Avira nalazi na 1000virusa a nista ne brise.

1

Avira nalazi na 1000virusa a nista ne brise.

offline
  • Pridružio: 19 Dec 2008
  • Poruke: 89

Napisano: 05 Avg 2010 15:29

DDS (Ver_10-03-17.01) - NTFSx86
Run by USER at 15:25:42.87 on Thu 08/05/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.124 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\USER\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.me/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-29 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-29 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-29 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-29 60936]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]

=============== Created Last 30 ================

2010-08-05 11:58:28 0 d-----w- c:\windows\system32\NtmsData
2010-08-05 10:54:55 0 d-sha-r- C:\cmdcons
2010-08-05 10:50:47 98816 ----a-w- c:\windows\sed.exe
2010-08-05 10:50:47 77312 ----a-w- c:\windows\MBR.exe
2010-08-05 10:50:47 256512 ----a-w- c:\windows\PEV.exe
2010-08-05 10:50:47 161792 ----a-w- c:\windows\SWREG.exe
2010-08-05 10:48:46 389120 ----a-w- c:\windows\system32\CF26795.exe
2010-08-04 08:59:09 186 ----a-w- C:\Anida Idrizovic - Santa leda.mp3.lnk
2010-08-04 06:22:49 184 ----a-w- C:\Anica Milenkovic - 2007 - Gde Si.mp3.lnk
2010-08-03 09:21:32 186 ----a-w- C:\Sasha Zigic feat. Sasa Matic - 2007 - Ne Glumi Mala Andjela (Single).mp3.lnk
2010-08-03 07:28:56 184 ----a-w- C:\39026.833377 Bij_Polje ned 05 nov 2006 20_00.rm.lnk
2010-08-03 00:23:57 190 ----a-w- C:\PRVI SMO POCELI sa muzikom.mp3.lnk
2010-08-02 11:30:44 188 ----a-w- C:\Sejo Boy - 2007 - Da Si Mi Srece Donijela.mp3.lnk
2010-07-31 00:36:56 190 ----a-w- C:\Sanja Maletic - 2007 - Kako Da Ne.mp3.lnk
2010-07-30 23:26:32 190 ----a-w- C:\Ana-Ana - 2007 - Cimas Me.mp3.lnk
2010-07-30 09:07:07 186 ----a-w- C:\Copy of Shortcut.lnk
2010-07-30 05:42:48 184 ----a-w- C:\Jenna Elfman sex anal deepthroat.avi.lnk
2010-07-30 00:18:41 188 ----a-w- C:\kleopatra.avi.lnk
2010-07-29 16:02:01 188 ----a-w- C:\Anna.jpg.lnk
2010-07-29 09:09:55 186 ----a-w- C:\New Folder.lnk
2010-07-29 06:20:20 184 ----a-w- C:\(film-za-odrasle)-o Screensaver.lnk
2010-07-28 10:53:16 0 d-----w- c:\docume~1\user\applic~1\Avira
2010-07-28 07:49:44 186 ----a-w- C:\Kelley.lnk
2010-07-28 06:09:55 184 ----a-w- C:\_Kate Beckinsale nude pictures.lnk

==================== Find3M ====================


============= FINISH: 15:26:42.50 ===============

mycity.rs/must-login.png

Dopuna: 05 Avg 2010 16:29

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav i dobro dosao u Ambulantu MyCity foruma.




Okaci SS prozora gde se tacno moze videti sta to Avira nalazi.
- Za pravljenje SS-a (screenshoot-a) iskoristi ovaj tutorijal:
http://www.mycity.rs/Pitanja-i-predlozi/Pravljenje-screenshota.html






goran9888 (AMF Tim)

offline
  • Pridružio: 19 Dec 2008
  • Poruke: 89

Napisano: 06 Avg 2010 8:58



Dopuna: 06 Avg 2010 9:00

tek je sad zavrsila avira Sad

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pokretao si Combo Fix?!
Postavi mi log u sledecoj poruci (C:\ComboFix.txt).

offline
  • Pridružio: 19 Dec 2008
  • Poruke: 89

Napisano: 06 Avg 2010 11:10

odgovrio je drug umesto mene na njegov komp posto na moj nece da otvori operu .

Dopuna: 06 Avg 2010 11:14

nece da izbaci log

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

-Moras biti detaljan u svojim post-ovima, jer ja niti sam vidovit niti pokusavam to da budem.
-Vidi da u sledecim post-ovima iskljucivo TI odgovaras u temi.





