MyCity » Ambulanta -> Arhiva Ambulante » backdoor.tdss.565 -kako ga ukloniti?

backdoor.tdss.565 -kako ga ukloniti?

Napisano na dan: 1.11.2009

backdoor.tdss.565 -kako ga ukloniti?

Sledeća strana

Pagination

Odgovori

argonaut1 Poslao: 01 Nov 2009 22:30 Idi na vrh
offline argonaut1 Novi MyCity građanin Pridružio: 20 Jun 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pre dva tri dana ubacio sam skriptu u JDownloader koja menja IP adresu modemu radi skidanja programa sa rapida. Priblizno u isto vreme sam ubacio i virtuagirlhd (ne znam da li se sme pisati za neke programe da su krekovani) u glavnom skinuo sam par peceva sa sumnjivih adresa. Prvo su poceli da mi se otvaraju prozori u IE iako koristim mozilu. Deinstalirao sam explorer kao komponentu windowsa ali su prozori iskakali ponovo. Zatim su se culi zvuci sa nekih sajtova iako nista nije bilo pokrenuto na racunaru.(kao da su otvoreni prozori nevidljivi) ZA Firewall me je par puta obavestio da program a.exe trazi pristup internetu posto sam proverio i video da zeli da pristupi adresi rutera dao sam mu dozvolu. Ubrzo je avast poceo da prijavljuje da je a.exe inficiran ali ga nije mogao obrisati pronasao sam ga u c/doc end set/argonaut/loc. setings/temp bilo je nekoliko istih a.exe fajlova ali se dva nisu mogla obrisati. Zatim sam izlistao na netu o a. exe fajlu ,preporucivali su registry buster za njegov popravak. Registry buster se nije mogao instalirati. Daljim Googlanjem sam pronasao program dr.Web . Ovaj program je registrovao backdoor.tdss.565 i jos gomilu drugih stetocina koje je obrisao ali je ovaj prvi samo neutralisao. Pri svakom sledecem skeniranju ovaj nezeljeni program se nalazio na drugom mestu. Pretragom na netu ustanovio sam da mnogo ljudi ima ovaj problem i da ga ne mogu resiti ni jednim alatom (vecina alata ga i ne prepoznaje) a on izgleda dozvoljava pristup svim ostalim stetocinama na netu. Preporucen je program Spyhunter, on je pronasao oko 254 inficiranih fajlova uglavnom nose oznaku Zlob trojan u registri kljucevima. Ovaj program naravno trazi uplatu da bi ocistio inficirane fajlove. Takodje sam probao ciscenje sa Pareto antivirusem i Malwarebytes' Anti-Malware oni ga uopste ne pronalaze. Prilazem fajlove koji su trazeni u uputstvu. Koristim adsl telekom modem HUAWEI 520s realna brzina oko 800 pitanja : Da li postoji neki efikasan besplatan alat za uklanjanje ovih smetnji. U jednom Vasem odgovoru procitao sam da Vam za resavanje ovakvih problema treba i po nekoliko sati. Ukoliko je proces uklanjanja mnogo komplikovan ili ako ce Vam oduzeti mnogo vremena njegovo resavanje, mogu reinstalirati sistem ako se ovaj nezeljeni program nece vratiti sa drugih particija. Hvala i pozdrav mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png DDS (Ver_09-10-26.01) - NTFSx86 Run by ARGONAUT at 18:59:06,98 on ned 01.11.2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.290 [GMT 1:00] AV: Doctor Web Anti-Virus On-access scanning enabled (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B} AV: avast! antivirus 4.8.1356 [VPS 091101-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall enabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\LckFldService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\PROGRA~1\DrWeb\spidernt.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\DrWeb\SpIDerAgent.exe C:\Program Files\DrWeb\spiderml.exe C:\Program Files\DrWeb\spidergate.exe C:\PROGRA~1\DrWeb\spiderui.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe c:\program files\Mozilla Firefox\firefox.exe C:\Documents and Settings\ARGONAUT\Desktop\dds.scr C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = panet.rs/ uSearch Page = uSearch Bar = mSearchAssistant = uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\documents and settings\argonaut\application data\mozilla\firefox\profiles\r3sh46sz.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [Acronis True Image Monitor] "c:\program files\acronis\trueimage\TrueImageMonitor.exe" mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [SpIDerAgent] "c:\program files\drweb\SpIDerAgent.exe" mRun: [SpIDerMail] "c:\program files\drweb\spiderml.exe" mRun: [SpIDerGate] "c:\program files\drweb\spidergate.exe" -autorun mRun: [SpIDerNT] c:\progra~1\drweb\spiderui.exe /agent mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [ParetoLogic Anti-Virus PLUS] "c:\program files\paretologic\anti-virus plus\Pareto_AV.lnk" -NM -hidesplash mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter3.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: c:\program files\drweb\drwebsp.dll DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Notify: AtiExtEvent - Ati2evxx.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\argonaut\applic~1\mozilla\firefox\profiles\r3sh46sz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.panet.rs/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p= FF - component: c:\documents and settings\argonaut\application data\mozilla\firefox\profiles\r3sh46sz.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll FF - plugin: c:\documents and settings\argonaut\application data\mozilla\firefox\profiles\r3sh46sz.