MyCity » Ambulanta -> Arhiva Ambulante » Autorun + worm

Autorun + worm

Napisano na dan: 1.11.2008

Autorun + worm

Sledeća strana

Pagination

Odgovori

Draifusz Poslao: 01 Nov 2008 20:06 Idi na vrh
offline Draifusz Novi MyCity građanin Pridružio: 01 Nov 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! da krenem od toga sto ne mogu da upalim hidden files i system protected inace bih obrisao rucno kao i dosad Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:48:47 PM, on 11/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\mfck\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - P:\Program Files\SnagIt 7\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - P:\Program Files\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe O8 - Extra context menu item: Convert link target to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Copy to &Lightning Note - P:\Program Files\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]*\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - P:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8-) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe (file missing) O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing) -- End of file - 8945 bytes imam kasperski 2009 na svakoj particiji je autorun.inf a imam i Worm.Win32.AutoRun.rja takodje na svakoj particiji imam C, D, F, P i G particije kav 2009 izbacuje svakog momenta da ih neutralizuje

Profil

dr_Bora Poslao: 01 Nov 2008 20:16 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Privremeno isključi KAV kako ne bi ometao postupak... Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Ukoliko imaš neki USB flash drive koji bi mogao biti inficiran, priključi ga pre nastavka. Startuj ComboFix i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Draifusz Poslao: 01 Nov 2008 22:25 Idi na vrh
offline Draifusz Novi MyCity građanin Pridružio: 01 Nov 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-10-31.02 - mfck 2008-11-01 21:53:59.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.424 [GMT 1:00] Running from: D:\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\WINDOWS\system32\BReWErS.dll C:\WINDOWS\system32\ckvo.exe C:\WINDOWS\system32\ckvo0.dll C:\WINDOWS\system32\ckvo1.dll C:\WINDOWS\system32\MSINET.oca C:\xih9.cmd D:\Autorun.inf D:\xih9.cmd F:\Autorun.inf F:\xih9.cmd G:\Autorun.inf G:\xih9.cmd K:\autorun.inf K:\xih9.cmd P:\Autorun.inf P:\xih9.cmd . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Service_Iprip ((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 ))))))))))))))))))))))))))))))) . 2066-07-16 09:05 . 2008-11-01 14:40 3,120 --a------ C:\WINDOWS\MF_C432.lfa 2066-07-16 09:05 . 2008-11-01 14:40 3,120 --a------ C:\WINDOWS\MF_C426.lfa 2066-07-16 09:05 . 2008-11-01 14:40 3,120 --a------ C:\WINDOWS\MF_C421.lfa 2066-07-16 09:05 . 2008-11-01 14:40 3,120 --a------ C:\WINDOWS\MF_C420.lfa 2008-11-01 19:46 . 2008-11-01 19:46 <DIR> d-------- C:\Documents and Settings\mfck\.housecall6.6 2008-10-28 12:25 . 2008-10-28 12:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\2DBoy 2008-10-28 04:43 . 2008-10-28 00:45 14,153 --a------ C:\World.of.Goo-SKIDROW.torrent 2008-10-28 03:11 . 2008-10-28 00:50 20,305 --a------ C:\WorldOfGooSetup.exe.torrent 2008-10-26 21:26 . 2008-10-26 21:26 <DIR> d-------- C:\WINDOWS\Desktop 2008-10-18 13:13 . 2008-10-18 13:13 <DIR> d-------- C:\Program Files\Real 2008-10-18 13:13 . 2008-10-18 13:13 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-10-18 12:06 . 2008-10-18 12:06 609 ---hs---- C:\Documents and Settings\mfck\MediaTubeCodec_ver1.1502.0.exe 2008-10-17 15:28 . 2008-10-17 15:28 <DIR> d-------- C:\Program Files\Common Files\Real 2008-10-17 12:44 . 2008-10-17 13:11 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-10-17 12:44 . 2008-10-17 12:44 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-10-17 12:43 . 2008-10-17 12:43 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-10-17 12:43 . 2008-10-17 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-10-17 12:43 . 2008-11-01 21:58 3,372,576 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-10-17 12:43 . 2008-11-01 21:58 114,720 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-10-17 12:43 . 2008-11-01 21:58 30,572 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-10-17 12:43 . 2008-11-01 21:58 4,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-10-14 20:55 . 2008-10-14 20:55 <DIR> d--hs---- C:\FOUND.001 2008-10-14 11:56 . 2008-10-14 11:56 <DIR> d-------- C:\Program Files\Common Files\Windows Live 2008-10-06 08:47 . 2008-10-06 08:47 <DIR> d--hs---- C:\FOUND.000 2008-10-04 13:23 . 2008-10-04 13:23 <DIR> d-------- C:\Documents and Settings\mfck\Application Data\CANON INC 2008-10-04 13:23 . 2008-10-04 13:23 <DIR> d-------- C:\Documents and Settings\mfck\Application Data\CameraWindowDC 2008-10-04 13:02 . 2008-10-04 13:02 <DIR> d-------- C:\Documents and Settings\mfck\Application Data\ZoomBrowser EX 2008-10-04 12:32 . 2008-10-04 12:32 <DIR> d-------- C:\Program Files\Canon 2008-10-04 12:32 . 2008-10-04 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-10-04 12:28 . 2008-10-04 12:28 <DIR> d-------- C:\Program Files\Common Files\Canon 2008-10-01 08:58 . 2008-10-01 08:58 <DIR> d-------- C:\Program Files\GameSpy Arcade . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-30 07:07 7,520 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-09-29 17:40 --------- d-----w C:\Program Files\Destiny 2008-09-23 13:06 --------- d-----w C:\Program Files\PowerISO 2008-09-10 21:38 --------- d-----w C:\Program Files\Download Direct 2008-09-08 23:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll 2008-04-01 19:29 8 --sh--r C:\WINDOWS\system32\0BC4431270.sys 2008-07-06 11:39 56 --sh--r C:\WINDOWS\system32\701243C40B.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-18 185896] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088] "SMSERIAL"="sm56hlpr.exe" [2004-06-29 C:\WINDOWS\sm56hlpr.exe] "SoundMan"="SOUNDMAN.EXE" [2002-06-18 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm "msacm.divxa32"= C:\PROGRA~1\K-LITE~1\codecs\divxa32.acm "msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm "msacm.lameacm"= C:\PROGRA~1\K-LITE~1\codecs\lameACM.acm "VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll "VIDC.DIV3"= C:\PROGRA~1\K-LITE~1\codecs\DivXc32.dll "VIDC.DIV4"= C:\PROGRA~1\K-LITE~1\codecs\DivXc32f.dll "VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL "VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll "VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll "VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll "VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll "VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll "VIDC.MPG4"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll "VIDC.MP42"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll "VIDC.MP43"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll "msacm.avis"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_acm.acm [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SkinClock"=E:\Program Files\Clock Tray Skins\ClockTraySkins.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=092007 serial=DR12cus-2178927-HVQ lang=EN "SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe "OODefragTray"=C:\WINDOWS\system32\oodtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\groove.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\ApexDC++\\ApexDC.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] S3 AVPsys;AVPsys;C:\WINDOWS\system32\drivers\cdaudio.sys [2001-08-17 18688] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [ ] S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] S3 Service_Desktop;Desktop;C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe [ ] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{075bece1-93b7-11dc-ba89-001404434aa6}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cae16ef-548a-11dc-b9f5-001346baf7b4}] \Shell\AutoRun\command - J:\FalloutTacticsLauncher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3607490-518d-11dd-b998-001404434aa6}] \Shell\AutoRun\command - J:\LaunchU3.exe . Contents of the 'Scheduled Tasks' folder 2008-10-31 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [] . - - - - ORPHANS REMOVED - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKCU-Run-DLD.EXE - C:\Program Files\Download Direct\DLD.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\mfck\Application Data\Mozilla\Firefox\Profiles\90fiywto.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - [Link mogu videti samo ulogovani korisnici] FireFox -: prefs.js - STARTUP.HOMEPAGE - [Link mogu videti samo ulogovani korisnici] FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-11-01 21:59:53 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\WINDOWS\ATKKBSERVICE.EXE C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE C:\WINDOWS\SYSTEM32\OODAG.EXE C:\WINDOWS\SYSTEM32\PSISERVICE.EXE C:\WINDOWS\SYSTEM32\TCPSVCS.EXE C:\PROGRAM FILES\CANON\CAL\CALMAIN.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SYSTEM32\IMAPI.EXE . ************************************************************************ . Completion time: 2008-11-01 22:01:54 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-01 21:01:46 Pre-Run: 369,041,408 bytes free Post-Run: 360,800,256 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptOut 224 Dopuna: 01 Nov 2008 22:25 Problem je resen, HVALA MNOGO !!!

