Iritira me Windows Securiy Center

1

Iritira me Windows Securiy Center

offline
  • n3x 
  • Novi MyCity građanin
  • Pridružio: 29 Mar 2009
  • Poruke: 10

Imam problem sa WSC, prikazuje da nemam AV, a ja imam aviru.Problem je u tome sto je skinuo neki widows-ov AV WnPC Defender i non stop trazi da se registrujemi da apdejtujem preko interneta ( da platim ) i tako na svaka 2 minuta.Probao sam u Security centru na Recommendations i bilo koja opcija iz Resources da iskljucim ali me on konektuje na sajt WIN PC® Defender-a i trazi da se registrujem i da platim, naravno.Kako da iskjucim i izbrisem WIN PC® Defender? Imam XP SP2. Molim vas pomozite..... unapred hvala Smile

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Da bi mi tebi pomogli moras malo ti nama da pomognes...

Kako ? Pa ovako > http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • n3x 
  • Novi MyCity građanin
  • Pridružio: 29 Mar 2009
  • Poruke: 10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:06, on 30.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\Nemanja Savic\Application Data\pcdefender.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Nemanja Savic\Desktop\tr3.exe\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = nvidia.com/content/drivers/drivers.asp
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - D:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEocx Class - {06ec6572-7280-485a-a712-c380526bc048} - D:\WINDOWS\ieocx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sysav] D:\Documents and Settings\Nemanja Savic\Application Data\pcdefender.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - zone.msn.com/bingame/zpagames/zpa_hrtz.cab98974.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4226 bytes

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).


Takođe, nakon svega, potrebno je postaviti i svež HijackThis logfile.

offline
  • n3x 
  • Novi MyCity građanin
  • Pridružio: 29 Mar 2009
  • Poruke: 10

Kada instaliram Malwarebytes Anti-Malware i pokusam da ga pokrenem ( dvoklikom ) samo se pojavi pescani sat 1 sekundu i program se ne otvara.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Njemu treba i do 20 sekundu da se ucita.. cisto da znas Wink

no nebitno....

Uradi sledece :

Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


Zatim skini ovaj program i pokreni ga i prati uputstva... Kada te pita za update ti mu dozvoli... Takodje mu dozvoli instaliranje recovery console.

http://amf.mycity.rs/programs/mirrored/C-F.exe

Na kraju rada programa otvorice ti se notepad sa textom...Iskopiraj mi taj text ovde na forum.

offline
  • n3x 
  • Novi MyCity građanin
  • Pridružio: 29 Mar 2009
  • Poruke: 10

