Problem sa virusima-verovatno virtumonde!

2

Problem sa virusima-verovatno virtumonde!

offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

evo log o combo fixa...


ComboFix 08-08-27.06 - Korisnik 2008-08-28 16:41:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.186 [GMT 2:00]
Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.
ADS - ntoskrnl.exe: deleted 68 bytes in 1 streams.
ADS - explorer.exe: deleted 132 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Korisnik\Application Data\macromedia\Flash Player\#SharedObjects\KL9RWRAP\bin.clearspring.com
C:\Documents and Settings\Korisnik\Application Data\macromedia\Flash Player\#SharedObjects\KL9RWRAP\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Korisnik\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Korisnik\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\WINDOWS\BM63c68674.txt
C:\WINDOWS\BM63c68674.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\byqcecqe.exe
C:\WINDOWS\system32\cdnxnnqk.dll
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\fulqckxy.ini
C:\WINDOWS\system32\KjlRCJlm.ini
C:\WINDOWS\system32\KjlRCJlm.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.

2008-08-28 15:45 . 2008-08-28 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiComponents
2008-08-28 14:59 . 2008-08-28 14:59 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-08-28 14:59 . 2008-08-28 14:59 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-08-25 23:44 . 2008-08-26 01:28 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Winamp
2008-08-25 20:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-25 20:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-25 14:42 . 2008-08-25 14:42 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-25 14:39 . 2008-08-25 20:23 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-25 14:23 . 2008-08-25 20:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-23 13:04 . 2008-08-25 13:20 <DIR> d-------- C:\Program Files\SpeedFan
2008-08-08 13:09 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-08 13:09 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-08 13:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-08 13:09 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-08 13:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-08 13:08 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-08-08 13:08 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-08 13:08 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-28 16:28 . 2008-08-23 23:09 1,074 --ahs---- C:\WINDOWS\system32\femjcqve.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 14:45 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\DNA
2008-08-28 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-28 14:01 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\BearShare
2008-08-25 21:44 --------- d-----w C:\Program Files\Winamp
2008-08-25 02:04 --------- d-----w C:\Program Files\Planplus
2008-08-24 22:02 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-07-25 15:55 --------- d-----w C:\Program Files\DNA
2008-07-18 12:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 12:10 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-07-18 12:10 --------- d-----w C:\Program Files\AvRack
2008-07-16 12:32 --------- d-----w C:\Program Files\Warcraft III
2008-07-15 20:30 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-13 17:33 1,283,912 ----a-w C:\Program Files\WoW-2.3.0.7561-enUS-downloader.exe
2008-07-13 17:33 --------- d-----w C:\Program Files\WoW-2.3.0.7561-enUS
2008-07-13 17:33 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-13 14:03 --------- d-----w C:\Program Files\SweetIM
2008-07-10 17:51 103,832 ----a-w C:\Documents and Settings\Korisnik\Application Data\GDIPFONTCACHEV1.DAT
2008-07-10 10:29 --------- d--h--r C:\Documents and Settings\Korisnik\Application Data\SecuROM
2008-07-10 09:56 --------- d-----w C:\Program Files\Aspyr
2008-07-10 09:36 --------- d-----w C:\Program Files\Black Bean
2008-07-09 18:09 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Desktop Sidebar
2008-07-09 17:15 --------- d-----w C:\Program Files\YouTube Downloader
2008-07-09 17:03 --------- d-----w C:\Program Files\MyFreeWeather
2008-07-07 23:18 --------- d-----w C:\Program Files\Typing Test TQ
2008-07-07 23:15 --------- d-----w C:\Program Files\10 Finger BreakOut
2008-07-07 22:22 --------- d-----w C:\Program Files\Fildza's Entertainment Company
2008-07-06 22:24 --------- d-----w C:\Program Files\SaljiPoruke-desktop
2008-07-06 22:20 --------- d-----w C:\Program Files\Sun
2008-07-06 22:20 --------- d-----w C:\Program Files\Java
2008-07-05 17:27 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\dBpoweramp
2008-07-05 17:22 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\AccurateRip
2008-07-05 17:21 --------- d-----w C:\Program Files\Illustrate
2008-07-05 16:54 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\MP3Rocket
2008-07-03 19:09 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\LimeWire
2008-07-02 23:01 --------- d-----w C:\Program Files\Porrasturvat - Stair Dismount
2008-06-29 19:29 --------- d-----w C:\Program Files\Chicken Invaders 2
