MyCity » Ambulanta -> Arhiva Ambulante » Malware itd...

Malware itd...

Napisano na dan: 14.2.2010

Strana:
1
2

Malware itd...

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Braco_Cacak Poslao: 14 Feb 2010 23:21 Idi na vrh
offline Braco_Cacak Novi MyCity građanin Pridružio: 14 Feb 2010 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Cao,kompjuter mi je odjednom usporen,i pocinje da kuje,uradio sam scan sa ComboFix-om,ali ne znam da tumacim logove,pa ako bi neko bio ljubazan da mi kaze sta dalje,bio bih puno zahvalan,bas mi treba pomoc...Unapred hvala.A ovde je log. ComboFix 10-02-12.01 - Admin 14.02.2010 22:04:45.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.292 [GMT 1:00] Running from: d:\downloads\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 On-access scanning enabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Cheat Engine\dbk32.sys C:\restore c:\windows\system32\11478.exe c:\windows\system32\11942.exe c:\windows\system32\15724.exe c:\windows\system32\16827.exe c:\windows\system32\18467.exe c:\windows\system32\19169.exe c:\windows\system32\23281.exe c:\windows\system32\24464.exe c:\windows\system32\26500.exe c:\windows\system32\26962.exe c:\windows\system32\28145.exe c:\windows\system32\29358.exe c:\windows\system32\2995.exe c:\windows\system32\32391.exe c:\windows\system32\4827.exe c:\windows\system32\491.exe c:\windows\system32\5436.exe c:\windows\system32\5705.exe c:\windows\system32\6334.exe c:\windows\system32\9961.exe c:\windows\system32\msgsvc.dll . . . is infected!! c:\windows\system32\calc.exe . . . is infected!! c:\windows\system32\winlogon.exe . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE -------\Legacy_DBKDRVR54 -------\Service_DBKDRVR54 ((((((((((((((((((((((((( Files Created from 2010-01-14 to 2010-02-14 ))))))))))))))))))))))))))))))) . 9999-02-10 23:17 . 9999-02-10 23:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-02-06 23:08 . 2010-02-06 23:08 -------- d-----w- c:\program files\Google 2010-02-05 09:23 . 2010-02-05 09:23 -------- d-----w- c:\documents and settings\Admin\Application Data\CoSoSys 2010-01-27 00:27 . 2010-01-27 00:27 -------- d-----w- c:\program files\iXi Tools 2010-01-27 00:22 . 2010-01-27 00:22 -------- d-----w- c:\program files\Lavalys 2010-01-27 00:11 . 2010-01-27 00:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-27 00:04 . 2009-01-27 01:07 -------- d-----w- c:\program files\SpeedFan 2010-01-26 23:02 . 2010-01-26 23:08 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-01-26 20:27 . 2010-01-26 20:37 -------- d-----w- c:\program files\EASEUS 2010-01-25 17:37 . 2010-01-25 17:37 -------- d-----w- c:\program files\EA GAMES 2010-01-25 17:03 . 2010-01-25 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2010-01-25 16:59 . 2009-02-25 14:15 593920 ------w- c:\windows\system32\ati2sgag.exe 2010-01-25 16:34 . 2010-01-25 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2010-01-21 16:47 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 9999-10-01 14:28 . 2002-02-13 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-02-14 21:07 . 2009-10-13 14:29 -------- d-----w- c:\program files\Cheat Engine 2010-01-26 23:50 . 2002-02-13 10:20 -------- d-----w- c:\program files\Ahead 2010-01-26 20:27 . 2002-02-13 10:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-26 20:27 . 2009-11-01 23:38 -------- d-----w- c:\documents and settings\Admin\Application Data\GetRightToGo 2010-01-26 14:54 . 2002-02-13 10:28 46648 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-25 17:01 . 2002-02-13 10:25 -------- d-----w- c:\program files\ATI Technologies 2010-01-24 22:59 . 2002-02-13 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-21 16:26 . 2009-05-14 07:42 -------- d-----w- c:\documents and settings\Admin\Application Data\Wildfire 2010-01-21 01:29 . 2009-06-17 17:14 -------- d-----w- c:\program files\AlienGUIse 2010-01-21 01:28 . 2009-06-17 17:14 -------- d-----w- c:\program files\Common Files\Stardock 2010-01-20 10:19 . 2009-05-20 11:19 -------- d-----w- c:\program files\AutoCAD 2006 2010-01-20 10:19 . 2009-05-20 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2010-01-20 10:19 . 2009-05-20 11:18 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2010-01-20 10:09 . 2002-02-13 09:47 -------- d-----w- c:\program files\Winamp 2010-01-20 09:58 . 2009-07-02 02:19 -------- d-----w- c:\program files\DaemonTools_WhenUSave_Installer 2010-01-07 15:07 . 2003-02-12 04:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2003-02-12 04:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-26 15:56 . 2009-12-26 15:56 -------- d-----w- c:\program files\Opera 2009-12-16 23:38 . 2002-02-13 10:21 -------- d-----w- c:\program files\Eset . ------- Sigcheck ------- [-] 2002-12-31 . CE3EC03C9F65302E44AF5C452D20A86F . 360832 . . [5.1.2600.3244] . . c:\windows\system32\drivers\tcpip.sys [-] 2002-12-31 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-06 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 22:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\wbsys.