ComboFix 09-03-29.04 - Nemanja Savic 2009-03-30 17:39:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.278 [GMT 2:00]
Running from: d:\documents and settings\Nemanja Savic\Desktop\C-F.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-30 13:04 . 2009-03-30 13:04 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2009-03-30 13:04 . 2009-03-30 13:04 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-30 13:04 . 2009-03-26 16:49 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 13:04 . 2009-03-26 16:49 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2009-03-29 20:11 . 2009-03-29 20:11 <DIR> d--h----- d:\windows\system32\GroupPolicy
2009-03-29 19:53 . 2009-02-18 14:44 453,152 --a------ d:\windows\system32\nvuninst.exe
2009-03-29 19:53 . 2009-02-18 14:44 453,152 --a------ d:\windows\system32\nvudisp.exe
2009-03-29 19:53 . 2009-03-30 17:38 212,641 --a------ d:\windows\system32\nvapps.xml
2009-03-29 19:53 . 2009-02-18 14:44 19,021 --a------ d:\windows\system32\nvdisp.nvu
2009-03-29 19:25 . 2009-03-29 19:25 <DIR> d-------- D:\NVIDIA
2009-03-29 17:05 . 2009-03-29 19:55 <DIR> d-------- d:\windows\nview
2009-03-29 17:05 . 2009-02-18 14:44 6,308,224 --a------ d:\windows\system32\drivers\nv4_mini.sys
2009-03-29 17:05 . 2009-02-18 14:44 6,308,224 --a--c--- d:\windows\system32\dllcache\nv4_mini.sys
2009-03-29 17:05 . 2009-02-18 14:44 6,185,088 --a------ d:\windows\system32\nv4_disp.dll
2009-03-29 17:05 . 2009-02-18 14:44 6,185,088 --a--c--- d:\windows\system32\dllcache\nv4_disp.dll
2009-03-29 17:00 . 2009-03-29 17:02 <DIR> d-------- d:\windows\SxsCaPendDel
2009-03-29 16:31 . 2009-03-29 16:31 <DIR> d-------- d:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-29 16:07 . 2009-03-29 17:00 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\Uniblue
2009-03-29 16:07 . 2009-03-29 17:00 <DIR> d-------- d:\documents and settings\All Users\Application Data\DriverScanner
2009-03-29 03:53 . 2009-03-29 03:53 0 --a------ d:\windows\msicpl.ini
2009-03-29 02:05 . 2008-07-09 13:12 614,400 --a------ d:\windows\system32\msvcr80.dll
2009-03-29 00:23 . 2009-03-29 00:23 1,021,440 --a------ d:\documents and settings\Nemanja Savic\Application Data\pcdefender.exe
2009-03-28 22:32 . 2009-03-28 23:30 <DIR> d-------- d:\program files\Spybot - Search & Destroy
2009-03-28 22:32 . 2009-03-30 17:36 <DIR> d-------- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-24 21:48 . 2009-03-24 22:23 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\BitTorrent
2009-03-24 21:47 . 2009-03-28 23:30 <DIR> d-------- d:\program files\DNA
2009-03-24 21:47 . 2009-03-24 21:47 <DIR> d-------- d:\program files\BitTorrent
2009-03-24 21:47 . 2009-03-24 21:47 <DIR> d-------- d:\program files\AskSearch
2009-03-24 21:47 . 2009-03-28 23:32 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\DNA
2009-03-19 14:24 . 2009-03-19 14:24 268 --ah----- D:\sqmdata01.sqm
2009-03-19 14:24 . 2009-03-19 14:24 244 --ah----- D:\sqmnoopt01.sqm
2009-03-18 14:58 . 2009-03-18 14:58 292 --ah----- D:\sqmdata00.sqm
2009-03-18 14:58 . 2009-03-18 14:58 244 --ah----- D:\sqmnoopt00.sqm
2009-03-09 18:31 . 2009-03-09 18:31 <DIR> d-------- d:\program files\Common Files\NSV
2009-03-04 17:31 . 2009-03-04 17:31 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\EA
2009-03-04 17:31 . 2009-03-04 17:31 <DIR> d-------- d:\documents and settings\All Users\Application Data\EA
2009-03-04 14:10 . 2009-03-05 21:11 <DIR> d-------- d:\documents and settings\Nemanja Savic\Contacts
2009-03-04 14:09 . 2009-03-04 14:09 <DIR> d----c--- d:\windows\system32\DRVSTORE
2009-03-04 14:08 . 2009-03-04 14:08 <DIR> d--hsc--- d:\program files\Common Files\WindowsLiveInstaller
2009-03-04 14:07 . 2009-03-29 17:01 <DIR> d-------- d:\program files\Windows Live
2009-03-04 14:07 . 2009-03-04 14:07 <DIR> d-------- d:\documents and settings\All Users\Application Data\WLInstaller
2009-02-25 02:11 . 2009-02-25 02:11 <DIR> d-------- d:\program files\Switch Off
2009-02-24 04:37 . 2009-03-01 19:58 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\skypePM
2009-02-24 04:37 . 2009-02-24 04:37 56 --ah----- d:\windows\system32\ezsidmv.dat
2009-02-24 04:34 . 2009-03-01 21:17 <DIR> d-------- d:\documents and settings\All Users\Application Data\Skype
2009-02-24 03:42 . 2009-02-24 03:42 <DIR> d-------- d:\documents and settings\Nemanja Savic\LocalLow
2009-02-24 03:42 . 2009-02-24 03:42 <DIR> d-------- d:\documents and settings\All Users\Application Data\TVU Networks
2009-02-23 04:28 . 2009-02-24 04:43 <DIR> d-------- d:\program files\Dealio
2009-02-23 04:27 . 2009-02-23 04:27 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\RateMyScreensaver
2009-02-19 22:02 . 2009-03-01 21:02 <DIR> d-------- d:\program files\Yahoo!
2009-02-19 21:50 . 2009-02-19 21:50 <DIR> d-------- d:\windows\system32\runtime
