Problem sa kompom molim za pomoc!!!

2

Problem sa kompom molim za pomoc!!!

offline
  • Pridružio: 23 Feb 2008
  • Poruke: 46
  • Gde živiš: Beograd

Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\windows\CIDD_P" deleted successfully.
Folder "c:\windows\configuration" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Imas li sada probleme sa folderima?

offline
  • Pridružio: 23 Feb 2008
  • Poruke: 46
  • Gde živiš: Beograd

Napisano: 14 Jul 2011 22:23

imam sad 1,2,3,4evo i loga combofixa

ComboFix 11-07-12.09 - Djordje 14.07.2011 22:14:13.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.732 [GMT 2:00]
Running from: c:\documents and settings\Djordje\Desktop\ComboFix.exe
Command switches used :: /uninstal
FW: COMODO Firewall Pro *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CIDD_P
c:\windows\CIDD_P\446A6F72646A65\1.exe
c:\windows\CIDD_P\446A6F72646A65\2.exe
c:\windows\CIDD_P\446A6F72646A65\3.exe
c:\windows\CIDD_P\446A6F72646A65\4.exe
c:\windows\CIDD_P\446A6F72646A65\br.dll
c:\windows\CIDD_P\446A6F72646A65\nam.dll
c:\windows\CIDD_P\446A6F72646A65\stp.dll
c:\windows\CIDD_P\lsass.exe
c:\windows\configuration
c:\windows\configuration\configuration.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-13 20:04 . 2011-07-13 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Cateia Games
2011-07-12 21:26 . 2011-07-14 20:01 -------- d-----w- c:\documents and settings\Djordje\Application Data\MCShield
2011-07-06 13:50 . 2011-07-06 13:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-04 13:34 . 2011-07-04 13:34 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-04 13:34 . 2011-07-04 13:34 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-28 07:30 . 2011-06-28 07:30 -------- d-sh--r- c:\windows\CurrentUsers
2011-06-15 17:48 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2004-08-04 01:07 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-03 16:44 . 2011-05-03 16:44 880 ----a-w- c:\documents and settings\Djordje\desinstart.bat
2011-05-03 16:44 . 2011-05-03 16:44 611 ----a-w- c:\documents and settings\Djordje\desinst.bat
2011-05-03 16:44 . 2011-05-03 16:44 171 ----a-w- c:\documents and settings\Djordje\save_uninst.bat
2011-05-03 16:36 . 2011-05-03 16:36 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-02 15:31 . 2010-10-10 10:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 01:07 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 01:07 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-04 01:07 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-04 01:07 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11 . 2004-08-04 01:07 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 01:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 01:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 01:07 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 01:07 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-19 18:10 . 2011-04-19 18:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-19 18:10 . 2010-10-11 15:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-04 13:34 . 2011-03-24 18:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-12_20.56.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-14 20:01 . 2011-07-14 20:01 16384 c:\windows\Temp\Perflib_Perfdata_110.dat
+ 2011-07-13 20:47 . 2009-04-30 02:32 263905 c:\windows\CurrentUsers\Djordje\Desktop\minis.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2011-03-11 1373512]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield"="e:\program files\MCShield\MCShieldRTM.exe" [2011-03-26 262144]
"MCShieldTray"="e:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2011-01-15 1655552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"configuration"="c:\windows\configuration\configuration.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Konami\\pes11\\pes2011.exe"=
"c:\\Documents and Settings\\Djordje\\Desktop\\uTorrent.exe"=
"e:\\Program Files\\Konami\\pes11\\Pes JSL by JG.exe"=
"e:\\Program Files\\Konami\\pes11\\JSL-2011.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7.3.2011 17:58 14776]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.5.2011 18:36 436792]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [15.1.2011 22:23 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [15.1.2011 22:23 24208]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [9.2.2011 20:46 672128]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [24.5.2011 16:24 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [24.5.2011 16:24 8576]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-842925246-854245398-1003Core.job
- c:\documents and settings\Djordje\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-10 16:34]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-842925246-854245398-1003UA.job
- c:\documents and settings\Djordje\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-10 16:34]
.
2011-07-14 c:\windows\Tasks\SmartDefrag_Startup.job
- e:\program files\Smart Defrag 2\SmartDefrag.exe [2011-03-07 17:56]
.
2011-07-14 c:\windows\Tasks\User_Feed_Synchronization-{811FB5AF-4180-4028-83FC-82BE75514750}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
LSP: e:\program files\Advanced SystemCare 3\SPICtrl.dll
TCP: Interfaces\{1DDD4FA1-6BF7-4428-9CC2-3078B984EE25}: NameServer = 194.106.162.2,194.106.162.3
DPF: {2311E123-1CF1-11D8-85DE-E8A6F2801631} - hxxps://secure.24x7.rs/Volksbank/Retail/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab
FF - ProfilePath - c:\documents and settings\Djordje\Application Data\Mozilla\Firefox\Profiles\cp0h85d3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110419181226897&tb_oid=20-04-2011&tb_mrud=20-04-2011&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20110419181226897&tb_oid=20-04-2011&tb_mrud=20-04-2011&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-07-14 22:20
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\guard32.dll
e:\program files\Advanced SystemCare 3\SPICtrl.dll
.
Completion time: 2011-07-14 22:24:09
ComboFix-quarantined-files.txt 2011-07-14 20:24
ComboFix2.txt 2011-07-13 14:37
.
Pre-Run: 59.086.147.584 bytes free
Post-Run: 59.067.121.664 bytes free
.
- - End Of File - - 00C9962D6D913A4D131240A744EB76E6

