MyCity » Ambulanta -> Arhiva Ambulante » problem - resycled/boot.com

problem - resycled/boot.com

Napisano na dan: 5.11.2008

problem - resycled/boot.com
Sledeća strana Pagination

Idi na vrh

Poslao: 05 Nov 2008 01:33
Idi na vrh
offline
  • Graphic Designer
  • Pridružio: 09 Jan 2008
  • Poruke: 568
  • Gde živiš: Beograd

Imao sam problem kao i na temi http://www.mycity.rs/Arhiva-Ambulante/Malwarei-na-cistom-Win-u.html, cak mi je bio i blokiran Windows Task Manager.

Obrisao sam C: particiju i instalirao ponovo XP. Posle instalacije sistema particija C: je bila ok a u D: je ostalo sve isto. Iz Registra sam obrisao sve sto ima veze sa "resycled/boot.com", D: se posle toga normalno otvara ali nikako nisam mogao da obrisem autorun.inf. Posle restartovanja PC-a sve se vracalo po starom pa odlucih da instaliram AVG Internet Security 8 koji je nasao fajl kao zarazu i obrisao ga. Iz Registra sam ponovo obrisao sve sto ima veze sa "resycled/boot.com". Uporedno sa tim sam nasao gore navedenu temu i posle zavrsetka skeniranja AVG-a odraio deo sa ComboFix programom. Mislim da je sada sve uredu ali sam ipak skenirao i sa Trend Micro HijackThis programom.

Molio bih vas da pregledate log fajlove i ako ima i dalje neceg da to ocistim a mozda i da ponovo skeniram sa ComboFix-om.




ComboFix log:

ComboFix 08-11-04.02 - AleXa89 2008-11-04 23:44:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.137 [GMT 1:00]
Running from: c:\documents and settings\AleXa89\Desktop\New Folder\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2008-10-04 to 2008-11-04 )))))))))))))))))))))))))))))))
.