2008-06-29 12:03 --------- d-----w C:\Program Files\MP3 Player Utilities 4.17
2008-06-28 13:02 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Search Settings
2008-06-28 13:00 --------- d-----w C:\Program Files\Google
2007-11-03 16:27 8 ----a-w C:\Documents and Settings\Korisnik\Application Data\usb.dat.bin
2007-05-07 11:18 92,064 ----a-w C:\Documents and Settings\Korisnik\mqdmmdm.sys
2007-05-07 11:18 9,232 ----a-w C:\Documents and Settings\Korisnik\mqdmmdfl.sys
2007-05-07 11:18 79,328 ----a-w C:\Documents and Settings\Korisnik\mqdmserd.sys
2007-05-07 11:18 66,656 ----a-w C:\Documents and Settings\Korisnik\mqdmbus.sys
2007-05-07 11:18 6,208 ----a-w C:\Documents and Settings\Korisnik\mqdmcmnt.sys
2007-05-07 11:18 5,936 ----a-w C:\Documents and Settings\Korisnik\mqdmwhnt.sys
2007-05-07 11:18 4,048 ----a-w C:\Documents and Settings\Korisnik\mqdmcr.sys
2007-05-07 11:18 25,600 ----a-w C:\Documents and Settings\Korisnik\usbsermptxp.sys
2007-05-07 11:18 22,768 ----a-w C:\Documents and Settings\Korisnik\usbsermpt.sys
2007-12-02 14:33 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
2008-04-17 09:44 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Windows Live Messenger"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:35 5724184]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:35 5724184]
"myweather"="C:\Program Files\MyFreeWeather\myweather.exe" [2008-06-20 08:26 3115008]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-07-25 17:55 341824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-15 17:58 921600]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"ClocX"="D:\sat\ClocX.exe" [2002-12-31 13:00 103936]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\713xRMTMon.exe" [2006-10-11 16:03 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 14:04 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.AP41"= APmpg4v1.dll
"vidc.GBXX"= GBXXvfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Openwares LiveUpdate"=C:\Program Files\LiveUpdate\LiveUpdate.exe
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"C:\\Sierra\\Half-Life\\hl.exe"=
"C:\\Sierra\\Half-Life\\hltv.exe"=
"C:\\Program Files\\FarStone\\VirtualDrive\\MGR.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\WINDOWS\\system32\\AUTMGR32.EXE"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2002-01-24 15:25]
R2 713xTVCard;SAA7130 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2006-10-11 16:03]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R2 WDMTVTuner;Universal WDM TV Tuner;C:\WINDOWS\system32\drivers\WDMTuner.sys [2006-10-11 16:03]
R3 FsHotKey;FsHotKey;C:\WINDOWS\system32\drivers\FsHotKey.sys [2002-01-19 18:00]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 11:31]
S0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys []
S0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys []
S1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys []
S1 vbev5mp;vbev5mp;C:\WINDOWS\system32\Drivers\vbev5mp.sys [2003-05-07 12:46]
S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys []
S3 DrmCDriverV32;DrmCDriverV32;C:\WINDOWS\system32\drivers\DrmCDriverV32.sys [2008-04-17 12:03]
S3 DrmCVideo32;DrmCVideo32;C:\WINDOWS\system32\DRIVERS\DrmCVideo32.sys [2008-04-17 12:03]
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys []
S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-06-04 10:18]
S3 SmartCd;SmartCd;C:\WINDOWS\system32\Drivers\SmartCd.sys [2002-01-19 18:00]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2008-06-04 10:18]
S3 SoundMovieServer;SoundMovieServer;C:\WINDOWS\system32\snmvtsvc.exe [2008-06-04 12:05]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bd48f08-d30d-11db-86d5-0018f377d88b}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b489b3c-ba0c-11dc-8a05-98cd7cf662ce}]
\Shell\AutoOpen\command - J:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a908adf2-5fa2-11dc-896a-ba925c310dc8}]
\Shell\AutoOpen\command - J:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f026ec-0af4-11dc-88cf-96e49dc590c9}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f241cb48-e09e-11dc-8a3e-bafc1c4515ce}]
\Shell\AutoOpen\command - J:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{093D6D99-B6C0-401C-8F46-84F72E87BAB2} - C:\Documents and Settings\Korisnik\Local Settings\Temporary Internet Files\Content.IE5\KNT76UR1\3077htsbdjyf[2].dll
BHO-{EB006030-4621-429B-9EA2-D3B706A2E40B} - C:\WINDOWS\system32\mlJCRljK.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-BM63c68674 - C:\WINDOWS\system32\nipwvgse.dll
Notify-iifcBsst - iifcBsst.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\58tpz96z.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.rs/
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-08-28 16:46:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = C:\WINDOWS\713xRMTMon.exe????v????????
scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vbev5mp]
"ImagePath"="System32\Drivers\vbev5mp.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\WINDOWS\713xRMT.exe
.
**************************************************************************
.
Completion time: 2008-08-28 16:55:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-28 14:55:08

