MyCity » Ambulanta -> Arhiva Ambulante » msn virus

msn virus

Napisano na dan: 28.9.2008

msn virus
Sledeća strana Pagination

Idi na vrh

Poslao: 28 Sep 2008 22:47
Idi na vrh
offline
  • Pridružio: 15 Sep 2008
  • Poruke: 74

dobio sam neki link preko msn-a i otovrio sam ga i od onda avast
nađe neki trojan i ja sam ga izbrisao, sad bi vas molio da pogledate jel još
ima kakav virus?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:36, on 28.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\BHROOT\BIN\NT611SVC.EXE
C:\Program Files\BHROOT\BIN\monitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BHROOT\BIN\PORTMAP.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Robi\Desktop\Nova mapa\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Pomoc za prijavu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Update] WindowsUpdate.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Windows Update] WindowsUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYHR
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: bh611 - Bell& Howell - C:\Program Files\BHROOT\BIN\NT611SVC.EXE
O23 - Service: Bell & Howell Monitor Service (BHMonitorService) - Bell & Howell - C:\Program Files\BHROOT\BIN\monitor.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Update Service (gupdate1c8fe527b2f7a97) (gupdate1c8fe527b2f7a97) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell - C:\Program Files\BHROOT\BIN\PORTMAP.EXE
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7979 bytes

Poslao: 29 Sep 2008 16:27
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...



Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings....

U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK.

Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.


Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.



-------------------------------------------------------------------------------------


Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 29 Sep 2008 22:35
Idi na vrh
offline
  • Pridružio: 15 Sep 2008
  • Poruke: 74

Evo combofix logo

ComboFix 08-09-28.01 - Robi 2008-09-29 22:27:32.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.191 [GMT 2:00]
Running from: C:\Documents and Settings\Robi\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Robi\LOCALS~1\Temp\install_flash_player.exe
C:\Documents and Settings\Robi\Cookies\robi@ad.yieldmanager[2].txt
C:\Documents and Settings\Robi\Cookies\robi@autos.yahoo[1].txt
C:\Documents and Settings\Robi\Cookies\robi@mercedesklub[1].txt
C:\Documents and Settings\Robi\Cookies\robi@mobile[2].txt
C:\WINDOWS\admintxt.txt
C:\WINDOWS\windowsupdate.exe

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-29 )))))))))))))))))))))))))))))))
.