2008-11-04 18:44 . 2008-11-04 18:44 <DIR> d-------- c:\program files\PSPad editor
2008-11-04 18:44 . 2008-11-04 18:45 <DIR> d-------- c:\documents and settings\AleXa89\Application Data\PSpad
2008-11-04 18:15 . 2008-11-04 18:15 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-11-04 18:15 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2008-11-04 18:10 . 2008-11-04 18:15 <DIR> d-------- c:\program files\TuneUp Utilities 2008
2008-11-04 18:10 . 2008-11-04 18:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2008-11-04 18:10 . 2008-11-04 18:10 <DIR> d-------- c:\documents and settings\AleXa89\Application Data\TuneUp Software
2008-11-04 18:06 . 2008-11-04 18:06 <DIR> d-------- c:\program files\RapidShare Plus
2008-11-04 18:03 . 2008-11-04 18:04 314 --a------ c:\windows\{21D15DED-F125-46C8-8017-CB9F1CEB5B4D}_WiseFW.ini
2008-11-04 17:38 . 2008-11-04 18:09 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-04 17:38 . 2008-11-04 18:04 <DIR> d-------- c:\program files\360desktop
2008-11-04 17:38 . 2008-11-04 17:38 <DIR> d-------- c:\documents and settings\AleXa89\Application Data\360desktop
2008-11-04 16:00 . 2008-11-04 16:00 50,968 --a------ c:\windows\system32\avgfwdx.dll
2008-11-04 16:00 . 2008-11-04 16:00 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2008-11-04 15:23 . 2008-11-04 15:23 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2008-11-04 15:21 . 2008-11-04 15:21 <DIR> d-------- c:\program files\iolo
2008-11-04 15:21 . 2008-11-04 15:21 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo
2008-11-04 15:21 . 2008-06-19 18:15 918,368 --a------ c:\windows\system32\Incinerator.dll
2008-11-04 15:21 . 2008-06-16 20:21 29,696 --a------ c:\windows\system32\iolobtdfg.exe
2008-11-04 15:21 . 2008-06-06 17:55 8,704 --a------ c:\windows\system32\smrgdf.exe
2008-11-04 15:09 . 2008-11-04 15:09 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-04 15:09 . 2008-11-04 15:09 74,703 --a------ c:\windows\system32\mfc45.dll
2008-11-04 15:07 . 2008-11-04 15:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2008-11-04 15:07 . 2008-11-04 15:23 <DIR> d-------- c:\documents and settings\AleXa89\Application Data\iolo
2008-11-04 15:05 . 2008-11-04 15:05 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-04 15:05 . 2008-11-04 15:07 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-04 15:04 . 2008-11-04 15:04 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-04 14:40 . 2008-11-04 15:10 <DIR> d-------- c:\documents and settings\AleXa89\Contacts
2008-11-04 14:39 . 2008-11-04 14:39 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-04 14:38 . 2008-11-04 14:39 <DIR> d-------- c:\program files\Windows Live
2008-11-04 14:38 . 2008-11-04 14:39 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-04 14:38 . 2008-11-04 14:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-04 05:06 . 2008-11-04 05:06 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-04 05:03 . 2008-10-03 18:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-04 05:03 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-04 05:03 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-04 05:03 . 2008-08-26 08:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-04 05:03 . 2008-08-26 08:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-04 05:03 . 2008-08-26 08:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-04 05:03 . 2008-08-26 08:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-04 05:03 . 2008-08-26 08:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-04 05:03 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-04 04:59 . 2006-09-25 18:58 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-11-04 04:51 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-04 04:51 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-04 04:51 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-04 04:51 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-04 04:43 . 2008-06-13 12:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-04 04:43 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-04 04:33 . 2007-07-30 20:19 43,352 --a------ c:\windows\system32\wups2.dll
2008-11-04 04:32 . 2008-11-04 04:32 <DIR> d---s---- c:\documents and settings\AleXa89\UserData
2008-11-04 04:18 . 2008-11-04 04:18 22 --a------ c:\windows\system32\ati64hlp.stb
2008-11-04 04:10 . 2008-04-14 03:42 221,696 --a--c--- c:\windows\system32\dllcache\seo.dll
2008-11-04 04:09 . 2008-04-14 03:41 562,176 --a--c--- c:\windows\system32\dllcache\fxsst.dll
2008-11-04 04:08 . 2008-04-14 03:42 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2008-11-04 04:07 . 2008-11-04 04:07 <DIR> d-------- c:\windows\system32\xircom
2008-11-04 04:07 . 2008-11-04 04:07 <DIR> d-------- c:\program files\microsoft frontpage
2008-11-04 04:06 . 2008-11-04 04:06 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-11-04 03:54 . 2008-04-14 05:34 2,144,487 --a--c--- c:\windows\system32\dllcache\NT5.CAT
2008-11-04 03:46 . 2008-11-04 03:50 <DIR> d-------- c:\windows\system32\scripting
