MyCity » Ambulanta -> Arhiva Ambulante » Jel ok ovaj log

Jel ok ovaj log

Napisano na dan: 24.6.2009

Jel ok ovaj log
Sledeća strana Pagination

Idi na vrh

Poslao: 24 Jun 2009 14:16
Idi na vrh
offline
  • Pridružio: 19 Dec 2008
  • Poruke: 89

ComboFix 09-06-23.01 - SERVIS 06/24/2009 14:01.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1587 [GMT 2:00]
Running from: c:\documents and settings\SERVIS\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ctfmon.exe.tmp
c:\windows\system32\Y45a7ra7.exe.a_a

.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-24 12:01 . 2009-06-24 12:01 -------- d-----w- C:\QUARANTINE
2009-06-24 11:49 . 2009-06-24 11:49 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\Help
2009-06-24 11:40 . 2009-06-24 11:40 -------- d-----w- c:\program files\CCleaner
2009-06-24 08:57 . 2009-06-24 08:57 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-19 09:04 . 2009-06-19 09:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit
2009-06-19 09:00 . 2009-06-19 12:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\TDI
2009-06-19 07:24 . 2009-06-19 07:24 208898 ----a-w- c:\windows\system32\Y45a7ra7.exe
2009-06-19 07:09 . 2009-06-19 07:09 74752 ----a-w- c:\windows\system32\B12c4tc4.dll
2009-06-11 07:32 . 2009-06-11 07:32 152576 ----a-w- c:\documents and settings\SERVIS\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-03 14:33 . 2009-06-04 07:47 -------- d-----w- c:\program files\XP Repair Pro 2007
2009-06-03 14:33 . 2009-06-03 14:33 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\{C82FE1BB-5140-4F7D-8DBF-56A85573BD49}
2009-06-03 13:53 . 2009-06-03 13:53 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\Google
2009-06-03 13:51 . 2009-06-03 13:51 -------- d-----w- c:\program files\Google
2009-05-30 09:35 . 2009-05-30 09:35 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\WMTools Downloaded Files
2009-05-28 08:52 . 2009-05-28 08:52 -------- d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 11:46 . 2009-04-21 14:05 -------- d-----w- c:\program files\Yahoo!
2009-06-24 11:46 . 2009-05-06 12:26 -------- d-----w- c:\program files\InstantFileRecovery
2009-06-24 11:46 . 2009-05-06 12:36 -------- d-----w- c:\program files\Runtime Software
2009-06-23 08:52 . 2009-04-06 09:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-17 07:12 . 2009-03-28 09:12 -------- d-----w- c:\program files\USB Disk Security
2009-06-11 07:33 . 2009-03-14 08:42 -------- d-----w- c:\program files\Java
2009-05-22 07:08 . 2009-03-18 11:50 -------- d-----w- c:\program files\TDI
2009-05-21 09:33 . 2009-03-14 08:42 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-18 07:45 . 2009-03-13 10:12 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-18 07:44 . 2009-05-18 07:44 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-18 07:44 . 2009-05-18 07:44 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-14 12:24 . 2009-03-18 10:43 -------- d-----w- c:\program files\nLite
2009-05-14 12:08 . 2009-03-13 21:43 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-04-27 12:21 . 2009-05-18 07:44 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-04-09 10:50 . 2009-04-09 10:50 152576 ----a-w- c:\documents and settings\SERVIS\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.

------- Sigcheck -------

[-] 2009-01-16 07:19 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7957FD21-C584-4476-B26B-4691A7AC4E5D}]
2009-06-19 07:09 74752 ----a-w- c:\windows\system32\B12c4tc4.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]
2009-05-22 07:08 2094616 ----a-w- c:\program files\TDI\tbTD1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-06-17 25100]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2009-06-24 25100]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\My Documents\\Valve\\hl.exe"=

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 9:07 AM 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/3/2002 11:30 PM 67904]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/18/2009 9:44 AM 604416]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/3/2002 11:30 PM 64432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-06-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-06-19 c:\windows\Tasks\At1.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-19 c:\windows\Tasks\At10.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-24 c:\windows\Tasks\At11.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-24 c:\windows\Tasks\At12.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-24 c:\windows\Tasks\At13.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-24 c:\windows\Tasks\At14.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-24 c:\windows\Tasks\At15.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-23 c:\windows\Tasks\At16.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-22 c:\windows\Tasks\At17.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-22 c:\windows\Tasks\At18.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-19 c:\windows\Tasks\At19.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-19 c:\windows\Tasks\At2.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-19 c:\windows\Tasks\At20.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-19 c:\windows\Tasks\At21.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-19 c:\windows\Tasks\At22.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-19 c:\windows\Tasks\At23.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-19 c:\windows\Tasks\At24.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-19 c:\windows\Tasks\At3.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-19 c:\windows\Tasks\At4.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-19 c:\windows\Tasks\At5.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-19 c:\windows\Tasks\At6.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-19 c:\windows\Tasks\At7.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-19 c:\windows\Tasks\At8.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]

