MyCity » Ambulanta -> Arhiva Ambulante » Blokira mi racunar !!!

Blokira mi racunar !!!

Napisano na dan: 22.9.2009
1

Blokira mi racunar !!!
Sledeća strana Pagination

Idi na vrh

Poslao: 22 Sep 2009 02:24
Idi na vrh
offline
  • Pridružio: 22 Sep 2009
  • Poruke: 12

DDS (Ver_09-07-30.01) - NTFSx86
Run by Frose at 1:57:56.25 on Tue 09/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.764 [GMT 2:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AutorunRemover\AutorunRemover.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Frose\Desktop\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AutorunRemover.exe] c:\program files\autorunremover\AutorunRemover.exe -Hide
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
TCP: {72324D6D-F090-4C72-8948-35AC29E1652D} = 62.162.32.6 62.162.32.5
TCP: {BAC78D70-F11D-4D2A-98CC-381F15880214} = 62.162.32.5,62.162.32.6
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\frose\applic~1\mozilla\firefox\profiles\akogi327.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=15161&l=dis
FF - prefs.js: keyword.URL -

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-9-16 179856]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-9-19 603904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-9-16 15504]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050412.023\naveng.sys [2009-9-21 73728]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050412.023\navex15.sys [2009-9-21 631040]
S?4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-16 38496]
S2 gstdygz;Boot Monitor;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]

=============== Created Last 30 ================

2009-09-21 16:42 123,200 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-21 16:42 91,856 a------- c:\windows\system32\S32EVNT1.DLL
2009-09-21 16:17 <DIR> --d----- c:\program files\Trend Micro
2009-09-20 17:30 25 a------- c:\windows\cdplayer.ini
2009-09-20 17:26 <DIR> --d----- c:\program files\common files\xing shared
2009-09-20 17:24 <DIR> --d----- c:\program files\common files\Real
2009-09-20 17:17 476,696 a------- C:\RealPlayer11GOLD.exe
2009-09-19 23:21 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-09-19 23:21 27,904 a------- c:\windows\system32\uxtuneup.dll
2009-09-19 23:21 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-09-19 23:21 <DIR> --d----- c:\docume~1\frose\applic~1\TuneUp Software
2009-09-19 23:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-09-19 23:20 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-09-19 13:03 1,240 a------- c:\windows\system32\nyovgbmmlh.pdf
2009-09-18 18:32 <DIR> --d----- c:\program files\uTorrent
2009-09-18 18:32 <DIR> --d----- c:\docume~1\frose\applic~1\uTorrent
2009-09-18 00:43 0 a------- c:\windows\system32\a
2009-09-16 18:34 42,496 a------- c:\windows\system32\drivers\fetnd5bv.sys
2009-09-16 18:34 61,440 a------- c:\windows\system32\vuins32.dll
2009-09-16 18:34 <DIR> --d----- c:\windows\vnDrvBas
2009-09-16 18:01 <DIR> --d----- c:\windows\pss
2009-09-16 17:52 0 a------- c:\windows\vpc32.INI
2009-09-16 17:29 <DIR> --d----- c:\docume~1\frose\applic~1\Malwarebytes
2009-09-16 17:29 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-09-16 17:29 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-16 17:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-16 17:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-16 17:25 <DIR> --d----- c:\program files\Symantec
2009-09-16 17:25 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-09-16 17:25 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-09-16 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-09-16 16:54 <DIR> --d----- c:\windows\system32\appmgmt
2009-09-16 01:00 1,067 a------- c:\windows\system32\aajkzhshkk.pdf
2009-09-12 17:32 <DIR> --d----- c:\program files\AutorunRemover
2009-08-29 14:50 <DIR> --d----- c:\docume~1\frose\applic~1\BSplayer PRO
2009-08-29 13:51 <DIR> --d----- c:\docume~1\frose\applic~1\Samsung
2009-08-29 13:49 174,592 a------- c:\windows\system32\framedyn.dll
2009-08-29 13:49 137,884 a------- c:\windows\system32\drivers\sscdmdm.sys
2009-08-29 13:49 80,272 a------- c:\windows\system32\drivers\sscdbus.sys
2009-08-29 13:49 11,877 a------- c:\windows\system32\drivers\sscdcmnt.sys
2009-08-29 13:49 11,877 a------- c:\windows\system32\drivers\sscdcm.sys
2009-08-29 13:49 11,188 a------- c:\windows\system32\drivers\sscdwhnt.sys
2009-08-29 13:49 11,188 a------- c:\windows\system32\drivers\sscdwh.sys
2009-08-29 13:49 10,864 a------- c:\windows\system32\drivers\sscdmdfl.sys
2009-08-29 13:48 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers
2009-08-29 13:47 766 a------- c:\windows\system32\Uninstall.ico
2009-08-29 13:47 5,632 a------- c:\windows\system32\drivers\StarOpen.sys
2009-08-29 13:46 <DIR> --d----- c:\program files\Samsung
2009-08-28 15:39 20 a------- c:\windows\mafosav.INI
2009-08-25 19:19 1,067 a------- c:\windows\system32\tfayjyylkp.pdf
2009-08-25 19:18 1,067 a------- c:\windows\system32\aklkrbzqyb.pdf
2009-08-25 19:18 1,067 a------- c:\windows\system32\dfcjheilla.pdf
2009-08-25 19:18 1,067 a------- c:\windows\system32\qyjftbmvvo.pdf
2009-08-25 18:22 1,067 a------- c:\windows\system32\jzapopmyrl.pdf