2009-02-19 21:48 . 2009-03-01 21:09 <DIR> d-------- d:\program files\Google
2009-02-19 21:47 . 2009-02-19 21:47 169 --a------ d:\windows\RtlRack.ini
2009-02-19 17:54 . 2009-02-19 17:54 <DIR> d-------- d:\documents and settings\All Users\Application Data\GRETECH
2009-02-19 17:53 . 2009-02-19 17:53 <DIR> d-------- d:\program files\GRETECH
2009-02-19 17:53 . 2009-02-19 17:53 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\GRETECH
2009-02-19 17:43 . 2009-02-19 17:43 <DIR> d-------- d:\program files\Micro DVD Player
2009-02-19 17:43 . 2009-02-19 17:43 <DIR> d-------- d:\program files\DivXCodec
2009-02-19 16:52 . 2004-08-04 00:08 26,496 --a--c--- d:\windows\system32\dllcache\usbstor.sys
2009-02-18 19:07 . 2009-02-26 00:10 40 --a------ d:\windows\popcinfo.dat
2009-02-18 17:59 . 2009-02-18 17:59 <DIR> d-------- d:\documents and settings\All Users\Application Data\55-62-86-q0-64-09
2009-02-17 00:40 . 2009-02-17 00:40 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\AdobeUM
2009-02-17 00:38 . 2009-02-19 23:01 <DIR> d-------- d:\program files\Common Files\Adobe
2009-02-17 00:36 . 2009-02-17 00:36 <DIR> d-------- d:\windows\Cache
2009-02-16 23:39 . 2009-02-16 23:39 82 --a------ d:\windows\mafosav.INI
2009-02-16 22:43 . 2009-02-16 22:43 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\funkitron
2009-02-16 22:40 . 2009-02-16 22:40 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\SolSuite
2009-02-16 22:02 . 2009-02-16 22:11 <DIR> d-------- D:\muzika
2009-02-16 22:00 . 2009-03-18 15:19 <DIR> d-------- D:\Games
2009-02-11 04:43 . 2008-06-13 15:10 272,128 --------- d:\windows\system32\drivers\bthport.sys
2009-02-11 04:43 . 2008-06-13 15:10 272,128 -----c--- d:\windows\system32\dllcache\bthport.sys
2009-02-11 04:41 . 2008-08-14 12:00 2,180,352 -----c--- d:\windows\system32\dllcache\ntoskrnl.exe
2009-02-11 04:41 . 2008-08-14 11:58 2,136,064 -----c--- d:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-11 04:41 . 2008-08-14 11:22 2,057,728 -----c--- d:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-11 04:41 . 2008-08-14 11:22 2,015,744 -----c--- d:\windows\system32\dllcache\ntkrpamp.exe
2009-02-11 04:28 . 2008-10-24 13:10 453,632 -----c--- d:\windows\system32\dllcache\mrxsmb.sys
2009-02-11 04:01 . 2009-02-25 09:04 <DIR> d--h----- d:\windows\$hf_mig$
2009-02-11 04:01 . 2005-02-25 05:35 22,752 --a------ d:\windows\system32\spupdsvc.exe
2009-02-10 21:25 . 2009-02-10 21:59 <DIR> d-------- d:\program files\sXe Injected
2009-02-08 23:26 . 2009-02-08 23:26 <DIR> d--hs---- d:\windows\ftpcache
2009-02-08 21:39 . 2009-02-08 21:48 139,264 --a------ d:\windows\War3Unin.exe
2009-02-08 21:39 . 2009-03-22 18:54 86,737 --a------ d:\windows\War3Unin.dat
2009-02-08 21:39 . 2009-02-08 21:48 2,829 --a------ d:\windows\War3Unin.pif
2009-02-08 21:36 . 2009-03-30 16:07 <DIR> d-------- d:\program files\Warcraft III
2009-02-08 21:30 . 2009-03-01 22:48 <DIR> d-------- d:\program files\Counter-Strike 1.6
2009-02-08 21:25 . 2009-02-08 21:25 <DIR> d-------- d:\program files\Avira
2009-02-08 21:25 . 2009-02-08 21:25 <DIR> d-------- d:\documents and settings\All Users\Application Data\Avira
2009-02-08 21:04 . 2009-02-08 21:09 <DIR> d-------- d:\program files\Winamp
2009-02-08 21:04 . 2009-02-08 23:31 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\Winamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 14:33 --------- d--h--w d:\program files\InstallShield Installation Information
2009-02-08 18:18 --------- d-----w d:\program files\SystemRequirementsLab
2009-02-08 18:15 --------- d-----w d:\program files\Realtek Sound Manager
2009-02-08 18:15 --------- d-----w d:\program files\Realtek AC97
2009-02-08 18:15 --------- d-----w d:\program files\Common Files\InstallShield
2009-02-08 18:15 --------- d-----w d:\program files\AvRack
2009-02-08 18:14 --------- d-----w d:\program files\VIA
2009-02-08 18:05 --------- d-----w d:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"sysav"="d:\documents and settings\Nemanja Savic\Application Data\pcdefender.exe" [2009-03-29 1021440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 d:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2009-02-18 d:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-03-24 21:47 321344 d:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 02:06 1667584 d:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-03-07 20:01 5724184 d:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2009-01-26 16:31 2144088 d:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-09-12 18:45 36352 d:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"d:\\Games\\AnGo´s Game Collection\\Blobby Volley\\volley.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\pes\\PES2008.exe"=
"d:\\Games\\AnGo?s Game Collection\\Blobby Volley\\volley.exe"=

