Kako da se rijesim virusa

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:22:57, on 13.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\fireserv\Apache\bin\Apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\fireserv\mysql\bin\mysqld-nt.exe
C:\fireserv\Apache\bin\Apache.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Dragan Sladoje\Desktop\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [TE_RegProtect] C:\Program Files\Anti Trojan Elite\TERegPct.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Fireserv - Apache Software Foundation - C:\fireserv\Apache\bin\Apache.exe
O23 - Service: MySql - Unknown owner - c:\fireserv\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 6169 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Koji virus? Šta, gde, kad i kako? Simptomi? Detekcija? Putanja detektovanog fajla? Info o problemu..

Ovo je forum - iznese se problem i predlaže rešenje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Imam virus u kompjuteru nod ga ne detektuje zove se sasa.exe.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok. Prvo privremeno zaustavi zaštitu tvog AV-a kao što je pokazano na linku ispod.
http://www.nod32.com.sg/html/167/654/
Uključićeš je ponovo tek posle skeniranja ComboFix-om.

Zatim skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-04-13.1 - Dragan Sladoje 2008-04-13 21:01:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.258 [GMT 2:00]
Running from: C:\Documents and Settings\Dragan Sladoje\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\vm26656.dll
C:\WINDOWS\system32\ys00145.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-13 15:03 . 2008-04-13 15:14 <DIR> d-------- C:\Program Files\Trojan Remover
2008-04-13 15:03 . 2008-04-13 15:03 <DIR> d-------- C:\Documents and Settings\Dragan Sladoje\Application Data\Simply Super Software
2008-04-13 10:49 . 2008-04-13 10:51 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-04-13 10:44 . 2008-04-13 10:52 <DIR> d-------- C:\Program Files\AutoCAD 2007
2008-04-13 10:44 . 2008-04-13 11:06 <DIR> d-------- C:\Documents and Settings\Dragan Sladoje\Application Data\Autodesk
2008-04-13 10:44 . 2008-04-13 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-13 10:39 . 2008-04-13 10:52 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-13 10:39 . 2008-04-13 10:39 <DIR> d-------- C:\Program Files\Autodesk
2008-04-12 11:11 . 2008-04-13 19:34 <DIR> d-------- C:\Program Files\Anti Trojan Elite
2008-04-07 15:55 . 2006-10-05 16:22 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-04 17:26 . 2008-04-04 17:26 38 --a------ C:\WINDOWS\avisplitter.INI
2008-03-23 18:13 . 2008-04-03 16:53 <DIR> d-------- C:\Program Files\Sybase
2008-03-23 11:02 . 2008-04-07 16:00 <DIR> d-------- C:\Program Files\Rapid-USD NoCaptcha -Th3zone.com Sep2007
2008-03-23 01:01 . 2008-03-23 01:01 31 --a------ C:\WINDOWS\idc.ini
2008-03-23 00:58 . 2008-04-07 16:00 <DIR> d-------- C:\Program Files\USD.1.3.4.9
2008-03-20 16:10 . 2007-11-30 00:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-20 16:10 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-20 16:10 . 2007-12-24 14:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-20 16:10 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-03-18 21:13 . 2008-03-18 21:13 <DIR> d-------- C:\Program Files\Smart Projects
2008-03-18 13:22 . 2008-03-18 13:22 33 --a------ C:\WINDOWS\SYMGAMES.INI
2008-03-16 16:03 . 2008-03-16 16:03 <DIR> d-------- C:\Program Files\Windows Live
2008-03-16 00:01 . 2008-04-09 16:10 <DIR> d-------- C:\Program Files\DU Meter
2008-03-16 00:01 . 2008-03-16 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 17:31 --------- d-----w C:\Program Files\The KMPlayer
2008-04-13 13:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-08 20:41 --------- d-----w C:\Documents and Settings\Dragan Sladoje\Application Data\uTorrent
2008-04-07 17:40 --------- d-----w C:\Program Files\Bit Che
2008-04-07 13:56 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-04-03 14:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-28 14:46 --------- d-----w C:\Program Files\ESET
2008-03-24 17:55 --------- d-----w C:\Program Files\Total Video Converter
2008-03-20 14:11 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-20 14:08 --------- d-----w C:\Program Files\Common Files\Real
2008-03-16 14:03 --------- d-----w C:\Program Files\MSN Messenger
2008-03-16 14:03 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-14 20:43 --------- d-----w C:\Program Files\Java
2008-03-09 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Frag great bend logo
2008-03-09 09:39 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-06 19:34 --------- d-----w C:\Program Files\uTorrent
2008-03-01 10:38 --------- d-----w C:\Program Files\Hmonitor
2008-02-23 22:54 --------- d-----w C:\Documents and Settings\Dragan Sladoje\Application Data\ESET
2008-02-23 22:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-02-23 22:39 --------- d-----w C:\Program Files\Opera
