Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Zvu cna tra vian re kla ma

[es] :: Zaštita :: Zvu cna tra vian re kla ma
(Zaključana tema (lock), by Goran Mijailovic)
Strane: 1 2

[ Pregleda: 7149 | Odgovora: 28 ] > FB > Twit

Postavi temu

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

peja_s

Član broj: 230405
Poruke: 40
*.teol.net.



Profil

icon Zvu cna tra vian re kla ma01.03.2011. u 12:04 - pre 159 meseci
Nigdje ne mogu da nađem kako riješiti ovaj problem. Često se odjednom uključi ponavlja nekoliko puta reklama:

Code:
http://www.mediafire.com/?knjjqmedyu3r2e6


Da li bi moralo ovdje da registruje taj proces:

Code:
http://www.mediafire.com/?suup19pdf81i1ng


Aktivira se i ako je Fajerfoks isključen.

Zaista je užasno dosadno kad se to često ponavlja.
 
0

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mediaworksit.net.



+89 Profil

icon Re: Zvu cna tra vian re kla ma01.03.2011. u 19:41 - pre 159 meseci
Skini CCleaner i ocisti history files...verovatno se tamo krije nesto sto ti smeta...
Instaliraj Malwarebytes' Anti-Malware i odradi Quick Scan, ukloni sve sto pronadje i obavezno mi dostavi ovde log koji ce ti program izbaciti nakon zavrsetka skeniranja...
Pokreni HijackThis sa desktopa (pre toga ga preimenuj u recimo "34567.exe"), dostavi mi log nakon zavrsenog skeniranja...

CCleaner: http://download.cnet.com/ccleaner/
Malwarebytes' Anti-Malware: http://download.cnet.com/Malwa...ware/3000-8022_4-10804572.html
HijackThis: http://download.cnet.com/Trend...22_4-10227353.html?tag=mncol;1


A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
0

peja_s

Član broj: 230405
Poruke: 40
*.teol.net.



Profil

icon Re: Zvu cna tra vian re kla ma02.03.2011. u 07:19 - pre 159 meseci
Ovo prvo dvoje sam uradio nekoliko puta, nije ništa pomoglo. Malwarebytes' Anti-Malware uvijek nađe nešto troje (meni se čini isto), ali ne znam da li to ima veze s ovim. Mogu ponovo da pokušam.

Napravio sam sad prečicu za HijackThis na radnoj površini i promijenio ime te prečice. Je li tako u redu ili treba nešto drugo? Pokrenuću to kad se sljedeći put aktivira ta reklama.
 
0

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mediaworksit.net.



+89 Profil

icon Re: Zvu cna tra vian re kla ma02.03.2011. u 14:09 - pre 159 meseci
Kada Malwarebytes i HijachThis zavrse sa skeniranjem izbace ti log u Notepad-u, kopiraj mi sadrzaj tih logova i nalepi ovde da ih vidim...

[Ovu poruku je menjao Aleksandar Maletic dana 02.03.2011. u 17:32 GMT+1]
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
0

peja_s

Član broj: 230405
Poruke: 40
*.teol.net.



Profil

icon Re: Zvu cna tra vian re kla ma02.03.2011. u 16:42 - pre 159 meseci
Danas se nije aktivirila ta reklama, bar ja nisam primijetio (možda i jeste kad nisam bio pred računarom). Sad sam skenirao ovo što si rekao, pokrenuo sam Hijack This s radne površine tako kako si rekao. Ali mogu skenirati ponovo kad se aktivira reklama.

Ovo sam skenirao neki dan dok je reklama bila aktivna:

Code:
http://www.mediafire.com/?suup19pdf81i1ng


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5932

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2.3.2011 17:34:32
mbam-log-2011-03-02 (17-34-28).txt

Scan type: Full scan (C:\|)
Objects scanned: 226158
Time elapsed: 38 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:26, on 2.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\User\Desktop\34567.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stripovi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LEC TranslateDotNet Server - Unknown owner - C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6931 bytes
 
0

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mediaworksit.net.



+89 Profil

icon Re: Zvu cna tra vian re kla ma02.03.2011. u 22:24 - pre 159 meseci
Ovako...u zurbi sam napravio jedan mali propust, pisao sam ti uputstvo na brzinu...kada zavrsis scan Malwarebytes-om klikni OK, zatim selektuj sve malware-e koji su detektovani i idi na Remove Selected...tako ces obrisati totalno svu gamad koju MBAM pronadje...ukoliko zatrazi restart, restartuj komp radi efikasnijeg uklanjanja malware-a...
Zatim idi na Start > Control Panel > Add or Remove Programs...obrisi sve toolbar-ove koje si instalirao instalirajuci neki program...vidim da imas recimo Skype Toolbar itd, obrisi ih samo...
Nakon toga otvori Run i kucaj "msconfig"...u kartici StartUp destikliraj sve osim antivirusa, firewall-a i drajvera...vidim da ti se mnogo stvari podize sa Windows-om, a to je bespotrebno...
Kada sredis ove sitnice javi mi kakvo je stanje i da li ti se jos pojavljuje taj sajt koji si naveo u prvom postu...
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
0

peja_s

Član broj: 230405
Poruke: 40
*.teol.net.



