MyCity » Ambulanta -> Arhiva Ambulante » Trojan:Win32/Sirefef.S

Trojan:Win32/Sirefef.S

Napisano na dan: 30.11.2011

Strana:
1
2

Trojan:Win32/Sirefef.S

Sledeća strana

Pagination

Odgovori

Strana:
1
2

no_fear Poslao: 30 Nov 2011 14:06 Idi na vrh
offline no_fear Građanin Pridružio: 27 Mar 2008 Poruke: 60	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 30 Nov 2011 13:42 Pozdrav, trebam strucnu pomoc: danas mi je MSE izbacio gore navedeni virus, i nakon sto ga je navodno obrisao, isti virus se ponovo pojavljuje vec deseti puta. Lokacija je C:\Documents and Settings\User\Local Settings\Application Data\180e6f7c\U\ Pokusao sam nekim malware removal tool-om (cini mi se kaspersky) da ocistim ali nije islo... Rezultat je spor rad racunara, i povremeno obavjestenje o postojanju virusa (svakih cc 20 min). DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 Run by User at 0:22:09 on 2011-11-30 Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.1023.263 [GMT 1:00] . AV: Microsoft Security Essentials Enabled/Updated {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials Disabled/Updated {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\explorer.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\Vuze\Azureus.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.ba/ uWinlogon: Shell=c:\documents and settings\user\local settings\application data\180e6f7c\X BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [cdloader] "c:\documents and settings\user\application data\mjusbsp\cdloader2.exe" MAGICJACK mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://rcm-emea.fdnet.com/dana-cached/setup/JuniperSetupSP1.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{953EDC8D-0969-472A-8F68-ACE957B288FE} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL . ============= SERVICES / DRIVERS =============== . R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-1-21 21512] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264] R1 MpKsl8b053a11;MpKsl8b053a11;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f0e29285-d217-48ad-9866-5e5b93d56abb}\MpKsl8b053a11.sys [2011-11-29 28752] Unaprijed hvala! R2 DirectNT;DirectNT;c:\windows\system32\drivers\DirectNT.sys [2011-10-1 3424] R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336] S1 MpKsl31013a20;MpKsl31013a20;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6cf96f6-1c3b-4e63-ba83-2a7f8658d574}\mpksl31013a20.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6cf96f6-1c3b-4e63-ba83-2a7f8658d574}\MpKsl31013a20.sys [?] S1 MpKsl35206f39;MpKsl35206f39;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66cec830-56dd-40ff-83c5-3b409330cc01}\mpksl35206f39.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66cec830-56dd-40ff-83c5-3b409330cc01}\MpKsl35206f39.sys [?] S1 MpKsl4e1bfb53;MpKsl4e1bfb53;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66cec830-56dd-40ff-83c5-3b409330cc01}\mpksl4e1bfb53.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66cec830-56dd-40ff-83c5-3b409330cc01}\MpKsl4e1bfb53.sys [?] S1 MpKsl7223cc1b;MpKsl7223cc1b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66cec830-56dd-40ff-83c5-3b409330cc01}\mpksl7223cc1b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66cec830-56dd-40ff-83c5-3b409330cc01}\MpKsl7223cc1b.sys [?] S1 MpKsl846dd11b;MpKsl846dd11b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7369b7e3-111f-423f-945d-b18398118a65}\mpksl846dd11b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7369b7e3-111f-423f-945d-b18398118a65}\MpKsl846dd11b.sys [?] S1 MpKsl875fc3bf;MpKsl875fc3bf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3dadb798-0862-4026-8d0a-0f73d9575272}\mpksl875fc3bf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3dadb798-0862-4026-8d0a-0f73d9575272}\MpKsl875fc3bf.sys [?] S1 MpKsl92d1d616;MpKsl92d1d616;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e854842d-ef18-423f-b40e-ee3da2f2197a}\mpksl92d1d616.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e854842d-ef18-423f-b40e-ee3da2f2197a}\MpKsl92d1d616.sys [?] S1 MpKsl96197c2f;MpKsl96197c2f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{540d2d7f-756d-41e3-8177-3f137b0fe76a}\mpksl96197c2f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{540d2d7f-756d-41e3-8177-3f137b0fe76a}\MpKsl96197c2f.sys [?] S1 MpKslb7edfbd6;MpKslb7edfbd6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66cec830-56dd-40ff-83c5-3b409330cc01}\mpkslb7edfbd6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66cec830-56dd-40ff-83c5-3b409330cc01}\MpKslb7edfbd6.sys [?] S1 MpKslc300a403;MpKslc300a403;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{39a5103e-ac6a-4093-ac3b-c6ef2fd0bf17}\mpkslc300a403.