MyCity » Ambulanta -> Arhiva Ambulante » provera ostatka malware

provera ostatka malware

Napisano na dan: 24.6.2012

Strana:
1
2
3

provera ostatka malware

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

sasakg Poslao: 24 Jun 2012 13:14 Idi na vrh
offline sasakg Građanin Pridružio: 22 Apr 2003 Poruke: 94 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo mene iz normal moda da proverimo da li ima ostataka neke gamadi po preporuci Stewdze. Deinstalirao sam NOD koji mi je zakucavao komp i Tuneup koji je imao neki bag. 1 .Sad nemam ni jedan antivirus ( koji da stavim, a da bude free, nemam trenutno para za to planinarenje ) 2. Koji program cisti sve sto mi je ostalo od silnih install i uninstall ? 3. Moracu da stavim i neki firewall preko koga cu videti sta mi trazi iz kompa izlaz na net. Kako da krenemo u proveru ?

Profil

Sass Drake Poslao: 24 Jun 2012 13:16 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovako: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

sasakg Poslao: 24 Jun 2012 14:01 Idi na vrh
offline sasakg Građanin Pridružio: 22 Apr 2003 Poruke: 94 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Imao sam neki Rootkit.Win32.Agent.cwiy ( po Kasperskom virus removal toll smesten u C:/windows/system32/drivers/4233dcaf9c94b2f3.sys) po Hitmen pro ( trojan.Generic.KDV.535853 -Engine A ili Trojan.NtRootKit.13118) sto ce reci po meni laiku sve jedan isti koji mi nije dozvoljavao da instaliram nikakav antivirus, a sve ostalo je radilo normalno i svako skeniranje sa Malwarebytes i Spybot ga nije videlo, tek ga je Hitman uklonio. Instalirao sam privremeno i Sophos virus removal toll koji je nasao Malware cleaman -B i obrisao ( ako sam dobro zapisao ) i upozorio me na wuauclt.exe u system32 kao mogucu pretnju. Sve sam uninstall, sada imam samo Malwarebytes i Spybot. Gmer1 ne mogu da zakacim, kaze da je vece od 5mb, a ja koliko vidim prazan log u notepad. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33 Run by Korisnik at 13:28:33 on 2012-06-24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.873 [GMT 2:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [snpstd3] c:\windows\vsnpstd3.exe mRun: [tsnpstd3] c:\windows\tsnpstd3.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2888ECD6-B3A2-4DBC-9035-8ABFB604D513} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6B8B9ADA-F9C7-41A0-A6C5-A71D043780AF} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{717FADF5-250B-449A-871D-C3FDA8F0E47F} : NameServer = 192.168.10.254 TCP: Interfaces\{E60213EF-8312-48CA-A00A-61B4576B5F22} : DhcpNameServer = 192.168.1.1 192.168.10.254 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\korisnik\application data\mozilla\firefox\profiles\6k35gotf.default\ FF - prefs.js: browser.search.selectedEngine - WOT Safe Search FF - prefs.js: browser.startup.homepage - google.com FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=050412_30b FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 2c6b69e9000000000000b0487a83b857 FF - user.js: extensions.BabylonToolbar_i.hardId - 2c6b69e9000000000000b0487a83b857 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15444 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:24:33 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . ============= SERVICES / DRIVERS =============== . R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-7 654408] R3 ip100xp;TP-LINK 10/100Mbps PCI Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2012-2-6 26752] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-7 22344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 250056] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2012-4-1 20032] S3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-6-23 27424] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 113120] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2012-4-1 98432] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-06-24 10:55:50 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-23 17:10:56 29504 ----a-w- c:\windows\system32\uxt4.tmp 2012-06-23 15:52:08 -------- d-----w- c:\documents and settings\korisnik\local settings\application data\ESET 2012-06-23 13:16:14 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2012-06-23 13:16:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2012-06-23 13:16:14 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-06-23 13:16:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-06-23 13:16:13 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-06-23 13:16:13 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-23 13:16:13 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll 2012-06-23 13:12:10 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-06-23 13:12:10 3072 ------w- c:\windows\system32\iacenc.dll 2012-06-23 13:04:07 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys 2012-06-23 13:03:37 -------- d-----w- c:\program files\HitmanPro 2012-06-23 13:03:26 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro 2012-06-23 12:15:14 -------- d-----w- c:\documents and settings\all users\application data\Sophos 2012-06-08 15:22:15 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-06-08 15:22:15 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll . ==================== Find3M ==================== . 2012-06-24 10:55:44 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-24 10:55:44 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-23 15:12:17 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-23 15:12:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-02 13:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 16:33:15 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-09 17:25:23 54016 ----a-w- c:\windows\system32\drivers\bits.sys 2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 13:28:43,45 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

