Pomoc oko virusa

1

Pomoc oko virusa

offline
  • Pridružio: 16 Jun 2009
  • Poruke: 44

Drugar mi ima problem sa racunarom, javlja mu da ga je napao virus "intervalhehehe"!!!

Molio bih vas ako mozete da mi pomognete kako je najbolje da to ocistimo, unapred zahvalan Pozzzz

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8444
  • Gde živiš: Novi Beograd

Tako sto ces ispratiti ovaj link, i uraditi kako se tu kaze:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 16 Jun 2009
  • Poruke: 44

pa vam sada saljem podatke koje ste trazili, pozzz HVALA!!!1



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:25, on 15.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ovislink\Common\AirLiveUI.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\New Folder (2)\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: 115.47.207.146 yahoo.com
O1 - Hosts: 115.47.207.146 google.com
O1 - Hosts: 115.47.207.146 google.co.uk
O1 - Hosts: 115.47.207.146 myspace.com
O1 - Hosts: 115.47.207.146 youtube.com
O1 - Hosts: 115.47.207.146 facebook.com
O1 - Hosts: 115.47.207.146 antispy.com
O1 - Hosts: 115.47.207.146 yahoo.com
O1 - Hosts: 115.47.207.146 yahoo.co.uk
O1 - Hosts: 115.47.207.146 antispyware.com
O1 - Hosts: 115.47.207.146 antispyware.com
O1 - Hosts: 115.47.207.146 antispy.com
O1 - Hosts: 115.47.207.146 msn.com
O1 - Hosts: 115.47.207.146 asdfasdfd.com
O1 - Hosts: 115.47.207.146 gg.com
O1 - Hosts: 115.47.207.146 ghfhj.com
O1 - Hosts: 115.47.207.146 cvnbcvnb.com
O1 - Hosts: 115.47.207.146 1.com
O1 - Hosts: 115.47.207.146 3.com
O1 - Hosts: 115.47.207.146 asdf4asdfd.com
O1 - Hosts: 115.47.207.146 asdfawsdfd.com
O1 - Hosts: 115.47.207.146 asdfatsdfd.com
O1 - Hosts: 115.47.207.146 asdfasdfd.com
O1 - Hosts: 115.47.207.146 asdfadsdfd.com
O1 - Hosts: 115.47.207.146 asdfasdfd.com
O1 - Hosts: 115.47.207.146 asdfafsdfd.com
O1 - Hosts: 115.47.207.146 asdfasdfd.com
O1 - Hosts: 115.47.207.146 asdfagsdfd.com
O1 - Hosts: 115.47.207.146 asdfasgdfd.com
O1 - Hosts: 115.47.207.146 asdfasdhfd.com
O1 - Hosts: 115.47.207.146 asdfasdfjd.com
O1 - Hosts: 115.47.207.146 asdfasdfkd.com
O1 - Hosts: 115.47.207.146 asdfasdfld.com
O1 - Hosts: 115.47.207.146 asdfasdf,d.com
O1 - Hosts: 115.47.207.146 asxdfasdfd.com
O1 - Hosts: 115.47.207.146 asdzfasdfd.com
O1 - Hosts: 115.47.207.146 asdcfasdfd.com
O1 - Hosts: 115.47.207.146 asdfvasdfd.com
O1 - Hosts: 115.47.207.146 asdfabsdfd.com
O1 - Hosts: 115.47.207.146 asdfasndfd.com
O1 - Hosts: 115.47.207.146 asdfasdmfd.com
O1 - Hosts: 115.47.207.146 asdfasdfd.com
O1 - Hosts: 115.47.207.146 11asdfasdfd.com
O1 - Hosts: 115.47.207.146 as222dfasdfd.com
O1 - Hosts: 115.47.207.146 asdfa33sdfd.com
O1 - Hosts: 115.47.207.146 asdfasd44fd.com
O1 - Hosts: 115.47.207.146 asdfasdfd5.com
O1 - Hosts: 115.47.207.146 as66dfasdfd.com
O1 - Hosts: 115.47.207.146 asdf77asdfd.com
O1 - Hosts: 115.47.207.146 asdf8asdfd.com
O1 - Hosts: 115.47.207.146 asdf9asdfd.com
O1 - Hosts: 115.47.207.146 asdf0asdfd.com
O1 - Hosts: 115.47.207.146 asdf-asdfd.com
O1 - Hosts: 115.47.207.146 aqqsdfasdfd.com
O1 - Hosts: 115.47.207.146 aswwdfasdfd.com
O1 - Hosts: 123.16.197.121 asdhhfasdfdyy.com
O1 - Hosts: 115.47.207.146 live.com
O1 - Hosts: 115.47.207.146 asdwwwfasdfd.com
O1 - Hosts: 115.47.207.146 asdfeasdfd.com
O1 - Hosts: 115.47.207.146 asdfrrasdfd.com
O1 - Hosts: 115.47.207.146 asdfttasdfd.com
O1 - Hosts: 115.47.207.146 asdfyyasdfd.com
O1 - Hosts: 115.47.207.146 asdfuuuasdfd.com
O1 - Hosts: 115.47.207.146 asdfaiisdfd.com
O1 - Hosts: 115.47.207.146 asdfaoosdfd.com
O1 - Hosts: 115.47.207.146 asdfappsdfd.com
O1 - Hosts: 115.47.207.146 asdfasssdfd.com
O1 - Hosts: 115.47.207.146 aswwdfasdfd.com
O1 - Hosts: 115.47.207.146 asdeefasdfd.com
O1 - Hosts: 115.47.207.146 asdfffasdfd.com
O1 - Hosts: 115.47.207.146 asdfavvvsdfd.com
O1 - Hosts: 115.47.207.146 asnnndfasdfd.com
O1 - Hosts: 115.47.207.146 asdmmmfasdfd.com
O1 - Hosts: 115.47.207.146 asdfaffsdfd.com
O1 - Hosts: 115.47.207.146 asdhhfasdfd.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AirLive 802.11G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\AirLiveUI.exe
O4 - Global Startup: Thunder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{69A98FC0-AA3D-45CE-9931-1E22390CFEE5}: NameServer = 87.250.98.250 208.67.222.222
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - kkbosna.com/slike/igraci/7_Ikonic_V.jpg

