MyCity » Ambulanta -> Arhiva Ambulante » Sta mi je ciniti

Sta mi je ciniti

Napisano na dan: 1.1.2009
2

Sta mi je ciniti
Pagination Prethodna strana

Idi na vrh

Poslao: 01 Jan 2009 23:03
Idi na vrh
offline
  • Aco  Male
  • Moderator foruma
  • Aleksandar
  • Pridružio: 12 Maj 2006
  • Poruke: 16823
  • Gde živiš: /home/aco

Hm..izbacuje mi obavijest da nemogu da ga uploadujem zato sto je preveliki file..

Poslao: 01 Jan 2009 23:12
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\yuqpba.exe
c:\windows\system32\drivers\e41133be.sys
C:\-2009474655

Driver::
e41133be

DirLook::
c:\documents and settings\Aco29\Application Data\Desktopicon


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 01 Jan 2009 23:20
Idi na vrh
offline
  • Aco  Male
  • Moderator foruma
  • Aleksandar
  • Pridružio: 12 Maj 2006
  • Poruke: 16823
  • Gde živiš: /home/aco

Evo ga, Dr Bora pa ti napisis sta mi je dalje ciniti, pa se sutra javljam, posto moram na spavannje ujutro bas rano ustajem..

ComboFix 08-12-31.01 - Aco29 2009-01-01 23:09:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1535.1132 [GMT 1:00]
Running from: c:\documents and settings\Aco29\Desktop\C-F.exe
Command switches used :: c:\documents and settings\Aco29\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\-2009474655
c:\windows\system32\drivers\e41133be.sys
C:\yuqpba.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-2009474655
c:\windows\system32\drivers\e41133be.sys
C:\yuqpba.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_e41133be


((((((((((((((((((((((((( Files Created from 2008-12-01 to 2009-01-01 )))))))))))))))))))))))))))))))
.

