MyCity » Ambulanta -> Arhiva Ambulante » AdobeR.exe infekcija, potrebna pomoc

AdobeR.exe infekcija, potrebna pomoc

Napisano na dan: 9.4.2009

AdobeR.exe infekcija, potrebna pomoc

Sledeća strana

Pagination

Odgovori

50nE Poslao: 09 Apr 2009 13:49 Idi na vrh
offline 50nE Građanin Pridružio: 01 Nov 2008 Poruke: 87 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:48:35, on 4/9/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe C:\WINDOWS\AdobeR.exe D:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Documents and Settings\XP\Start Menu\Programs\Startup\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\XP\Desktop\asasawdasfsjgdfjhdjhfjfjkflhjfjhhj\asasasasa.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Active Desktop Calendar] E:\XemiComputers\Active Desktop Calendar\ADC.exe O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{CA759D97-7E0A-4076-A1A4-0D1018F91656}: NameServer = 212.200.191.166,212.200.190.166 O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- End of file - 5958 bytes

Profil

DEMIAN Poslao: 09 Apr 2009 14:02 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, Otvori AVG 8 Control Center (desni klik na AVG ikonicu ( ) u donjem, desnom uglu ekrana, stavka Open AVG User Interface). * Kada se pokrene AVG Control Center, dvoklikni na Resident Shield komponentu. * U prozoru koji se otvori, deštikliraj opciju Resident Shield active i klikni Save changes. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. -------------- Zatim skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