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{39a5103e-ac6a-4093-ac3b-c6ef2fd0bf17}\MpKslc300a403.sys [?] S1 MpKslcdc2f86e;MpKslcdc2f86e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a65df96b-a771-44a9-b144-f483847e4169}\mpkslcdc2f86e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a65df96b-a771-44a9-b144-f483847e4169}\MpKslcdc2f86e.sys [?] S1 MpKsld3bb0e5e;MpKsld3bb0e5e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0596f08f-85dd-4e37-9428-903cef093af6}\mpksld3bb0e5e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0596f08f-85dd-4e37-9428-903cef093af6}\MpKsld3bb0e5e.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-9 136176] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2011-10-1 20160] S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-9 136176] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-1-21 26248] S3 PAC207;Eye 110;c:\windows\system32\drivers\PFC027.SYS [2010-2-22 616064] . =============== Created Last 30 ================ . 2011-11-29 22:09:06 -------- d-----w- c:\program files\Mythicsoft 2011-11-29 21:36:54 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys 2011-11-29 21:32:00 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f0e29285-d217-48ad-9866-5e5b93d56abb}\MpKsl8b053a11.sys 2011-11-29 21:31:57 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f0e29285-d217-48ad-9866-5e5b93d56abb}\offreg.dll 2011-11-29 21:30:48 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys.vir 2011-11-29 18:07:59 6668624 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f0e29285-d217-48ad-9866-5e5b93d56abb}\mpengine.dll 2011-11-29 17:00:41 -------- d-sh--w- c:\documents and settings\user\local settings\application data\180e6f7c 2011-11-29 16:33:20 -------- d-----w- c:\documents and settings\all users\application data\Sibelius Software 2011-11-29 16:33:17 -------- d-----w- c:\documents and settings\user\application data\Sibelius Software 2011-11-29 15:05:59 -------- d-----w- c:\program files\Sibelius Software 2011-11-29 15:02:31 -------- d--h--w- c:\windows\PIF 2011-11-27 11:49:49 -------- d-sh--w- c:\windows\ftpcache 2011-11-11 12:07:51 -------- d-----w- c:\documents and settings\user\application data\DVDVideoSoft 2011-11-10 14:33:02 -------- d-----w- c:\documents and settings\user\application data\Individual Software 2011-11-10 14:14:22 958224 ----a-w- c:\windows\system32\Mschart.ocx 2011-11-10 14:14:17 82744 ----a-w- c:\windows\system32\Picclp32.ocx 2011-11-10 14:14:17 203576 ----a-w- c:\windows\system32\Richtx32.ocx 2011-11-10 14:14:17 137000 ----a-w- c:\windows\system32\Msmapi32.ocx 2011-11-10 14:10:10 46080 ----a-w- c:\windows\system32\MCIWNDX.OCX 2011-11-10 14:10:10 158992 ----a-w- c:\windows\system32\ComCt232.ocx 2011-11-10 14:10:10 115016 ----a-w- c:\windows\system32\MSInet.ocx 2011-11-10 14:09:56 286480 ----a-w- c:\windows\system32\Olemsg32.dll 2011-11-10 14:09:48 72704 ----a-w- c:\windows\system32\Odbctl32.dll 2011-11-10 14:09:47 78608 ----a-w- c:\windows\system32\Vb5db.dll 2011-11-10 14:09:47 618496 ----a-w- c:\program files\common files\microsoft shared\dao\DAO350.DLL 2011-11-10 14:09:47 415504 ----a-w- c:\windows\system32\Msrepl35.dll 2011-11-10 14:09:47 37136 ----a-w- c:\windows\system32\Msjint35.dll 2011-11-10 14:09:47 262144 ----a-w- c:\windows\system32\Msrd2x35.dll 2011-11-10 14:09:47 24336 ----a-w- c:\windows\system32\Msjter35.dll 2011-11-10 14:09:47 1050896 ----a-w- c:\windows\system32\Msjet35.dll 2011-11-10 14:09:35 -------- d-----w- c:\program files\ResumeMaker 2011-11-10 14:09:11 -------- d-----w- c:\documents and settings\all users\application data\Individual Software 2011-11-09 16:42:02 -------- d-----w- c:\program files\Sarm Software 2011-10-31 11:56:44 -------- d-----w- c:\program files\BreakPoint Software . ==================== Find3M ==================== . 2011-11-29 21:30:48 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys.org 2011-10-06 15:05:22 47104 ------w- c:\windows\AKDeInstall.exe 2011-10-06 15:03:07 356352 ----a-w- c:\windows\eSellerateEngine.dll 2011-10-03 03:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 00:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-29 07:29:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 0:23:02,25 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png Dopuna: 30 Nov 2011 14:06 Ako ce bit od pomoci, usliko sam primjer:

