MyCity » Ambulanta -> Arhiva Ambulante » prekid interneta zbog msodesnv7 aplikacije i cfdrive32.exe

prekid interneta zbog msodesnv7 aplikacije i cfdrive32.exe

Napisano na dan: 17.9.2010

Strana:
1
2

prekid interneta zbog msodesnv7 aplikacije i cfdrive32.exe

Sledeća strana

Pagination

Odgovori

Strana:
1
2

backatopola Poslao: 17 Sep 2010 12:46 Idi na vrh
offline backatopola Građanin Pridružio: 29 Nov 2009 Poruke: 77	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 17 Sep 2010 12:43 Pozdrav, od juce mi se desava da mi se prekida internet, sa Malwarebytes' Anti-Malware mi prikazuje HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msodesnv7 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. Inficirani podaci u registru: (Maliciozne stavke nisu pronađene) Inficirane fascikle: (Maliciozne stavke nisu pronađene) Inficirane datoteke: C:\WINDOWS\system32\msvmiode.exe (Trojan.FakeAlert.H) -> Delete on reboot. C:\RECYCLER\S-1-5-21-4456262612-4903033749-606910049-5773\syscr.exe --------------------------------------------------------------------- Odem u safe mode i obrisem a on se vraca kasnije! Sa HijackThis isto analiziram, O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe Cekiram cfdrive32.exe na dva mesta i opet se pojavljuju nakon gasenja kompa! Koristim 32-bitni Windows i kablovski internet DDS sam skinuo i samo se nakratko otvori i ugasi Sa Gmerom sam napravio nadam se sve kako pise u uputstvu Unapred hvala! mycity.rs/must-login.png Dopuna: 17 Sep 2010 12:46 Gmer text.file mycity.rs/must-login.png mycity.rs/must-login.png Gmer1 nemogu nikako okacit jel dobijam odgovor da je fail prevelik?????

Profil

diarno Poslao: 17 Sep 2010 13:00 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! E ovako s obzirom da si sklon koriscenju AM alata imaj na umu sledece : U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK Procitao? Ok Idemo dalje : Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

backatopola Poslao: 17 Sep 2010 13:31 Idi na vrh
offline backatopola Građanin Pridružio: 29 Nov 2009 Poruke: 77	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 17 Sep 2010 13:28 Evo comboFif mycity.rs/must-login.png Dopuna: 17 Sep 2010 13:31 ComboFix 10-09-16.05 - KOKI 17.09.2010 13:16:22.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.511.153 [GMT 2:00] Running from: d:\my documents\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\KOKI\Application Data\ltzqai.exe c:\windows\cfdrive32.exe c:\windows\system32\84.exe . ((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 ))))))))))))))))))))))))))))))) . 2010-09-04 12:22 . 2010-09-04 12:22 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-31 12:52 . 2010-08-31 12:52 -------- d-----w- c:\documents and settings\Administrator.KOKI-1CCE0A537D\Application Data\Malwarebytes 2010-08-19 17:57 . 2010-08-19 17:57 -------- d-----w- c:\documents and settings\KOKI\Local Settings\Application Data\Help 2010-08-19 16:14 . 2010-08-19 17:52 -------- d-----w- c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender 2010-08-19 16:14 . 2010-08-19 16:12 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys 2010-08-19 16:13 . 