50nE Poslao: 09 Apr 2009 16:37 Idi na vrh
offline 50nE Građanin Pridružio: 01 Nov 2008 Poruke: 87 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav,uradio sam kako sam mi rekao.... Sta dalje??? (Unapred hvala). ComboFix 09-04-04.01 - XP 2009-04-09 16:26:05.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.52 [GMT 2:00] Running from: c:\documents and settings\XP\Desktop\ComboFix.exe AV: AVG Anti-Virus 7.0.308 On-access scanning disabled (Outdated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\2.bat C:\a1agmur.cmd C:\autorun.inf C:\dbrxubcw.com c:\docume~1\XP\LOCALS~1\Temp\tmp1.tmp c:\docume~1\XP\LOCALS~1\Temp\tmp2.tmp c:\documents and settings\XP\ravmonlog c:\documents and settings\XP\Start Menu\Programs\Startup\ctfmon.exe C:\em8tqm.cmd C:\gyn.cmd C:\jm3cx96.bat C:\minm.cmd C:\o.exe c:\program files\Internet Explorer\ws2help.dll c:\recycled\Recycled c:\recycled\Recycled\ctfmon.exe C:\u.com C:\upw.bat C:\uxkl0apt.bat c:\windows\adober.exe c:\windows\IE4 Error Log.txt c:\windows\system32\gasretyw0.dll c:\windows\system32\gasretyw1.dll c:\windows\system32\kamsoft.exe c:\windows\system32\nmdfgds0.dll c:\windows\system32\nmdfgds1.dll c:\windows\system32\olhrwef.exe C:\yh.cmd D:\2.bat D:\a1agmur.cmd D:\Autorun.inf D:\dbrxubcw.com D:\em8tqm.cmd D:\gyn.cmd D:\jm3cx96.bat D:\minm.cmd D:\u.com D:\upw.bat D:\uxkl0apt.bat D:\yh.cmd . ((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 ))))))))))))))))))))))))))))))) . 2009-04-06 20:04 . 2009-04-08 18:55 109,396 -r-hs---- C:\1ogf.exe 2009-04-02 22:51 . 2009-04-03 21:02 110,157 -r-hs---- C:\cqxj.exe 2009-04-01 21:12 . 2009-04-01 21:11 108,083 -r-hs---- C:\o3n9k.com 2009-03-31 00:26 . 2009-03-31 00:26 268 --ah----- C:\sqmdata00.sqm 2009-03-31 00:26 . 2009-03-31 00:26 244 --ah----- C:\sqmnoopt00.sqm 2009-03-28 20:20 . 2009-03-31 00:27 110,838 -r-hs---- C:\0bcobed.exe 2009-03-28 20:17 . 2009-03-28 20:17 <DIR> d--hs---- C:\found.000 2009-03-19 20:47 . 2009-03-19 20:47 <DIR> d-------- c:\program files\Cheating-Death 2009-03-19 20:43 . 2009-03-19 20:45 <DIR> d-------- c:\program files\Counter-Strike 1.6 2009-03-18 15:38 . 2009-03-18 15:38 110,053 -r-hs---- C:\q0dhfjf.exe 2009-03-16 14:46 . 2009-03-16 17:01 111,363 -r-hs---- C:\luk1ylq.com 2009-03-12 19:29 . 2009-03-12 19:28 108,968 -r-hs---- C:\xdw.com 2009-03-10 19:53 . 2009-03-11 19:54 107,190 -r-hs---- C:\cb.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-10 10:19 --------- d-----w c:\documents and settings\All Users\Application Data\AVG7 2009-03-09 10:43 108,664 --sh--r C:\i.com 2009-03-08 21:44 --------- d-----w c:\program files\Google 2009-03-03 14:07 --------- d-----w c:\program files\MSXML 4.0 2009-03-02 19:59 --------- d-----w c:\documents and settings\XP\Application Data\Talkback 2009-03-02 19:53 --------- d-----w c:\program files\Common Files\xing shared 2009-03-02 19:53 --------- d-----w c:\program files\Common Files\Real 2009-03-02 19:51 --------- d-----w c:\program files\Real 2009-03-02 19:27 --------- d-----w c:\program files\MSN Messenger 2009-03-02 19:26 --------- d-----w c:\program files\Chec 2009-03-02 19:20 --------- d-----w c:\program files\Opera 2009-03-01 11:52 --------- d-----w c:\documents and settings\XP\Application Data\SumatraPDF 2009-02-10 20:24 --------- d-----w c:\program files\Counter-Strike 2009-04-05 19:15 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-04-05 19:15 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-04-05 19:15 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-04-05 