Poslao: 05 Avg 2010 16:29
|
offline
- Pridružio: 19 Dec 2008
- Poruke: 89
|
Napisano: 05 Avg 2010 15:29
DDS (Ver_10-03-17.01) - NTFSx86
Run by USER at 15:25:42.87 on Thu 08/05/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.124 [GMT 2:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\USER\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.me/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-29 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-29 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-29 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-29 60936]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
=============== Created Last 30 ================
2010-08-05 11:58:28 0 d-----w- c:\windows\system32\NtmsData
2010-08-05 10:54:55 0 d-sha-r- C:\cmdcons
2010-08-05 10:50:47 98816 ----a-w- c:\windows\sed.exe
2010-08-05 10:50:47 77312 ----a-w- c:\windows\MBR.exe
2010-08-05 10:50:47 256512 ----a-w- c:\windows\PEV.exe
2010-08-05 10:50:47 161792 ----a-w- c:\windows\SWREG.exe
2010-08-05 10:48:46 389120 ----a-w- c:\windows\system32\CF26795.exe
2010-08-04 08:59:09 186 ----a-w- C:\Anida Idrizovic - Santa leda.mp3.lnk
2010-08-04 06:22:49 184 ----a-w- C:\Anica Milenkovic - 2007 - Gde Si.mp3.lnk
2010-08-03 09:21:32 186 ----a-w- C:\Sasha Zigic feat. Sasa Matic - 2007 - Ne Glumi Mala Andjela (Single).mp3.lnk
2010-08-03 07:28:56 184 ----a-w- C:\39026.833377 Bij_Polje ned 05 nov 2006 20_00.rm.lnk
2010-08-03 00:23:57 190 ----a-w- C:\PRVI SMO POCELI sa muzikom.mp3.lnk
2010-08-02 11:30:44 188 ----a-w- C:\Sejo Boy - 2007 - Da Si Mi Srece Donijela.mp3.lnk
2010-07-31 00:36:56 190 ----a-w- C:\Sanja Maletic - 2007 - Kako Da Ne.mp3.lnk
2010-07-30 23:26:32 190 ----a-w- C:\Ana-Ana - 2007 - Cimas Me.mp3.lnk
2010-07-30 09:07:07 186 ----a-w- C:\Copy of Shortcut.lnk
2010-07-30 05:42:48 184 ----a-w- C:\Jenna Elfman sex anal deepthroat.avi.lnk
2010-07-30 00:18:41 188 ----a-w- C:\kleopatra.avi.lnk
2010-07-29 16:02:01 188 ----a-w- C:\Anna.jpg.lnk
2010-07-29 09:09:55 186 ----a-w- C:\New Folder.lnk
2010-07-29 06:20:20 184 ----a-w- C:\(film-za-odrasle)-o Screensaver.lnk
2010-07-28 10:53:16 0 d-----w- c:\docume~1\user\applic~1\Avira
2010-07-28 07:49:44 186 ----a-w- C:\Kelley.lnk
2010-07-28 06:09:55 184 ----a-w- C:\_Kate Beckinsale nude pictures.lnk
==================== Find3M ====================
============= FINISH: 15:26:42.50 ===============
mycity.rs/must-login.png
Dopuna: 05 Avg 2010 16:29
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
|
|
|
|
|
Poslao: 06 Avg 2010 09:00
|
offline
- Pridružio: 19 Dec 2008
- Poruke: 89
|
Napisano: 06 Avg 2010 8:58
Dopuna: 06 Avg 2010 9:00
tek je sad zavrsila avira
|
|
|
|
Poslao: 06 Avg 2010 10:52
|
offline
- 1l padr1n0
- Anti Malware Fighter
Rank 2
- Pridružio: 02 Feb 2008
- Poruke: 14018
- Gde živiš: Nish
|
Pokretao si Combo Fix?!
Postavi mi log u sledecoj poruci (C:\ComboFix.txt).
|
|
|
|
Poslao: 06 Avg 2010 11:14
|
offline
- Pridružio: 19 Dec 2008
- Poruke: 89
|
Napisano: 06 Avg 2010 11:10
odgovrio je drug umesto mene na njegov komp posto na moj nece da otvori operu .
