MyCity » Ambulanta -> Arhiva Ambulante » Ne pomaze ni Format C...

Ne pomaze ni Format C...

Napisano na dan: 5.5.2010

Strana:
1
2

Ne pomaze ni Format C...

Sledeća strana

Pagination

Odgovori

Strana:
1
2

djomlagd Poslao: 05 Maj 2010 19:50 Idi na vrh
offline djomlagd Novi MyCity građanin Pridružio: 04 Maj 2010 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: OS Windows XP 32-bit IKOM kablovski internet Problem je poceo da se javlja kada je na racunaru od zastite bio samo NOD. Komp je poceo da radi usporeno, i u jednom trenutku je postajao prakticno neupotrebljiv. Prvi simptomi su bili stari izgled Taskbar-a i svih prozora. Onda sam skinuo Malwarebyte's koji je pronasao desetak trojanaca uglavnom u folderu C:\WINDOWS\System32 i imali su naziv npr. 70.exe, 53.exe i slicno, kao i u folderu C:\Documents and Settings\NetworkService\LocalSettings\Temporary Internet Files\Content.IE5. Malwarebyte's je to lepo trpao u karantin, medjutim oni su se iznova kreirali, samo pod drugim nazivom. Posle dosta muke da to pobrisem, odlucio sam da reinstaliram OS, formatirao sam sistemski drajv, reinstalirao OS, instalirao samo minimum potrebnih aplikacija, iskljucio System Restore, ovaj puta zamenio NOD sa AVAST antivirusom i odlucio se za COMODO firewall. Ipak, problem se odmah ponovo javio. Doduse, ovaj put Comodo prijavljuje maliciozan proces Svchost koji uspeva da blokira i u tom slucaju racunar radi koliko-toliko normalno. Ako u tom trenutku skeniram racunar sa AV ili Malwarebyte's (pokusao i SUPERAntispyware kao i onaj privremeni AV CureIt ili kako se vec zove), oni ne pronadju nista. Ukoliko pustim taj Svchost proces, racunar podivlja kao i AV koji tada prijavi viruse na pomenutim lokacijama. Evo dok ovo kucam, racunar je "upotrebljiv", doduse ne mogu da pokrenem Notepad i Wordpad da pogledam logove koje treba da uploadujem. Nadam se da ce sve biti u redu bar sto se tih log-ova tice. Ne znam stvarno u cemu je problem. Da li je neka instalacija zarazena, da li mogu da povucem virus sa particije koja nije sistemska i nije formatirana... To me najvise brine, da bih znao ubuduce u cemu je problem. Pozdrav DDS (Ver_10-03-17.01) - NTFSx86 Run by User1 at 19:04:05.09 on 05-May-10 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.454 [GMT 2:00] AV: avast! Antivirus On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: COMODO Firewall enabled {043803A3-4F86-4ef6-AFC5-F6E02A79969B} ============== Running Processes =============== C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\WinFast\WFDTV\DTVSchdl.exe C:\Program Files\WinFast\WFDTV\WFWIZ.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\alatZaDeinstal\SUPERAntiSpyware.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\User1\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = google.com BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [SUPERAntiSpyware] c:\program files\alatzadeinstal\SUPERAntiSpyware.exe mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe mRun: [nwiz] nwiz.exe /installquiet mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [WinFastDTV] c:\program files\winfast\wfdtv\DTVSchdl.exe mRun: [WinFast Schedule] c:\program files\winfast\wfdtv\WFWIZ.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Notify: !SASWinLogon - c:\program files\alatzadeinstal\SASWINLO.dll AppInit_DLLs: c:\windows\system32\guard32.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\alatzadeinstal\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\user1\applic~1\mozilla\firefox\profiles\k18hgkf3.default\ FF - prefs.js: browser.startup.homepage - google.com FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2010-4-30 77056] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-30 162768] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 225344] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 25240] R1 SASDIFSV;SASDIFSV;c:\program files\alatzadeinstal\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\alatzadeinstal\SASKUTIL.SYS [2010-4-27 61440] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-30 19024] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-30 40384] R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-4-9 1769216] R3 WFIOCTL;WFIOCTL;c:\program files\winfast\wfdtv\WFIOCTL.sys [2010-4-30 9446] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-30 40384] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-30 40384] =============== Created Last 30 ================ 2010-05-01 22:37:01 0 d-----w- c:\documents and settings\user1\DoctorWeb 