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;d:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.nvidia.com/content/drivers/drivers.asp
FF - ProfilePath - d:\documents and settings\Nemanja Savic\Application Data\Mozilla\Firefox\Profiles\ivyzqb0l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-30 17:41:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-30 17:42:03
ComboFix-quarantined-files.txt 2009-03-30 15:42:01
ComboFix2.txt 2009-03-30 15:36:31

Pre-Run: 9.419.735.040 bytes free
Post-Run: 9,406,046,208 bytes free

185 --- E O F --- 2009-02-25 08:32:36

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Otvoriti Notepad i iskopirati sledeci tekst:

File::
d:\documents and settings\Nemanja Savic\Application Data\pcdefender.exe

DirLook::
d:\documents and settings\All Users\Application Data\55-62-86-q0-64-09

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sysav"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • n3x 
  • Novi MyCity građanin
  • Pridružio: 29 Mar 2009
  • Poruke: 10

ComboFix 09-03-29.04 - Nemanja Savic 2009-03-30 18:46:45.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.309 [GMT 2:00]
Running from: d:\documents and settings\Nemanja Savic\Desktop\C-F.exe
Command switches used :: d:\documents and settings\Nemanja Savic\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
d:\documents and settings\Nemanja Savic\Application Data\pcdefender.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Nemanja Savic\Application Data\pcdefender.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-30 13:04 . 2009-03-30 13:04 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2009-03-30 13:04 . 2009-03-30 13:04 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-30 13:04 . 2009-03-26 16:49 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 13:04 . 2009-03-26 16:49 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2009-03-29 20:11 . 2009-03-29 20:11 <DIR> d--h----- d:\windows\system32\GroupPolicy
2009-03-29 19:53 . 2009-02-18 14:44 453,152 --a------ d:\windows\system32\nvuninst.exe
2009-03-29 19:53 . 2009-02-18 14:44 453,152 --a------ d:\windows\system32\nvudisp.exe
2009-03-29 19:53 . 2009-03-30 17:38 212,641 --a------ d:\windows\system32\nvapps.xml
2009-03-29 19:53 . 2009-02-18 14:44 19,021 --a------ d:\windows\system32\nvdisp.nvu
2009-03-29 19:25 . 2009-03-29 19:25 <DIR> d-------- D:\NVIDIA
2009-03-29 17:05 . 2009-03-29 19:55 <DIR> d-------- d:\windows\nview
2009-03-29 17:05 . 2009-02-18 14:44 6,308,224 --a------ d:\windows\system32\drivers\nv4_mini.sys
2009-03-29 17:05 . 2009-02-18 14:44 6,308,224 --a--c--- d:\windows\system32\dllcache\nv4_mini.sys
2009-03-29 17:05 . 2009-02-18 14:44 6,185,088 --a------ d:\windows\system32\nv4_disp.dll
2009-03-29 17:05 . 2009-02-18 14:44 6,185,088 --a--c--- d:\windows\system32\dllcache\nv4_disp.dll
2009-03-29 17:00 . 2009-03-29 17:02 <DIR> d-------- d:\windows\SxsCaPendDel
2009-03-29 16:31 . 2009-03-29 16:31 <DIR> d-------- d:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-29 16:07 . 2009-03-29 17:00 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\Uniblue
2009-03-29 16:07 . 2009-03-29 17:00 <DIR> d-------- d:\documents and settings\All Users\Application Data\DriverScanner
2009-03-29 03:53 . 2009-03-29 03:53 0 --a------ d:\windows\msicpl.ini
