Iritira me Windows Securiy Center

1

Iritira me Windows Securiy Center

offline
  • n3x 
  • Novi MyCity građanin
  • Pridružio: 29 Mar 2009
  • Poruke: 10

Imam problem sa WSC, prikazuje da nemam AV, a ja imam aviru.Problem je u tome sto je skinuo neki widows-ov AV WnPC Defender i non stop trazi da se registrujemi da apdejtujem preko interneta ( da platim ) i tako na svaka 2 minuta.Probao sam u Security centru na Recommendations i bilo koja opcija iz Resources da iskljucim ali me on konektuje na sajt WIN PC® Defender-a i trazi da se registrujem i da platim, naravno.Kako da iskjucim i izbrisem WIN PC® Defender? Imam XP SP2. Molim vas pomozite..... unapred hvala Smile

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Da bi mi tebi pomogli moras malo ti nama da pomognes...

Kako ? Pa ovako > http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • n3x 
  • Novi MyCity građanin
  • Pridružio: 29 Mar 2009
  • Poruke: 10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:06, on 30.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\Nemanja Savic\Application Data\pcdefender.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Nemanja Savic\Desktop\tr3.exe\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = nvidia.com/content/drivers/drivers.asp
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - D:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEocx Class - {06ec6572-7280-485a-a712-c380526bc048} - D:\WINDOWS\ieocx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sysav] D:\Documents and Settings\Nemanja Savic\Application Data\pcdefender.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - zone.msn.com/bingame/zpagames/zpa_hrtz.cab98974.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4226 bytes

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).


Takođe, nakon svega, potrebno je postaviti i svež HijackThis logfile.

offline
  • n3x 
  • Novi MyCity građanin
  • Pridružio: 29 Mar 2009
  • Poruke: 10

Kada instaliram Malwarebytes Anti-Malware i pokusam da ga pokrenem ( dvoklikom ) samo se pojavi pescani sat 1 sekundu i program se ne otvara.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Njemu treba i do 20 sekundu da se ucita.. cisto da znas Wink

no nebitno....

Uradi sledece :

Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


Zatim skini ovaj program i pokreni ga i prati uputstva... Kada te pita za update ti mu dozvoli... Takodje mu dozvoli instaliranje recovery console.

http://amf.mycity.rs/programs/mirrored/C-F.exe

Na kraju rada programa otvorice ti se notepad sa textom...Iskopiraj mi taj text ovde na forum.

offline
  • n3x 
  • Novi MyCity građanin
  • Pridružio: 29 Mar 2009
  • Poruke: 10