Profil

Sass Drake Poslao: 30 Nov 2011 14:18 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U toku riješavanja slučaja, zamolio bih te da se pridržavaš sledećeg: Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamjenjivati) i raditi isključivo po njima; Ne tražiti istovremeno pomoć na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo; U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio; Ukoliko ne odgovorim u roku od 48h, osveži temu novim post-om; Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj. Za više informacija o pravilima Ambulante MyCity foruma: LINK Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. http://www.mycity.rs/ambulanta-upload.php Preko ovog linka pošalji sljedeće fajlove: c:\windows\system32\drivers\DirectNT.sys c:\windows\system32\drivers\ipsec.sys.org

Profil

no_fear Poslao: 30 Nov 2011 17:07 Idi na vrh
offline no_fear Građanin Pridružio: 27 Mar 2008 Poruke: 60	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 11-11-30.01 - User 30.11.2011 14:46:18.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.1023.682 [GMT 1:00] Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe AV: Microsoft Security Essentials Disabled/Updated {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials Enabled/Updated {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Elvis\ntuser.tmp c:\documents and settings\Elvis\WINDOWS c:\documents and settings\User\Local Settings\Application Data\180e6f7c\X c:\documents and settings\User\Start Menu\Internet Explorer.lnk c:\windows\$NtUninstallKB34957$ c:\windows\$NtUninstallKB34957$\2610420992 c:\windows\$NtUninstallKB34957$\403599228\@ c:\windows\$NtUninstallKB34957$\403599228\L\aqiohfaf c:\windows\$NtUninstallKB34957$\403599228\loader.tlb c:\windows\$NtUninstallKB34957$\403599228\U\@00000001 c:\windows\$NtUninstallKB34957$\403599228\U\@000000c0 c:\windows\$NtUninstallKB34957$\403599228\U\@000000cb c:\windows\$NtUninstallKB34957$\403599228\U\@000000cf c:\windows\$NtUninstallKB34957$\403599228\U\@80000000 c:\windows\$NtUninstallKB34957$\403599228\U\@800000c0 c:\windows\$NtUninstallKB34957$\403599228\U\@800000cb c:\windows\$NtUninstallKB34957$\403599228\U\@800000cf c:\windows\assembly\GAC_MSIL\desktop.ini c:\windows\CSC\d6 c:\windows\system32\ c:\windows\system32\ezGOSvc.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_EZGOSVC -------\Service_ezGOSvc . . ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 ))))))))))))))))))))))))))))))) . . 2011-11-30 13:59 . 2011-11-30 13:59 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0E29285-D217-48AD-9866-5E5B93D56ABB}\MpKsl39723c1d.sys 2011-11-30 13:58 . 2011-11-30 13:58 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0E29285-D217-48AD-9866-5E5B93D56ABB}\offreg.dll 2011-11-30 00:23 . 2011-11-30 00:23 -------- d-----w- c:\documents and settings\User\Application Data\VSSaver 2011-11-30 00:16 . 2011-11-30 00:16 -------- d-----w- c:\program files\2Flyer(share2) 2011-11-29 22:09 . 2011-11-29 22:09 -------- d-----w- c:\program files\Mythicsoft 2011-11-29 21:36 . 2011-11-29 21:36 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys 2011-11-29 21:30 . 2011-11-29 21:30 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys.vir 2011-11-29 18:07 . 2011-10-07 03:48 6668624 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0E29285-D217-48AD-9866-5E5B93D56ABB}\mpengine.dll 2011-11-29 17:00 . 2011-11-30 13:53 -------- d-sh--w- c:\documents and settings\User\Local Settings\Application Data\180e6f7c 2011-11-29 16:33 . 2011-11-29 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Sibelius Software 2011-11-29 16:33 . 2011-11-29 17:05 -------- d-----w- c:\documents and settings\User\Application Data\Sibelius Software 2011-11-29 15:05 . 2011-11-29 18:51 -------- d-----w- c:\program files\Sibelius Software 2011-11-29 15:02 . 2011-11-29 15:02 -------- d--h--w- c:\windows\PIF 2011-11-29 11:06 . 2011-11-29 23:57 -------- d-----w- c:\documents and settings\User\Application Data\dvdcss 2011-11-27 11:49 . 2011-11-27 11:49 -------- d-sh--w- c:\windows\ftpcache 2011-11-11 12:07 . 