpfd6.ocx
2012-08-11 17:06 110,592 a------- c:\windows\system32\ccrpbds6.dll
2012-08-11 17:06 106,496 a------- c:\windows\system32\mbprgbar.ocx
2012-08-11 17:06 <DIR> --d----- c:\program files\PIXresizer
2012-08-09 00:34 <DIR> --d----- c:\documents and settings\stefan\VSWebCache
2012-08-08 22:15 50,200 a------- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-08-08 22:14 79,896 a------- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-08-08 22:13 <DIR> --d----- c:\windows\system32\RsFx
2012-08-08 22:08 <DIR> --d----- c:\program files\Microsoft SQL Server
2012-08-08 22:07 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2012-08-08 22:07 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2012-08-08 22:00 <DIR> --d----- c:\program files\Microsoft ASP.NET
2012-08-08 22:00 <DIR> --d----- c:\program files\IIS
2012-08-08 21:51 <DIR> --d----- c:\program files\Microsoft F#
2012-08-08 21:51 <DIR> --d----- c:\program files\HTML Help Workshop
2012-08-08 21:51 <DIR> --d----- c:\program files\Microsoft Visual Studio 10.0
2012-08-08 21:51 <DIR> --d----- c:\program files\Microsoft Help Viewer
2012-08-08 21:51 <DIR> --d----- c:\program files\common files\Merge Modules
2012-08-08 21:42 165 a------- c:\windows\system32\spupdsvc.inf

==================== Find3M ====================

2006-06-24 00:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe

============= FINISH: 16:51:11.00 ===============


mycity.rs/must-login.png

Dopuna: 06 Sep 2012 16:57

komp radi brze,. ne trokira pri ucitavanju stranica...
hvala.r

Idi na vrh
offline
  • Dazdingo
  • public static void main
  • Pridružio: 09 Avg 2011
  • Poruke: 13387
  • Gde živiš: Beograd

Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop:


Bleeping Computer





Kada preuzimanje programa bude završeno:
  1. deaktiviraj zaštitni softver (uputstvo);
  2. zatvori pokrenute programe;
  3. dvoklikom pokreni program ComboFix;
  4. u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:
  • provjeriti postoji li novija verzija programa:
    • klikni Yes ako bude ponuđeno preuzimanje iste.
  • ako Recovery Console nije instalirana, ponuditi instalaciju:
    • obavezno prihvati klikom na Yes i isprati postupak.
  • postaviti/dati određeni broj upita/obaveštenja:
    • prihvati klikom na Yes ili OK.
  • po potrebi, restartovati Windows (više puta);
  • na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu:
  1. klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
  2. klikni desnim tasterom miša na obilježeni tekst i izaberi Copy;
  3. klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:
  • Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
  • Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.

Idi na vrh
offline
  • Pridružio: 29 Sep 2010
  • Poruke: 138
Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png

