problem sa ucitawanjem facebook - a

2

problem sa ucitawanjem facebook - a

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Jos uvek nemoj prikljucivati USB memorijske uredjaje!!!





Arrow Korak 1

Na racunaru imas ostatke AVG anti-virusa.
Preuzmi AVG Remover (32-bit);
Startuj racunar u Safe mode i tamo pokreni AVG Remover alat.



Arrow Korak 2

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\unrar.exe

Folder::
c:\users\Administrator\Application Data\dwm
c:\windows\ufa
c:\windows\rpcminer
c:\windows\phoenix
c:\windows\update.3
c:\windows\av_ico
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0-lnk

Firefox::
FF - ProfilePath - c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\jm2qpstb.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=grupo


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Arrow Korak 3

Nemas instaliran antivirus na racunaru. Obavezno instaliraj jedan.
Moj predlog ti je da instaliras i koristis neku besplatnu varijantu (ukoliko nemas regularno nabavljenu licencu za komercijalni AV) tipa: Avast, Avira, Panda Cloud, Microsoft Security Essentials. Ukoliko ti treba link za download nekog AV-a, javi za koji si se odlucio i ja cu ti ostaviti link u sledecoj poruci.










goran9888 (AMF Tim)

offline
  • Pridružio: 19 Jul 2011
  • Poruke: 22

Napisano: 20 Jul 2011 16:29

Pokusao sam da pokrenem ''safe mode'' i ''safe mode with networing'' i nece, lap-top iz mog nepoznatog razloga neprihwata tu opciju... pokusawao sam nekoliko puta i bez uspeha.... sta da radim po tom pitanju, da li da pokrenem AVG remover u '' windows normaly? ''

Dopuna: 20 Jul 2011 16:32

i kako uopste da snimim iz notepad-a kao ''cfc script''

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Vezano za Safe mode, kako ne prihvata tu opciju?
Dok se racunar pali odmah pritiskaj F8 (brzo, non-stop) dok se ne pojavi crna pozadina sa belim slovima. Tu bi trebalo prva opcija da bude Safe mode (izaberi je, strelicom na gore dodjes do nje i pritisnes Enter). To izgleda ovako:



Tek ukoliko ne uspes da pokrenes racunar u Safe mode-u, pokreni AVG Remover iz Normal mode-a Windows-a.






Notepad pokreces ovako:
Start -> Run -> Notepad

Prekopiras kod iz skripte koju sam postavio u prethodnoj poruci;
Ides na File -> Save as (otvorice se prozor u kome biras gde da snimis skriptu);
Za lokaciju izaberi Desktop a za naziv fajla ukucaj CFScript.

Slikovit primer:








goran9888 (AMF Tim)

offline
  • Pridružio: 19 Jul 2011
  • Poruke: 22

Napisano: 20 Jul 2011 17:13

jos da dodam da mi se u donjem desnom uglu pojawljuje non - stop ikonica za ''automatic update'' - - - sta da radim po tom pitanju ''on'' ili ''off''

Dopuna: 20 Jul 2011 17:19

mycity.rs/must-login.png

Dopuna: 20 Jul 2011 17:24

ok- - - - a sta da radim po pitanju te modifikacije?

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Jesi li instalirao Anti-Virus? Ukoliko nisi, instaliraj ga obavezno.
Nakon sto ga instaliras pre pokretanja ComboFix-a potrebno je da iskljucis njegovu real-time zastitu. U zavisnosti od AV-a koji budes instalirao, deaktiviraj ga pre pokretanja CF-a: http://www.mycity.rs/Uputstva/Iskljucivanje-zastitnog-softvera.html






Arrow Korak 1

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
c:\program files\Common Files\Spigot

RegLock::
[HKEY_USERS\S-1-5-21-823518204-1563985344-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
 d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,06,da,ec,fa,a8,d7,46,a3,10,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
 d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,06,da,ec,fa,a8,d7,46,a3,10,40,\


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.





Arrow Korak 2

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).