2011-11-11 12:07 -------- d-----w- c:\documents and settings\User\Application Data\DVDVideoSoft 2011-11-10 14:33 . 2011-11-10 14:33 -------- d-----w- c:\documents and settings\User\Application Data\Individual Software 2011-11-10 14:14 . 1997-01-15 15:00 958224 ----a-w- c:\windows\system32\Mschart.ocx 2011-11-10 14:14 . 1998-06-23 15:00 82744 ----a-w- c:\windows\system32\Picclp32.ocx 2011-11-10 14:14 . 1998-06-23 15:00 203576 ----a-w- c:\windows\system32\Richtx32.ocx 2011-11-10 14:14 . 1998-06-23 15:00 137000 ----a-w- c:\windows\system32\Msmapi32.ocx 2011-11-10 14:10 . 1998-06-24 00:00 115016 ----a-w- c:\windows\system32\MSInet.ocx 2011-11-10 14:10 . 1998-02-12 01:00 158992 ----a-w- c:\windows\system32\ComCt232.ocx 2011-11-10 14:10 . 1996-12-11 00:00 46080 ----a-w- c:\windows\system32\MCIWNDX.OCX 2011-11-10 14:09 . 1999-05-05 08:32 286480 ----a-w- c:\windows\system32\Olemsg32.dll 2011-11-10 14:09 . 1998-05-30 15:00 72704 ----a-w- c:\windows\system32\Odbctl32.dll 2011-11-10 14:09 . 2000-04-27 08:07 262144 ----a-w- c:\windows\system32\Msrd2x35.dll 2011-11-10 14:09 . 1999-11-17 09:53 618496 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\DAO350.DLL 2011-11-10 14:09 . 1999-09-28 12:42 1050896 ----a-w- c:\windows\system32\Msjet35.dll 2011-11-10 14:09 . 1999-08-25 13:57 415504 ----a-w- c:\windows\system32\Msrepl35.dll 2011-11-10 14:09 . 1997-01-23 15:00 78608 ----a-w- c:\windows\system32\Vb5db.dll 2011-11-10 14:09 . 1997-01-12 23:00 37136 ----a-w- c:\windows\system32\Msjint35.dll 2011-11-10 14:09 . 1996-12-04 23:00 24336 ----a-w- c:\windows\system32\Msjter35.dll 2011-11-10 14:09 . 2011-11-10 14:33 -------- d-----w- c:\program files\ResumeMaker 2011-11-10 14:09 . 2011-11-10 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Individual Software 2011-11-09 16:42 . 2011-11-09 16:42 -------- d-----w- c:\program files\Sarm Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-29 21:30 . 2011-11-29 21:30 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys.org 2011-10-07 03:48 . 2010-02-12 14:36 6668624 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-10-06 15:05 . 2011-10-06 15:05 47104 ------w- c:\windows\AKDeInstall.exe 2011-10-06 15:03 . 2011-10-06 15:03 356352 ----a-w- c:\windows\eSellerateEngine.dll 2011-10-03 03:06 . 2010-05-02 07:36 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 00:37 . 2010-08-13 01:23 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-29 07:29 . 2011-07-15 15:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-17 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\documents and settings\User\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "nwiz"="nwiz.exe" [2008-05-16 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352] "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"= "c:\\Program Files\\Common Files\\Adobe AIR\\Versions\\1.0\\Adobe AIR Application Installer.exe"= "c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"= "c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"= "c:\\Documents and Settings\\User\\Application Data\\mjusbsp\\magicJack.exe"= . R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [21.1.2008 18:28 21512] R1 MpKsl39723c1d;MpKsl39723c1d;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0E29285-D217-48AD-9866-5E5B93D56ABB}\MpKsl39723c1d.sys [30.11.2011 14:59 28752] R2 DirectNT;DirectNT;c:\windows\system32\drivers\DirectNT.sys [1.10.2011 7:16 3424] S1 MpKsl31013a20;MpKsl31013a20;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E6CF96F6-1C3B-4E63-BA83-2A7F8658D574}\MpKsl31013a20.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E6CF96F6-1C3B-4E63-BA83-2A7F8658D574}\MpKsl31013a20.sys [?] S1 MpKsl325781b0;MpKsl325781b0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0E29285-D217-48AD-9866-5E5B93D56ABB}\MpKsl325781b0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0E29285-D217-48AD-9866-5E5B93D56ABB}\MpKsl325781b0.sys [?] S1 MpKsl35206f39;MpKsl35206f39;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66CEC830-56DD-40FF-83C5-3B409330CC01}\MpKsl35206f39.