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0smrgdf c:\program files\iolo\System Mechanic 4" [HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Alienware Dock.lnk] path=c:\documents and settings\Admin\Start Menu\Programs\Startup\Alienware Dock.lnk backup=c:\windows\pss\Alienware Dock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\Admin\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Yahoo! Widgets.lnk] path=c:\documents and settings\Admin\Start Menu\Programs\Startup\Yahoo! Widgets.lnk backup=c:\windows\pss\Yahoo! Widgets.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=c:\windows\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RtlWake.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RtlWake.lnk backup=c:\windows\pss\RtlWake.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2004-08-03 23:56 110592 ----a-w- c:\windows\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2002-12-31 12:00 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] 2009-05-14 14:47 2029640 ----a-w- c:\program files\Eset\ESET NOD32 Antivirus\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-09-06 03:06 133104 ----atw- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-09-02 14:27 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2009-02-25 14:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-02-22 03:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu] 2009-03-19 15:38 2171392 ----a-w- c:\program files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YahooWidgets] 2009-03-19 15:38 4742184 ----a-w- c:\program files\Transform XP to Vista\Yahoo! Widgets\Widgets\YahooWidgets.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.5.2009 12:44 639224] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360] R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9.12.2009 21:30 54752] R2 TTFixerService;NST ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [13.2.2002 10:40 10240] S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 22:48 704864] S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl8180.sys [13.2.2002 11:38 180736] --- Other Services/Drivers In Memory --- NewlyCreated* - ASPI32 . Contents of the 'Scheduled Tasks' folder 2010-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-492894223-1343024091-1004Core.job - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-06 03:06] 2010-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-492894223-1343024091-1004UA.job - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-06 03:06] . . ------- Supplementary Scan ------- . mStart Page = about:blank FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\48hlf7sm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCfox000&fl=0&ptb=araVbGtBvwB2r5ypNid4vg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . - - - - ORPHANS REMOVED - - - - HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe Notify-WgaLogon - (no file) MSConfigStartUp-DaemonTools_WhenUSave_Installer - c:\program files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe MSConfigStartUp-Internet Security 2010 - c:\program files\InternetSecurity2010\IS2010.exe MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MyWebSearch\bar\1.bin\m3SrchMn.exe MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MyWebSearch\bar\1.bin\mwsoemon.exe MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MyWebSearch\bar\1.bin\M3PLUGIN.DLL MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe MSConfigStartUp-winupdate86 - (no file) AddRemove-CCleaner_is1 - c:\program files\Utilities\CCleaner\unins000.exe AddRemove-Mario Forever v 2.16 ! - c:\buziol games\Mario Forever\UnMario.exe AddRemove-PerformanceTest_is1 - c:\program files\PerformanceTest\unins000.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-02-14 22:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x823D41D8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf859af10 \Driver\ACPI -> ACPI.sys @ 0xf83fecb8 \Driver\atapi -> 0x823d41d8 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a00ad ParseProcedure -> ntoskrnl.exe @ 0x80570e7d \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a00ad ParseProcedure -> ntoskrnl.exe @ 0x80570e7d NDIS: VIA Compatable Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf827eba0 PacketIndicateHandler -> NDIS.sys @ 0xf828bb21 SendHandler -> NDIS.sys @ 0xf826987b Warning: possible MBR rootkit infection ! user & kernel MBR OK ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-448539723-492894223-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(824) c:\windows\system32\Ati2evxx.dll c:\program files\AlienGUIse\fastload.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2010-02-14 22:14:13 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-14 21:14 Pre-Run: 10.991.263.744 bytes free Post-Run: 11.648.741.376 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] g:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - F553D3D308E3446FBDA6F21DB49C7BEE