SrdjanM989\ ::jos da dodam da mi se u donjem desnom uglu pojawljuje non - stop ikonica za \'\'automatic update\'\' - - - sta da radim po tom pitanju \'\'on\'\' ili \'\'off\'\'


Vidi, ti imas modifikovan Windows.
Taj neko ko ti je instalirao Windows, nije ti instalirao originalnu verziju Windows-a vec tu, modifikovanu. U toj modifikovanoj verziji su uklonjene neke stavke koje se nalaze u originalu, iskljuceni su neki servisi, procesi, dodati programi, itd itd ...

To sto ti se pojavljuje u donjem desnom uglu je Automatic Update koji je CF ukljucio. Legitimna stvar koju ima svaki operativni sistem; obavestava te o novim nadogadjama za tvoj OS i nudi mogucnost skidanja i instaliranja istih. Ukoliko budes zeleo, iskljucicemo je kasnije. U svakom slucaju preporucuje se da sistem bude uvek update-ovan pa bi opcija trebala da bude ukljucena.







goran9888 (AMF Tim)

offline
  • Pridružio: 19 Jul 2011
  • Poruke: 22

ComboFix 11-07-19.04 - Administrator 21.07.2011 17:50:39.3.2 - x86
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
.
c:\windows\system32\logonui.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-06-21 to 2011-07-21 )))))))))))))))))))))))))))))))
.
.
2011-11-30 23:28 . 2011-11-30 23:28 -------- d--h--w- c:\users\All Users\Application Data\Common Files
2011-11-30 23:16 . 2011-07-16 23:41 -------- d-----w- c:\users\All Users\Application Data\MFAData
2011-11-13 02:56 . 2011-11-13 02:56 -------- d-----w- c:\users\Administrator\Application Data\Search Settings
2011-11-13 02:56 . 2011-11-13 02:56 -------- d-----w- c:\program files\Application Updater
2011-11-13 02:56 . 2011-11-13 02:56 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-11-13 01:55 . 2011-11-13 01:55 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Corel
2011-11-13 01:55 . 2011-11-13 01:55 -------- d-----w- c:\users\Administrator\Application Data\Corel
2011-11-09 09:03 . 2011-11-09 09:03 -------- d-----w- c:\users\All Users\Application Data\CanonIJ
2011-11-09 08:25 . 2011-11-09 08:25 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Canon Easy-PhotoPrint EX
2011-11-09 08:20 . 2011-11-09 08:20 -------- d-----w- c:\users\All Users\Application Data\CanonEPP
2011-11-09 08:04 . 2011-11-09 08:04 -------- d-----w- c:\program files\Common Files\CANON
2011-11-09 07:57 . 2011-11-09 08:04 -------- d-----w- c:\program files\Canon
2011-07-20 04:14 . 2011-07-20 04:14 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\PCHealth
2011-07-20 04:13 . 2011-07-20 04:13 -------- d-sh--w- c:\users\Administrator\IECompatCache
2011-07-20 04:12 . 2011-07-20 04:12 -------- d-sh--w- c:\users\Administrator\PrivacIE
2011-07-20 04:10 . 2011-07-20 04:10 -------- d-sh--w- c:\users\Administrator\IETldCache
2011-07-20 04:02 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-07-20 04:01 . 2011-04-25 16:11 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-07-20 04:01 . 2011-04-25 16:11 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-20 04:01 . 2011-04-25 16:11 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-20 03:58 . 2011-07-20 04:00 -------- dc-h--w- c:\windows\ie8
2011-07-20 02:37 . 2011-04-25 15:49 78336 ------w- c:\windows\system32\ieencode.dll
2011-07-20 02:37 . 2011-04-25 15:49 78336 ------w- c:\windows\system32\dllcache\ieencode.dll
2011-07-20 02:37 . 2009-06-12 12:31 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
2011-07-20 02:37 . 2009-06-12 12:31 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2011-07-20 02:36 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2011-07-20 02:36 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2011-07-20 02:36 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2011-07-20 02:36 . 2010-11-18 18:12 81920 ------w- c:\windows\system32\dllcache\isign32.dll
2011-07-20 02:36 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-07-20 02:36 . 2010-02-12 04:27 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2011-07-20 02:36 . 2011-03-04 06:37 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2011-07-20 02:36 . 2011-03-04 06:37 420864 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2011-07-20 02:36 . 2010-12-20 17:32 551936 ------w- c:\windows\system32\dllcache\oleaut32.dll
2011-07-20 02:36 . 2009-08-26 08:00 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2011-07-20 02:36 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
2011-07-20 02:35 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-07-20 02:35 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-07-20 02:32 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-07-20 02:32 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-07-20 02:26 . 2008-06-12 14:23 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2011-07-20 02:26 . 2008-06-12 14:23 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2011-07-20 02:26 . 2008-06-12 14:23 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2011-07-20 02:26 . 2008-06-12 14:23 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2011-07-20 02:26 . 2008-06-12 14:23 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2011-07-20 02:25 . 2010-11-09 14:50 253952 ------w- c:\windows\system32\dllcache\odbc32.dll
