MyCity » Ambulanta -> Arhiva Ambulante » Pomoc oko virusa!!!! Help..

Pomoc oko virusa!!!! Help..

Napisano na dan: 26.4.2009
1

Pomoc oko virusa!!!! Help..
Sledeća strana Pagination

Idi na vrh

Poslao: 26 Apr 2009 12:54
Idi na vrh
offline
  • Pridružio: 26 Apr 2009
  • Poruke: 42
  • Gde živiš: Bijeljina

Ja sam novi na ovom forumu..pre svega zhelim sve da vas pozdravim =)
Evo mog problema:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:13 PM, on 4/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\LAUNCH~1\LManager.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\Program Files\Winamp\winampa.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.exe
D:\DOCUME~1\drummer\LOCALS~1\Temp\RtkBtMnt.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Last.fm\LastFM.exe
D:\Program Files\Internet Explorer\iexplorer.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Internet Explorer\ods.exe
D:\Program Files\Internet Explorer\ods.exe
D:\Documents and Settings\drummer\Desktop\New Folder\TR3.exe.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = login.live.com/ppsecure/sha1auth.srf?lc=1033
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,,D:\WINDOWS\system32\ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - D:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - D:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [LManager] D:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] E:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SystemManger] D:\Program Files\Internet Explorer\iexplorer.exe
O4 - HKUS\S-1-5-18\..\Run: [userinit] D:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [userinit] D:\WINDOWS\system32\ntos.exe (User 'Default user')
O4 - Startup: 090C8.exe.exe
O4 - Startup: AA9C0.exe.exe
O4 - Startup: mel.bat110316 AM.bat
O4 - Startup: Y'z Toolbar.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5817 bytes



I na kraju..koristim kablovski internet.. download 1Mb/s upload 128 Kb/s

Poslao: 26 Apr 2009 13:19
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,


Pokrenite Spybot S&D
Kliknite Mode stavku u meniju
Odaberite Advance Mode
Na traci levo kliknite na Tools
Kliknite na Resident
Destiklirajte Resident Tea-Timer
Zatvorite Spybot S&D
Restartujte kompjuter.
- Zatim skinuti program sa ovog linka na Desktop.
- Pokrenuti ga dvoklikom i ispratiti uputstva.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.

---------------------------

* Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin :
Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje).

* Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora;
* Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection.
* Na sledece pitanje klikni Yes.

Napomena: Ne zaboravi da ukljuciš ovu opciju po završetku cišcenja.


------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 26 Apr 2009 13:37
Idi na vrh
offline
  • Pridružio: 26 Apr 2009
  • Poruke: 42
  • Gde živiš: Bijeljina

Uradio sam ovo prvo sa spybot-om..i skinuo sam ovaj program da iskljuchi to...

Ali ne mogu da nadjem AMON iz Threat Protection grupe opcija..da li mozhesh da mi pojasnish gde se nalazi ili tako neshto..???


Poslao: 26 Apr 2009 13:41
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Promenio sam uputstvo za iskljucivanje Antivirusa, bio sam ti dao pogresno.

Evo ga:

* Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin :
Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje).

* Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora;
* Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection.
* Na sledece pitanje klikni Yes.

Napomena: Ne zaboravi da ukljuciš ovu opciju po završetku cišcenja.

Poslao: 26 Apr 2009 13:57
Idi na vrh
offline
  • Pridružio: 26 Apr 2009
  • Poruke: 42
  • Gde živiš: Bijeljina

Napisano: 26 Apr 2009 13:47

Aham..evo zavrsheno =)

E da..video sam da je jedan dechko pitao oko ovog' combo fix-a za neki download..evo meni sad download-uje to "neshto"...

Da li da installiram to ili shta..??

Dopuna: 26 Apr 2009 13:49

Btw. neshto je od microsoft-a...a ja imam kopiju windows-a .. ne'am licencu..pa ne znam da li da installiram ili da odbijem...

Dopuna: 26 Apr 2009 13:57

Shta god je..sad je nebitno..odbio sam.. xD
Evo log-a:

ComboFix 09-04-25.A3 - drummer 04/26/2009 13:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1203 [GMT 2:00]
Running from: d:\documents and settings\drummer\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\autorun.inf
d:\program files\Internet Explorer\IEXPLORER.EXE
d:\windows\system\r.exe
d:\windows\system\update.exe
d:\windows\system32\mpg4c32.dll
d:\windows\system32\wsnpoem
d:\windows\system32\wsnpoem\audio.dll.cla
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.