==================== Find3M ====================

2009-09-17 10:27 186,496 a---h--- c:\windows\system32\mlfcache.dat
2009-09-12 17:20 100 a------- c:\docume~1\alluse~1\applic~1\{0xffcc220x45aaff}.dat
2009-07-22 17:00 407,129 a------- c:\windows\MarioForever_Toolbar_Uninstaller_3468.exe
2009-07-20 00:59 4,096 a------- c:\windows\d3dx.dat
2009-06-17 12:34 56 ---shr-- c:\windows\system32\61A5AFCF43.sys
2009-06-17 12:34 1,890 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-04-14 06:41 164,746 a--shr-- c:\windows\system32\ntayhw.dll
2009-05-13 16:41 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-05-13 16:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-05-13 16:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051320090514\index.dat
2009-05-13 16:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 1:58:33.10 ===============




mycity.rs/must-login.png

Poslao: 22 Sep 2009 04:35
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Pozdravi i dobrodosao na MyCity Forum Wink

Ponovo procitaj temu Kako otvoriti temu u Ambulanti i po uputstvu odradi skeniranje sa Gmer-om

Poslao: 22 Sep 2009 17:23
Idi na vrh
offline
  • Pridružio: 22 Sep 2009
  • Poruke: 12

Kompjuterot mi koce mnogu a po nekolku saati rabota (2-3) celosono se blokira, go restartiram i pak se isto. Ne mi dozvoluva nitu Update na antivirusot. Problemot mi se javi po formatiranje.



mycity.rs/must-login.png


mycity.rs/must-login.png


mycity.rs/must-login.png

Poslao: 22 Sep 2009 17:42
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Odradi sledece:

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Poslao: 22 Sep 2009 18:16
Idi na vrh
offline
  • Pridružio: 22 Sep 2009
  • Poruke: 12

mycity.rs/must-login.png





ComboFix 09-09-21.04 - Frose 09/22/2009 17:55.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.216 [GMT 2:00]
Running from: c:\documents and settings\Frose\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\a
c:\windows\system32\mpxa.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.