ComboFix 09-03-29.04 - Nemanja Savic 2009-03-30 17:39:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.278 [GMT 2:00]
Running from: d:\documents and settings\Nemanja Savic\Desktop\C-F.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-30 13:04 . 2009-03-30 13:04 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2009-03-30 13:04 . 2009-03-30 13:04 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-30 13:04 . 2009-03-26 16:49 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 13:04 . 2009-03-26 16:49 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2009-03-29 20:11 . 2009-03-29 20:11 <DIR> d--h----- d:\windows\system32\GroupPolicy
2009-03-29 19:53 . 2009-02-18 14:44 453,152 --a------ d:\windows\system32\nvuninst.exe
2009-03-29 19:53 . 2009-02-18 14:44 453,152 --a------ d:\windows\system32\nvudisp.exe
2009-03-29 19:53 . 2009-03-30 17:38 212,641 --a------ d:\windows\system32\nvapps.xml
2009-03-29 19:53 . 2009-02-18 14:44 19,021 --a------ d:\windows\system32\nvdisp.nvu
2009-03-29 19:25 . 2009-03-29 19:25 <DIR> d-------- D:\NVIDIA
2009-03-29 17:05 . 2009-03-29 19:55 <DIR> d-------- d:\windows\nview
2009-03-29 17:05 . 2009-02-18 14:44 6,308,224 --a------ d:\windows\system32\drivers\nv4_mini.sys
2009-03-29 17:05 . 2009-02-18 14:44 6,308,224 --a--c--- d:\windows\system32\dllcache\nv4_mini.sys
2009-03-29 17:05 . 2009-02-18 14:44 6,185,088 --a------ d:\windows\system32\nv4_disp.dll
2009-03-29 17:05 . 2009-02-18 14:44 6,185,088 --a--c--- d:\windows\system32\dllcache\nv4_disp.dll
2009-03-29 17:00 . 2009-03-29 17:02 <DIR> d-------- d:\windows\SxsCaPendDel
2009-03-29 16:31 . 2009-03-29 16:31 <DIR> d-------- d:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-29 16:07 . 2009-03-29 17:00 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\Uniblue
2009-03-29 16:07 . 2009-03-29 17:00 <DIR> d-------- d:\documents and settings\All Users\Application Data\DriverScanner
2009-03-29 03:53 . 2009-03-29 03:53 0 --a------ d:\windows\msicpl.ini
2009-03-29 02:05 . 2008-07-09 13:12 614,400 --a------ d:\windows\system32\msvcr80.dll
2009-03-29 00:23 . 2009-03-29 00:23 1,021,440 --a------ d:\documents and settings\Nemanja Savic\Application Data\pcdefender.exe
2009-03-28 22:32 . 2009-03-28 23:30 <DIR> d-------- d:\program files\Spybot - Search & Destroy
2009-03-28 22:32 . 2009-03-30 17:36 <DIR> d-------- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-24 21:48 . 2009-03-24 22:23 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\BitTorrent
2009-03-24 21:47 . 2009-03-28 23:30 <DIR> d-------- d:\program files\DNA
2009-03-24 21:47 . 2009-03-24 21:47 <DIR> d-------- d:\program files\BitTorrent
2009-03-24 21:47 . 2009-03-24 21:47 <DIR> d-------- d:\program files\AskSearch
2009-03-24 21:47 . 2009-03-28 23:32 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\DNA
2009-03-19 14:24 . 2009-03-19 14:24 268 --ah----- D:\sqmdata01.sqm
2009-03-19 14:24 . 2009-03-19 14:24 244 --ah----- D:\sqmnoopt01.sqm
2009-03-18 14:58 . 2009-03-18 14:58 292 --ah----- D:\sqmdata00.sqm
2009-03-18 14:58 . 2009-03-18 14:58 244 --ah----- D:\sqmnoopt00.sqm
2009-03-09 18:31 . 2009-03-09 18:31 <DIR> d-------- d:\program files\Common Files\NSV
2009-03-04 17:31 . 2009-03-04 17:31 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\EA
2009-03-04 17:31 . 2009-03-04 17:31 <DIR> d-------- d:\documents and settings\All Users\Application Data\EA
2009-03-04 14:10 . 2009-03-05 21:11 <DIR> d-------- d:\documents and settings\Nemanja Savic\Contacts
2009-03-04 14:09 . 2009-03-04 14:09 <DIR> d----c--- d:\windows\system32\DRVSTORE
2009-03-04 14:08 . 2009-03-04 14:08 <DIR> d--hsc--- d:\program files\Common Files\WindowsLiveInstaller
2009-03-04 14:07 . 2009-03-29 17:01 <DIR> d-------- d:\program files\Windows Live
2009-03-04 14:07 . 2009-03-04 14:07 <DIR> d-------- d:\documents and settings\All Users\Application Data\WLInstaller
2009-02-25 02:11 . 2009-02-25 02:11 <DIR> d-------- d:\program files\Switch Off
2009-02-24 04:37 . 2009-03-01 19:58 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\skypePM
2009-02-24 04:37 . 2009-02-24 04:37 56 --ah----- d:\windows\system32\ezsidmv.dat
2009-02-24 04:34 . 2009-03-01 21:17 <DIR> d-------- d:\documents and settings\All Users\Application Data\Skype
2009-02-24 03:42 . 2009-02-24 03:42 <DIR> d-------- d:\documents and settings\Nemanja Savic\LocalLow
2009-02-24 03:42 . 2009-02-24 03:42 <DIR> d-------- d:\documents and settings\All Users\Application Data\TVU Networks
2009-02-23 04:28 . 2009-02-24 04:43 <DIR> d-------- d:\program files\Dealio
2009-02-23 04:27 . 2009-02-23 04:27 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\RateMyScreensaver
2009-02-19 22:02 . 2009-03-01 21:02 <DIR> d-------- d:\program files\Yahoo!
2009-02-19 21:50 . 2009-02-19 21:50 <DIR> d-------- d:\windows\system32\runtime