2010-05-01 22:16:34 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-05-01 22:16:26 0 d-----w- c:\program files\alatZaDeinstal 2010-05-01 22:16:26 0 d-----w- c:\docume~1\user1\applic~1\SUPERAntiSpyware.com 2010-05-01 22:15:57 0 d-----w- c:\program files\common files\Wise Installation Wizard 2010-05-01 22:07:42 0 d-----r- c:\program files\Skype 2010-05-01 20:25:34 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-05-01 20:25:34 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-01 19:50:53 0 d--h--w- c:\windows\$hf_mig$ 2010-04-30 19:07:28 0 d-----w- c:\program files\CCleaner 2010-04-30 18:30:02 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys 2010-04-30 18:30:02 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS 2010-04-30 18:21:06 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2010-04-30 18:21:06 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2010-04-30 18:20:10 7680 ----a-w- c:\windows\system32\CNMVS66.DLL 2010-04-30 18:20:10 116736 ----a-w- c:\windows\system32\CNMLM66.DLL 2010-04-30 18:20:05 86016 ----a-r- c:\windows\system32\CNMCP66.exe 2010-04-30 18:19:30 0 d--h--w- C:\BJPrinter 2010-04-30 18:18:51 0 d-----w- c:\windows\StartHtmico 2010-04-30 18:18:51 0 d-----w- c:\windows\IP2000 2010-04-30 18:17:03 0 d-----w- c:\windows\pss 2010-04-30 18:14:09 0 d-----w- c:\program files\common files\Ulead Systems 2010-04-30 18:13:46 0 d-----w- C:\WFDB 2010-04-30 18:13:36 0 d-----w- c:\program files\WinFast 2010-04-30 18:07:28 9728 ----a-w- c:\windows\system32\drivers\cxavxbar.sys 2010-04-30 18:07:28 50816 ----a-w- c:\windows\system32\drivers\cx88tune.sys 2010-04-30 18:07:28 162944 ----a-w- c:\windows\system32\drivers\cx88vid.sys 2010-04-30 18:06:22 9469 ----a-w- c:\windows\system32\drivers\WINFOXIO.sys 2010-04-30 18:06:22 0 d-----w- c:\windows\system32\WinFox 2010-04-30 18:06:22 0 d-----w- c:\windows\system32\WinFast 2010-04-30 18:03:11 77056 ----a-r- c:\windows\system32\drivers\viasraid.sys 2010-04-30 18:02:45 0 d-----w- c:\program files\VIA 2010-04-30 17:37:36 0 d-----w- c:\program files\common files\ODBC 2010-04-30 17:37:33 0 d-----w- c:\program files\common files\SpeechEngines 2010-04-30 17:37:06 0 d-----r- c:\documents and settings\all users\Documents 2010-04-30 17:18:17 0 d-----w- c:\program files\Able2Extract Professional 6.0 2010-04-30 17:10:48 0 d-----w- c:\program files\VideoLAN 2010-04-30 17:06:23 0 d-----w- c:\docume~1\user1\applic~1\Malwarebytes 2010-04-30 17:06:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-04-30 17:06:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-30 16:59:47 0 d-----w- c:\program files\K-Lite Codec Pack 2010-04-30 16:54:52 0 d-----w- c:\program files\MPC-Homecinema.1.3.1249.0.(x86) 2010-04-30 16:51:44 0 d-----w- c:\docume~1\user1\applic~1\foobar2000 2010-04-30 16:51:35 0 d-----w- c:\program files\foobar2000 2010-04-30 16:50:51 0 d-----w- c:\docume~1\alluse~1\applic~1\ashampoo 2010-04-30 16:50:44 0 d-----w- c:\program files\Ashampoo 2010-04-30 16:24:46 0 d-----w- c:\docume~1\alluse~1\applic~1\COMODO 2010-04-30 16:21:41 0 d-----w- c:\program files\COMODO 2010-04-30 16:21:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader 2010-04-30 16:16:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software 2010-04-30 16:13:04 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation 2010-04-30 16:12:53 0 d-----w- c:\program files\NVIDIA Corporation 2010-04-30 16:05:44 0 d-----w- c:\program files\Analog Devices 2010-04-30 15:50:08 0 d-sh--w- c:\documents and settings\all users\DRM 2010-04-30 15:49:41 0 d--h--w- c:\program files\WindowsUpdate 2010-04-30 15:48:51 0 d-----w- c:\program files\common files\MSSoap 2010-04-30 15:47:21 0 d-----w- c:\program files\Online Services 2010-04-30 15:47:15 0 d-----w- c:\program files\Messenger 2010-04-30 15:47:11 0 d-----w- c:\program files\MSN Gaming Zone 2010-04-30 15:46:38 0 d-----w- c:\program files\Windows NT ==================== Find3M ==================== 2010-04-30 15:47:47 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-04-29 13:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-09 20:48:18 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-04-08 23:26:12 277240 ----a-w- c:\windows\system32\guard32.dll 2010-04-08 23:25:46 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2010-04-08 23:25:46 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2010-04-08 23:25:44 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys ============= FINISH: 19:04:36.56 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