2011-07-20 02:25 . 2010-11-09 14:50 200704 ------w- c:\windows\system32\dllcache\msadox.dll
2011-07-20 02:25 . 2010-11-09 14:50 180224 ------w- c:\windows\system32\dllcache\msadomd.dll
2011-07-20 02:25 . 2010-11-09 14:50 143360 ------w- c:\windows\system32\dllcache\msadco.dll
2011-07-20 02:25 . 2010-11-09 14:50 102400 ------w- c:\windows\system32\dllcache\msjro.dll
2011-07-20 02:25 . 2009-10-13 10:38 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2011-07-20 02:25 . 2011-02-08 13:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-07-20 02:24 . 2009-11-27 16:07 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2011-07-20 02:24 . 2009-11-27 16:07 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2011-07-20 02:24 . 2009-11-27 16:07 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2011-07-20 02:24 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2011-07-20 02:24 . 2009-11-27 16:07 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2011-07-20 02:24 . 2010-03-05 14:37 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
2011-07-20 02:24 . 2008-12-16 12:30 354304 ------w- c:\windows\system32\dllcache\winhttp.dll
2011-07-20 02:24 . 2011-02-09 13:53 270848 ------w- c:\windows\system32\dllcache\sbe.dll
2011-07-20 02:24 . 2011-02-09 13:53 186880 ------w- c:\windows\system32\dllcache\encdec.dll
2011-07-20 02:24 . 2009-03-21 06:29 991744 ------w- c:\windows\system32\dllcache\kernel32.dll
2011-07-20 02:24 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2011-07-20 02:24 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-07-20 02:23 . 2010-03-29 23:24 317440 ------w- c:\windows\system32\dllcache\mp4sdecd.dll
2011-07-20 02:23 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-07-20 02:23 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-07-20 02:23 . 2009-12-08 09:23 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2011-07-20 02:23 . 2009-06-10 06:17 134144 ------w- c:\windows\system32\dllcache\wkssvc.dll
2011-07-20 02:23 . 2009-04-01 10:02 604160 ------w- c:\windows\system32\dllcache\wmspdmod.dll
2011-07-20 02:23 . 2011-04-26 11:07 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2011-07-20 02:23 . 2011-04-26 11:07 293376 ------w- c:\windows\system32\dllcache\winsrv.dll
2011-07-20 02:23 . 2009-06-09 15:21 2067968 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-07-20 02:22 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-07-20 02:22 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-07-20 02:22 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-07-20 02:22 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2011-07-20 02:22 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-07-20 02:22 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2011-07-20 02:22 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-07-20 02:22 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-07-20 02:22 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2011-07-20 02:22 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-07-20 02:22 . 2009-05-07 15:14 346112 ------w- c:\windows\system32\dllcache\localspl.dll
2011-07-20 02:20 . 2011-01-21 14:44 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2011-07-20 02:19 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-07-20 02:19 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-07-20 02:19 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-07-19 20:32 . 2011-07-19 20:32 -------- d-----w- c:\program files\YouTube Downloader
2011-07-19 20:09 . 2011-07-19 20:09 -------- d-----w- c:\users\All Users\Application Data\Avira
2011-07-17 00:44 . 2011-07-17 12:49 -------- d-----w- c:\windows\system32\NtmsData
2011-07-16 23:46 . 2011-07-16 23:46 -------- d-----w- c:\users\Administrator\Application Data\Sammsoft
2011-07-16 23:03 . 2011-07-16 23:03 -------- d-----w- c:\program files\ATI
2011-07-16 22:57 . 2011-07-16 22:57 -------- d-----w- C:\ATI
2011-07-16 22:56 . 2011-07-16 23:33 -------- d-----w- c:\users\Administrator\Application Data\YouTube Downloader
2011-07-15 00:18 . 2003-09-02 13:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-07-15 00:18 . 2003-09-02 13:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-07-15 00:18 . 2003-09-02 13:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-07-15 00:18 . 2003-09-02 13:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-07-15 00:18 . 2003-09-02 13:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-07-15 00:18 . 2003-09-02 13:23 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-07-15 00:18 . 2011-07-15 00:18 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-07-15 00:18 . 2011-07-15 00:18 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-07-11 23:35 . 2011-07-14 03:14 -------- d-----w- C:\games
2011-07-05 23:43 . 2011-07-05 23:43 -------- d-----w- C:\$AVG
2011-07-01 02:40 . 2011-07-01 02:40 -------- d--h--w- c:\windows\PIF
2011-06-30 23:59 . 2011-07-21 03:23 -------- d-----w- c:\program files\Onda Connection Manager