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66CEC830-56DD-40FF-83C5-3B409330CC01}\MpKsl35206f39.sys [?] S1 MpKsl4e1bfb53;MpKsl4e1bfb53;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66CEC830-56DD-40FF-83C5-3B409330CC01}\MpKsl4e1bfb53.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66CEC830-56DD-40FF-83C5-3B409330CC01}\MpKsl4e1bfb53.sys [?] S1 MpKsl7223cc1b;MpKsl7223cc1b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66CEC830-56DD-40FF-83C5-3B409330CC01}\MpKsl7223cc1b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66CEC830-56DD-40FF-83C5-3B409330CC01}\MpKsl7223cc1b.sys [?] S1 MpKsl846dd11b;MpKsl846dd11b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7369B7E3-111F-423F-945D-B18398118A65}\MpKsl846dd11b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7369B7E3-111F-423F-945D-B18398118A65}\MpKsl846dd11b.sys [?] S1 MpKsl875fc3bf;MpKsl875fc3bf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DADB798-0862-4026-8D0A-0F73D9575272}\MpKsl875fc3bf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DADB798-0862-4026-8D0A-0F73D9575272}\MpKsl875fc3bf.sys [?] S1 MpKsl92d1d616;MpKsl92d1d616;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E854842D-EF18-423F-B40E-EE3DA2F2197A}\MpKsl92d1d616.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E854842D-EF18-423F-B40E-EE3DA2F2197A}\MpKsl92d1d616.sys [?] S1 MpKsl96197c2f;MpKsl96197c2f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540D2D7F-756D-41E3-8177-3F137B0FE76A}\MpKsl96197c2f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540D2D7F-756D-41E3-8177-3F137B0FE76A}\MpKsl96197c2f.sys [?] S1 MpKslb7edfbd6;MpKslb7edfbd6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66CEC830-56DD-40FF-83C5-3B409330CC01}\MpKslb7edfbd6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66CEC830-56DD-40FF-83C5-3B409330CC01}\MpKslb7edfbd6.sys [?] S1 MpKslc300a403;MpKslc300a403;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39A5103E-AC6A-4093-AC3B-C6EF2FD0BF17}\MpKslc300a403.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39A5103E-AC6A-4093-AC3B-C6EF2FD0BF17}\MpKslc300a403.sys [?] S1 MpKslcdc2f86e;MpKslcdc2f86e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A65DF96B-A771-44A9-B144-F483847E4169}\MpKslcdc2f86e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A65DF96B-A771-44A9-B144-F483847E4169}\MpKslcdc2f86e.sys [?] S1 MpKsld3bb0e5e;MpKsld3bb0e5e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0596F08F-85DD-4E37-9428-903CEF093AF6}\MpKsld3bb0e5e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0596F08F-85DD-4E37-9428-903CEF093AF6}\MpKsld3bb0e5e.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.5.2010 16:22 136176] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [1.10.2011 10:19 20160] S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.5.2010 16:22 136176] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [21.1.2008 18:28 26248] S3 PAC207;Eye 110;c:\windows\system32\drivers\PFC027.SYS [22.2.2010 21:00 616064] . --- Other Services/Drivers In Memory --- . NewlyCreated - MPKSL39723C1D . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 . Contents of the 'Scheduled Tasks' folder . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 15:22] . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 15:22] . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1844823847-1606980848-1006Core.job - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-24 03:52] . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1844823847-1606980848-1006UA.job - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-24 03:52] . 2011-11-30 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ba/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2011-11-30 16:53 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3288-) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE . ************************************************************************ . Completion time: 2011-11-30 16:59:19 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-30 15:59 . Pre-Run: 10.975.145.984 bytes free Post-Run: 10.932.289.536 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 17046F6F5FEDD34489901205B950D4C6