2009-02-19 21:48 . 2009-03-01 21:09 <DIR> d-------- d:\program files\Google
2009-02-19 21:47 . 2009-02-19 21:47 169 --a------ d:\windows\RtlRack.ini
2009-02-19 17:54 . 2009-02-19 17:54 <DIR> d-------- d:\documents and settings\All Users\Application Data\GRETECH
2009-02-19 17:53 . 2009-02-19 17:53 <DIR> d-------- d:\program files\GRETECH
2009-02-19 17:53 . 2009-02-19 17:53 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\GRETECH
2009-02-19 17:43 . 2009-02-19 17:43 <DIR> d-------- d:\program files\Micro DVD Player
2009-02-19 17:43 . 2009-02-19 17:43 <DIR> d-------- d:\program files\DivXCodec
2009-02-19 16:52 . 2004-08-04 00:08 26,496 --a--c--- d:\windows\system32\dllcache\usbstor.sys
2009-02-18 19:07 . 2009-02-26 00:10 40 --a------ d:\windows\popcinfo.dat
2009-02-18 17:59 . 2009-02-18 17:59 <DIR> d-------- d:\documents and settings\All Users\Application Data\55-62-86-q0-64-09
2009-02-17 00:40 . 2009-02-17 00:40 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\AdobeUM
2009-02-17 00:38 . 2009-02-19 23:01 <DIR> d-------- d:\program files\Common Files\Adobe
2009-02-17 00:36 . 2009-02-17 00:36 <DIR> d-------- d:\windows\Cache
2009-02-16 23:39 . 2009-02-16 23:39 82 --a------ d:\windows\mafosav.INI
2009-02-16 22:43 . 2009-02-16 22:43 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\funkitron
2009-02-16 22:40 . 2009-02-16 22:40 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\SolSuite
2009-02-16 22:02 . 2009-02-16 22:11 <DIR> d-------- D:\muzika
2009-02-16 22:00 . 2009-03-18 15:19 <DIR> d-------- D:\Games
2009-02-11 04:43 . 2008-06-13 15:10 272,128 --------- d:\windows\system32\drivers\bthport.sys
2009-02-11 04:43 . 2008-06-13 15:10 272,128 -----c--- d:\windows\system32\dllcache\bthport.sys
2009-02-11 04:41 . 2008-08-14 12:00 2,180,352 -----c--- d:\windows\system32\dllcache\ntoskrnl.exe
2009-02-11 04:41 . 2008-08-14 11:58 2,136,064 -----c--- d:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-11 04:41 . 2008-08-14 11:22 2,057,728 -----c--- d:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-11 04:41 . 2008-08-14 11:22 2,015,744 -----c--- d:\windows\system32\dllcache\ntkrpamp.exe
2009-02-11 04:28 . 2008-10-24 13:10 453,632 -----c--- d:\windows\system32\dllcache\mrxsmb.sys
2009-02-11 04:01 . 2009-02-25 09:04 <DIR> d--h----- d:\windows\$hf_mig$
2009-02-11 04:01 . 2005-02-25 05:35 22,752 --a------ d:\windows\system32\spupdsvc.exe
2009-02-10 21:25 . 2009-02-10 21:59 <DIR> d-------- d:\program files\sXe Injected
2009-02-08 23:26 . 2009-02-08 23:26 <DIR> d--hs---- d:\windows\ftpcache
2009-02-08 21:39 . 2009-02-08 21:48 139,264 --a------ d:\windows\War3Unin.exe
2009-02-08 21:39 . 2009-03-22 18:54 86,737 --a------ d:\windows\War3Unin.dat
2009-02-08 21:39 . 2009-02-08 21:48 2,829 --a------ d:\windows\War3Unin.pif
2009-02-08 21:36 . 2009-03-30 16:07 <DIR> d-------- d:\program files\Warcraft III
2009-02-08 21:30 . 2009-03-01 22:48 <DIR> d-------- d:\program files\Counter-Strike 1.6
2009-02-08 21:25 . 2009-02-08 21:25 <DIR> d-------- d:\program files\Avira
2009-02-08 21:25 . 2009-02-08 21:25 <DIR> d-------- d:\documents and settings\All Users\Application Data\Avira
2009-02-08 21:04 . 2009-02-08 21:09 <DIR> d-------- d:\program files\Winamp
2009-02-08 21:04 . 2009-02-08 23:31 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\Winamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 14:33 --------- d--h--w d:\program files\InstallShield Installation Information
2009-02-08 18:18 --------- d-----w d:\program files\SystemRequirementsLab
2009-02-08 18:15 --------- d-----w d:\program files\Realtek Sound Manager
2009-02-08 18:15 --------- d-----w d:\program files\Realtek AC97
2009-02-08 18:15 --------- d-----w d:\program files\Common Files\InstallShield
2009-02-08 18:15 --------- d-----w d:\program files\AvRack
2009-02-08 18:14 --------- d-----w d:\program files\VIA
2009-02-08 18:05 --------- d-----w d:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"sysav"="d:\documents and settings\Nemanja Savic\Application Data\pcdefender.exe" [2009-03-29 1021440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 d:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2009-02-18 d:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-03-24 21:47 321344 d:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 02:06 1667584 d:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-03-07 20:01 5724184 d:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2009-01-26 16:31 2144088 d:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-09-12 18:45 36352 d:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"d:\\Games\\AnGo´s Game Collection\\Blobby Volley\\volley.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\pes\\PES2008.exe"=
"d:\\Games\\AnGo?s Game Collection\\Blobby Volley\\volley.exe"=

