Možda tražite i:
Jedan od losih dana Malwarebytes Anti-Malware-a
Malwarebytes' Anti-Malware
Malwarebytes Anti-Malware Mobile

MyCity » Ambulanta -> Arhiva Ambulante » Gadan Malware

Gadan Malware

Napisano na dan: 7.1.2012

Strana:
1
2

Gadan Malware

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Srki94 Poslao: 07 Jan 2012 10:38 Idi na vrh
offline Srki94 Mod u pemziji Pridružio: 14 Feb 2008 Poruke: 12391	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Brat je pokupio neki gadan malware. Malware piše poruke preko FB-a i MSN-a drugim ljudima, onemogućio mu je pristup e-mailu te nismo mogli ni nalog ovde da kreiramo takođe sve linkove redirektuje na drugi sajt tako da nismo ni programe mogli da skinemo za skeniranje. Srećom imam fleš te sam skinuo kod mene fajlove i skenirao komp kod njega, koristio sam mcshield da se ne bih zarazio. Primer ovog četa, čet log : https://www.mycity.rs/must-login.png Skinuo sam link iz dokumenta u slučaju da neko od korisnika otvori taj txt. Pitao sam ga da li je možda kliknuo na YT link koji je tražio da instalira flash player, kaže da nije. Isključio sam ethernet kabl da se zaraza ne bi širila dalje jer su nam umreženi računari. Ko zna šta je pokupio 4mb/s kablovski AVG 2012 Free Online Armor MCShield Evo logova : DDS . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 Run by Niki at 0:52:18 on 2012-01-07 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.1428 [GMT -8:00] . AV: AVG Anti-Virus Free Edition 2012 Enabled/Updated {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 Enabled/Updated {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Online Armor Firewall Enabled {32E71E58-6AAE-2557-2ABD-EA739069CE41} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Online Armor\OAcat.exe C:\Program Files\Online Armor\oasrv.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Online Armor\oaui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\713xRMT.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Online Armor\OAhlp.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted D:\Program Files\DAEMON Tools Lite\DTLite.exe D:\Program Files\TV Expert\ADTVScheduleAgent.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Windows\system32\SearchIndexer.exe C:\Users\Niki\AppData\Roaming\MegaCloud\MegaCloud.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\WinRAR\WinRAR.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://home.speedbit.com/?aff=105 mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.22\AVG Secure Search_toolbar.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.22\AVG Secure Search_toolbar.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\DTLite.exe" -autorun mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TV Card Remote Control Device Monitor] c:\windows\713xRMT.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start StartupFolder: c:\users\niki\appdata\roaming\micros~1\windows\startm~1\programs\startup\megacl~1.lnk - c:\users\niki\appdata\roaming\megacloud\MegaCloud.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tvexpe~1.lnk - d:\program files\tv expert\ADTVScheduleAgent.exe mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\dap\dapextie.htm IE: Download &all with DAP - c:\program files\dap\dapextie2.htm IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 178.79.22.6 178.79.0.3 TCP: Interfaces\{02B74EA4-0375-48EF-89B9-EFDB062C1425} : DhcpNameServer = 178.79.22.6 178.79.0.3 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~1\oaevent.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\niki\appdata\roaming\mozilla\firefox\profiles\o1xdr72p.default\ FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=106&q= FF - prefs.js: browser.search.selectedEngine - SpeedBit Search FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=105 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q= FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\users\niki\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-12-14 239168] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-11-14 205864] R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-11-14 40296] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-11-14 25192] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-14 2253120] R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2011-11-14 207936] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248] R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2011-11-14 4363040] R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-19 869216] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-11-14 139880] R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2011-11-14 29312] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336] . =============== Created Last 30 ================ . 2012-01-05 11:00:45 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll 2012-01-05 11:00:44 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll 2012-01-05 11:00:44 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll 2012-01-05 11:00:44 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll 2012-01-04 23:35:50 -------- d-----w- c:\program files\Conduit 2012-01-04 23:35:42 -------- d-----w- c:\users\niki\appdata\local\Conduit 2012-01-04 23:35:40 -------- d-----w- c:\program files\uTorrentBar 2012-01-04 23:34:18 -------- d-----w- c:\users\niki\appdata\roaming\uTorrent 2012-01-03 18:12:11 -------- d-----w- c:\windows\Farm Frenzy 3 2012-01-03 18:11:24 -------- d-----w- c:\windows\Farm Frenzy Pizza Party 2012-01-03 18:11:22 -------- d-----w- c:\programdata\AlawarWrapper 2012-01-03 18:10:36 -------- d-----w- c:\program files\Alawar 2012-01-03 18:08:51 -------- d-----w- c:\windows\Farm Frenzy 2 2012-01-03 15:28:27 -------- d-----w- c:\users\niki\appdata\local\playlogic 2012-01-03 13:04:05 637952 ----a-w- c:\windows\is-5UAA5.exe 2012-01-03 13:03:54 94480 ----a-w- c:\windows\system32\msjro.dll 2012-01-03 13:03:51 -------- d-----w- c:\program files\Artwork Develop 2012-01-03 12:56:24 -------- d-----w- c:\programdata\SpeedBit 2012-01-03 12:56:18 -------- d-----w- c:\program files\common files\SpeedBit 2012-01-03 12:56:16 84480 ----a-w- c:\windows\system32\EasyHook32.dll 2012-01-03 12:56:16 109216 ----a-w- c:\windows\system32\EasyHook64.dll 2012-01-03 12:56:12 -------- d-----w- c:\program files\DAP 2012-01-03 12:55:52 172032 ----a-w- c:\windows\system32\AniGIF.ocx 2012-01-03 09:24:20 1227264 ----a-w- c:\windows\system32\dx8vb.dll 2012-01-02 22:37:27 -------- d-----r- c:\users\niki\MegaCloud 2012-01-02 22:36:02 -------- d-----w- c:\users\niki\appdata\roaming\MegaCloud 2012-01-02 22:35:29 -------- d-----w- c:\programdata\Web Installer 2012-01-02 09:19:46 -------- d-----w- c:\users\niki\appdata\local\LogMeIn Hamachi 2012-01-02 09:18:24 -------- d-----w- c:\program files\LogMeIn Hamachi 2011-12-29 11:11:27 -------- d-----w- c:\program files\SystemRequirementsLab 2011-12-21 05:40:15 -------- d-----w- c:\users\niki\appdata\local\Oleg_Zhuk 2011-12-20 16:56:03 -------- d-----w- c:\users\niki\riotsGamesLogs 2011-12-20 16:49:54 -------- d-----w- c:\users\niki\appdata\roaming\LolClient 2011-12-19 13:25:16 -------- d-----w- c:\programdata\AVG Secure Search 2011-12-19 00:45:17 -------- d-----w- c:\programdata\PopCap Games 2011-12-16 18:02:59 -------- d-----w- c:\users\niki\appdata\local\Mozilla 2011-12-15 16:14:20 -------- d-----w- c:\users\niki\appdata\roaming\OpenCandy 2011-12-15 16:12:50 -------- d-----w- c:\users\niki\appdata\roaming\GetRightToGo 2011-12-14 20:19:31 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-12-14 20:18:29 -------- d-----w- c:\users\niki\appdata\roaming\DAEMON Tools Lite 2011-12-11 22:55:37 -------- d-----w- c:\programdata\DAEMON Tools Lite 2011-12-11 10:14:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-10 01:48:33 -------- d-----w- c:\program files\facemoods.com 2011-12-10 01:01:12 -------- d-----w- c:\users\niki\appdata\roaming\FOG Downloader 2011-12-10 01:00:20 -------- d-----w- c:\users\niki\rune of magick 2011-12-08 14:26:19 -------- d-----w- c:\program files\common files\Blizzard Entertainment . ==================== Find3M ==================== . 2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys 2011-11-19 22:48:44 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-05 04:35:50 981504 ----a-w- c:\windows\system32\wininet.dll 2011-11-05 04:34:15 44544 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-05 04:30:11 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-05 03:28:41 386048 ----a-w- c:\windows\system32\html.iec 2011-11-05 02:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-11-01 19:34:28 40296 ----a-w- c:\windows\system32\drivers\oahlp32.sys 2011-11-01 19:34:10 29312 ----a-w- c:\windows\system32\drivers\OAnet.sys 2011-11-01 19:34:08 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys 2011-11-01 19:34:08 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys 2011-10-26 04:42:38 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 04:42:37 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-26 04:25:28 38912 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-22 11:21:38 65536 ----a-w- c:\windows\system32\frapsvid.dll 2011-10-15 08:54:52 321856 ----a-w- c:\windows\system32\nvStreaming.exe 2011-10-15 05:48:52 534528 ----a-w- c:\windows\system32\EncDec.dll . ============= FINISH: 0:53:39.84 =============== https://www.mycity.rs/must-login.png Attach https://www.mycity.rs/must-login.png Gmer : 1 scan https://www.mycity.rs/must-login.png 2 Non MS https://www.mycity.rs/must-login.png 3 Autorun https://www.mycity.rs/must-login.png Ja sam mu izvadio ethernet kabl i promeniću mu lozinke preko mog računara.

