Možda tražite i:
mbam i sas nasli viruse dali su to stvarno virusi?
virus,virusi ili....
Virusi

MyCity » Ambulanta -> Arhiva Ambulante » Virusi?

Virusi?

Napisano na dan: 14.1.2010

Strana:
1
2

Virusi?

Sledeća strana

Pagination

Odgovori

Strana:
1
2

vdaniel Poslao: 14 Jan 2010 18:16 Idi na vrh
offline vdaniel Novi MyCity građanin Pridružio: 14 Jan 2010 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 14 Jan 2010 18:14 Cao , verovatno sam zakacio neki virus , pc mi radi znatno sporije i kad zavrsim sa radom u firefoxu ostane neki process zakucan na 50% cpu (lsass.exe , sched.exe , winlogon.exe , wuauclt.exe ). Avira je pronasla neke viruse , ali i izbrisala . Takodje i Malwarebytes log Malwarebytes' Anti-Malware 1.44 Database version: 3556 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/13/2010 11:31:23 PM mbam-log-2010-01-13 (23-31-23).txt Scan type: Full Scan (C:\\|D:\\|) Objects scanned: 167647 Time elapsed: 31 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sys1 (Trojan.Banload) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{EBFA1F7D-8F34-4530-B179-E99A6F26E09D}\RP79\A0019864.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. D:\Install\Nero 8.3.6.0 Ultra Edition\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully. DDS log DDS (Ver_09-12-01.01) - NTFSx86 Run by Daniel at 2:57:33.50 on Thu 01/14/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2131 [GMT 1:00] AV: AntiVir Desktop On-access scanning disabled (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6} FW: Avira Firewall disabled {11638345-E4FC-4BEE-BB73-EC754659C5F6} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\DOCUME~1\Daniel\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe C:\Documents and Settings\Daniel\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743 uSearch Page = ${URL_SEARCHPAGE} mSearch Page = ${URL_SEARCHPAGE} uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll uURLSearchHooks: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files\phpnukeen\tbPHPN.dll uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL BHO: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files\phpnukeen\tbPHPN.dll BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files\phpnukeen\tbPHPN.dll TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll uRun: [VoipStunt] "c:\program files\voipstunt.com\voipstunt\VoipStunt.exe" -nosplash -minimized uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [PLFSetL] c:\windows\PLFSetL.exe mRun: [MSMSGS] c:\windows\system32\Msmsgs.exe mRun: [LManager] c:\progra~1\launch~1\LManager.exe mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe mRun: [Alcmtr] ALCMTR.EXE mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: E&xportovat do programu Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: c:\program files\avira\antivir desktop\avsda.dll Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\daniel\applic~1\mozilla\firefox\profiles\un63yfa0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\daniel\application data\mozilla\firefox\profiles\un63yfa0.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2009-12-15 97608] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-15 11608] R2 AntiVirFirewallService;Avira Firewall;c:\program files\avira\antivir desktop\avfwsvc.exe [2009-12-15 388865] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-12-15 194817] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-15 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-15 185089] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-12-15 434945] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-19 56816] R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2009-12-15 69632] R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-10-16 51288] R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-10-16 43608] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-5 135664] =============== Created Last 30 ================ 2010-01-12 19:32:09 0 d-----w- c:\program files\Winamp Toolbar 2010-01-12 00:19:30 0 d-----w- c:\documents and settings\daniel\Bluetooth Software 2010-01-12 00:17:13 89896 ----a-w- c:\windows\system32\drivers\btwsecfl.sys 2010-01-12 00:17:13 47272 ----a-w- c:\windows\system32\drivers\btwusb.sys 2010-01-12 00:17:13 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys 2010-01-11 22:04:56 991144 ----a-w- c:\windows\system32\drivers\btkrnl.sys 2010-01-11 22:04:56 57384 ----a-w- c:\windows\system32\drivers\btwhid.sys 2010-01-11 22:04:56 37160 ----a-w- c:\windows\system32\drivers\btport.sys 2010-01-11 22:04:56 156392 ----a-w- c:\windows\system32\drivers\btwdndis.sys 2010-01-11 22:04:56 106557 ----a-w- c:\windows\system32\btw_ci.dll 2010-01-11 22:04:55 534568 ----a-w- c:\windows\system32\drivers\btaudio.sys 2010-01-11 22:04:48 0 d-----w- c:\program files\WIDCOMM 2010-01-11 21:57:43 0 d-----w- c:\windows\system32\appmgmt 2010-01-11 03:02:00 0 d-----w- c:\program files\Investintech.com Inc 2009-12-28 12:07:31 80 ----a-w- c:\windows\stripsso.gui 2009-12-24 00:31:07 2631 ----a-w- c:\windows\MDVDP.Ini 2009-12-18 03:07:33 0 d-----w- C:\Output 2009-12-18 02:56:25 0 d-----w- c:\windows\system32\tempdir 2009-12-18 02:56:24 0 d-----w- c:\program files\Free PowerPoint-PPT to Pdf Converter 2009-12-17 16:27:12 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-12-17 16:27:11 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2009-12-17 16:27:06 0 d-----w- c:\windows\Logs 2009-12-17 16:26:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Winamp Toolbar 2009-12-15 13:19:48 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys 2009-12-15 13:19:48 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys 2009-12-15 13:19:44 0 d-----w- c:\program files\Avira ==================== Find3M ==================== 2010-01-07 15:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-29 12:07:45 68456 ----a-w- c:\docume~1\daniel\applic~1\GDIPFONTCACHEV1.DAT 2009-12-15 18:23:50 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-20 19:05:21 737280 ----a-w- c:\windows\iun6002.exe 2009-10-16 02:36:46 319488 ----a-w- c:\windows\HideWin.exe ============= FINISH: 2:57:51.01 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png Hvala na pomoci Dopuna: 14 Jan 2010 18:16 sry za 2 teme nesto se ubagovao firefox...