--
End of file - 7708 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8444
  • Gde živiš: Novi Beograd

Pokreni ponovo HiJack This, skeniraj i cekiraj sledece kvadratice ispred linija:

O1 - Hosts: 115.47.207.146 www.yahoo.com
O1 - Hosts: 115.47.207.146 www.google.com
O1 - Hosts: 115.47.207.146 www.google.co.uk
O1 - Hosts: 115.47.207.146 www.myspace.com
O1 - Hosts: 115.47.207.146 www.youtube.com
O1 - Hosts: 115.47.207.146 www.facebook.com
O1 - Hosts: 115.47.207.146 www.antispy.com
O1 - Hosts: 115.47.207.146 www.yahoo.com
O1 - Hosts: 115.47.207.146 www.yahoo.co.uk
O1 - Hosts: 115.47.207.146 www.antispyware.com
O1 - Hosts: 115.47.207.146 antispyware.com
O1 - Hosts: 115.47.207.146 antispy.com
O1 - Hosts: 115.47.207.146 www.msn.com
O1 - Hosts: 115.47.207.146 www.asdfasdfd.com
O1 - Hosts: 115.47.207.146 www.gg.com
O1 - Hosts: 115.47.207.146 www.ghfhj.com
O1 - Hosts: 115.47.207.146 www.cvnbcvnb.com
O1 - Hosts: 115.47.207.146 www.1.com
O1 - Hosts: 115.47.207.146 www.3.com
O1 - Hosts: 115.47.207.146 www.asdf4asdfd.com
O1 - Hosts: 115.47.207.146 www.asdfawsdfd.com
O1 - Hosts: 115.47.207.146 www.asdfatsdfd.com
O1 - Hosts: 115.47.207.146 www.asdfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfadsdfd.com
O1 - Hosts: 115.47.207.146 www.asdfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfafsdfd.com
O1 - Hosts: 115.47.207.146 www.asdfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfagsdfd.com
O1 - Hosts: 115.47.207.146 www.asdfasgdfd.com
O1 - Hosts: 115.47.207.146 www.asdfasdhfd.com
O1 - Hosts: 115.47.207.146 www.asdfasdfjd.com
O1 - Hosts: 115.47.207.146 www.asdfasdfkd.com
O1 - Hosts: 115.47.207.146 www.asdfasdfld.com
O1 - Hosts: 115.47.207.146 www.asdfasdf,d.com
O1 - Hosts: 115.47.207.146 www.asxdfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdzfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdcfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfvasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfabsdfd.com
O1 - Hosts: 115.47.207.146 www.asdfasndfd.com
O1 - Hosts: 115.47.207.146 www.asdfasdmfd.com
O1 - Hosts: 115.47.207.146 www.asdfasdfd.com
O1 - Hosts: 115.47.207.146 www.11asdfasdfd.com
O1 - Hosts: 115.47.207.146 www.as222dfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfa33sdfd.com
O1 - Hosts: 115.47.207.146 www.asdfasd44fd.com
O1 - Hosts: 115.47.207.146 www.asdfasdfd5.com
O1 - Hosts: 115.47.207.146 www.as66dfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdf77asdfd.com
O1 - Hosts: 115.47.207.146 www.asdf8asdfd.com
O1 - Hosts: 115.47.207.146 www.asdf9asdfd.com
O1 - Hosts: 115.47.207.146 www.asdf0asdfd.com
O1 - Hosts: 115.47.207.146 www.asdf-asdfd.com
O1 - Hosts: 115.47.207.146 www.aqqsdfasdfd.com
O1 - Hosts: 115.47.207.146 www.aswwdfasdfd.com
O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com
O1 - Hosts: 115.47.207.146 www.live.com
O1 - Hosts: 115.47.207.146 www.asdwwwfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfeasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfrrasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfttasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfyyasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfuuuasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfaiisdfd.com
O1 - Hosts: 115.47.207.146 www.asdfaoosdfd.com
O1 - Hosts: 115.47.207.146 www.asdfappsdfd.com
O1 - Hosts: 115.47.207.146 www.asdfasssdfd.com
O1 - Hosts: 115.47.207.146 www.aswwdfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdeefasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfffasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfavvvsdfd.com
O1 - Hosts: 115.47.207.146 www.asnnndfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdmmmfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfaffsdfd.com
O1 - Hosts: 115.47.207.146 www.asdhhfasdfd.com