2009-01-01 20:02 . 2009-01-01 20:02 <DIR> d-------- c:\program files\Unlocker
2009-01-01 20:02 . 2009-01-01 20:02 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Desktopicon
2009-01-01 19:56 . 2009-01-01 20:09 <DIR> d-------- c:\program files\iXi Tools
2009-01-01 19:56 . 2009-01-01 19:56 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{4439F0FD-AFAF-434D-86E2-DEB14A9C58AC}
2009-01-01 14:03 . 2009-01-01 14:03 <DIR> d-------- c:\program files\Yamicsoft
2009-01-01 13:08 . 2009-01-01 13:08 <DIR> d-------- c:\program files\Recover Keys
2009-01-01 13:01 . 2009-01-01 13:01 <DIR> d-------- c:\program files\Codec Pack - All In 1
2009-01-01 13:01 . 2009-01-01 13:00 737,280 --a------ c:\windows\iun6002.exe
2008-12-31 15:50 . 2008-12-31 15:50 <DIR> d-------- c:\documents and settings\Aco29\Application Data\VitySoft
2008-12-31 15:47 . 2008-12-31 15:47 <DIR> d-------- c:\program files\Real
2008-12-31 15:47 . 2008-12-31 15:47 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-31 15:47 . 2008-12-31 15:47 <DIR> d-------- c:\program files\Common Files\Real
2008-12-31 15:47 . 2008-12-31 15:47 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-12-31 15:47 . 2008-12-31 15:47 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-12-31 12:07 . 2008-12-31 12:07 <DIR> d-------- c:\program files\IObit
2008-12-31 11:45 . 2008-12-31 11:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-12-31 11:35 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-31 11:34 . 2008-12-31 11:34 <DIR> d-------- c:\program files\Microsoft Works
2008-12-31 11:32 . 2008-12-31 11:32 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-31 11:30 . 2008-12-31 11:30 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-12-31 11:29 . 2008-12-31 11:29 <DIR> d-------- c:\windows\SHELLNEW
2008-12-31 11:29 . 2008-12-31 11:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-31 11:28 . 2008-12-31 11:28 <DIR> dr-h----- C:\MSOCache
2008-12-31 10:32 . 2008-10-16 21:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-31 10:32 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-31 10:32 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-31 10:32 . 2008-10-16 21:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-31 10:32 . 2008-10-16 21:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-31 10:32 . 2008-10-16 21:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-31 10:32 . 2008-10-16 21:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-31 10:32 . 2008-10-16 21:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-31 10:32 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-31 01:26 . 2008-12-31 01:26 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-31 01:26 . 2008-04-14 04:42 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-31 01:25 . 2008-12-31 01:25 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-31 01:25 . 2008-12-31 01:26 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-31 01:18 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-31 01:16 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-31 01:16 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-31 01:16 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-31 01:16 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-31 01:12 . 2008-06-13 12:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-12-31 01:12 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-31 00:56 . 2008-12-31 11:01 <DIR> d--h----- c:\windows\$hf_mig$
2008-12-31 00:54 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-12-31 00:54 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-31 00:54 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-31 00:54 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-31 00:54 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-31 00:49 . 2008-12-31 00:49 <DIR> d--hs---- c:\documents and settings\Aco29\UserData
2008-12-30 22:52 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-12-30 22:52 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-12-30 22:42 . 2008-12-30 22:44 <DIR> d-------- c:\program files\Euro Truck Simulator
2008-12-30 22:30 . 2008-12-31 12:23 <DIR> d--h----- c:\windows\Icons
2008-12-30 22:23 . 2008-12-30 22:23 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-30 22:23 . 2009-01-01 23:11 <DIR> d-------- c:\documents and settings\Aco29\Tracing
2008-12-30 22:22 . 2008-12-30 22:22 <DIR> d-------- c:\program files\Windows Live SkyDrive
2008-12-30 22:22 . 2008-12-30 22:22 <DIR> d-------- c:\program files\Windows Live
2008-12-30 22:22 . 2008-12-30 22:22 <DIR> d-------- c:\program files\Microsoft
2008-12-30 22:21 . 2008-12-30 22:21 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-12-30 22:20 . 2008-12-30 22:20 <DIR> d-------- c:\program files\VS Revo Group
2008-12-30 22:12 . 2008-12-30 22:12 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-30 22:12 . 2008-12-30 22:12 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-30 22:12 . 2008-12-30 22:12 <DIR> d-------- c:\program files\MSBuild
2008-12-30 22:11 . 2007-10-05 15:42 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-12-30 22:11 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-30 22:05 . 2008-12-30 22:06 <DIR> d-------- c:\program files\Video Convert Master