Profil

argus Poslao: 14 Jan 2010 20:04 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. ------------------------- - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

vdaniel Poslao: 14 Jan 2010 20:43 Idi na vrh
offline vdaniel Novi MyCity građanin Pridružio: 14 Jan 2010 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo sta mi izbacuje avira (svakih 2 sata `Virus or unwanted program 'TR/Trash.Gen [trojan]' detected in file 'D:\System Volume Information\_restore{EBFA1F7D-8F34-4530-B179-E99A6F26E09D}\RP101\A0024259.exe. Action performed: Deny access` log combofix-a ComboFix 10-01-14.01 - Daniel 01/14/2010 20:32:02.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2179 [GMT 1:00] Running from: c:\documents and settings\Daniel\Desktop\ComboFix.exe AV: AntiVir Desktop On-access scanning disabled (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6} FW: Avira Firewall disabled {11638345-E4FC-4BEE-BB73-EC754659C5F6} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk c:\windows\Suyin.reg c:\windows\system32\bcmwl5.inf c:\windows\system32\Desktop_.ini . ((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 ))))))))))))))))))))))))))))))) . 2010-01-14 02:00 . 2010-01-14 02:00 -------- d-----w- c:\documents and settings\Daniel\Application Data\Avira 2010-01-13 21:39 . 2010-01-13 21:39 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-12 19:32 . 2010-01-12 19:32 -------- d-----w- c:\program files\Winamp Toolbar 2010-01-12 00:19 . 2010-01-12 00:19 -------- d-----w- c:\documents and settings\Daniel\Bluetooth Software 2010-01-12 00:17 . 2008-07-09 18:16 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys 2010-01-12 00:17 . 2008-07-09 18:16 89896 ----a-w- c:\windows\system32\drivers\btwsecfl.sys 2010-01-12 00:17 . 2008-07-09 18:16 47272 ----a-w- c:\windows\system32\drivers\btwusb.sys 2010-01-11 22:04 . 2008-07-09 18:17 991144 ----a-w- c:\windows\system32\drivers\btkrnl.sys 2010-01-11 22:04 . 2008-07-09 18:16 37160 ----a-w- c:\windows\system32\drivers\btport.sys 2010-01-11 22:04 . 2008-07-09 18:16 57384 ----a-w- c:\windows\system32\drivers\btwhid.sys 2010-01-11 22:04 . 2008-07-09 18:16 156392 ----a-w- c:\windows\system32\drivers\btwdndis.sys 2010-01-11 22:04 . 2007-03-23 09:50 106557 ----a-w- c:\windows\system32\btw_ci.dll 2010-01-11 22:04 . 2008-07-09 18:17 534568 ----a-w- c:\windows\system32\drivers\btaudio.sys 2010-01-11 22:04 . 2010-01-11 22:04 -------- d-----w- c:\program files\WIDCOMM 2010-01-11 17:33 . 2010-01-11 17:33 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-11 03:02 . 2010-01-11 03:02 -------- d-----w- c:\program files\Investintech.com Inc 2009-12-30 23:59 . 2009-12-30 23:59 -------- d-----w- c:\documents and settings\Daniel\Local Settings\Application Data\Winamp Toolbar 2009-12-18 03:07 . 2009-12-18 03:13 -------- d-----w- C:\Output 2009-12-18 02:56 . 2009-12-18 02:58 -------- d-----w- c:\windows\system32\tempdir 2009-12-18 02:56 . 2009-12-18 02:59 -------- d-----w- c:\program files\Free PowerPoint-PPT to Pdf Converter 2009-12-17 16:27 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-12-17 16:27 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2009-12-17 16:27 . 2009-12-17 16:27 -------- d-----w- c:\windows\Logs 2009-12-17 16:26 . 2009-12-17 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-14 16:59 . 2009-10-20 20:13 -------- d-----w- c:\documents and settings\Daniel\Application Data\Skype 2010-01-14 16:36 . 2009-10-20 20:19 -------- d-----w- c:\documents and settings\Daniel\Application Data\skypePM 2010-01-14 01:15 . 2009-10-29 20:38 -------- d-----w- c:\documents and settings\Daniel\Application Data\vlc 2010-01-13 21:53 . 2009-11-03 19:55 -------- d-----w- c:\program files\SpeedFan 2010-01-13 21:41 . 2009-10-19 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-12 19:33 . 2009-10-20 18:30 -------- d-----w- c:\program files\Winamp 2010-01-11 10:41 . 2009-10-15 19:55 68456 ----a-w- c:\documents and settings\Daniel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-11 10:40 . 2009-10-20 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-11 01:53 . 2009-10-22 21:32 -------- d-----w- c:\program files\Google 2010-01-07 15:07 . 