mycity.rs/must-login.png

Dopuna: 14 Jul 2011 23:37

evo najsvezijeg loga sa drugog combofixa

ComboFix 11-07-14.05 - Djordje 14.07.2011 23:27:26.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.655 [GMT 2:00]
Running from: d:\sve i svasta\ComboFix.exe
FW: COMODO Firewall Pro *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CIDD_P
c:\windows\CIDD_P\446A6F72646A65\1.exe
c:\windows\CIDD_P\446A6F72646A65\2.exe
c:\windows\CIDD_P\446A6F72646A65\3.exe
c:\windows\CIDD_P\446A6F72646A65\4.exe
c:\windows\CIDD_P\446A6F72646A65\5.exe
c:\windows\CIDD_P\446A6F72646A65\6.exe
c:\windows\CIDD_P\446A6F72646A65\7.exe
c:\windows\CIDD_P\446A6F72646A65\8.exe
c:\windows\CIDD_P\446A6F72646A65\br.dll
c:\windows\CIDD_P\446A6F72646A65\nam.dll
c:\windows\CIDD_P\446A6F72646A65\stp.dll
c:\windows\CIDD_P\lsass.exe
c:\windows\configuration
c:\windows\configuration\configuration.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-13 20:04 . 2011-07-13 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Cateia Games
2011-07-12 21:26 . 2011-07-14 21:24 -------- d-----w- c:\documents and settings\Djordje\Application Data\MCShield
2011-07-06 13:50 . 2011-07-06 13:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-04 13:34 . 2011-07-04 13:34 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-04 13:34 . 2011-07-04 13:34 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-28 07:30 . 2011-06-28 07:30 -------- d-sh--r- c:\windows\CurrentUsers
2011-06-15 17:48 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2004-08-04 01:07 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-03 16:44 . 2011-05-03 16:44 880 ----a-w- c:\documents and settings\Djordje\desinstart.bat
2011-05-03 16:44 . 2011-05-03 16:44 611 ----a-w- c:\documents and settings\Djordje\desinst.bat
2011-05-03 16:44 . 2011-05-03 16:44 171 ----a-w- c:\documents and settings\Djordje\save_uninst.bat
2011-05-03 16:36 . 2011-05-03 16:36 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-02 15:31 . 2010-10-10 10:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 01:07 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 01:07 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-04 01:07 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-04 01:07 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11 . 2004-08-04 01:07 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 01:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 01:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 01:07 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 01:07 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-19 18:10 . 2011-04-19 18:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-19 18:10 . 2010-10-11 15:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-04 13:34 . 2011-03-24 18:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-12_20.56.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-14 21:23 . 2011-07-14 21:23 16384 c:\windows\Temp\Perflib_Perfdata_45c.dat
+ 2011-07-13 20:47 . 2009-04-30 02:32 263905 c:\windows\CurrentUsers\Djordje\Desktop\minis.exe
+ 2011-07-14 21:20 . 2009-04-30 02:32 263905 c:\windows\CurrentUsers\Djordje\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield"="e:\program files\MCShield\MCShieldRTM.exe" [2011-03-26 262144]
"MCShieldTray"="e:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2011-01-15 1655552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"configuration"="c:\windows\configuration\configuration.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Konami\\pes11\\pes2011.exe"=
"c:\\Documents and Settings\\Djordje\\Desktop\\uTorrent.exe"=
"e:\\Program Files\\Konami\\pes11\\Pes JSL by JG.exe"=
"e:\\Program Files\\Konami\\pes11\\JSL-2011.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7.3.2011 17:58 14776]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [15.1.2011 22:23 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [15.1.2011 22:23 24208]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [9.2.2011 20:46 672128]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [24.5.2011 16:24 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [24.5.2011 16:24 8576]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.5.2011 18:36 436792]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-842925246-854245398-1003Core.job
- c:\documents and settings\Djordje\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-10 16:34]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-842925246-854245398-1003UA.job
- c:\documents and settings\Djordje\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-10 16:34]
.
2011-07-14 c:\windows\Tasks\SmartDefrag_Startup.job
- e:\program files\Smart Defrag 2\SmartDefrag.exe [2011-03-07 17:56]
.
2011-07-14 c:\windows\Tasks\User_Feed_Synchronization-{811FB5AF-4180-4028-83FC-82BE75514750}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
LSP: e:\program files\Advanced SystemCare 3\SPICtrl.dll
TCP: Interfaces\{1DDD4FA1-6BF7-4428-9CC2-3078B984EE25}: NameServer = 194.106.162.2,194.106.162.3
DPF: {2311E123-1CF1-11D8-85DE-E8A6F2801631} - hxxps://secure.24x7.rs/Volksbank/Retail/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab
FF - ProfilePath - c:\documents and settings\Djordje\Application Data\Mozilla\Firefox\Profiles\cp0h85d3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110419181226897&tb_oid=20-04-2011&tb_mrud=20-04-2011&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20110419181226897&tb_oid=20-04-2011&tb_mrud=20-04-2011&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-07-14 23:33
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(792)
e:\program files\Advanced SystemCare 3\SPICtrl.dll
.
Completion time: 2011-07-14 23:35:15
ComboFix-quarantined-files.txt 2011-07-14 21:35
ComboFix2.txt 2011-07-14 20:24
ComboFix3.txt 2011-07-13 14:37
.
Pre-Run: 64.395.190.272 bytes free
Post-Run: 64.379.551.744 bytes free
.
- - End Of File - - AC3D3CAC218BD102E47F6C3C4EEEA62E

mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Da li si prosli put deinstalirao Combofix ili si samo obrisao ikonicu sa desktopa?

d:\sve i svasta\ComboFix.exe

Zasto si pokretao CF iz tog foldera a ne sa desktopa kao sto stoji u uputstvu.

Ne instaliras Recovery Console iako lepo pise u uputstvu. Ako nesto krene naopako, kako da ispravimo stvari. Ima razloga zasto se instalira Recovery Console.

Obrisi tu ikonu iz tog foldera (delete), preuzmi novi CF na desktop

Otvoriti Notepad i iskopirati sledeci tekst:


KillAll::

Reboot::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"configuration"=-

Folder::
c:\windows\CIDD_P
c:\windows\configuration
c:\windows\CurrentUsers


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

I kopiraj log, nemoj da ga saljes kao atach.