Bogdan-Tc Poslao: 05 Maj 2010 22:03 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav i dobrodošao na MyCity. Za početak mi postavi logove/screenshot-ove Malwarebytes-a kao i Comodo firewall-a.

Profil

djomlagd Poslao: 05 Maj 2010 22:35 Idi na vrh
offline djomlagd Novi MyCity građanin Pridružio: 04 Maj 2010 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Hvala na dobrodoslici i brzom odgovoru. Saljem ti logove i ss, nadam se da je to ono sto ti treba. Malwarebytes log mycity.rs/must-login.png Avast Comodo - proces koji blokira Comodo - Firewall log mycity.rs/must-login.png Comodo - Defense+ log mycity.rs/must-login.png

Profil

Bogdan-Tc Poslao: 05 Maj 2010 23:56 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradi ponovo skeniranje sa Malwarebytes-om pa mi postavi log.

Profil

djomlagd Poslao: 06 Maj 2010 08:36 Idi na vrh
offline djomlagd Novi MyCity građanin Pridružio: 04 Maj 2010 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio sam sinoc, odmah nakon postavljanja ovih logova i nije bilo nista sto se tice Malwarebytes i Avasta.

Profil

Bogdan-Tc Poslao: 06 Maj 2010 15:12 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dobro. Ovi logovi koje si postavio (DDS i Gmer) su čisti. Jedini problem je to što Comodo firewall detektuje/blokira. Rešenje za taj problem je ažuriranje Windows-a. Znači potrebno je da ažuriraš Windows na Service Pack 3 i taj problem koji ti se javlja bi trebalo da nestane.

Profil

djomlagd Poslao: 06 Maj 2010 23:12 Idi na vrh
offline djomlagd Novi MyCity građanin Pridružio: 04 Maj 2010 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 06 Maj 2010 15:15 Vazi, veceras instaliram sp3, pa cu da vidim na sta ce da lici. Hvala puno. Dopuna: 06 Maj 2010 23:12 Prijatelju, instalirao sam SP3, restartovao racunar, skenirao AVAST-om i sa Malwarebytes, nisu nasli nista. Zatim sam namerno iskljucio Comodo Defense+, a ostavio firewall i posle 5 minuta ponovo skenirao sa Malwarebytes i nasao mi je 5 napasti. Jednu od njih je Comodo firewall prijavio kao proces koji treba da blokira (scdll.exe). Strpao sam to u karantin, zatim restartovao komp, pa ponovo skenirao sa Malwarebytes i ponovo mi je pronasao 5 napasti, neke sa novim imenima, ali u sustini iste stvari. Znaci, kao sto sam i napisao u uvodnom postu, kad iskljucim Comodo Defense+ ili pustim izvrsenje problematicnog procesa, racunar podivlja i Malwarebytes reaguje, brise viruse, trpa u karantin, ali se oni nekako regenerisu. Ako blokiram proces nakon ciscenja sa Malwarebytes, on vise ne prijavljuje nista, logovi su cisti (kao sto su ovi logovi koje sam uploadovao od gmer-a), ali se racunar i dalje ponasa problematicno. To se manifestuje classic look-om prozora i taskbara, pojavljivanjem poruke za Generic Host Process i slicno. Evo sad sam uploadovao poslednja dva loga Malwarebytesa, kao i ss nekih ludackih procesa. Najvise me nervira sto sam reinstalirao sistem 2 puta, a problem nikako da resim. Izvinjavam se ako sam udavio, ali mi je sve ovo nenormalno frustrirajuce. Pozdrav i hvala svima vama koji trosite zivce i vreme na tudje probleme. mycity.rs/must-login.png mycity.rs/must-login.png