ComboFix 12-09-08.02 - Stefan 09/08/2012 16:52:15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1070 [GMT 2:00]
Running from: c:\documents and settings\Stefan\My Documents\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TheBflix
c:\documents and settings\All Users\Application Data\TheBflix\ajhcekcffkpnaednoeoegnmnjdlnjjmg.crx
c:\documents and settings\All Users\Application Data\TheBflix\background.html
c:\documents and settings\All Users\Application Data\TheBflix\bhoclass.dll
c:\documents and settings\All Users\Application Data\TheBflix\content.js
c:\documents and settings\All Users\Application Data\TheBflix\data\content.js
c:\documents and settings\All Users\Application Data\TheBflix\data\jsondb.js
c:\documents and settings\All Users\Application Data\TheBflix\settings.ini
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
.
.
2012-09-05 20:23 . 2012-09-05 20:23 -------- d-----w- C:\_OTM
2012-09-04 15:34 . 2012-09-04 15:36 -------- d-----w- C:\wamp
2012-09-01 17:33 . 2012-09-01 17:33 -------- d-----w- c:\documents and settings\Stefan\Application Data\GRETECH
2012-09-01 17:32 . 2012-09-01 17:32 -------- d-----w- c:\program files\GRETECH
2012-08-31 04:19 . 2012-08-31 04:19 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-25 02:58 . 2012-08-25 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2012-08-24 21:19 . 2012-08-24 21:19 -------- d-----w- c:\documents and settings\Stefan\Application Data\ABBYY
2012-08-24 21:08 . 2012-08-24 21:18 -------- d-----w- c:\program files\ABBYY FineReader 11
2012-08-24 21:08 . 2012-08-24 21:08 -------- d-----w- c:\documents and settings\Stefan\Local Settings\Application Data\ABBYY
2012-08-24 21:08 . 2012-08-24 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY
2012-08-24 21:01 . 2012-08-24 21:01 -------- d-----w- c:\documents and settings\All Users\Microsoft
2012-08-24 21:00 . 2012-08-24 21:00 -------- d-----w- C:\Temp
2012-08-24 20:59 . 2012-08-24 20:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-08-24 20:57 . 2012-08-24 20:57 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-08-24 20:56 . 2012-08-24 21:02 -------- d-----w- c:\windows\SHELLNEW
2012-08-24 20:56 . 2012-08-24 20:56 -------- d-----w- c:\documents and settings\Stefan\Local Settings\Application Data\Microsoft Help
2012-08-24 20:56 . 2012-08-24 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2012-08-24 20:55 . 2012-08-24 20:55 -------- d-----r- C:\MSOCache
2012-08-18 05:05 . 2012-08-18 05:05 -------- d-----w- c:\documents and settings\Stefan\Local Settings\Application Data\Identities
2012-08-16 16:03 . 2012-08-16 16:04 -------- d-----w- c:\documents and settings\Administrator
2012-08-14 17:58 . 2012-08-14 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2012-08-14 17:57 . 2012-08-14 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2012-08-14 17:57 . 2012-08-14 17:57 -------- d-----w- c:\documents and settings\UpdatusUser
2012-08-14 17:56 . 2012-05-15 10:18 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-08-14 17:56 . 2012-09-03 11:30 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-08-14 17:56 . 2012-09-03 11:30 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-08-14 17:56 . 2012-09-02 19:49 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-08-14 17:56 . 2012-05-15 10:18 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-08-14 17:56 . 2012-05-15 10:18 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-08-14 17:56 . 2012-05-15 10:18 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-08-14 17:56 . 2012-05-15 10:18 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-08-14 17:56 . 2012-05-15 10:18 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-14 17:56 . 2012-05-15 10:18 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-08-14 17:55 . 2012-08-15 19:17 -------- d-----w- c:\program files\NVIDIA Corporation
2012-08-14 17:55 . 2012-08-14 17:55 -------- d-----w- C:\NVIDIA
2012-08-14 13:36 . 2012-08-14 13:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 13:36 . 2012-08-14 13:36 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 13:32 . 2012-08-14 13:32 -------- d-----w- c:\documents and settings\Stefan\Local Settings\Application Data\Mozilla
2012-08-14 13:32 . 2012-08-31 05:44 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-08-11 21:12 . 2012-09-06 08:52 -------- d-----w- c:\documents and settings\Stefan\Application Data\Skype
2012-08-11 21:12 . 2012-08-11 21:13 -------- d-----r- c:\program files\Skype
2012-08-11 21:12 . 2012-08-11 21:12 -------- d-----w- c:\program files\Common Files\Skype
2012-08-11 21:12 . 2012-08-31 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2012-08-11 15:06 . 2012-08-11 15:06 -------- d-----w- c:\program files\PIXresizer
2012-08-11 15:06 . 2007-04-14 23:05 991232 ----a-w- c:\windows\system32\imageviewer2.ocx
2012-08-11 15:06 . 2004-03-08 22:00 224016 ----a-w- c:\windows\system32\tabctl32.ocx
2012-08-11 15:06 . 2002-08-29 18:00 1703936 ----a-w- c:\windows\system32\gdiplus.dll
2012-08-11 15:06 . 2000-07-09 17:15 106496 ----a-w- c:\windows\system32\mbprgbar.ocx
2012-08-11 15:06 . 2000-05-21 23:00 608448 ----a-w- c:\windows\system32\comctl32.ocx
2012-08-11 15:06 . 2000-05-01 22:02 110592 ----a-w- c:\windows\system32\ccrpbds6.dll
2012-08-11 15:06 . 1999-09-16 08:04 151552 ----a-w- c:\windows\system32\ccrpfd6.ocx
2012-08-11 15:06 . 1998-06-23 23:00 164144 ----a-w- c:\windows\system32\comct232.ocx
2012-08-11 15:06 . 1996-01-11 23:00 200704 ----a-w- c:\windows\system32\threed32.ocx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 19:31 . 2012-08-08 19:59 2018272 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-08-08 19:59 . 2012-08-08 19:59 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2012-08-31 04:19 . 2012-08-14 13:31 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-06-22 603648]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"Kone"="c:\program files\ROCCAT\Kone Mouse\KoneHID.EXE" [2011-02-18 1666560]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"Bonus.SSR.FR11"="c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-11-06 934152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Stefan^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Stefan\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 18:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]
2010-10-29 14:59 5178664 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-05-15 09:40 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-05-10 22:03 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2012\\Pes Serbia Patch 2012 - PES 2012.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2012\\Pes Serbia Patch 2012 - PES 2012 - Yair.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\wamp\\bin\\apache\\apache2.2.22\\bin\\httpd.exe"=
.
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [6/19/2012 12:35 PM 21624]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [3/4/2011 1:23 PM 11352]
R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [4/21/2010 7:02 AM 46280]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [9/23/2011 6:37 PM 641832]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [8/14/2012 7:57 PM 1262400]
R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [4/21/2010 7:02 AM 1242480]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [3/6/2012 7:28 PM 38656]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/10/2011 6:34 PM 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
R3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [3/8/2012 5:00 PM 13056]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/13/2012 1:33 PM 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/14/2012 3:36 PM 250056]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [7/4/2012 10:31 PM 25088]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 5:51 PM 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8/14/2012 3:32 PM 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/23/2009 5:08 AM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 13:36]
.
.
------- Supplementary Scan -------
.
uStart Page =
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 109.122.98.116 109.122.98.117
FF - ProfilePath - c:\documents and settings\Stefan\Application Data\Mozilla\Firefox\Profiles\hof9oxrw.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Windows Media DHCP - c:\windows\system32\wmpdr64.exe
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-chromium - c:\documents and settings\Stefan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
MSConfigStartUp-Flashget - c:\program files\FlashGet\flashget.exe
MSConfigStartUp-Gainward - c:\windows\TBPanel.exe
MSConfigStartUp-Google Update - c:\documents and settings\Stefan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-Optimizer Pro - c:\program files\Optimizer Pro\OptProLauncher.exe
MSConfigStartUp-Plex Media Server - c:\program files\Plex\Plex Media Server\Plex Media Server.exe
MSConfigStartUp-Unified Remote v2 - c:\program files\Unified Remote\RemoteServer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2012-09-08 16:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-09-08 16:57:36
ComboFix-quarantined-files.txt 2012-09-08 14:57
.
Pre-Run: 16,701,845,504 bytes free
Post-Run: 16,651,214,848 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 22F0100F806D083851FEAD387242EF1F