offline
  • Pridružio: 23 Feb 2008
  • Poruke: 46
  • Gde živiš: Beograd

Napisano: 15 Jul 2011 16:00

ComboFix 11-07-15.01 - Djordje 15.07.2011 15:49:19.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.630 [GMT 2:00]
Running from: c:\documents and settings\Djordje\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Djordje\Desktop\CFScript.txt
FW: COMODO Firewall Pro *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CIDD_P
c:\windows\CIDD_P\446A6F72646A65\1.exe
c:\windows\CIDD_P\446A6F72646A65\2.exe
c:\windows\CIDD_P\446A6F72646A65\3.exe
c:\windows\CIDD_P\446A6F72646A65\4.exe
c:\windows\CIDD_P\446A6F72646A65\5.exe
c:\windows\CIDD_P\446A6F72646A65\6.exe
c:\windows\CIDD_P\446A6F72646A65\7.exe
c:\windows\CIDD_P\446A6F72646A65\8.exe
c:\windows\CIDD_P\446A6F72646A65\br.dll
c:\windows\CIDD_P\446A6F72646A65\nam.dll
c:\windows\CIDD_P\446A6F72646A65\stp.dll
c:\windows\CIDD_P\lsass.exe
c:\windows\configuration
c:\windows\configuration\configuration.exe
c:\windows\CurrentUsers
c:\windows\CurrentUsers\Djordje\Desktop\bsplayer.dll
c:\windows\CurrentUsers\Djordje\Desktop\bsplayer.exe
c:\windows\CurrentUsers\Djordje\Desktop\CCleaner.dll
c:\windows\CurrentUsers\Djordje\Desktop\CCleaner.exe
c:\windows\CurrentUsers\Djordje\Desktop\chrome.dll
c:\windows\CurrentUsers\Djordje\Desktop\chrome.exe
c:\windows\CurrentUsers\Djordje\Desktop\ComboFix.dll
c:\windows\CurrentUsers\Djordje\Desktop\ComboFix.exe
c:\windows\CurrentUsers\Djordje\Desktop\game.dll
c:\windows\CurrentUsers\Djordje\Desktop\game.exe
c:\windows\CurrentUsers\Djordje\Desktop\iexplore.dll
c:\windows\CurrentUsers\Djordje\Desktop\iexplore.exe
c:\windows\CurrentUsers\Djordje\Desktop\minis.dll
c:\windows\CurrentUsers\Djordje\Desktop\minis.exe
c:\windows\CurrentUsers\Djordje\Desktop\nero.dll
c:\windows\CurrentUsers\Djordje\Desktop\nero.exe
c:\windows\CurrentUsers\Djordje\Desktop\pes2011.dll
c:\windows\CurrentUsers\Djordje\Desktop\pes2011.exe
c:\windows\CurrentUsers\Djordje\Desktop\VideoConverter.dll
c:\windows\CurrentUsers\Djordje\Desktop\VideoConverter.exe
c:\windows\CurrentUsers\Djordje\Desktop\winamp.dll
c:\windows\CurrentUsers\Djordje\Desktop\winamp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-15 to 2011-07-15 )))))))))))))))))))))))))))))))
.
.
2011-07-13 20:04 . 2011-07-13 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Cateia Games
2011-07-12 21:26 . 2011-07-15 13:55 -------- d-----w- c:\documents and settings\Djordje\Application Data\MCShield
2011-07-06 13:50 . 2011-07-06 13:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-04 13:34 . 2011-07-04 13:34 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-04 13:34 . 2011-07-04 13:34 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-15 17:48 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2004-08-04 01:07 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-03 16:44 . 2011-05-03 16:44 880 ----a-w- c:\documents and settings\Djordje\desinstart.bat
2011-05-03 16:44 . 2011-05-03 16:44 611 ----a-w- c:\documents and settings\Djordje\desinst.bat
2011-05-03 16:44 . 2011-05-03 16:44 171 ----a-w- c:\documents and settings\Djordje\save_uninst.bat