2009-10-19 16:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2009-10-19 16:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-02 15:55 . 2009-10-23 20:58 -------- d-----w- c:\documents and settings\Daniel\Application Data\XnView 2009-12-24 02:33 . 2009-10-20 19:02 -------- d-----w- c:\documents and settings\Daniel\Application Data\BSplayer Pro 2009-12-15 18:23 . 2009-10-19 16:17 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-15 13:19 . 2009-12-15 13:19 -------- d-----w- c:\program files\Avira 2009-12-15 13:19 . 2009-10-19 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-26 09:07 . 2009-10-16 02:51 -------- d-----w- c:\program files\Launch Manager 2009-11-25 22:19 . 2009-10-20 18:34 -------- d-----w- c:\program files\Ahead 2009-11-25 22:19 . 2009-11-25 22:19 -------- d-----w- c:\program files\Common Files\Ahead 2009-11-25 22:08 . 2009-11-25 22:08 -------- d-----w- c:\program files\AskTBar 2009-11-20 22:39 . 2009-10-20 18:23 -------- d-----w- c:\program files\Mv2Player 2009-11-20 22:34 . 2009-11-20 22:34 -------- d-----w- c:\documents and settings\Daniel\Application Data\dvdcss 2009-10-20 20:19 . 2009-10-20 20:19 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-10-20 19:32 . 2009-10-20 19:33 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-10-20 19:32 . 2009-10-20 19:29 38208 ----a-w- c:\documents and settings\Daniel\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-10-20 19:05 . 2009-10-20 19:06 737280 ----a-w- c:\windows\iun6002.exe 2009-10-20 18:44 . 2009-10-20 18:44 0 ----a-w- c:\windows\nsreg.dat 2009-10-19 22:28 . 2009-10-19 22:28 1961720 ----a-w- c:\documents and settings\Daniel\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-10-16 23:49 . 2009-10-15 19:35 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888] "{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-07-02 2215960] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-11-25 57344] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}] 2009-07-02 09:18 2215960 ----a-w- c:\program files\PHPNukeEN\tbPHPN.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-07-02 2215960] [HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-07-02 2215960] [HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VoipStunt"="c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe" [2009-12-02 9109296] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "RTHDCPL"="RTHDCPL.EXE" [2008-07-29 16805888] "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-08 864576] "AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [12/15/2009 2:19 PM 97608] R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [12/15/2009 2:19 PM 388865] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [12/15/2009 2:19 PM 194817] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/15/2009 2:19 PM 108289] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12/15/2009 2:19 PM 434945] R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [12/15/2009 2:19 PM 69632] R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [10/16/2009 3:47 AM 51288] R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [10/16/2009 3:47 AM 43608] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/5/2009 11:46 PM 135664] . Contents of the 'Scheduled Tasks' folder 2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-05 22:45] 2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-05 22:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743 IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll FF - ProfilePath - c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\un63yfa0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\un63yfa0.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************ scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1160) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(1216) c:\program files\Avira\AntiVir Desktop\avsda.dll . Completion time: 2010-01-14 20:37:58 ComboFix-quarantined-files.txt 2010-01-14 19:37 Pre-Run: 3,131,711,488 bytes free Post-Run: 5,459,869,696 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe - - End Of File - - 6BA87BDA6E41939A6656388008394967