2010-08-19 16:13 -------- d-----w- c:\program files\Common Files\Authentium 2010-08-19 16:03 . 2010-08-19 16:03 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-08-19 12:07 . 2008-09-10 17:58 270336 ----a-w- c:\windows\system32\CMRMDRV3.exe 2010-08-19 11:54 . 2008-09-11 10:10 278528 ----a-w- c:\windows\CmiPCIUninstall.exe 2010-08-19 11:54 . 2010-08-19 12:06 -------- d-----w- c:\program files\C-Media PCI Audio Device 2010-08-19 11:54 . 2009-03-18 10:34 1512960 ----a-w- c:\windows\system32\drivers\cmudax3.sys 2010-08-19 11:39 . 2010-08-19 11:39 -------- d-----w- c:\program files\Common Files\Java 2010-08-19 11:31 . 2010-08-19 11:31 -------- d-----w- c:\windows\system32\wbem\Repository 2010-08-18 11:37 . 2010-08-19 11:29 -------- d-----w- c:\program files\TextEdit . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-16 21:21 . 2010-03-27 12:36 -------- d-----w- c:\documents and settings\KOKI\Application Data\Skype 2010-09-16 15:25 . 2010-03-27 12:42 -------- d-----w- c:\documents and settings\KOKI\Application Data\skypePM 2010-08-19 11:53 . 2010-03-27 16:57 -------- d-----w- c:\program files\Common Files\InstallShield 2010-08-19 11:39 . 2010-05-30 22:56 -------- d-----w- c:\program files\Java 2010-08-19 11:31 . 2010-08-06 11:35 -------- d-----w- c:\documents and settings\KOKI\Application Data\vlc 2010-08-02 11:28 . 2010-03-28 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth 2010-07-17 03:00 . 2010-05-30 22:56 423656 ----a-w- c:\windows\system32\deployJava1.dll . ------- Sigcheck ------- [-] 2006-02-25 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- d:\program files\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 1999-12-31 22:00 155648 ----a-r- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-04-06 00:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\Program Files\\Blutut\\BlueSoleil.exe"= "d:\\Program Files\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.3.2010 20:08 135336] R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [8.4.2010 16:46 117288] R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [8.4.2010 16:46 117288] R2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [8.4.2010 16:46 154152] S3 Asfsdirv;Asfsdirv; [x] --- Other Services/Drivers In Memory --- NewlyCreated - KGLOYFOD Deregistered - kgloyfod . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\KOKI\Application Data\Mozilla\Firefox\Profiles\x3kgijhn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: d:\program files\Reader\browser\nppdf32.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . - - - - ORPHANS REMOVED - - - - WebBrowser-{DD662A0C-12FE-4B38-BA53-247F7EC82F46} - (no file) HKLM-Run-CmPCIaudio - CMICNFG3.cpl MSConfigStartUp-CyberDefender Early Detection Center - c:\program files\CyberDefender\AntiSpyware\_cdasd1.exe MSConfigStartUp-Microsoft Driver Setup - c:\windows\system32\xfgnl.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-09-17 13:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2010-09-17 13:21:58 ComboFix-quarantined-files.txt 2010-09-17 11:21 Pre-Run: 16.231.170.048 bytes free Post-Run: 16.335.978.496 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - BE395C421E4A4E4DE9F3853FD984C4A7

