Neznam kako da se rešim virusa!!!

1

Neznam kako da se rešim virusa!!!

offline
  • Predox  Male
  • Novi MyCity građanin
  • Pridružio: 10 Apr 2009
  • Poruke: 19
  • Gde živiš: Doboj

Ako možete da mi pomognete,neznam kako da se rešim virusa,imao sam slobodnog prostora preko 10GB.Odjednom mi izbaci upozorenje da slobodnog prostora nema ništa...brisao sam neke igrice kako bi stvorio slobodan prostor ali opez za manje od 2-3 sata piše da prostora nema nista...Pokušavao sam da nađem virus sa antivirusom ali mi nije uspijevalo i opet tako se ponavlja...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:28, on 10.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbappHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Korisnik\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60207
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60207
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.3.0.790\HPIEAddOn.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Sonerie Toolbar - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - C:\DOCUME~1\Korisnik\Desktop\SONNER~1\toolbar.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stb0.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03376FE4-C880-430D-9B93-7A555395C305}: NameServer = 79.143.168.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{03376FE4-C880-430D-9B93-7A555395C305}: NameServer = 79.143.168.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{03376FE4-C880-430D-9B93-7A555395C305}: NameServer = 79.143.168.2
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ?????? Google Update (gupdate1c9c1b8b9412aae) (gupdate1c9c1b8b9412aae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - img.neogen.ro/common/foto/star_off1.gif

--
End of file - 9799 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Arrow Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

offline
  • Predox  Male
  • Novi MyCity građanin
  • Pridružio: 10 Apr 2009
  • Poruke: 19
  • Gde živiš: Doboj

uradio sam to valjda...Bio sam sinoć stavio da skenira pa sam čekao do 4 sata i nije bilo skeniralo pa sam prekinu pa jutros ponovo to sve uradio...




mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Predox  Male
  • Novi MyCity građanin
  • Pridružio: 10 Apr 2009
  • Poruke: 19
  • Gde živiš: Doboj