Profil

Sass Drake Poslao: 30 Nov 2011 18:59 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Spakuj u ZIP ili RAR arhivu sledeći folder: C:\Qoobox\Quarantine i pošalji ga preko sledećeg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

no_fear Poslao: 30 Nov 2011 19:28 Idi na vrh
offline no_fear Građanin Pridružio: 27 Mar 2008 Poruke: 60	1Ovo se svidja korisniku: ThePhilosopher Registruj se da bi pohvalio/la poruku! Nakon combofix-a ne iskace mi vise upozorenje da ima virus, ali je racunar uzasno spor. Evo poslao sam i ovo. Hvala ti rodjace...

Profil

Sass Drake Poslao: 30 Nov 2011 20:57 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovo pokreni ComboFix i okači njegov izvještaj. Pošalji sljedeći fajl preko http://www.mycity.rs/ambulanta-upload.php : c:\windows\system32\wuauclt.exe

Profil

no_fear Poslao: 30 Nov 2011 21:12 Idi na vrh
offline no_fear Građanin Pridružio: 27 Mar 2008 Poruke: 60	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 11-11-30.01 - User 30.11.2011 18:53:55.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.1023.688 [GMT 1:00] Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe AV: Microsoft Security Essentials Disabled/Updated {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials Disabled/Updated {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\User\Start Menu\Internet Explorer.lnk . . ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 ))))))))))))))))))))))))))))))) . . 2011-11-30 17:33 . 2011-11-30 17:33 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0E29285-D217-48AD-9866-5E5B93D56ABB}\MpKsl0acc86a2.sys 2011-11-30 17:33 . 2011-11-30 17:33 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0E29285-D217-48AD-9866-5E5B93D56ABB}\offreg.dll 2011-11-30 00:23 . 2011-11-30 00:23 -------- d-----w- c:\documents and settings\User\Application Data\VSSaver 2011-11-30 00:16 . 2011-11-30 00:16 -------- d-----w- c:\program files\2Flyer(share2) 2011-11-29 22:09 . 2011-11-29 22:09 -------- d-----w- c:\program files\Mythicsoft 2011-11-29 21:36 . 2011-11-29 21:36 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys 2011-11-29 21:30 . 2011-11-29 21:30 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys.vir 2011-11-29 18:07 . 2011-10-07 03:48 6668624 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0E29285-D217-48AD-9866-5E5B93D56ABB}\mpengine.dll 2011-11-29 17:00 . 2011-11-30 13:53 -------- d-sh--w- c:\documents and settings\User\Local Settings\Application Data\180e6f7c 2011-11-29 16:33 . 2011-11-29 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Sibelius Software 2011-11-29 16:33 . 2011-11-29 17:05 -------- d-----w- c:\documents and settings\User\Application Data\Sibelius Software 2011-11-29 15:05 . 2011-11-29 18:51 -------- d-----w- c:\program files\Sibelius Software 2011-11-29 15:02 . 2011-11-29 15:02 -------- d--h--w- c:\windows\PIF 2011-11-29 11:06 . 2011-11-29 23:57 -------- d-----w- c:\documents and settings\User\Application Data\dvdcss 2011-11-27 11:49 . 2011-11-27 11:49 -------- d-sh--w- c:\windows\ftpcache 2011-11-11 12:07 . 2011-11-11 12:07 -------- d-----w- c:\documents and settings\User\Application Data\DVDVideoSoft 2011-11-10 14:33 . 2011-11-10 14:33 -------- d-----w- c:\documents and settings\User\Application Data\Individual Software 2011-11-10 14:14 . 1997-01-15 15:00 958224 ----a-w- c:\windows\system32\Mschart.ocx 2011-11-10 14:14 . 1998-06-23 15:00 82744 ----a-w- c:\windows\system32\Picclp32.ocx 2011-11-10 14:14 . 1998-06-23 15:00 203576 ----a-w- c:\windows\system32\Richtx32.ocx 2011-11-10 14:14 . 1998-06-23 15:00 137000 ----a-w- c:\windows\system32\Msmapi32.ocx 2011-11-10 14:10 . 1998-06-24 00:00 115016 ----a-w- c:\windows\system32\MSInet.ocx 2011-11-10 14:10 . 1998-02-12 01:00 158992 ----a-w- c:\windows\system32\ComCt232.ocx 2011-11-10 14:10 . 1996-12-11 00:00 46080 ----a-w- c:\windows\system32\MCIWNDX.OCX 2011-11-10 14:09 . 1999-05-05 08:32 286480 ----a-w- c:\windows\system32\Olemsg32.dll 2011-11-10 14:09 . 1998-05-30 15:00 72704 ----a-w- c:\windows\system32\Odbctl32.dll 2011-11-10 14:09 . 2000-04-27 08:07 262144 ----a-w- c:\windows\system32\Msrd2x35.dll 2011-11-10 14:09 . 1999-11-17 09:53 618496 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\DAO350.DLL 2011-11-10 14:09 . 1999-09-28 12:42 1050896 ----a-w- c:\windows\system32\Msjet35.dll 2011-11-10 14:09 . 1999-08-25 13:57 415504 ----a-w- c:\windows\system32\Msrepl35.dll 2011-11-10 14:09 . 1997-01-23 15:00 78608 ----a-w- c:\windows\system32\Vb5db.dll 2011-11-10 14:09 . 1997-01-12 23:00 37136 ----a-w- c:\windows\system32\Msjint35.dll 2011-11-10 14:09 . 1996-12-04 23:00 24336 ----a-w- c:\windows\system32\Msjter35.dll 2011-11-10 14:09 . 2011-11-10 14:33 -------- d-----w- c:\program files\ResumeMaker 2011-11-10 14:09 . 2011-11-10 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Individual Software 2011-11-09 16:42 . 2011-11-09 16:42 -------- d-----w- c:\program files\Sarm Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-29 21:30 . 2011-11-29 21:30 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys.org 2011-10-07 03:48 . 2010-02-12 14:36 6668624 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-10-06 15:05 . 2011-10-06 15:05 47104 ------w- c:\windows\AKDeInstall.exe 2011-10-06 15:03 . 2011-10-06 15:03 356352 ----a-w- c:\windows\eSellerateEngine.dll 2011-10-03 03:06 . 2010-05-02 07:36 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 00:37 . 2010-08-13 01:23 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-29 07:29 . 2011-07-15 15:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-17 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2011-11-30_15.53.40 ))))))))))))))))))))))))))))))))))))))))) . + 2011-11-30 17:32 . 