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2009-11-1 105080] R0 stwlfbus;stwlfbus;c:\windows\system32\drivers\stwlfbus.sys [2003-4-27 8704] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-5-17 114768] R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-6-17 464264] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-5-17 20560] R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\common files\doctor web\scanning engine\dwengine.exe [2009-9-22 869688] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-13 54752] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656] R2 SPIDER;SpIDer Guard File System Monitor;c:\progra~1\drweb\spider.sys [2009-8-17 306464] R2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\drweb\spidernt.exe [2009-8-17 231328] S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 81688] S2 ZeppelinService;plasservice;c:\program files\common files\paretologic\plas\plasservice.exe [2009-2-18 587216] S3 fsssvc;Usluga Windows Live Porodicna bezbednost;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 MR97310_VGA_DUAL_CAMERA;MR97310 VGA Dual Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2008-9-1 116078] S3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [2005-4-8 162176] S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2008-5-24 35216] S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2008-5-24 35216] S4 st3wolf;st3wolf;c:\windows\system32\drivers\st3wolf.sys [2003-4-27 99360] =============== Created Last 30 ================ 2009-11-01 16:11:33 646944 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-11-01 16:11:33 3872 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-11-01 16:11:33 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-11-01 16:11:33 32 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-11-01 16:10:29 0 -c--a-w- C:\rollback.ini 2009-11-01 15:37:23 0 d-----w- c:\program files\Enigma Software Group 2009-11-01 15:23:31 0 d-----w- c:\program files\NetLimiter 2 Monitor 2009-11-01 15:16:58 0 dc----w- c:\docume~1\alluse~1\applic~1\ParetoLogic Anti-Virus PLUS 2009-11-01 15:16:57 0 d-----w- c:\program files\ParetoLogic 2009-11-01 15:16:57 0 d-----w- c:\program files\common files\ParetoLogic 2009-11-01 10:57:15 105080 ----a-w- c:\windows\system32\drivers\dwprot.sys 2009-11-01 10:56:54 0 d-----w- c:\program files\common files\Doctor Web 2009-11-01 10:56:47 0 dc----w- c:\docume~1\alluse~1\applic~1\Doctor Web 2009-11-01 10:56:46 0 d-----w- c:\program files\DrWeb 2009-10-31 10:12:45 0 dc----w- C:\VundoFix Backups 2009-10-30 19:07:00 0 d-----w- c:\documents and settings\argonaut\DoctorWeb 2009-10-29 22:10:39 14 ----a-w- c:\windows\popcinfo.dat 2009-10-29 18:36:48 0 dc----w- C:\vghd 2009-10-29 17:33:10 0 d-----w- c:\program files\PowerQuest 2009-10-29 16:30:24 208640 ----a-w- c:\windows\system32\drivers\timntr.sys 2009-10-29 16:30:24 126976 ----a-w- c:\windows\system32\snapapi.dll 2009-10-27 20:23:11 0 d--h--w- c:\windows\PIF 2009-10-27 14:48:44 0 d-----w- c:\docume~1\argonaut\applic~1\FireShot 2009-10-26 19:32:52 7 ----a-w- c:\windows\sbacknt.bin 2009-10-17 18:43:59 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys 2009-10-17 18:42:55 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll 2009-10-17 18:41:55 369664 -c--a-w- c:\windows\system32\dllcache\asp51.dll 2009-10-17 18:39:30 488 ---ha-r- c:\windows\system32\logonui.exe.manifest 2009-10-17 18:39:22 749 ---ha-r- c:\windows\WindowsShell.Manifest 2009-10-17 18:39:22 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest 2009-10-17 18:39:22 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest 2009-10-17 18:39:22 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest 2009-10-17 18:39:22 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest 2009-10-17 18:36:27 88192 ----a-w- c:\windows\system32\drivers\irda.sys 2009-10-17 18:36:27 28160 ----a-w- c:\windows\system32\irmon.dll 2009-10-17 18:36:27 151552 ----a-w- c:\windows\system32\irftp.exe 2009-10-17 18:36:26 8192 ----a-w- c:\windows\system32\wshirda.dll 2009-10-17 18:33:04 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys 2009-10-17 18:31:18 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys 2009-10-17 18:29:23 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2009-10-17 18:29:23 24661 ----a-w- c:\windows\system32\spxcoins.dll 2009-10-17 18:29:23 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2009-10-17 18:29:23 13312 ----a-w- c:\windows\system32\irclass.dll ==================== Find3M ==================== 2009-10-29 16:30:24 81088 ----a-w- c:\windows\system32\drivers\snapman.sys 2009-10-29 16:30:24 37888 ----a-w- c:\windows\system32\setupnt.dll 2009-10-29 16:30:24 28096 ----a-w- c:\windows\system32\drivers\tifsfilt.sys 2009-10-17 18:37:52 22748 ----a-w- c:\windows\system32\emptyregdb.dat 2009-09-10 13:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 13:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-16 00:31:34 107888 ----a-w- c:\windows\system32\CmdLineExt.dll ============= FINISH: 19:03:18,43 ===============