2009-04-26 09:09 . 2009-04-26 10:02 1199928 ----a-w d:\windows\system\Updateor.exe
2009-04-26 08:59 . 2009-04-26 08:59 53248 ----a-w d:\windows\system\stm.exe
2009-04-25 17:28 . 2009-04-25 17:28 -------- d-----w d:\documents and settings\drummer\dwhelper
2009-04-25 14:33 . 2009-04-25 14:33 205 ----a-w d:\windows\wininit.ini
2009-04-25 14:16 . 2009-04-25 14:22 -------- d-----w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-25 09:06 . 2009-04-25 09:06 -------- d-----w d:\documents and settings\drummer\Application Data\AdobeUM
2009-04-25 09:06 . 2009-04-25 09:06 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\Adobe
2009-04-25 09:05 . 2009-04-25 09:05 -------- d-----w d:\program files\Common Files\Adobe
2009-04-24 15:51 . 2009-04-24 15:51 -------- d-----w d:\documents and settings\All Users\Application Data\Last.fm
2009-04-24 15:08 . 2009-04-24 15:08 128000 ----a-w d:\windows\system\ChromePass.exe
2009-04-24 15:08 . 2009-04-24 15:08 132597 ----a-w d:\windows\system\chromepass.zip
2009-04-24 15:08 . 2009-04-25 16:33 30720 ----a-w d:\windows\system\VNCPassView.exe
2009-04-24 15:08 . 2009-04-25 16:33 33553 ----a-w d:\windows\system\vncpassview.zip
2009-04-24 15:08 . 2009-04-25 16:33 42496 ----a-w d:\windows\system\iepv.exe
2009-04-24 15:07 . 2009-04-25 16:33 49799 ----a-w d:\windows\system\ipw.zip
2009-04-24 12:34 . 2009-04-24 12:34 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\DFX
2009-04-24 12:25 . 2009-04-24 12:25 -------- d-----w d:\documents and settings\All Users\Application Data\DFX
2009-04-24 12:25 . 2009-04-24 12:25 -------- d-----w d:\program files\DFX
2009-04-23 23:21 . 2009-04-23 23:21 -------- d-----w d:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-23 23:20 . 2009-04-23 23:22 -------- d-----w d:\documents and settings\drummer\Application Data\DAEMON Tools Lite
2009-04-23 23:15 . 2009-04-23 23:15 -------- d-----w d:\program files\DAEMON Tools Toolbar
2009-04-23 23:14 . 2009-04-23 23:22 -------- d-----w d:\documents and settings\drummer\Application Data\DAEMON Tools
2009-04-23 23:13 . 1997-06-02 10:32 314880 ----a-w d:\windows\IsUninst.exe
2009-04-23 23:13 . 2009-04-23 23:13 -------- d-----w d:\documents and settings\drummer\WINDOWS
2009-04-23 22:54 . 2009-04-23 23:15 47104 ----a-w d:\windows\system32\KMVIDC32.DLL
2009-04-22 23:58 . 2001-08-17 20:36 8704 -c--a-w d:\windows\system32\dllcache\kbdjpn.dll
2009-04-22 23:58 . 2001-08-17 20:36 8704 ----a-w d:\windows\system32\kbdjpn.dll
2009-04-22 23:58 . 2001-08-17 20:36 8192 -c--a-w d:\windows\system32\dllcache\kbdkor.dll
2009-04-22 23:58 . 2001-08-17 20:36 8192 ----a-w d:\windows\system32\kbdkor.dll
2009-04-22 23:58 . 2001-08-17 12:55 6144 -c--a-w d:\windows\system32\dllcache\kbd106.dll
2009-04-22 23:58 . 2001-08-17 12:55 6144 -c--a-w d:\windows\system32\dllcache\kbd101c.dll
2009-04-22 23:58 . 2001-08-17 12:55 6144 ----a-w d:\windows\system32\kbd106.dll
2009-04-22 23:58 . 2001-08-17 12:55 6144 ----a-w d:\windows\system32\kbd101c.dll
2009-04-22 23:58 . 2001-08-17 12:55 5632 -c--a-w d:\windows\system32\dllcache\kbd103.dll
2009-04-22 23:58 . 2001-08-17 12:55 5632 ----a-w d:\windows\system32\kbd103.dll
2009-04-22 23:58 . 2001-08-17 12:55 6144 -c--a-w d:\windows\system32\dllcache\kbd101b.dll