2008-09-28 23:55 . 2008-09-28 23:55 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\Windows Live Writer
2008-09-28 23:54 . 2008-09-28 23:54 <DIR> d-------- C:\Program Files\Microsoft
2008-09-28 22:55 . 2008-09-28 22:55 <DIR> d-------- C:\Program Files\ESET
2008-09-28 21:14 . 2008-09-28 21:14 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-28 12:34 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-28 12:34 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-28 12:34 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-27 13:50 . 2008-09-27 13:50 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-26 20:30 . 2008-09-26 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BlackPencil
2008-09-24 17:42 . 2008-09-24 17:42 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\ESET
2008-09-24 17:41 . 2008-09-28 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-24 16:54 . 2008-09-24 16:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-09-23 21:59 . 2008-09-23 21:59 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-09-23 21:58 . 2008-09-25 22:01 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\Xfire
2008-09-23 21:57 . 2008-09-24 16:55 <DIR> d-------- C:\Program Files\Xfire
2008-09-22 00:01 . 2008-09-22 00:01 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\MSNInstaller
2008-09-19 21:46 . 2008-09-19 21:46 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-18 22:04 . 2008-09-18 22:04 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-09-18 21:57 . 2005-10-09 00:06 3,584 --a------ C:\WINDOWS\system32\drivers\sfcure01.sys
2008-09-18 21:42 . 2008-09-18 21:42 <DIR> d-------- C:\Program Files\uTorrent
2008-09-18 21:42 . 2008-09-29 20:26 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\uTorrent
2008-09-18 02:40 . 2008-09-18 02:40 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-09-16 19:25 . 2008-09-16 19:25 <DIR> d-------- C:\Program Files\USB GamePad
2008-09-16 19:25 . 2006-01-08 11:18 159,744 --a------ C:\WINDOWS\system32\FFDR.dll
2008-09-16 19:25 . 2005-12-09 09:39 69,699 --a------ C:\WINDOWS\system32\drivers\VL813.sys
2008-09-16 19:25 . 2005-12-08 11:01 40,960 --a------ C:\WINDOWS\system32\restart.exe
2008-09-16 19:25 . 2005-11-17 08:10 36,864 --a------ C:\WINDOWS\system32\Sign2k.exe
2008-09-16 19:25 . 2005-12-08 11:01 32,768 --a------ C:\WINDOWS\system32\Removejoy.exe
2008-09-16 19:25 . 2004-03-30 19:37 25,600 --a------ C:\WINDOWS\system32\remove.exe
2008-09-16 19:25 . 2004-03-29 17:59 20,992 --a------ C:\WINDOWS\system32\rescan.exe
2008-09-15 22:30 . 2008-09-28 22:56 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-09-15 14:27 . 1998-11-17 12:44 328,704 --a------ C:\WINDOWS\IsUn0407.exe
2008-09-15 14:10 . 2008-09-15 14:10 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\MozillaControl
2008-09-15 12:59 . 2008-09-15 12:59 <DIR> d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests
2008-09-15 00:55 . 2008-09-15 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-09-14 02:04 . 2008-09-14 02:04 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-09-14 00:45 . 2007-07-11 11:11 888,832 --a------ C:\WINDOWS\system32\securenet.dll
2008-09-14 00:10 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-09-14 00:10 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys
2008-09-13 17:02 . 2008-09-13 17:02 32 --a------ C:\WINDOWS\tdlp32.ini
2008-09-12 20:59 . 2008-09-12 20:59 <DIR> d-------- C:\Program Files\vso
2008-09-12 20:59 . 2008-09-12 21:22 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\Vso
2008-09-12 20:59 . 2008-09-12 20:59 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-12 20:59 . 2008-09-12 20:59 47,360 --a------ C:\Documents and Settings\Robi\Application Data\pcouffin.sys
2008-09-09 00:16 . 2008-09-09 00:16 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-09-08 21:30 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-09-08 21:30 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-09-08 21:30 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-09-08 21:30 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-09-08 21:30 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-09-08 21:30 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-09-08 21:30 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-09-08 21:30 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-09-08 21:30 . 2008-09-08 21:30 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-09-08 21:30 . 2008-09-08 21:30 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-09-07 23:48 . 2008-09-07 23:48 <DIR> d-------- C:\Program Files\PowerISO
2008-09-07 20:34 . 2008-09-07 20:34 88 --a------ C:\WINDOWS\StyleBuilder.INI
2008-09-07 02:05 . 2008-09-07 02:05 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-09-07 00:43 . 2008-09-07 00:43 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\InstallShield
2008-09-06 22:34 . 2008-09-06 22:34 360,320 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-09-06 17:58 . 2008-09-06 17:58 <DIR> d-------- C:\Program Files\VDOWNLOADER
2008-09-06 15:37 . 2008-09-06 15:37 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-09-06 15:34 . 2008-09-06 15:34 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-09-06 15:20 . 2008-09-10 21:50 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-09-06 15:09 . 2008-09-07 02:05 <DIR> d-------- C:\Program Files\Reganam
2008-09-06 14:06 . 2008-09-29 14:09 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-04 23:38 . 2008-09-04 23:38 520 --a------ C:\WINDOWS\netdet.ini
2008-09-04 23:37 . 2000-12-06 01:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-09-04 23:37 . 2000-12-06 01:00 109,248 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2008-09-02 20:39 . 2008-09-02 20:39 <DIR> d-------- C:\Program Files\MyXOFT
2008-09-02 20:39 . 2006-12-01 22:03 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-09-02 20:39 . 2006-12-01 22:03 548,864 --a------ C:\WINDOWS\system32\msvcp80.dll
2008-09-02 20:39 . 2006-12-02 06:22 479,232 --a------ C:\WINDOWS\system32\msvcm80.dll
2008-09-02 20:39 . 2006-12-01 22:03 1,869 --a------ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2008-08-30 21:35 . 2008-08-30 21:36 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\ICQ
2008-08-30 21:35 . 2008-08-30 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ICQ
2008-08-30 21:34 . 2008-09-23 16:26 <DIR> d-------- C:\Program Files\ICQ6
2008-08-30 00:13 . 2008-09-29 22:31 <DIR> d-------- C:\Documents and Settings\Robi\Tracing
2008-08-30 00:13 . 2008-09-09 21:48 <DIR> d-------- C:\Documents and Settings\Robi\Contacts
2008-08-30 00:11 . 2008-09-08 21:36 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\MSN6
2008-08-30 00:11 . 2008-08-30 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-08-30 00:01 . 2008-08-30 00:01 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-08-29 23:56 . 2008-09-29 10:21 <DIR> d-------- C:\Program Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 16:04 --------- d-----w C:\Program Files\Google
2008-09-22 12:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 12:39 --------- d-----w C:\Documents and Settings\Robi\Application Data\Samsung
2008-09-18 20:01 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-09-18 19:31 360,320 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-09-16 11:26 --------- d-----w C:\Documents and Settings\Robi\Application Data\TransRender
2008-09-16 11:25 --------- d-----w C:\Documents and Settings\Robi\Application Data\Temporary
2008-09-15 12:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-24 20:16 --------- d-----w C:\Program Files\Sony Ericsson
2008-08-24 19:29 --------- d-----w C:\Program Files\Far
2008-08-24 19:25 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-08-24 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-24 14:10 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-24 14:10 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-08-24 14:02 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-08-24 14:02 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-08-21 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Disk Cleaner
2008-08-21 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Registry Helper
2008-08-19 16:36 --------- d-----w C:\Program Files\IrfanView
2008-08-18 11:27 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-08-18 11:19 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-08-18 11:18 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-08-16 17:32 --------- d-----w C:\Program Files\Winamp
2008-08-16 17:21 --------- d-----w C:\Documents and Settings\Robi\Application Data\Smart PC Solutions
2008-08-16 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-16 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-16 16:25 --------- d-----w C:\Documents and Settings\Robi\Application Data\Uniblue
2008-08-13 11:25 --------- d-----w C:\Documents and Settings\Robi\Application Data\www.TheXSoft.com
2008-08-13 11:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\www.TheXSoft.com
2008-08-12 22:52 --------- d-----w C:\Program Files\DivX
2008-08-12 20:03 --------- d-----w C:\Program Files\Common Files\Vbox
2008-08-11 20:27 --------- d-----w C:\Documents and Settings\Robi\Application Data\zweitgeist
2008-08-08 16:05 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-08-08 15:45 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-08-07 22:13 --------- d-----w C:\Documents and Settings\Robi\Application Data\ICQ Toolbar
2008-08-07 18:16 --------- d-----w C:\Program Files\Marvell
2008-08-05 19:07 --------- d-----w C:\Documents and Settings\Robi\Application Data\DivX
2008-07-31 20:23 --------- d-----w C:\Program Files\Common Files\Autodata Limited Shared
2008-05-21 18:59 116,512 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-21 18:10 1,824 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "C:\Program Files\Reganam\tbReg1.dll" [2008-09-06 1569304]