19:15 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-04-05 19:15 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2006-12-11 11:25 56 --sh--r c:\windows\system32\12B8CEAF74.sys 2006-12-11 11:25 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016] "AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2006-12-11 347136] "AVG7_EMC"="c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe" [2006-12-11 271872] "AGRSMMSG"="AGRSMMSG.exe" [2002-01-15 c:\windows\AGRSMMSG.exe] "SoundMan"="SOUNDMAN.EXE" [2005-12-14 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] "AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2006-12-11 148992] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSVIDEO"= pctvcap.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.HFYU"= huffyuv.dll "vidc.ffds"= c:\program files\ffdshow\ffdshow.ax "VIDC.ACDV"= ACDV.dll "vidc.vp31"= vp31vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2005-11-09 00:00 128920 d:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 13:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVRemote] --------- 2002-01-28 20:12 61440 c:\program files\Pinnacle\Pinnacle PCTV\Remote\remoterm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-08-09 12:45 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2009-03-02 21:52 198160 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2006-05-25 19:35 35328 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "18871:TCP"= 18871:TCP:NortonAV "14667:TCP"= 14667:TCP:NortonAV "18792:TCP"= 18792:TCP:NortonAV "16478:TCP"= 16478:TCP:NortonAV "13590:TCP"= 13590:TCP:NortonAV "13319:TCP"= 13319:TCP:NortonAV "12521:TCP"= 12521:TCP:NortonAV "13464:TCP"= 13464:TCP:NortonAV "17330:TCP"= 17330:TCP:NortonAV "17958:TCP"= 17958:TCP:NortonAV "13685:TCP"= 13685:TCP:NortonAV "12687:TCP"= 12687:TCP:NortonAV "17401:TCP"= 17401:TCP:NortonAV "12942:TCP"= 12942:TCP:NortonAV "17929:TCP"= 17929:TCP:NortonAV "17667:TCP"= 17667:TCP:NortonAV "14098:TCP"= 14098:TCP:NortonAV "17379:TCP"= 17379:TCP:NortonAV "18205:TCP"= 18205:TCP:NortonAV "18539:TCP"= 18539:TCP:NortonAV "16916:TCP"= 16916:TCP:NortonAV "12825:TCP"= 12825:TCP:NortonAV "17034:TCP"= 17034:TCP:NortonAV "12629:TCP"= 12629:TCP:NortonAV "17872:TCP"= 17872:TCP:NortonAV "17268:TCP"= 17268:TCP:NortonAV "18271:TCP"= 18271:TCP:NortonAV "18785:TCP"= 18785:TCP:NortonAV "17441:TCP"= 17441:TCP:NortonAV "14998:TCP"= 14998:TCP:NortonAV "15685:TCP"= 15685:TCP:NortonAV "17145:TCP"= 17145:TCP:NortonAV "12444:TCP"= 12444:TCP:NortonAV "14069:TCP"= 14069:TCP:NortonAV "12720:TCP"= 12720:TCP:NortonAV "12955:TCP"= 12955:TCP:NortonAV "16379:TCP"= 16379:TCP:NortonAV "14328:TCP"= 14328:TCP:NortonAV "12187:TCP"= 12187:TCP:NortonAV "14622:TCP"= 14622:TCP:NortonAV "16169:TCP"= 16169:TCP:NortonAV "14750:TCP"= 14750:TCP:NortonAV "16773:TCP"= 16773:TCP:NortonAV "15471:TCP"= 15471:TCP:NortonAV "16109:TCP"= 16109:TCP:NortonAV "13658:TCP"= 13658:TCP:NortonAV "14157:TCP"= 14157:TCP:NortonAV "17181:TCP"= 17181:TCP:NortonAV "14382:TCP"= 14382:TCP:NortonAV "17292:TCP"= 17292:TCP:NortonAV "15805:TCP"= 15805:TCP:NortonAV "15866:TCP"= 15866:TCP:NortonAV "15387:TCP"= 15387:TCP:NortonAV "17523:TCP"= 17523:TCP:NortonAV "17768:TCP"= 17768:TCP:NortonAV "13316:TCP"= 13316:TCP:NortonAV "15332:TCP"= 15332:TCP:NortonAV "14995:TCP"= 14995:TCP:NortonAV "13668:TCP"= 13668:TCP:NortonAV "17386:TCP"= 17386:TCP:NortonAV "12910:TCP"= 12910:TCP:NortonAV "13375:TCP"= 13375:TCP:NortonAV "16928:TCP"= 16928:TCP:NortonAV "17211:TCP"= 17211:TCP:NortonAV "18051:TCP"= 18051:TCP:NortonAV "15313:TCP"= 15313:TCP:NortonAV "18138:TCP"= 18138:TCP:NortonAV "16480:TCP"= 16480:TCP:NortonAV "17171:TCP"= 17171:TCP:NortonAV "13743:TCP"= 13743:TCP:NortonAV "14364:TCP"= 14364:TCP:NortonAV "15022:TCP"= 15022:TCP:NortonAV "12095:TCP"= 12095:TCP:NortonAV "12428:TCP"= 12428:TCP:NortonAV "15669:TCP"= 15669:TCP:NortonAV "17757:TCP"= 17757:TCP:NortonAV "14968:TCP"= 14968:TCP:NortonAV "17290:TCP"= 17290:TCP:NortonAV "16643:TCP"= 16643:TCP:NortonAV "16638:TCP"= 16638:TCP:NortonAV "18786:TCP"= 18786:TCP:NortonAV "12573:TCP"= 12573:TCP:NortonAV "16814:TCP"= 16814:TCP:NortonAV "15004:TCP"= 15004:TCP:NortonAV "18351:TCP"= 18351:TCP:NortonAV "18969:TCP"= 18969:TCP:NortonAV "18339:TCP"= 18339:TCP:NortonAV "18831:TCP"= 18831:TCP:NortonAV "16802:TCP"= 16802:TCP:NortonAV "14445:TCP"= 14445:TCP:NortonAV "13161:TCP"= 13161:TCP:NortonAV "13452:TCP"= 13452:TCP:NortonAV "13357:TCP"= 13357:TCP:NortonAV "14523:TCP"= 14523:TCP:NortonAV "18942:TCP"= 18942:TCP:NortonAV "18602:TCP"= 18602:TCP:NortonAV "16838:TCP"= 16838:TCP:NortonAV "15752:TCP"= 15752:TCP:NortonAV "16144:TCP"= 16144:TCP:NortonAV "17987:TCP"= 17987:TCP:NortonAV "13065:TCP"= 13065:TCP:NortonAV "15880:TCP"= 15880:TCP:NortonAV "12642:TCP"= 12642:TCP:NortonAV "17756:TCP"= 17756:TCP:NortonAV "18890:TCP"= 18890:TCP:NortonAV "16768:TCP"= 16768:TCP:NortonAV "18103:TCP"= 18103:TCP:NortonAV "14764:TCP"= 14764:TCP:NortonAV "13560:TCP"= 13560:TCP:NortonAV "15111:TCP"= 15111:TCP:NortonAV "13791:TCP"= 13791:TCP:NortonAV "13662:TCP"= 13662:TCP:NortonAV "16579:TCP"= 16579:TCP:NortonAV "15798:TCP"= 15798:TCP:NortonAV "16611:TCP"= 16611:TCP:NortonAV "14740:TCP"= 14740:TCP:NortonAV "14342:TCP"= 14342:TCP:NortonAV "18243:TCP"= 18243:TCP:NortonAV "12618:TCP"= 12618:TCP:NortonAV "16648:TCP"= 16648:TCP:NortonAV "12491:TCP"= 12491:TCP:NortonAV "15333:TCP"= 15333:TCP:NortonAV "18637:TCP"= 18637:TCP:NortonAV "12601:TCP"= 12601:TCP:NortonAV "14082:TCP"= 14082:TCP:NortonAV "15565:TCP"= 15565:TCP:NortonAV "12155:TCP"= 12155:TCP:NortonAV "15628:TCP"= 15628:TCP:NortonAV "18783:TCP"= 18783:TCP:NortonAV "12935:TCP"= 12935:TCP:NortonAV "17748:TCP"= 17748:TCP:NortonAV "16205:TCP"= 16205:TCP:NortonAV "17527:TCP"= 17527:TCP:NortonAV "12383:TCP"= 12383:TCP:NortonAV "12744:TCP"= 12744:TCP:NortonAV "12735:TCP"= 12735:TCP:NortonAV "15360:TCP"= 15360:TCP:NortonAV "13429:TCP"= 13429:TCP:NortonAV "13287:TCP"= 13287:TCP:NortonAV "15799:TCP"= 15799:TCP:NortonAV "12277:TCP"= 12277:TCP:NortonAV "18259:TCP"= 18259:TCP:NortonAV "18826:TCP"= 18826:TCP:NortonAV "14139:TCP"= 14139:TCP:NortonAV "18355:TCP"= 18355:TCP:NortonAV "14171:TCP"= 14171:TCP:NortonAV "13445:TCP"= 13445:TCP:NortonAV "17734:TCP"= 17734:TCP:NortonAV "14997:TCP"= 14997:TCP:NortonAV "15145:TCP"= 15145:TCP:NortonAV "18911:TCP"= 18911:TCP:NortonAV "15947:TCP"= 15947:TCP:NortonAV "14390:TCP"= 14390:TCP:NortonAV "16074:TCP"= 16074:TCP:NortonAV "17868:TCP"= 17868:TCP:NortonAV "16035:TCP"= 16035:TCP:NortonAV "13530:TCP"= 13530:TCP:NortonAV "12962:TCP"= 12962:TCP:NortonAV "14975:TCP"= 14975:TCP:NortonAV "18589:TCP"= 18589:TCP:NortonAV "17554:TCP"= 17554:TCP:NortonAV "12447:TCP"= 12447:TCP:NortonAV "18013:TCP"= 18013:TCP:NortonAV "14153:TCP"= 14153:TCP:NortonAV "14659:TCP"= 14659:TCP:NortonAV "18750:TCP"= 18750:TCP:NortonAV "13997:TCP"= 13997:TCP:NortonAV "13204:TCP"= 13204:TCP:NortonAV "18794:TCP"= 18794:TCP:NortonAV "17657:TCP"= 17657:TCP:NortonAV "12933:TCP"= 12933:TCP:NortonAV "18139:TCP"= 18139:TCP:NortonAV "12759:TCP"= 12759:TCP:NortonAV "13700:TCP"= 13700:TCP:NortonAV "17573:TCP"= 17573:TCP:NortonAV "12217:TCP"= 12217:TCP:NortonAV "17374:TCP"= 17374:TCP:NortonAV "17411:TCP"= 17411:TCP:NortonAV "17076:TCP"= 17076:TCP:NortonAV "18072:TCP"= 18072:TCP:NortonAV "17187:TCP"= 17187:TCP:NortonAV "17819:TCP"= 17819:TCP:NortonAV "13384:TCP"= 13384:TCP:NortonAV "17564:TCP"= 17564:TCP:NortonAV "12352:TCP"= 12352:TCP:NortonAV "18129:TCP"= 18129:TCP:NortonAV "16683:TCP"= 16683:TCP:NortonAV "13393:TCP"= 13393:TCP:NortonAV "13642:TCP"= 13642:TCP:NortonAV "13091:TCP"= 13091:TCP:NortonAV "14189:TCP"= 14189:TCP:NortonAV "16871:TCP"= 16871:TCP:NortonAV "13421:TCP"= 13421:TCP:NortonAV "16269:TCP"= 16269:TCP:NortonAV "16386:TCP"= 16386:TCP:NortonAV "15050:TCP"= 15050:TCP:NortonAV "18371:TCP"= 18371:TCP:NortonAV "16063:TCP"= 16063:TCP:NortonAV "13180:TCP"= 13180:TCP:NortonAV "17754:TCP"= 17754:TCP:NortonAV "14976:TCP"= 14976:TCP:NortonAV "16510:TCP"= 16510:TCP:NortonAV "16502:TCP"= 16502:TCP:NortonAV "16365:TCP"= 16365:TCP:NortonAV "18803:TCP"= 18803:TCP:NortonAV "14031:TCP"= 14031:TCP:NortonAV "14247:TCP"= 14247:TCP:NortonAV "12235:TCP"= 12235:TCP:NortonAV "16191:TCP"= 16191:TCP:NortonAV "17134:TCP"= 17134:TCP:NortonAV "14830:TCP"= 14830:TCP:NortonAV "12169:TCP"= 12169:TCP:NortonAV "15729:TCP"= 15729:TCP:NortonAV "17938:TCP"= 17938:TCP:NortonAV "15965:TCP"= 15965:TCP:NortonAV "16602:TCP"= 16602:TCP:NortonAV "16911:TCP"= 16911:TCP:NortonAV "14054:TCP"= 14054:TCP:NortonAV "15374:TCP"= 15374:TCP:NortonAV "16598:TCP"= 16598:TCP:NortonAV "14759:TCP"= 14759:TCP:NortonAV "12551:TCP"= 12551:TCP:NortonAV "16721:TCP"= 16721:TCP:NortonAV "18162:TCP"= 18162:TCP:NortonAV "18606:TCP"= 18606:TCP:NortonAV "17490:TCP"= 17490:TCP:NortonAV "15146:TCP"= 15146:TCP:NortonAV "18015:TCP"= 18015:TCP:NortonAV "17514:TCP"= 17514:TCP:NortonAV "14944:TCP"= 14944:TCP:NortonAV "17719:TCP"= 17719:TCP:NortonAV "18864:TCP"= 18864:TCP:NortonAV "14457:TCP"= 14457:TCP:NortonAV "18037:TCP"= 18037:TCP:NortonAV R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336] R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2006-12-12 6369] S1 pctvNT;Studio PCTV;c:\windows\system32\drivers\pctvw2k.sys [2006-12-11 42448] S4 Netsnasnxip;Netsnasnxip; [x] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eedd377-0027-11dd-99fa-0016e66356b1}] \Shell\AutoRun\command - G:\whi.com \Shell\explore\Command - G:\whi.com \Shell\open\Command - G:\whi.com . - - - - ORPHANS REMOVED - - - - HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe MSConfigStartUp-Active Desktop Calendar - e:\xemicomputers\Active Desktop Calendar\ADC.exe MSConfigStartUp-RavAV - c:\windows\AdobeR.exe . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {CA759D97-7E0A-4076-A1A4-0D1018F91656} = 212.200.191.166,212.200.190.166 FF - ProfilePath - c:\documents and settings\XP\Application Data\Mozilla\Firefox\Profiles\grf34stu.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: network.proxy.type - 2 FF - component: c:\progra~1\MOZILL~1\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll FF - component: c:\progra~1\MOZILL~1\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-09 16:30:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE . ************************************************************************ . Completion time: 2009-04-09 16:34:03 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-09 14:33:59 Pre-Run: 554,070,016 bytes free Post-Run: 1,383,776,256 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 439 --- E O F --- 2009-03-11 19:23:25