Arrow Ukoliko imas problema sa kopiranjem log-a na forum, iskoristi opciju Prikaci Fajl i okaci .txt file koji se nalazi u root-u C particije.

offline
  • Pridružio: 19 Dec 2008
  • Poruke: 89

Napisano: 06 Avg 2010 12:25

ComboFix 10-08-05.02 - USER 08/06/2010 11:43:39.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.14 [GMT 2:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Templates\Desktop.ini.lnk
c:\documents and settings\All Users\Templates\Plylst13.wpl.lnk
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\adagio.exe.lnk
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\Plylst9.wpl.lnk
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\DeIsL1.isu.lnk
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Gary Moore & Joe Satriani - Flying In A Blue Dream.mp3.lnk
c:\documents and settings\USER\Local Settings\Temporary Internet Files\DZINGLOVI.lnk
c:\documents and settings\USER\Local Settings\Temporary Internet Files\SAMO VI RBP ana.mp3.lnk
c:\documents and settings\USER\Templates\Music tracks I have not rated.wpl.lnk
c:\documents and settings\USER\Templates\ReadMe.txt.lnk
c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Nero\Nero 7\Nero BackItUp\NBService.exe
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\38974.458378 Bij_Polje èet 14 sep 2006 11_00.rm.lnk
c:\windows\system32\drivers\kmgnl.sys
D:\autorun.inf
E:\Autorun.inf
.
---- Previous Run -------
.
C:\autorun.inf
D:\Autorun.inf
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AMSINT32
-------\Service_amsint32
-------\Legacy_gupdate
-------\Service_gupdate