Profil

dr_Bora Poslao: 01 Nov 2008 22:45 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nismo gotovi... Uploaduj sledeće file-ove: C:\WINDOWS\system32\drivers\cdaudio.sys C:\WINDOWS\MF_C432.lfa C:\WINDOWS\system32\drivers\klif.sys Upload link: [Link mogu videti samo ulogovani korisnici]

Profil

Draifusz Poslao: 01 Nov 2008 23:38 Idi na vrh
offline Draifusz Novi MyCity građanin Pridružio: 01 Nov 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! UPLOADOVAO

Profil

dr_Bora Poslao: 02 Nov 2008 10:57 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Skini ovaj file na Desktop: [Link mogu videti samo ulogovani korisnici] Dvoklikni na njega a zatim klikni Yes. ------------------------------------------------------------------------------------- Još jedna provera... Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Profil

Draifusz Poslao: 02 Nov 2008 11:25 Idi na vrh
offline Draifusz Novi MyCity građanin Pridružio: 01 Nov 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

dr_Bora Poslao: 02 Nov 2008 11:47 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, ovo bi trebalo biti čisto. Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore To je sve.

Profil

Draifusz Poslao: 02 Nov 2008 12:00 Idi na vrh
offline Draifusz Novi MyCity građanin Pridružio: 01 Nov 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! hvala mnogo covo, ne znam kako da se zahvalim

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Autorun + worm

Ko je trenutno na forumu

Ukupno su 2588 korisnika na forumu :: 72 registrovanih, 5 sakrivenih i 2511 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 10x10.9, 33 bren, 357magnum, ArmyBoss, AS, Asparagus, Bane san, Bickoooo, Burovnyak, colji, Comyymoc, crazydkure, crnitrn, Dexlex, djuradj, Djuza, dolinalima, Dovla 1980, Dzoni70, Electron, ElGenius, Ercomero, Feller, Frunze, Georgius, Gitzherai, HogarStrashni, Jan, Joint Chief, JOntra, Kalem, Karaula, kaskadija, Kenanjoz, Klass, Koca Popovic, Kubovac, LostInSpaceandTime, matejman, Mickey91, Milometer, MiloradKomadic, Mitogna, Mrav Obrad, Nmr, Nomica, opt1, Paklenica, Pale2025, pein, peradetlić, Perudin_92, pfc74, PlayerOne, Polifon, RD84, Sale0501, Sass Drake, sekretar, Sirius, StankoVrankovic, Tribal, VanZan, vidra boy, voja64, vrag81, Vrač, Weah88, Zdilar, zexon, zmajbre, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by