2009-09-22 15:27 . 2009-09-22 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3
2009-09-22 15:26 . 2009-09-22 15:26 -------- d-----w- c:\program files\Alawar Games
2009-09-22 11:55 . 2009-09-22 11:55 -------- d-----w- c:\documents and settings\Menki\Local Settings\Application Data\Mozilla
2009-09-21 14:42 . 2005-04-01 18:36 91856 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-21 14:42 . 2005-04-01 18:36 123200 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-21 14:17 . 2009-09-21 14:17 -------- d-----w- c:\program files\Trend Micro
2009-09-20 15:29 . 2009-09-20 15:29 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Real
2009-09-20 15:26 . 2009-09-20 15:26 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-20 15:24 . 2009-09-20 15:24 -------- d-----w- c:\program files\Real
2009-09-20 15:24 . 2009-09-20 15:27 -------- d-----w- c:\program files\Common Files\Real
2009-09-20 15:21 . 2009-09-20 15:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-09-20 15:17 . 2009-09-20 15:17 476696 ----a-w- C:\RealPlayer11GOLD.exe
2009-09-19 21:21 . 2009-09-19 21:21 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-19 21:21 . 2008-12-11 11:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-19 21:21 . 2009-09-19 21:21 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-19 21:21 . 2009-09-19 21:21 -------- d-----w- c:\documents and settings\Frose\Application Data\TuneUp Software
2009-09-19 21:20 . 2009-09-19 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-19 21:20 . 2009-09-19 21:21 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-18 16:32 . 2009-09-18 16:32 -------- d-----w- c:\program files\uTorrent
2009-09-18 16:32 . 2009-09-22 16:04 -------- d-----w- c:\documents and settings\Frose\Application Data\uTorrent
2009-09-18 13:04 . 2009-09-18 13:04 0 ----a-w- c:\windows\nsreg.dat
2009-09-18 13:04 . 2009-09-18 13:04 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Mozilla
2009-09-17 13:41 . 2009-09-17 13:41 -------- d-----w- c:\documents and settings\Menki\Contacts
2009-09-17 13:36 . 2009-09-17 13:36 -------- d-----w- c:\documents and settings\Menki\Local Settings\Application Data\Symantec
2009-09-17 08:27 . 2009-09-22 14:00 -------- d-----w- c:\documents and settings\Frose\Application Data\skypePM
2009-09-16 17:20 . 2009-09-16 17:20 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Help
2009-09-16 16:34 . 2005-03-18 08:39 42496 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2009-09-16 16:34 . 2004-09-17 09:37 61440 ----a-w- c:\windows\system32\vuins32.dll
2009-09-16 16:34 . 2009-09-16 16:34 -------- d-----w- c:\windows\vnDrvBas
2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\Frose\Application Data\Malwarebytes
2009-09-16 15:29 . 2009-04-06 13:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-16 15:29 . 2009-04-06 13:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-16 15:28 . 2009-09-16 15:28 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Symantec
2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\program files\Symantec
2009-09-16 15:25 . 2009-09-22 15:50 -------- d-----w- c:\program files\Symantec AntiVirus
2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-12 15:32 . 2009-09-12 15:33 -------- d-----w- c:\program files\AutorunRemover
2009-08-29 12:50 . 2009-09-17 22:29 -------- d-----w- c:\documents and settings\Frose\Application Data\BSplayer PRO
2009-08-29 11:51 . 2009-08-29 11:51 -------- d-----w- c:\documents and settings\Frose\Application Data\Samsung
2009-08-29 11:49 . 2006-05-03 20:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2009-08-29 11:49 . 2005-12-22 10:24 137884 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2009-08-29 11:49 . 2005-12-22 10:24 11188 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2009-08-29 11:49 . 2005-12-22 10:24 11188 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2009-08-29 11:49 . 2005-12-22 10:24 11877 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2009-08-29 11:49 . 2005-12-22 10:24 11877 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2009-08-29 11:49 . 2005-12-22 10:24 10864 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2009-08-29 11:49 . 2005-12-22 10:24 80272 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2009-08-29 11:48 . 2009-08-29 11:48 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-08-29 11:47 . 2006-07-24 14:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-08-29 11:46 . 2009-08-29 11:46 -------- d-----w- c:\program files\Samsung

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 16:03 . 2009-06-16 14:24 -------- d-----w- c:\documents and settings\Frose\Application Data\Skype
2009-09-22 13:04 . 2009-05-23 20:33 -------- d-----w- c:\documents and settings\Menki\Application Data\Skype
2009-09-22 00:30 . 2009-05-23 20:34 -------- d-----w- c:\documents and settings\Menki\Application Data\skypePM
2009-09-20 15:30 . 2009-05-23 20:33 -------- d-----w- c:\program files\Google
2009-09-17 17:32 . 2009-06-06 22:12 -------- d-----w- c:\documents and settings\Frose\Application Data\mIRC
2009-09-17 08:27 . 2009-06-13 17:17 186496 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-16 17:29 . 2009-07-19 23:09 -------- d-----w- c:\program files\Wonderland Adventures Demo
2009-09-16 16:26 . 2009-06-15 13:00 -------- d-----w- c:\program files\Lavasoft
2009-09-16 16:26 . 2009-06-15 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-16 14:56 . 2009-07-19 23:02 -------- d-----w- c:\program files\Super Mario Blue Twilight DX
2009-09-16 14:56 . 2009-07-19 23:42 -------- d-----w- c:\program files\Telltale Games
2009-09-16 14:55 . 2009-07-22 15:00 -------- d-----w- c:\program files\Mario Forever Toolbar
2009-09-16 14:55 . 2009-07-22 15:00 -------- d-----w- c:\program files\Mario Forever
2009-09-16 14:55 . 2009-07-19 22:56 -------- d-----w- c:\program files\Jets'n'Guns GOLD Demo
2009-09-12 15:20 . 2009-07-19 22:59 100 ----a-w- c:\documents and settings\All Users\Application Data\{0xffcc220x45aaff}.dat
2009-09-12 15:17 . 2009-07-19 23:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-29 11:46 . 2009-05-13 14:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-29 11:44 . 2009-06-01 21:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-05 15:28 . 2009-08-05 15:17 -------- d-----w- c:\documents and settings\Menki\Application Data\BSplayer PRO
2009-08-05 15:27 . 2009-08-05 15:27 -------- d-----w- c:\documents and settings\Menki\Application Data\Corel
2009-08-05 15:17 . 2009-08-05 15:17 -------- d-----w- c:\program files\Webteh
2009-07-30 18:06 . 2009-07-30 18:06 -------- d-----w- c:\program files\Ubisoft
2009-07-30 18:05 . 2009-07-30 18:05 -------- d-----w- c:\documents and settings\Frose\Application Data\InstallShield
2009-07-22 15:00 . 2009-07-22 15:00 407129 ----a-w- c:\windows\MarioForever_Toolbar_Uninstaller_3468.exe
2009-07-19 22:59 . 2009-07-19 22:59 4096 ----a-w- c:\windows\d3dx.dat
2009-06-17 10:34 . 2009-06-17 10:34 56 --sh--r- c:\windows\system32\61A5AFCF43.sys
2009-06-17 10:34 . 2009-06-17 10:34 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-04-14 04:41 . 2008-04-14 04:41 164746 --sha-r- c:\windows\system32\ntayhw.dll
.