Profil

icon Re: Zvu cna tra vian re kla ma03.03.2011. u 08:46 - pre 159 meseci
Pa uradim ja to uvijek, ali ovo troje što pronađe je zbog toga što je isključen Windows update.

Našao sam samo Skype Toolbar i to sam izbrisao, nisam više ništa našao u listi.

Šta odavde da ostavim?



Ispod ima još samo ctfmon. Ostalo je isključeno.
 
0

kristi1

Član broj: 151211
Poruke: 2012
*.dynamic.isp.telekom.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Zvu cna tra vian re kla ma03.03.2011. u 09:18 - pre 159 meseci
Pokreni HJT i fixuj ove dve linije

O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll

U startupu ostavi Nod i ctfmon, ostalo sve mozes da decekiras, jedino ono sto ti hoces da se dize sa sistemom ostavi, mislim na Skype recimo, mada i to sta ce ti.

Code:
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.


Ovo nije malware da znas.
 
0

peja_s

Član broj: 230405
Poruke: 40
*.teol.net.



Profil

icon Re: Zvu cna tra vian re kla ma03.03.2011. u 10:02 - pre 159 meseci
Dobro, evo uradio sam tako. Vidjećemo kako će sad biti. Hvala.

Jedino ne znam treba li nešto još ovdje ponovo podesiti

 
0

kristi1

Član broj: 151211
Poruke: 2012
*.dynamic.isp.telekom.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Zvu cna tra vian re kla ma03.03.2011. u 10:46 - pre 159 meseci
Samo stikliraj i klikni ok.
 
0

peja_s

Član broj: 230405
Poruke: 40
*.teol.net.



Profil

icon Re: Zvu cna tra vian re kla ma03.03.2011. u 10:47 - pre 159 meseci
Dobro, ali sad se ponovo aktivirala reklama. Koji je sad proces sporan?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:07, on 3.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\KONAMI\Pro Evolution Soccer 2011\PES2011.exe
C:\Documents and Settings\User\Desktop\34567.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stripovi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LEC TranslateDotNet Server - Unknown owner - C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5500 bytes
 
0

kristi1

Član broj: 151211
Poruke: 2012
*.dynamic.isp.telekom.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Zvu cna tra vian re kla ma03.03.2011. u 10:49 - pre 159 meseci
Preuzmi Program DDS http://download.bleepingcomputer.com/sUBs/dds.scr

Dvoklikom pokreni DDS
Sacekaj malo, izbacice ti dva loga
Kopiraj mi log DDS.txt
 
0

peja_s

Član broj: 230405
Poruke: 40
*.teol.net.



Profil

icon Re: Zvu cna tra vian re kla ma03.03.2011. u 10:56 - pre 159 meseci
Evo:


DDS (Ver_10-12-12.02) - NTFSx86
Run by User at 11:55:56,17 on cet 03.03.2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.354 [GMT 1:00]

AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
svchost.exe 4
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe 4
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.stripovi.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {474597C5-AB09-49d6-A4D5-2E8D7341384E} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\fyminyxq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.stripovi.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&q=
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\fyminyxq.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\fyminyxq.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\unrealmediaplayer5plugin\npUMediaPlayer5.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: TVU Web Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: BrowserProtect: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FoxyProxy Standard: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FoxyProxy Basic: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Ghostery: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-1-12 394952]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 DRVofSonorEC;DRVofSonorEC;c:\windows\system32\drivers\DRVofSonorEC.sys [2009-2-16 20480]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-27 10:30:29 -------- d-----w- c:\documents and settings\user\GDBManager11
2011-02-01 14:16:11 -------- d-----w- c:\docume~1\user\locals~1\applic~1\PCHealth

==================== Find3M ====================

2011-01-27 11:26:18 320 ---ha-w- C:\aaw7boot.cmd
2008-11-22 14:57:19 728858 ----a-w- c:\program files\common files\unins000.exe
2008-03-09 06:25:10 236 ---ha-w- c:\program files\common files\dx.reg

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spyg.sys >>UNKNOWN [0x86D88938]<<
spyg.sys
_asm { PUSH EBP; MOV EBP, ESP; JMP 0xfffffffff9766d8b; }
1 ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\Harddisk0\DR0[0x86D22AB8]
3 CLASSPNP[0xF765CFD7] -> ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\0000006e[0x86D27170]
5 ACPI[0xF73E8620] -> ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\Ide\IdeDeviceP2T0L0-e[0x86D28D98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x61e; }
user != kernel MBR !!!

