|
Poslao: 22 Avg 2011 02:07
|
offline
- llass
- Novi MyCity građanin
- Pridružio: 22 Avg 2011
- Poruke: 5
|
Pozdrav
Pre nekoliko sati brat mi je pokupio ovaj virus na fejsu. kompjuter se restartovao i otiso u safe mode na nekoliko minuta a onda se sistem normalno pokrenuo, sve je radilo ok osim fejsa. izlazi poruka problem loading paege ili tako nesto. Avira koju sam koristio je bila u nekom enhanced modu. Posto mi je to sve bilo sumnjivo malo sam potrazio po netu i na par foruma pronasao da se ljudi zale na slicne probleme i da je u pitanju nekakav hi trojanac sa fejsa. Na zalost nisam VAS nasao iz prve pa sam sam skinuo malwarebytes i skenirao sistem. Scan mi je pokazao preko 130 inficiranih fajlova koje sam sve lepo posalo i karantin  Medjutim na fejs je i dalje nemoguce konektovati se, sto mi i nije neki problem ali me brine da li je virus ociscen iz racunara.
Prilazem sve po uputstvu is KAKO OTVORITI TEMU
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by MISA at 1:27:08 on 2011-08-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.39 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\update.7.1\svchostdriver.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\cacaoweb\cacaoweb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\MISA\Local Settings\Application Data\Skillbrains\lightshot\1.4.0.0\LightShot.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Fortune Poker\poker.exe
C:\Program Files\Fortune Poker\browserhost.exe
C:\Program Files\Fortune Poker\poker.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\update.7.1\svchostdriver.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mSearchAssistant = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
uURLSearchHooks: 4shared.com Toolbar: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com\prxtb4sh2.dll
BHO: 4shared.com Toolbar: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com\prxtb4sh2.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: 4shared.com Toolbar: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com\prxtb4sh2.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [cacaoweb] "c:\program files\cacaoweb\cacaoweb.exe" -noplayer
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightShot] c:\documents and settings\misa\local settings\application data\skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
uRun: [CPN Notifier] c:\program files\cake poker 2.0\PokerNotifier.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [4shared Update] "c:\program files\4shared desktop\checkUpdate.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [TWCU] "c:\program files\tp-link\twcu\TWCU.exe" -nogui
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [tray_ico]
mRun: [tray_ico2]
mRun: [tray_ico3]
mRun: [tray_ico4]
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.189\SSScheduler.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared desktop\down_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\documents and settings\misa\desktop\PartyPoker.lnk
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
TCP: Interfaces\{8A4755A2-6DE3-49D7-BD01-194C41B49A8C} : NameServer = 93.87.32.50 93.87.33.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
mASetup: {7L00YFIL-ORTD-NDX8-8FHK-MXZ1AKU5GQQR} - c:\docume~1\misa\locals~1\temp\application.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\misa\application data\mozilla\firefox\profiles\sxvasza2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ChatVibes Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\misa\application data\mozilla\firefox\profiles\sxvasza2.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\misa\application data\mozilla\firefox\profiles\sxvasza2.default\extensions\{394dcba4-1f92-4f8e-8ec9-8d2cb90cb69b}\components\ScreenshotXPCOM.dll
FF - component: c:\documents and settings\misa\application data\mozilla\firefox\profiles\sxvasza2.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\misa\application data\mozilla\firefox\profiles\sxvasza2.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\misa\application data\mozilla\firefox\profiles\sxvasza2.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\misa\application data\mozilla\firefox\profiles\sxvasza2.default\extensions\{aa994882-f391-4d2e-806f-8908da4814ed}\platform\winnt\components\kikin_3_0.dll