Profil

argus Poslao: 07 Jan 2012 11:50 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Preuzmi aswMBR i sacuvaj ga na Desktop. Dvoklikom pokreni aswMBR. Klikni na Scan. Kada zavrsi skeniranje, klikni Save log. Sacuvaj aswMBR log na Desktop. Sadrzaj tog loga iskopiraj u temi.

Profil

Srki94 Poslao: 07 Jan 2012 13:44 Idi na vrh
offline Srki94 Mod u pemziji Pridružio: 14 Feb 2008 Poruke: 12391	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software Run date: 2012-01-07 04:39:39 ----------------------------- 04:39:39.160 OS Version: Windows 6.1.7600 04:39:39.160 Number of processors: 3 586 0x502 04:39:39.162 ComputerName: NIKI-PC UserName: Niki 04:39:40.801 Initialize success 04:39:45.955 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066 04:39:45.957 Disk 0 Vendor: Hitachi_ JP2O Size: 476940MB BusType: 3 04:39:46.049 Disk 0 MBR read successfully 04:39:46.051 Disk 0 MBR scan 04:39:46.053 Disk 0 Windows 7 default MBR code 04:39:46.101 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 04:39:46.149 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100839 MB offset 206848 04:39:46.215 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 375999 MB offset 206725120 04:39:46.288 Disk 0 scanning sectors +976771072 04:39:46.650 Disk 0 scanning C:\Windows\system32\drivers 04:40:59.359 Service scanning 04:41:00.633 Modules scanning 04:42:33.911 Disk 0 trace - called modules: 04:42:33.966 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys 04:42:33.972 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867b2460] 04:42:33.977 3 CLASSPNP.SYS[8b3df59e] -> nt!IofCallDriver -> [0x86487e40] 04:42:33.982 5 ACPI.sys[8399b3b2] -> nt!IofCallDriver -> \Device\00000066[0x86487450] 04:42:33.987 Scan finished successfully 04:42:43.600 Disk 0 MBR has been saved successfully to "G:\MBR.dat" 04:42:43.612 The log file has been saved successfully to "G:\aswMBR.txt" Btw, zamenio sam lozinke e-mail naloga i fb-a preko mog računara međutim dotična osoba je i dalje online na MSN-u iako sam se odjavio sa msn-a preko hotmail-a što je jako čudno jer to znači da je morao ponovo da se konektuje sa novom lozinkom na msn a kako je došao do nove lozinke ne znam... I izvinjavam se za dds log hvala.

Profil

argus Poslao: 07 Jan 2012 14:26 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Srki moraces da deinstaliras AVG privremeno, jer ta verzija ne moze da se iskljuci vise od 15min. pa da nam ne pravi problem, kasnije kad zavrsimo instaliraces ga ponovo. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