Pre-Run: 19,122,679,808 bytes free
Post-Run: 19,223,072,768 bytes free

251

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Posto nigde ne zuris Mr. Green , dalja uputstva ces dobiti uvece, dok vidim sta cu da ti radim sa kompom Wink

offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

ok:)........

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Skini sledeci program - http://amf.mycity.rs/personal/bobby/USB_blocker/usb_blocker.exe
- startuj ga i odaberi opciju Auto block
- ubaci USB stick u komp i sacekaj koji sekund (recimo 5-10 sekundi)
- program je sada uradio analizu sticka (vidi se u donjem delu programa, u logu)
- gore levo klikni duplo na slovo koje oznacava particiju, tj. tvoj USB stick
- dole kraj sata ce se pojaviti poruka da smes da izvadis USB stick iz kompa
- ne gasi program, vec ubaci sledeci USB stick i za njega isto sacekaj par sekundi, i tako redom za sve stickove, MP3 plejere, mobilni
- zapamti kojim redom su ubacivani stickovi

Kada sve to zavrsis, log u donjem delu programa ce sadrzati sve podatke koji su meni potrebni da bih video koji stick je zarazen.
Klikni desnim dugmetom misa na log/izvestaj i odaberi Save log.
Automatski ce se otvoriti Notepad i u njemu izvestaj.
Iskopiraj mi taj izvestaj ovde na forum.

offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

evo log za fles i mp3... ali ako vec uzimas to u obzir mozda bi bilo dobro da znas da su mi vec dve maticne izgorele zbog ortakovog telefona-mozda to ima veze s ovim...

log

USB_blocker by bobby

Started at 28.8.2008 19:17:37

Scanning for connected USB Mass storage...
========================================
========================================
Scanning for other storage...
========================================
C: a12370c0-d2f0-11db-86d0-806d6172696f
D: a12370c1-d2f0-11db-86d0-806d6172696f
========================================



New device connected at 28.8.2008 19:18:10

Scanning for connected USB Mass storage...
========================================
K: 990f1c0e-8a29-11dc-89ac-ac2becd67bc9
========================================

Scanning USB mass storage for autorun.inf and desktop.ini files...
========================================

desktop.ini found on K:
File K:\Recycled\desktop.ini renamed successfully
Sanitizing Shell Menu...
No key for GUID: 990f1c0e-8a29-11dc-89ac-ac2becd67bc9
========================================


