MyCity » Ambulanta -> Arhiva Ambulante » Elite.bar virus - help

Elite.bar virus - help

Napisano na dan: 17.10.2008

Elite.bar virus - help

Sledeća strana

Pagination

Odgovori

la_bamba Poslao: 17 Okt 2008 12:11 Idi na vrh
offline la_bamba Novi MyCity građanin Pridružio: 17 Okt 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:04:18, on 17.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\VIAudioi\SBADeck\ADeck.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Korisnik\Desktop\Virusna zastita\tr3.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WindowsAPI32] C:\rmxgdx.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{27FEF9E6-2A8E-4D1F-B4AD-513377348629}: NameServer = 195.222.32.10 195.222.32.20 O20 - Winlogon Notify: kiwcrky - kiwcrky.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe -- End of file - 5348 bytes Nakon sto sam probao ukloniti viruse sa zarazenog pc-a adaware-om, i NOD32, uklonio sam skoro sve osim elitum/elite.bar (mislim da se tako zove). Antivirus ga prepoznaje, ali se uvijek nanovo pojavljuje, posebno kad se konektujem na internet. Zahvaljujem na pomoci...

Profil

dr_Bora Poslao: 17 Okt 2008 13:20 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

la_bamba Poslao: 17 Okt 2008 15:34 Idi na vrh
offline la_bamba Novi MyCity građanin Pridružio: 17 Okt 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-10-16.08 - Korisnik 2008-10-17 15:15:50.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.191 [GMT 2:00] Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\Korisnik\Application Data\Adobe\crc.dat C:\Documents and Settings\Korisnik\Application Data\Adobe\Player.exe.bak C:\WINDOWS\system32\_004607_.tmp.dll C:\WINDOWS\system32\_004608_.tmp.dll C:\WINDOWS\system32\_004609_.tmp.dll C:\WINDOWS\system32\_004610_.tmp.dll C:\WINDOWS\system32\_004617_.tmp.dll C:\WINDOWS\system32\_004619_.tmp.dll C:\WINDOWS\system32\_004620_.tmp.dll C:\WINDOWS\system32\_004622_.tmp.dll C:\WINDOWS\system32\_004623_.tmp.dll C:\WINDOWS\system32\_004626_.tmp.dll C:\WINDOWS\system32\_004627_.tmp.dll C:\WINDOWS\system32\_004629_.tmp.dll C:\WINDOWS\system32\_004630_.tmp.dll C:\WINDOWS\system32\_004631_.tmp.dll C:\WINDOWS\system32\_004633_.tmp.dll C:\WINDOWS\system32\_004636_.tmp.dll C:\WINDOWS\system32\_004637_.tmp.dll C:\WINDOWS\system32\_004641_.tmp.dll C:\WINDOWS\system32\_004642_.tmp.dll C:\WINDOWS\system32\_004644_.tmp.dll C:\WINDOWS\system32\_004647_.tmp.dll C:\WINDOWS\system32\_004649_.tmp.dll C:\WINDOWS\system32\_004651_.tmp.dll C:\WINDOWS\system32\_004652_.tmp.dll C:\WINDOWS\system32\_004653_.tmp.dll C:\WINDOWS\system32\_004656_.tmp.dll C:\WINDOWS\system32\_004657_.tmp.dll C:\WINDOWS\system32\_004658_.tmp.dll C:\WINDOWS\system32\_004659_.tmp.dll C:\WINDOWS\system32\_004660_.tmp.dll C:\WINDOWS\system32\_004665_.tmp.dll C:\WINDOWS\system32\_004667_.tmp.dll ----- BITS: Possible infected sites ----- hxxp://78.157.143.163 hxxp://91.203.93.6 hxxp://78.157.143.198 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_icf ((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 ))))))))))))))))))))))))))))))) . 2008-10-17 11:48 . 2008-10-17 11:48 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-16 15:49 . 2008-10-16 15:49 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Uniblue 2008-10-16 15:27 . 2008-10-16 15:27 2,472 --a------ C:\clean.bat 2008-10-16 14:07 . 2008-10-16 19:46 <DIR> d-------- C:\Program Files\True Sword 5 2008-10-16 14:07 . 2008-10-16 14:07 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\True Sword 2008-10-16 13:37 . 2008-10-16 13:37 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Malwarebytes 2008-10-16 13:37 . 2008-10-16 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-15 19:52 . 2008-10-17 15:22 93,918 --a------ C:\WINDOWS\system32\drivers\8b09a4f8.sys 2008-10-13 12:51 . 2008-10-13 12:51 138,560 --a------ C:\WINDOWS\system32\drivers\ati2orxx.sys 2008-10-13 12:50 . 2008-10-13 13:08 2,933 --a------ C:\Documents and Settings\Korisnik\iuns.exe 2008-10-12 20:21 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll 2008-10-12 20:20 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-10-12 20:20 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2008-10-12 20:20 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2008-10-12 20:20 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-10-12 20:20 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2008-10-12 20:20 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2008-09-25 01:49 . 2008-09-25 01:49 <DIR> d-------- C:\Program Files\whyEye.org 2008-09-25 01:44 . 