MyCity » Ambulanta -> Arhiva Ambulante » Potrebna pomoc oko virusa ?!

Potrebna pomoc oko virusa ?!

Napisano na dan: 7.12.2008

Potrebna pomoc oko virusa ?!
Sledeća strana Pagination

Idi na vrh

Poslao: 07 Dec 2008 17:13
Idi na vrh
offline
  • Pridružio: 13 Jan 2008
  • Poruke: 40

Zdravo Very Happy...imam problem : usporen rad racunara, sam se restartuje, antivirus mi svakih 2-3 min iskace , trojan je u pitanju...pa vas molim da pokusamo to nekako da resimo ? ...unapred hvala Very Happy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:17 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Antivirus 2009\av2009.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Documents and Settings\Marina\Desktop\Hajackthis\TR3.exe..exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader 8.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender8\bdnagent.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [62842784586645465967789840984062] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7172 bytes

Poslao: 07 Dec 2008 18:04
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pozdrav, andrej007 Wink

Tvoj kompjuter je zaista zarazen i verovatno je to uzrok usporenosti sistema...

Potrebno je da uradis sledece :


Arrow Klikni desnim tasterom miša na BitDefender ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Show.
Nakon toga, takođe, u donjem, desnom uglu prozora izaberi Settings.
Zatim odštikliraj Real-Time potection is enabled, i u padajućem meniju izaberi Permanently i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.



Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 07 Dec 2008 18:25
Idi na vrh
offline
  • Pridružio: 13 Jan 2008
  • Poruke: 40

Stvarno sam se potrudio ali nisam nasho ovu opciju "Zatim odštikliraj Real-Time potection is enabled, i u padajućem meniju izaberi Permanently i klikni OK." pa ako mi mozes pomoci....skinuo sam combo fix

da li da napravim log cobo fix-a i bez toga ili ???

Poslao: 07 Dec 2008 18:27
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pa probaj nekako da iskljucis svoj AV..Ja nikad nisam koristio taj AV...
Ako ne uspes pusti samo Combofix...

Poslao: 07 Dec 2008 18:55
Idi na vrh
offline
  • Pridružio: 13 Jan 2008
  • Poruke: 40

nisam uspeo da ga iskljucim ali evo ga log od combo-a....