2011-05-03 16:36 . 2011-05-03 16:36 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-02 15:31 . 2010-10-10 10:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 01:07 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 01:07 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-04 01:07 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-04 01:07 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11 . 2004-08-04 01:07 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 01:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 01:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 01:07 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 01:07 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-19 18:10 . 2011-04-19 18:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-19 18:10 . 2010-10-11 15:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-04 13:34 . 2011-03-24 18:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-12_20.56.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-15 13:55 . 2011-07-15 13:55 16384 c:\windows\temp\Perflib_Perfdata_2c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield"="e:\program files\MCShield\MCShieldRTM.exe" [2011-03-26 262144]
"MCShieldTray"="e:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2011-01-15 1655552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Konami\\pes11\\pes2011.exe"=
"c:\\Documents and Settings\\Djordje\\Desktop\\uTorrent.exe"=
"e:\\Program Files\\Konami\\pes11\\Pes JSL by JG.exe"=
"e:\\Program Files\\Konami\\pes11\\JSL-2011.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7.3.2011 17:58 14776]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [15.1.2011 22:23 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [15.1.2011 22:23 24208]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [9.2.2011 20:46 672128]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [24.5.2011 16:24 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [24.5.2011 16:24 8576]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.5.2011 18:36 436792]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-842925246-854245398-1003Core.job
- c:\documents and settings\Djordje\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-10 16:34]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-842925246-854245398-1003UA.job
- c:\documents and settings\Djordje\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-10 16:34]
.
2011-07-15 c:\windows\Tasks\SmartDefrag_Startup.job
- e:\program files\Smart Defrag 2\SmartDefrag.exe [2011-03-07 17:56]
.
2011-07-15 c:\windows\Tasks\User_Feed_Synchronization-{811FB5AF-4180-4028-83FC-82BE75514750}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
LSP: e:\program files\Advanced SystemCare 3\SPICtrl.dll
TCP: Interfaces\{1DDD4FA1-6BF7-4428-9CC2-3078B984EE25}: NameServer = 194.106.162.2,194.106.162.3
DPF: {2311E123-1CF1-11D8-85DE-E8A6F2801631} - hxxps://secure.24x7.rs/Volksbank/Retail/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab
FF - ProfilePath - c:\documents and settings\Djordje\Application Data\Mozilla\Firefox\Profiles\cp0h85d3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110419181226897&tb_oid=20-04-2011&tb_mrud=20-04-2011&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20110419181226897&tb_oid=20-04-2011&tb_mrud=20-04-2011&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-07-15 15:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(796)
e:\program files\Advanced SystemCare 3\SPICtrl.dll
.
- - - - - - - > 'explorer.exe'(3324)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2011-07-15 15:58:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-15 13:58
ComboFix2.txt 2011-07-14 21:35
ComboFix3.txt 2011-07-14 20:24
ComboFix4.txt 2011-07-13 14:37
.
Pre-Run: 64.367.095.808 bytes free
Post-Run: 64.347.025.408 bytes free
.
- - End Of File - - 0D77C6E1797EBEBCF59A89C4FE8DE5C1