------- Sigcheck -------

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2009-01-08 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\system32\services.exe

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[-] 2009-01-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 04:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[-] 2008-04-14 04:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-18 288560]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2009-09-12 1257472]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-08-17 90112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-5-13 606208]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3495:TCP"= 3495:TCP:czvaehed

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/16/2009 5:29 PM 179856]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [9/19/2009 11:21 PM 603904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/16/2009 5:29 PM 15504]
S2 gstdygz;Boot Monitor;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 6:42 AM 14336]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FXRIQPOG
*Deregistered* - fxriqpog

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
gstdygz
.
Contents of the 'Scheduled Tasks' folder

2009-09-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {72324D6D-F090-4C72-8948-35AC29E1652D} = 62.162.32.6 62.162.32.5
TCP: {BAC78D70-F11D-4D2A-98CC-381F15880214} = 62.162.32.5,62.162.32.6
FF - ProfilePath - c:\documents and settings\Frose\Application Data\Mozilla\Firefox\Profiles\akogi327.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=15161&l=dis
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\program files\Trend Micro\remover\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-09-22 18:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gstdygz]
"ServiceDll"="c:\windows\system32\ntayhw.dll"
.
Completion time: 2009-09-22 18:09
ComboFix-quarantined-files.txt 2009-09-22 16:08

Pre-Run: 17,430,695,936 bytes free
Post-Run: 17,818,750,976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

219

Poslao: 22 Sep 2009 19:20
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Pronadji sledece fajlove:

c:\windows\system32\nyovgbmmlh.pdf
c:\windows\system32\aklkrbzqyb.pdf

Upload-uj ih preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

Javi kad odradis upload tih fajlova.

.................................................................



Otvoriti Notepad i iskopirati sledeci tekst:

NetSvcs::
gstdygz

Driver::
gstdygz

File::
c:\windows\system32\ntayhw.dll

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 22 Sep 2009 19:58
Idi na vrh
offline
  • Pridružio: 22 Sep 2009
  • Poruke: 12

Napisano: 22 Sep 2009 19:56

mycity.rs/must-login.png


mycity.rs/must-login.png

Dopuna: 22 Sep 2009 19:58

ComboFix 09-09-22.01 - Frose 09/22/2009 19:38.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.793 [GMT 2:00]
Running from: c:\documents and settings\Frose\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Frose\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\windows\system32\ntayhw.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ntayhw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GSTDYGZ
-------\Service_gstdygz


((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.