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;d:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.nvidia.com/content/drivers/drivers.asp
FF - ProfilePath - d:\documents and settings\Nemanja Savic\Application Data\Mozilla\Firefox\Profiles\ivyzqb0l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-30 17:41:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-30 17:42:03
ComboFix-quarantined-files.txt 2009-03-30 15:42:01
ComboFix2.txt 2009-03-30 15:36:31

Pre-Run: 9.419.735.040 bytes free
Post-Run: 9,406,046,208 bytes free

185 --- E O F --- 2009-02-25 08:32:36

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Otvoriti Notepad i iskopirati sledeci tekst:

File::
d:\documents and settings\Nemanja Savic\Application Data\pcdefender.exe

DirLook::
d:\documents and settings\All Users\Application Data\55-62-86-q0-64-09

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sysav"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • n3x 
  • Novi MyCity građanin
  • Pridružio: 29 Mar 2009
  • Poruke: 10

ComboFix 09-03-29.04 - Nemanja Savic 2009-03-30 18:46:45.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.309 [GMT 2:00]
Running from: d:\documents and settings\Nemanja Savic\Desktop\C-F.exe
Command switches used :: d:\documents and settings\Nemanja Savic\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
d:\documents and settings\Nemanja Savic\Application Data\pcdefender.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Nemanja Savic\Application Data\pcdefender.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-30 13:04 . 2009-03-30 13:04 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2009-03-30 13:04 . 2009-03-30 13:04 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-30 13:04 . 2009-03-26 16:49 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 13:04 . 2009-03-26 16:49 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2009-03-29 20:11 . 2009-03-29 20:11 <DIR> d--h----- d:\windows\system32\GroupPolicy
2009-03-29 19:53 . 2009-02-18 14:44 453,152 --a------ d:\windows\system32\nvuninst.exe
2009-03-29 19:53 . 2009-02-18 14:44 453,152 --a------ d:\windows\system32\nvudisp.exe
2009-03-29 19:53 . 2009-03-30 17:38 212,641 --a------ d:\windows\system32\nvapps.xml
2009-03-29 19:53 . 2009-02-18 14:44 19,021 --a------ d:\windows\system32\nvdisp.nvu
2009-03-29 19:25 . 2009-03-29 19:25 <DIR> d-------- D:\NVIDIA
2009-03-29 17:05 . 2009-03-29 19:55 <DIR> d-------- d:\windows\nview
2009-03-29 17:05 . 2009-02-18 14:44 6,308,224 --a------ d:\windows\system32\drivers\nv4_mini.sys
2009-03-29 17:05 . 2009-02-18 14:44 6,308,224 --a--c--- d:\windows\system32\dllcache\nv4_mini.sys
2009-03-29 17:05 . 2009-02-18 14:44 6,185,088 --a------ d:\windows\system32\nv4_disp.dll
2009-03-29 17:05 . 2009-02-18 14:44 6,185,088 --a--c--- d:\windows\system32\dllcache\nv4_disp.dll
2009-03-29 17:00 . 2009-03-29 17:02 <DIR> d-------- d:\windows\SxsCaPendDel
2009-03-29 16:31 . 2009-03-29 16:31 <DIR> d-------- d:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-29 16:07 . 2009-03-29 17:00 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\Uniblue
2009-03-29 16:07 . 2009-03-29 17:00 <DIR> d-------- d:\documents and settings\All Users\Application Data\DriverScanner
2009-03-29 03:53 . 2009-03-29 03:53 0 --a------ d:\windows\msicpl.ini
2009-03-29 02:05 . 2008-07-09 13:12 614,400 --a------ d:\windows\system32\msvcr80.dll