Srki94 Poslao: 07 Jan 2012 15:48 Idi na vrh
offline Srki94 Mod u pemziji Pridružio: 14 Feb 2008 Poruke: 12391	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: ComboFix 12-01-06.03 - Niki 01/07/2012 6:06.1.3 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.2212 [GMT -8:00] Running from: G:\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 Disabled/Outdated {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: Online Armor Firewall Disabled {32E71E58-6AAE-2557-2ABD-EA739069CE41} SP: AVG Anti-Virus Free Edition 2012 Disabled/Outdated {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender Enabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\facemoods.com c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.crx c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.png c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe c:\program files\facemoods.com\sqlite3.dll c:\users\Niki\AppData\Roaming\Roaming c:\users\Niki\AppData\Roaming\Roaming\Minecraft.v1.8.BETA.PRE.RELEASE-P2P.rar c:\users\Niki\AppData\Roaming\Roaming\Minecraft.v1.8.BETA.PRE.RELEASE-P2P\Minecraft.v1.8.BETA.PRE.RELEASE-P2P\INSTALL.txt c:\users\Niki\AppData\Roaming\Roaming\Minecraft.v1.8.BETA.PRE.RELEASE-P2P\Minecraft.v1.8.BETA.PRE.RELEASE-P2P\minecraft.jar c:\users\Niki\AppData\Roaming\Roaming\Minecraft.v1.8.BETA.PRE.RELEASE-P2P\Minecraft.v1.8.BETA.PRE.RELEASE-P2P\Minecraft_Beta_(zabranjeno)ed_v1.7.3.exe c:\users\Niki\AppData\Roaming\Roaming\Minecraft.v1.8.BETA.PRE.RELEASE-P2P\Uploader [legjobbzene.blogspot.hu ].rar . . ((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 ))))))))))))))))))))))))))))))) . . 2012-01-07 14:25 . 2012-01-07 14:25 -------- d-----w- c:\users\Niki\AppData\Local\temp 2012-01-07 14:25 . 2012-01-07 14:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-01-07 14:25 . 2012-01-07 14:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-07 14:03 . 2012-01-07 14:03 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F74D318A-B995-42DB-9DB7-6131AC050391}\offreg.dll 2012-01-05 11:00 . 2001-09-05 12:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll 2012-01-05 11:00 . 2001-09-05 12:18 77824 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll 2012-01-05 11:00 . 2001-09-05 12:14 176128 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll 2012-01-05 11:00 . 2001-09-05 12:13 32768 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll 2012-01-04 23:35 . 2012-01-04 23:35 -------- d-----w- c:\program files\Conduit 2012-01-04 23:35 . 2012-01-04 23:35 -------- d-----w- c:\users\Niki\AppData\Local\Conduit 2012-01-04 23:35 . 2012-01-04 23:35 -------- d-----w- c:\program files\uTorrentBar 2012-01-04 23:34 . 2012-01-06 20:25 -------- d-----w- c:\users\Niki\AppData\Roaming\uTorrent 2012-01-03 18:12 . 2012-01-03 18:12 -------- d-----w- c:\windows\Farm Frenzy 3 2012-01-03 18:11 . 2012-01-03 18:11 -------- d-----w- c:\windows\Farm Frenzy Pizza Party 2012-01-03 18:11 . 2012-01-03 18:11 -------- d-----w- c:\programdata\AlawarWrapper 2012-01-03 18:10 . 2012-01-03 18:11 -------- d-----w- c:\program files\Alawar 2012-01-03 18:08 . 2012-01-03 18:08 -------- d-----w- c:\windows\Farm Frenzy 2 2012-01-03 15:28 . 2012-01-03 15:28 -------- d-----w- c:\users\Niki\AppData\Local\playlogic 2012-01-03 13:04 . 2012-01-03 13:04 637952 ----a-w- c:\windows\is-5UAA5.exe 2012-01-03 13:03 . 2002-04-15 21:20 94480 ----a-w- c:\windows\system32\msjro.dll 2012-01-03 13:03 . 2012-01-03 13:03 -------- d-----w- c:\program files\Artwork Develop 2012-01-03 12:56 . 2012-01-03 12:56 -------- d-----w- c:\programdata\SpeedBit 2012-01-03 12:56 . 2012-01-03 12:56 -------- d-----w- c:\program files\Common Files\SpeedBit 2012-01-03 12:56 . 2012-01-03 12:55 84480 ----a-w- c:\windows\system32\EasyHook32.dll 2012-01-03 12:56 . 2012-01-03 12:55 109216 ----a-w- c:\windows\system32\EasyHook64.dll 2012-01-03 12:56 . 2012-01-03 13:05 -------- d-----w- c:\program files\DAP 2012-01-03 12:55 . 2012-01-03 12:55 172032 ----a-w- c:\windows\system32\AniGIF.ocx 2012-01-03 09:24 . 2012-01-03 09:22 1227264 ----a-w- c:\windows\system32\dx8vb.dll 2012-01-02 22:37 . 2012-01-07 14:01 -------- d-----r- c:\users\Niki\MegaCloud 2012-01-02 22:36 . 2012-01-07 14:01 -------- d-----w- c:\users\Niki\AppData\Roaming\MegaCloud 2012-01-02 22:35 . 2012-01-02 22:35 -------- d-----w- c:\programdata\Web Installer 2012-01-02 09:19 . 2012-01-07 14:01 -------- d-----w- c:\users\Niki\AppData\Local\LogMeIn Hamachi 2012-01-02 09:18 . 2012-01-02 09:18 -------- d-----w- c:\program files\LogMeIn Hamachi 2011-12-29 11:11 . 