New device connected at 28.8.2008 19:19:16

Scanning for connected USB Mass storage...
========================================
H: 28d3ec52-d544-11db-86dc-0018f377d88b
========================================

Scanning USB mass storage for autorun.inf and desktop.ini files...
========================================

autorun.inf found on H:
File H:\autorun.inf renamed successfully
Sanitizing Shell Menu...
No key for GUID: 28d3ec52-d544-11db-86dc-0018f377d88b
========================================

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\femjcqve.ini


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

evo ga:


ComboFix 08-08-27.06 - Korisnik 2008-08-28 19:36:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.136 [GMT 2:00]
Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Korisnik\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\femjcqve.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\femjcqve.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.

2008-08-28 15:45 . 2008-08-28 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiComponents
2008-08-28 14:59 . 2008-08-28 14:59 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-08-28 14:59 . 2008-08-28 14:59 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-08-25 23:44 . 2008-08-26 01:28 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Winamp
2008-08-25 20:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-25 20:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-25 14:42 . 2008-08-25 14:42 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-25 14:39 . 2008-08-25 20:23 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-25 14:23 . 2008-08-25 20:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-23 13:04 . 2008-08-25 13:20 <DIR> d-------- C:\Program Files\SpeedFan
2008-08-08 13:09 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-08 13:09 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-08 13:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-08 13:09 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-08 13:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-08 13:08 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-08-08 13:08 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-08 13:08 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 17:33 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\DNA
2008-08-28 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-28 14:01 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\BearShare
2008-08-25 21:44 --------- d-----w C:\Program Files\Winamp
2008-08-25 02:04 --------- d-----w C:\Program Files\Planplus
2008-08-24 22:02 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-07-25 15:55 --------- d-----w C:\Program Files\DNA
2008-07-18 12:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 12:10 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-07-18 12:10 --------- d-----w C:\Program Files\AvRack
2008-07-16 12:32 --------- d-----w C:\Program Files\Warcraft III
2008-07-15 20:30 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-15 13:56 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-13 17:33 1,283,912 ----a-w C:\Program Files\WoW-2.3.0.7561-enUS-downloader.exe
2008-07-13 17:33 --------- d-----w C:\Program Files\WoW-2.3.0.7561-enUS
2008-07-13 17:33 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-13 14:03 --------- d-----w C:\Program Files\SweetIM
2008-07-10 17:51 103,832 ----a-w C:\Documents and Settings\Korisnik\Application Data\GDIPFONTCACHEV1.DAT
2008-07-10 10:29 --------- d--h--r C:\Documents and Settings\Korisnik\Application Data\SecuROM
2008-07-10 09:56 --------- d-----w C:\Program Files\Aspyr
2008-07-10 09:36 --------- d-----w C:\Program Files\Black Bean
2008-07-09 18:09 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Desktop Sidebar
2008-07-09 17:15 --------- d-----w C:\Program Files\YouTube Downloader
2008-07-09 17:03 --------- d-----w C:\Program Files\MyFreeWeather
2008-07-07 23:18 --------- d-----w C:\Program Files\Typing Test TQ
2008-07-07 23:15 --------- d-----w C:\Program Files\10 Finger BreakOut
2008-07-07 22:22 --------- d-----w C:\Program Files\Fildza's Entertainment Company
2008-07-06 22:24 --------- d-----w C:\Program Files\SaljiPoruke-desktop
2008-07-06 22:20 --------- d-----w C:\Program Files\Sun
2008-07-06 22:20 --------- d-----w C:\Program Files\Java
2008-07-05 17:34 10,886,008 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-07-05 17:27 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\dBpoweramp
2008-07-05 17:22 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\AccurateRip
2008-07-05 17:21 --------- d-----w C:\Program Files\Illustrate
2008-07-05 16:54 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\MP3Rocket
2008-07-03 19:09 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\LimeWire
2008-07-02 23:01 --------- d-----w C:\Program Files\Porrasturvat - Stair Dismount