2009-04-22 23:58 . 2001-08-17 12:55 6144 ----a-w d:\windows\system32\kbd101b.dll
2009-04-22 23:09 . 2009-04-22 23:16 -------- d-----w d:\documents and settings\drummer\Application Data\Red Alert 3
2009-04-22 21:44 . 2009-04-25 16:24 915832 --sh--w D:\Sys.exe
2009-04-22 21:29 . 2009-04-22 21:29 192512 ----a-w d:\windows\system\ICSharpCode.SharpZipLib.dll
2009-04-22 21:29 . 2009-04-22 21:29 271360 ----a-w d:\windows\system\MonoTorrent.dll
2009-04-22 21:29 . 2009-04-22 21:29 57344 ----a-w d:\windows\system\MSNMessengerAPI.dll
2009-04-22 21:28 . 2009-04-22 21:29 915832 ----a-w d:\windows\system\taksmrg.exe
2009-04-22 20:23 . 2009-04-23 23:23 -------- d-----w d:\documents and settings\drummer\Application Data\Hamachi
2009-04-22 20:23 . 2009-04-22 20:23 25280 ----a-w d:\windows\system32\drivers\hamachi.sys
2009-04-22 16:29 . 2005-05-26 13:34 2297552 ----a-w d:\windows\system32\d3dx9_26.dll
2009-04-22 16:17 . 2009-04-22 16:17 -------- d-----w d:\windows\Logs
2009-04-21 19:06 . 2009-04-25 16:20 69 ----a-w d:\windows\NeroDigital.ini
2009-04-21 19:01 . 2009-04-21 19:01 -------- d-----w d:\program files\ASIO4ALL v2
2009-04-21 19:01 . 2006-06-20 08:56 225280 ----a-w d:\windows\system32\rewire.dll
2009-04-21 19:00 . 2002-07-07 22:14 1294336 ----a-w d:\windows\system32\vorbis.acm
2009-04-21 18:59 . 2009-04-21 19:01 -------- d-----w d:\program files\Image-Line
2009-04-21 18:59 . 2009-04-21 18:59 -------- d-----w d:\program files\Outsim
2009-04-21 18:57 . 2009-04-21 18:57 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\ESET
2009-04-21 18:33 . 2004-03-02 15:37 125184 ------w d:\windows\system32\drivers\imagesrv.sys
2009-04-21 18:33 . 2004-03-02 15:37 5504 ------w d:\windows\system32\drivers\imagedrv.sys
2009-04-21 18:33 . 2000-06-26 09:45 106496 ----a-w d:\windows\system32\TwnLib20.dll
2009-04-21 18:33 . 2004-07-26 15:16 476320 ------w d:\windows\system32\ImagXpr7.dll
2009-04-21 18:33 . 2004-07-26 15:16 471040 ------w d:\windows\system32\ImagXRA7.dll
2009-04-21 18:33 . 2004-07-26 15:16 262144 ------w d:\windows\system32\ImagXR7.dll
2009-04-21 18:33 . 2004-07-26 15:16 1568768 ------w d:\windows\system32\ImagX7.dll
2009-04-21 18:32 . 2001-07-09 09:50 155648 ----a-w d:\windows\system32\NeroCheck.exe
2009-04-21 18:31 . 2009-04-21 18:31 -------- d-----w d:\program files\Common Files\Ahead
2009-04-21 13:01 . 2009-04-21 13:01 376 ----a-w d:\windows\ODBC.INI
2009-04-21 13:00 . 2009-04-21 13:00 -------- d-----w d:\program files\Microsoft ActiveSync
2009-04-21 12:56 . 2009-04-21 13:00 -------- d-----w d:\windows\ShellNew
2009-04-20 21:25 . 2009-04-20 21:25 -------- d-----w d:\documents and settings\All Users\Application Data\TEMP
2009-04-20 21:15 . 2009-04-20 21:15 321144 --sh--w d:\windows\system\taksmgr.exe
2009-04-20 20:55 . 2009-04-20 20:55 -------- d-----w d:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-04-20 20:17 . 2009-04-20 20:17 -------- d-----w d:\documents and settings\drummer\Application Data\Media Player Classic
2009-04-20 16:11 . 2009-04-20 16:11 3932214 ----a-w d:\windows\BricoPack Wallpaper.bmp
2009-04-20 16:09 . 2009-04-20 16:10 -------- d-----w d:\windows\Packs
2009-04-19 13:56 . 2009-04-19 13:56 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\Identities