2011-12-29 11:17 -------- d-----w- c:\program files\SystemRequirementsLab 2011-12-29 11:11 . 2011-12-29 11:17 -------- d-----w- c:\users\Niki\AppData\Roaming\SystemRequirementsLab 2011-12-27 11:01 . 2011-12-27 11:01 -------- d-----w- c:\program files\Microsoft.NET 2011-12-21 05:40 . 2011-12-21 05:40 -------- d-----w- c:\users\Niki\AppData\Local\Oleg_Zhuk 2011-12-20 16:56 . 2011-12-20 16:56 -------- d-----w- c:\users\Niki\riotsGamesLogs 2011-12-20 16:49 . 2011-12-20 16:49 -------- d-----w- c:\users\Niki\AppData\Roaming\LolClient 2011-12-19 00:45 . 2011-12-19 00:45 -------- d-----w- c:\programdata\PopCap Games 2011-12-16 18:02 . 2011-12-16 18:02 -------- d-----w- c:\users\Niki\AppData\Local\Mozilla 2011-12-15 16:14 . 2011-12-15 16:15 -------- d-----w- c:\users\Niki\AppData\Roaming\OpenCandy 2011-12-15 16:12 . 2011-12-15 16:15 -------- d-----w- c:\users\Niki\AppData\Roaming\GetRightToGo 2011-12-14 20:19 . 2011-12-14 20:19 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-12-14 20:18 . 2011-12-14 20:25 -------- d-----w- c:\users\Niki\AppData\Roaming\DAEMON Tools Lite 2011-12-11 22:55 . 2011-12-14 20:18 -------- d-----w- c:\programdata\DAEMON Tools Lite 2011-12-11 10:14 . 2012-01-02 22:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-10 21:56 . 2011-12-10 21:56 -------- d-----w- c:\program files\Opera 2011-12-10 01:48 . 2011-12-10 01:48 1161 ----a-w- C:\prefs.js 2011-12-10 01:01 . 2011-12-10 01:12 -------- d-----w- c:\users\Niki\AppData\Roaming\FOG Downloader 2011-12-10 01:00 . 2011-12-10 01:00 -------- d-----w- c:\users\Niki\rune of magick 2011-12-08 14:26 . 2011-12-08 14:26 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 16:32 . 2011-11-25 16:32 49152 ----a-r- c:\users\Niki\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe 2011-11-19 22:48 . 2011-11-19 22:48 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-01 19:34 . 2011-11-14 13:28 40296 ----a-w- c:\windows\system32\drivers\oahlp32.sys 2011-11-01 19:34 . 2011-11-14 13:28 29312 ----a-w- c:\windows\system32\drivers\OAnet.sys 2011-11-01 19:34 . 2011-11-14 13:28 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys 2011-11-01 19:34 . 2011-11-14 13:28 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys 2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\system32\frapsvid.dll 2011-10-18 09:28 . 2011-11-14 08:56 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F74D318A-B995-42DB-9DB7-6131AC050391}\mpengine.dll 2011-10-15 08:54 . 2011-10-15 08:54 321856 ----a-w- c:\windows\system32\nvStreaming.exe 2011-10-15 08:53 . 2011-11-14 14:37 6350144 ----a-w- c:\windows\system32\nvcpl.dll 2011-10-15 08:53 . 2011-11-14 14:37 3840320 ----a-w- c:\windows\system32\nvsvc.dll 2011-10-15 08:53 . 2011-11-14 14:37 203072 ----a-w- c:\windows\system32\nvmctray.dll 2011-10-15 08:53 . 2011-11-14 14:37 123712 ----a-w- c:\windows\system32\nvshext.dll 2011-10-15 08:53 . 2011-11-14 14:37 1136448 ----a-w- c:\windows\system32\nvvsvc.exe 2011-10-15 08:53 . 2011-11-14 14:37 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll 2011-10-15 08:53 . 2011-11-14 14:37 919872 ----a-w- c:\windows\system32\nvdispco32.dll 2011-10-15 08:53 . 2011-11-14 14:37 877376 ----a-w- c:\windows\system32\nvgenco32.dll 2011-10-15 08:53 . 2011-11-14 14:37 7041856 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-10-15 08:53 . 2011-11-14 14:37 61248 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-15 08:53 . 2011-11-14 14:37 5578560 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-15 08:53 . 2011-11-14 14:37 2458432 ----a-w- c:\windows\system32\nvapi.dll 2011-10-15 08:53 . 2011-11-14 14:37 2401088 ----a-w- c:\windows\system32\nvcuvid.dll 2011-10-15 08:53 . 2011-11-14 14:37 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-10-15 08:53 . 2011-11-14 14:37 18871616 ----a-w- c:\windows\system32\nvoglv32.dll 2011-10-15 08:53 . 2011-11-14 14:37 17248576 ----a-w- c:\windows\system32\nvcompiler.dll 2011-10-15 08:53 . 2011-11-14 14:37 13205312 ----a-w- c:\windows\system32\nvd3dum.dll 2011-10-15 08:53 . 2011-11-14 14:37 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-01-03 12:55 . 2012-01-03 12:58 252080 ----a-w- c:\program files\opera\program\plugins\dapop.dll 2011-12-19 01:29 . 