2008-11-04 03:46 . 2008-11-04 03:50 <DIR> d-------- c:\windows\system32\en
2008-11-04 03:46 . 2008-11-04 15:08 <DIR> dr-hsc--- c:\windows\system32\dllcache
2008-11-04 03:46 . 2008-11-04 03:46 <DIR> d-------- c:\windows\NLDRV
2008-11-04 03:46 . 2008-11-04 03:51 <DIR> d-------- c:\windows\L2Schemas
2008-11-04 03:43 . 2008-04-13 20:32 4,190,352 --a--c--- c:\windows\system32\dllcache\luna.mst
2008-11-04 02:53 . 2008-11-04 02:53 <DIR> d-------- c:\program files\MagicDisc
2008-11-04 02:53 . 2008-07-28 18:19 116,736 --a------ c:\windows\system32\drivers\mcdbus.sys
2008-11-04 02:50 . 2008-11-04 02:51 <DIR> d-------- c:\program files\MagicISO
2008-11-04 02:28 . 2008-11-04 02:28 22 --a------ c:\windows\system32\ati64hl2.stb
2008-11-04 01:48 . 2008-11-04 23:35 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-04 01:29 . 2008-11-04 16:37 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-04 01:29 . 2008-11-04 16:25 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-04 01:29 . 2008-11-04 16:25 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-04 01:29 . 2008-11-04 01:29 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-04 01:28 . 2008-11-04 01:28 <DIR> d-------- c:\program files\AVG
2008-11-04 01:28 . 2008-11-04 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-04 01:20 . 2008-11-04 19:59 <DIR> d-------- c:\documents and settings\AleXa89\Application Data\AVGTOOLBAR
2008-11-04 01:09 . 2007-02-20 17:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
2008-11-04 01:09 . 2007-02-20 17:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
2008-11-04 01:03 . 2004-01-12 01:00 348,160 --a------ c:\windows\system\msvcr71.dll
2008-11-04 00:56 . 2008-11-04 00:56 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-04 00:43 . 2008-11-04 00:43 348,160 --a------ c:\windows\msvcr71.dll
2008-11-04 00:42 . 2008-11-04 00:42 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-11-04 00:22 . 2008-11-04 00:22 <DIR> d-------- c:\program files\7-Zip
2008-11-03 22:38 . 2008-11-03 22:42 <DIR> d-------- c:\program files\YuRecnik
2008-11-03 20:40 . 2008-11-04 05:20 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-03 19:00 . 2008-11-03 19:03 <DIR> d-------- c:\program files\The KMPlayer
2008-11-03 18:08 . 2008-11-04 01:41 16,688 --ah----- c:\windows\system32\mlfcache.dat
2008-11-03 17:48 . 2008-11-03 17:48 <DIR> d-------- c:\program files\Safari
2008-11-03 17:48 . 2008-11-03 17:48 <DIR> d-------- c:\documents and settings\AleXa89\Application Data\Apple Computer
2008-11-03 17:47 . 2008-11-03 17:47 <DIR> d-------- c:\program files\Bonjour
2008-11-03 17:47 . 2008-11-03 17:47 <DIR> d-------- c:\program files\Apple Software Update
2008-11-03 17:47 . 2008-11-03 17:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-03 17:41 . 2008-04-14 06:42 129,536 --a------ c:\windows\system32\ksproxy.ax
2008-11-03 17:41 . 2008-04-14 01:15 52,864 --a------ c:\windows\system32\drivers\DMusic.sys
2008-11-03 17:41 . 2008-04-14 01:15 6,272 --a------ c:\windows\system32\drivers\splitter.sys
2008-11-03 17:41 . 2008-04-14 06:41 4,096 --a------ c:\windows\system32\ksuser.dll
2008-11-03 16:24 . 2008-11-04 14:36 <DIR> d-------- c:\program files\Internet Download Manager
2008-11-03 16:24 . 2008-11-03 17:56 <DIR> d-------- c:\documents and settings\AleXa89\Application Data\IDM
2008-11-03 16:24 . 2008-11-04 23:48 <DIR> d-------- c:\documents and settings\AleXa89\Application Data\DMCache
2008-11-03 15:05 . 2007-07-30 20:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-11-03 15:05 . 2007-07-30 20:18 34,136 --a------ c:\windows\system32\wucltui.dll.mui
2008-11-03 15:05 . 2007-07-30 20:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-03 15:05 . 2007-07-30 20:19 25,944 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-11-03 15:05 . 2007-07-30 20:19 25,944 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-03 15:05 . 2007-07-30 20:18 20,312 --a------ c:\windows\system32\wuaueng.dll.mui
2008-11-03 15:03 . 2008-11-03 15:03 0 --a------ c:\windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 00:07 --------- d-----w c:\program files\Common Files\Adobe
2008-11-03 18:12 --------- d-----w c:\program files\Unlocker
2008-11-03 13:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 13:54 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-03 13:54 --------- d-----w c:\program files\ATI Technologies
2008-11-03 13:53 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-03 13:46 107,132 ----a-w c:\windows\UninstallFirefox.exe
2008-11-03 13:46 --------- d-----w c:\program files\QuickTime Alternative
2008-11-03 13:46 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-03 13:37 --------- d-----w c:\program files\MSN Messenger
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-12 10:44 206,256 ----a-w c:\windows\system32\idmmbc.dll
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-10-28 2606512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-04 1235736]
"AGRSMMSG"="AGRSMMSG.exe" [2003-11-20 c:\windows\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-10-08 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