2011-06-30 23:51 . 2011-06-30 23:51 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:07 . 2009-03-08 09:02 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 10:44 . 2011-05-24 10:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 10:44 . 2011-05-24 10:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 10:43 . 2011-05-24 10:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-02 15:30 . 2009-12-17 05:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:23 . 2009-03-08 09:02 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:47 . 2009-03-08 09:01 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2009-03-08 09:12 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2008-04-14 03:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:11 . 2009-03-08 09:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2009-03-08 09:10 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:11 . 2009-03-08 09:03 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2009-03-08 09:03 385024 ------w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-03-08 . FF267FF1D773BEA5522295E3A79701E9 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\SP3GDR\tcpip.sys
.
[-] 2009-03-08 09:09 . 403EBA8EE2967BA93E07138400972EE3 . 1443840 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2009-03-08 . 3D1ABDC3009D6B7CA7F9E66769C126CA . 568832 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2009-03-08 . 57961D44B5C17BAB6D44C4C13B79429B . 575488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2009-03-08 . E1F5F729264C8AF1D6A95ECD1C8086DD . 1723904 . . [6.00.2900.5634] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . 200EA506B86F7E9E6C37820D2BB5F39B . 210944 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2009-03-08 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot_2011-07-21_04.03.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-21 04:53 . 2011-07-21 04:53 53248 c:\windows\temp\catchme.dll
- 2011-07-21 04:03 . 2011-07-21 04:03 53248 c:\windows\temp\catchme.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD2.dll" [2011-01-17 175912]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoft\prxtbDVD2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD2.dll" [2011-01-17 175912]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\prxtbDVD2.dll" [2011-01-17 175912]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 785520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-05-14 344064]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2007-03-15 32768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-01 1185112]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-03-08 37376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]
"NewUser"="c:\windows\LastXP\NewUser.cmd" [2009-02-18 2375]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\windows\\system32\\sessmgr.exe"=
"d:\\kanter\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R2 ONDA_MW823UP_cpo;ONDA MW823UP Install;c:\windows\system32\DRIVERS\ONDA_MW823UP_cpo.sys [2010-01-27 9728]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [x]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [x]
S0 ahci6xx;ahci6xx; [x]
S0 amdide1;amdide1; [x]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-05-06 393112]
S2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S3 ONDA_MW823UP_cdc_acm;ONDA MW823UP CDC-ACM driver;c:\windows\system32\DRIVERS\ONDA_MW823UP_cdc_acm.sys [2010-01-27 86016]
S3 ONDA_MW823UP_cdc_ecm;ONDA_MW823UP_cdc_ecm;c:\windows\system32\DRIVERS\ONDA_MW823UP_cdc_ecm.sys [2010-01-27 49920]
S3 ONDA_MW823UP_dc_enum;ONDA MW823UP DC Enumerator;c:\windows\system32\DRIVERS\ONDA_MW823UP_dc_enum.sys [2010-01-27 80000]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-29 23:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:56889
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: Interfaces\{225DBB18-2646-4BEF-8224-C6B3EBB431E2}: NameServer = 193.70.152.25 193.70.192.25
TCP: Interfaces\{DB83E9E8-22D7-47F5-94A0-DBD9E03C26BB}: NameServer = 77.105.0.18,77.105.0.19
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\jm2qpstb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18837
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56889
FF - prefs.js: network.proxy.type - 1
FF - Ext: Adblock Filterset.G Updater: filtersetg@updater - c:\program files\Mozilla Firefox\extensions\filtersetg@updater
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - c:\program files\Mozilla Firefox\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - c:\program files\Mozilla Firefox\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\program files\Mozilla Firefox\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - %profile%\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
FF - Ext: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-07-21 17:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1048-)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1104)
c:\windows\system32\setupapi.dll
.
Completion time: 2011-07-21 17:54:49
ComboFix-quarantined-files.txt 2011-07-21 04:54
ComboFix2.txt 2011-07-21 04:04
ComboFix3.txt 2011-07-20 01:43
.
Pre-Run: 1.618.493.440 bytes free
Post-Run: 1.597.456.384 bytes free
.
- - End Of File - - 19BBB70358301EF9116B49F0A67D2778