Profil

helen1 Poslao: 01 Nov 2009 22:48 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

argonaut1 Poslao: 02 Nov 2009 02:05 Idi na vrh
offline argonaut1 Novi MyCity građanin Pridružio: 20 Jun 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izgleda da smo resili problem Dr.Web nije pronasao nista posle combofix-a. Zahvaljujem se na strpljenju i uputstvima Evo izvestaja: ComboFix 09-10-30.01 - ARGONAUT 02.11.2009 1:13.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.622 [GMT 1:00] Running from: c:\documents and settings\ARGONAUT\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1356 [VPS 091101-1] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall enabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\atiptaxx .exe c:\windows\system32\ctfmon .exe c:\windows\system32\Mlkf.dll c:\windows\system32\ntSVc.ocx Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected Restored copy from - Kitty ate it :p . ((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 ))))))))))))))))))))))))))))))) . 2009-11-01 21:53 . 2009-11-01 21:53 -------- d-----w- c:\program files\ESET 2009-11-01 16:11 . 2009-11-01 23:07 1288480 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-11-01 16:11 . 2009-11-01 23:07 12064 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-11-01 15:37 . 2009-11-01 15:37 -------- d-----w- c:\program files\Enigma Software Group 2009-11-01 15:23 . 2009-11-01 15:23 -------- d-----w- c:\program files\NetLimiter 2 Monitor 2009-11-01 15:16 . 2009-11-01 15:16 -------- dc----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS 2009-11-01 15:16 . 2009-11-01 15:16 -------- d-----w- c:\program files\Common Files\ParetoLogic 2009-11-01 15:16 . 2009-11-01 15:16 -------- d-----w- c:\program files\ParetoLogic 2009-11-01 15:15 . 2009-11-01 15:15 -------- d-----w- c:\documents and settings\ARGONAUT\Local Settings\Application Data\Downloaded Installations 2009-11-01 10:56 . 2009-11-01 23:31 -------- d-----w- c:\program files\DrWeb 2009-10-31 16:22 . 2009-10-31 16:23 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2009-10-31 15:45 . 2009-10-31 16:17 -------- dc----w- c:\documents and settings\Administrator\DoctorWeb 2009-10-30 19:07 . 2009-11-01 13:40 -------- d-----w- c:\documents and settings\ARGONAUT\DoctorWeb 2009-10-29 22:10 . 2009-10-29 22:10 14 ----a-w- c:\windows\popcinfo.dat 2009-10-29 18:36 . 2009-10-29 18:46 -------- dc----w- C:\vghd 2009-10-29 17:33 . 2009-10-29 17:33 -------- d-----w- c:\program files\PowerQuest 2009-10-29 16:30 . 2009-10-29 16:30 208640 ----a-w- c:\windows\system32\drivers\timntr.sys 2009-10-29 16:30 . 2009-10-29 16:30 126976 ----a-w- c:\windows\system32\snapapi.dll 2009-10-29 16:30 . 2009-10-29 16:30 -------- d-----w- c:\program files\Acronis 2009-10-28 20:28 . 2009-10-28 20:29 -------- d-----w- c:\program files\QuickTime 2009-10-28 20:28 . 2009-10-28 20:28 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-10-28 20:26 . 2009-10-28 20:26 -------- d-----w- c:\program files\Common Files\Apple 2009-10-27 20:23 . 2009-10-27 20:23 -------- d--h--w- c:\windows\PIF 2009-10-27 14:48 . 2009-10-27 14:48 -------- d-----w- c:\documents and settings\ARGONAUT\Application Data\FireShot 2009-10-26 19:32 . 2009-10-28 18:51 7 ----a-w- c:\windows\sbacknt.bin 2009-10-17 18:43 . 2008-04-14 12:00 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys 2009-10-17 18:42 . 2008-04-14 12:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll 2009-10-17 18:41 . 2008-04-14 12:00 369664 -c--a-w- c:\windows\system32\dllcache\asp51.dll 2009-10-17 18:36 . 2008-04-14 03:42 151552 ----a-w- c:\windows\system32\irftp.exe 2009-10-17 18:36 . 2008-04-14 03:41 28160 ----a-w- c:\windows\system32\irmon.dll 2009-10-17 18:36 . 2008-04-13 22:24 88192 ----a-w- c:\windows\system32\drivers\irda.sys 2009-10-17 18:36 . 2008-04-14 03:42 8192 ----a-w- c:\windows\system32\wshirda.dll 2009-10-17 18:33 . 2001-08-17 10:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys 2009-10-17 18:31 . 