Profil

helen1 Poslao: 15 Feb 2010 00:06 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo i dobrodosao, Pokusacu da ti pomognem, ali moram ti reci da nisi smeo da pustas ComboFix na svoju ruku, vec ako trazis pomoc od nas da uradis kako se kaze ovde: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html Vidim da si pomoc trazio i na drugom mestu, pa bi bilo najbolje da se odlucis koga ces da slusas u toku resavanja tvog problema, mislim na ovu temu: http://furka.com/procitaj/7/50789/9/ Znaci, idi na ovaj link: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html i postavi logove po uputstvu, a mi cemo ih pregledati i pokusati da ti pomognemo.

Profil

Braco_Cacak Poslao: 15 Feb 2010 00:14 Idi na vrh
offline Braco_Cacak Novi MyCity građanin Pridružio: 14 Feb 2010 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! helen1 ::Zdravo i dobrodosao, Pokusacu da ti pomognem, ali moram ti reci da nisi smeo da pustas ComboFix na svoju ruku, vec ako trazis pomoc od nas da uradis kako se kaze ovde: mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html Vidim da si pomoc trazio i na drugom mestu, pa bi bilo najbolje da se odlucis koga ces da slusas u toku resavanja tvog problema, mislim na ovu temu: furka.com/procitaj/7/50789/9/ Znaci, idi na ovaj link: mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html i postavi logove po uputstvu, a mi cemo ih pregledati i pokusati da ti pomognemo. Hvala,postavio sam temu i na furci jer sam mislio da ce mi neko pomoci,samo trazim pomoc...Procitao sam uputstva,po njima sam i uradio ComboFix test,okacio sam vec log,a evo opisacu i problem.Skoro sam imao problema sa sistemom,nacisto je bio blokiran,nista od app nije radilo,i pomocu Malwarebytes-a sam uspeo da ga malo sredim,ali nisam bio najstrucniji,a niko nije bio voljan da mi pomogne,pa sam sve stiklirao i isao na fix,tkd sam verovatno nesto i zeznuo,ali sam nakon toga reinstalirao sve drajvere,programe itd..Ali od tada mi nije radi antivirus,NOD32,koji sam instalirao,vise se nije pokretao prilikom paljenja racunara.Danas je kompjuter odjednom poceo da radi usporeno,da presporo otvara stranice,i tako dalje.I imam jos jedan problem sa kompjuterom vec duze vreme,ali mislim da to nije za ovaj forum,napisacu u drugom podforumu...Unapred hvala,i izvinjavam se za greske ako sam napravio neke,nisam previse iskusan,novi sam na forumu...

Profil

helen1 Poslao: 15 Feb 2010 00:18 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, ali ces ipak morati otici na ovaj link: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html i pronaci deo gde se opisuje skeniranje sa programom Gmer. Opisano je u koraku broj 3.