i klikni FIX CHECKED.

Zatim mi postavi novi log.

offline
  • Pridružio: 16 Jun 2009
  • Poruke: 44

Nisam stiga prije da se javim, izvinjavam se, uradio sam kao sto ste mi rekli javio je da je obrisao sve te cekirane, ja sam posle toga ponovi sa hijackom i saljem vam notepad koji mi poslao nakon cekiranja, pozdrav i hvala



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:03, on 17.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ovislink\Common\AirLiveUI.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sopidkc.exe
C:\Documents and Settings\Administrator\Desktop\New Folder (2)\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AirLive 802.11G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\AirLiveUI.exe
O4 - Global Startup: Thunder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{69A98FC0-AA3D-45CE-9931-1E22390CFEE5}: NameServer = 87.250.98.250 208.67.222.222
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe
O23 - Service: sopidkc Service (sopidkc) - Elecard Lt - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - kkbosna.com/slike/igraci/7_Ikonic_V.jpg

--
End of file - 4395 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8444
  • Gde živiš: Novi Beograd

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 16 Jun 2009
  • Poruke: 44

salje notepad od combofixa


ComboFix 09-06-17.04 - Administrator 17.06.2009 19:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.260 [GMT 13:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\mta102135.dll
c:\windows\Install.txt
c:\windows\irc.txt
c:\windows\system32\6to4ex.dll
c:\windows\system32\comsa32.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\Install.txt
c:\windows\system32\msncache.dll
c:\windows\system32\sopidkc.exe
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\wtukd32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_MSNCACHE
-------\Legacy_SOPIDKC
-------\Service_6to4
-------\Service_msncache
-------\Service_sopidkc


((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-06-15 06:40 . 2009-06-15 06:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2009-06-14 07:22 . 2009-06-14 07:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-06-14 07:14 . 2009-06-14 07:14 -------- d-----w- c:\program files\ESET
2009-06-14 07:14 . 2009-06-14 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-14 06:25 . 2009-06-14 06:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-14 06:01 . 2009-06-14 06:01 0 ----a-w- c:\windows\nsreg.dat
2009-06-14 06:01 . 2009-06-14 06:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-14 05:04 . 2007-10-22 20:22 3350528 ---ha-w- c:\documents and settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe
2009-06-14 05:04 . 2009-06-14 05:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 02:49 . 2009-05-14 02:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 02:47 . 2009-05-14 02:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 02:41 . 2009-05-14 02:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-02 05:19 . 2009-05-02 04:41 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-30 07:08 . 2009-04-30 07:08 1915520 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-04-28 14:27 . 2009-04-28 14:27 78848 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\wproxy2.dll
2009-04-28 14:27 . 2009-04-28 14:27 210432 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\wlan2.dll
2009-04-28 14:27 . 2009-04-28 14:27 10752 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\system.dll
2009-04-28 14:27 . 2009-04-28 14:27 718848 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\secure.dll
2009-04-28 14:27 . 2009-04-28 14:27 97280 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\routing.dll
2009-04-28 14:27 . 2009-04-28 14:26 118272 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\ppp.dll
2009-04-28 14:26 . 2009-04-28 14:26 55808 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\ntp.dll
2009-04-28 14:26 . 2009-04-28 14:26 123904 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\hotspot.dll
2009-04-28 14:26 . 2009-04-28 14:26 92672 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\dhcp.dll
2009-04-28 14:26 . 2009-04-28 14:26 73728 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\advtool.dll
2009-04-28 14:26 . 2009-04-28 14:26 1257472 ----a-w- c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\roteros.dll
2009-04-28 14:26 . 2009-04-28 14:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Mikrotik
2009-04-28 02:13 . 2009-04-28 02:13 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-04-28 02:13 . 2009-04-28 02:13 -------- d-----w- c:\program files\Ovislink
2009-04-28 02:13 . 2007-02-19 17:47 -------- d--h--w- c:\program files\InstallShield Installation Information
.