2008-09-25 01:44 <DIR> d-------- C:\Program Files\IrfanView 2008-09-21 21:53 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-17 09:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-10-13 10:50 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2008-10-09 19:02 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\LimeWire 2008-09-25 10:57 --------- d-----w C:\Program Files\Google 2008-09-23 14:34 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Image Zone Express 2008-09-09 21:28 --------- d-----w C:\Program Files\FreeGamePick.com 2008-09-03 18:19 --------- d-----w C:\Program Files\UBISOFT 2008-09-03 18:15 13,312 ----a-w C:\WINDOWS\system32\svrapi.dll 2008-08-29 20:02 --------- d-----w C:\Program Files\Labtec 2008-08-21 19:40 --------- d-----w C:\Program Files\Lavasoft 2008-08-21 19:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-21 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-18 19:24 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Emme . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-15 133104] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768] "AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-03-20 516096] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-24 917504] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-01 113664] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-30 124400] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2orxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3uxxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5ehxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5koxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7mpxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8vaxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= S0 ati2orxx;ati2orxx;C:\WINDOWS\system32\Drivers\ati2orxx.sys [2008-10-13 138560] S0 ati5ehxx;ati5ehxx;C:\WINDOWS\system32\Drivers\ati5ehxx.sys [ ] S0 ati5koxx;ati5koxx;C:\WINDOWS\system32\Drivers\ati5koxx.sys [ ] S0 ati7mpxx;ati7mpxx;C:\WINDOWS\system32\Drivers\ati7mpxx.sys [ ] S0 ati8vaxx;ati8vaxx;C:\WINDOWS\system32\Drivers\ati8vaxx.sys [ ] S1 7ba1e85;7ba1e85;C:\WINDOWS\system32\drivers\7ba1e85.sys [ ] S1 dedae377;dedae377;C:\WINDOWS\system32\drivers\dedae377.sys [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e9ca49a-4e76-11dd-8de1-0040f497ce7c}] \Shell\AutoOpen\command - F:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9707f3f-1142-11dd-8cc6-0040f497ce7c}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b184724c-1f99-11dd-8d13-0040f497ce7c}] \Shell\AutoOpen\command - F:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe . Contents of the 'Scheduled Tasks' folder 2008-10-17 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-15 21:45] . - - - - ORPHANS REMOVED - - - - HKCU-Run-WindowsAPI32 - C:\rmxgdx.exe HKCU-Run-Uniblue RegistryBooster 2009 - C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe Notify-kiwcrky - kiwcrky.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\qu7l717h.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.bljesak.info/ FF -: plugin - C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.131.19\npGoogleOneClick6.dll FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1202.1501\npCIDetect11.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-10-17 15:21:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\8b09a4f8] "ImagePath"="\SystemRoot\System32\drivers\8b09a4f8.sys" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\ESET\nod32krn.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-10-17 15:27:12 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-17 13:27:08 Pre-Run: 13.652.836.352 bytes free Post-Run: 14,206,808,064 bytes free 198 dr bora, trebam lči jos nesto uciniti... poz

Profil

dr_Bora Poslao: 17 Okt 2008 15:52 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\drivers\8b09a4f8.sys C:\WINDOWS\system32\drivers\ati2orxx.sys C:\Documents and Settings\Korisnik\iuns.exe Driver:: ati2orxx ati5ehxx ati5koxx ati7mpxx ati8vaxx 7ba1e85 dedae377 8b09a4f8 Registry:: [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2orxx.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3uxxx.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5ehxx.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5koxx.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7mpxx.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8vaxx.sys] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e9ca49a-4e76-11dd-8de1-0040f497ce7c}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9707f3f-1142-11dd-8cc6-0040f497ce7c}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b184724c-1f99-11dd-8d13-0040f497ce7c}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