Profil

argus Poslao: 14 Jan 2010 21:04 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imas li USB memorijske uredjaje, ako imas odradi ovaj drugi deo uputstva koje sam ti napisao. Postoji mogucnost da ti je zarazena fleska.

Profil

vdaniel Poslao: 14 Jan 2010 21:19 Idi na vrh
offline vdaniel Novi MyCity građanin Pridružio: 14 Jan 2010 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBNoRisk 2.5 (26 July 2009) by bobby Started at 1/14/2010 9:13:47 PM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {c7810dc2-b9ce-11de-94c9-806d6172696f} D: {c7810dc3-b9ce-11de-94c9-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for c7810dc2-b9ce-11de-94c9-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for c7810dc3-b9ce-11de-94c9-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 1/14/2010 9:14:04 PM Scanning for connected USB mass storage... ---------------------------------------- F: {70801a30-ba7f-11de-85c8-0c6076490126} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for 70801a30-ba7f-11de-85c8-0c6076490126 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 1/14/2010 9:14:15 PM Scanning for connected USB mass storage... ---------------------------------------- F: {70801a32-ba7f-11de-85c8-0c6076490126} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for 70801a32-ba7f-11de-85c8-0c6076490126 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ========================================

Profil

argus Poslao: 14 Jan 2010 22:04 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zipuj / raruj sledeci folder C:\Qoobox\Quarantine I posalji preko ovog linka http://www.mycity.rs/ambulanta-upload.php

Profil

vdaniel Poslao: 14 Jan 2010 22:22 Idi na vrh
offline vdaniel Novi MyCity građanin Pridružio: 14 Jan 2010 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poslato ...

Profil

argus Poslao: 15 Jan 2010 09:10 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `DEQUARANTINE:: C:\Qoobox\Quarantine\C\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk.vir C:\Qoobox\Quarantine\C\windows\Suyin.reg.vir C:\Qoobox\Quarantine\C\windows\system32\bcmwl5.inf.vir QUIT::` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

