MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusima-verovatno virtumonde!

Problem sa virusima-verovatno virtumonde!

Napisano na dan: 28.8.2008
5

Problem sa virusima-verovatno virtumonde!
Pagination Prethodna strana

Idi na vrh

Poslao: 30 Avg 2008 01:51
Idi na vrh
offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

novi combofix log SA ISKLJUCENIM NODOM:


ComboFix 08-08-29.02 - Korisnik 2008-08-30 1:38:24.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.182 [GMT 2:00]
Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.

2008-08-29 21:42 . 2008-08-29 21:48 51,232 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-29 21:42 . 2008-08-29 21:48 2,720 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-29 21:40 . 2008-08-29 21:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-08-29 21:40 . 2008-08-29 21:40 <DIR> d-------- C:\Program Files\Zone Labs
2008-08-29 21:40 . 2008-08-29 21:43 352,855 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-08-29 21:39 . 2008-08-29 21:48 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-08-28 19:51 . 2008-08-28 19:51 <DIR> d-------- C:\DVDVideoSoft
2008-08-28 15:45 . 2008-08-28 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiComponents
2008-08-28 14:59 . 2008-08-28 20:02 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-08-28 14:59 . 2008-08-28 20:03 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-08-25 23:44 . 2008-08-26 01:28 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Winamp
2008-08-25 20:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-25 20:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-25 14:42 . 2008-08-25 14:42 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-25 14:39 . 2008-08-25 20:23 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-25 14:23 . 2008-08-25 20:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-23 13:04 . 2008-08-25 13:20 <DIR> d-------- C:\Program Files\SpeedFan
2008-08-08 13:09 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-08 13:09 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-08 13:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-08 13:09 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-08 13:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-08 13:08 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-08-08 13:08 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-08 13:08 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 23:34 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\DNA
2008-08-29 23:16 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\BearShare
2008-08-28 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-25 21:44 --------- d-----w C:\Program Files\Winamp
2008-08-25 02:04 --------- d-----w C:\Program Files\Planplus
2008-08-24 22:02 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-07-25 15:55 --------- d-----w C:\Program Files\DNA
2008-07-18 12:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 12:10 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-07-18 12:10 --------- d-----w C:\Program Files\AvRack
2008-07-16 12:32 --------- d-----w C:\Program Files\Warcraft III
2008-07-15 20:30 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-15 13:56 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-13 17:33 1,283,912 ----a-w C:\Program Files\WoW-2.3.0.7561-enUS-downloader.exe
2008-07-13 17:33 --------- d-----w C:\Program Files\WoW-2.3.0.7561-enUS
2008-07-13 17:33 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-13 14:03 --------- d-----w C:\Program Files\SweetIM
2008-07-10 17:51 103,832 ----a-w C:\Documents and Settings\Korisnik\Application Data\GDIPFONTCACHEV1.DAT
2008-07-10 10:29 --------- d--h--r C:\Documents and Settings\Korisnik\Application Data\SecuROM
2008-07-10 09:56 --------- d-----w C:\Program Files\Aspyr
2008-07-10 09:36 --------- d-----w C:\Program Files\Black Bean
2008-07-09 18:09 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Desktop Sidebar
2008-07-09 17:15 --------- d-----w C:\Program Files\YouTube Downloader
2008-07-09 17:03 --------- d-----w C:\Program Files\MyFreeWeather
2008-07-07 23:18 --------- d-----w C:\Program Files\Typing Test TQ
2008-07-07 23:15 --------- d-----w C:\Program Files\10 Finger BreakOut
2008-07-07 22:22 --------- d-----w C:\Program Files\Fildza's Entertainment Company
2008-07-06 22:24 --------- d-----w C:\Program Files\SaljiPoruke-desktop
2008-07-06 22:20 --------- d-----w C:\Program Files\Sun
2008-07-06 22:20 --------- d-----w C:\Program Files\Java
2008-07-05 17:34 10,886,008 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-07-05 17:27 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\dBpoweramp
2008-07-05 17:22 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\AccurateRip
2008-07-05 17:21 --------- d-----w C:\Program Files\Illustrate
2008-07-05 16:54 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\MP3Rocket
2008-07-03 19:09 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\LimeWire
2008-07-02 23:01 --------- d-----w C:\Program Files\Porrasturvat - Stair Dismount
2008-06-29 19:29 --------- d-----w C:\Program Files\Chicken Invaders 2
2008-06-29 12:03 --------- d-----w C:\Program Files\MP3 Player Utilities 4.17
2008-06-28 13:02 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Search Settings
2008-06-28 13:00 --------- d-----w C:\Program Files\Google
2008-06-11 18:19 1,376,528 ----a-w C:\WINDOWS\system32\MSVBVM60.DLL
2008-06-10 21:29 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-04 10:05 184,320 ----a-w C:\WINDOWS\system32\snmvtsvc.exe
2007-11-03 16:27 8 ----a-w C:\Documents and Settings\Korisnik\Application Data\usb.dat.bin
2007-05-07 11:18 92,064 ----a-w C:\Documents and Settings\Korisnik\mqdmmdm.sys
2007-05-07 11:18 9,232 ----a-w C:\Documents and Settings\Korisnik\mqdmmdfl.sys
2007-05-07 11:18 79,328 ----a-w C:\Documents and Settings\Korisnik\mqdmserd.sys
2007-05-07 11:18 66,656 ----a-w C:\Documents and Settings\Korisnik\mqdmbus.sys
2007-05-07 11:18 6,208 ----a-w C:\Documents and Settings\Korisnik\mqdmcmnt.sys
2007-05-07 11:18 5,936 ----a-w C:\Documents and Settings\Korisnik\mqdmwhnt.sys
2007-05-07 11:18 4,048 ----a-w C:\Documents and Settings\Korisnik\mqdmcr.sys
2007-05-07 11:18 25,600 ----a-w C:\Documents and Settings\Korisnik\usbsermptxp.sys
2007-05-07 11:18 22,768 ----a-w C:\Documents and Settings\Korisnik\usbsermpt.sys
2007-12-02 14:33 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
2008-04-17 09:44 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Windows Live Messenger"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:35 5724184]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:35 5724184]
"myweather"="C:\Program Files\MyFreeWeather\myweather.exe" [2008-06-20 08:26 3115008]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-07-25 17:55 341824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-15 17:58 921600]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"ClocX"="D:\sat\ClocX.exe" [2002-12-31 13:00 103936]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\713xRMTMon.exe" [2006-10-11 16:03 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 14:04 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.AP41"= APmpg4v1.dll
"vidc.GBXX"= GBXXvfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Openwares LiveUpdate"=C:\Program Files\LiveUpdate\LiveUpdate.exe
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"C:\\Sierra\\Half-Life\\hl.exe"=
"C:\\Sierra\\Half-Life\\hltv.exe"=
"C:\\Program Files\\FarStone\\VirtualDrive\\MGR.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\WINDOWS\\system32\\AUTMGR32.EXE"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2002-01-24 15:25]
R2 713xTVCard;SAA7130 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2006-10-11 16:03]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R2 WDMTVTuner;Universal WDM TV Tuner;C:\WINDOWS\system32\drivers\WDMTuner.sys [2006-10-11 16:03]
R3 FsHotKey;FsHotKey;C:\WINDOWS\system32\drivers\FsHotKey.sys [2002-01-19 18:00]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 11:31]
S0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys []
S0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys []
S1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys []
S1 vbev5mp;vbev5mp;C:\WINDOWS\system32\Drivers\vbev5mp.sys [2003-05-07 12:46]
S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys []
S3 DrmCDriverV32;DrmCDriverV32;C:\WINDOWS\system32\drivers\DrmCDriverV32.sys [2008-04-17 12:03]
S3 DrmCVideo32;DrmCVideo32;C:\WINDOWS\system32\DRIVERS\DrmCVideo32.sys [2008-04-17 12:03]
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys []
S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-06-04 10:18]
S3 SmartCd;SmartCd;C:\WINDOWS\system32\Drivers\SmartCd.sys [2002-01-19 18:00]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2008-06-04 10:18]
S3 SoundMovieServer;SoundMovieServer;C:\WINDOWS\system32\snmvtsvc.exe [2008-06-04 12:05]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bd48f08-d30d-11db-86d5-0018f377d88b}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f026ec-0af4-11dc-88cf-96e49dc590c9}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-29 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 16:22]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\58tpz96z.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - [Link mogu videti samo ulogovani korisnici]
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-08-30 01:41:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = C:\WINDOWS\713xRMTMon.exe????v???????
scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vbev5mp]
"ImagePath"="System32\Drivers\vbev5mp.sys"
.
Completion time: 2008-08-30 1:45:36
ComboFix-quarantined-files.txt 2008-08-29 23:44:29
ComboFix2.txt 2008-08-28 19:03:22