la_bamba Poslao: 17 Okt 2008 19:47 Idi na vrh
offline la_bamba Novi MyCity građanin Pridružio: 17 Okt 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-10-16.08 - Korisnik 2008-10-17 19:33:41.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.174 [GMT 2:00] Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Korisnik\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Documents and Settings\Korisnik\iuns.exe C:\WINDOWS\system32\drivers\8b09a4f8.sys C:\WINDOWS\system32\drivers\ati2orxx.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Korisnik\iuns.exe C:\WINDOWS\system32\drivers\8b09a4f8.sys C:\WINDOWS\system32\drivers\ati2orxx.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_7ba1e85 -------\Service_8b09a4f8 -------\Service_ati2orxx -------\Service_ati5ehxx -------\Service_ati5koxx -------\Service_ati7mpxx -------\Service_ati8vaxx -------\Service_dedae377 ((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 ))))))))))))))))))))))))))))))) . 2008-10-17 11:48 . 2008-10-17 11:48 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-16 15:49 . 2008-10-16 15:49 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Uniblue 2008-10-16 15:27 . 2008-10-16 15:27 2,472 --a------ C:\clean.bat 2008-10-16 14:07 . 2008-10-16 19:46 <DIR> d-------- C:\Program Files\True Sword 5 2008-10-16 14:07 . 2008-10-16 14:07 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\True Sword 2008-10-16 13:37 . 2008-10-16 13:37 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Malwarebytes 2008-10-16 13:37 . 2008-10-16 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-12 20:21 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll 2008-10-12 20:20 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-10-12 20:20 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2008-10-12 20:20 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2008-10-12 20:20 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-10-12 20:20 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2008-10-12 20:20 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2008-09-25 01:49 . 2008-09-25 01:49 <DIR> d-------- C:\Program Files\whyEye.org 2008-09-25 01:44 . 2008-09-25 01:44 <DIR> d-------- C:\Program Files\IrfanView 2008-09-21 21:53 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-17 09:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-10-13 10:50 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2008-10-09 19:02 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\LimeWire 2008-09-25 10:57 --------- d-----w C:\Program Files\Google 2008-09-23 14:34 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Image Zone Express 2008-09-09 21:28 --------- d-----w C:\Program Files\FreeGamePick.com 2008-09-03 18:19 --------- d-----w C:\Program Files\UBISOFT 2008-09-03 18:15 13,312 ----a-w C:\WINDOWS\system32\svrapi.dll 2008-08-29 20:02 --------- d-----w C:\Program Files\Labtec 2008-08-21 19:40 --------- d-----w C:\Program Files\Lavasoft 2008-08-21 19:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-21 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-18 19:24 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Emme . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-15 133104] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768] "AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-03-20 516096] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-24 917504] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-01 113664] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-30 124400] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . Contents of the 'Scheduled Tasks' folder 2008-10-17 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-15 21:45] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-10-17 19:38:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\ESET\nod32krn.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-10-17 19:43:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-17 17:43:35 ComboFix2.txt 2008-10-17 13:27:14 Pre-Run: 14.209.032.192 bytes free Post-Run: 14,199,750,656 bytes free 129

Profil

dr_Bora Poslao: 17 Okt 2008 20:00 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Klikni desnim tasterom na file C:\clean.bat i izaberi opciju Edit. File će se otvoriti u Notepad-u - iskopiraj ovde njegov sadržaj.