2009-06-19 c:\windows\Tasks\At9.job
- c:\windows\system32\Y45a7ra7.exe [2009-06-19 07:24]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mWindow Title = Microsoft Internet Explorer
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-06-24 14:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-24 14:11
ComboFix-quarantined-files.txt 2009-06-24 12:11
ComboFix2.txt 2009-05-18 08:13

Pre-Run: 16,268,976,128 bytes free
Post-Run: 16,409,706,496 bytes free

181



Poslao: 24 Jun 2009 16:37
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Idući put kada ne ispratiš uputstvo za otvaranje teme, ista će biti obrisana.





Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:


Files to delete:
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\system32\Y45a7ra7.exe
c:\windows\system32\B12c4tc4.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7957FD21-C584-4476-B26B-4691A7AC4E5D}



Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u
Iskopiraj sadržaj dobijenog loga u temu na forumu.



Nakon toga upload-uj file: C:\Avenger\backup.zip

preko ovog linka: [Link mogu videti samo ulogovani korisnici]



Poslao: 25 Jun 2009 13:42
Idi na vrh
offline
  • Pridružio: 19 Dec 2008
  • Poruke: 89

Logfile of The Avenger Version 2.0, (c) by Swandog46
[Link mogu videti samo ulogovani korisnici]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\Tasks\At1.job" deleted successfully.
File "c:\windows\Tasks\At10.job" deleted successfully.
File "c:\windows\Tasks\At11.job" deleted successfully.
File "c:\windows\Tasks\At12.job" deleted successfully.
File "c:\windows\Tasks\At13.job" deleted successfully.
File "c:\windows\Tasks\At14.job" deleted successfully.
File "c:\windows\Tasks\At15.job" deleted successfully.
File "c:\windows\Tasks\At16.job" deleted successfully.
File "c:\windows\Tasks\At17.job" deleted successfully.
File "c:\windows\Tasks\At18.job" deleted successfully.
File "c:\windows\Tasks\At19.job" deleted successfully.
File "c:\windows\Tasks\At2.job" deleted successfully.
File "c:\windows\Tasks\At20.job" deleted successfully.
File "c:\windows\Tasks\At21.job" deleted successfully.
File "c:\windows\Tasks\At22.job" deleted successfully.
File "c:\windows\Tasks\At23.job" deleted successfully.
File "c:\windows\Tasks\At24.job" deleted successfully.
File "c:\windows\Tasks\At3.job" deleted successfully.
File "c:\windows\Tasks\At4.job" deleted successfully.
File "c:\windows\Tasks\At5.job" deleted successfully.
File "c:\windows\Tasks\At6.job" deleted successfully.
File "c:\windows\Tasks\At7.job" deleted successfully.
File "c:\windows\Tasks\At8.job" deleted successfully.
File "c:\windows\Tasks\At9.job" deleted successfully.
File "c:\windows\system32\Y45a7ra7.exe" deleted successfully.
File "c:\windows\system32\B12c4tc4.dll" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7957FD21-C584-4476-B26B-4691A7AC4E5D}" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Ubacio sam onaj backup file

Poslao: 25 Jun 2009 16:48
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

OK. Ovo bi sada trebalo biti čisto.


Obriši folder: C:\Avenger


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.



To je to...

MyCity » Ambulanta -> Arhiva Ambulante » Jel ok ovaj log

Ko je trenutno na forumu
 

Ukupno su 788 korisnika na forumu :: 79 registrovanih, 7 sakrivenih i 702 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: acov34, amstel2, Arhiv, bambulic, BaneM75, Betty25, BlackTower, Bojcca, Borkanović, bpvl, Bubili, Chainsaw, Dejan_vw, desmeki, DonRumataEstorski, doom83, DragoslavS, Duschi, Dusko_Dugousko, Electron, Flanker-G, gagidjuric, Giskard, GveX, Hans Gajger, Ikica977, Imperator_Aleksandr_lll, Kenanjoz, Konda, kovac9mm, Krusarac, Levi, LUDI, Magarac, Martin543, MaschinenPistole, max power, mercedesamg, mgolub, Miki01, Milan A. Nikolic, mileta4, milos.cbr, Milun24, nebojsag, neko_drugi, Nepopravljivi, neutrino, pandur, panonski mornar, Papadubi, Parker, pein, Permaldar, Prečanin30, Remarqe, repac, Robin, royst33, Salence74, sekretar, shiro, shota91, Sir Budimir, SK66, sparkie, svnedelja, Tvrtko I, Valter071, Vanderx, vathra, Vlada1389, Vrač, Witcher, Zastava, zgoljo, ziggga, Zorge, |_MeD_|