FF - component: c:\documents and settings\misa\application data\mozilla\firefox\profiles\sxvasza2.default\extensions\{aa994882-f391-4d2e-806f-8908da4814ed}\platform\winnt\components\kikin_3_6.dll
FF - component: c:\documents and settings\misa\application data\mozilla\firefox\profiles\sxvasza2.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\misa\application data\mozilla\firefox\profiles\sxvasza2.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\misa\application data\mozilla\firefox\profiles\sxvasza2.default\extensions\{394dcba4-1f92-4f8e-8ec9-8d2cb90cb69b}\plugins\npLightshot.dll
FF - plugin: c:\documents and settings\misa\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-1-28 387072]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-14 56816]
R2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe srv --> c:\windows\update.7.1\svchostdriver.exe srv [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-22 366640]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-3-13 65536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-22 22712]
S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]
S2 AntiVirService;Avira AntiVir Guard;"c:\program files\avira\antivir desktop\avguard.exe" --> c:\program files\avira\antivir desktop\avguard.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-1-4 100480]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-22 41272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.189\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.189\McCHSvc.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-21 22:07:27 -------- d-----w- c:\documents and settings\misa\application data\Malwarebytes
2011-08-21 22:07:16 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-21 22:07:15 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-21 22:07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-21 22:07:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-21 12:54:06 -------- d-----w- c:\windows\ufa
2011-08-21 12:54:06 -------- d-----w- c:\windows\phoenix
2011-08-21 12:48:01 -------- d--h--w- c:\windows\update.5.0
2011-08-21 12:45:58 -------- d--h--w- c:\windows\update.7.1
2011-08-21 12:45:29 246272 ----a-w- c:\windows\unrar.exe
2011-08-21 12:45:05 -------- d--h--w- c:\windows\update.2
2011-08-21 12:42:23 -------- d-----w- c:\windows\av_ico
2011-08-21 12:40:48 -------- d--h--w- c:\windows\update.1
2011-08-21 12:40:33 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-08-21 12:40:33 -------- d--h--w- c:\windows\update.tray-9-0
2011-08-21 12:40:33 -------- d--h--w- c:\windows\update.tray-8-0-lnk
2011-08-21 12:40:33 -------- d--h--w- c:\windows\update.tray-8-0
2011-08-20 16:05:43 -------- d-----w- c:\program files\ChatVibes Toolbar
2011-08-20 12:29:14 -------- d-----w- c:\documents and settings\all users\application data\YouTube Downloader
2011-08-20 12:28:58 -------- d-----w- c:\program files\YouTube Downloader
2011-08-18 01:54:10 -------- d-----w- c:\program files\Allmyapps
2011-08-10 19:12:02 -------- d-----w- c:\program files\Fortune Poker
2011-08-08 16:25:41 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2011-08-08 16:25:25 -------- d-----w- c:\program files\W3i, LLC
2011-07-26 14:13:51 -------- d-----w- c:\documents and settings\misa\application data\UBNet
2011-07-26 14:13:48 -------- d-----w- c:\program files\UBNet
.
==================== Find3M ====================
.
2011-08-21 12:44:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 16:25:33 118784 ----a-w- c:\windows\web\wallpaper\living waterfalls wallpaper #1 dir\uninstall.exe
.
============= FINISH: 1:28:23.04 ===============
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
|
|
|
|
|
|
|
Poslao: 22 Avg 2011 02:35
|
offline
- NIx Car
- Legendarni građanin
- Més que un club
- Glavni vokal @ Harpun
- Pridružio: 27 Feb 2009
- Poruke: 3898
- Gde živiš: Novi Sad,Klisa
|
Pozdrav llass
U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.
Za vise informacija o pravilima Ambulante MyCity foruma: LINK
-------------------------------------------------------------------------------------
Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:
Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.
 Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.
Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.
Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.