============= FINISH: 11:56:37,89 ===============
 
0

kristi1

Član broj: 151211
Poruke: 2012
*.dynamic.isp.telekom.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Zvu cna tra vian re kla ma03.03.2011. u 11:03 - pre 159 meseci
Ugasi Nod.

Preuzmi ComboFix sa sledece adrese na Desktop:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Obavezno pokreni Combofix sa desktopa
Na svaki popup prozor klikci Yes \ Ok

Sacekaj da program zavrsi skeniranje (moguc restrat)

Na kraju skeniranja izbacice ti log na destop koji ces mi kopirati ovde.
 
0

peja_s

Član broj: 230405
Poruke: 40
*.teol.net.



Profil

icon Re: Zvu cna tra vian re kla ma03.03.2011. u 11:37 - pre 159 meseci
Evo, uradio sam to. Ali za vrijeme skeniranja javilo mi je da nije instaliran Microsoft Windows Console ili tako nešto i da bez toga ne može da skenira za malware. Onda je tražilo da se konektuje na internet i javilo da konekcija nije u redu, ne znam zašto.

ComboFix 11-03-02.05 - User 03.03.2011 12:21:20.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.667 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Desktop\AVVENTURE AMERICANE - L'UOMO MASCHERATO - 0058 - UN'EVASIONE NELLA GIUNGLA - I RICATTATORI DEL RING
C:\Thumbs.db
C:\Win
c:\windows\system32\Cache
c:\windows\system32\Cache\ca4316073ceb28c1.fb
c:\windows\system32\Cache\ca4316073ceb28c1__exp__1289859524
c:\windows\system32\Thumbs.db

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 )))))))))))))))))))))))))))))))
.

2011-02-27 10:30 . 2011-02-24 09:03 -------- d-----w- c:\documents and settings\User\GDBManager11
2011-02-01 14:16 . 2011-02-01 14:16 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-27 11:26 . 2011-01-27 11:26 320 ---ha-w- C:\aaw7boot.cmd
2011-01-27 08:48 . 2011-01-27 08:49 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-20 17:09 . 2010-03-24 19:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-03-24 19:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-11-22 14:57 . 2008-11-22 14:57 728858 ----a-w- c:\program files\Common Files\unins000.exe
2008-03-09 06:25 . 2008-11-22 14:57 236 ---ha-w- c:\program files\Common Files\dx.reg
.

------- Sigcheck -------

[-] 2008-08-29 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe" [2010-11-14 233936]

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-25 17:11 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-11-08 07:56 166424 ----a-r- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-11-08 07:56 141848 ----a-r- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2005-09-25 17:11 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-01-08 17:53 8523776 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-01-08 17:53 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-01-08 17:53 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-11-08 07:56 137752 ----a-r- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-10-25 03:57 16855552 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-10-11 03:04 1826816 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2008-01-29 10:20 2157064 ----a-w- c:\program files\XpertVision\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
2008-07-09 08:05 919016 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K11\\nba2k11.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/17/2010 8:47 PM 691696]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/20/2008 10:11 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/20/2008 10:08 AM 472320]
R3 DRVofSonorEC;DRVofSonorEC;c:\windows\system32\drivers\DRVofSonorEC.sys [2/16/2009 4:27 PM 20480]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [8/23/2001 2:00 PM 3584]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/14/2008 1:42 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.stripovi.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\fyminyxq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.stripovi.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: TVU Web Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: BrowserProtect: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FoxyProxy Standard: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FoxyProxy Basic: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Ghostery: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-Pareto_Update - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-03 12:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{536EC102-9B2D-AF5D-BCC7-E998413ECF34}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2324)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-03-03 12:32:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-03 11:32

Pre-Run: 31.974.621.184 bytes free
Post-Run: 33.644.593.152 bytes free

- - End Of File - - 5738EDCBF48E4F319941C4861D2EC8E1
 
0

kristi1

Član broj: 151211
Poruke: 2012
*.dynamic.isp.telekom.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Zvu cna tra vian re kla ma03.03.2011. u 12:07 - pre 159 meseci
Ugasi AV

Otvori Notepad i kopiraj tekst koji se nalazi ispod:

Code:


File::
C:\aaw7boot.cmd

FCOPY:: 
c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll|c:\windows\system32\sfcfiles.dll

RegNull::
[HKEY_USERS\S-1-5-21-1547161642-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{536EC102-9B2D-AF5D-BCC7-E998413ECF34}*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"


Klikni na File\Save as i sacuvaj tekst kao CFScript na desktop




Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix

Kopiraj mi log koji dobijes.
 