2011-12-16 18:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal] @="{03FB4211-3964-44E8-97D7-A2FA49CF5576}" [HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}] 2011-12-22 22:54 204944 ----a-w- c:\users\Niki\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified] @="{03FB4212-3964-44E8-97D7-A2FA49CF5576}" [HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}] 2011-12-22 22:54 204944 ----a-w- c:\users\Niki\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError] @="{03FB4213-3964-44E8-97D7-A2FA49CF5576}" [HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}] 2011-12-22 22:54 204944 ----a-w- c:\users\Niki\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456] "@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2011-11-01 2531104] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "TV Card Remote Control Device Monitor"="c:\windows\713xRMT.exe" [2008-05-26 520192] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-16 1955208] . c:\users\Niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MegaCloud.lnk - c:\users\Niki\AppData\Roaming\MegaCloud\MegaCloud.exe [2012-1-2 9825424] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ TV Expert Schedule Agent.lnk - d:\program files\TV Expert\ADTVScheduleAgent.exe [2011-12-2 49152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2011-11-01 358840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-14 239168] S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-11-01 205864] S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-11-01 40296] S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-11-01 25192] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-16 1361288] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2011-11-01 207936] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2011-11-01 4363040] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-07-07 139880] S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2011-11-01 29312] . . Contents of the 'Scheduled Tasks' folder . 2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351254513-1549663279-2964313904-1000Core.job - c:\users\Niki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-14 10:15] . 2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351254513-1549663279-2964313904-1000UA.job - c:\users\Niki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-14 10:15] . . ------- Supplementary Scan ------- . uStart Page = hxxp://home.speedbit.com/?aff=105 IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm TCP: DhcpNameServer = 178.79.22.6 178.79.0.3 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll FF - ProfilePath - c:\users\Niki\AppData\Roaming\Mozilla\Firefox\Profiles\o1xdr72p.default\ FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=106&q= FF - prefs.js: browser.search.selectedEngine - SpeedBit Search FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=105 FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=106&q= . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe AddRemove-Bus-Tram-Cable Car Simulator_is1 - d:\program files\Bus-Tram-Cable Car Simulator\unins000.exe AddRemove-Euro Truck Simulator - d:\program files\Euro Truck Simulator\uninst.exe AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe AddRemove-Farm Frenzy 3 Russian Roulette 1.0 - d:\program files\Alawar Entertainment\Farm Frenzy 3 Russian Roulette\Uninstall.exe AddRemove-Race Injection_is1 - d:\program files\SimBin\Race Injection\unins000.exe AddRemove-Tanker Truck Simulator 2011_is1 - d:\program files\Tanker Truck Simulator 2011\unins000.exe AddRemove-Verkehrsplaner - Die Simulation - d:\program files\Verkehrsplaner - Die Simulation\uninstall.exe AddRemove-{A8DE8C34-7F51-4cc8-B326-C425793EE741} - d:\program files\Starbreeze Studios\Riddick EFBB\Uninstall.exe AddRemove-{AEF59382-3FF1-4EBF-A93E-CCC474DCEA3F}_is1 - d:\program files\Bau-Simulator 2012\unins000.exe AddRemove-Traktor Simulator Srbija - d:\program files\Traktor Simulator Srbija\Uninstal.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-351254513-1549663279-2964313904-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:44,74,3c,1c,d6,af,28,bd,ee,bb,fd,dc,c4,ab,78,02,fb,57,f5,a4,50,98,84, 1c,18,c5,a9,f3,71,ab,2e,0e,1f,3d,66,0f,41,5b,8f,44,1b,17,51,db,30,13,4c,b0,\ "??"=hex:4f,52,22,1b,28,88,7f,45,21,75,6b,a6,d3,23,5a,2e . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-01-07 06:29:04 ComboFix-quarantined-files.txt 2012-01-07 14:29 . Pre-Run: 26,235,830,272 bytes free Post-Run: 33,108,078,592 bytes free . - - End Of File - - 63F2632432369118F70E2B4C1A459E36 https://www.mycity.rs/must-login.png Nisam uspeo da obrišem AVG do kraja, ostala je glavna aplikacija iz nekog razloga međutim moduli za zaštitu su obrisani prilikom deinstalacije tako da nije imao šta da pokrene za zaštitu. Online Armor sam deaktivirao tokom skeniranja i sve je prošlo ok.