2008-12-30 22:05 . 2008-12-30 22:05 47,360 --a------ c:\windows\system32\drivers\Pcouffin.sys
2008-12-30 22:04 . 2008-12-31 22:26 <DIR> d-------- c:\program files\Mv2Player
2008-12-30 22:02 . 2008-12-30 22:02 <DIR> d-------- c:\program files\TechSmith
2008-12-30 22:01 . 2008-12-30 22:01 4,444 --a------ c:\windows\system32\pid.PNF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 20:51 --------- d-----w c:\documents and settings\Aco29\Application Data\uTorrent
2009-01-01 13:13 --------- d-----w c:\program files\Analog Clock
2008-12-30 21:44 --------- d-----w c:\program files\AGEIA Technologies
2008-12-30 21:31 --------- d-----w c:\program files\Google
2008-12-30 20:54 --------- d-----w c:\program files\Common Files\ACD Systems
2008-12-30 20:54 --------- d-----w c:\program files\ACD Systems
2008-12-30 20:54 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2008-12-30 20:54 --------- d-----w c:\documents and settings\Aco29\Application Data\ACD Systems
2008-12-30 20:50 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2008-12-30 20:50 362,240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-12-30 20:50 --------- d-----w c:\documents and settings\Aco29\Application Data\TuneUp Software
2008-12-30 20:49 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-30 20:49 --------- d-----w c:\program files\TuneUp Utilities 2009
2008-12-30 20:49 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-12-30 20:48 --------- d-----w c:\program files\Picasa2
2008-12-30 20:45 --------- d-----w c:\program files\ESET
2008-12-30 20:45 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-30 20:43 --------- d-----w c:\program files\CDex_150
2008-12-30 20:43 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-12-30 20:42 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-30 20:41 --------- d-----w c:\program files\Common Files\Adobe
2008-12-30 20:28 --------- d-----w c:\program files\Winamp
2008-12-30 20:28 --------- d-----w c:\program files\uTorrent
2008-12-30 20:28 --------- d-----w c:\documents and settings\Aco29\Application Data\Winamp
2008-12-30 20:26 --------- d-----w c:\program files\Java
2008-12-30 20:26 --------- d-----w c:\program files\EASEUS
2008-12-30 20:26 --------- d-----w c:\program files\Common Files\Java
2008-12-30 20:24 21,419 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-12-30 20:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-30 20:24 --------- d-----w c:\program files\OVISLINK
2008-12-30 20:24 --------- d-----w c:\documents and settings\Aco29\Application Data\InstallShield
2008-12-30 20:21 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-30 20:18 315,392 ----a-w c:\windows\HideWin.exe
2008-12-30 20:18 --------- d-----w c:\program files\Realtek
2008-12-30 20:17 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-30 20:16 --------- d-----w c:\program files\VIA
2008-12-30 20:09 --------- d-----w c:\program files\microsoft frontpage
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-27 07:51 225,280 ----a-w c:\windows\system32\BootMan.exe
2008-11-26 14:58 472,064 ----a-w c:\windows\system32\NTFSFormat.dll
2008-11-26 14:55 65,536 ----a-w c:\windows\system32\FatCopy.dll
2008-11-26 14:54 17,920 ----a-w c:\windows\system32\SectorCopy.dll
2008-11-26 14:54 139,776 ----a-w c:\windows\system32\NTFSCopy.dll
2008-11-26 14:52 86,016 ----a-w c:\windows\system32\ResizeNTFS.dll
2008-11-26 14:51 93,184 ----a-w c:\windows\system32\Partition.dll
2008-11-26 14:51 61,952 ----a-w c:\windows\system32\FatResizeMove.dll
2008-11-26 14:51 45,568 ----a-w c:\windows\system32\FileSystemCheck.dll
2008-11-26 14:50 180,736 ----a-w c:\windows\system32\DeviceManager.dll
2008-11-26 14:49 86,528 ----a-w c:\windows\system32\NTFSLib.dll
2008-11-26 14:49 31,744 ----a-w c:\windows\system32\FatLib.dll
2008-11-26 14:49 22,016 ----a-w c:\windows\system32\FatFormat.dll
2008-11-26 14:48 68,096 ----a-w c:\windows\system32\Device.dll
2008-11-26 14:48 6,656 ----a-w c:\windows\system32\CallbackOperator.dll
2008-11-26 14:48 24,576 ----a-w c:\windows\system32\NTFSFileSystemAnalyser.dll
2008-11-26 14:48 21,504 ----a-w c:\windows\system32\Fixup.dll
2008-11-26 14:48 14,848 ----a-w c:\windows\system32\FileSystemAnalyser.dll
2008-11-26 14:48 10,752 ----a-w c:\windows\system32\DeviceAdapter.dll
2008-11-26 14:47 25,088 ----a-w c:\windows\system32\FATFileSystemAnalyser.dll
2008-11-25 16:18 86,408 ----a-w c:\windows\system32\setupempdrv03.exe
2008-11-25 16:18 8,704 ----a-w c:\windows\system32\epmntdrv.sys
2008-11-25 16:18 3,072 ----a-w c:\windows\system32\EuGdiDrv.sys
2008-11-25 16:18 14,848 ----a-w c:\windows\system32\EuEpmGdi.dll
2008-11-22 16:28 676,224 ----a-w c:\windows\system32\OGACheckControl.DLL
2008-11-12 15:44 27,904 ----a-w c:\windows\system32\uxtuneup.dll
2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-10 03:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll
2008-10-10 03:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll
2008-10-10 03:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\Aco29\Application Data\Desktopicon ----