Profil

diarno Poslao: 17 Sep 2010 14:49 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Deinstaliraj Authentium AntiVirus5.

Profil

backatopola Poslao: 17 Sep 2010 15:08 Idi na vrh
offline backatopola Građanin Pridružio: 29 Nov 2009 Poruke: 77	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 17 Sep 2010 14:57 Kada ga deinstaliram, šta da onda radim? Dopuna: 17 Sep 2010 15:08 Deinstaliro sam ga!

Profil

diarno Poslao: 17 Sep 2010 15:28 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\drivers\CDAVFS.sys Folder:: c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender Driver:: Asfsdirv` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

backatopola Poslao: 17 Sep 2010 15:44 Idi na vrh
offline backatopola Građanin Pridružio: 29 Nov 2009 Poruke: 77	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-09-16.06 - KOKI 17.09.2010 15:37:45.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.511.317 [GMT 2:00] Running from: c:\documents and settings\KOKI\Desktop\ComboFix.exe AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 ))))))))))))))))))))))))))))))) . 2010-09-04 12:22 . 2010-09-04 12:22 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-31 12:52 . 2010-08-31 12:52 -------- d-----w- c:\documents and settings\Administrator.KOKI-1CCE0A537D\Application Data\Malwarebytes 2010-08-19 17:57 . 2010-08-19 17:57 -------- d-----w- c:\documents and settings\KOKI\Local Settings\Application Data\Help 2010-08-19 16:14 . 2010-08-19 17:52 -------- d-----w- c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender 2010-08-19 16:14 . 2010-08-19 16:12 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys 2010-08-19 16:13 . 2010-09-17 13:05 -------- d-----w- c:\program files\Common Files\Authentium 2010-08-19 16:03 . 2010-08-19 16:03 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-08-19 12:07 . 2008-09-10 17:58 270336 ----a-w- c:\windows\system32\CMRMDRV3.exe 2010-08-19 11:54 . 2008-09-11 10:10 278528 ----a-w- c:\windows\CmiPCIUninstall.exe 2010-08-19 11:54 . 2010-08-19 12:06 -------- d-----w- c:\program files\C-Media PCI Audio Device 2010-08-19 11:54 . 2009-03-18 10:34 1512960 ----a-w- c:\windows\system32\drivers\cmudax3.sys 2010-08-19 11:39 . 2010-08-19 11:39 -------- d-----w- c:\program files\Common Files\Java 2010-08-19 11:31 . 2010-08-19 11:31 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-16 21:21 . 2010-03-27 12:36 -------- d-----w- c:\documents and settings\KOKI\Application Data\Skype 2010-09-16 15:25 . 2010-03-27 12:42 -------- d-----w- c:\documents and settings\KOKI\Application Data\skypePM 2010-08-19 11:53 . 2010-03-27 16:57 -------- d-----w- c:\program files\Common Files\InstallShield 2010-08-19 11:39 . 2010-05-30 22:56 -------- d-----w- c:\program files\Java 2010-08-19 11:31 . 2010-08-06 11:35 -------- d-----w- c:\documents and settings\KOKI\Application Data\vlc 2010-08-19 11:29 . 2010-08-18 11:37 -------- d-----w- c:\program files\TextEdit 2010-08-02 11:28 . 2010-03-28 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth 2010-07-17 03:00 . 2010-05-30 22:56 423656 ----a-w- c:\windows\system32\deployJava1.dll . ------- Sigcheck ------- [-] 2006-02-25 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2010-09-17_11.20.18 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-17 13:07 . 2010-09-17 13:07 16384 c:\windows\Temp\Perflib_Perfdata_704.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- d:\program files\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 1999-12-31 22:00 155648 ----a-r- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-04-06 00:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\Program Files\\Blutut\\BlueSoleil.exe"= "d:\\Program Files\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.3.2010 20:08 135336] S2 vseamps;vseamps;"c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe" --> c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [?] S2 vsedsps;vsedsps;"c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe" --> c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [?] S2 vseqrts;vseqrts;"c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe" --> c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [?] S3 Asfsdirv;Asfsdirv; [x] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\KOKI\Application Data\Mozilla\Firefox\Profiles\x3kgijhn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: d:\program files\Reader\browser\nppdf32.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-09-17 15:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2152) c:\windows\system32\shdoclc.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll c:\windows\system32\browselc.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll . Completion time: 2010-09-17 15:43:08 ComboFix-quarantined-files.txt 2010-09-17 13:43 ComboFix2.txt 2010-09-17 11:21 Pre-Run: 16.361.943.040 bytes free Post-Run: 16.354.861.056 bytes free - - End Of File - - DBC58B3A4AEFD6CBB794338FF874889A

Profil

diarno Poslao: 17 Sep 2010 16:12 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradi kako sam ti ovde napisao. diarno ::Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\drivers\CDAVFS.sys Folder:: c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender Driver:: Asfsdirv` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