ComboFix 09-07-09.08 - Korisnik 11.07.2009 11:47.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.511.201 [GMT 2:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm13.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm130.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm1F7.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm332.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm38F.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm429.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm77.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm97.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\stb06759.tmp
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.3.0.790\Data\config.md
c:\program files\Media Access Startup\1.3.0.790\FF\chrome.manifest
c:\program files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.3.0.790\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.3.0.790\FF\install.rdf
c:\program files\Media Access Startup\1.3.0.790\HPCommon.dll
c:\program files\Media Access Startup\1.3.0.790\HPIEAddOn.dll
c:\program files\Media Access Startup\1.3.0.790\hppx.exe
c:\program files\Media Access Startup\1.3.0.790\MAHelper.exe
c:\program files\Media Access Startup\1.3.0.790\unins000.dat
c:\program files\Media Access Startup\1.3.0.790\unins000.exe
c:\program files\System Search Dispatcher\1.2.0.750\ssd.dll
c:\windows\clofghls.dll
c:\windows\Installer\1002e27.msp
c:\windows\Installer\100e4e4.msp
c:\windows\Installer\100fe19.msp
c:\windows\Installer\105f4da.msp
c:\windows\Installer\108c000.msp
c:\windows\Installer\109fc1a.msp
c:\windows\Installer\10a2caf.msp
c:\windows\Installer\10ca61b.msp
c:\windows\Installer\10dd10f.msp
c:\windows\Installer\1115265.msp
c:\windows\Installer\1128b24.msp
c:\windows\Installer\118087a.msp
c:\windows\Installer\118c9b6.msp
c:\windows\Installer\1192e7b.msp
c:\windows\Installer\11b229a.msp
c:\windows\Installer\11eb612.msp
c:\windows\Installer\1233ddc.msp
c:\windows\Installer\124c547.msp
c:\windows\Installer\132e500.msp
c:\windows\Installer\134a08b.msp
c:\windows\Installer\13c5245.msp
c:\windows\Installer\145161b.msp
c:\windows\Installer\150a025.msp
c:\windows\Installer\16d8e0.msp
c:\windows\Installer\174225b.msp
c:\windows\Installer\1744a94.msp
c:\windows\Installer\1808939.msp
c:\windows\Installer\18aaad9.msp
c:\windows\Installer\1901c0a.msp
c:\windows\Installer\1ac9170.msp
c:\windows\Installer\1b0cb49.msp
c:\windows\Installer\1b36f02.msp
c:\windows\Installer\1b87a73.msp
c:\windows\Installer\1bb63d0.msp
c:\windows\Installer\1c1e6c.msp
c:\windows\Installer\1cdc793.msp
c:\windows\Installer\1e7b053.msp
c:\windows\Installer\1ee3eac.msp
c:\windows\Installer\204a191.msp
c:\windows\Installer\22cd81f.msp
c:\windows\Installer\23168b.msp
c:\windows\Installer\2480ff5.msp
c:\windows\Installer\27ad3.msp
c:\windows\Installer\29001.msp
c:\windows\Installer\29944a7.msp
c:\windows\Installer\2cdbf1a.msp
c:\windows\Installer\2e18d6a.msp
c:\windows\Installer\2ed25.msp
c:\windows\Installer\308db.msp
c:\windows\Installer\30a1ad3.msp
c:\windows\Installer\30d601a.msp
c:\windows\Installer\3187b.msp
c:\windows\Installer\31fb901.msp
c:\windows\Installer\31fbe.msp
c:\windows\Installer\3278e.msp
c:\windows\Installer\32e0c8b.msp
c:\windows\Installer\336447d.msp
c:\windows\Installer\34b33.msp
c:\windows\Installer\34e95e4.msp
c:\windows\Installer\351b08.msp
c:\windows\Installer\353711d.msp
c:\windows\Installer\37010.msp
c:\windows\Installer\3819649.msp
c:\windows\Installer\381b03a.msp
c:\windows\Installer\38965.msp
c:\windows\Installer\38ca596.msp
c:\windows\Installer\3ac99b3.msp
c:\windows\Installer\3d533.msp
c:\windows\Installer\3d7c3.msp
c:\windows\Installer\3fbb6.msp
c:\windows\Installer\3ff7f23.msp
c:\windows\Installer\425c4.msp
c:\windows\Installer\437d5.msp
c:\windows\Installer\44c174a.msp
c:\windows\Installer\471b2.msp
c:\windows\Installer\488e57.msp
c:\windows\Installer\48c5e.msp
c:\windows\Installer\4e367.msp
c:\windows\Installer\52daf.msp
c:\windows\Installer\55a451.msp
c:\windows\Installer\55a55a.msp
c:\windows\Installer\571eb.msp
c:\windows\Installer\5fae2.msp
c:\windows\Installer\67a82.msp
c:\windows\Installer\682de.msp
c:\windows\Installer\6830ca.msp
c:\windows\Installer\699607.msp
c:\windows\Installer\6fcc9b.msp
c:\windows\Installer\73474a.msp
c:\windows\Installer\73bf78.msp
c:\windows\Installer\73d16.msp
c:\windows\Installer\75b608.msp
c:\windows\Installer\760fa.msp
c:\windows\Installer\7f13fb.msp
c:\windows\Installer\800938.msp
c:\windows\Installer\830cc4.msp
c:\windows\Installer\83130d.msp
c:\windows\Installer\87a6de.msp
c:\windows\Installer\8e5bd9.msp
c:\windows\Installer\9307e4.msp
c:\windows\Installer\94337.msp
c:\windows\Installer\9d9bb7.msp
c:\windows\Installer\9e2f7b.msp
c:\windows\Installer\a2087.msp
c:\windows\Installer\a5e905.msp
c:\windows\Installer\a72619.msp
c:\windows\Installer\a7cd75.msp
c:\windows\Installer\a89e52.msp
c:\windows\Installer\aab839.msp
c:\windows\Installer\ac7fab.msp
c:\windows\Installer\b0331d.msp
c:\windows\Installer\b07e30.msp
c:\windows\Installer\b08b6f.msp
c:\windows\Installer\b26465.msp
c:\windows\Installer\b5340f.msp
c:\windows\Installer\b89a6c.msp
c:\windows\Installer\b9f837.msp
c:\windows\Installer\bef61b.msp
c:\windows\Installer\c01b81.msp
c:\windows\Installer\c334b7.msp
c:\windows\Installer\cea5ea.msp
c:\windows\Installer\cff696.msp
c:\windows\Installer\d33e5e.msp
c:\windows\Installer\d3c2c1.msp
c:\windows\Installer\d549ce.msp
c:\windows\Installer\d5e5df.msp
c:\windows\Installer\d9adc4.msp
c:\windows\Installer\d9ceca.msp
c:\windows\Installer\db2fe0.msp
c:\windows\Installer\dbf65d.msp
c:\windows\Installer\dd3286.msp
c:\windows\Installer\dd6b88.msp
c:\windows\Installer\e03343.msp
c:\windows\Installer\e7751c.msp
c:\windows\Installer\efd084.msp
c:\windows\Installer\f1218d.msp
c:\windows\Installer\f35b22.msp
c:\windows\Installer\f76c45.msp
c:\windows\Installer\fc839d.msp
c:\windows\Installer\fce16d.msp