2009-03-28 22:32 . 2009-03-28 23:30 <DIR> d-------- d:\program files\Spybot - Search & Destroy
2009-03-28 22:32 . 2009-03-30 17:36 <DIR> d-------- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-24 21:48 . 2009-03-24 22:23 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\BitTorrent
2009-03-24 21:47 . 2009-03-28 23:30 <DIR> d-------- d:\program files\DNA
2009-03-24 21:47 . 2009-03-24 21:47 <DIR> d-------- d:\program files\BitTorrent
2009-03-24 21:47 . 2009-03-24 21:47 <DIR> d-------- d:\program files\AskSearch
2009-03-24 21:47 . 2009-03-28 23:32 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\DNA
2009-03-19 14:24 . 2009-03-19 14:24 268 --ah----- D:\sqmdata01.sqm
2009-03-19 14:24 . 2009-03-19 14:24 244 --ah----- D:\sqmnoopt01.sqm
2009-03-18 14:58 . 2009-03-18 14:58 292 --ah----- D:\sqmdata00.sqm
2009-03-18 14:58 . 2009-03-18 14:58 244 --ah----- D:\sqmnoopt00.sqm
2009-03-09 18:31 . 2009-03-09 18:31 <DIR> d-------- d:\program files\Common Files\NSV
2009-03-04 17:31 . 2009-03-04 17:31 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\EA
2009-03-04 17:31 . 2009-03-04 17:31 <DIR> d-------- d:\documents and settings\All Users\Application Data\EA
2009-03-04 14:10 . 2009-03-05 21:11 <DIR> d-------- d:\documents and settings\Nemanja Savic\Contacts
2009-03-04 14:09 . 2009-03-04 14:09 <DIR> d----c--- d:\windows\system32\DRVSTORE
2009-03-04 14:08 . 2009-03-04 14:08 <DIR> d--hsc--- d:\program files\Common Files\WindowsLiveInstaller
2009-03-04 14:07 . 2009-03-29 17:01 <DIR> d-------- d:\program files\Windows Live
2009-03-04 14:07 . 2009-03-04 14:07 <DIR> d-------- d:\documents and settings\All Users\Application Data\WLInstaller
2009-02-25 02:11 . 2009-02-25 02:11 <DIR> d-------- d:\program files\Switch Off
2009-02-24 04:37 . 2009-03-01 19:58 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\skypePM
2009-02-24 04:37 . 2009-02-24 04:37 56 --ah----- d:\windows\system32\ezsidmv.dat
2009-02-24 04:34 . 2009-03-01 21:17 <DIR> d-------- d:\documents and settings\All Users\Application Data\Skype
2009-02-24 03:42 . 2009-02-24 03:42 <DIR> d-------- d:\documents and settings\Nemanja Savic\LocalLow
2009-02-24 03:42 . 2009-02-24 03:42 <DIR> d-------- d:\documents and settings\All Users\Application Data\TVU Networks
2009-02-23 04:28 . 2009-02-24 04:43 <DIR> d-------- d:\program files\Dealio
2009-02-23 04:27 . 2009-02-23 04:27 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\RateMyScreensaver
2009-02-19 22:02 . 2009-03-01 21:02 <DIR> d-------- d:\program files\Yahoo!
2009-02-19 21:50 . 2009-02-19 21:50 <DIR> d-------- d:\windows\system32\runtime
2009-02-19 21:48 . 2009-03-01 21:09 <DIR> d-------- d:\program files\Google
2009-02-19 21:47 . 2009-02-19 21:47 169 --a------ d:\windows\RtlRack.ini
2009-02-19 17:54 . 2009-02-19 17:54 <DIR> d-------- d:\documents and settings\All Users\Application Data\GRETECH
2009-02-19 17:53 . 2009-02-19 17:53 <DIR> d-------- d:\program files\GRETECH
2009-02-19 17:53 . 2009-02-19 17:53 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\GRETECH
2009-02-19 17:43 . 2009-02-19 17:43 <DIR> d-------- d:\program files\Micro DVD Player
2009-02-19 17:43 . 2009-02-19 17:43 <DIR> d-------- d:\program files\DivXCodec
2009-02-19 16:52 . 2004-08-04 00:08 26,496 --a--c--- d:\windows\system32\dllcache\usbstor.sys