Dopuna: 06 Avg 2010 11:14
nece da izbaci log
|
|
|
|
|
Poslao: 06 Avg 2010 14:32
|
offline
- Pridružio: 19 Dec 2008
- Poruke: 89
|
Napisano: 06 Avg 2010 12:25
ComboFix 10-08-05.02 - USER 08/06/2010 11:43:39.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.14 [GMT 2:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\All Users\Templates\Desktop.ini.lnk
c:\documents and settings\All Users\Templates\Plylst13.wpl.lnk
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\adagio.exe.lnk
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\Plylst9.wpl.lnk
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\DeIsL1.isu.lnk
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\Gary Moore & Joe Satriani - Flying In A Blue Dream.mp3.lnk
c:\documents and settings\USER\Local Settings\Temporary Internet Files\DZINGLOVI.lnk
c:\documents and settings\USER\Local Settings\Temporary Internet Files\SAMO VI RBP ana.mp3.lnk
c:\documents and settings\USER\Templates\Music tracks I have not rated.wpl.lnk
c:\documents and settings\USER\Templates\ReadMe.txt.lnk
c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Nero\Nero 7\Nero BackItUp\NBService.exe
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\38974.458378 Bij_Polje èet 14 sep 2006 11_00.rm.lnk
c:\windows\system32\drivers\kmgnl.sys
D:\autorun.inf
E:\Autorun.inf
.
---- Previous Run -------
.
C:\autorun.inf
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AMSINT32
-------\Service_amsint32
-------\Legacy_gupdate
-------\Service_gupdate
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.
2010-08-06 10:06 . 2010-08-06 10:06 103140 --sh--r- C:\pddg.exe
2010-08-06 09:04 . 2010-08-06 09:04 103140 --sh--r- C:\ylqmoh.exe
2010-08-06 09:04 . 2010-08-06 09:04 103140 --sh--r- C:\bukrg.pif
2010-08-06 08:58 . 2010-08-06 08:57 471040 ----a-w- c:\windows\system32\CF10504.exe
2010-08-05 14:33 . 2010-08-06 07:55 -------- d-----w- c:\documents and settings\USER\Application Data\TeamViewer
2010-08-05 13:27 . 2010-08-05 13:27 103140 --sh--r- C:\xfgafv.pif
2010-08-05 11:58 . 2010-08-05 14:30 -------- d-----w- c:\windows\system32\NtmsData
2010-07-28 10:53 . 2010-08-06 07:52 -------- d-----w- c:\documents and settings\USER\Application Data\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 08:20 . 2008-03-17 12:57 -------- d-----w- c:\program files\JetAudio
2010-08-06 07:58 . 2010-08-06 07:58 202 ----a-w- c:\program files\AGENCIJSKI dzingl.lnk
2010-08-06 07:55 . 2008-02-27 11:10 -------- d-----w- c:\documents and settings\USER\Application Data\Winamp
2010-08-06 07:54 . 2008-02-27 14:08 -------- d-----w- c:\documents and settings\USER\Application Data\Smart Recorder
2010-08-06 07:54 . 2008-02-27 11:23 -------- d-----w- c:\documents and settings\USER\Application Data\Sony
2010-08-06 07:54 . 2008-02-27 11:24 -------- d-----w- c:\documents and settings\USER\Application Data\Publish Providers
2010-08-06 07:54 . 2008-04-01 12:07 -------- d-----w- c:\documents and settings\USER\Application Data\NCH Swift Sound
2010-08-06 07:52 . 2008-05-06 08:40 -------- d-----w- c:\documents and settings\USER\Application Data\LimeWire
2010-08-06 07:52 . 2008-02-27 09:52 -------- d-----w- c:\documents and settings\USER\Application Data\Creative
2010-08-06 07:52 . 2008-03-17 12:58 -------- d-----w- c:\documents and settings\USER\Application Data\COWON
2010-08-06 07:52 . 2008-11-11 18:45 -------- d-----w- c:\documents and settings\USER\Application Data\AdobeUM
2010-08-06 07:52 . 2008-02-27 10:39 -------- d-----w- c:\documents and settings\USER\Application Data\Ahead
2010-08-06 07:50 . 2008-04-01 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-08-06 07:50 . 2009-10-29 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-06 07:50 . 2009-10-19 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2010-08-05 14:29 . 2010-08-05 14:29 202 ----a-w- c:\windows\system32\drivers\Fresh tracks -- yet to be played.wpl.lnk