2001-08-17 11:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys 2009-10-17 18:29 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2009-10-17 18:29 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2009-10-17 18:29 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2009-10-17 18:29 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll 2009-10-17 17:24 . 2009-10-17 17:24 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-01 23:07 . 2009-11-01 16:11 3200 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-11-01 23:07 . 2009-11-01 16:11 22508 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-11-01 15:16 . 2009-08-13 21:39 -------- dc----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-10-31 18:15 . 2009-02-14 20:12 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-30 18:38 . 2009-06-30 09:24 -------- d-----w- c:\documents and settings\ARGONAUT\Application Data\Uniblue 2009-10-30 18:37 . 2009-06-30 09:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1} 2009-10-30 18:27 . 2009-07-22 21:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-30 18:12 . 2008-10-28 15:41 -------- d-----w- c:\program files\Norton Security Scan 2009-10-30 18:11 . 2009-09-09 18:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton 2009-10-30 18:10 . 2008-10-28 17:48 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-29 17:33 . 2008-04-25 23:04 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-29 17:06 . 2009-08-17 20:30 15 ----a-w- c:\windows\system32\mslck.dat 2009-10-29 16:30 . 2008-04-26 01:14 -------- d-----w- c:\program files\Common Files\Acronis 2009-10-29 16:30 . 2008-04-26 01:14 81088 ----a-w- c:\windows\system32\drivers\snapman.sys 2009-10-29 16:30 . 2008-04-26 01:14 37888 ----a-w- c:\windows\system32\setupnt.dll 2009-10-29 16:30 . 2008-04-26 01:14 28096 ----a-w- c:\windows\system32\drivers\tifsfilt.sys 2009-10-28 19:07 . 2009-08-14 09:25 -------- d-----w- c:\program files\FDN 2009-10-28 16:44 . 2009-04-17 00:51 4 ----a-w- c:\windows\info147.sys 2009-10-17 18:37 . 2008-04-25 22:38 22748 ----a-w- c:\windows\system32\emptyregdb.dat 2009-09-30 12:43 . 2009-09-30 12:43 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-30 12:42 . 2009-03-13 14:54 -------- d-----w- c:\program files\Windows Live 2009-09-27 16:34 . 2009-08-22 02:21 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-15 10:59 . 2008-05-17 08:43 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-15 10:56 . 2008-05-17 08:43 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-15 10:56 . 2008-05-17 08:43 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-15 10:55 . 2008-05-17 08:43 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-15 10:55 . 2008-05-17 08:43 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-15 10:54 . 2008-05-17 08:43 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-15 10:54 . 2008-05-17 08:43 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-15 10:53 . 2008-05-17 08:43 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-15 10:53 . 2008-05-17 08:43 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-10 13:54 . 2009-07-22 21:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 13:53 . 2009-07-22 21:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-09 17:09 . 2009-09-09 17:09 -------- dc----w- c:\documents and settings\All Users\Application Data\Symantec 2009-09-09 17:09 . 2009-09-09 17:09 -------- dc----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-08-18 21:59 . 2009-08-18 21:59 0 ----a-w- c:\windows\nsreg.dat 2009-08-18 21:27 . 2009-08-18 21:27 58 ----a-w- c:\windows\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat 2009-08-18 21:27 . 2009-08-18 21:27 58 ----a-w- c:\documents and settings\ARGONAUT\Local Settings\Application Data\DonationCoder_ScreenshotCaptor_InstallInfo.dat 2009-08-17 16:44 . 2008-04-25 23:11 64760 ----a-w- c:\documents and settings\ARGONAUT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-16 00:31 . 