Dopuna: 15 Jul 2011 16:21

Sad je sve ok koliko vidim,sorryy za onaj combofix iz drugog fajla a Recovery Console i nemam pojma sta je!!!Sta dalje...

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

Instaliraj neki od besplatnih antivirusa, samo antivirus, firewall cec imas.

Moj predlog:

Avast http://www.avast.com/en-au/download-thank-you.php?.....mp;avast=0

Ili

Avira http://download.cnet.com/Avira-AntiVir-Personal-Fr.....d=11012914

offline
  • Pridružio: 23 Feb 2008
  • Poruke: 46
  • Gde živiš: Beograd

Napisano: 15 Jul 2011 22:30

Kad odradim onaj deo u runu postoji razmak kao sto je objasnjeno i kad idem na enter on mi daje onaj prozor kao kad sam ga aktivirao da li je to ispravno ili ne i da li da idem na run jel u gornjem delu prozora pise open file.hvala

Dopuna: 15 Jul 2011 23:32

Odradio combo uninstall sve ok jos jednom veliko hvala.........

Ko je trenutno na forumu
 

Ukupno su 565 korisnika na forumu :: 12 registrovanih, 1 sakriven i 552 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: darios, djordje92sm, Fog of War, kybonacci, nemkea71, Recce, sap, saputnik plavetnila, Tas011, vranjanac29, zlaya011, 187