((((((((((((((((((((((((((((( SnapShot@2009-06-14_05.47.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-03 23:56 . 2004-08-03 23:56 49152 c:\windows\system32\ws2help32.dll
+ 2009-06-14 07:15 . 2009-06-14 07:15 10134 c:\windows\Installer\{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}\callmsi.exe
+ 2009-06-14 07:10 . 2009-06-14 07:10 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2009-06-14 07:15 . 2009-06-14 07:15 101480 c:\windows\Installer\{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}\egui.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-11-17 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-11-17 118784]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"PowerDVD"="c:\program files\CyberLink\PowerDVD\PowerDVD.exe" [2003-09-05 409600]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-01-16 1220608]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AirLive 802.11G Wireless Utility.lnk - c:\program files\Ovislink\Common\AirLiveUI.exe [2009-4-28 1748992]
Thunder.exe [2009-6-11 3584]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [14.11.2008 9:54 9344]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [14.11.2008 9:54 468480]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\Ovislink\Common\RalinkRegistryWriter.exe [28.4.2009 15:13 69632]
R3 MadgeTRN;Madge Token-Ring Adapter NDIS5 Driver;c:\windows\system32\drivers\mdgndis5.sys [20.2.2008 5:51 164586]
S2 safeKis;safeKis;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp50.tmp --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp50.tmp [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {69A98FC0-AA3D-45CE-9931-1E22390CFEE5} = 87.250.98.250 208.67.222.222
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-06-17 19:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6to4]
"ServiceDll"="c:\windows\system32\6to4ex.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\safeKis]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp5.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3568-)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\windows\system32\Msi.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\shdoclc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\Thunder.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\tpsaxyd.exe
.
**************************************************************************
.
Completion time: 2009-06-17 19:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-17 06:48
ComboFix2.txt 2009-06-15 06:50
ComboFix3.txt 2009-06-14 05:49

Pre-Run: 19.560.804.352 bytes free
Post-Run: 19.575.709.696 bytes free

157

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8444
  • Gde živiš: Novi Beograd

Uploaduj mi:

c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\ns2.9.51\routing.dll

preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 16 Jun 2009
  • Poruke: 44

prijatelju nisam nikako moga da nadjem fajl koji si mi trazio da upload-ujem, jedino sto sam nasao je:(to sam i uploadovo)

c:\documents and settings\Administrator\user Data\index

u folderu user data postoje folderi:

05IHUNGN;

I1H0WUQZ;

LY15J5NR;

QDGBYNQ7.

nadam se da je to, to, ili ipak nije....?!

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8444
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\6to4ex.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp50.tmp
c:\windows\system32\tpsaxyd.exe

Driver::
safeKis

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6to4]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\safeKis]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 928 korisnika na forumu :: 38 registrovanih, 7 sakrivenih i 883 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, Aleksa-, alexmiki, Arhiv, ArmyBoss, babaroga, bojank, caesar, cenejac111, DonRumataEstorski, dragon986, Drug pukovnik, FOX, indja, Iwo Jima, leptirleptir, Marko Marković, mercedesamg, milos.cbr, misa2, mnn2, Mr. Majevica, nik8282, nuke92, ObelixSRB, pedja.st, robertino, Sale.S, Snorks, stegonosa, The Joker, Toni, Trpe Grozni, Van, vathra, YU-UKI, Zmaj001, Živković