2008-11-20 20:02 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-08-14 04:47 . 2009-08-14 04:47 153744 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-08-05 20:48 . 2009-03-13 19:27 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-10-16 16:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-10-08 10:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384] "Acronis True Image Monitor"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2009-10-29 417431] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-10-29 61440] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-21 198160] "SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-09-30 866200] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "UPS"=3 (0x3) "TermService"=3 (0x3) "RasAuto"=3 (0x3) "mnmsrvc"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DLIGHTER"=c:\program files\Desktop Lighter\DLighter.exe /h [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" -lang 1033 "SoundMan"=SOUNDMAN.EXE "SweetIM"=c:\program files\SweetIM\Messenger\SweetIM.exe "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= R0 stwlfbus;stwlfbus;c:\windows\system32\drivers\stwlfbus.sys [27.4.2003 11:39 8704] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17.5.2008 9:43 114768] R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 17:08 81688] R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [17.6.2009 22:14 464264] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.5.2008 9:43 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [13.3.2009 20:27 54752] R2 ZeppelinService;plasservice;c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [18.2.2009 14:40 587216] S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?] S3 fsssvc;Usluga Windows Live Porodicna bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 21:48 704864] S3 MR97310_VGA_DUAL_CAMERA;MR97310 VGA Dual Mode Camera;c:\windows\system32\drivers\mr97310v.sys [1.9.2008 20:01 116078] S3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [8.4.2005 9:46 162176] S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [24.5.2008 11:33 35216] S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [24.5.2008 11:33 35216] S4 st3wolf;st3wolf;c:\windows\system32\drivers\st3wolf.sys [27.4.2003 10:43 99360] --- Other Services/Drivers In Memory --- NewlyCreated - CLASSPNP_2 NewlyCreated - MBR Deregistered - CLASSPNP_2 Deregistered - mbr Deregistered - mchInjDrv . Contents of the 'Scheduled Tasks' folder 2009-10-30 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 04:51] 2009-11-01 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 11:25] . . ------- Supplementary Scan ------- . uStart Page = panet.rs/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\ARGONAUT\Application Data\Mozilla\Firefox\Profiles\r3sh46sz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.panet.rs/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p= FF - component: c:\documents and settings\ARGONAUT\Application Data\Mozilla\Firefox\Profiles\r3sh46sz.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll FF - plugin: c:\documents and settings\ARGONAUT\Application Data\Mozilla\Firefox\Profiles\r3sh46sz.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - HKLM-Run-ParetoLogic Anti-Virus PLUS - c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-11-02 01:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(828-) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3544) c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\NetLimiter 2 Monitor\nlsvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\System32\PAStiSvc.exe c:\program files\Real\RealPlayer\RealPlay.exe . ************************************************************************ . Completion time: 2009-11-02 1:27 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-02 00:27 Pre-Run: 612.167.680 bytes free Post-Run: 773.025.792 bytes free - - End Of File - - CB9A75997BC34C997FFA82141AC2801E