((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-06 10:06 . 2010-08-06 10:06 103140 --sh--r- C:\pddg.exe
2010-08-06 09:04 . 2010-08-06 09:04 103140 --sh--r- C:\ylqmoh.exe
2010-08-06 09:04 . 2010-08-06 09:04 103140 --sh--r- C:\bukrg.pif
2010-08-06 08:58 . 2010-08-06 08:57 471040 ----a-w- c:\windows\system32\CF10504.exe
2010-08-05 14:33 . 2010-08-06 07:55 -------- d-----w- c:\documents and settings\USER\Application Data\TeamViewer
2010-08-05 13:27 . 2010-08-05 13:27 103140 --sh--r- C:\xfgafv.pif
2010-08-05 11:58 . 2010-08-05 14:30 -------- d-----w- c:\windows\system32\NtmsData
2010-07-28 10:53 . 2010-08-06 07:52 -------- d-----w- c:\documents and settings\USER\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 08:20 . 2008-03-17 12:57 -------- d-----w- c:\program files\JetAudio
2010-08-06 07:58 . 2010-08-06 07:58 202 ----a-w- c:\program files\AGENCIJSKI dzingl.lnk
2010-08-06 07:55 . 2008-02-27 11:10 -------- d-----w- c:\documents and settings\USER\Application Data\Winamp
2010-08-06 07:54 . 2008-02-27 14:08 -------- d-----w- c:\documents and settings\USER\Application Data\Smart Recorder
2010-08-06 07:54 . 2008-02-27 11:23 -------- d-----w- c:\documents and settings\USER\Application Data\Sony
2010-08-06 07:54 . 2008-02-27 11:24 -------- d-----w- c:\documents and settings\USER\Application Data\Publish Providers
2010-08-06 07:54 . 2008-04-01 12:07 -------- d-----w- c:\documents and settings\USER\Application Data\NCH Swift Sound
2010-08-06 07:52 . 2008-05-06 08:40 -------- d-----w- c:\documents and settings\USER\Application Data\LimeWire
2010-08-06 07:52 . 2008-02-27 09:52 -------- d-----w- c:\documents and settings\USER\Application Data\Creative
2010-08-06 07:52 . 2008-03-17 12:58 -------- d-----w- c:\documents and settings\USER\Application Data\COWON
2010-08-06 07:52 . 2008-11-11 18:45 -------- d-----w- c:\documents and settings\USER\Application Data\AdobeUM
2010-08-06 07:52 . 2008-02-27 10:39 -------- d-----w- c:\documents and settings\USER\Application Data\Ahead
2010-08-06 07:50 . 2008-04-01 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-08-06 07:50 . 2009-10-29 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-06 07:50 . 2009-10-19 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2010-08-05 14:29 . 2010-08-05 14:29 202 ----a-w- c:\windows\system32\drivers\Fresh tracks -- yet to be played.wpl.lnk
2010-08-05 14:24 . 2010-08-05 14:24 202 ----a-w- c:\windows\Fonts\Sam Brown - You'd Better Stop.mp3.lnk
2010-08-05 14:16 . 2008-03-31 12:14 -------- d-----w- c:\program files\Winamp3
2010-08-05 14:15 . 2008-02-27 11:24 -------- d-----w- c:\program files\VSTplugins
2010-08-05 14:15 . 2008-02-27 11:10 -------- d-----w- c:\program files\Winamp
2010-08-05 14:15 . 2008-05-06 08:39 -------- d-----w- c:\program files\Sun
2010-08-05 14:14 . 2008-02-27 11:15 -------- d-----w- c:\program files\Sony Setup
2010-08-05 14:14 . 2008-02-27 11:23 -------- d-----w- c:\program files\Sony
2010-08-05 14:14 . 2008-05-15 12:38 -------- d-----w- c:\program files\Sonic Foundry
2010-08-05 14:14 . 2008-04-01 08:59 -------- d-----w- c:\program files\Share2
2010-08-05 14:14 . 2008-06-26 08:26 -------- d-----w- c:\program files\PremierOpinion
2010-08-05 14:13 . 2009-10-29 10:43 -------- d-----w- c:\program files\Opera
2010-08-05 14:11 . 2008-02-27 10:38 -------- d-----w- c:\program files\Nero
2010-08-05 14:11 . 2008-04-01 12:07 -------- d-----w- c:\program files\NCH Swift Sound
2010-08-05 14:11 . 2008-02-27 10:29 -------- d-----w- c:\program files\Mv2Player
2010-08-05 14:11 . 2008-02-27 10:04 -------- d-----w- c:\program files\Microsoft.NET
2010-08-05 14:11 . 2008-02-27 10:03 -------- d-----w- c:\program files\Microsoft Works
2010-08-05 14:09 . 2008-02-27 09:09 -------- d-----w- c:\program files\microsoft frontpage
2010-08-05 14:09 . 2008-02-27 10:03 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-05 14:09 . 2008-04-01 12:27 -------- d-----w- c:\program files\MeowMultiSound100
2010-08-05 14:09 . 2008-05-06 08:35 -------- d-----w- c:\program files\LimeWire
2010-08-05 14:09 . 2008-02-27 10:27 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-05 14:08 . 2008-05-06 08:39 -------- d-----w- c:\program files\Java
2010-08-05 14:08 . 2008-02-27 09:19 -------- d-----w- c:\program files\Intel
2010-08-05 14:07 . 2008-02-27 09:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 14:07 . 2008-04-07 11:05 -------- d-----w- c:\program files\Google
2010-08-05 14:07 . 2008-04-01 09:10 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-08-05 14:07 . 2008-04-01 09:20 -------- d-----w- c:\program files\Crystal Software
2010-08-05 14:07 . 2008-02-27 09:46 -------- d--h--w- c:\program files\Creative Installation Information
2010-08-05 14:05 . 2008-02-27 09:32 -------- d-----w- c:\program files\Creative
2010-08-05 14:05 . 2008-11-13 12:27 -------- d-----w- c:\program files\Common Files\Nullsoft
2010-08-05 14:05 . 2008-11-13 12:37 -------- d-----w- c:\program files\Common Files\NSV
2010-08-05 14:03 . 2008-02-27 10:04 -------- d-----w- c:\program files\Common Files\L&H
2010-08-05 14:03 . 2008-05-06 08:37 -------- d-----w- c:\program files\Common Files\Java
2010-08-05 14:02 . 2008-02-27 09:19 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-05 14:02 . 2008-03-17 12:57 -------- d-----w- c:\program files\Common Files\COWON
2010-08-05 14:02 . 2008-02-27 09:46 -------- d-----w- c:\program files\Common Files\Creative
2010-08-05 14:02 . 2008-02-27 10:38 -------- d-----w- c:\program files\Common Files\Ahead
2010-08-05 14:01 . 2008-02-27 10:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-05 14:01 . 2010-08-05 14:01 202 ----a-w- c:\program files\Common Files\Sample Playlists.lnk
2010-08-05 14:01 . 2008-02-27 09:27 -------- d-----w- c:\program files\C-Media
2010-08-05 14:01 . 2009-10-29 13:14 -------- d-----w- c:\program files\Avira
2010-08-05 14:01 . 2009-10-19 10:47 -------- d-----w- c:\program files\AVG
2010-08-05 14:01 . 2008-04-01 09:07 -------- d-----w- c:\program files\audio-mp3-converter
2010-08-05 14:01 . 2008-04-01 09:02 -------- d-----w- c:\program files\Audio MP3 Maker
2010-08-05 13:59 . 2010-08-05 13:59 202 ----a-w- c:\program files\VAS VOLJENI RBP dado.mp3.lnk
.