2009-09-22 17:45 . 2009-09-22 17:45 -------- d-----w- c:\windows\system32\wbem\snmp
2009-09-22 17:45 . 2009-09-22 17:45 -------- d-----w- c:\windows\system32\xircom
2009-09-22 17:45 . 2009-09-22 17:45 -------- d-----w- c:\program files\microsoft frontpage
2009-09-22 15:27 . 2009-09-22 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3
2009-09-22 15:26 . 2009-09-22 15:26 -------- d-----w- c:\program files\Alawar Games
2009-09-22 11:55 . 2009-09-22 11:55 -------- d-----w- c:\documents and settings\Menki\Local Settings\Application Data\Mozilla
2009-09-21 14:42 . 2005-04-01 18:36 91856 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-21 14:42 . 2005-04-01 18:36 123200 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-21 14:17 . 2009-09-21 14:17 -------- d-----w- c:\program files\Trend Micro
2009-09-20 15:29 . 2009-09-20 15:29 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Real
2009-09-20 15:26 . 2009-09-20 15:26 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-20 15:24 . 2009-09-20 15:24 -------- d-----w- c:\program files\Real
2009-09-20 15:24 . 2009-09-20 15:27 -------- d-----w- c:\program files\Common Files\Real
2009-09-20 15:21 . 2009-09-20 15:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-09-20 15:17 . 2009-09-20 15:17 476696 ----a-w- C:\RealPlayer11GOLD.exe
2009-09-19 21:21 . 2009-09-19 21:21 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-19 21:21 . 2008-12-11 11:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-19 21:21 . 2009-09-19 21:21 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-19 21:21 . 2009-09-19 21:21 -------- d-----w- c:\documents and settings\Frose\Application Data\TuneUp Software
2009-09-19 21:20 . 2009-09-19 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-19 21:20 . 2009-09-19 21:21 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-18 16:32 . 2009-09-18 16:32 -------- d-----w- c:\program files\uTorrent
2009-09-18 16:32 . 2009-09-22 17:43 -------- d-----w- c:\documents and settings\Frose\Application Data\uTorrent
2009-09-18 13:04 . 2009-09-18 13:04 0 ----a-w- c:\windows\nsreg.dat
2009-09-18 13:04 . 2009-09-18 13:04 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Mozilla
2009-09-17 13:41 . 2009-09-17 13:41 -------- d-----w- c:\documents and settings\Menki\Contacts
2009-09-17 13:36 . 2009-09-17 13:36 -------- d-----w- c:\documents and settings\Menki\Local Settings\Application Data\Symantec
2009-09-17 08:27 . 2009-09-22 14:00 -------- d-----w- c:\documents and settings\Frose\Application Data\skypePM
2009-09-16 17:20 . 2009-09-16 17:20 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Help
2009-09-16 16:34 . 2005-03-18 08:39 42496 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2009-09-16 16:34 . 2004-09-17 09:37 61440 ----a-w- c:\windows\system32\vuins32.dll
2009-09-16 16:34 . 2009-09-16 16:34 -------- d-----w- c:\windows\vnDrvBas
2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\Frose\Application Data\Malwarebytes
2009-09-16 15:29 . 2009-04-06 13:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-16 15:29 . 2009-04-06 13:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-16 15:28 . 2009-09-16 15:28 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Symantec
2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\program files\Symantec
2009-09-16 15:25 . 2009-09-22 17:45 -------- d-----w- c:\program files\Symantec AntiVirus
2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-12 15:32 . 2009-09-12 15:33 -------- d-----w- c:\program files\AutorunRemover
2009-08-29 12:50 . 2009-09-17 22:29 -------- d-----w- c:\documents and settings\Frose\Application Data\BSplayer PRO
2009-08-29 11:51 . 2009-08-29 11:51 -------- d-----w- c:\documents and settings\Frose\Application Data\Samsung
2009-08-29 11:49 . 2006-05-03 20:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2009-08-29 11:49 . 2005-12-22 10:24 137884 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2009-08-29 11:49 . 2005-12-22 10:24 11188 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2009-08-29 11:49 . 2005-12-22 10:24 11188 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2009-08-29 11:49 . 2005-12-22 10:24 11877 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2009-08-29 11:49 . 2005-12-22 10:24 11877 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2009-08-29 11:49 . 2005-12-22 10:24 10864 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2009-08-29 11:49 . 2005-12-22 10:24 80272 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2009-08-29 11:48 . 2009-08-29 11:48 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-08-29 11:47 . 2006-07-24 14:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-08-29 11:46 . 2009-08-29 11:46 -------- d-----w- c:\program files\Samsung