Profil

argus Poslao: 07 Jan 2012 16:16 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Raruj mi ovaj fajl c:\windows\is-5UAA5.exe Posalji ga na proveru preko ovog linka i obavesti me kad posaljes http://www.mycity.rs/ambulanta-upload.php

Profil

Srki94 Poslao: 07 Jan 2012 16:55 Idi na vrh
offline Srki94 Mod u pemziji Pridružio: 14 Feb 2008 Poruke: 12391	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Okačio. Ujedno dodao i list fajl koji ima isto ime.

Profil

argus Poslao: 07 Jan 2012 17:08 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pre nego bilo sta uradis preuzmi ovaj alat i sa njim deinstaliraj AVG http://www.avg.com/ww-en/utilities Posle mozes da instaliras koji god hoces AV. Otvoriti Notepad i iskopirati sledeci tekst: DDS:: uStart Page = hxxp://home.speedbit.com/?aff=105 Firefox:: FF - ProfilePath - c:\users\Niki\AppData\Roaming\Mozilla\Firefox\Profiles\o1xdr72p.default\ FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=106&q= FF - prefs.js: browser.search.selectedEngine - SpeedBit Search FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=105 FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=106&q= RegLock:: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 RegNull:: [HKEY_USERS\S-1-5-21-351254513-1549663279-2964313904-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:44,74,3c,1c,d6,af,28,bd,ee,bb,fd,dc,c4,ab,78,02,fb,57,f5,a4,50,98,84, 1c,18,c5,a9,f3,71,ab,2e,0e,1f,3d,66,0f,41,5b,8f,44,1b,17,51,db,30,13,4c,b0,\ "??"=hex:4f,52,22,1b,28,88,7f,45,21,75,6b,a6,d3,23,5a,2e Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Srki94 Poslao: 07 Jan 2012 22:08 Idi na vrh
offline Srki94 Mod u pemziji Pridružio: 14 Feb 2008 Poruke: 12391	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: https://www.mycity.rs/must-login.png ComboFix 12-01-06.03 - Niki 01/07/2012 12:37:41.2.3 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.2262 [GMT -8:00] Running from: G:\ComboFix.exe Command switches used :: G:\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 Disabled/Outdated {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: Online Armor Firewall Disabled {32E71E58-6AAE-2557-2ABD-EA739069CE41} SP: AVG Anti-Virus Free Edition 2012 Disabled/Outdated {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender Enabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 ))))))))))))))))))))))))))))))) . . 2012-01-07 20:44 . 2012-01-07 20:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-01-07 20:44 . 2012-01-07 20:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-07 20:37 . 2012-01-07 20:37 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F74D318A-B995-42DB-9DB7-6131AC050391}\offreg.dll 2012-01-07 14:29 . 2012-01-07 20:44 -------- d-----w- c:\users\Niki\AppData\Local\temp 2012-01-05 11:00 . 2001-09-05 12:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll 2012-01-05 11:00 . 2001-09-05 12:18 77824 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll 2012-01-05 11:00 . 2001-09-05 12:14 176128 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll 2012-01-05 11:00 . 2001-09-05 12:13 32768 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll 2012-01-04 23:35 . 2012-01-04 23:35 -------- d-----w- c:\program files\Conduit 2012-01-04 23:35 . 2012-01-04 23:35 -------- d-----w- c:\users\Niki\AppData\Local\Conduit 2012-01-04 23:35 . 2012-01-04 23:35 -------- d-----w- c:\program files\uTorrentBar 2012-01-04 23:34 . 2012-01-06 20:25 -------- d-----w- c:\users\Niki\AppData\Roaming\uTorrent 2012-01-03 18:12 . 2012-01-03 18:12 -------- d-----w- c:\windows\Farm Frenzy 3 2012-01-03 18:11 . 2012-01-03 18:11 -------- d-----w- c:\windows\Farm Frenzy Pizza Party 2012-01-03 18:11 . 2012-01-03 18:11 -------- d-----w- c:\programdata\AlawarWrapper 2012-01-03 18:10 . 2012-01-03 18:11 -------- d-----w- c:\program files\Alawar 2012-01-03 18:08 . 2012-01-03 18:08 -------- d-----w- c:\windows\Farm Frenzy 2 2012-01-03 15:28 . 2012-01-03 15:28 -------- d-----w- c:\users\Niki\AppData\Local\playlogic 2012-01-03 13:04 . 2012-01-03 13:04 637952 ----a-w- c:\windows\is-5UAA5.exe 2012-01-03 13:03 . 2002-04-15 21:20 94480 ----a-w- c:\windows\system32\msjro.dll 2012-01-03 13:03 . 2012-01-03 13:03 -------- d-----w- c:\program files\Artwork Develop 2012-01-03 12:56 . 2012-01-03 12:56 -------- d-----w- c:\programdata\SpeedBit 2012-01-03 12:56 . 2012-01-03 12:56 -------- d-----w- c:\program files\Common Files\SpeedBit 2012-01-03 12:56 . 