2009-04-19 12:55 . 2009-04-19 12:55 83 ----a-w d:\windows\wwp.INI
2009-04-18 22:15 . 2009-04-20 22:20 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\BS_Player
2009-04-18 22:15 . 2009-04-18 22:15 -------- d-----w d:\program files\Conduit
2009-04-18 22:15 . 2009-04-18 22:15 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\Conduit
2009-04-18 22:15 . 2009-04-18 22:15 -------- d-----w d:\program files\BS_Player
2009-04-18 22:15 . 2009-04-18 22:17 -------- d-----w d:\documents and settings\drummer\Application Data\BSplayer
2009-04-18 22:15 . 2009-04-18 22:15 -------- d-----w d:\documents and settings\drummer\Application Data\BSplayer Pro
2009-04-18 22:08 . 2004-08-03 21:08 26496 -c--a-w d:\windows\system32\dllcache\usbstor.sys
2009-04-18 21:52 . 2009-04-18 21:52 -------- d-----w d:\documents and settings\drummer\Application Data\Thinking Minds Budiling Bytes
2009-04-18 17:21 . 2009-04-25 13:42 -------- d-----w d:\documents and settings\drummer\Application Data\uTorrent
2009-04-18 16:59 . 2009-04-26 11:18 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\Last.fm
2009-04-18 16:02 . 2009-04-18 16:02 -------- d-s---w d:\documents and settings\drummer\UserData
2009-04-18 10:58 . 2009-04-18 10:58 721904 ----a-w d:\windows\system32\drivers\sptd.sys
2009-04-18 10:58 . 2009-04-18 10:58 -------- d-----w d:\documents and settings\drummer\Application Data\DAEMON Tools Pro
2009-04-18 10:25 . 2009-04-26 11:26 -------- d-----w d:\documents and settings\drummer\Tracing
2009-04-18 10:19 . 2009-04-18 10:19 -------- d-----w d:\program files\Microsoft
2009-04-18 10:19 . 2009-04-18 10:19 -------- d-----w d:\program files\Windows Live SkyDrive
2009-04-18 10:18 . 2009-04-18 10:23 -------- d-----w d:\program files\Windows Live
2009-04-18 10:07 . 2009-04-26 11:28 -------- d-----w d:\documents and settings\drummer\Application Data\Skype
2009-04-18 10:07 . 2009-04-18 10:07 -------- d-----w d:\program files\Skype
2009-04-18 10:07 . 2009-04-18 10:07 -------- d-----w d:\program files\Common Files\Skype
2009-04-18 10:07 . 2009-04-18 10:07 -------- d-----w d:\documents and settings\All Users\Application Data\Skype
2009-04-18 10:06 . 2009-04-18 10:06 0 ----a-w d:\windows\nsreg.dat
2009-04-18 10:06 . 2009-04-18 10:06 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\Mozilla
2009-04-18 10:05 . 2009-04-18 10:05 -------- d-----w d:\program files\Common Files\Windows Live
2009-04-18 10:04 . 2009-04-18 10:04 -------- d-----w d:\program files\ESET
2009-04-18 10:04 . 2009-04-18 10:04 -------- d-----w d:\documents and settings\All Users\Application Data\ESET
2009-04-18 09:55 . 2009-02-20 19:13 111544 ----a-w d:\windows\system32\nvapps.xml
2009-04-18 09:54 . 2009-04-18 09:54 -------- d-----w d:\windows\nview
2009-04-18 09:54 . 2009-02-20 19:13 356352 ----a-w d:\windows\system32\nvudisp.exe
2009-04-18 09:54 . 2009-02-20 19:13 17463 ----a-w d:\windows\system32\nvdisp.nvu
2009-04-18 09:53 . 2009-04-21 22:52 18128 ----a-w d:\documents and settings\drummer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 09:51 . 2009-04-18 09:51 940794 ----a-w d:\windows\system32\LoopyMusic.wav
2009-04-18 09:51 . 2009-04-18 09:51 146650 ----a-w d:\windows\system32\BuzzingBee.wav