2009-03-29 02:05 . 2008-07-09 13:12 614,400 --a------ d:\windows\system32\msvcr80.dll
2009-03-28 22:32 . 2009-03-28 23:30 <DIR> d-------- d:\program files\Spybot - Search & Destroy
2009-03-28 22:32 . 2009-03-30 17:36 <DIR> d-------- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-24 21:48 . 2009-03-24 22:23 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\BitTorrent
2009-03-24 21:47 . 2009-03-28 23:30 <DIR> d-------- d:\program files\DNA
2009-03-24 21:47 . 2009-03-24 21:47 <DIR> d-------- d:\program files\BitTorrent
2009-03-24 21:47 . 2009-03-24 21:47 <DIR> d-------- d:\program files\AskSearch
2009-03-24 21:47 . 2009-03-28 23:32 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\DNA
2009-03-19 14:24 . 2009-03-19 14:24 268 --ah----- D:\sqmdata01.sqm
2009-03-19 14:24 . 2009-03-19 14:24 244 --ah----- D:\sqmnoopt01.sqm
2009-03-18 14:58 . 2009-03-18 14:58 292 --ah----- D:\sqmdata00.sqm
2009-03-18 14:58 . 2009-03-18 14:58 244 --ah----- D:\sqmnoopt00.sqm
2009-03-09 18:31 . 2009-03-09 18:31 <DIR> d-------- d:\program files\Common Files\NSV
2009-03-04 17:31 . 2009-03-04 17:31 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\EA
2009-03-04 17:31 . 2009-03-04 17:31 <DIR> d-------- d:\documents and settings\All Users\Application Data\EA
2009-03-04 14:10 . 2009-03-05 21:11 <DIR> d-------- d:\documents and settings\Nemanja Savic\Contacts
2009-03-04 14:09 . 2009-03-04 14:09 <DIR> d----c--- d:\windows\system32\DRVSTORE
2009-03-04 14:08 . 2009-03-04 14:08 <DIR> d--hsc--- d:\program files\Common Files\WindowsLiveInstaller
2009-03-04 14:07 . 2009-03-29 17:01 <DIR> d-------- d:\program files\Windows Live
2009-03-04 14:07 . 2009-03-04 14:07 <DIR> d-------- d:\documents and settings\All Users\Application Data\WLInstaller
2009-02-25 02:11 . 2009-02-25 02:11 <DIR> d-------- d:\program files\Switch Off
2009-02-24 04:37 . 2009-03-01 19:58 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\skypePM
2009-02-24 04:37 . 2009-02-24 04:37 56 --ah----- d:\windows\system32\ezsidmv.dat
2009-02-24 04:34 . 2009-03-01 21:17 <DIR> d-------- d:\documents and settings\All Users\Application Data\Skype
2009-02-24 03:42 . 2009-02-24 03:42 <DIR> d-------- d:\documents and settings\Nemanja Savic\LocalLow
2009-02-24 03:42 . 2009-02-24 03:42 <DIR> d-------- d:\documents and settings\All Users\Application Data\TVU Networks
2009-02-23 04:28 . 2009-02-24 04:43 <DIR> d-------- d:\program files\Dealio
2009-02-23 04:27 . 2009-02-23 04:27 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\RateMyScreensaver
2009-02-19 22:02 . 2009-03-01 21:02 <DIR> d-------- d:\program files\Yahoo!
2009-02-19 21:50 . 2009-02-19 21:50 <DIR> d-------- d:\windows\system32\runtime
2009-02-19 21:48 . 2009-03-01 21:09 <DIR> d-------- d:\program files\Google
2009-02-19 21:47 . 2009-02-19 21:47 169 --a------ d:\windows\RtlRack.ini
2009-02-19 17:54 . 2009-02-19 17:54 <DIR> d-------- d:\documents and settings\All Users\Application Data\GRETECH
2009-02-19 17:53 . 2009-02-19 17:53 <DIR> d-------- d:\program files\GRETECH
2009-02-19 17:53 . 2009-02-19 17:53 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\GRETECH
2009-02-19 17:43 . 2009-02-19 17:43 <DIR> d-------- d:\program files\Micro DVD Player
2009-02-19 17:43 . 2009-02-19 17:43 <DIR> d-------- d:\program files\DivXCodec
2009-02-19 16:52 . 2004-08-04 00:08 26,496 --a--c--- d:\windows\system32\dllcache\usbstor.sys