NIx Car (AMF Tim)
|
|
|
|
|
|
|
Poslao: 22 Avg 2011 03:42
|
offline
- llass
- Novi MyCity građanin
- Pridružio: 22 Avg 2011
- Poruke: 5
|
Skeniranje zavrseno, evo izvestaja
ComboFix 11-08-21.01 - MISA 08/22/2011 3:14.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.196 [GMT 2:00]
Running from: c:\documents and settings\MISA\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\MISA\Application Data\cacaoweb
c:\documents and settings\MISA\Application Data\cacaoweb\errorlog.txt
c:\documents and settings\MISA\Application Data\cacaoweb\npdfile.dat
c:\documents and settings\MISA\Application Data\cacaoweb\replicating4732F219BFD3345EE8F66AA626B5F6CD.cacao
c:\documents and settings\MISA\Application Data\cacaoweb\replicating56586325B4DCA5E0D40E8C30784658C3.cacao
c:\documents and settings\MISA\Application Data\cacaoweb\replicating8366C48D451E2C1007251CCF47FE1058.cacao
c:\documents and settings\MISA\Application Data\cacaoweb\replicating9C53BD64D25654A0F29988F2E143FE4A.cacao
c:\documents and settings\MISA\Application Data\cacaoweb\storage.db
c:\documents and settings\MISA\Application Data\facemoods.com
c:\documents and settings\MISA\Application Data\PriceGong
c:\documents and settings\MISA\Application Data\PriceGong\Data\1.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\a.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\b.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\c.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\d.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\e.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\f.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\g.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\h.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\i.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\J.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\k.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\l.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\m.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\n.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\o.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\p.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\q.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\r.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\s.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\t.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\u.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\v.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\w.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\x.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\y.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\z.xml
c:\documents and settings\MISA\WINDOWS
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\system32\Cache
c:\windows\TEMP\logishrd\LVPrcInj02.dll
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS
.
.
((((((((((((((((((((((((( Files Created from 2011-07-22 to 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 01:30 . 2011-08-22 01:31 -------- d-----w- c:\documents and settings\MISA\Application Data\cacaoweb
2011-08-21 22:07 . 2011-08-21 22:07 -------- d-----w- c:\documents and settings\MISA\Application Data\Malwarebytes
2011-08-21 22:07 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-21 22:07 . 2011-08-21 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-21 22:07 . 2011-08-21 22:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-21 22:07 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-21 17:48 . 2011-08-21 17:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-08-21 17:48 . 2011-08-21 17:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\YouTube Downloader
2011-08-21 12:54 . 2011-08-21 12:54 -------- d-----w- c:\windows\ufa
2011-08-21 12:47 . 2011-08-21 12:47 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-08-21 12:45 . 2011-08-21 12:46 -------- d--h--w- c:\windows\update.7.1
2011-08-21 12:45 . 2011-08-21 12:58 246272 ----a-w- c:\windows\unrar.exe
2011-08-21 12:42 . 2011-08-21 12:42 -------- d-----w- c:\windows\av_ico
2011-08-21 12:40 . 2011-08-21 22:32 -------- d--h--w- c:\windows\update.tray-9-0
2011-08-21 12:40 . 2011-08-21 22:32 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-08-21 12:40 . 2011-08-21 22:32 -------- d--h--w- c:\windows\update.tray-8-0
2011-08-21 12:40 . 2011-08-21 12:40 -------- d--h--w- c:\windows\update.tray-8-0-lnk
2011-08-20 16:05 . 2011-08-20 16:05 -------- d-----w- c:\program files\ChatVibes Toolbar
2011-08-20 12:29 . 2011-08-20 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\YouTube Downloader
2011-08-20 12:28 . 2011-08-20 12:29 -------- d-----w- c:\program files\YouTube Downloader
2011-08-18 01:54 . 2011-08-18 01:57 -------- d-----w- c:\program files\Allmyapps
2011-08-10 19:12 . 2011-08-16 21:52 -------- d-----w- c:\program files\Fortune Poker
2011-08-08 16:25 . 2011-08-08 16:45 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2011-08-08 16:25 . 2011-08-08 16:36 -------- d-----w- c:\program files\W3i, LLC