Profil

DEMIAN Poslao: 09 Apr 2009 19:49 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Za početak, preuzmi i pokreni ovaj program. http://amf.mycity.rs/personal/dr_Bora/Win32.Rjump_Port_Exception_Cleaner.exe Kada izbaci poruku da je završio ići ćeš na drugi korak. Otvori Notepad i iskopiraj sledeci tekst: `File:: C:\i.com C:\1ogf.exe C:\cqxj.exe C:\o3n9k.com C:\0bcobed.exe C:\q0dhfjf.exe C:\luk1ylq.com C:\xdw.com C:\cb.exe Driver:: Netsnasnxip Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eedd377-0027-11dd-99fa-0016e66356b1}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

50nE Poslao: 21 Apr 2009 15:43 Idi na vrh
offline 50nE Građanin Pridružio: 01 Nov 2008 Poruke: 87 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Demian,hvala na velikoj pomoci. Sad radi komp kao sat.! Nije moj,nego sestrin...! Velika infekcija koliko vidim! Hvala jos jednom!

Profil

DEMIAN Poslao: 21 Apr 2009 22:02 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nije baš toliko velika infekcija kakvih zna da ima. Za nju je bitnije to što se prenosi preko USB uređaja.. Ne pratiš proceduru koju ovde praktikujemo tako da ti ne dajem garancije da je taj PC čist. Ako pak ti stručno ceniš da je sa njenim računarom sve kako treba onda ti ostaje još da samo ispratiš donje uputstvo.. --------------------------- Deinstalacija ComboFix-a: Klikni START a zatim RUN. U liniju za unos teksta ukucaj (iskopiraj) sledeće: Combofix /u a zatim klikni OK. Sačekaj da se proces deinstalacije završi. To je to..

Profil

MyCity » Ambulanta -> Arhiva Ambulante » AdobeR.exe infekcija, potrebna pomoc

Ko je trenutno na forumu

Ukupno su 1125 korisnika na forumu :: 50 registrovanih, 7 sakrivenih i 1068 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., aleksmajstor, Apok, babaroga, Battlehammer, bestguarder, bojank, Boris90, BRATORIII, ccoogg123, Dimitrise93, dmdr, dragoljub11987, flash12, Frunze, Georgius, goxin, ikan, ILGromovnik, janbo, Karla, kjkszpj, Koridor 11, Lošmi, Marko Marković, MB120mm, Mi lao shu, milutin134, nemkea71, Neutral-M, nuke92, ObelixSRB, opt1, Parker, raso7, RJ, sasa87, sevenino, shone34, Smiljke, Srky Boy, Tvrtko I, uruk, vathra, voja64, W123, wizzardone, wolf431, 1107

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by