2009-04-18 09:51 . 2009-04-18 09:51 -------- d-----w d:\windows\system32\Lang
2009-04-18 09:45 . 2004-11-18 08:42 22752 ----a-w d:\windows\system32\spupdsvc.exe
2009-04-18 09:44 . 2009-04-18 09:44 -------- d-----w d:\documents and settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
2009-04-18 09:44 . 2009-04-18 09:44 -------- d-----w d:\documents and settings\drummer\Local Settings\Application Data\NVIDIA Corporation
2009-04-18 09:44 . 2009-04-18 09:44 -------- d-----w d:\program files\NVIDIA Corporation
2009-04-18 09:42 . 2009-04-18 09:42 -------- d-----w D:\NVIDIA
2009-04-18 09:41 . 2009-04-18 09:41 -------- d-----w d:\program files\Acer
2009-04-18 09:40 . 2009-04-18 09:40 -------- d-----w d:\program files\Launch Manager
2009-04-18 09:40 . 2009-04-18 09:40 -------- d-----w d:\windows\Options
2009-04-18 09:40 . 2009-04-18 09:40 -------- d-----w d:\program files\Atheros
2009-04-18 09:40 . 2007-06-25 01:37 21936 ----a-w d:\windows\system32\net5211.cat
2009-04-18 09:40 . 2007-06-21 20:58 547072 ----a-w d:\windows\system32\drivers\ar5211.sys
2009-04-18 09:40 . 2007-06-21 20:58 547072 ----a-w d:\windows\system32\ar5211.sys
2009-04-18 09:40 . 2007-06-21 20:58 93138 ----a-w d:\windows\system32\net5211.inf
2009-04-18 09:40 . 2007-01-09 07:25 8 --sha-r d:\windows\system32\Desktop_.ini
2009-04-18 09:39 . 2009-04-18 09:39 -------- d-----w d:\documents and settings\All Users\Application Data\Atheros
2009-04-18 09:39 . 2009-04-18 09:40 83 ----a-w d:\windows\LManager.UNI
2009-04-18 09:34 . 2007-03-21 20:02 37376 ----a-w d:\windows\system32\drivers\rixdptsk.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 09:00 . 2009-04-18 10:08 -------- d-----w d:\documents and settings\drummer\Application Data\skypePM
2009-04-24 12:45 . 2009-04-24 12:24 -------- d-----w d:\documents and settings\drummer\Application Data\Winamp
2009-04-20 16:10 . 2004-08-03 22:56 218624 ----a-w d:\windows\system32\uxtheme.dll
2009-04-20 09:35 . 2009-04-17 23:30 86327 ----a-w d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-18 10:09 . 2009-04-18 10:08 -------- d-----w d:\program files\K-Lite Codec Pack
2009-04-18 09:45 . 2009-04-18 09:45 -------- d-----w d:\program files\Realtek
2009-04-18 09:45 . 2009-04-18 09:45 319488 ----a-w d:\windows\HideWin.exe
2009-04-17 23:31 . 2009-04-17 23:31 -------- d-----w d:\program files\microsoft frontpage
2009-04-17 23:27 . 2009-04-17 23:27 21640 ----a-w d:\windows\system32\emptyregdb.dat
2009-03-16 12:18 . 2009-04-22 16:30 69448 ----a-w d:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-22 16:30 517448 ----a-w d:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-22 16:30 235352 ----a-w d:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-22 16:30 22360 ----a-w d:\windows\system32\X3DAudio1_6.dll
2009-03-09 13:27 . 2009-04-22 16:30 453456 ----a-w d:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-22 16:30 1846632 ----a-w d:\windows\system32\D3DCompiler_41.dll
2009-03-09 13:27 . 2009-04-22 16:30 4178264 ----a-w d:\windows\system32\D3DX9_41.dll
2009-02-20 19:13 . 2007-07-24 07:12 3620864 ----a-w d:\windows\system32\nvvitvsr.dll
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w d:\windows\system32\sirenacm.dll
.