2012-01-03 12:55 84480 ----a-w- c:\windows\system32\EasyHook32.dll 2012-01-03 12:56 . 2012-01-03 12:55 109216 ----a-w- c:\windows\system32\EasyHook64.dll 2012-01-03 12:56 . 2012-01-03 13:05 -------- d-----w- c:\program files\DAP 2012-01-03 12:55 . 2012-01-03 12:55 172032 ----a-w- c:\windows\system32\AniGIF.ocx 2012-01-03 09:24 . 2012-01-03 09:22 1227264 ----a-w- c:\windows\system32\dx8vb.dll 2012-01-02 22:37 . 2012-01-07 20:35 -------- d-----r- c:\users\Niki\MegaCloud 2012-01-02 22:36 . 2012-01-07 20:35 -------- d-----w- c:\users\Niki\AppData\Roaming\MegaCloud 2012-01-02 22:35 . 2012-01-02 22:35 -------- d-----w- c:\programdata\Web Installer 2012-01-02 09:19 . 2012-01-07 20:45 -------- d-----w- c:\users\Niki\AppData\Local\LogMeIn Hamachi 2012-01-02 09:18 . 2012-01-02 09:18 -------- d-----w- c:\program files\LogMeIn Hamachi 2011-12-29 11:11 . 2011-12-29 11:17 -------- d-----w- c:\program files\SystemRequirementsLab 2011-12-29 11:11 . 2011-12-29 11:17 -------- d-----w- c:\users\Niki\AppData\Roaming\SystemRequirementsLab 2011-12-27 11:01 . 2011-12-27 11:01 -------- d-----w- c:\program files\Microsoft.NET 2011-12-21 05:40 . 2011-12-21 05:40 -------- d-----w- c:\users\Niki\AppData\Local\Oleg_Zhuk 2011-12-20 16:56 . 2011-12-20 16:56 -------- d-----w- c:\users\Niki\riotsGamesLogs 2011-12-20 16:49 . 2011-12-20 16:49 -------- d-----w- c:\users\Niki\AppData\Roaming\LolClient 2011-12-19 00:45 . 2011-12-19 00:45 -------- d-----w- c:\programdata\PopCap Games 2011-12-16 18:02 . 2011-12-16 18:02 -------- d-----w- c:\users\Niki\AppData\Local\Mozilla 2011-12-15 16:14 . 2011-12-15 16:15 -------- d-----w- c:\users\Niki\AppData\Roaming\OpenCandy 2011-12-15 16:12 . 2011-12-15 16:15 -------- d-----w- c:\users\Niki\AppData\Roaming\GetRightToGo 2011-12-14 20:19 . 2011-12-14 20:19 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-12-14 20:18 . 2011-12-14 20:25 -------- d-----w- c:\users\Niki\AppData\Roaming\DAEMON Tools Lite 2011-12-11 22:55 . 2011-12-14 20:18 -------- d-----w- c:\programdata\DAEMON Tools Lite 2011-12-11 10:14 . 2012-01-02 22:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-10 21:56 . 2011-12-10 21:56 -------- d-----w- c:\program files\Opera 2011-12-10 01:48 . 2011-12-10 01:48 1161 ----a-w- C:\prefs.js 2011-12-10 01:01 . 2011-12-10 01:12 -------- d-----w- c:\users\Niki\AppData\Roaming\FOG Downloader 2011-12-10 01:00 . 2011-12-10 01:00 -------- d-----w- c:\users\Niki\rune of magick . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 16:32 . 2011-11-25 16:32 49152 ----a-r- c:\users\Niki\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe 2011-11-19 22:48 . 2011-11-19 22:48 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-01 19:34 . 2011-11-14 13:28 40296 ----a-w- c:\windows\system32\drivers\oahlp32.sys 2011-11-01 19:34 . 2011-11-14 13:28 29312 ----a-w- c:\windows\system32\drivers\OAnet.sys 2011-11-01 19:34 . 2011-11-14 13:28 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys 2011-11-01 19:34 . 2011-11-14 13:28 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys 2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\system32\frapsvid.dll 2011-10-18 09:28 . 2011-11-14 08:56 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F74D318A-B995-42DB-9DB7-6131AC050391}\mpengine.dll 2011-10-15 08:54 . 2011-10-15 08:54 321856 ----a-w- c:\windows\system32\nvStreaming.exe 2011-10-15 08:53 . 2011-11-14 14:37 6350144 ----a-w- c:\windows\system32\nvcpl.dll 2011-10-15 08:53 . 2011-11-14 14:37 3840320 ----a-w- c:\windows\system32\nvsvc.dll 2011-10-15 08:53 . 2011-11-14 14:37 203072 ----a-w- c:\windows\system32\nvmctray.dll 2011-10-15 08:53 . 2011-11-14 14:37 123712 ----a-w- c:\windows\system32\nvshext.dll 2011-10-15 08:53 . 2011-11-14 14:37 1136448 ----a-w- c:\windows\system32\nvvsvc.exe 2011-10-15 08:53 . 2011-11-14 14:37 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll 2011-10-15 08:53 . 2011-11-14 14:37 919872 ----a-w- c:\windows\system32\nvdispco32.dll 2011-10-15 08:53 . 2011-11-14 14:37 877376 ----a-w- c:\windows\system32\nvgenco32.dll 2011-10-15 08:53 . 2011-11-14 14:37 7041856 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-10-15 08:53 . 2011-11-14 14:37 61248 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-15 08:53 . 2011-11-14 14:37 5578560 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-15 08:53 . 2011-11-14 14:37 2458432 ----a-w- c:\windows\system32\nvapi.dll 2011-10-15 08:53 . 