2009-02-18 19:07 . 2009-02-26 00:10 40 --a------ d:\windows\popcinfo.dat
2009-02-18 17:59 . 2009-02-18 17:59 <DIR> d-------- d:\documents and settings\All Users\Application Data\55-62-86-q0-64-09
2009-02-17 00:40 . 2009-02-17 00:40 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\AdobeUM
2009-02-17 00:38 . 2009-02-19 23:01 <DIR> d-------- d:\program files\Common Files\Adobe
2009-02-17 00:36 . 2009-02-17 00:36 <DIR> d-------- d:\windows\Cache
2009-02-16 23:39 . 2009-02-16 23:39 82 --a------ d:\windows\mafosav.INI
2009-02-16 22:43 . 2009-02-16 22:43 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\funkitron
2009-02-16 22:40 . 2009-02-16 22:40 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\SolSuite
2009-02-16 22:02 . 2009-02-16 22:11 <DIR> d-------- D:\muzika
2009-02-16 22:00 . 2009-03-18 15:19 <DIR> d-------- D:\Games
2009-02-11 04:43 . 2008-06-13 15:10 272,128 --------- d:\windows\system32\drivers\bthport.sys
2009-02-11 04:43 . 2008-06-13 15:10 272,128 -----c--- d:\windows\system32\dllcache\bthport.sys
2009-02-11 04:41 . 2008-08-14 12:00 2,180,352 -----c--- d:\windows\system32\dllcache\ntoskrnl.exe
2009-02-11 04:41 . 2008-08-14 11:58 2,136,064 -----c--- d:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-11 04:41 . 2008-08-14 11:22 2,057,728 -----c--- d:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-11 04:41 . 2008-08-14 11:22 2,015,744 -----c--- d:\windows\system32\dllcache\ntkrpamp.exe
2009-02-11 04:28 . 2008-10-24 13:10 453,632 -----c--- d:\windows\system32\dllcache\mrxsmb.sys
2009-02-11 04:01 . 2009-02-25 09:04 <DIR> d--h----- d:\windows\$hf_mig$
2009-02-11 04:01 . 2005-02-25 05:35 22,752 --a------ d:\windows\system32\spupdsvc.exe
2009-02-10 21:25 . 2009-02-10 21:59 <DIR> d-------- d:\program files\sXe Injected
2009-02-08 23:26 . 2009-02-08 23:26 <DIR> d--hs---- d:\windows\ftpcache
2009-02-08 21:39 . 2009-02-08 21:48 139,264 --a------ d:\windows\War3Unin.exe
2009-02-08 21:39 . 2009-03-22 18:54 86,737 --a------ d:\windows\War3Unin.dat
2009-02-08 21:39 . 2009-02-08 21:48 2,829 --a------ d:\windows\War3Unin.pif
2009-02-08 21:36 . 2009-03-30 16:07 <DIR> d-------- d:\program files\Warcraft III
2009-02-08 21:30 . 2009-03-01 22:48 <DIR> d-------- d:\program files\Counter-Strike 1.6
2009-02-08 21:25 . 2009-02-08 21:25 <DIR> d-------- d:\program files\Avira
2009-02-08 21:25 . 2009-02-08 21:25 <DIR> d-------- d:\documents and settings\All Users\Application Data\Avira
2009-02-08 21:04 . 2009-02-08 21:09 <DIR> d-------- d:\program files\Winamp
2009-02-08 21:04 . 2009-02-08 23:31 <DIR> d-------- d:\documents and settings\Nemanja Savic\Application Data\Winamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 14:33 --------- d--h--w d:\program files\InstallShield Installation Information
2009-02-08 18:18 --------- d-----w d:\program files\SystemRequirementsLab
2009-02-08 18:15 --------- d-----w d:\program files\Realtek Sound Manager
2009-02-08 18:15 --------- d-----w d:\program files\Realtek AC97
2009-02-08 18:15 --------- d-----w d:\program files\Common Files\InstallShield
2009-02-08 18:15 --------- d-----w d:\program files\AvRack
2009-02-08 18:14 --------- d-----w d:\program files\VIA
2009-02-08 18:05 --------- d-----w d:\program files\microsoft frontpage
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of d:\documents and settings\All Users\Application Data\55-62-86-q0-64-09 ----