2008-02-22 08:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-14 11:08 --------- d-----w C:\Documents and Settings\Dragan Sladoje\Application Data\Media Player Classic
2007-10-29 12:54 524 ----a-w C:\Program Files\Shortcut to nocompu.lnk
2004-09-23 22:56 3,730 ----a-w C:\Program Files\SP28818.cva
2004-07-29 04:11 796 ----a-w C:\Program Files\smwdms.txt
2004-07-29 04:11 552 ----a-w C:\Program Files\WSsmwdms.txt
2004-07-20 22:52 11,537 ----a-w C:\Program Files\smx.cat
2004-07-16 21:57 60,420 ----a-w C:\Program Files\smwdmCH4.inf
2004-01-14 22:33 74 ----a-w C:\Program Files\data.tag
2004-01-14 19:20 65,096 ----a-w C:\Program Files\data1.hdr
2004-01-14 19:20 512 ----a-w C:\Program Files\data2.cab
2004-01-14 19:20 495 ----a-w C:\Program Files\layout.bin
2004-01-14 19:20 1,265,100 ----a-w C:\Program Files\data1.cab
2004-01-13 23:40 612,032 ----a-w C:\Program Files\smwdm.sys
2003-12-19 22:59 239,567 ----a-w C:\Program Files\setup.inx
2003-04-08 17:30 3,744 ----a-w C:\Program Files\smsens.sys
2003-01-17 21:25 10,880 ----a-w C:\Program Files\WDMSTUB.sys
2002-07-25 22:07 346,602 ----a-w C:\Program Files\ikernel.ex_
2002-06-19 22:26 40,960 ----a-w C:\Program Files\AEEnable.exe
2002-04-22 19:40 45,056 ----a-w C:\Program Files\adminchk.dll
2002-04-01 20:15 4,816 ----a-w C:\Program Files\AEAUDIO.sys
2002-03-29 01:40 308,278 ----a-w C:\Program Files\win256_3.bmp
2002-03-27 00:53 308,276 ----a-w C:\Program Files\SoundMAX.bmp
2002-03-11 23:10 1,078 ----a-w C:\Program Files\SMax3CP.ico
2001-11-19 21:42 7 ----a-w C:\Program Files\nocompi.txt
2001-11-19 21:42 6 ----a-w C:\Program Files\nocompu.txt
2001-10-26 00:40 401 ----a-w C:\Program Files\Setup.ini
2001-10-26 00:40 1,768 ----a-w C:\Program Files\setup.iss
2001-10-04 22:49 36,352 ----a-w C:\Program Files\install.exe
2001-10-03 20:14 381,200 ----a-w C:\Program Files\migrate.dll
2001-09-19 20:32 720,896 ----a-w C:\Program Files\a3d.dll
2001-08-24 22:45 61,440 ----a-w C:\Program Files\RemADI.exe
2001-08-16 00:08 377,856 ----a-w C:\Program Files\269601USA8.EXE
2000-05-15 16:08 134,656 ----a-w C:\Program Files\Setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 04:04 139264]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 10:06 1667584]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02 103712]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2007-10-17 21:23 979968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 00:40 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 09:47 31016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 09:21 1443072]
"Anti Trojan Elite"="C:\Program Files\Anti Trojan Elite\TJEnder.exe" [2008-03-06 20:26 3562496]
"TE_RegProtect"="C:\Program Files\Anti Trojan Elite\TERegPct.exe" [2003-12-07 01:42 781824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\Dragan Sladoje\\My Documents\\Faks\\eclipse-europa\\eclipse\\eclipse.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 09:21]
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 15:19]
R2 Fireserv;Fireserv;"C:\fireserv\Apache\bin\Apache.exe" -k runservice []
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys [2004-09-10 04:05]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 21:54]
S2 EsetNod32Fix;Nod32 AV;C:\WINDOWS\Regedit.exe [2004-08-04 00:56]
S3 ES-620;Edisonsoft ES-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\ES-620.sys [2003-04-17 11:42]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 12:53]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-31 02:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-31 02:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-31 02:59]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d8dc9eb-8e2b-11dc-9730-00112f6e3860}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{251f9c3f-e247-11dc-97b8-00112f6e3860}]
\Shell\AutoOpen\command - F:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5317cacb-07b7-11dc-9636-00112f6e3860}]
\Shell\AutoOpen\command - F:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a93d5b21-eba0-11dc-97d4-00112f6e3860}]
\Shell\AutoOpen\command - F:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 16:38:57 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-04-13 21:04:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
Completion time: 2008-04-13 21:06:27
ComboFix-quarantined-files.txt 2008-04-13 19:06:04
Pre-Run: 4,082,192,384 bytes free
Post-Run: 4,071,641,088 bytes free

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Citat:2008-03-23 11:02 . 2008-04-07 16:00 <DIR> d-------- C:\Program Files\Rapid-USD NoCaptcha -Th3zone.com Sep2007
Ne posećuj i ne skidaj programe sa Th3zone.com i sličnih sajtova/foruma i nećeš imati viruse. Ako se pojavi sasa.exe obriši ga AV-om.
Toliko od mene..

Citat:6. Svako onaj koji se zarazio svojom krivicom (posete sajtovima sa p0rn0grafijom, w@rezom, cr@ckovima, koriscenje P2P programa...) nek prvo pomogne sam sebi da se oslobodi losih navika.
Zasto bi smo trosili svoje vreme na nekoga ko ce za kratko vreme ponovo da se zarazi?
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

//lock