Pre-Run: 19,131,629,568 bytes free
Post-Run: 19,201,773,568 bytes free

214



Poslao: 30 Avg 2008 19:38
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8652
  • Gde živiš: Novi Beograd

Log je cist.

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


instaliraj i neki firewall.

Ovde se mozes informisati:
[Link mogu videti samo ulogovani korisnici]

Pozzzz



MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusima-verovatno virtumonde!

Ko je trenutno na forumu
 

Ukupno su 1242 korisnika na forumu :: 81 registrovanih, 7 sakrivenih i 1154 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., AudioTehnica, batana, bb929, Bo96, bojankrstc, borya90, bounty hunters, BSD, Bubili, cakija, cifra, Comyymoc, DeerHunter, DJ Brain(w)rack, dmarx1, DonRumataEstorski, draganl, dzoni19, eagle.rs, EVIDENTICAR, FileFinder, Flanker-G, gajasvi, gasha, ikan, Imperator_Aleksandr_lll, Ivan Campo, jarovitt, Jeremiah, Jomini, kolle.the.kid, krca73, Kubovac, kybonacci, Lazarus2, Ljusa, MadMike, mainstream, Manjane, Mastrum Ridkali, Matija, MB120mm, mercedesamg, Miki01, mikrimaus, milenko crazy north, Miler88, milimoj, mkukoleca, moldway, mrav pesadinac, oganj123, Petarvu, Pilence, precan, Rothmans, SamostalniReferent, SD izvidjac, Sharpshooter, Simonsen23, Sirius, skylab1111, Sone1983, Srle993, Steph, suton, TBoy, TRAVUNIJA, tubular, vaci, vargas, vathra, vensla, vespa nikola, vladd, vuksa72, wize, Zastava, zeka013, ZlatniRez