Profil

la_bamba Poslao: 17 Okt 2008 20:04 Idi na vrh
offline la_bamba Novi MyCity građanin Pridružio: 17 Okt 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! del c:\.tmp del %temp%\.tmp /f del %windir%\prefetch\. del %windir%\temp\. /f del %windir%\system32\kalv. /f del %windir%\system32\elite. /f del C:\documents and settings\\local settings\temp\.* /f CLS ECHO OFF ECHO Elite Toolbar Removal Batch File ECHO Created by Nyquist on 19th Feb 2005. ECHO OFF ECHO Removing Elite Tool Bar directories. ECHO Searching %windir% IF EXIST %windir%\elitetoolbar\nul DELTREE /y %windir%\elitebar IF EXIST %windir%\elitetoolbar\nul DELTREE /y %windir%\elitetoolbar IF EXIST %windir%\elitesidebar\nul DELTREE /y %windir%\elitesidebar ECHO Searching %temp% IF EXIST %temp%\elitetoolbar\nul DELTREE /y %temp%\elitebar IF EXIST %temp%\elitetoolbar\nul DELTREE /y %temp%\elitetoolbar IF EXIST %temp%\elitesidebar\nul DELTREE /y %temp%\elitesidebar ECHO Searching %windir%\SYSTEM IF EXIST %windir%\SYSTEM\elitetoolbar\nul DELTREE /y %windir%\SYSTEM\elitebar IF EXIST %windir%\SYSTEM\elitetoolbar\nul DELTREE /y %windir%\SYSTEM\elitetoolbar IF EXIST %windir%\SYSTEM\elitesidebar\nul DELTREE /y %windir%\SYSTEM\elitesidebar ECHO Searching %windir%\SYSTEM32 IF EXIST %windir%\SYSTEM32\elitetoolbar\nul DELTREE /y %windir%\SYSTEM32\elitebar IF EXIST %windir%\SYSTEM32\elitetoolbar\nul DELTREE /y %windir%\SYSTEM32\elitetoolbar IF EXIST %windir%\SYSTEM32\elitesidebar\nul DELTREE /y %windir%\SYSTEM32\elitesidebar ECHO Removing Elite Tool Bar files. ECHO Searching %windir% IF EXIST %windir%\eliteerror.dat DEL %windir%\eliteerror.dat IF EXIST %windir%\eliteerror32.dat DEL %windir%\eliteerror32.dat IF EXIST %windir%\system\elitedoolsav.dat DEL %windir%\system\elitedoolsav.dat IF EXIST %windir%\system\eliteerror.dat DEL %windir%\system\eliteerror.dat IF EXIST %windir%\system\eliteerror32.dat DEL %windir%\system\eliteerror32.dat IF EXIST %windir%\system32\eliteerror.dat DEL %windir%\system32\eliteerror.dat IF EXIST %windir%\system32\eliteerror32.dat DEL %windir%\system32\eliteerror32.dat ECHO Removing startup hooks. IF EXIST %temp%\suicidetb.exe DEL %temp%\suicidetb.exe IF EXIST %windir%\system\elite.exe DEL %windir%\system\elite.exe IF EXIST %windir%\system\elite.exe DEL %windir%\system32\elite.exe IF EXIST %windir%\system\kalv.exe DEL %windir%\system\kalv.exe IF EXIST %windir%\system\kalv.exe DEL %windir%\system32\kalv.exe IF EXIST %windir%\system\msnmsgq32*.exe DEL %windir%\system\msnmsgq32.exe IF EXIST %windir%\system\shch.exe DEL %windir%\system\shch.exe

Profil

dr_Bora Poslao: 17 Okt 2008 20:12 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	1Ovo se svidja korisniku: blackbeast Registruj se da bi pohvalio/la poruku! Ok. Kakvo je sada stanje? Detektuje li AV nešto? Ako da, šta tačno je u pitanju (zanima me lokacija detektovanih file-ova)?

Profil

la_bamba Poslao: 17 Okt 2008 21:15 Idi na vrh
offline la_bamba Novi MyCity građanin Pridružio: 17 Okt 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zasad nista prije zadnjeg skeniranja sa Combom, NOD32 je trazio da prijavim sumnjive fileove na njihovu stranicu (sto mi se inace desavalo u zadnja dva dana vise puta). Nakon sto sam prekopirao txt file u combo i restarta, nista se vise nije desilo, sto znaci da nema problema. Jos cu pokusati jednom sken NOD-om, a onda adaware-om, ali mislim da je to - to. Javicu se nakon skena, ali u svakom slucaju, nemas uzalud prefiks dr. Hvala puno Dopuna: 17 Okt 2008 21:15 Zavrsio skeniranje, nema prijavljenih problema. Thanx a lot. Pozdrav

Profil

dr_Bora Poslao: 17 Okt 2008 23:14 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradi sledeće: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore To je sve. poz

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Elite.bar virus - help

Ko je trenutno na forumu

Ukupno su 692 korisnika na forumu :: 35 registrovanih, 6 sakrivenih i 651 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., Apok, bojank, Chainsaw, dijica, djboj, Dorcolac, dragon986, Drug pukovnik, Georgius, Igrutinovic, ivica976, Jovan Nenad, kovinacc, Marko Marković, MiGac, Milan.1976, nemkea71, nuke92, Oluj2.1, Profica, Radoje, respekt, S2M, Sandra98bg, Simon simonović, Snorks, Srki98, Stanlio, Tragač, Trpe Grozni, Vlada1389, vladetije, Wisdomseeker

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by