backatopola Poslao: 17 Sep 2010 16:29 Idi na vrh
offline backatopola Građanin Pridružio: 29 Nov 2009 Poruke: 77	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-09-16.06 - KOKI 17.09.2010 16:21:24.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.511.297 [GMT 2:00] Running from: c:\documents and settings\KOKI\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\KOKI\Desktop\CFScript.txt AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\drivers\CDAVFS.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\AWSDLL.DLL c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\cdinstx.exe c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\cdinstx.log c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\gacutil.exe c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Includes\Loading.htm c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Includes\NoItems Index.htm c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Includes\Password Cookie.htm c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Includes\Passwords Index.htm c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Includes\Privacy Index.htm c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\charset.html c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\cookie.html c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\css\intercept_master.css c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\defaultCharset.html c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\form.html c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\frame.html c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\gray.htm c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\green.htm c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_go.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_go_down.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_go_over.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_grey.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_red.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_red_down.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\bt_red_over.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\bttn_grey.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\caution.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\frame.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\intercept_header.jpg c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\logo.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\logo.jpg c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\logo_orange.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\red_bttn.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\red_bttn_down.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\red_bttn_over.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\topbar.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\topbar_orange.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\images\warning.gif c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\popup.html c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\port.html c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\protocol.html c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\red.htm c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\scamalert.htm c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\scamalert.htm1 c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\scamalert.htm3 c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\scamalert.html c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\security.html c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\style.css c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\Scam Alert\yellow.htm c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\ssstbar.ini c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\sssTbarcfg.ini c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\sssTbarSettings.ini c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\sssTbarUpdateHost.ini c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\st.ico c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\stbarpat.dat.03 c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\UserGuide\cybdefstbar.set c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\UserGuide\stbarchk.ini c:\windows\system32\drivers\CDAVFS.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Asfsdirv ((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 ))))))))))))))))))))))))))))))) . 2010-09-04 12:22 . 2010-09-04 12:22 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-31 12:52 . 2010-08-31 12:52 -------- d-----w- c:\documents and settings\Administrator.KOKI-1CCE0A537D\Application Data\Malwarebytes 2010-08-19 17:57 . 2010-08-19 17:57 -------- d-----w- c:\documents and settings\KOKI\Local Settings\Application Data\Help 2010-08-19 16:13 . 2010-09-17 13:05 -------- d-----w- c:\program files\Common Files\Authentium 2010-08-19 16:03 . 2010-08-19 16:03 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-08-19 12:07 . 2008-09-10 17:58 270336 ----a-w- c:\windows\system32\CMRMDRV3.exe 2010-08-19 11:54 . 2008-09-11 10:10 278528 ----a-w- c:\windows\CmiPCIUninstall.exe 2010-08-19 11:54 . 2010-08-19 12:06 -------- d-----w- c:\program files\C-Media PCI Audio Device 2010-08-19 11:54 . 2009-03-18 10:34 1512960 ----a-w- c:\windows\system32\drivers\cmudax3.sys 2010-08-19 11:39 . 2010-08-19 11:39 -------- d-----w- c:\program files\Common Files\Java 2010-08-19 11:31 . 2010-08-19 11:31 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-16 21:21 . 2010-03-27 12:36 -------- d-----w- c:\documents and settings\KOKI\Application Data\Skype 2010-09-16 15:25 . 2010-03-27 12:42 -------- d-----w- c:\documents and settings\KOKI\Application Data\skypePM 2010-08-19 11:53 . 2010-03-27 16:57 -------- d-----w- c:\program files\Common Files\InstallShield 2010-08-19 11:39 . 2010-05-30 22:56 -------- d-----w- c:\program files\Java 2010-08-19 11:31 . 2010-08-06 11:35 -------- d-----w- c:\documents and settings\KOKI\Application Data\vlc 2010-08-19 11:29 . 2010-08-18 11:37 -------- d-----w- c:\program files\TextEdit 2010-08-02 11:28 . 2010-03-28 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth 2010-07-17 03:00 . 2010-05-30 22:56 423656 ----a-w- c:\windows\system32\deployJava1.dll . ------- Sigcheck ------- [-] 2006-02-25 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2010-09-17_11.20.18 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-17 14:26 . 2010-09-17 14:26 16384 c:\windows\Temp\Perflib_Perfdata_428.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- d:\program files\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 1999-12-31 22:00 155648 ----a-r- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-04-06 00:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\Program Files\\Blutut\\BlueSoleil.exe"= "d:\\Program Files\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.3.2010 20:08 135336] S2 vseamps;vseamps;"c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe" --> c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [?] S2 vsedsps;vsedsps;"c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe" --> c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [?] S2 vseqrts;vseqrts;"c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe" --> c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [?] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\KOKI\Application Data\Mozilla\Firefox\Profiles\x3kgijhn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: d:\program files\Reader\browser\nppdf32.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . - - - - ORPHANS REMOVED - - - - AddRemove-{83682B4C-B98C-4BEB-97CC-8EAD2AF9E4C6} - c:\documents and settings\KOKI\Local Settings\Application Data\CyberDefender\cdinstx.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-09-17 16:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\rundll32.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2010-09-17 16:28:48 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-17 14:28 ComboFix2.txt 2010-09-17 13:43 ComboFix3.txt 2010-09-17 11:21 Pre-Run: 16.358.686.720 bytes free Post-Run: 16.303.734.784 bytes free - - End Of File - - 2BE7CAFD7D80350AE39744474A57480C

Profil

diarno Poslao: 17 Sep 2010 16:31 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje racunara?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » prekid interneta zbog msodesnv7 aplikacije i cfdrive32.exe

Ko je trenutno na forumu

Ukupno su 1086 korisnika na forumu :: 35 registrovanih, 5 sakrivenih i 1046 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: anbeast, Apok, bladesu, bokisha253, Darko8, debeli, DejanSt, DonRumataEstorski, dule10savic, FileFinder, GandorCC, Georgius, HrcAk47, Ilija Cvorovic, krkalon, lord sir giga, Metanoja, Milos ZA, milos.cbr, milutin134, nenad81, Nikolaa11, NoOneEver Dreams, raptorsi, Shinobi, Srki94, Srle993, tubular, vathra, vladetije, vukdra, ZetaMan, zixmix, |_MeD_|, žeks62

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by