2011-07-26 14:13 . 2011-07-26 14:25 -------- d-----w- c:\documents and settings\MISA\Application Data\UBNet
2011-07-26 14:13 . 2011-07-26 14:13 -------- d-----w- c:\program files\UBNet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-21 12:44 . 2011-07-11 10:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 16:25 . 2011-08-08 16:25 118784 ----a-w- c:\windows\web\Wallpaper\Living Waterfalls Wallpaper #1 dir\uninstall.exe
2011-08-21 06:52 . 2011-04-30 19:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\prxtb4sh2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2011-01-17 14:54 175912 ----a-w- c:\program files\4shared.com\prxtb4sh2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51 919408 ----a-w- c:\program files\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\prxtb4sh2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\program files\4shared.com\prxtb4sh2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"cacaoweb"="c:\program files\cacaoweb\cacaoweb.exe" [2011-08-17 399088]
"LightShot"="c:\documents and settings\MISA\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe" [2010-01-02 195072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-24 274608]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2010-12-07 608760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.189\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\cacaoweb\\cacaoweb.exe"=
"c:\\Program Files\\B2BPOKER\\Club4aces\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"d:\\MUZIKA\\P AKSENTIJEVIC\\VideoToMp3Setup.exe"=
"c:\\Program Files\\24hPoker\\pokerclient\\24hPoker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Cake Poker 2.0\\PokerClient.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
"4100:UDP"= 4100:UDP:uPNP Router Control Port
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/20/2011 2:59 PM 639224]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/28/2011 6:10 PM 387072]
R2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe srv --> c:\windows\update.7.1\svchostdriver.exe srv [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/22/2011 12:07 AM 366640]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [3/13/2009 6:50 AM 65536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/22/2011 12:07 AM 22712]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 4:53 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 4:53 PM 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1/4/2011 5:24 PM 100480]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/22/2011 12:07 AM 41272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.189\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.189\McCHSvc.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 14:53]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 14:53]
.
2011-08-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-1580436667-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-1580436667-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-21 c:\windows\Tasks\update-S-1-5-21-1214440339-1580436667-1417001333-1003.job
- c:\program files\Skillbrains\Updater\Updater.exe [2011-04-07 20:09]
.
2011-08-21 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2011-04-07 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
FF - ProfilePath - c:\documents and settings\MISA\Application Data\Mozilla\Firefox\Profiles\sxvasza2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ChatVibes Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
Toolbar-10 - (no file)
HKCU-Run-CPN Notifier - c:\program files\Cake Poker 2.0\PokerNotifier.exe
HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-08-22 03:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
cacaoweb = "c:\program files\cacaoweb\cacaoweb.exe" -noplayer?abled:cacaoweb?es??????????????????R?????????????\?R???R???????????R???R????|@??|????????????????( ??????Service Pack 3?????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1214440339-1580436667-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f9,3c,0d,53,60,0d,fd,64,8f,46,ea,ff,07,81,80,ed,2a,2e,04,50,8a,ed,41,
2e,b9,39,38,52,72,ad,b6,64,15,7a,2b,34,d8,a0,17,99,cf,59,46,45,dc,13,d0,0f,\
"??"=hex:74,c6,c3,61,75,60,5e,94,14,1f,86,28,72,f5,79,33
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3588-)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\update.7.1\svchostdriver.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\update.7.1\svchostdriver.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\rundll32.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\documents and settings\MISA\Local Settings\Application Data\Skillbrains\lightshot\1.4.0.0\LightShot.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-08-22 03:37:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-22 01:37
.
Pre-Run: 48,593,358,848 bytes free
Post-Run: 50,806,411,264 bytes free
.