2009-02-18 19:07 . 2009-02-26 00:10 40 --a------ d:\windows\popcinfo.dat
2009-02-18 17:59 . 2009-02-18 17:59 <DIR> d-------- d:\documents and settings\All Users\Application Data\55-62-86-q0-64-09
2009-02-17 00:40 . 2009-02-17 00:40 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\AdobeUM
2009-02-17 00:38 . 2009-02-19 23:01 <DIR> d-------- d:\program files\Common Files\Adobe
2009-02-17 00:36 . 2009-02-17 00:36 <DIR> d-------- d:\windows\Cache
2009-02-16 23:39 . 2009-02-16 23:39 82 --a------ d:\windows\mafosav.INI
2009-02-16 22:43 . 2009-02-16 22:43 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\funkitron
2009-02-16 22:40 . 2009-02-16 22:40 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\SolSuite
2009-02-16 22:02 . 2009-02-16 22:11 <DIR> d-------- D:\muzika
2009-02-16 22:00 . 2009-03-18 15:19 <DIR> d-------- D:\Games
2009-02-11 04:43 . 2008-06-13 15:10 272,128 --------- d:\windows\system32\drivers\bthport.sys
2009-02-11 04:43 . 2008-06-13 15:10 272,128 -----c--- d:\windows\system32\dllcache\bthport.sys
2009-02-11 04:41 . 2008-08-14 12:00 2,180,352 -----c--- d:\windows\system32\dllcache\ntoskrnl.exe
2009-02-11 04:41 . 2008-08-14 11:58 2,136,064 -----c--- d:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-11 04:41 . 2008-08-14 11:22 2,057,728 -----c--- d:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-11 04:41 . 2008-08-14 11:22 2,015,744 -----c--- d:\windows\system32\dllcache\ntkrpamp.exe
2009-02-11 04:28 . 2008-10-24 13:10 453,632 -----c--- d:\windows\system32\dllcache\mrxsmb.sys
2009-02-11 04:01 . 2009-02-25 09:04 <DIR> d--h----- d:\windows\$hf_mig$
2009-02-11 04:01 . 2005-02-25 05:35 22,752 --a------ d:\windows\system32\spupdsvc.exe
2009-02-10 21:25 . 2009-02-10 21:59 <DIR> d-------- d:\program files\sXe Injected
2009-02-08 23:26 . 2009-02-08 23:26 <DIR> d--hs---- d:\windows\ftpcache
2009-02-08 21:39 . 2009-02-08 21:48 139,264 --a------ d:\windows\War3Unin.exe
2009-02-08 21:39 . 2009-03-22 18:54 86,737 --a------ d:\windows\War3Unin.dat
2009-02-08 21:39 . 2009-02-08 21:48 2,829 --a------ d:\windows\War3Unin.pif
2009-02-08 21:36 . 2009-03-30 16:07 <DIR> d-------- d:\program files\Warcraft III
2009-02-08 21:30 . 2009-03-01 22:48 <DIR> d-------- d:\program files\Counter-Strike 1.6
2009-02-08 21:25 . 2009-02-08 21:25 <DIR> d-------- d:\program files\Avira
2009-02-08 21:25 . 2009-02-08 21:25 <DIR> d-------- d:\documents and settings\All Users\Application Data\Avira
2009-02-08 21:04 . 2009-02-08 21:09 <DIR> d-------- d:\program files\Winamp
2009-02-08 21:04 . 2009-02-08 23:31 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\Winamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 14:33 --------- d--h--w d:\program files\InstallShield Installation Information
2009-02-08 18:18 --------- d-----w d:\program files\SystemRequirementsLab
2009-02-08 18:15 --------- d-----w d:\program files\Realtek Sound Manager
2009-02-08 18:15 --------- d-----w d:\program files\Realtek AC97
2009-02-08 18:15 --------- d-----w d:\program files\Common Files\InstallShield
2009-02-08 18:15 --------- d-----w d:\program files\AvRack
2009-02-08 18:14 --------- d-----w d:\program files\VIA
2009-02-08 18:05 --------- d-----w d:\program files\microsoft frontpage
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of d:\documents and settings\All Users\Application Data\55-62-86-q0-64-09 ----