0

peja_s

Član broj: 230405
Poruke: 40
*.teol.net.



Profil

icon Re: Zvu cna tra vian re kla ma03.03.2011. u 12:34 - pre 159 meseci
ComboFix 11-03-02.05 - User 03.03.2011 13:23:07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.425 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"C:\aaw7boot.cmd"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\aaw7boot.cmd

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll --> c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 )))))))))))))))))))))))))))))))
.

2011-02-27 10:30 . 2011-02-24 09:03 -------- d-----w- c:\documents and settings\User\GDBManager11
2011-02-01 14:16 . 2011-02-01 14:16 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-27 08:48 . 2011-01-27 08:49 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-20 17:09 . 2010-03-24 19:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-03-24 19:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-11-22 14:57 . 2008-11-22 14:57 728858 ----a-w- c:\program files\Common Files\unins000.exe
2008-03-09 06:25 . 2008-11-22 14:57 236 ---ha-w- c:\program files\Common Files\dx.reg
.

((((((((((((((((((((((((((((( SnapShot@2011-03-03_11.29.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 11:00 . 2011-03-03 11:24 83926 c:\windows\system32\perfc009.dat
+ 2001-08-23 11:00 . 2011-03-03 11:33 83926 c:\windows\system32\perfc009.dat
+ 2001-08-23 11:00 . 2011-03-03 11:33 493634 c:\windows\system32\perfh009.dat
- 2001-08-23 11:00 . 2011-03-03 11:24 493634 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe" [2010-11-14 233936]

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-25 17:11 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-11-08 07:56 166424 ----a-r- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-11-08 07:56 141848 ----a-r- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2005-09-25 17:11 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-01-08 17:53 8523776 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-01-08 17:53 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-01-08 17:53 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-11-08 07:56 137752 ----a-r- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-10-25 03:57 16855552 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-10-11 03:04 1826816 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2008-01-29 10:20 2157064 ----a-w- c:\program files\XpertVision\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
2008-07-09 08:05 919016 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K11\\nba2k11.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/17/2010 8:47 PM 691696]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/20/2008 10:11 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/20/2008 10:08 AM 472320]
R3 DRVofSonorEC;DRVofSonorEC;c:\windows\system32\drivers\DRVofSonorEC.sys [2/16/2009 4:27 PM 20480]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [8/23/2001 2:00 PM 3584]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/14/2008 1:42 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.stripovi.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\fyminyxq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.stripovi.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: TVU Web Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: BrowserProtect: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FoxyProxy Standard: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FoxyProxy Basic: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Ghostery: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-03 13:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-03-03 13:28:57
ComboFix-quarantined-files.txt 2011-03-03 12:28

Pre-Run: 33.721.495.552 bytes free
Post-Run: 33.681.969.152 bytes free

- - End Of File - - EBDAEAA4EAA55E117388D8F16BC3B6CB
 
0

kristi1

Član broj: 151211
Poruke: 2012
*.dynamic.isp.telekom.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Zvu cna tra vian re kla ma03.03.2011. u 12:41 - pre 159 meseci
Imas li sad problem?

Skini ovaj program MCShield

Instaliraj program. Zatim ukoliko imas flesku ubodi u komp i sacekaj da je program skenira.

Ako izbaci log fajl kopiraj mi ovde.
 
0

peja_s

Član broj: 230405
Poruke: 40
*.teol.net.



Profil

icon Re: Zvu cna tra vian re kla ma03.03.2011. u 12:47 - pre 159 meseci
Ne znam, ta reklama se i dosad aktivirala povremeno, 5-10 puta dnevno, bez nekog pravila.

Evo, uradiću sad to i skenirati fleš.
 
0

kristi1

Član broj: 151211
Poruke: 2012
*.dynamic.isp.telekom.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Zvu cna tra vian re kla ma03.03.2011. u 12:55 - pre 159 meseci
Imao si nekoliko infekcija, izmedju ostalog i Rootkit koji je uspesno dezinfikovan.

Sacekaj malo da se uveris da je sve u redu, a zatim deinstaliraj Combofix

U Run kopiraj sledece Combofix /Uninstall enter i sa ok potvrdi deinstalaciju.
 
0

[es] :: Zaštita :: Zvu cna tra vian re kla ma
(Zaključana tema (lock), by Goran Mijailovic)
Strane: 1 2

[ Pregleda: 7149 | Odgovora: 28 ] > FB > Twit

Postavi temu

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.