- - End Of File - - B3D0F211876044D90DE664245F5DC8D2
|
|
|
|
|
|
|
Poslao: 22 Avg 2011 13:52
|
offline
- NIx Car
- Legendarni građanin
- Més que un club
- Glavni vokal @ Harpun
- Pridružio: 27 Feb 2009
- Poruke: 3898
- Gde živiš: Novi Sad,Klisa
|
Otvoriti Notepad i iskopirati sledeci tekst:
Driver::
Application Updater
ddservice
File::
c:\windows\unrar.exe
Folder::
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-8-0
c:\windows\update.tray-9-0-lnk
c:\windows\update.tray-9-0
c:\windows\av_ico
c:\windows\update.7.1
c:\windows\ufa
c:\program files\Application Updater
DirLook::
c:\documents and settings\LocalService\IETldCache
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
|
|
|
|
|
|
|
Poslao: 22 Avg 2011 18:41
|
offline
- llass
- Novi MyCity građanin
- Pridružio: 22 Avg 2011
- Poruke: 5
|
Log nakon novog skeniranja.
ComboFix 11-08-22.03 - MISA 08/22/2011 18:18:08.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.222 [GMT 2:00]
Running from: c:\documents and settings\MISA\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MISA\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\MISA\Application Data\cacaoweb
c:\documents and settings\MISA\Application Data\cacaoweb\npdfile.dat
c:\documents and settings\MISA\Application Data\cacaoweb\storage.db
c:\program files\Application Updater
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\Application Updater\config.ini
c:\windows\av_ico
c:\windows\av_ico\ico_avira_start.ico
c:\windows\av_ico\ico_mcafee_start.ico
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-8-0-lnk\svchost.exe
c:\windows\update.tray-8-0
c:\windows\update.tray-9-0-lnk
c:\windows\update.tray-9-0
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_APPLICATION_UPDATER
-------\Legacy_DDSERVICE
-------\Service_Application Updater
-------\Service_ddservice
.
.
((((((((((((((((((((((((( Files Created from 2011-07-22 to 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 16:32 . 2011-08-22 16:33 -------- d-----w- c:\documents and settings\MISA\Application Data\cacaoweb
2011-08-21 22:07 . 2011-08-21 22:07 -------- d-----w- c:\documents and settings\MISA\Application Data\Malwarebytes
2011-08-21 22:07 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-21 22:07 . 2011-08-21 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-21 22:07 . 2011-08-21 22:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-21 22:07 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-21 17:48 . 2011-08-21 17:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-08-21 17:48 . 2011-08-21 17:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\YouTube Downloader
2011-08-21 12:47 . 2011-08-21 12:47 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-08-21 12:45 . 2011-08-21 12:58 246272 ----a-w- c:\windows\unrar.exe
2011-08-20 16:05 . 2011-08-20 16:05 -------- d-----w- c:\program files\ChatVibes Toolbar
2011-08-20 12:29 . 2011-08-20 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\YouTube Downloader
2011-08-20 12:28 . 2011-08-20 12:29 -------- d-----w- c:\program files\YouTube Downloader
2011-08-18 01:54 . 2011-08-18 01:57 -------- d-----w- c:\program files\Allmyapps
2011-08-10 19:12 . 2011-08-16 21:52 -------- d-----w- c:\program files\Fortune Poker
2011-08-08 16:25 . 2011-08-08 16:45 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2011-08-08 16:25 . 2011-08-08 16:36 -------- d-----w- c:\program files\W3i, LLC
2011-07-26 14:13 . 2011-07-26 14:25 -------- d-----w- c:\documents and settings\MISA\Application Data\UBNet
2011-07-26 14:13 . 2011-07-26 14:13 -------- d-----w- c:\program files\UBNet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-21 12:44 . 2011-07-11 10:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 16:25 . 2011-08-08 16:25 118784 ----a-w- c:\windows\web\Wallpaper\Living Waterfalls Wallpaper #1 dir\uninstall.exe
2011-08-21 06:52 . 2011-04-30 19:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\LocalService\IETldCache ----
.