ComboFix 08-12-06.06 - Marina 2008-12-07 18:40:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.52 [GMT 1:00]
Running from: c:\documents and settings\Marina\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Antivirus 2009
c:\program files\Antivirus 2009\av2009.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\INSTALL.LOG
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0103E505.bin
c:\program files\MyWebSearch\bar\Cache\0103FCA4.bin
c:\program files\MyWebSearch\bar\Cache\01040B88.bin
c:\program files\MyWebSearch\bar\Cache\01041397.bin
c:\program files\MyWebSearch\bar\Cache\01041B38
c:\program files\MyWebSearch\bar\Cache\0104F183.bin
c:\program files\MyWebSearch\bar\Cache\0104F57B.bin
c:\program files\MyWebSearch\bar\Cache\01050375.bin
c:\program files\MyWebSearch\bar\Cache\01050B06.bin
c:\program files\MyWebSearch\bar\Cache\017A11B4
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\system32\explorer32.exe
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\ieupdates.exe
c:\windows\system32\TDSScfub.dll
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSosvn.dat
c:\windows\system32\TDSStkdv.log
c:\windows\system32\winsrc.dll.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-04 23:13 . 2008-12-04 23:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\espionServerData
2008-12-04 21:17 . 2008-12-07 18:36 <DIR> d-------- c:\program files\Partizan Script
2008-12-02 23:53 . 2008-12-02 23:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-02 23:49 . 2008-12-02 23:49 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-12-02 23:34 . 2008-12-02 23:33 118,520 --------- c:\windows\system32\pxinsi64.exe
2008-12-02 23:34 . 2008-12-02 23:33 116,472 --------- c:\windows\system32\pxcpyi64.exe
2008-12-01 21:16 . 2008-12-01 21:16 <DIR> d-------- c:\documents and settings\Marina\Application Data\Corel
2008-12-01 21:16 . 2008-12-05 22:39 88 -r-hs---- c:\windows\system32\939AC3ABC2.sys
2008-12-01 21:04 . 2008-12-01 21:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2008-12-01 20:57 . 2008-12-01 20:59 <DIR> d-------- c:\program files\Common Files\Corel
2008-12-01 20:50 . 2008-12-05 22:39 2,828 --ahs---- c:\windows\system32\KGyGaAvL.sys
2008-12-01 20:34 . 2008-12-01 20:57 <DIR> d-------- c:\program files\Corel
2008-12-01 20:34 . 2008-12-01 20:34 <DIR> d-------- c:\documents and settings\Marina\Application Data\InstallShield
2008-11-29 07:50 . 2008-12-04 15:03 <DIR> d-------- c:\program files\Counter-Strike 1.6
2008-11-20 23:56 . 2008-11-20 23:56 0 --a------ c:\windows\nsreg.dat
2008-11-18 22:04 . 2008-11-18 22:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bluetooth
2008-11-18 22:02 . 2004-08-03 23:10 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2008-11-18 22:02 . 2004-08-03 23:10 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2008-11-18 22:02 . 2004-08-03 22:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2008-11-18 22:02 . 2004-08-03 22:58 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2008-11-18 22:01 . 2004-08-03 23:10 85,376 --a------ c:\windows\system32\drivers\NABTSFEC.sys
2008-11-18 22:01 . 2004-08-03 23:10 85,376 --a--c--- c:\windows\system32\dllcache\nabtsfec.sys
2008-11-18 22:01 . 2004-08-03 23:10 19,328 --a------ c:\windows\system32\drivers\WSTCODEC.SYS
2008-11-18 22:01 . 2004-08-03 23:10 19,328 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
2008-11-18 22:01 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys
2008-11-18 22:01 . 2004-08-03 23:10 17,024 --a--c--- c:\windows\system32\dllcache\ccdecode.sys
2008-11-18 22:01 . 2004-08-04 00:56 16,384 --a------ c:\windows\system32\ipsink.ax
2008-11-18 22:01 . 2004-08-04 00:56 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2008-11-18 22:01 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2008-11-18 22:01 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\streamip.sys
2008-11-18 22:01 . 2004-08-03 23:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2008-11-18 22:01 . 2004-08-03 23:10 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2008-11-18 21:59 . 2008-11-18 21:59 <DIR> d-------- c:\program files\IVT Corporation
2008-11-18 21:59 . 2004-09-21 18:18 148,830 --a------ c:\windows\system32\drivers\bcbthub.sys
2008-11-18 21:59 . 2004-09-21 18:18 116,021 --a------ c:\windows\system32\drivers\fw203x.sys
2008-11-18 21:59 . 2005-03-25 17:18 82,148 --a------ c:\windows\system32\drivers\VcommMgr.sys
2008-11-18 21:59 . 2004-10-19 13:37 61,312 --a------ c:\windows\system32\drivers\VComm.sys
2008-11-18 21:59 . 2005-04-08 17:19 49,152 --a------ c:\windows\system32\btfunc.dll
2008-11-18 21:59 . 2005-04-30 14:50 28,271 --a------ c:\windows\system32\drivers\BTHidMgr.sys
2008-11-18 21:59 . 2005-05-31 09:42 23,000 --a------ c:\windows\system32\drivers\btcusb.sys
2008-11-18 21:59 . 2005-05-31 15:40 20,480 --a------ c:\windows\system32\drivers\blueletaudio.sys
2008-11-18 21:59 . 2004-12-16 16:32 13,304 --a------ c:\windows\system32\drivers\BTNetFilter.sys
2008-11-18 21:59 . 2005-04-30 14:50 11,860 --a------ c:\windows\system32\drivers\vbtenum.sys
2008-11-18 21:59 . 2005-04-30 14:50 11,736 --a------ c:\windows\system32\drivers\VHIDMini.sys
2008-11-18 21:59 . 2005-04-30 14:48 10,804 --a------ c:\windows\system32\drivers\BtNetDrv.sys
2008-11-18 21:59 . 2004-09-21 18:18 7,680 --a------ c:\windows\system32\btinstall.dll
2008-11-16 22:44 . 2008-11-16 22:44 58 --a------ c:\windows\WININIT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 17:29 --------- d-----w c:\program files\MessengerDiscovery
2008-12-02 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\Close Noun Junk Logo
2008-12-02 22:49 --------- d-----w c:\program files\Common Files\Adobe
2008-12-01 17:35 --------- d-----w c:\program files\Common Files\ACD Systems
2008-11-29 22:47 --------- d-----w c:\documents and settings\Marina\Application Data\Wildfire
2008-11-26 22:10 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-24 20:20 --------- d-----w c:\documents and settings\Marina\Application Data\dog blah bait
2008-11-22 12:18 --------- d-----w c:\program files\GameHouse
2008-11-18 20:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-29 12:11 --------- d-----w c:\documents and settings\All Users\Application Data\Ball mapi owns ping
2008-10-20 19:17 --------- d-----w c:\program files\Super Internet TV
2008-10-20 15:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-20 13:50 --------- d-----w c:\program files\PhotoScape
2008-10-18 17:22 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-18 17:15 --------- d-----w c:\program files\directx
2008-10-10 23:32 --------- d-----w c:\program files\Windows Live
2008-10-10 20:55 12,400 ----a-w c:\windows\system32\drivers\secdrv.sys
2008-06-15 22:02 80 --sh--r c:\windows\system32\48C2C361F1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2006-01-16 454656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-15 185896]
"BDSwitchAgent"="c:\program files\Softwin\BitDefender8\\bdswitch.exe" [2008-09-02 33280]
"BDNewsAgent"="c:\program files\Softwin\BitDefender8\bdnagent.exe" [2004-04-20 4608]
"BDOESRV"="c:\program files\Softwin\BitDefender8\\bdoesrv.exe" [2004-08-05 86016]
"BDMCon"="c:\progra~1\Softwin\BITDEF~1\bdmcon.exe" [2004-11-19 335872]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"nwiz"="nwiz.exe" [2005-11-11 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-11-18 1183744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-09-13 10:12 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2006-07-28 13:05 1056768 c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Professional §©®ÎŢt v.3 Black\\mirc.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero WaveEditor\\DXEnum.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2008-06-09 77312]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;d:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
R2 FILESpy;FILESpy;\??\c:\program files\Softwin\BitDefender8\filespy.sys [2004-08-19 12609]
R3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys [2008-06-16 30336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae50103e-3aad-11dd-a0d6-0011d8f938f2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
.
Contents of the 'Scheduled Tasks' folder

