Izdvojeno iz druge teme

2

Izdvojeno iz druge teme

offline
  • Pridružio: 25 Apr 2006
  • Poruke: 46

mycity.rs/must-login.png



ComboFix 08-12-01.01 - xp pro 2008-12-05 22:54:35.5 - NTFSx86
Running from: c:\documents and settings\xp pro\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\xp pro\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
c:\windows\system32PLSR.006
c:\windows\system32PLSR.007
c:\windows\system32PLSR.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32PLSR.006
c:\windows\system32PLSR.007
c:\windows\system32PLSR.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-05 16:54 . 2008-12-05 16:55 250 --a------ c:\windows\gmer.ini
2008-12-03 12:39 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2008-12-02 08:17 . 2008-12-02 08:17 <DIR> d-------- c:\program files\3D-Relax
2008-12-02 07:35 . 2008-12-02 07:35 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-01 20:46 . 2008-12-01 20:46 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Thinstall
2008-12-01 19:51 . 2008-12-02 07:33 <DIR> d-------- c:\program files\Lavasoft
2008-11-30 12:55 . 2008-11-30 13:17 <DIR> d-------- c:\program files\T-Com Antidialer
2008-11-30 12:46 . 2008-11-30 12:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Netsweeper
2008-11-28 12:49 . 2008-12-02 13:11 <DIR> d-------- c:\program files\Trojan Remover
2008-11-26 20:17 . 2005-05-03 11:43 69,632 -ra------ c:\windows\Alcmtr.exe
2008-11-23 22:09 . 2008-12-05 16:45 171,135 --a------ c:\windows\system32\nvapps.xml
2008-11-23 22:08 . 2008-11-23 22:08 <DIR> d-------- c:\windows\nview
2008-11-23 22:08 . 2008-02-28 06:34 360,448 -ra------ c:\windows\system32\nvuninst.exe
2008-11-23 22:08 . 2008-02-28 06:34 360,448 --a------ c:\windows\system32\nvudisp.exe
2008-11-23 22:08 . 2008-02-28 06:34 17,848 --a------ c:\windows\system32\nvdisp.nvu
2008-11-23 21:31 . 2008-11-30 09:26 <DIR> d-------- c:\program files\Dr.Hardware 2008 english
2008-11-22 17:54 . 2008-11-24 11:22 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-18 14:13 . 2008-11-18 14:13 <DIR> d-------- c:\windows\Green Valley Fun on the Farm
2008-11-18 13:46 . 2008-11-18 13:49 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Ancient Quest of Saqqarah__cminion
2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\StoneLoops!
2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Saqqarah
2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\MagicMatch
2008-11-15 19:51 . 2008-11-15 19:57 <DIR> d-------- c:\documents and settings\xp pro\Application Data\DMCache
2008-11-15 00:08 . 2008-11-15 00:08 <DIR> d-------- c:\windows\3planesoft 3D Screensavers [36-in-1] 32-bit
2008-11-09 20:23 . 2008-11-11 12:57 <DIR> d-------- c:\program files\XP Repair Pro 2007
2008-11-05 10:17 . 2008-11-08 22:16 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-05 09:23 . 2008-11-05 09:23 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Sahmon Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 21:41 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2008-12-05 21:10 --------- d-----w c:\documents and settings\xp pro\Application Data\uTorrent
2008-12-05 15:43 --------- d-----w c:\program files\SuperCleaner
2008-12-04 13:36 --------- d-----w c:\program files\Puzzle Express
2008-12-02 12:10 --------- d-----w c:\documents and settings\xp pro\Application Data\Gearbox Software
2008-12-01 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-26 19:25 16,376 ----a-w c:\windows\gdrv.sys
2008-11-18 13:14 --------- d-----w c:\documents and settings\All Users\Application Data\Intenium
2008-11-08 21:31 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-05 09:25 --------- d-----w c:\program files\GameHouse
2008-11-05 09:22 --------- d-----w c:\program files\Platypus II
2008-11-05 09:22 --------- d-----w c:\program files\Pinocchio ENG
2008-11-04 21:59 --------- d-----w c:\documents and settings\All Users\Application Data\HipSoft
2008-11-03 09:35 --------- d-----w c:\program files\Nero
2008-11-03 09:35 --------- d-----w c:\program files\Common Files\Nero
2008-11-03 09:34 --------- d-----w c:\program files\Windows Sidebar
2008-11-03 09:23 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-31 10:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 10:35 --------- d-----w c:\program files\EA GAMES
2008-10-31 10:21 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap Games
2008-10-30 11:30 --------- d-----w c:\documents and settings\xp pro\Application Data\SolSuite
2008-10-30 11:19 --------- d-----w c:\program files\SolSuite
2008-10-30 11:19 --------- d-----w c:\documents and settings\All Users\Application Data\TreeCardGames
2008-10-29 10:44 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-10-29 10:38 --------- d-----w c:\program files\Midway Games
2008-10-28 07:31 --------- d-----w c:\program files\Escape From Paradise
2008-10-28 07:28 --------- d-----w c:\program files\Rainforest Adventure
2008-10-27 12:40 --------- d-----w c:\program files\Fire Maple Games
2008-10-27 12:39 472,576 ----a-w c:\windows\uninstall.exe
2008-10-27 12:39 26,555,220 ----a-w c:\windows\system32\ntx263769828.exe
2008-10-27 12:39 26,555,220 ----a-w c:\windows\system32\ntx263766796.exe
2008-10-27 12:39 --------- d-----w c:\program files\Mahjong Forests
2008-10-21 17:37 --------- d-----w c:\documents and settings\xp pro\Application Data\Playfirst
2008-10-21 17:37 --------- d-----w c:\documents and settings\All Users\Application Data\Playfirst
2008-10-21 16:36 --------- d-----w c:\documents and settings\xp pro\Application Data\Righteous Kill
2008-10-21 15:56 --------- d-----w c:\program files\LeeGTs Games
2008-10-21 15:27 --------- d-----w c:\program files\Chromentum 2
2008-10-17 01:36 --------- d-----w c:\program files\JLC's Software
2008-10-17 01:28 --------- d-----w c:\documents and settings\xp pro\Application Data\JLC's Software
2008-10-14 21:01 81,920 ----a-w c:\documents and settings\xp pro\Application Data\ezpinst.exe
2008-10-14 21:01 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-14 21:01 47,360 ----a-w c:\documents and settings\xp pro\Application Data\pcouffin.sys
2008-10-14 21:01 --------- d-----w c:\program files\Video Convert Premier
2008-10-14 21:01 --------- d-----w c:\documents and settings\xp pro\Application Data\Vso
2008-10-07 20:48 --------- d-----w c:\program files\Webteh
2008-10-07 20:48 --------- d-----w c:\documents and settings\xp pro\Application Data\BSplayer PRO
2008-10-05 11:14 --------- d-----w c:\program files\UltraISO
2008-10-05 11:13 --------- d-----w c:\program files\Common Files\EZB Systems
2007-07-26 19:00 23,800,756 ----a-w c:\program files\Burning Studio 7.1.0.exe
2002-07-01 14:13 224 --sha-w c:\documents and settings\xp pro\Application Data\maildriver32.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-02_13.40.24.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-05 15:54:18 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 20:13:02 811,008 ----a-r c:\windows\gmer.exe
- 2008-11-07 10:44:54 10,134 ----a-r c:\windows\Installer\{98B987B8-17AE-4883-879A-65E6FB41A51C}\callmsi.exe
+ 2008-12-03 11:38:14 10,134 ----a-r c:\windows\Installer\{98B987B8-17AE-4883-879A-65E6FB41A51C}\callmsi.exe
- 2008-11-07 10:44:54 136,448 ----a-r c:\windows\Installer\{98B987B8-17AE-4883-879A-65E6FB41A51C}\egui.exe
+ 2008-12-03 11:38:14 136,448 ----a-r c:\windows\Installer\{98B987B8-17AE-4883-879A-65E6FB41A51C}\egui.exe
+ 2008-12-05 15:54:18 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2008-12-02 2468200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

