Pomoc hitno potrebna!

2

Pomoc hitno potrebna!

offline
  • Pridružio: 11 Avg 2008
  • Poruke: 65
  • Gde živiš: Vancouver

Napisano: 03 Maj 2010 18:02

Nabavio sam hirens boot cd na kojem postoji mini windows, sta da radim dalje.


Nod mi prijavljuje sada samo ovaj fajl koji nemoze da izbrise c:window/system32/drivers/cdrom.sys

inace prikacio sam sliku mog Nod karantina (pun je)

a kad mi se log combofix-a zavrsi kacim i njega....


Dopuna: 03 Maj 2010 18:49

Dr. Boro unapred veliko vam hvala.......

mycity.rs/must-login.png



ComboFix 10-05-02.03 - test 05/03/2010 18:15:02.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.233 [GMT 2:00]
Running from: c:\documents and settings\test\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{9896F155-968E-4374-B479-F89EA049B290}\RP227\A0060461.sys

.
((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-01 15:29 . 2009-08-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-04-30 18:59 . 2004-08-03 22:56 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-04-30 18:59 . 2004-08-03 22:56 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-04-30 18:25 . 2010-04-30 18:25 -------- d-----w- c:\documents and settings\test\Local Settings\Application Data\ESET
2010-04-30 17:45 . 2010-04-30 17:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-04-29 08:25 . 2010-04-29 08:25 -------- d-----w- c:\documents and settings\Administrator.TESTERI-26A99C5\Local Settings\Application Data\Opera
2010-04-27 20:12 . 2010-04-27 20:12 -------- d-----w- c:\documents and settings\Administrator.TESTERI-26A99C5\Application Data\DivX
2010-04-18 11:10 . 2010-04-18 11:10 -------- d-----w- C:\NOD_upd
2010-04-18 11:09 . 2010-04-18 11:09 -------- d-----w- c:\program files\ESET
2010-04-18 11:09 . 2010-04-18 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 20:53 . 2009-03-30 15:24 10 ----a-w- c:\windows\popcinfo.dat
2010-05-01 20:36 . 2009-03-29 16:36 -------- d-----w- c:\documents and settings\test\Application Data\Skype
2010-05-01 16:33 . 2009-03-29 16:38 -------- d-----w- c:\documents and settings\test\Application Data\skypePM
2010-04-27 20:40 . 2004-08-03 22:56 1032192 ----a-w- c:\windows\explorer.exe
2010-04-27 20:40 . 2009-03-29 20:26 -------- d-----w- c:\documents and settings\test\Application Data\uTorrent
2010-04-27 20:15 . 2009-03-29 18:20 -------- d-----w- c:\program files\Unlocker
2010-04-19 12:59 . 2010-04-19 12:59 255472 ----a-w- c:\documents and settings\test\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-02 12:59 . 2010-03-02 12:59 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-02 12:59 . 2010-03-02 12:59 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-02 12:58 . 2009-05-10 00:07 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-02 12:58 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-04-30_19.02.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-03 16:22 . 2010-05-03 16:22 16384 c:\windows\Temp\Perflib_Perfdata_690.dat
+ 2009-03-29 15:36 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2009-03-29 15:36 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
- 2009-03-29 21:18 . 2006-09-25 15:58 14640 c:\windows\system32\spmsg.dll
+ 2009-03-29 21:18 . 2008-03-20 12:41 14640 c:\windows\system32\spmsg.dll
+ 2010-05-01 15:29 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 15360 c:\windows\system32\msisip.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 78848 c:\windows\system32\msiexec.exe
+ 2004-08-03 20:59 . 2004-08-03 20:59 49536 c:\windows\system32\drivers\cdrom.sys
+ 2009-03-29 15:36 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-03-29 15:36 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-03 22:56 . 2005-05-04 12:45 15360 c:\windows\system32\dllcache\msisip.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 78848 c:\windows\system32\dllcache\msiexec.exe
+ 2004-08-03 22:56 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-03 22:56 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
+ 2009-03-29 15:36 . 2009-08-06 17:23 209624 c:\windows\system32\wuweb.dll
+ 2009-03-29 15:36 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2009-03-29 15:36 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2010-05-01 15:29 . 2009-08-06 17:23 575704 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.4.7600.226\wuapi.dll
- 2004-08-03 22:56 . 2004-08-03 22:56 884736 c:\windows\system32\msimsg.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 884736 c:\windows\system32\msimsg.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 271360 c:\windows\system32\msihnd.dll
+ 2009-03-29 15:36 . 2009-08-06 17:23 209624 c:\windows\system32\dllcache\wuweb.dll
+ 2009-03-29 15:36 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-03-29 15:36 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
- 2004-08-03 22:56 . 2004-08-03 22:56 884736 c:\windows\system32\dllcache\msimsg.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 884736 c:\windows\system32\dllcache\msimsg.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 271360 c:\windows\system32\dllcache\msihnd.dll
+ 2009-03-29 15:36 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 2890240 c:\windows\system32\msi.dll
+ 2008-03-20 16:06 . 2008-03-20 16:06 1480232 c:\windows\system32\LegitCheckControl.dll
+ 2009-03-29 15:36 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 2890240 c:\windows\system32\dllcache\msi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-07 19:31 135664 ----atw- c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-02 12:58 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-16 21:02 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\test\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\test\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/11/2009 7:26 AM 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/11/2009 7:24 AM 735960]
S2 gupdate1c9dee19208e8a;Google Update Service (gupdate1c9dee19208e8a);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2009 5:37 PM 133104]
S3 FXDRV;FXDRV;\??\g:\fxdrv.sys --> g:\Fxdrv.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/29/2009 11:32 PM 682232]
.
Contents of the 'Scheduled Tasks' folder