2009-02-19 12:35 48 --a------ d:\documents and settings\All Users\Application Data\55-62-86-q0-64-09\profile.ini


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 d:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2009-02-18 d:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-03-24 21:47 321344 d:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 02:06 1667584 d:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-03-07 20:01 5724184 d:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2009-01-26 16:31 2144088 d:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-09-12 18:45 36352 d:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"d:\\Games\\AnGo´s Game Collection\\Blobby Volley\\volley.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\pes\\PES2008.exe"=
"d:\\Games\\AnGo?s Game Collection\\Blobby Volley\\volley.exe"=

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;d:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.nvidia.com/content/drivers/drivers.asp
FF - ProfilePath - d:\documents and settings\Nemanja Savic\Application Data\Mozilla\Firefox\Profiles\ivyzqb0l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: d:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-30 18:47:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-30 18:48:43
ComboFix-quarantined-files.txt 2009-03-30 16:48:40
ComboFix2.txt 2009-03-30 15:42:05
ComboFix3.txt 2009-03-30 15:36:31

Pre-Run: 9.403.396.096 bytes free
Post-Run: 9,389,756,416 bytes free

196 --- E O F --- 2009-02-25 08:32:36

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ukoliko jos imas nekih problema opisi ih....

Ko je trenutno na forumu
 

Ukupno su 767 korisnika na forumu :: 40 registrovanih, 4 sakrivenih i 723 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _commandos_, A.R.Chafee.Jr., AK - 230, aljosa7, Areal84, Arhiv, Atomski čoban, awathorn, bankulen, bojank, Boris90, BraneS, Cigi, Crazzer, darkangel, Denaya, Faki-Valjevo, Filip Marinković, goranmarinkovic81, goxin, goxsys, Insan, Koca Popovic, kybonacci, lekso, Marko Marković, Milos ZA, Nenad Jowanović, ObelixSRB, repac, sakota79, Sale.S, Steeeefan, StefanNBG90, tmanda323, Toni, Toper, Trpe Grozni, vlvl, voja64