Sass Drake Poslao: 24 Jun 2012 14:05 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zapakuj GMER 1 izvještaj u ZIP, RAR ili 7Z arhivu i pokušaj opet da ga upload-uješ.

Profil

sasakg Poslao: 24 Jun 2012 14:18 Idi na vrh
offline sasakg Građanin Pridružio: 22 Apr 2003 Poruke: 94 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo ga mycity.rs/must-login.png

Profil

Sass Drake Poslao: 24 Jun 2012 14:24 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: sasakg ::Evo ga https://www.mycity.rs/must-login.png Fajl je prazan. U uputstvu za otvaranje teme imaš postupak za RootRepeal, pa postavi njegov izvještaj.

Profil

sasakg Poslao: 24 Jun 2012 14:35 Idi na vrh
offline sasakg Građanin Pridružio: 22 Apr 2003 Poruke: 94 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Uradjeno. mycity.rs/must-login.png

Profil

Sass Drake Poslao: 24 Jun 2012 15:12 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	1Ovo se svidja korisniku: TwinHeadedEagle Registruj se da bi pohvalio/la poruku! U toku riješavanja slučaja, zamolio bih te da se pridržavaš sljedećeg: Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamjenjivati) i raditi isključivo po njima; Ne tražiti istovremeno pomoć na drugom mjestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo; U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio; Ukoliko ne odgovorim u roku od 48h, osvježi temu novim post-om; Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj. Za više informacija o pravilima Ambulante MyCity foruma: LINK Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:provjeriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obilježeni tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.