2011-08-21 12:47 . 2011-08-22 14:55 245760 --sha-w- c:\documents and settings\LocalService\IETldCache\index.dat
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-22_01.31.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-22 16:32 . 2011-08-22 16:32 16384 c:\windows\Temp\Perflib_Perfdata_6d0.dat
+ 2001-08-23 11:00 . 2011-08-22 13:18 84310 c:\windows\system32\perfc009.dat
- 2001-08-23 11:00 . 2011-08-22 01:08 84310 c:\windows\system32\perfc009.dat
+ 2001-08-23 11:00 . 2011-08-22 13:18 495848 c:\windows\system32\perfh009.dat
- 2001-08-23 11:00 . 2011-08-22 01:08 495848 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\prxtb4sh2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2011-01-17 14:54 175912 ----a-w- c:\program files\4shared.com\prxtb4sh2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51 919408 ----a-w- c:\program files\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\prxtb4sh2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\program files\4shared.com\prxtb4sh2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"cacaoweb"="c:\program files\cacaoweb\cacaoweb.exe" [2011-08-17 399088]
"LightShot"="c:\documents and settings\MISA\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe" [2010-01-02 195072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-24 274608]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2010-12-07 608760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.189\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\cacaoweb\\cacaoweb.exe"=
"c:\\Program Files\\B2BPOKER\\Club4aces\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"d:\\MUZIKA\\P AKSENTIJEVIC\\VideoToMp3Setup.exe"=
"c:\\Program Files\\24hPoker\\pokerclient\\24hPoker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Cake Poker 2.0\\PokerClient.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
"4100:UDP"= 4100:UDP:uPNP Router Control Port
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/20/2011 2:59 PM 639224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/22/2011 12:07 AM 366640]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [3/13/2009 6:50 AM 65536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/22/2011 12:07 AM 22712]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 4:53 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 4:53 PM 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1/4/2011 5:24 PM 100480]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/22/2011 12:07 AM 41272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.189\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.189\McCHSvc.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 14:53]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 14:53]
.
2011-08-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-1580436667-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-1580436667-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-22 c:\windows\Tasks\update-S-1-5-21-1214440339-1580436667-1417001333-1003.job
- c:\program files\Skillbrains\Updater\Updater.exe [2011-04-07 20:09]
.
2011-08-22 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2011-04-07 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
FF - ProfilePath - c:\documents and settings\MISA\Application Data\Mozilla\Firefox\Profiles\sxvasza2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ChatVibes Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-08-22 18:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
cacaoweb = "c:\program files\cacaoweb\cacaoweb.exe" -noplayer?abled:cacaoweb?es??????????????????R?????????????\?R???R???????????R???R????|@??|????????????????( ??????Service Pack 3?????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1214440339-1580436667-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f9,3c,0d,53,60,0d,fd,64,8f,46,ea,ff,07,81,80,ed,2a,2e,04,50,8a,ed,41,
2e,b9,39,38,52,72,ad,b6,64,15,7a,2b,34,d8,a0,17,99,cf,59,46,45,dc,13,d0,0f,\
"??"=hex:74,c6,c3,61,75,60,5e,94,14,1f,86,28,72,f5,79,33
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3332)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\MISA\Local Settings\Application Data\Skillbrains\lightshot\1.4.0.0\LightShot.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2011-08-22 18:38:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-22 16:38
ComboFix2.txt 2011-08-22 01:37
.
Pre-Run: 50,779,332,608 bytes free
Post-Run: 50,763,890,688 bytes free
.
- - End Of File - - E6B05F8C47B06E24D81193B12B417B42
|
|
|
|
|
|
|
|
|
Poslao: 25 Avg 2011 13:43
|
offline
- llass
- Novi MyCity građanin
- Pridružio: 22 Avg 2011
- Poruke: 5
|
Instalirao sam appremover i odradio sve prema uputstvu ali nije uspeo da pronadje ostatke avire.