2010-08-05 14:24 . 2010-08-05 14:24 202 ----a-w- c:\windows\Fonts\Sam Brown - You'd Better Stop.mp3.lnk
2010-08-05 14:16 . 2008-03-31 12:14 -------- d-----w- c:\program files\Winamp3
2010-08-05 14:15 . 2008-02-27 11:24 -------- d-----w- c:\program files\VSTplugins
2010-08-05 14:15 . 2008-02-27 11:10 -------- d-----w- c:\program files\Winamp
2010-08-05 14:15 . 2008-05-06 08:39 -------- d-----w- c:\program files\Sun
2010-08-05 14:14 . 2008-02-27 11:15 -------- d-----w- c:\program files\Sony Setup
2010-08-05 14:14 . 2008-02-27 11:23 -------- d-----w- c:\program files\Sony
2010-08-05 14:14 . 2008-05-15 12:38 -------- d-----w- c:\program files\Sonic Foundry
2010-08-05 14:14 . 2008-04-01 08:59 -------- d-----w- c:\program files\Share2
2010-08-05 14:14 . 2008-06-26 08:26 -------- d-----w- c:\program files\PremierOpinion
2010-08-05 14:13 . 2009-10-29 10:43 -------- d-----w- c:\program files\Opera
2010-08-05 14:11 . 2008-02-27 10:38 -------- d-----w- c:\program files\Nero
2010-08-05 14:11 . 2008-04-01 12:07 -------- d-----w- c:\program files\NCH Swift Sound
2010-08-05 14:11 . 2008-02-27 10:29 -------- d-----w- c:\program files\Mv2Player
2010-08-05 14:11 . 2008-02-27 10:04 -------- d-----w- c:\program files\Microsoft.NET
2010-08-05 14:11 . 2008-02-27 10:03 -------- d-----w- c:\program files\Microsoft Works
2010-08-05 14:09 . 2008-02-27 09:09 -------- d-----w- c:\program files\microsoft frontpage
2010-08-05 14:09 . 2008-02-27 10:03 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-05 14:09 . 2008-04-01 12:27 -------- d-----w- c:\program files\MeowMultiSound100
2010-08-05 14:09 . 2008-05-06 08:35 -------- d-----w- c:\program files\LimeWire
2010-08-05 14:09 . 2008-02-27 10:27 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-05 14:08 . 2008-05-06 08:39 -------- d-----w- c:\program files\Java
2010-08-05 14:08 . 2008-02-27 09:19 -------- d-----w- c:\program files\Intel
2010-08-05 14:07 . 2008-02-27 09:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 14:07 . 2008-04-07 11:05 -------- d-----w- c:\program files\Google
2010-08-05 14:07 . 2008-04-01 09:10 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-08-05 14:07 . 2008-04-01 09:20 -------- d-----w- c:\program files\Crystal Software
2010-08-05 14:07 . 2008-02-27 09:46 -------- d--h--w- c:\program files\Creative Installation Information
2010-08-05 14:05 . 2008-02-27 09:32 -------- d-----w- c:\program files\Creative
2010-08-05 14:05 . 2008-11-13 12:27 -------- d-----w- c:\program files\Common Files\Nullsoft
2010-08-05 14:05 . 2008-11-13 12:37 -------- d-----w- c:\program files\Common Files\NSV
2010-08-05 14:03 . 2008-02-27 10:04 -------- d-----w- c:\program files\Common Files\L&H
2010-08-05 14:03 . 2008-05-06 08:37 -------- d-----w- c:\program files\Common Files\Java
2010-08-05 14:02 . 2008-02-27 09:19 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-05 14:02 . 2008-03-17 12:57 -------- d-----w- c:\program files\Common Files\COWON
2010-08-05 14:02 . 2008-02-27 09:46 -------- d-----w- c:\program files\Common Files\Creative
2010-08-05 14:02 . 2008-02-27 10:38 -------- d-----w- c:\program files\Common Files\Ahead
2010-08-05 14:01 . 2008-02-27 10:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-05 14:01 . 2010-08-05 14:01 202 ----a-w- c:\program files\Common Files\Sample Playlists.lnk
2010-08-05 14:01 . 2008-02-27 09:27 -------- d-----w- c:\program files\C-Media
2010-08-05 14:01 . 2009-10-29 13:14 -------- d-----w- c:\program files\Avira
2010-08-05 14:01 . 2009-10-19 10:47 -------- d-----w- c:\program files\AVG
2010-08-05 14:01 . 2008-04-01 09:07 -------- d-----w- c:\program files\audio-mp3-converter
2010-08-05 14:01 . 2008-04-01 09:02 -------- d-----w- c:\program files\Audio MP3 Maker
2010-08-05 13:59 . 2010-08-05 13:59 202 ----a-w- c:\program files\VAS VOLJENI RBP dado.mp3.lnk
.