vdaniel Poslao: 15 Jan 2010 15:31 Idi na vrh
offline vdaniel Novi MyCity građanin Pridružio: 14 Jan 2010 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-01-14.06 - Daniel 01/15/2010 15:19:43.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2356 [GMT 1:00] Running from: c:\documents and settings\Daniel\Desktop\ComboFix.exe AV: AntiVir Desktop On-access scanning enabled (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6} FW: Avira Firewall disabled {11638345-E4FC-4BEE-BB73-EC754659C5F6} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk c:\windows\Suyin.reg c:\windows\system32\bcmwl5.inf . ((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 ))))))))))))))))))))))))))))))) . 2010-01-14 19:42 . 2010-01-14 21:22 -------- d-----w- C:\USBNoRisk 2010-01-14 02:00 . 2010-01-14 02:00 -------- d-----w- c:\documents and settings\Daniel\Application Data\Avira 2010-01-13 21:39 . 2010-01-13 21:39 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-12 19:32 . 2010-01-12 19:32 -------- d-----w- c:\program files\Winamp Toolbar 2010-01-12 00:19 . 2010-01-12 00:19 -------- d-----w- c:\documents and settings\Daniel\Bluetooth Software 2010-01-12 00:17 . 2008-07-09 18:16 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys 2010-01-12 00:17 . 2008-07-09 18:16 89896 ----a-w- c:\windows\system32\drivers\btwsecfl.sys 2010-01-12 00:17 . 2008-07-09 18:16 47272 ----a-w- c:\windows\system32\drivers\btwusb.sys 2010-01-11 22:04 . 2008-07-09 18:17 991144 ----a-w- c:\windows\system32\drivers\btkrnl.sys 2010-01-11 22:04 . 2008-07-09 18:16 37160 ----a-w- c:\windows\system32\drivers\btport.sys 2010-01-11 22:04 . 2008-07-09 18:16 57384 ----a-w- c:\windows\system32\drivers\btwhid.sys 2010-01-11 22:04 . 2008-07-09 18:16 156392 ----a-w- c:\windows\system32\drivers\btwdndis.sys 2010-01-11 22:04 . 2007-03-23 09:50 106557 ----a-w- c:\windows\system32\btw_ci.dll 2010-01-11 22:04 . 2008-07-09 18:17 534568 ----a-w- c:\windows\system32\drivers\btaudio.sys 2010-01-11 22:04 . 2010-01-11 22:04 -------- d-----w- c:\program files\WIDCOMM 2010-01-11 17:33 . 2010-01-11 17:33 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-11 03:02 . 2010-01-11 03:02 -------- d-----w- c:\program files\Investintech.com Inc 2009-12-30 23:59 . 2009-12-30 23:59 -------- d-----w- c:\documents and settings\Daniel\Local Settings\Application Data\Winamp Toolbar 2009-12-18 03:07 . 2009-12-18 03:13 -------- d-----w- C:\Output 2009-12-18 02:56 . 2009-12-18 02:58 -------- d-----w- c:\windows\system32\tempdir 2009-12-18 02:56 . 2009-12-18 02:59 -------- d-----w- c:\program files\Free PowerPoint-PPT to Pdf Converter 2009-12-17 16:27 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-12-17 16:27 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2009-12-17 16:27 . 2009-12-17 16:27 -------- d-----w- c:\windows\Logs 2009-12-17 16:26 . 2009-12-17 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-15 14:11 . 2009-10-20 20:13 -------- d-----w- c:\documents and settings\Daniel\Application Data\Skype 2010-01-15 13:51 . 2009-10-20 20:19 -------- d-----w- c:\documents and settings\Daniel\Application Data\skypePM 2010-01-14 01:15 . 2009-10-29 20:38 -------- d-----w- c:\documents and settings\Daniel\Application Data\vlc 2010-01-13 21:53 . 2009-11-03 19:55 -------- d-----w- c:\program files\SpeedFan 2010-01-13 21:41 . 2009-10-19 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-12 19:33 . 2009-10-20 18:30 -------- d-----w- c:\program files\Winamp 2010-01-11 10:41 . 2009-10-15 19:55 68456 ----a-w- c:\documents and settings\Daniel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-11 10:40 . 2009-10-20 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-11 01:53 . 2009-10-22 21:32 -------- d-----w- c:\program files\Google 2010-01-07 15:07 . 2009-10-19 16:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2009-10-19 16:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-02 15:55 . 2009-10-23 20:58 -------- d-----w- c:\documents and settings\Daniel\Application Data\XnView 2009-12-24 02:33 . 2009-10-20 19:02 -------- d-----w- c:\documents and settings\Daniel\Application Data\BSplayer Pro 2009-12-15 18:23 . 2009-10-19 16:17 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-15 13:19 . 2009-12-15 13:19 -------- d-----w- c:\program files\Avira 2009-12-15 13:19 . 2009-10-19 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-26 09:07 . 2009-10-16 02:51 -------- d-----w- c:\program files\Launch Manager 2009-11-25 22:19 . 2009-10-20 18:34 -------- d-----w- c:\program files\Ahead 2009-11-25 22:19 . 2009-11-25 22:19 -------- d-----w- c:\program files\Common Files\Ahead 2009-11-25 22:08 . 