Profil

Braco_Cacak Poslao: 15 Feb 2010 00:52 Idi na vrh
offline Braco_Cacak Novi MyCity građanin Pridružio: 14 Feb 2010 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: DDS (Ver_09-12-01.01) - NTFSx86 Run by Admin at 23:54:10,84 on ned 14.02.2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.130 [GMT 1:00] AV: ESET NOD32 Antivirus 4.0 On-access scanning enabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Downloads\dds.scr ============== Pseudo HJT Report =============== mStart Page = about:blank BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe mRun: [WinampAgent] c:\program files\winamp\winampa.exe mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0) mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0) DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: WB - c:\program files\alienguise\fastload.dll AppInit_DLLs: c:\windows\system32\wbsys.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\48hlf7sm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCfox000&fl=0&ptb=araVbGtBvwB2r5ypNid4vg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-12-9 54752] R2 TTFixerService;NST ToolTipFixer;c:\program files\neosmart technologies\tooltipfixer\ToolTipFixer.exe [2002-2-13 10240] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl8180.sys [2002-2-13 180736] =============== Created Last 30 ================ 2010-02-14 21:02:21 98816 ----a-w- c:\windows\sed.exe 2010-02-14 21:02:21 77312 ----a-w- c:\windows\MBR.exe 2010-02-14 21:02:21 261632 ----a-w- c:\windows\PEV.exe 2010-02-14 21:02:21 161792 ----a-w- c:\windows\SWREG.exe 2010-02-05 09:23:14 0 d-----w- c:\docume~1\admin\applic~1\CoSoSys 2010-01-27 00:27:46 0 d-----w- c:\program files\iXi Tools 2010-01-27 00:22:42 0 d-----w- c:\program files\Lavalys 2010-01-27 00:14:08 4431872 ----a-w- c:\documents and settings\admin\s-1-5-21-448539723-492894223-1343024091-1004.rrr 2010-01-27 00:04:13 0 d-----w- c:\program files\SpeedFan 2010-01-27 00:04:10 45 ----a-w- c:\windows\system32\initdebug.nfo 2010-01-26 23:02:59 0 d-----w- c:\windows\system32\CatRoot_bak 2010-01-26 20:38:52 680 ---ha-w- c:\windows\EPMBatch.ept 2010-01-26 20:27:46 0 d-----w- c:\program files\EASEUS 2010-01-25 17:37:34 0 d-----w- c:\program files\EA GAMES 2010-01-25 16:59:40 593920 ------w- c:\windows\system32\ati2sgag.exe 2010-01-25 16:34:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters 2010-01-21 16:47:00 306688 ----a-w- c:\windows\IsUninst.exe 2010-01-21 01:18:07 5760056 ----a-w- c:\windows\Darkstar.bmp 2010-01-21 01:02:13 5760054 ----a-w- c:\windows\AW_1600x1200.bmp ==================== Find3M ==================== 2010-01-07 15:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2002-02-13 10:08:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat 2002-02-13 10:08:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012002021320020214\index.dat 2002-02-13 10:07:54 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat ============= FINISH: 23:54:34,77 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