Profil

helen1 Poslao: 02 Nov 2009 18:51 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To bi bilo to. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

argonaut1 Poslao: 02 Nov 2009 23:06 Idi na vrh
offline argonaut1 Novi MyCity građanin Pridružio: 20 Jun 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dobro je da sam opet pogledao temu. Tek sada sam izvrsio deinstalaciju, nadam se da nije prouzrokovalo neki problem posto sam koristio racunar skoro ceo dan. Interesuje me za sta se jos moze koristiti combofix. Hvala pozdrav

Profil

helen1 Poslao: 03 Nov 2009 14:55 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! argonaut1 :: Interesuje me za sta se jos moze koristiti combofix. Ti ga mozes koristiti samo kad ti neka strucna osoba koja je prosla obuku sa njim kaze sta da radis. U suprotnom mozes ostetiti sistem i izgubiti podatke.

Profil

argonaut1 Poslao: 03 Nov 2009 20:18 Idi na vrh
offline argonaut1 Novi MyCity građanin Pridružio: 20 Jun 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da procunjao sam po netu , svuda napominju da combofix moze biti prilicno nezgodna alatka za neupucene korisnike. Onda mi je postalo jasno zasto prvo moraju da se urade snimci sistema,pa tek onda da se odabere potreban alat.. Na srecu sada znam kome mogu da se obratim ako zapnem ponovo.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » backdoor.tdss.565 -kako ga ukloniti?

Ko je trenutno na forumu

Ukupno su 1238 korisnika na forumu :: 67 registrovanih, 7 sakrivenih i 1164 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., AK - 230, alkatraz080, amaterSRB, Andrija357, bojcistv, ccoogg123, Danijel99, DejanSt, dencorr, djboj, DonRumataEstorski, DPera, Dragan1998, draganca, drazenm, dulleo, esx66, Faki-Valjevo, Georgius, goxin, h8propaganda, havoc995, hologram, hooraay, ILGromovnik, Istman, ivica976, jukeboxer, Klecaviks, kolle.the.kid, Kubovac, kunktator, kybonacci, madza, mercedesamg, Mercury, Mi lao shu, milenko crazy north, milimoj, moldway, mrav pesadinac, Nemanja.M, Ognjen D., oldtimer, panzerwaffe, Petarvu, procesor, raketaš, raptorsi, robert1979, Romibrat, sasa87, savaskytec, Singidunumac, slonic_tonic, Smajser, tomigun, uruk, vathra, virked, VJ, voja64, wolverined4, ZetaMan, 125, 1107

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by