2009-11-25 22:08 -------- d-----w- c:\program files\AskTBar 2009-11-20 22:39 . 2009-10-20 18:23 -------- d-----w- c:\program files\Mv2Player 2009-11-20 22:34 . 2009-11-20 22:34 -------- d-----w- c:\documents and settings\Daniel\Application Data\dvdcss 2009-10-20 20:19 . 2009-10-20 20:19 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-10-20 19:32 . 2009-10-20 19:33 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-10-20 19:32 . 2009-10-20 19:29 38208 ----a-w- c:\documents and settings\Daniel\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-10-20 19:05 . 2009-10-20 19:06 737280 ----a-w- c:\windows\iun6002.exe 2009-10-20 18:44 . 2009-10-20 18:44 0 ----a-w- c:\windows\nsreg.dat 2009-10-19 22:28 . 2009-10-19 22:28 1961720 ----a-w- c:\documents and settings\Daniel\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe . ((((((((((((((((((((((((((((( SnapShot@2010-01-14_19.37.05 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-14 12:00 . 2010-01-14 17:02 68354 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2010-01-15 13:55 68354 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2010-01-15 13:55 435498 c:\windows\system32\perfh009.dat - 2008-04-14 12:00 . 2010-01-14 17:02 435498 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888] "{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-07-02 2215960] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-11-25 57344] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}] 2009-07-02 09:18 2215960 ----a-w- c:\program files\PHPNukeEN\tbPHPN.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-07-02 2215960] [HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-07-02 2215960] [HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VoipStunt"="c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe" [2009-12-02 9109296] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "RTHDCPL"="RTHDCPL.EXE" [2008-07-29 16805888] "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-08 864576] "AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [12/15/2009 2:19 PM 97608] R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [12/15/2009 2:19 PM 388865] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [12/15/2009 2:19 PM 194817] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/15/2009 2:19 PM 108289] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12/15/2009 2:19 PM 434945] R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [12/15/2009 2:19 PM 69632] R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [10/16/2009 3:47 AM 51288] R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [10/16/2009 3:47 AM 43608] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/5/2009 11:46 PM 135664] . Contents of the 'Scheduled Tasks' folder 2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-05 22:45] 2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-05 22:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743 IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll FF - ProfilePath - c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\un63yfa0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\un63yfa0.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************ scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1160) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(1216) c:\program files\Avira\AntiVir Desktop\avsda.dll . Completion time: 2010-01-15 15:24:00 ComboFix-quarantined-files.txt 2010-01-15 14:23 ComboFix2.txt 2010-01-14 19:37 Pre-Run: 5,447,385,088 bytes free Post-Run: 5,401,763,840 bytes free - - End Of File - - 35B7031560DC7D1E2BE8A251B2464D14

Profil

argus Poslao: 15 Jan 2010 20:08 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 15 Jan 2010 20:06 @vdaniel zamolicu te da ponovis postupak jos jednom sa ovom skriptom. Znaci sve isto kao u mom zadnjem postu. Dopuna: 15 Jan 2010 20:08 Pazljivo iskopiraj celu skriptu u notepad.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virusi?

Ko je trenutno na forumu

Ukupno su 1077 korisnika na forumu :: 47 registrovanih, 7 sakrivenih i 1023 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Apok, bankulen, bigfoot, bojanM84, bojcistv, Bokiboks, Boris BM, BORUTUS, cifra, CikaKURE, dane007, darkojbn, debeli, dushan, Fog of War, Frunze, ginjica, gomago, hologram, ikan, Još malo pa deda, kikisp, kripo, kybonacci, milanovic, Millennium, Milos ZA, milutin134, mrav pesadinac, nikoli_ca, panzerwaffe, procesor, Sass Drake, shone34, Springfield, Stanlio, Sumadija34, suton, Trpe Grozni, vathra, Vatreni Zmaj, Vlada1389, x9, zdrebac, Zoca, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by