2011-11-30 17:32 16384 c:\windows\Temp\Perflib_Perfdata_6cc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\documents and settings\User\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "nwiz"="nwiz.exe" [2008-05-16 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352] "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"= "c:\\Program Files\\Common Files\\Adobe AIR\\Versions\\1.0\\Adobe AIR Application Installer.exe"= "c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"= "c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"= "c:\\Documents and Settings\\User\\Application Data\\mjusbsp\\magicJack.exe"= . R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [21.1.2008 18:28 21512] R1 MpKsl0acc86a2;MpKsl0acc86a2;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0E29285-D217-48AD-9866-5E5B93D56ABB}\MpKsl0acc86a2.sys [30.11.2011 18:33 28752] R2 DirectNT;DirectNT;c:\windows\system32\drivers\DirectNT.sys [1.10.2011 7:16 3424] S1 MpKsl31013a20;MpKsl31013a20;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E6CF96F6-1C3B-4E63-BA83-2A7F8658D574}\MpKsl31013a20.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E6CF96F6-1C3B-4E63-BA83-2A7F8658D574}\MpKsl31013a20.sys [?] S1 MpKsl325781b0;MpKsl325781b0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0E29285-D217-48AD-9866-5E5B93D56ABB}\MpKsl325781b0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0E29285-D217-48AD-9866-5E5B93D56ABB}\MpKsl325781b0.sys [?] S1 MpKsl35206f39;MpKsl35206f39;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66CEC830-56DD-40FF-83C5-3B409330CC01}\MpKsl35206f39.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66CEC830-56DD-40FF-83C5-3B409330CC01}\MpKsl35206f39.sys [?] S1 MpKsl4e1bfb53;MpKsl4e1bfb53;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66CEC830-56DD-40FF-83C5-3B409330CC01}\MpKsl4e1bfb53.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66CEC830-56DD-40FF-83C5-3B409330CC01}\MpKsl4e1bfb53.sys [?] S1 MpKsl7223cc1b;MpKsl7223cc1b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66CEC830-56DD-40FF-83C5-3B409330CC01}\MpKsl7223cc1b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66CEC830-56DD-40FF-83C5-3B409330CC01}\MpKsl7223cc1b.sys [?] S1 MpKsl846dd11b;MpKsl846dd11b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7369B7E3-111F-423F-945D-B18398118A65}\MpKsl846dd11b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7369B7E3-111F-423F-945D-B18398118A65}\MpKsl846dd11b.sys [?] S1 MpKsl875fc3bf;MpKsl875fc3bf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DADB798-0862-4026-8D0A-0F73D9575272}\MpKsl875fc3bf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DADB798-0862-4026-8D0A-0F73D9575272}\MpKsl875fc3bf.sys [?] S1 MpKsl92d1d616;MpKsl92d1d616;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E854842D-EF18-423F-B40E-EE3DA2F2197A}\MpKsl92d1d616.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E854842D-EF18-423F-B40E-EE3DA2F2197A}\MpKsl92d1d616.sys [?] S1 MpKsl96197c2f;MpKsl96197c2f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540D2D7F-756D-41E3-8177-3F137B0FE76A}\MpKsl96197c2f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540D2D7F-756D-41E3-8177-3F137B0FE76A}\MpKsl96197c2f.sys [?] S1 MpKslb7edfbd6;MpKslb7edfbd6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66CEC830-56DD-40FF-83C5-3B409330CC01}\MpKslb7edfbd6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66CEC830-56DD-40FF-83C5-3B409330CC01}\MpKslb7edfbd6.sys [?] S1 MpKslc300a403;MpKslc300a403;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39A5103E-AC6A-4093-AC3B-C6EF2FD0BF17}\MpKslc300a403.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39A5103E-AC6A-4093-AC3B-C6EF2FD0BF17}\MpKslc300a403.sys [?] S1 MpKslcdc2f86e;MpKslcdc2f86e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A65DF96B-A771-44A9-B144-F483847E4169}\MpKslcdc2f86e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A65DF96B-A771-44A9-B144-F483847E4169}\MpKslcdc2f86e.sys [?] S1 MpKsld3bb0e5e;MpKsld3bb0e5e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0596F08F-85DD-4E37-9428-903CEF093AF6}\MpKsld3bb0e5e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0596F08F-85DD-4E37-9428-903CEF093AF6}\MpKsld3bb0e5e.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.5.2010 16:22 136176] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [1.10.2011 10:19 20160] S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9.5.2010 16:22 136176] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [21.1.2008 18:28 26248] S3 PAC207;Eye 110;c:\windows\system32\drivers\PFC027.SYS [22.2.2010 21:00 616064] . --- Other Services/Drivers In Memory --- . NewlyCreated - MPKSL0ACC86A2 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 . Contents of the 'Scheduled Tasks' folder . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 15:22] . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 15:22] . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1844823847-1606980848-1006Core.job - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-24 03:52] . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1844823847-1606980848-1006UA.job - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-24 03:52] . 2011-11-30 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ba/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2011-11-30 19:01 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . Completion time: 2011-11-30 19:05:08 ComboFix-quarantined-files.txt 2011-11-30 18:05 ComboFix2.txt 2011-11-30 15:59 . Pre-Run: 10.963.845.120 bytes free Post-Run: 10.949.959.680 bytes free . - - End Of File - - F4EC7333AC380F10B4BECCD06529B431