ComboFix 11-08-24.06 - MISA 08/25/2011 11:24:14.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.191 [GMT 2:00]
Running from: c:\documents and settings\MISA\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MISA\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\MISA\Application Data\cacaoweb
c:\documents and settings\MISA\Application Data\cacaoweb\npdfile.dat
c:\documents and settings\MISA\Application Data\cacaoweb\replicating488311975D568C4834FDFBDD155963EF.cacao
c:\documents and settings\MISA\Application Data\cacaoweb\storage.db
c:\documents and settings\MISA\Application Data\PriceGong
c:\documents and settings\MISA\Application Data\PriceGong\Data\1.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\a.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\b.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\c.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\d.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\e.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\f.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\g.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\h.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\i.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\J.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\k.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\l.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\m.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\n.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\o.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\p.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\q.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\r.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\s.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\t.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\u.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\v.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\w.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\x.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\y.xml
c:\documents and settings\MISA\Application Data\PriceGong\Data\z.xml
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-25 09:38 . 2011-08-25 09:39 -------- d-----w- c:\documents and settings\MISA\Application Data\cacaoweb
2011-08-21 22:07 . 2011-08-21 22:07 -------- d-----w- c:\documents and settings\MISA\Application Data\Malwarebytes
2011-08-21 22:07 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-21 22:07 . 2011-08-21 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-21 22:07 . 2011-08-21 22:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-21 22:07 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-21 17:48 . 2011-08-21 17:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-08-21 17:48 . 2011-08-21 17:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\YouTube Downloader
2011-08-21 12:47 . 2011-08-21 12:47 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-08-21 12:45 . 2011-08-21 12:58 246272 ----a-w- c:\windows\unrar.exe
2011-08-20 16:05 . 2011-08-20 16:05 -------- d-----w- c:\program files\ChatVibes Toolbar
2011-08-20 12:29 . 2011-08-20 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\YouTube Downloader
2011-08-20 12:28 . 2011-08-20 12:29 -------- d-----w- c:\program files\YouTube Downloader
2011-08-18 01:54 . 2011-08-18 01:57 -------- d-----w- c:\program files\Allmyapps
2011-08-10 19:12 . 2011-08-16 21:52 -------- d-----w- c:\program files\Fortune Poker
2011-08-08 16:25 . 2011-08-08 16:45 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2011-08-08 16:25 . 2011-08-08 16:36 -------- d-----w- c:\program files\W3i, LLC
2011-07-26 14:13 . 2011-07-26 14:25 -------- d-----w- c:\documents and settings\MISA\Application Data\UBNet
2011-07-26 14:13 . 2011-07-26 14:13 -------- d-----w- c:\program files\UBNet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-21 12:44 . 2011-07-11 10:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 16:25 . 2011-08-08 16:25 118784 ----a-w- c:\windows\web\Wallpaper\Living Waterfalls Wallpaper #1 dir\uninstall.exe
2011-08-21 06:52 . 2011-04-30 19:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-22_01.31.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-25 09:37 . 2011-08-25 09:37 16384 c:\windows\Temp\Perflib_Perfdata_224.dat
+ 2001-08-23 11:00 . 2011-08-25 08:52 84310 c:\windows\system32\perfc009.dat
- 2001-08-23 11:00 . 2011-08-22 01:08 84310 c:\windows\system32\perfc009.dat
+ 2001-08-23 11:00 . 2011-08-25 08:52 495848 c:\windows\system32\perfh009.dat
- 2001-08-23 11:00 . 2011-08-22 01:08 495848 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\prxtb4sh2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2011-01-17 14:54 175912 ----a-w- c:\program files\4shared.com\prxtb4sh2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51 919408 ----a-w- c:\program files\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\prxtb4sh2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\program files\4shared.com\prxtb4sh2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"cacaoweb"="c:\program files\cacaoweb\cacaoweb.exe" [2011-08-23 399600]
"LightShot"="c:\documents and settings\MISA\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe" [2010-01-02 195072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-24 274608]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2010-12-07 608760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.189\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\cacaoweb\\cacaoweb.exe"=
"c:\\Program Files\\B2BPOKER\\Club4aces\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"d:\\MUZIKA\\P AKSENTIJEVIC\\VideoToMp3Setup.exe"=
"c:\\Program Files\\24hPoker\\pokerclient\\24hPoker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Cake Poker 2.0\\PokerClient.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
"4100:UDP"= 4100:UDP:uPNP Router Control Port
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/20/2011 2:59 PM 639224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/22/2011 12:07 AM 366640]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [3/13/2009 6:50 AM 65536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/22/2011 12:07 AM 22712]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 4:53 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 4:53 PM 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1/4/2011 5:24 PM 100480]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.189\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.189\McCHSvc.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 14:53]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 14:53]
.