((((((((((((((((((((((((((((( SnapShot@2010-08-05_11.38.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-21 00:52 . 2007-11-21 00:52 292224 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-02-27 09:57 . 2003-09-23 09:06 170283 c:\windows\AGRSMMSG.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-16 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-09-23 170283]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1777152 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-03 11:38 64512 ----a-r- c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 02:25 222608 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-16 13:24 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2002-07-23 16:58 90112 ----a-w- c:\program files\Winamp3\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\USER\\Desktop\\TeamViewer_Setup.exe"=
"g:\\ComboFix.exe"=
"c:\\WINDOWS\\AGRSMMSG.exe"=
"c:\\DOCUME~1\\USER\\LOCALS~1\\Temp\\winftwy.exe"=
"c:\\DOCUME~1\\USER\\LOCALS~1\\Temp\\benges.exe"=
"c:\\DOCUME~1\\USER\\LOCALS~1\\Temp\\wabc98.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/29/2009 3:14 PM 135336]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AMSINT32
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.me/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CTSysVol - c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-08-06 12:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3128-)
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\AGRSMMSG.exe
c:\docume~1\USER\LOCALS~1\Temp\winftwy.exe
c:\docume~1\USER\LOCALS~1\Temp\benges.exe
c:\docume~1\USER\LOCALS~1\Temp\wabc98.exe
.
**************************************************************************
.
Completion time: 2010-08-06 12:22:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-06 10:21
ComboFix2.txt 2010-08-05 11:41
ComboFix3.txt 2010-08-05 11:24

Pre-Run: 23,419,707,392 bytes free
Post-Run: 23,246,053,376 bytes free

- - End Of File - - AB05D74D21E0E95FEE499E24CAE92072

Dopuna: 06 Avg 2010 14:32

imal mu spasa ?

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Ovo ne izgleda dobro.
Ovde je aktivna jedna varijanta Sality-ja; u pitanju je virus (file infektor).


Dezinfekcija je prakticno tesko izvodljiva;ne ocekuj previse, ali pokusacemo.
Detaljno isprati uputstvo





Preuzmi Dr.Web CureIt (~46 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)

Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu


Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.






goran9888 (AMF Tim)

offline
  • Pridružio: 19 Dec 2008
  • Poruke: 89

ne mogu da udjem u Safe Mod ?

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Postoje tri mogućnosti:

1. formatiranje diska i instalacija Windows-a.
Ako ti je hard disk podeljen na više particija, sve što ti je bitno možeš skloniti na jednu od njih, formatirati C: disk i instalirati Windows.
Odmah nakon toga izvršiti skeniranje svih preostalih particija.
Nakon instalacije Windows-a ne smes ulaziti u druge particije dok ne budu scan-irane.

2. mogao bi pokušati izvršiti dezinfekciju korišćenjem LiveCD-a neke AV kompanije. To uključuje download image-a, snimanje na CD, boot sa tog CD-a i skeniranje.

3. mogao bi prebaciti svoj HDD u drugi kompjuter i tamo ga skenirati.




Jasno mi je da ti ovo ne zvuči baš dobro, no... Dezinfekcija aktivnog Sality-ja je stvarno nemoguća misija.

Javi na šta si se odlučio pa da te uputim na odgovarajuće programe.




goran9888 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 1309 korisnika na forumu :: 34 registrovanih, 3 sakrivenih i 1272 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, aleksmajstor, babaroga, BlekMen, Botovac, Brana01, cemix, darionis, darios, draganca, Georgius, Griffon vulture, havoc995, ILGromovnik, kikisp, Krvava Devetka, kybonacci, ljuba, Mcdado, Mercury, Mihajlo, milenko crazy north, nebkv, nemkea71, Ripanjac, RJ, ruma, Seeker, solic, srbijaiznadsvega, W123, YU-UKI, zillbg, Čivi