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 17:30 . 2009-06-16 14:24 -------- d-----w- c:\documents and settings\Frose\Application Data\Skype
2009-09-22 17:24 . 2009-07-19 23:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-22 13:04 . 2009-05-23 20:33 -------- d-----w- c:\documents and settings\Menki\Application Data\Skype
2009-09-22 00:30 . 2009-05-23 20:34 -------- d-----w- c:\documents and settings\Menki\Application Data\skypePM
2009-09-20 15:30 . 2009-05-23 20:33 -------- d-----w- c:\program files\Google
2009-09-17 17:32 . 2009-06-06 22:12 -------- d-----w- c:\documents and settings\Frose\Application Data\mIRC
2009-09-17 08:27 . 2009-06-13 17:17 186496 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-16 17:29 . 2009-07-19 23:09 -------- d-----w- c:\program files\Wonderland Adventures Demo
2009-09-16 16:26 . 2009-06-15 13:00 -------- d-----w- c:\program files\Lavasoft
2009-09-16 16:26 . 2009-06-15 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-16 14:56 . 2009-07-19 23:02 -------- d-----w- c:\program files\Super Mario Blue Twilight DX
2009-09-16 14:56 . 2009-07-19 23:42 -------- d-----w- c:\program files\Telltale Games
2009-09-16 14:55 . 2009-07-22 15:00 -------- d-----w- c:\program files\Mario Forever Toolbar
2009-09-16 14:55 . 2009-07-22 15:00 -------- d-----w- c:\program files\Mario Forever
2009-09-16 14:55 . 2009-07-19 22:56 -------- d-----w- c:\program files\Jets'n'Guns GOLD Demo
2009-09-12 15:20 . 2009-07-19 22:59 100 ----a-w- c:\documents and settings\All Users\Application Data\{0xffcc220x45aaff}.dat
2009-08-29 11:46 . 2009-05-13 14:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-29 11:44 . 2009-06-01 21:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-05 15:28 . 2009-08-05 15:17 -------- d-----w- c:\documents and settings\Menki\Application Data\BSplayer PRO
2009-08-05 15:27 . 2009-08-05 15:27 -------- d-----w- c:\documents and settings\Menki\Application Data\Corel
2009-08-05 15:17 . 2009-08-05 15:17 -------- d-----w- c:\program files\Webteh
2009-07-30 18:06 . 2009-07-30 18:06 -------- d-----w- c:\program files\Ubisoft
2009-07-30 18:05 . 2009-07-30 18:05 -------- d-----w- c:\documents and settings\Frose\Application Data\InstallShield
2009-07-22 15:00 . 2009-07-22 15:00 407129 ----a-w- c:\windows\MarioForever_Toolbar_Uninstaller_3468.exe
2009-07-19 22:59 . 2009-07-19 22:59 4096 ----a-w- c:\windows\d3dx.dat
2009-06-17 10:34 . 2009-06-17 10:34 56 --sh--r- c:\windows\system32\61A5AFCF43.sys
2009-06-17 10:34 . 2009-06-17 10:34 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2009-01-08 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-01-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-18 288560]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2009-09-12 1257472]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-08-17 90112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-5-13 606208]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3495:TCP"= 3495:TCP:czvaehed

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/16/2009 5:29 PM 179856]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [9/19/2009 11:21 PM 603904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/16/2009 5:29 PM 15504]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-09-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {72324D6D-F090-4C72-8948-35AC29E1652D} = 62.162.32.6 62.162.32.5
TCP: {BAC78D70-F11D-4D2A-98CC-381F15880214} = 62.162.32.5,62.162.32.6
FF - ProfilePath - c:\documents and settings\Frose\Application Data\Mozilla\Firefox\Profiles\akogi327.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=15161&l=dis
FF - prefs.js: keyword.URL -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-09-22 19:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2296)
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wscntfy.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-09-22 19:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-22 17:49
ComboFix2.txt 2009-09-22 16:09

Pre-Run: 17,869,799,424 bytes free
Post-Run: 17,794,174,976 bytes free

198


mycity.rs/must-login.png

Poslao: 22 Sep 2009 21:20
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Te file-ove si trebao upload-ovati preko ovog linka:
http://www.mycity.rs/ambulanta-upload.php

No da mi privedemo ovo kraju...

Privremeno iskljuci svoj AntiVirus!
Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3495:TCP"=-

File::
c:\windows\system32\nyovgbmmlh.pdf
c:\windows\system32\aajkzhshkk.pdf
c:\windows\system32\tfayjyylkp.pdf
c:\windows\system32\aklkrbzqyb.pdf
c:\windows\system32\dfcjheilla.pdf
c:\windows\system32\qyjftbmvvo.pdf
c:\windows\system32\jzapopmyrl.pdf

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 22 Sep 2009 21:34
Idi na vrh
offline
  • Pridružio: 22 Sep 2009
  • Poruke: 12

Napisano: 22 Sep 2009 21:33

Fajlovie se uploadirani pravilno.

Dopuna: 22 Sep 2009 21:34

ComboFix 09-09-22.01 - Frose 09/22/2009 21:24.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.724 [GMT 2:00]
Running from: c:\documents and settings\Frose\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Frose\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\windows\system32\aajkzhshkk.pdf"
"c:\windows\system32\aklkrbzqyb.pdf"
"c:\windows\system32\dfcjheilla.pdf"
"c:\windows\system32\jzapopmyrl.pdf"
"c:\windows\system32\nyovgbmmlh.pdf"
"c:\windows\system32\qyjftbmvvo.pdf"
"c:\windows\system32\tfayjyylkp.pdf"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\aajkzhshkk.pdf
c:\windows\system32\aklkrbzqyb.pdf
c:\windows\system32\dfcjheilla.pdf
c:\windows\system32\jzapopmyrl.pdf
c:\windows\system32\nyovgbmmlh.pdf
c:\windows\system32\qyjftbmvvo.pdf
c:\windows\system32\tfayjyylkp.pdf

.
((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.