2011-08-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-1580436667-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-1580436667-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-08-24 c:\windows\Tasks\update-S-1-5-21-1214440339-1580436667-1417001333-1003.job
- c:\program files\Skillbrains\Updater\Updater.exe [2011-04-07 20:09]
.
2011-08-24 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2011-04-07 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: raiffeisenbank.rs\rol
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
FF - ProfilePath - c:\documents and settings\MISA\Application Data\Mozilla\Firefox\Profiles\sxvasza2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ChatVibes Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-08-25 11:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
cacaoweb = "c:\program files\cacaoweb\cacaoweb.exe" -noplayer?abled:cacaoweb?es??????????????????R?????????????\?R???R???????????R???R????|@??|????????????????( ??????Service Pack 3?????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1214440339-1580436667-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f9,3c,0d,53,60,0d,fd,64,8f,46,ea,ff,07,81,80,ed,2a,2e,04,50,8a,ed,41,
2e,b9,39,38,52,72,ad,b6,64,15,7a,2b,34,d8,a0,17,99,cf,59,46,45,dc,13,d0,0f,\
"??"=hex:74,c6,c3,61,75,60,5e,94,14,1f,86,28,72,f5,79,33
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3884)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\documents and settings\MISA\Local Settings\Application Data\Skillbrains\lightshot\1.4.0.0\LightShot.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-08-25 11:44:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-25 09:44
ComboFix2.txt 2011-08-22 16:38
ComboFix3.txt 2011-08-22 01:37
.
Pre-Run: 50,753,011,712 bytes free
Post-Run: 50,906,619,904 bytes free
.
- - End Of File - - 1E748F6907152E8BA525369EF13A1A1B
Ovo je log file nakon skeniranja malwerbytes-om. Ja njega vec imam instaliranog na kompjuteru. Kada sam radio prvo skeniranje pronasao je preko 130 inficiranih fajlova.
Malwarebytes' Anti-Malware 1.51.1.1800
malwarebytes.org
Database version: 7543
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/25/2011 11:54:12 AM
mbam-log-2011-08-25 (11-54-12).txt
Scan type: Quick scan
Objects scanned: 170980
Time elapsed: 4 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
|
|
|
|
|
|
|
Poslao: 25 Avg 2011 18:39
|
offline
- NIx Car
- Legendarni građanin
- Més que un club
- Glavni vokal @ Harpun
- Pridružio: 27 Feb 2009
- Poruke: 3898
- Gde živiš: Novi Sad,Klisa
|
Posto nemas nijedan anti virus na racunaru,bilo bi pozeljno da instaliras neki Od komercijalnih npr. NOD,Kaspersky,Norton naravno pod uslovom da imas licencu ili od besplatnih tipa Avast,Avira,MSE,Panda Cloud.
Kakvo je stanje racunara?
NIx Car (AMF Tim)
|
|
|
|
|
|
|
Poslao: 25 Avg 2011 22:54
|
offline
- llass
- Novi MyCity građanin
- Pridružio: 22 Avg 2011
- Poruke: 5
|
Pa prilicno dobro uzevsi sve u obzir  . Koristio sam aviru sve dok je ovaj hi trojanac nije ubio. Instaliracu je ponovo. Ranije sam koristio avast ali je cini mi se suvise zahtevan za ovu konfiguraciju.
|
|
|
|
|
|