2008-06-29 19:29 --------- d-----w C:\Program Files\Chicken Invaders 2
2008-06-29 12:03 --------- d-----w C:\Program Files\MP3 Player Utilities 4.17
2008-06-28 13:02 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Search Settings
2008-06-28 13:00 --------- d-----w C:\Program Files\Google
2008-06-11 18:19 1,376,528 ----a-w C:\WINDOWS\system32\MSVBVM60.DLL
2008-06-10 21:29 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-04 10:05 184,320 ----a-w C:\WINDOWS\system32\snmvtsvc.exe
2007-11-03 16:27 8 ----a-w C:\Documents and Settings\Korisnik\Application Data\usb.dat.bin
2007-05-07 11:18 92,064 ----a-w C:\Documents and Settings\Korisnik\mqdmmdm.sys
2007-05-07 11:18 9,232 ----a-w C:\Documents and Settings\Korisnik\mqdmmdfl.sys
2007-05-07 11:18 79,328 ----a-w C:\Documents and Settings\Korisnik\mqdmserd.sys
2007-05-07 11:18 66,656 ----a-w C:\Documents and Settings\Korisnik\mqdmbus.sys
2007-05-07 11:18 6,208 ----a-w C:\Documents and Settings\Korisnik\mqdmcmnt.sys
2007-05-07 11:18 5,936 ----a-w C:\Documents and Settings\Korisnik\mqdmwhnt.sys
2007-05-07 11:18 4,048 ----a-w C:\Documents and Settings\Korisnik\mqdmcr.sys
2007-05-07 11:18 25,600 ----a-w C:\Documents and Settings\Korisnik\usbsermptxp.sys
2007-05-07 11:18 22,768 ----a-w C:\Documents and Settings\Korisnik\usbsermpt.sys
2007-12-02 14:33 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
2008-04-17 09:44 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Windows Live Messenger"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:35 5724184]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:35 5724184]
"myweather"="C:\Program Files\MyFreeWeather\myweather.exe" [2008-06-20 08:26 3115008]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-07-25 17:55 341824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-15 17:58 921600]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"ClocX"="D:\sat\ClocX.exe" [2002-12-31 13:00 103936]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\713xRMTMon.exe" [2006-10-11 16:03 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 14:04 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.AP41"= APmpg4v1.dll
"vidc.GBXX"= GBXXvfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Openwares LiveUpdate"=C:\Program Files\LiveUpdate\LiveUpdate.exe
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"C:\\Sierra\\Half-Life\\hl.exe"=
"C:\\Sierra\\Half-Life\\hltv.exe"=
"C:\\Program Files\\FarStone\\VirtualDrive\\MGR.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\WINDOWS\\system32\\AUTMGR32.EXE"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2002-01-24 15:25]
R2 713xTVCard;SAA7130 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2006-10-11 16:03]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R2 WDMTVTuner;Universal WDM TV Tuner;C:\WINDOWS\system32\drivers\WDMTuner.sys [2006-10-11 16:03]
R3 FsHotKey;FsHotKey;C:\WINDOWS\system32\drivers\FsHotKey.sys [2002-01-19 18:00]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 11:31]
S0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys []
S0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys []
S1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys []
S1 vbev5mp;vbev5mp;C:\WINDOWS\system32\Drivers\vbev5mp.sys [2003-05-07 12:46]
S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys []
S3 DrmCDriverV32;DrmCDriverV32;C:\WINDOWS\system32\drivers\DrmCDriverV32.sys [2008-04-17 12:03]
S3 DrmCVideo32;DrmCVideo32;C:\WINDOWS\system32\DRIVERS\DrmCVideo32.sys [2008-04-17 12:03]
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys []
S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-06-04 10:18]
S3 SmartCd;SmartCd;C:\WINDOWS\system32\Drivers\SmartCd.sys [2002-01-19 18:00]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2008-06-04 10:18]
S3 SoundMovieServer;SoundMovieServer;C:\WINDOWS\system32\snmvtsvc.exe [2008-06-04 12:05]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bd48f08-d30d-11db-86d5-0018f377d88b}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b489b3c-ba0c-11dc-8a05-98cd7cf662ce}]
\Shell\AutoOpen\command - J:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a908adf2-5fa2-11dc-896a-ba925c310dc8}]
\Shell\AutoOpen\command - J:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f026ec-0af4-11dc-88cf-96e49dc590c9}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f241cb48-e09e-11dc-8a3e-bafc1c4515ce}]
\Shell\AutoOpen\command - J:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-07-25 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 16:22]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-08-28 19:38:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = C:\WINDOWS\713xRMTMon.exe????v?????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vbev5mp]
"ImagePath"="System32\Drivers\vbev5mp.sys"
.
Completion time: 2008-08-28 19:45:45
ComboFix-quarantined-files.txt 2008-08-28 17:45:04