.
((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-10 07:34 . 2009-07-10 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\2E399
2009-07-09 13:30 . 2009-07-09 20:34 -------- d-----w- c:\windows\SxsCaPendDel
2009-07-08 21:23 . 2009-07-08 21:23 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer
2009-07-08 21:23 . 2009-07-08 21:23 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup
2009-07-08 21:22 . 2009-07-08 21:22 -------- d-----w- c:\program files\System Search Dispatcher
2009-07-08 21:22 . 2009-07-08 21:22 -------- d-----w- c:\program files\DoubleD
2009-07-08 21:21 . 2009-07-08 21:21 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\DoubleD
2009-07-08 13:50 . 2009-07-08 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\18280
2009-07-07 14:10 . 2009-07-07 14:10 5430 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}\_E8C2EED12CBD54698B3A54.exe
2009-07-07 14:10 . 2009-07-07 14:10 5430 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}\_6B7D9734814072B95063C9.exe
2009-07-07 14:10 . 2009-07-07 14:10 5430 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}\_6FEFF9B68218417F98F549.exe
2009-07-01 17:41 . 2009-07-01 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\2D1DA
2009-07-01 17:38 . 2009-07-01 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\2A247
2009-06-23 05:03 . 2009-06-29 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-22 19:49 . 2009-06-22 19:49 -------- d-----w- c:\program files\Messenger Plus! Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 09:52 . 2008-05-16 14:20 -------- d-----w- c:\documents and settings\Korisnik\Application Data\DNA
2009-07-11 09:32 . 2008-05-16 14:20 -------- d-----w- c:\program files\DNA
2009-07-11 07:30 . 2008-11-21 08:14 -------- d-----w- c:\program files\Garena
2009-07-10 12:26 . 2008-05-04 15:06 -------- d-----w- c:\program files\Warcraft III
2009-07-10 07:11 . 2007-11-19 22:02 -------- d-----w- c:\program files\Real
2009-07-10 07:10 . 2007-10-29 22:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-09 13:28 . 2007-11-19 22:28 -------- d-----w- c:\program files\Java
2009-07-09 13:27 . 2007-11-21 21:15 -------- d-----w- c:\program files\DVDVideoSoft
2009-07-07 14:10 . 2009-04-25 16:23 -------- d-----w- c:\program files\Readon Technology
2009-07-06 12:40 . 2007-12-27 21:50 -------- d-----w- c:\documents and settings\Korisnik\Application Data\BearShare
2009-06-06 22:26 . 2008-05-16 14:20 -------- d-----w- c:\documents and settings\Korisnik\Application Data\BitTorrent
2009-06-02 20:13 . 2009-06-02 20:11 -------- d-----w- c:\documents and settings\Korisnik\Application Data\DC++
2009-06-01 07:36 . 2009-06-01 07:36 390664 ----a-w- c:\documents and settings\Korisnik\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-22 08:56 . 2009-05-22 08:56 -------- d-----w- c:\program files\Avira
2009-05-22 08:56 . 2009-05-22 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-04-25 16:23 . 2009-04-25 16:23 5430 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{FD9C7AC3-B9C5-477D-A8C5-ECA0E29FD4D6}\_FDDFB6697B385D94A70E51.exe
2008-06-13 16:26 . 2008-06-13 16:04 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebcastTuner"="0 (0x0)" [X]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-18 342848]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-28 81920]
"AttuneClientEngine"="c:\progra~1\Aveo\Attune\bin\attune_ce.exe" [2000-07-24 356728]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-13 185896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-12 16264192]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22.5.2009 10:56 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5.3.2009 21:31 55152]
S3 fsssvc;Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 19:08 533360]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Korisnik\LOCALS~1\Temp\FMPF.tmp --> c:\docume~1\Korisnik\LOCALS~1\Temp\FMPF.tmp [?]
.
Contents of the 'Scheduled Tasks' folder

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 13:05]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 13:05]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=ev14h7ZIjS9L_c._Xzrjig&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
mStart Page = hxxp://home.sweetim.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {03376FE4-C880-430D-9B93-7A555395C305} = 79.143.168.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-11 11:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WebcastTuner = 63