2008-02-13 11:30 88576 --a------ c:\documents and settings\Aco29\Application Data\Desktopicon\eBayShortcuts.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnalogClock"="c:\program files\Analog Clock\AnalogClock.exe" [2005-11-05 480256]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AirLive 802.11G Wireless Utility.lnk - c:\program files\OVISLINK\Common\AirliveUI.exe [2008-12-30 1290240]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2008-12-30 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2008-12-30 52224]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-07-01 468224]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-30 603904]
S3 epmntdrv;epmntdrv;\??\c:\windows\system32\epmntdrv.sys [2008-12-30 8704]
S3 EuGdiDrv;EuGdiDrv;\??\c:\windows\system32\EuGdiDrv.sys [2008-12-30 3072]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 16:28]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {6E413851-D3B5-4547-8B7D-A71078597FA2} = 87.250.98.250 208.67.222.222
FF - ProfilePath - c:\documents and settings\Aco29\Application Data\Mozilla\Firefox\Profiles\otiqa7qy.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 23:11:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-01 23:12:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-01 22:12:29
ComboFix2.txt 2009-01-01 21:28:53

Pre-Run: 43.683.516.416 bytes free
Post-Run: 43,677,052,928 bytes free

280 --- E O F --- 2008-12-31 10:01:41

Poslao: 01 Jan 2009 23:32
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Upakuj u jednu arhivu (zip ili rar) kompletan folder: C:\qoobox\quarantine

i upload-uj tu arhivu: http://www.mycity.rs/ambulanta-upload.php


Takođe, uploaduj i sledeći file:

c:\documents and settings\Aco29\Application Data\Desktopicon\eBayShortcuts.exe


Ukoliko ne vidiš skrivene foldere, aktiviraj prikaz istih:
http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-videti-skrivene-fajlove.html

Poslao: 02 Jan 2009 11:26
Idi na vrh
offline
  • Aco  Male
  • Moderator foruma
  • Aleksandar
  • Pridružio: 12 Maj 2006
  • Poruke: 16823
  • Gde živiš: /home/aco

Dr Bora uploadovao sam , sam mala napomena prilikom pravljenja arhive C:\qoobox\quarantine, nod je opet reagovo i dosta toga prebacio u karantin


Poslao: 02 Jan 2009 12:40
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Obriši folder: c:\documents and settings\Aco29\Application Data\Desktopicon


Kakvo je sada stanje?

Poslao: 02 Jan 2009 12:46
Idi na vrh
offline
  • Aco  Male
  • Moderator foruma
  • Aleksandar
  • Pridružio: 12 Maj 2006
  • Poruke: 16823
  • Gde živiš: /home/aco

Sve radi ok, mozilla je proradila i Malwarebytes' Anti-Malware sam sad instalirao bez problema ,c:\documents and settings\Aco29\Application Data\Desktopicon sa obrisao.

Poslao: 02 Jan 2009 13:18
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

OK.

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


To je sve.

Poslao: 02 Jan 2009 13:20
Idi na vrh
offline
  • Aco  Male
  • Moderator foruma
  • Aleksandar
  • Pridružio: 12 Maj 2006
  • Poruke: 16823
  • Gde živiš: /home/aco

OK..Dr Bora puno ti hvala.

MyCity » Ambulanta -> Arhiva Ambulante » Sta mi je ciniti

Ko je trenutno na forumu
 

Ukupno su 1219 korisnika na forumu :: 43 registrovanih, 8 sakrivenih i 1168 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, AC-DC, ajo baba, aleksandarbl, anbeast, Atomski čoban, babaroga, Bobrock1, Bubimir, dejoglina, dekan.m, Denaya, Dimitrise93, djboj, Djokislav, Dorcolac, Duh sa sekirom, frenki1986, Insan, Istman, ivica976, JOntra, Karla, kikisp, krkalon, kunktator, Lieutenant, ljubacv, Mi lao shu, Mr. Majevica, novator, panzerwaffe, Parker, pein, Pohovani_00, procesor, slonic_tonic, Srle993, Trpe Grozni, Vlajman1957, voja64, wizzardone, zillbg