Pre-Run: 19,209,117,696 bytes free
Post-Run: 19,192,635,392 bytes free

219

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:


Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f241cb48-e09e-11dc-8a3e-bafc1c4515ce}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a908adf2-5fa2-11dc-896a-ba925c310dc8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b489b3c-ba0c-11dc-8a05-98cd7cf662ce}]

FileLook::
C:\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

evo novog loga... kako napreduje istrazivanje:)



ComboFix 08-08-27.06 - Korisnik 2008-08-28 20:54:51.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.196 [GMT 2:00]
Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Korisnik\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.

2008-08-28 19:51 . 2008-08-28 19:51 <DIR> d-------- C:\DVDVideoSoft
2008-08-28 15:45 . 2008-08-28 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiComponents
2008-08-28 14:59 . 2008-08-28 20:02 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-08-28 14:59 . 2008-08-28 20:03 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-08-25 23:44 . 2008-08-26 01:28 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Winamp
2008-08-25 20:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-25 20:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-25 14:42 . 2008-08-25 14:42 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-25 14:39 . 2008-08-25 20:23 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-25 14:23 . 2008-08-25 20:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-23 13:04 . 2008-08-25 13:20 <DIR> d-------- C:\Program Files\SpeedFan
2008-08-08 13:09 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-08 13:09 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-08 13:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-08 13:09 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-08 13:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-08 13:08 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-08-08 13:08 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-08 13:08 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 18:53 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\DNA
2008-08-28 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-28 14:01 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\BearShare
2008-08-25 21:44 --------- d-----w C:\Program Files\Winamp
2008-08-25 02:04 --------- d-----w C:\Program Files\Planplus
2008-08-24 22:02 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-07-25 15:55 --------- d-----w C:\Program Files\DNA
2008-07-18 12:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 12:10 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-07-18 12:10 --------- d-----w C:\Program Files\AvRack
2008-07-16 12:32 --------- d-----w C:\Program Files\Warcraft III
2008-07-15 20:30 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-15 13:56 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-13 17:33 1,283,912 ----a-w C:\Program Files\WoW-2.3.0.7561-enUS-downloader.exe