2009-09-22 17:45 . 2009-09-22 17:45 -------- d-----w- c:\windows\system32\wbem\snmp
2009-09-22 17:45 . 2009-09-22 17:45 -------- d-----w- c:\windows\system32\xircom
2009-09-22 17:45 . 2009-09-22 17:45 -------- d-----w- c:\program files\microsoft frontpage
2009-09-22 15:27 . 2009-09-22 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3
2009-09-22 15:26 . 2009-09-22 15:26 -------- d-----w- c:\program files\Alawar Games
2009-09-22 11:55 . 2009-09-22 11:55 -------- d-----w- c:\documents and settings\Menki\Local Settings\Application Data\Mozilla
2009-09-21 14:42 . 2005-04-01 18:36 91856 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-21 14:42 . 2005-04-01 18:36 123200 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-21 14:17 . 2009-09-21 14:17 -------- d-----w- c:\program files\Trend Micro
2009-09-20 15:29 . 2009-09-20 15:29 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Real
2009-09-20 15:26 . 2009-09-20 15:26 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-20 15:24 . 2009-09-20 15:24 -------- d-----w- c:\program files\Real
2009-09-20 15:24 . 2009-09-20 15:27 -------- d-----w- c:\program files\Common Files\Real
2009-09-20 15:21 . 2009-09-20 15:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-09-20 15:17 . 2009-09-20 15:17 476696 ----a-w- C:\RealPlayer11GOLD.exe
2009-09-19 21:21 . 2009-09-19 21:21 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-19 21:21 . 2008-12-11 11:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-19 21:21 . 2009-09-19 21:21 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-19 21:21 . 2009-09-19 21:21 -------- d-----w- c:\documents and settings\Frose\Application Data\TuneUp Software
2009-09-19 21:20 . 2009-09-19 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-19 21:20 . 2009-09-19 21:21 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-18 16:32 . 2009-09-18 16:32 -------- d-----w- c:\program files\uTorrent
2009-09-18 16:32 . 2009-09-22 19:26 -------- d-----w- c:\documents and settings\Frose\Application Data\uTorrent
2009-09-18 13:04 . 2009-09-18 13:04 0 ----a-w- c:\windows\nsreg.dat
2009-09-18 13:04 . 2009-09-18 13:04 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Mozilla
2009-09-17 13:41 . 2009-09-17 13:41 -------- d-----w- c:\documents and settings\Menki\Contacts
2009-09-17 13:36 . 2009-09-17 13:36 -------- d-----w- c:\documents and settings\Menki\Local Settings\Application Data\Symantec
2009-09-17 08:27 . 2009-09-22 17:47 -------- d-----w- c:\documents and settings\Frose\Application Data\skypePM
2009-09-16 17:20 . 2009-09-16 17:20 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Help
2009-09-16 16:34 . 2005-03-18 08:39 42496 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2009-09-16 16:34 . 2004-09-17 09:37 61440 ----a-w- c:\windows\system32\vuins32.dll
2009-09-16 16:34 . 2009-09-16 16:34 -------- d-----w- c:\windows\vnDrvBas
2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\Frose\Application Data\Malwarebytes
2009-09-16 15:29 . 2009-04-06 13:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-16 15:29 . 2009-04-06 13:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-16 15:28 . 2009-09-16 15:28 -------- d-----w- c:\documents and settings\Frose\Local Settings\Application Data\Symantec
2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\program files\Symantec
2009-09-16 15:25 . 2009-09-22 19:19 -------- d-----w- c:\program files\Symantec AntiVirus
2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-16 15:25 . 2009-09-21 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-12 15:32 . 2009-09-12 15:33 -------- d-----w- c:\program files\AutorunRemover
2009-08-29 12:50 . 2009-09-17 22:29 -------- d-----w- c:\documents and settings\Frose\Application Data\BSplayer PRO
2009-08-29 11:51 . 2009-08-29 11:51 -------- d-----w- c:\documents and settings\Frose\Application Data\Samsung
2009-08-29 11:49 . 2006-05-03 20:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2009-08-29 11:49 . 2005-12-22 10:24 137884 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2009-08-29 11:49 . 2005-12-22 10:24 11188 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2009-08-29 11:49 . 2005-12-22 10:24 11188 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2009-08-29 11:49 . 2005-12-22 10:24 11877 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2009-08-29 11:49 . 2005-12-22 10:24 11877 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2009-08-29 11:49 . 2005-12-22 10:24 10864 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2009-08-29 11:49 . 2005-12-22 10:24 80272 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2009-08-29 11:48 . 2009-08-29 11:48 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-08-29 11:47 . 2006-07-24 14:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-08-29 11:46 . 2009-08-29 11:46 -------- d-----w- c:\program files\Samsung