((((((((((((((((((((((((((((( SnapShot@2010-08-05_11.38.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-21 00:52 . 2007-11-21 00:52 292224 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-02-27 09:57 . 2003-09-23 09:06 170283 c:\windows\AGRSMMSG.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-16 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-09-23 170283]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1777152 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-03 11:38 64512 ----a-r- c:\windows\system32\P17.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 02:25 222608 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-16 13:24 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2002-07-23 16:58 90112 ----a-w- c:\program files\Winamp3\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\USER\\Desktop\\TeamViewer_Setup.exe"=
"g:\\ComboFix.exe"=
"c:\\WINDOWS\\AGRSMMSG.exe"=
"c:\\DOCUME~1\\USER\\LOCALS~1\\Temp\\winftwy.exe"=
"c:\\DOCUME~1\\USER\\LOCALS~1\\Temp\\benges.exe"=
"c:\\DOCUME~1\\USER\\LOCALS~1\\Temp\\wabc98.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/29/2009 3:14 PM 135336]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - AMSINT32
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.me/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-CTSysVol - c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-08-06 12:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3128-)
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\AGRSMMSG.exe
c:\docume~1\USER\LOCALS~1\Temp\winftwy.exe
c:\docume~1\USER\LOCALS~1\Temp\benges.exe
c:\docume~1\USER\LOCALS~1\Temp\wabc98.exe
.
**************************************************************************
.
Completion time: 2010-08-06 12:22:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-06 10:21
ComboFix2.txt 2010-08-05 11:41
ComboFix3.txt 2010-08-05 11:24
Pre-Run: 23,419,707,392 bytes free
Post-Run: 23,246,053,376 bytes free
- - End Of File - - AB05D74D21E0E95FEE499E24CAE92072
Dopuna: 06 Avg 2010 14:32
imal mu spasa ?
|
|
|
|
Poslao: 06 Avg 2010 22:18
|
offline
- 1l padr1n0
- Anti Malware Fighter
Rank 2
- Pridružio: 02 Feb 2008
- Poruke: 14018
- Gde živiš: Nish
|
Ovo ne izgleda dobro.
Ovde je aktivna jedna varijanta Sality-ja; u pitanju je virus (file infektor).
Dezinfekcija je prakticno tesko izvodljiva;ne ocekuj previse, ali pokusacemo.
Detaljno isprati uputstvo
Preuzmi Dr.Web CureIt (~46 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)
Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start
Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK
Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju
Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK
U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje
Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju
Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:
Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu
Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.
goran9888 (AMF Tim)
|
|
|
|
|
Poslao: 08 Avg 2010 09:22
|
offline
- 1l padr1n0
- Anti Malware Fighter
Rank 2
- Pridružio: 02 Feb 2008
- Poruke: 14018
- Gde živiš: Nish
|
Postoje tri mogućnosti:
1. formatiranje diska i instalacija Windows-a.
Ako ti je hard disk podeljen na više particija, sve što ti je bitno možeš skloniti na jednu od njih, formatirati C: disk i instalirati Windows.
Odmah nakon toga izvršiti skeniranje svih preostalih particija.
Nakon instalacije Windows-a ne smes ulaziti u druge particije dok ne budu scan-irane.
2. mogao bi pokušati izvršiti dezinfekciju korišćenjem LiveCD-a neke AV kompanije. To uključuje download image-a, snimanje na CD, boot sa tog CD-a i skeniranje.
3. mogao bi prebaciti svoj HDD u drugi kompjuter i tamo ga skenirati.
Jasno mi je da ti ovo ne zvuči baš dobro, no... Dezinfekcija aktivnog Sality-ja je stvarno nemoguća misija.
Javi na šta si se odlučio pa da te uputim na odgovarajuće programe.
goran9888 (AMF Tim)
|
|
|
|