2008-07-13 17:33 --------- d-----w C:\Program Files\WoW-2.3.0.7561-enUS
2008-07-13 17:33 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-13 14:03 --------- d-----w C:\Program Files\SweetIM
2008-07-10 17:51 103,832 ----a-w C:\Documents and Settings\Korisnik\Application Data\GDIPFONTCACHEV1.DAT
2008-07-10 10:29 --------- d--h--r C:\Documents and Settings\Korisnik\Application Data\SecuROM
2008-07-10 09:56 --------- d-----w C:\Program Files\Aspyr
2008-07-10 09:36 --------- d-----w C:\Program Files\Black Bean
2008-07-09 18:09 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Desktop Sidebar
2008-07-09 17:15 --------- d-----w C:\Program Files\YouTube Downloader
2008-07-09 17:03 --------- d-----w C:\Program Files\MyFreeWeather
2008-07-07 23:18 --------- d-----w C:\Program Files\Typing Test TQ
2008-07-07 23:15 --------- d-----w C:\Program Files\10 Finger BreakOut
2008-07-07 22:22 --------- d-----w C:\Program Files\Fildza's Entertainment Company
2008-07-06 22:24 --------- d-----w C:\Program Files\SaljiPoruke-desktop
2008-07-06 22:20 --------- d-----w C:\Program Files\Sun
2008-07-06 22:20 --------- d-----w C:\Program Files\Java
2008-07-05 17:34 10,886,008 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-07-05 17:27 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\dBpoweramp
2008-07-05 17:22 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\AccurateRip
2008-07-05 17:21 --------- d-----w C:\Program Files\Illustrate
2008-07-05 16:54 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\MP3Rocket
2008-07-03 19:09 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\LimeWire
2008-07-02 23:01 --------- d-----w C:\Program Files\Porrasturvat - Stair Dismount
2008-06-29 19:29 --------- d-----w C:\Program Files\Chicken Invaders 2
2008-06-29 12:03 --------- d-----w C:\Program Files\MP3 Player Utilities 4.17
2008-06-28 13:02 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Search Settings
2008-06-28 13:00 --------- d-----w C:\Program Files\Google
2008-06-11 18:19 1,376,528 ----a-w C:\WINDOWS\system32\MSVBVM60.DLL
2008-06-10 21:29 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-04 10:05 184,320 ----a-w C:\WINDOWS\system32\snmvtsvc.exe
2007-11-03 16:27 8 ----a-w C:\Documents and Settings\Korisnik\Application Data\usb.dat.bin
2007-05-07 11:18 92,064 ----a-w C:\Documents and Settings\Korisnik\mqdmmdm.sys
2007-05-07 11:18 9,232 ----a-w C:\Documents and Settings\Korisnik\mqdmmdfl.sys
2007-05-07 11:18 79,328 ----a-w C:\Documents and Settings\Korisnik\mqdmserd.sys
2007-05-07 11:18 66,656 ----a-w C:\Documents and Settings\Korisnik\mqdmbus.sys
2007-05-07 11:18 6,208 ----a-w C:\Documents and Settings\Korisnik\mqdmcmnt.sys
2007-05-07 11:18 5,936 ----a-w C:\Documents and Settings\Korisnik\mqdmwhnt.sys
2007-05-07 11:18 4,048 ----a-w C:\Documents and Settings\Korisnik\mqdmcr.sys
2007-05-07 11:18 25,600 ----a-w C:\Documents and Settings\Korisnik\usbsermptxp.sys
2007-05-07 11:18 22,768 ----a-w C:\Documents and Settings\Korisnik\usbsermpt.sys
2007-12-02 14:33 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe -- Invalid filepath or file no longer exist