Profil

Bogdan-Tc Poslao: 07 Maj 2010 06:09 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

djomlagd Poslao: 09 Maj 2010 00:33 Idi na vrh
offline djomlagd Novi MyCity građanin Pridružio: 04 Maj 2010 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ga log... ComboFix 10-05-06.05 - User1 07-May-10 18:07:50.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.476 [GMT 2:00] Running from: c:\documents and settings\User1\Desktop\ComboFix.exe AV: avast! Antivirus On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: COMODO Firewall disabled {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\08.exe c:\windows\system32\blaze.exe c:\windows\system32\i c:\windows\system32\msssc.dll . ((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 ))))))))))))))))))))))))))))))) . 2010-05-06 16:43 . 2008-04-14 03:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll 2010-05-06 16:39 . 2008-04-14 03:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe 2010-05-06 14:52 . 2010-05-06 14:52 68456 ----a-w- c:\documents and settings\User1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-06 09:07 . 2010-05-06 09:07 503808 ----a-w- c:\documents and settings\User1\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-78a09d58-n\msvcp71.dll 2010-05-06 09:07 . 2010-05-06 09:07 499712 ----a-w- c:\documents and settings\User1\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-78a09d58-n\jmc.dll 2010-05-06 09:07 . 2010-05-06 09:07 348160 ----a-w- c:\documents and settings\User1\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-78a09d58-n\msvcr71.dll 2010-05-06 09:07 . 2010-05-06 09:07 12800 ----a-w- c:\documents and settings\User1\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f73475d-n\decora-d3d.dll 2010-05-06 09:07 . 2010-05-06 09:07 61440 ----a-w- c:\documents and settings\User1\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f73475d-n\decora-sse.dll 2010-05-05 21:30 . 2010-05-05 21:30 63488 ----a-w- c:\documents and settings\User1\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-05-01 22:37 . 2010-05-01 22:37 -------- d-----w- c:\documents and settings\User1\DoctorWeb 2010-05-01 22:17 . 2010-05-01 22:17 52224 ----a-w- c:\documents and settings\User1\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-05-01 22:17 . 2010-05-05 21:30 117760 ----a-w- c:\documents and settings\User1\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-05-01 22:16 . 2010-05-01 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-05-01 22:16 . 2010-05-01 22:16 -------- d-----w- c:\program files\alatZaDeinstal 2010-05-01 22:16 . 2010-05-01 22:16 -------- d-----w- c:\documents and settings\User1\Application Data\SUPERAntiSpyware.com 2010-05-01 22:15 . 2010-05-01 22:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-01 22:07 . 2010-05-01 22:07 -------- d-----r- c:\program files\Skype 2010-05-01 20:28 . 2010-05-06 20:33 -------- d-----w- c:\windows\Sun 2010-05-01 20:26 . 2010-05-01 20:26 -------- d-----w- c:\program files\Common Files\Java 2010-05-01 20:25 . 2010-05-01 20:25 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-01 20:24 . 2010-05-01 20:24 -------- d-----w- c:\program files\Java 2010-05-01 19:50 . 2010-05-02 10:53 -------- d--h--w- c:\windows\$hf_mig$ 2010-04-30 19:07 . 2010-04-30 19:07 -------- d-----w- c:\program files\CCleaner 2010-04-30 18:30 . 2001-08-17 11:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys 2010-04-30 18:30 . 2001-08-17 11:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS 2010-04-30 18:21 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2010-04-30 18:20 . 2004-05-21 06:00 7680 ----a-w- c:\windows\system32\CNMVS66.DLL 2010-04-30 18:20 . 2004-05-21 06:00 54272 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP66.DLL 2010-04-30 18:20 . 2004-05-21 06:00 17920 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD66.DLL 2010-04-30 18:20 . 2004-05-21 06:00 116736 ----a-w- c:\windows\system32\CNMLM66.DLL 2010-04-30 18:20 . 2004-03-11 17:06 86016 ----a-r- c:\windows\system32\CNMCP66.exe 2010-04-30 18:19 . 2010-04-30 18:19 -------- d-----w- C:\BJPrinter 2010-04-30 18:18 . 2010-04-30 18:19 -------- d-----w- c:\windows\IP2000 2010-04-30 18:18 . 2010-04-30 18:18 -------- d-----w- c:\windows\StartHtmico 2010-04-30 18:14 . 2010-04-30 18:14 -------- d-----w- c:\program files\Common Files\Ulead Systems 2010-04-30 18:13 . 2010-04-30 18:14 -------- d-----w- C:\WFDB 2010-04-30 18:13 . 