offline
  • Pridružio: 19 Jul 2011
  • Poruke: 22

Malwarebytes' Anti-Malware 1.51.1.1800
malwarebytes.org

Database version: 7211

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.7.2011 18:11:05
mbam-log-2011-07-21 (18-11-05).txt

Scan type: Quick scan
Objects scanned: 148808
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Zasto nisi instalirao Anti-Virus?
Zamolio bih te da pratis detaljno ono sto ti pisem.



Izvestaj Malwarebytes-a nije celokupan. Fali deo izvestaja.

offline
  • Pridružio: 19 Jul 2011
  • Poruke: 22

Napisano: 20 Jul 2011 18:15

jesam ga instalirao, imam ga na desktop-u i swe ostalo

Dopuna: 20 Jul 2011 18:22

malwarebytes mi je trazio restart lap-topa . . . restartowao sam ga i otowrio izwestaj - - - - izgleda owako

Malwarebytes' Anti-Malware 1.51.1.1800
malwarebytes.org

Database version: 7211

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.7.2011 18:11:05
mbam-log-2011-07-21 (18-11-05).txt

Scan type: Quick scan
Objects scanned: 148808
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow

Koji AV si instalirao?




Arrow

Za zastitu USB memorijskih uredjaja ti predlazem da koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/

Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html



Nakon instaliranja MCShield-a, ubodi jedan po jedan USB memorijski uredjaj; sacekaj da ih MCShield skenira. Kada zavrsi skeniranje zadnjeg uredjaja okaci mi izvestaj pod nazivom: AllScans.txt.

Start -> Run -> %UserProfile%\Application Data\MCShield\AllScans.txt -> Enter


Posalji mi sadrzaj izvestaja koji ce ti se otvoriti u Notepad-u.






goran9888 (AMF Tim)

23 Jul 2011 17:31 1l padr1n0 Zaključavanje topica Razlog: Već je odgovoreno, dalja diskusija nema svrhu  
Ko je trenutno na forumu
 

Ukupno su 1056 korisnika na forumu :: 77 registrovanih, 16 sakrivenih i 963 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ajo baba, arsa, Arsenije, bigfoot, Bobrock1, bojcistv, brundo65, ccoogg123, damirZR, Dannyboy, DARKMEN22, dejoglina, djboj, Dorcolac, dule10savic, Ehinacea, Fog of War, HrcAk47, Istman, ivan1973, JOntra, kokodakalo, Konda, krlebgd77, Krusarac, kybonacci, Leonardo, Leonov, Lošmi, Lubica, Magistar78, mb1213, mikki jons, Miskohd, mushroom, nenad_l, nenooo, nextyamb, novator, ostoja, pandur, Panter, Paor, Parker, pein, peruni, Petarvu, pvoman, radionica1, RiV, ruseskij, S2M, savaskytec, SerbFlippy, Silence, Sirius, solic, sovanova95, Srky Boy, Srle993, Steeeefan, stegonosa, Tas011, Toni, upitnik, vaso1, Vatrogasaccc, Vlada1389, VladaNS1978, vladas87, vladetije, Webb, Yonesky, zlaya011, Zoca, zoranis