2009-02-19 12:35 48 --a------ d:\documents and settings\All Users\Application Data\55-62-86-q0-64-09\profile.ini


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 d:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2009-02-18 d:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-03-24 21:47 321344 d:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 02:06 1667584 d:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-03-07 20:01 5724184 d:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2009-01-26 16:31 2144088 d:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-09-12 18:45 36352 d:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"d:\\Games\\AnGo´s Game Collection\\Blobby Volley\\volley.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\pes\\PES2008.exe"=
"d:\\Games\\AnGo?s Game Collection\\Blobby Volley\\volley.exe"=

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;d:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.nvidia.com/content/drivers/drivers.asp
FF - ProfilePath - d:\documents and settings\Nemanja Savic\Application Data\Mozilla\Firefox\Profiles\ivyzqb0l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: d:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-30 18:47:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-30 18:48:43
ComboFix-quarantined-files.txt 2009-03-30 16:48:40
ComboFix2.txt 2009-03-30 15:42:05
ComboFix3.txt 2009-03-30 15:36:31

Pre-Run: 9.403.396.096 bytes free
Post-Run: 9,389,756,416 bytes free

196 --- E O F --- 2009-02-25 08:32:36

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ukoliko jos imas nekih problema opisi ih....

Ko je trenutno na forumu
 

Ukupno su 1228 korisnika na forumu :: 41 registrovanih, 5 sakrivenih i 1182 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, AK - 230, Asparagus, babaroga, ccoogg123, cifra, croato, darcaud, dragoljub11987, Duh sa sekirom, Dvojac005, Excalibur13, FOX, GenZee, hooraay, Istman, krkalon, Kruger, Krusarac, Krvava Devetka, lord sir giga, Lubica, Marko Marković, mercedesamg, milenko crazy north, naki011, nemkea71, NoOneEver Dreams, nuke92, opt1, pera bager, raptorsi, sombrero, Srky Boy, vasa.93, virked, VJ, Vlad000, voja64, VP6919, zdrebac