Profil

sasakg Poslao: 24 Jun 2012 15:44 Idi na vrh
offline sasakg Građanin Pridružio: 22 Apr 2003 Poruke: 94 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Negde na pocetku je napisao da ima rootkit.zero, cini mi se..... ComboFix 12-06-23.06 - Korisnik 24.06.2012 15:29:51.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1187 [GMT 2:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe c:\windows\$NtUninstallKB17798$ c:\windows\$NtUninstallKB17798$\54133483 c:\windows\system32\muzapp.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 ))))))))))))))))))))))))))))))) . . 2012-06-24 12:58 . 2012-06-24 12:58 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Temp 2012-06-24 10:55 . 2012-06-24 10:55 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-24 10:55 . 2012-06-24 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2012-06-23 15:52 . 2012-06-23 15:52 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\ESET 2012-06-23 13:16 . 2012-05-11 14:42 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2012-06-23 13:16 . 2012-05-11 14:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2012-06-23 13:16 . 2012-05-11 14:42 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-06-23 13:16 . 2012-05-11 14:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-06-23 13:16 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-23 13:16 . 2012-05-11 14:42 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll 2012-06-23 13:16 . 2012-05-11 14:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-06-23 13:12 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-06-23 13:12 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2012-06-23 13:04 . 2012-06-23 13:11 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys 2012-06-23 13:03 . 2012-06-23 13:03 -------- d-----w- c:\program files\HitmanPro 2012-06-23 13:03 . 2012-06-23 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2012-06-23 12:15 . 2012-06-23 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos 2012-06-08 15:22 . 2012-06-08 15:22 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-08 15:22 . 2012-06-08 15:22 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-24 10:55 . 2012-02-28 18:55 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-24 10:55 . 2012-02-07 19:36 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-23 15:12 . 2012-04-17 16:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 15:12 . 2012-02-06 11:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 13:19 . 2009-08-06 18:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2007-10-29 09:43 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2007-10-29 09:43 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2007-10-29 09:43 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2007-10-29 09:43 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2007-10-29 09:43 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2004-08-04 01:07 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2009-08-06 18:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2007-10-29 09:43 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2007-10-29 09:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-05-31 13:22 . 2004-08-04 01:07 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08 . 2004-08-04 01:07 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 16:33 . 2012-05-15 16:33 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-05-15 16:33 . 2012-05-15 16:33 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-05-15 13:20 . 2004-08-04 01:07 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42 . 2004-08-04 01:07 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2004-08-04 01:07 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2004-08-04 01:07 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:16 . 2004-08-04 01:07 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2007-10-29 09:41 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-09 17:25 . 2012-04-09 17:25 54016 ----a-w- c:\windows\system32\drivers\bits.sys 2012-04-04 13:56 . 2012-02-07 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-16 11:35 . 2012-05-13 10:09 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2009-06-30 339968] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0????????? ???????? . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-09 10:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR] 2012-04-01 11:46 21416 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-08-08 07:25 1828136 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "KiesHelper"=c:\program files\Samsung\Kies\KiesHelper.exe /s "KiesPDLR"=c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "High Definition Audio Property Page Shortcut"=HDAShCut.exe "KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.2.2012 21:56 654408] R3 ip100xp;TP-LINK 10/100Mbps PCI Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [6.2.2012 15:03 26752] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.2.2012 21:56 22344] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 09:16 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [17.4.2012 18:51 250056] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [1.4.2012 13:42 20032] S3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [23.6.2012 15:04 27424] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27.4.2012 22:58 113120] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [1.4.2012 14:01 98432] . Contents of the 'Scheduled Tasks' folder . 2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 15:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{717FADF5-250B-449A-871D-C3FDA8F0E47F}: NameServer = 192.168.10.254 FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\6k35gotf.default\ FF - prefs.js: browser.search.selectedEngine - WOT Safe Search FF - prefs.js: browser.startup.homepage - google.com FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=050412_30b FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 2c6b69e9000000000000b0487a83b857 FF - user.js: extensions.BabylonToolbar_i.hardId - 2c6b69e9000000000000b0487a83b857 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15444 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:24 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe MSConfigStartUp-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2012-06-24 15:34 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(728) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(2008) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2012-06-24 15:37:25 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-24 13:37 . Pre-Run: 3.671.891.968 bytes free Post-Run: 3.741.593.600 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer . - - End Of File - - 78209412DE9B813EBE091E8EAC938D23

Profil

Sass Drake Poslao: 24 Jun 2012 17:02 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Otvoriti Notepad i iskopirati sljedeći tekst: Registry:: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] "BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,\ 00,00 Firefox:: FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\6k35gotf.default\ FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=050412_30b FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 2c6b69e9000000000000b0487a83b857 FF - user.js: extensions.BabylonToolbar_i.hardId - 2c6b69e9000000000000b0487a83b857 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15444 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:24 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sljedećoj poruci log koji bude bio napravljen na kraju čišćenja/skeniranja. Korak 2 Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder: C:\Qoobox\Quarantine i pošalji ga preko sljedećeg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

MyCity » Ambulanta -> Arhiva Ambulante » provera ostatka malware

Ko je trenutno na forumu

Ukupno su 1106 korisnika na forumu :: 51 registrovanih, 5 sakrivenih i 1050 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., atmel, Atomski čoban, babaroga, bojank, BORUTUS, darkojbn, debeli, djboj, doklevise, DonRumataEstorski, flash12, FOX, gmlale, goxin, havoc995, HrcAk47, Ilija Cvorovic, JimmyNapoli, Karla, Kubovac, kunktator, Leonov, Magistar78, MaksicZoran, Marko Marković, MB120mm, Mi lao shu, mile09, Milometer, mkukoleca, Ne doznajem se u oružje, nuke92, Oscar, panzerwaffe, Parker, RJ, robert1979, ruger357, sasa76, sasakrajina, slonic_tonic, Smiljke, Stefan M, Sumadija34, Vlada1389, wolverined4, zdrebac, zziko, Živković

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by