2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 15:37]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 15:37]

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1801674531-1003Core.job
- c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 19:31]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1801674531-1003UA.job
- c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI699F~1\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-05-03 18:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{56d3df43-34d8-483c-8ecd-a6fe3ba4b11b}]
@Denied: (Full) (Everyone)
"Model"=dword:00000092
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,d4,ad,be,af,c7,ac,81,43,42,df,67,86,56,7b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):83,d9,4b,20,00,7f,47,58,72,2d,f3,33,1d,a0,51,29,70,e9,92,38,0d,
30,3a,9a,94,b8,fb,b9,07,7e,24,a1,6a,ff,62,20,7d,1a,49,19,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3408-)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Completion time: 2010-05-03 18:39:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-03 16:39
ComboFix2.txt 2010-05-01 15:17
ComboFix3.txt 2010-04-30 19:06
ComboFix4.txt 2009-12-06 15:48
ComboFix5.txt 2010-05-03 16:14

Pre-Run: 2,545,303,552 bytes free
Post-Run: 2,639,151,104 bytes free

- - End Of File - - 506C664ABF7001EC4083D70B8070A776

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Restartuj PC i postavi još jedan svež ComboFix log.

offline
  • Pridružio: 11 Avg 2008
  • Poruke: 65
  • Gde živiš: Vancouver

Napisano: 03 Maj 2010 19:16

hocu evo sada...

sada mi je prijavio c:system volume information/_restore{9896F155-968E-4374.../A0059950.sys

evo sada cu uraditi novi log!!

Dopuna: 03 Maj 2010 19:29

mycity.rs/must-login.png



ComboFix 10-05-02.03 - test 05/03/2010 19:21:03.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.159 [GMT 2:00]
Running from: c:\documents and settings\test\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-03 17:19 . 2010-05-03 17:20 -------- d-----w- C:\32788R22FWJFW
2010-05-01 15:29 . 2009-08-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-04-30 18:59 . 2004-08-03 22:56 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-04-30 18:59 . 2004-08-03 22:56 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-04-30 18:25 . 2010-04-30 18:25 -------- d-----w- c:\documents and settings\test\Local Settings\Application Data\ESET
2010-04-30 17:45 . 2010-04-30 17:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-04-29 08:25 . 2010-04-29 08:25 -------- d-----w- c:\documents and settings\Administrator.TESTERI-26A99C5\Local Settings\Application Data\Opera
2010-04-27 20:12 . 2010-04-27 20:12 -------- d-----w- c:\documents and settings\Administrator.TESTERI-26A99C5\Application Data\DivX
2010-04-19 12:59 . 2010-04-19 12:59 255472 ----a-w- c:\documents and settings\test\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-04-18 11:10 . 2010-04-18 11:10 -------- d-----w- C:\NOD_upd
2010-04-18 11:09 . 2010-04-18 11:09 -------- d-----w- c:\program files\ESET
2010-04-18 11:09 . 2010-04-18 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 20:53 . 2009-03-30 15:24 10 ----a-w- c:\windows\popcinfo.dat
2010-05-01 20:36 . 2009-03-29 16:36 -------- d-----w- c:\documents and settings\test\Application Data\Skype
2010-05-01 16:33 . 2009-03-29 16:38 -------- d-----w- c:\documents and settings\test\Application Data\skypePM
2010-04-27 20:40 . 2004-08-03 22:56 1032192 ----a-w- c:\windows\explorer.exe
2010-04-27 20:40 . 2009-03-29 20:26 -------- d-----w- c:\documents and settings\test\Application Data\uTorrent
2010-04-27 20:15 . 2009-03-29 18:20 -------- d-----w- c:\program files\Unlocker
2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-02 12:59 . 2010-03-02 12:59 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-02 12:59 . 2010-03-02 12:59 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-02 12:58 . 2009-05-10 00:07 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-02 12:58 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-04-30_19.02.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-03 17:19 . 2010-05-03 17:19 16384 c:\windows\Temp\Perflib_Perfdata_e8.dat
+ 2009-03-29 15:36 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2009-03-29 15:36 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
- 2009-03-29 21:18 . 2006-09-25 15:58 14640 c:\windows\system32\spmsg.dll
+ 2009-03-29 21:18 . 2008-03-20 12:41 14640 c:\windows\system32\spmsg.dll
+ 2010-05-01 15:29 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 15360 c:\windows\system32\msisip.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 78848 c:\windows\system32\msiexec.exe
+ 2004-08-03 20:59 . 2004-08-03 20:59 49536 c:\windows\system32\drivers\cdrom.sys
+ 2009-03-29 15:36 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-03-29 15:36 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-03 22:56 . 2005-05-04 12:45 15360 c:\windows\system32\dllcache\msisip.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 78848 c:\windows\system32\dllcache\msiexec.exe
+ 2004-08-03 22:56 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-03 22:56 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
+ 2009-03-29 15:36 . 2009-08-06 17:23 209624 c:\windows\system32\wuweb.dll
+ 2009-03-29 15:36 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2009-03-29 15:36 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2010-05-01 15:29 . 2009-08-06 17:23 575704 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.4.7600.226\wuapi.dll
- 2004-08-03 22:56 . 2004-08-03 22:56 884736 c:\windows\system32\msimsg.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 884736 c:\windows\system32\msimsg.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 271360 c:\windows\system32\msihnd.dll
+ 2009-03-29 15:36 . 2009-08-06 17:23 209624 c:\windows\system32\dllcache\wuweb.dll
+ 2009-03-29 15:36 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-03-29 15:36 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
- 2004-08-03 22:56 . 2004-08-03 22:56 884736 c:\windows\system32\dllcache\msimsg.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 884736 c:\windows\system32\dllcache\msimsg.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 271360 c:\windows\system32\dllcache\msihnd.dll
+ 2009-03-29 15:36 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 2890240 c:\windows\system32\msi.dll
+ 2008-03-20 16:06 . 2008-03-20 16:06 1480232 c:\windows\system32\LegitCheckControl.dll
+ 2009-03-29 15:36 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-03 22:56 . 2005-05-04 12:45 2890240 c:\windows\system32\dllcache\msi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-07 19:31 135664 ----atw- c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-02 12:58 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-16 21:02 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\test\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\test\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/11/2009 7:26 AM 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/11/2009 7:24 AM 735960]
S2 gupdate1c9dee19208e8a;Google Update Service (gupdate1c9dee19208e8a);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2009 5:37 PM 133104]
S3 FXDRV;FXDRV;\??\g:\fxdrv.sys --> g:\Fxdrv.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/29/2009 11:32 PM 682232]
.
Contents of the 'Scheduled Tasks' folder