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Korisnik\LOCALS~1\Temp\FMPF.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1409082233-926492609-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:65,2f,af,e6,6e,9a,a5,77,00,2d,08,be,90,df,bc,01,ec,64,72,a5,dd,43,1c,
54,85,49,ef,99,a9,07,91,5e,3c,4a,77,bb,d7,34,e4,bf,36,f3,47,67,91,50,c5,c3,\
"??"=hex:aa,ed,a4,c8,3a,0a,22,f4,49,6f,48,97,46,75,28,94
.
Completion time: 2009-07-11 12:00
ComboFix-quarantined-files.txt 2009-07-11 09:59

Pre-Run: 9.450.684.416 bytes free
Post-Run: 9.556.537.344 bytes free

313 --- E O F --- 2008-12-24 10:27

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Otvori Control Panel > Add/Remove Programs i deinstaliraj (ukoliko je moguće) program: Attune (u pitanju je adware).



-------------------------------------------------------------------------------------



Arrow Otvoriti Notepad i iskopirati sledeci tekst:


Folder::
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup
c:\program files\System Search Dispatcher
c:\program files\DoubleD
c:\documents and settings\Korisnik\Local Settings\Application Data\DoubleD
c:\progra~1\Aveo

DirLook::
c:\documents and settings\All Users\Application Data\2E399
c:\documents and settings\All Users\Application Data\18280

DDS::
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=ev14h7ZIjS9L_c._Xzrjig&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AttuneClientEngine"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Predox  Male
  • Novi MyCity građanin
  • Pridružio: 10 Apr 2009
  • Poruke: 19
  • Gde živiš: Doboj

ComboFix 09-07-09.08 - Korisnik 11.07.2009 12:37.6.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.511.149 [GMT 2:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Korisnik\Local Settings\Application Data\DoubleD
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\config.md
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\ipdata.md
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090708-232342.566.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-073914.125.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-092440.187.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-104730.500.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-110152.031.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-110557.718.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-133429.703.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-141426.093.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-163048.296.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-163055.500.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-175409.078.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090709-224635.359.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090710-091343.312.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090710-105329.562.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090710-122921.453.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090710-142823.296.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090710-201345.890.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090710-225730.953.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090710-225732.703.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090711-014356.812.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090711-092938.484.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\rstatus.md
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\config.md
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-232308.457.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-232341.972.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-073913.968.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-092439.484.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-104729.875.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-110151.937.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-110557.671.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-133428.546.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-141425.984.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-163048.140.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-163055.468.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-175408.906.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090709-224635.265.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-091343.031.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-105329.437.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-122921.328.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-142823.171.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-201345.359.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-225730.859.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-225732.687.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-014356.453.log
c:\documents and settings\Korisnik\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-092938.343.log
c:\program files\DoubleD
c:\program files\System Search Dispatcher
c:\program files\System Search Dispatcher\1.2.0.750\Data\eacore.mx
c:\program files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx
c:\program files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx
c:\program files\System Search Dispatcher\1.2.0.750\unins000.dat
c:\program files\System Search Dispatcher\1.2.0.750\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-10 07:34 . 2009-07-10 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\2E399
2009-07-09 13:30 . 2009-07-09 20:34 -------- d-----w- c:\windows\SxsCaPendDel
2009-07-08 13:50 . 2009-07-08 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\18280
2009-07-07 14:10 . 2009-07-07 14:10 5430 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}\_E8C2EED12CBD54698B3A54.exe
2009-07-07 14:10 . 2009-07-07 14:10 5430 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}\_6B7D9734814072B95063C9.exe
2009-07-07 14:10 . 2009-07-07 14:10 5430 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}\_6FEFF9B68218417F98F549.exe
2009-07-01 17:41 . 2009-07-01 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\2D1DA
2009-07-01 17:38 . 2009-07-01 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\2A247
2009-06-23 05:03 . 2009-06-29 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-22 19:49 . 2009-06-22 19:49 -------- d-----w- c:\program files\Messenger Plus! Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 10:42 . 2008-05-16 14:20 -------- d-----w- c:\documents and settings\Korisnik\Application Data\DNA
2009-07-11 09:32 . 2008-05-16 14:20 -------- d-----w- c:\program files\DNA
2009-07-11 07:30 . 2008-11-21 08:14 -------- d-----w- c:\program files\Garena
2009-07-10 12:26 . 2008-05-04 15:06 -------- d-----w- c:\program files\Warcraft III
2009-07-10 07:11 . 2007-11-19 22:02 -------- d-----w- c:\program files\Real
2009-07-10 07:10 . 2007-10-29 22:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-09 13:28 . 2007-11-19 22:28 -------- d-----w- c:\program files\Java
2009-07-09 13:27 . 2007-11-21 21:15 -------- d-----w- c:\program files\DVDVideoSoft
2009-07-07 14:10 . 2009-04-25 16:23 -------- d-----w- c:\program files\Readon Technology
2009-07-06 12:40 . 2007-12-27 21:50 -------- d-----w- c:\documents and settings\Korisnik\Application Data\BearShare
2009-06-06 22:26 . 2008-05-16 14:20 -------- d-----w- c:\documents and settings\Korisnik\Application Data\BitTorrent
2009-06-02 20:13 . 2009-06-02 20:11 -------- d-----w- c:\documents and settings\Korisnik\Application Data\DC++
2009-06-01 07:36 . 2009-06-01 07:36 390664 ----a-w- c:\documents and settings\Korisnik\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-22 08:56 . 2009-05-22 08:56 -------- d-----w- c:\program files\Avira
2009-05-22 08:56 . 2009-05-22 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-04-25 16:23 . 2009-04-25 16:23 5430 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{FD9C7AC3-B9C5-477D-A8C5-ECA0E29FD4D6}\_FDDFB6697B385D94A70E51.exe
2008-06-13 16:26 . 2008-06-13 16:04 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\18280 ----