c:\documents and settings\AleXa89\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-11-04 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-04 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-04 90632]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-04 874776]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-04 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-04 1224984]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 592232]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 592232]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-04 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-04 29208]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-11-04 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-11-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

2008-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\AleXa89\Application Data\Mozilla\Firefox\Profiles\zp2jrd6r.default\
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-11-04 23:48:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-04 23:50:32
ComboFix-quarantined-files.txt 2008-11-04 22:50:18

Pre-Run: 17,795,653,632 bytes free
Post-Run: 17,790,984,192 bytes free

222





Trend Micro HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:26 AM, on 11/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\TuneUp Utilities 2008\Integrator.exe
C:\Program Files\PSPad editor\PSPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8-) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6522 bytes



Unapred hvala!


AleXa89



Poslao: 05 Nov 2008 18:54
Idi na vrh
offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

U postavljenim logovima nema znakova malware-a.

Ostaje ti da deinstaliraš ComboFix ->

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore



Poslao: 05 Nov 2008 23:55
Idi na vrh
offline
  • Graphic Designer
  • Pridružio: 09 Jan 2008
  • Poruke: 568
  • Gde živiš: Beograd

Hvala!!!
Ziveli

MyCity » Ambulanta -> Arhiva Ambulante » problem - resycled/boot.com

Ko je trenutno na forumu
 

Ukupno su 1975 korisnika na forumu :: 149 registrovanih, 9 sakrivenih i 1817 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 5623 - dana 13 Dec 2025 19:56

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 33 bren, 357magnum, aleksjevt, amaterSRB, Antiterorista, Apok, Aquarius73, as2025, Asteker, Avalon015, babaroga, Baltimor, Betta, bigbear, Black Luster Soldier, bokicacar, bolimejoli, Boris BM, bpop, chitach, Clouseau, Coabelgrade, Deki Duga Devetka, dendrit86, Despot Đurađ, Dexlex, DezurniOperativni, Dimitrise93, djordje92sm, djuradj, dmarx1, draganl, dunavdunav, Dzuki, eagle.rs, ElvisP, FileFinder, Fixi11, Fliper, Gogi_avio, Great White, h8propaganda, Halabit, HrcAk47, ibssa, iceburn, ikan, istokzapad, Ivan Campo, ivan_8282, Jan, janezek67, jnikola23, Jose, Još malo pa deda, kaisarevic1, Kanader, kenny74, kolle.the.kid, kondenzator, Kubovac, lakson001, lcc, Lep1na, Lester Freamon, Lucky 6, lukisa, madza, Manjane, Markan90, Marko Marković, Marko00, MaRtInsrbija1993, MaschinenPistole, max power, MB120mm, mean_machine, mercedesamg, Mercury, metallac777, Mi lao shu, miki kv, milaaaaan, mile.ilic75, miljannis, Milos ZA, milos.cbr, MiroslavD, miso2709, mist-mist, mix1, moldway, MrNo, N.e.m.a.nj.a., Natuzzi, Nele79, nenooo, Neutral-M, niksa517, Nobunaga, novator, ObelixSRB, oldtimer, Orc, pablojepao, Paklenica, Panter, Papadubi, Pekman, pirke96, pobeda, Pobednik06, Podljub, Pohovani_00, precan, procesor, promajauglavi, raketaš, Razdroid, Robin, rovac, ruma, sedan, Sevetar, Shinobi, Sky diver 29, Smiljkovich, Srki98, styg, takini, tanakadzo, tanzanija, tmanda323, ujke, V-98, vaci, Vatreni Zmaj, vidra boy, VJ, Vojkan Petrovic, volonte, VOŽD, Wrangler, xAlex2, YU-UKI, zmajbre, zoran77, zzapNDjuric99, |_MeD_|