*Newly Created Service* - GMER
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-05 22:55:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
Completion time: 2008-12-05 22:56:11
ComboFix-quarantined-files.txt 2008-12-05 21:56:05
ComboFix2.txt 2008-12-03 10:57:22
ComboFix3.txt 2008-12-03 10:14:08
ComboFix4.txt 2008-12-02 12:52:32
ComboFix5.txt 2008-12-05 21:53:51

Pre-Run: 66.849.955.840 bytes free
Post-Run: 66,837,221,376 bytes free

162

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

I, kakvo je sada stanje?

offline
  • Pridružio: 25 Apr 2006
  • Poruke: 46

Konekcija deluje dobro i stabilno jos od prvog saveta,hvala veliko,ako bude problema obraticu se, a i da nesto imi smrtnici naucimo od majstora.Svaka cast.hvala jos jednom na utrosenom vremenu

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Uradi još i ovo:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore



To je sve.

Ko je trenutno na forumu
 

Ukupno su 1320 korisnika na forumu :: 43 registrovanih, 7 sakrivenih i 1270 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., antonije64, Areal84, babaroga, bladesu, Brana01, cenejac111, cikadeda, CikaKURE, Dimitrije Paunovic, Dorcolac, DPera, draganl, galijot, GandorCC, Georgius, hyla, ikan, kihot, kolle.the.kid, krkalon, Krvava Devetka, kybonacci, Lieutenant, ljuba, markF, Mcdado, mercedesamg, milenko crazy north, Milos ZA, MilosKop, Miroljub1979, Mixelotti, nemkea71, nick79, Parker, prashinar, procesor, robert1979, S-lash, Smd, vathra, 79693