2011-11-14 14:37 2401088 ----a-w- c:\windows\system32\nvcuvid.dll 2011-10-15 08:53 . 2011-11-14 14:37 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-10-15 08:53 . 2011-11-14 14:37 18871616 ----a-w- c:\windows\system32\nvoglv32.dll 2011-10-15 08:53 . 2011-11-14 14:37 17248576 ----a-w- c:\windows\system32\nvcompiler.dll 2011-10-15 08:53 . 2011-11-14 14:37 13205312 ----a-w- c:\windows\system32\nvd3dum.dll 2011-10-15 08:53 . 2011-11-14 14:37 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-01-03 12:55 . 2012-01-03 12:58 252080 ----a-w- c:\program files\opera\program\plugins\dapop.dll 2011-12-19 01:29 . 2011-12-16 18:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal] @="{03FB4211-3964-44E8-97D7-A2FA49CF5576}" [HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}] 2011-12-22 22:54 204944 ----a-w- c:\users\Niki\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified] @="{03FB4212-3964-44E8-97D7-A2FA49CF5576}" [HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}] 2011-12-22 22:54 204944 ----a-w- c:\users\Niki\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError] @="{03FB4213-3964-44E8-97D7-A2FA49CF5576}" [HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}] 2011-12-22 22:54 204944 ----a-w- c:\users\Niki\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2011-11-01 2531104] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "TV Card Remote Control Device Monitor"="c:\windows\713xRMT.exe" [2008-05-26 520192] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-16 1955208] . c:\users\Niki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MegaCloud.lnk - c:\users\Niki\AppData\Roaming\MegaCloud\MegaCloud.exe [2012-1-2 9825424] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ TV Expert Schedule Agent.lnk - d:\program files\TV Expert\ADTVScheduleAgent.exe [2011-12-2 49152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2011-11-01 358840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-14 239168] S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-11-01 205864] S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-11-01 40296] S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-11-01 25192] S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-16 1361288] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2011-11-01 207936] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2011-11-01 4363040] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-07-07 139880] S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2011-11-01 29312] . . Contents of the 'Scheduled Tasks' folder . 2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351254513-1549663279-2964313904-1000Core.job - c:\users\Niki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-14 10:15] . 2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351254513-1549663279-2964313904-1000UA.job - c:\users\Niki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-14 10:15] . . ------- Supplementary Scan ------- . IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm TCP: DhcpNameServer = 178.79.22.6 178.79.0.3 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll FF - ProfilePath - c:\users\Niki\AppData\Roaming\Mozilla\Firefox\Profiles\o1xdr72p.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2388-) c:\windows\System32\netshell.dll . Completion time: 2012-01-07 12:47:02 ComboFix-quarantined-files.txt 2012-01-07 20:47 ComboFix2.txt 2012-01-07 14:29 . Pre-Run: 33,107,030,016 bytes free Post-Run: 33,045,315,584 bytes free . - - End Of File - - CE865E2CF2BB6FF8E46F7A5C417B840C Ta poslednja skripta je onesposobila većinu stvari, browsere launchere itd btw ali ima restore za svaki slučaj.

Profil

argus Poslao: 07 Jan 2012 22:30 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kako onesposobila, pojasni malo.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Gadan Malware

Ko je trenutno na forumu

Ukupno su 1078 korisnika na forumu :: 38 registrovanih, 2 sakrivenih i 1038 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Andrija357, bigfoot, Brana01, dankisha, draganca, dulleo, dushan, esx66, Fog of War, HrcAk47, hyla, Joja, Kubovac, mercedesamg, Milos ZA, Milos82, nemkea71, nenad81, nesa1962, nuke92, Oscar, panonski mornar, procesor, Romibrat, ruger357, S2M, Srle993, StefanopuloZ, t84dar, vathra, Vlad000, Vlada1389, vlajkox, vukovi, Wrangler, zeo, 125

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by