helen1 Poslao: 15 Feb 2010 12:10 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Firefox:: FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCfox000&fl=0&ptb=araVbGtBvwB2r5ypNid4vg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Braco_Cacak Poslao: 15 Feb 2010 12:29 Idi na vrh
offline Braco_Cacak Novi MyCity građanin Pridružio: 14 Feb 2010 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-02-12.01 - Admin 15.02.2010 11:50:59.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.291 [GMT 1:00] Running from: d:\downloads\ComboFix.exe Command switches used :: d:\downloads\CFScript.txt AV: ESET NOD32 Antivirus 4.0 On-access scanning enabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll c:\windows\system32\calc.exe . . . is infected!! c:\windows\system32\winlogon.exe . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2010-01-15 to 2010-02-15 ))))))))))))))))))))))))))))))) . 9999-02-10 23:17 . 9999-02-10 23:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-02-06 23:08 . 2010-02-06 23:08 -------- d-----w- c:\program files\Google 2010-02-05 09:23 . 2010-02-05 09:23 -------- d-----w- c:\documents and settings\Admin\Application Data\CoSoSys 2010-01-27 00:27 . 2010-01-27 00:27 -------- d-----w- c:\program files\iXi Tools 2010-01-27 00:22 . 2010-01-27 00:22 -------- d-----w- c:\program files\Lavalys 2010-01-27 00:11 . 2010-01-27 00:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-27 00:04 . 2009-01-27 01:07 -------- d-----w- c:\program files\SpeedFan 2010-01-26 23:02 . 2010-01-26 23:08 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-01-26 20:27 . 2010-01-26 20:37 -------- d-----w- c:\program files\EASEUS 2010-01-25 17:37 . 2010-01-25 17:37 -------- d-----w- c:\program files\EA GAMES 2010-01-25 17:03 . 2010-01-25 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2010-01-25 16:59 . 2009-02-25 14:15 593920 ------w- c:\windows\system32\ati2sgag.exe 2010-01-25 16:34 . 2010-01-25 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2010-01-21 16:47 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 9999-10-01 14:28 . 2002-02-13 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-02-14 21:07 . 2009-10-13 14:29 -------- d-----w- c:\program files\Cheat Engine 2010-01-26 23:50 . 2002-02-13 10:20 -------- d-----w- c:\program files\Ahead 2010-01-26 20:27 . 2002-02-13 10:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-26 20:27 . 2009-11-01 23:38 -------- d-----w- c:\documents and settings\Admin\Application Data\GetRightToGo 2010-01-26 14:54 . 2002-02-13 10:28 46648 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-25 17:01 . 2002-02-13 10:25 -------- d-----w- c:\program files\ATI Technologies 2010-01-24 22:59 . 2002-02-13 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-21 16:26 . 2009-05-14 07:42 -------- d-----w- c:\documents and settings\Admin\Application Data\Wildfire 2010-01-21 01:29 . 2009-06-17 17:14 -------- d-----w- c:\program files\AlienGUIse 2010-01-21 01:28 . 2009-06-17 17:14 -------- d-----w- c:\program files\Common Files\Stardock 2010-01-20 10:19 . 2009-05-20 11:19 -------- d-----w- c:\program files\AutoCAD 2006 2010-01-20 10:19 . 2009-05-20 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2010-01-20 10:19 . 2009-05-20 11:18 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2010-01-20 10:09 . 2002-02-13 09:47 -------- d-----w- c:\program files\Winamp 2010-01-20 09:58 . 2009-07-02 02:19 -------- d-----w- c:\program files\DaemonTools_WhenUSave_Installer 2010-01-07 15:07 . 2003-02-12 04:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2003-02-12 04:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-26 15:56 . 2009-12-26 15:56 -------- d-----w- c:\program files\Opera . ------- Sigcheck ------- [-] 2002-12-31 . CE3EC03C9F65302E44AF5C452D20A86F . 360832 . . [5.1.2600.3244] . . c:\windows\system32\drivers\tcpip.sys [-] 2002-12-31 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-06 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 22:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\wbsys.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0smrgdf c:\program files\iolo\System Mechanic 4 [HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Alienware Dock.lnk] path=c:\documents and settings\Admin\Start Menu\Programs\Startup\Alienware Dock.lnk backup=c:\windows\pss\Alienware Dock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\Admin\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Yahoo! Widgets.lnk] path=c:\documents and settings\Admin\Start Menu\Programs\Startup\Yahoo! Widgets.lnk backup=c:\windows\pss\Yahoo! Widgets.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=c:\windows\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RtlWake.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RtlWake.lnk backup=c:\windows\pss\RtlWake.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2004-08-03 23:56 110592 ----a-w- c:\windows\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2002-12-31 12:00 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] 2009-05-14 14:47 2029640 ----a-w- c:\program files\Eset\ESET NOD32 Antivirus\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-09-06 03:06 133104 ----atw- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-09-02 14:27 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2009-02-25 14:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-02-22 03:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu] 2009-03-19 15:38 2171392 ----a-w- c:\program files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YahooWidgets] 2009-03-19 15:38 4742184 ----a-w- c:\program files\Transform XP to Vista\Yahoo! Widgets\Widgets\YahooWidgets.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.5.2009 12:44 639224] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360] R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9.12.2009 21:30 54752] R2 TTFixerService;NST ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [13.2.2002 10:40 10240] S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 22:48 704864] S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl8180.sys [13.2.2002 11:38 180736] --- Other Services/Drivers In Memory --- NewlyCreated* - ASPI32 . Contents of the 'Scheduled Tasks' folder 2010-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-492894223-1343024091-1004Core.job - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-06 03:06] 2010-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-492894223-1343024091-1004UA.job - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-06 03:06] . . ------- Supplementary Scan ------- . mStart Page = about:blank FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\48hlf7sm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCfox000&fl=0&ptb=araVbGtBvwB2r5ypNid4vg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-02-15 11:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x823D41D8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf859af10 \Driver\ACPI -> ACPI.sys @ 0xf83fecb8 \Driver\atapi -> 0x823d41d8 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a00ad ParseProcedure -> ntoskrnl.exe @ 0x80570e7d \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a00ad ParseProcedure -> ntoskrnl.exe @ 0x80570e7d NDIS: VIA Compatable Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf827eba0 PacketIndicateHandler -> NDIS.sys @ 0xf828bb21 SendHandler -> NDIS.sys @ 0xf826987b Warning: possible MBR rootkit infection ! user & kernel MBR OK ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-448539723-492894223-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(828-) c:\windows\system32\Ati2evxx.dll c:\program files\AlienGUIse\fastload.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2010-02-15 11:59:12 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-15 10:59 ComboFix2.txt 2010-02-14 21:14 Pre-Run: 11.667.320.832 bytes free Post-Run: 11.697.823.744 bytes free - - End Of File - - 574FE24C8C0D1CD484059DDF287E7522