2010-04-30 18:13 -------- d-----w- c:\program files\WinFast 2010-04-30 18:07 . 2006-10-18 09:38 9728 ----a-w- c:\windows\system32\drivers\cxavxbar.sys 2010-04-30 18:07 . 2006-10-18 09:37 50816 ----a-w- c:\windows\system32\drivers\cx88tune.sys 2010-04-30 18:07 . 2006-10-18 09:37 162944 ----a-w- c:\windows\system32\drivers\cx88vid.sys 2010-04-30 18:06 . 2010-04-30 18:07 -------- d-----w- c:\windows\system32\WinFast 2010-04-30 18:06 . 2010-04-30 18:06 -------- d-----w- c:\windows\system32\WinFox 2010-04-30 18:06 . 2003-09-05 07:57 9469 ----a-w- c:\windows\system32\drivers\WINFOXIO.sys 2010-04-30 18:03 . 2003-09-05 02:25 77056 ----a-r- c:\windows\system32\drivers\viasraid.sys 2010-04-30 18:02 . 2010-04-30 18:03 -------- d-----w- c:\program files\VIA . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-07 16:00 . 2010-04-30 17:04 -------- d-----w- c:\documents and settings\User1\Application Data\Skype 2010-05-06 20:59 . 2010-04-30 16:16 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-05-06 20:39 . 2010-04-30 16:17 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-05-06 20:39 . 2010-04-30 16:17 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-05-06 20:34 . 2010-04-30 16:17 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-05-06 20:33 . 2010-04-30 16:17 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-05-06 20:33 . 2010-04-30 16:17 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-05-06 20:33 . 2010-04-30 16:17 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-05-06 20:33 . 2010-04-30 16:17 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-05-06 16:48 . 2010-04-30 15:50 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-05-06 11:47 . 2010-04-30 17:13 -------- d-----w- c:\documents and settings\User1\Application Data\vlc 2010-05-01 22:07 . 2010-04-30 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-05-01 22:07 . 2010-04-30 17:11 -------- d-----w- c:\documents and settings\User1\Application Data\skypePM 2010-04-30 18:14 . 2010-04-30 16:05 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-30 18:11 . 2010-04-30 17:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-30 18:06 . 2010-04-30 16:05 -------- d-----w- c:\program files\Common Files\InstallShield 2010-04-30 18:02 . 2010-04-30 16:51 -------- d-----w- c:\documents and settings\User1\Application Data\foobar2000 2010-04-30 17:36 . 2010-04-30 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-30 17:33 . 2010-04-30 17:33 -------- d-----w- c:\program files\Microsoft Works 2010-04-30 17:33 . 2010-04-30 17:33 -------- d-----w- c:\program files\MSBuild 2010-04-30 17:20 . 2010-04-30 17:20 -------- d-----w- c:\program files\Google 2010-04-30 17:19 . 2010-04-30 17:18 -------- d-----w- c:\program files\Able2Extract Professional 6.0 2010-04-30 17:11 . 2010-04-30 17:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-04-30 17:10 . 2010-04-30 17:10 -------- d-----w- c:\program files\VideoLAN 2010-04-30 17:07 . 2010-04-30 17:07 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-30 17:06 . 2010-04-30 17:06 -------- d-----w- c:\documents and settings\User1\Application Data\Malwarebytes 2010-04-30 17:06 . 2010-04-30 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-30 17:00 . 2010-04-30 16:59 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-04-30 16:55 . 2010-04-30 16:55 -------- d-----w- c:\documents and settings\User1\Application Data\Media Player Classic 2010-04-30 16:54 . 2010-04-30 16:54 -------- d-----w- c:\program files\MPC-Homecinema.1.3.1249.0.(x86) 2010-04-30 16:51 . 2010-04-30 16:51 -------- d-----w- c:\program files\foobar2000 2010-04-30 16:50 . 2010-04-30 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo 2010-04-30 16:50 . 2010-04-30 16:50 -------- d-----w- c:\program files\Ashampoo 2010-04-30 16:45 . 2010-04-30 16:45 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-30 16:33 . 2010-04-30 16:33 0 ----a-w- c:\windows\nsreg.dat 2010-04-30 16:25 . 2010-04-30 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO 2010-04-30 16:22 . 2010-04-30 16:21 -------- d-----w- c:\program files\COMODO 2010-04-30 16:21 . 2010-04-30 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader 2010-04-30 16:16 . 2010-04-30 16:16 -------- d-----w- c:\program files\Alwil Software 2010-04-30 16:16 . 2010-04-30 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-04-30 16:14 . 2010-04-30 16:12 -------- d-----w- c:\program files\NVIDIA Corporation 2010-04-30 16:13 . 