------- Sigcheck -------

[-] 2004-08-03 22:56 1134080 0657A5B234A9ABB3F0B63E2F422220B5 d:\windows\system32\WININET.DLL
[-] 2004-08-03 22:56 1134080 0657A5B234A9ABB3F0B63E2F422220B5 d:\windows\system32\dllcache\wininet.dll

[-] 2004-08-03 22:56 2710528 8A5CD5A66652EF0C3A1DA80E1BBD13AA d:\windows\explorer.exe
[-] 2004-08-03 22:56 2710528 8A5CD5A66652EF0C3A1DA80E1BBD13AA d:\windows\system32\dllcache\explorer.exe

[-] 2004-08-03 22:56 247808 90F22357BDE642442720A09BBCF8031E d:\windows\system32\wuauclt.exe
[-] 2004-08-03 22:56 247808 90F22357BDE642442720A09BBCF8031E d:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-03-10 09:47 2079256 ----a-w d:\program files\BS_Player\tbBS_P.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "d:\program files\BS_Player\tbBS_P.dll" [2009-03-10 2079256]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "d:\program files\BS_Player\tbBS_P.dll" [2009-03-10 2079256]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-20 81920]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="d:\progra~1\LAUNCH~1\LManager.exe" [2007-07-23 752136]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-20 8433664]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-20 81920]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="e:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2008-09-30 16864768]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2009-02-20 1626112]

d:\documents and settings\drummer\Start Menu\Programs\Startup\
090C8.exe.exe [2009-4-3 77824]
6D5DA.exe.exe [2009-4-3 77824]
85550.exe.exe [2009-4-3 77824]
AA9C0.exe.exe [2009-4-3 77824]
mel.bat110316 AM.bat [2009-4-26 128]
mel.bat112919 PM.bat [2009-4-26 128]
Y'z Toolbar.lnk - d:\windows\Packs\Crystal XP\YzToolbar\YzToolbar.exe [2009-4-20 90112]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - e:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-7 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Valve\\hl.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\worms\\WWP\\wwp.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 epfwtdir;epfwtdir;d:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
S2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]

.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-CubeDesktop - (no file)


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = login.live.com/ppsecure/sha1auth.srf?lc=1033
FF - ProfilePath - d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll
FF - component: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: e:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-26 13:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D652261-5448-9EDE-3CCB-097AABB7C6BF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hanffdagmghdhjno"=hex:61,61,00,7c
"janffdagmghdhjnoamen"=hex:63,61,6d,70,64,67,00,7c
"pafhiebijaefgmnlkidbdklaeknimjij"=hex:64,61,65,6a,61,69,6e,64,00,00
.
Completion time: 2009-04-26 13:53
ComboFix-quarantined-files.txt 2009-04-26 11:53

Pre-Run: 7,668,928,512 bytes free
Post-Run: 7,700,983,808 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

266

Poslao: 26 Apr 2009 14:32
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Uploaduj mi:

d:\windows\system\Updateor.exe
d:\documents and settings\drummer\Start Menu\Programs\Startup\
090C8.exe.exe

preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

Poslao: 26 Apr 2009 14:39
Idi na vrh
offline
  • Pridružio: 26 Apr 2009
  • Poruke: 42
  • Gde živiš: Bijeljina

Evo upload-ovao sam... =)

Poslao: 26 Apr 2009 18:24
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

I ovo ce mi biti potrebno na upload:

d:\documents and settings\drummer\Start Menu\Programs\Startup\
mel.bat110316 AM.bat
d:\documents and settings\drummer\Start Menu\Programs\Startup\mel.bat112919 PM.bat

http://www.mycity.rs/ambulanta-upload.php

Poslao: 26 Apr 2009 18:54
Idi na vrh
offline
  • Pridružio: 26 Apr 2009
  • Poruke: 42
  • Gde živiš: Bijeljina

Napisano: 26 Apr 2009 18:28

ne mogu da nadjem te file-ove..tj. ne postoje :/

Dopuna: 26 Apr 2009 18:54

??????????

Poslao: 26 Apr 2009 19:05
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Polako, morao sam malo Travian da obidjem, uveliko se ratuje Smile

Windows XP
[list=1][*]Klikni Start taster (u levom donjem uglu).
[*]Izaberi My Computer.
[*]Selektuj Tools meni i klikni na Folder Options.
[*]Selektuj View na vrhu, unutar Hidden files and folders grupe selektuj Show hidden files and folders.
[*]Skini kvačicu sa Hide file extensions for known types.
[*]Skini kvačicu sa Hide protected operating system files (recommended).

----------------

pa onda probaj da pronadjes one fajlove sto sam ti malo pre napisao, a koje nisi uspeo da nadjes.

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc oko virusa!!!! Help..

Ko je trenutno na forumu
 

Ukupno su 659 korisnika na forumu :: 12 registrovanih, 0 sakrivenih i 647 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bigfoot, draganl, goxin, Leonov, mikki jons, milenko crazy north, Mixelotti, Ognjen D., Panter, radionica1, stalja, vladetije