Profil

Sass Drake Poslao: 30 Nov 2011 21:58 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	1Ovo se svidja korisniku: ThePhilosopher Registruj se da bi pohvalio/la poruku! Otvori Notepad i kopiraj sljedeći tekst: `move "C:\Qoobox\Quarantine\C\WINDOWS\system32\ezgosvc.dll.vir" "C:\WINDOWS\system32\ezgosvc.dll" reg import "C:\Qoobox\Quarantine\Registry_backups\Service_ezgosvc.reg.dat" pause` i snimi ga na Desktop pod imenom restore.bat Obrati pažnju na ekstenziju .bat Zatim pokreni restore.bat i prije nego što odradiš „Press any key to continue” provjeri da li je igdje prijavljena greška i ako jeste, reci. Da li ti MSE prijavljuje još nešto i da li je još sistem usporen?

Profil

no_fear Poslao: 30 Nov 2011 23:37 Idi na vrh
offline no_fear Građanin Pridružio: 27 Mar 2008 Poruke: 60	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 30 Nov 2011 22:54 Koliko vidim, nema error-a: a MSE ne ocitava prisustvo virusa. I, usporen je, jos uvijek. Dopuna: 30 Nov 2011 23:37 Ovo je pokazao poslednji scan:

Profil

Sass Drake Poslao: 01 Dec 2011 12:07 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Možeš li uslikati i drugu stavku u tom prozoru? Prvu možeš slobodno obrisati.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Trojan:Win32/Sirefef.S

Ko je trenutno na forumu

Ukupno su 917 korisnika na forumu :: 16 registrovanih, 2 sakrivenih i 899 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, _Sale, A.R.Chafee.Jr., bobomicek, dekan.m, Dimitrise93, Koridor, Milos82, Mixelotti, mnn2, mrav pesadinac, novator, paja69, shaja1, vathra, zziko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by