Profil

helen1 Poslao: 15 Feb 2010 20:09 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj mi na proveru sledece fajlove: c:\windows\system32\calc.exe c:\windows\system32\winlogon.exe preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

Braco_Cacak Poslao: 16 Feb 2010 18:41 Idi na vrh
offline Braco_Cacak Novi MyCity građanin Pridružio: 14 Feb 2010 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! helen1 ::Uploaduj mi na proveru sledece fajlove: c:\windows\system32\calc.exe c:\windows\system32\winlogon.exe preko sledeceg linka: mycity.rs/ambulanta-upload.php Sta sad..?

Profil

helen1 Poslao: 17 Feb 2010 00:32 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Firefox:: FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\48hlf7sm.default\ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCfox000&fl=0&ptb=araVbGtBvwB2r5ypNid4vg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Malware itd...

Ko je trenutno na forumu

Ukupno su 819 korisnika na forumu :: 48 registrovanih, 7 sakrivenih i 764 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Alibaba1981, babaroga, bokisha253, Boris90, BORUTUS, ccoogg123, cifra, darkangel, djordje92sm, filiphr, Georgius, gomago, goxin, ILGromovnik, Joja, kikisp, Krusarac, Kubovac, Marko Marković, mercedesamg, milenko crazy north, MilosKop, Nemanja.M, nemkea71, panonski mornar, Panter, repac, Romibrat, rovac, S1Mk3, Sir Budimir, slonic_tonic, solic, SR-3m, stegonosa, Toper, uruk, vaso1, Vatreni Zmaj, vukovi, yufighter, YugoSlav, zastavnik, ZetaMan, zixmix, zlaya011, zzapNDjuric99

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by