Idi na vrh
offline
  • Dazdingo
  • public static void main
  • Pridružio: 09 Avg 2011
  • Poruke: 13387
  • Gde živiš: Beograd
Uloguj se preko Facebooka da bi skinuo fajl:

Jos jedan korak pa zavrsavamo Smile

Preuzmi na Desktop i pokreni sledeci fajl:

http://www.mycity.rs/must-login.png

Kada se pojavi obavestenje, klikni na Yes. Posle toga je potrebno da kliknes na OK i da restartujes racunar.

=========================

Stanje?


Potreban je samo minut da se registrujete - da biste učestvovali u diskusiji:
Izaberite vaše korisničko ime [username] :
Vaša email adresa je [email] : Email adresa mora biti tačna!
Ukucajte željenu šifru [password] :
Ukucajte šifru ponovo [password again] :
Jezik [language] :




Ili se jednostavno uloguj preko Facebook-a:
Ko je trenutno na forumu
 

Ukupno su 169 korisnika na forumu :: 9 registrovanih, 1 sakriven i 159 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1311 - dana 15 Nov 2012 21:40

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 7umb4, Acid_Burn, BlackPhantom, Chuck Norris, cikadeda, GogiA, ivan1810, ninoslav1011, Žan Klod vam dam
Siguran hosting