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 18:46 . 2009-06-16 14:24 -------- d-----w- c:\documents and settings\Frose\Application Data\Skype
2009-09-22 17:24 . 2009-07-19 23:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-22 13:04 . 2009-05-23 20:33 -------- d-----w- c:\documents and settings\Menki\Application Data\Skype
2009-09-22 00:30 . 2009-05-23 20:34 -------- d-----w- c:\documents and settings\Menki\Application Data\skypePM
2009-09-20 15:30 . 2009-05-23 20:33 -------- d-----w- c:\program files\Google
2009-09-17 17:32 . 2009-06-06 22:12 -------- d-----w- c:\documents and settings\Frose\Application Data\mIRC
2009-09-17 08:27 . 2009-06-13 17:17 186496 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-16 17:29 . 2009-07-19 23:09 -------- d-----w- c:\program files\Wonderland Adventures Demo
2009-09-16 16:26 . 2009-06-15 13:00 -------- d-----w- c:\program files\Lavasoft
2009-09-16 16:26 . 2009-06-15 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-16 14:56 . 2009-07-19 23:02 -------- d-----w- c:\program files\Super Mario Blue Twilight DX
2009-09-16 14:56 . 2009-07-19 23:42 -------- d-----w- c:\program files\Telltale Games
2009-09-16 14:55 . 2009-07-22 15:00 -------- d-----w- c:\program files\Mario Forever Toolbar
2009-09-16 14:55 . 2009-07-22 15:00 -------- d-----w- c:\program files\Mario Forever
2009-09-16 14:55 . 2009-07-19 22:56 -------- d-----w- c:\program files\Jets'n'Guns GOLD Demo
2009-09-12 15:20 . 2009-07-19 22:59 100 ----a-w- c:\documents and settings\All Users\Application Data\{0xffcc220x45aaff}.dat
2009-08-29 11:46 . 2009-05-13 14:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-29 11:44 . 2009-06-01 21:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-05 15:28 . 2009-08-05 15:17 -------- d-----w- c:\documents and settings\Menki\Application Data\BSplayer PRO
2009-08-05 15:27 . 2009-08-05 15:27 -------- d-----w- c:\documents and settings\Menki\Application Data\Corel
2009-08-05 15:17 . 2009-08-05 15:17 -------- d-----w- c:\program files\Webteh
2009-07-30 18:06 . 2009-07-30 18:06 -------- d-----w- c:\program files\Ubisoft
2009-07-30 18:05 . 2009-07-30 18:05 -------- d-----w- c:\documents and settings\Frose\Application Data\InstallShield
2009-07-22 15:00 . 2009-07-22 15:00 407129 ----a-w- c:\windows\MarioForever_Toolbar_Uninstaller_3468.exe
2009-07-19 22:59 . 2009-07-19 22:59 4096 ----a-w- c:\windows\d3dx.dat
2009-06-17 10:34 . 2009-06-17 10:34 56 --sh--r- c:\windows\system32\61A5AFCF43.sys
2009-06-17 10:34 . 2009-06-17 10:34 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2009-01-08 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-01-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-18 288560]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2009-09-12 1257472]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-08-17 90112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-5-13 606208]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/16/2009 5:29 PM 179856]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [9/19/2009 11:21 PM 603904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/16/2009 5:29 PM 15504]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-09-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {72324D6D-F090-4C72-8948-35AC29E1652D} = 62.162.32.6 62.162.32.5
TCP: {BAC78D70-F11D-4D2A-98CC-381F15880214} = 62.162.32.5,62.162.32.6
FF - ProfilePath - c:\documents and settings\Frose\Application Data\Mozilla\Firefox\Profiles\akogi327.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=15161&l=dis
FF - prefs.js: keyword.URL -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-09-22 21:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-09-22 21:28
ComboFix-quarantined-files.txt 2009-09-22 19:28
ComboFix2.txt 2009-09-22 17:49
ComboFix3.txt 2009-09-22 16:09

Pre-Run: 17,578,737,664 bytes free
Post-Run: 17,570,926,592 bytes free

188



mycity.rs/must-login.png

Poslao: 22 Sep 2009 21:46
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Ok,reci mi kakvo je sad stanje?

MyCity » Ambulanta -> Arhiva Ambulante » Blokira mi racunar !!!

Ko je trenutno na forumu
 

Ukupno su 733 korisnika na forumu :: 6 registrovanih, 0 sakrivenih i 727 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: goxin, Koridor, Miškić, opt1, vobo, yrraf