2008-12-07 c:\windows\Tasks\ADDCF714918B6A0C.job
- c:\docume~1\marina\applic~1\dogbla~1\beeplicensesurf.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-Device Detector - DevDetect.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNman000&fl=0&ptb=WDCLElJBcjODwYSRWFDtcw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNman000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Marina\Application Data\Mozilla\Firefox\Profiles\qxqihidr.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.mycity.rs/Ambulanta/
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-07 18:45:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\program files\VIAudioi\SBADeck\ADeck.exe 1?$??????i?|????$i?|????` $??????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\windows\system32\rundll32.exe
c:\program files\Softwin\BitDefender8\bdswitch.exe
c:\program files\Softwin\BitDefender8\bdoesrv.exe
c:\program files\MessengerDiscovery\MessengerDiscovery Live.exe
c:\progra~1\Softwin\BITDEF~1\vsserv.exe
.
**************************************************************************
.
Completion time: 2008-12-07 18:49:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 17:49:07

Pre-Run: 22,397,755,392 bytes free
Post-Run: 22,709,645,312 bytes free

292

Poslao: 08 Dec 2008 00:11
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi Lop S&D na Desktop.
Dvoklikom pokreni LopSD.exe
Na prvom ekranu odaberi jezik kucajući E i Enter a zatim klikni OK
Odaberi opciju 1 - Search kucajući 1 i Enter
Sačekaj nekoliko minuta da program završi skeniranje
Na kraju procesa, log C:\LopR.txt će se otvoriti u Notepad-u
Iskopiraj dobijeni log u temu na forumu.

MyCity » Ambulanta -> Arhiva Ambulante » Potrebna pomoc oko virusa ?!

Ko je trenutno na forumu
 

Ukupno su 1180 korisnika na forumu :: 39 registrovanih, 7 sakrivenih i 1134 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bojcistv, Boris BM, botta, CikaKURE, d bos, doktor1964, doom83, Dvojac005, galerija, HrcAk47, krkalon, kybonacci, ladro, Leonov, Lucije Kvint, Luka Blažević, MB120mm, Mi lao shu, mik7, Mikulino, milenko crazy north, Milos82, milutin134, Mlav, mocnijogurt, mrav pesadinac, nikoladim, opt1, Parker, procesor, RJ, sasa87, shone34, stegonosa, tomigun, Trpe Grozni, vlajkox, zapclink, žeks62