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
2008-09-02 21:02 75272 --a------ C:\Program Files\Windows Live\Messenger\wlchtc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
2008-08-29 19:28 133616 --a----t- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]
2008-09-06 15:11 1569304 --------- C:\Program Files\Reganam\tbReg1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
2008-09-02 21:13 953360 --a------ C:\Program Files\Windows Live\Toolbar\wltcore.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "C:\Program Files\Reganam\tbReg1.dll" [2008-09-06 1569304]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DB9D7A78-A76C-4BF2-97C6-258925EE1542}"= "C:\Program Files\Reganam\tbReg1.dll" [2008-09-06 1569304]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 3739672]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 35328]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"D:\\Program Files\\game.dat"=
"D:\\UT2004\\System\\UT2004.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"D:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"D:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=
"D:\\Program Files\\Counter-Strike 1.6\\hlds.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 gupdate1c8fe527b2f7a97;Google Update Service (gupdate1c8fe527b2f7a97);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-29 133104]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-24 13352]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 98840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.hr/
R0 -: HKCU-Main,SearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNxmk142YYHR&fl=0&ptb=rFSuPRdDEVSyAqSB4yXKBw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
O8 -: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYHR
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm -
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-29 22:30:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\BHROOT\BIN\NT611SVC.EXE
C:\Program Files\BHROOT\BIN\MONITOR.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BHROOT\BIN\PORTMAP.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-29 22:33:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-29 20:33:23

Pre-Run: 23.794.085.888 bytes free
Post-Run: 24,329,105,408 bytes free

272 --- E O F --- 2008-09-28 12:10:06

Poslao: 30 Sep 2008 18:21
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Kakvo je sada stanje? Postoji li neki problem?

Poslao: 30 Sep 2008 19:48
Idi na vrh
offline
  • Pridružio: 15 Sep 2008
  • Poruke: 74

ne sada je sve ok Very Happy

Dopuna: 30 Sep 2008 19:48

eh da ja sam još izbrisao msn i ponovno instalirao

Poslao: 30 Sep 2008 20:28
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ok. Uradi sledeće:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


To je sve.

MyCity » Ambulanta -> Arhiva Ambulante » msn virus

Ko je trenutno na forumu
 

Ukupno su 840 korisnika na forumu :: 49 registrovanih, 5 sakrivenih i 786 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Andrija357, Areal84, arton, babaroga, bankulen, Bubimir, cavatina, cenejac111, Dimitrise93, Djole, DPera, FileFinder, flash12, havoc995, hologram, ikan, JOntra, Karla, kolle.the.kid, Kubovac, kunktator, Marko Marković, mercedesamg, mile23, moldway, Motocar, nenad81, NoOneEver Dreams, nuke92, oldtimer, opt1, pacika, Panter, Pohovani_00, Ripanjac, Sale.S, sasa76, Shinobi, Simon simonović, Srle993, StepskiVuk, vlad4, VP6919, YugoSlav, zziko, |_MeD_|, šumar bk2, 1107