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
2008-04-17 09:44 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Windows Live Messenger"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:35 5724184]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:35 5724184]
"myweather"="C:\Program Files\MyFreeWeather\myweather.exe" [2008-06-20 08:26 3115008]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-07-25 17:55 341824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-15 17:58 921600]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"ClocX"="D:\sat\ClocX.exe" [2002-12-31 13:00 103936]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\713xRMTMon.exe" [2006-10-11 16:03 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 14:04 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.AP41"= APmpg4v1.dll
"vidc.GBXX"= GBXXvfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Openwares LiveUpdate"=C:\Program Files\LiveUpdate\LiveUpdate.exe
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"C:\\Sierra\\Half-Life\\hl.exe"=
"C:\\Sierra\\Half-Life\\hltv.exe"=
"C:\\Program Files\\FarStone\\VirtualDrive\\MGR.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\WINDOWS\\system32\\AUTMGR32.EXE"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2002-01-24 15:25]
R2 713xTVCard;SAA7130 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2006-10-11 16:03]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R2 WDMTVTuner;Universal WDM TV Tuner;C:\WINDOWS\system32\drivers\WDMTuner.sys [2006-10-11 16:03]
R3 FsHotKey;FsHotKey;C:\WINDOWS\system32\drivers\FsHotKey.sys [2002-01-19 18:00]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 11:31]
S0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys []
S0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys []
S1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys []
S1 vbev5mp;vbev5mp;C:\WINDOWS\system32\Drivers\vbev5mp.sys [2003-05-07 12:46]
S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys []
S3 DrmCDriverV32;DrmCDriverV32;C:\WINDOWS\system32\drivers\DrmCDriverV32.sys [2008-04-17 12:03]
S3 DrmCVideo32;DrmCVideo32;C:\WINDOWS\system32\DRIVERS\DrmCVideo32.sys [2008-04-17 12:03]
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys []
S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-06-04 10:18]
S3 SmartCd;SmartCd;C:\WINDOWS\system32\Drivers\SmartCd.sys [2002-01-19 18:00]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2008-06-04 10:18]
S3 SoundMovieServer;SoundMovieServer;C:\WINDOWS\system32\snmvtsvc.exe [2008-06-04 12:05]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bd48f08-d30d-11db-86d5-0018f377d88b}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f026ec-0af4-11dc-88cf-96e49dc590c9}]
\Shell\AutoRun\command - G:\AutoRun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-07-25 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 16:22]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-08-28 20:57:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = C:\WINDOWS\713xRMTMon.exe????v??????
scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vbev5mp]
"ImagePath"="System32\Drivers\vbev5mp.sys"
.
Completion time: 2008-08-28 21:03:21
ComboFix-quarantined-files.txt 2008-08-28 19:03:00
ComboFix2.txt 2008-08-28 17:45:46

Pre-Run: 19,123,621,888 bytes free
Post-Run: 19,124,494,336 bytes free

209

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Radimo vec, idemo dalje:

Ponovo ukljuci USB_blocker.

1. na kartici Monitor ukljuci opciju Auto block
2. prebaci se na karticu Scan removable drives
3. ubaci jedan USB uredjaj (istim redom kao kod prvog skeniranja)
4. u gornjem levom delu programa klikni samo jednom na slovo koje oznacava tvoj USB uredjaj
5. klikni na Scan
6. kada se skeniranje zavrsi, gore levo klikni duplo na slovo koje oznacava tvoj USB uredjaj
7. dole kraj sata ce se pojaviti poruka da smes da izvadis USB stick iz kompa
8. ponovo proceduru od koraka 3. za svaki USB uredjaj

Kada sve to zavrsis, log u donjem delu programa ce sadrzati sve podatke koji su meni potrebni da bih video koji stick je zarazen.
Klikni desnim dugmetom misa na log/izvestaj i odaberi Save log.
Automatski ce se otvoriti Notepad i u njemu izvestaj.
Iskopiraj mi taj izvestaj ovde na forum.

Ko je trenutno na forumu
 

Ukupno su 893 korisnika na forumu :: 65 registrovanih, 13 sakrivenih i 815 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, _Sale, AF-1, airsuba, AleksSE, awathorn, babaroga, Ben Roj, black venom, bojank, Brada i Gibanica, comi_pfc, dejanbenkovic, Denaya, Djokkinen, Dulmitur, dzoni19, ekser222, famoso, Frunze, g0xy, goran.vvv, gzoki, Istman, joca83, JOntra, Komentator, Kriglord, Krusarac, liman, lord sir giga, Lucije Kvint, Mahovljani, mgolub, Milan A. Nikolic, Miskohd, Nemanja.M, niksa517, Nixon, Nobunaga, ofbeyond, pein, pera12345, peruni, Recce, RJ, rkekoke, S2M, Sass Drake, sombrero, Sr.Stat., Srki94, stalja, stemark, Stuka76, Toni, vathra, virked, vladas87, vladulns, Voja1978, voja64, Vule, wizzardone, x9