2010-04-30 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2010-04-30 16:05 . 2010-04-30 16:05 -------- d-----w- c:\program files\Analog Devices 2010-04-30 15:51 . 2010-04-30 15:51 -------- d-----w- c:\program files\microsoft frontpage 2010-04-30 15:47 . 2010-04-30 15:47 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-04-29 13:39 . 2010-04-30 17:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2010-04-30 17:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-14 16:47 . 2010-04-30 16:16 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-04-09 20:48 . 2010-04-09 20:48 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-04-08 23:26 . 2010-04-08 23:26 277240 ----a-w- c:\windows\system32\guard32.dll 2010-04-08 23:25 . 2010-04-08 23:25 86800 ----a-w- c:\windows\system32\drivers\inspect.sys 2010-04-08 23:25 . 2010-04-08 23:25 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2010-04-08 23:25 . 2010-04-08 23:25 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2010-04-08 23:25 . 2010-04-08 23:25 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys 2008-04-14 03:41 . 2004-08-04 00:56 167324 --sha-r- c:\windows\system32\ajekw.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26196264] "SUPERAntiSpyware"="c:\program files\alatZaDeinstal\SUPERAntiSpyware.exe" [2010-04-27 2020592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-08 2029456] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 69632] "WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-02-12 397312] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\alatZaDeinstal\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\alatZaDeinstal\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5181:TCP"= 5181:TCP:ghzjeos R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [30-Apr-10 8:03 PM 77056] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30-Apr-10 6:17 PM 164048] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [09-Apr-10 1:25 AM 225344] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [09-Apr-10 1:25 AM 25240] R1 SASDIFSV;SASDIFSV;c:\program files\alatZaDeinstal\sasdifsv.sys [17-Feb-10 11:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\alatZaDeinstal\SASKUTIL.SYS [27-Apr-10 5:30 PM 61440] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30-Apr-10 6:17 PM 19024] R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [19-Feb-10 5:00 PM 148744] R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [30-Apr-10 8:13 PM 9446] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ccclzyuu . . ------- Supplementary Scan ------- . uStart Page = google.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\User1\Application Data\Mozilla\Firefox\Profiles\k18hgkf3.default\ FF - prefs.js: browser.startup.homepage - google.com FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - HKLM-Run-nwiz - nwiz.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-05-07 18:13 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose, ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccclzyuu] "ServiceDll"="c:\windows\system32\ajekw.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(740) c:\windows\system32\guard32.dll c:\program files\alatZaDeinstal\SASWINLO.dll - - - - - - - > 'lsass.exe'(796) c:\windows\system32\guard32.dll . Completion time: 2010-05-07 18:16:12 ComboFix-quarantined-files.txt 2010-05-07 16:16 Pre-Run: 9,562,812,416 bytes free Post-Run: 9,544,839,168 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 05394DDDE8FEF8B3CCD92FB5BB1B9409

Profil

Bogdan-Tc Poslao: 09 Maj 2010 12:26 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\ajekw.dll Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5181:TCP"=- Driver:: ccclzyuu NetSvc:: ccclzyuu` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Ne pomaze ni Format C...

Ko je trenutno na forumu

Ukupno su 1174 korisnika na forumu :: 42 registrovanih, 5 sakrivenih i 1127 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, bojankrstc, bolenbgd, Boris90, ccoogg123, DonRumataEstorski, dragoljub11987, dushan, Excalibur13, FileFinder, FOX, Goran 0000, hyla, ivan1973, Joco Skljoco, Karla, kolle.the.kid, laurusri, Leonov, Lieutenant, Lošmi, Mi lao shu, nextyamb, ninareflex, NoOneEver Dreams, Ripanjac, Romibrat, S-lash, simazr, Simon simonović, Srle993, stegonosa, StepskiVuk, Stoilkovic, tomigun, Tores, Trpe Grozni, Valter071, W123, |_MeD_|, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by