2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 15:37]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 15:37]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1801674531-1003Core.job
- c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 19:31]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1801674531-1003UA.job
- c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI699F~1\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-05-03 19:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{56d3df43-34d8-483c-8ecd-a6fe3ba4b11b}]
@Denied: (Full) (Everyone)
"Model"=dword:00000092
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,d4,ad,be,af,c7,ac,81,43,42,df,67,86,56,7b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):83,d9,4b,20,00,7f,47,58,72,2d,f3,33,1d,a0,51,29,70,e9,92,38,0d,
30,3a,9a,94,b8,fb,b9,07,7e,24,a1,6a,ff,62,20,7d,1a,49,19,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2356)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-03 19:27:21
ComboFix-quarantined-files.txt 2010-05-03 17:27
ComboFix2.txt 2010-05-03 16:39
ComboFix3.txt 2010-05-01 15:17
ComboFix4.txt 2010-04-30 19:06
ComboFix5.txt 2010-05-03 17:20

Pre-Run: 2,087,706,624 bytes free
Post-Run: 2,055,536,640 bytes free

- - End Of File - - 633EA4C629496B711BE6A1CA1F6E1083

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo sada izgleda ok.

Detektuje li sada NOD nešto što ne može da obriše?

offline
  • Pridružio: 11 Avg 2008
  • Poruke: 65
  • Gde živiš: Vancouver

Nod mi narandzst i pokazuje mi da moram updatovati windows, pored toga mi pokazuje da c:system volume information/?restore{9896F155-968E-4374.../A0059951.sys nemoze izbrisati!!!!!!!




Sta dalje profesore?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Isključi i zatim ponovo uključi System Restore:

http://www.mycity.rs/Uputstva/Kako-iskljuciti-uklj.....Vista.html


Nakon ovoga više ne bi trebalo biti te gornje detekcije.

offline
  • Pridružio: 11 Avg 2008
  • Poruke: 65
  • Gde živiš: Vancouver

Kako da uninstall combofix i gmer??

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.


Gmer i ostale korišćene programe možeš obrisati.

Ko je trenutno na forumu
 

Ukupno su 1037 korisnika na forumu :: 17 registrovanih, 6 sakrivenih i 1014 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bestguarder, Djokislav, indja, ladro, laki_bb, Lazarus, nenad81, panzerwaffe, Parker, sickmouse, SlaKoj, Srky Boy, Trpe Grozni, vlad the impaler, W123, Zimbabwe, zzapNDjuric99