2009-07-08 13:50 . 2009-04-12 19:31 4983 ----a-w- c:\documents and settings\All Users\Application Data\18280\{8293E30E-0437-4024-82E1-7ABE89235138}.swf

---- Directory of c:\documents and settings\All Users\Application Data\2E399 ----

2009-07-10 07:34 . 2009-04-12 19:31 4983 ----a-w- c:\documents and settings\All Users\Application Data\2E399\{AE506CA6-7284-4173-93C8-842A0A5364A3}.swf


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebcastTuner"="0 (0x0)" [X]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-18 342848]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-28 81920]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-13 185896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-12 16264192]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22.5.2009 10:56 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5.3.2009 21:31 55152]
S3 fsssvc;Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 19:08 533360]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Korisnik\LOCALS~1\Temp\FMPF.tmp --> c:\docume~1\Korisnik\LOCALS~1\Temp\FMPF.tmp [?]
.
Contents of the 'Scheduled Tasks' folder

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 13:05]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 13:05]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=ev14h7ZIjS9L_c._Xzrjig&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
mStart Page = hxxp://home.sweetim.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {03376FE4-C880-430D-9B93-7A555395C305} = 79.143.168.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-11 12:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WebcastTuner = 63

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Korisnik\LOCALS~1\Temp\FMPF.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1409082233-926492609-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:65,2f,af,e6,6e,9a,a5,77,00,2d,08,be,90,df,bc,01,ec,64,72,a5,dd,43,1c,
54,85,49,ef,99,a9,07,91,5e,3c,4a,77,bb,d7,34,e4,bf,36,f3,47,67,91,50,c5,c3,\
"??"=hex:aa,ed,a4,c8,3a,0a,22,f4,49,6f,48,97,46,75,28,94
.
Completion time: 2009-07-11 12:48
ComboFix-quarantined-files.txt 2009-07-11 10:46
ComboFix2.txt 2009-07-11 10:00

Pre-Run: 9.550.876.672 bytes free
Post-Run: 9.520.951.296 bytes free

188 --- E O F --- 2008-12-24 10:27

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Skini na Desktop (desni klik pa Save as...): https://www.mycity.rs/must-login.png

Dvoklikni na taj file i kada se pojavi upit, klikni Yes.



Kakvo je sada stanje?

offline
  • Predox  Male
  • Novi MyCity građanin
  • Pridružio: 10 Apr 2009
  • Poruke: 19
  • Gde živiš: Doboj

Obavio sam sve to...Šta sada treba da radim?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Treba da mi odgovoriš na ovo:

Citat:Kakvo je sada stanje?

Ko je trenutno na forumu
 

Ukupno su 866 korisnika na forumu :: 40 registrovanih, 6 sakrivenih i 820 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, A.R.Chafee.Jr., airsuba, Atomski čoban, babaroga, bojank, ccoogg123, Dorcolac, FileFinder, HogarStrashni, Karla, kybonacci, ladro, loon123, lord sir giga, MB120mm, milanovic, milenko crazy north, Milometer, Milos ZA, Milos82, MilosKop, Misirac, Motocar, nemkea71, nuke92, pein, pera bager, procesor, raptorsi, Ripanjac, Sirius, Srle993, stagezin, stegonosa, Stoilkovic, tubular, VitezKoja, Yugol33, |_MeD_|