MyCity » Ambulanta -> Arhiva Ambulante » Racunar koji voli Red Light District :)

Racunar koji voli Red Light District :)

Napisano na dan: 3.7.2008

Racunar koji voli Red Light District :)

Sledeća strana

Pagination

Odgovori

][v][ A T R I X™ Poslao: 03 Jul 2008 19:25 Idi na vrh
offline ][v][ A T R I X™ Legendarni građanin Pridružio: 28 Apr 2005 Poruke: 3686 Gde živiš: The Circle	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovo USB flash koji je turan tamo gde ne treba. Hajdzek pre ciscenja infekcije: Citat: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:32:49, on 01.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Misa\Desktop\o5nlkusk.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.b92.net/indexs.phtml R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{54B25EEB-5A01-48B8-8FC5-ADAA517670C4}: NameServer = 192.168.254.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{54B25EEB-5A01-48B8-8FC5-ADAA517670C4}: NameServer = 192.168.254.254 O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing) O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt64.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe -- End of file - 3891 bytes Hajdzek posle ciscenja: Citat:Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:41:41, on 01.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\dumprep.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Misa\Desktop\o5nlkusk.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.b92.net/indexs.phtml R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{54B25EEB-5A01-48B8-8FC5-ADAA517670C4}: NameServer = 192.168.254.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{54B25EEB-5A01-48B8-8FC5-ADAA517670C4}: NameServer = 192.168.254.254 O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe -- End of file - 3760 bytes Combofix log: Citat:ComboFix 08-06-20.4 - Misa 2008-07-01 19:34:18.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.287 [GMT 2:00] Running from: C:\Documents and Settings\Misa\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\WinNt64.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TCPSR -------\Service_tcpsr ((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))) . 2008-07-01 19:32 . 2008-07-01 19:32 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-21 14:31 . 2008-06-21 14:31 <DIR> d-------- C:\Documents and Settings\Misa\Application Data\Ahead 2008-06-10 20:24 . 2008-06-10 20:26 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-06-10 20:22 . 2008-06-10 20:22 121 --a------ C:\WINDOWS\bdagent.INI 2008-06-10 18:27 . 2008-06-10 20:23 <DIR> d-------- C:\Program Files\BitDefender 2008-06-10 18:25 . 2008-06-10 18:27 <DIR> d-------- C:\Program Files\Common Files\BitDefender 2008-06-10 16:45 . 2008-06-10 16:45 13,312 --a------ C:\WINDOWS\system32\WinNt32.dl_ 2008-06-01 21:49 . 2008-06-01 21:50 1,160 --a------ C:\WINDOWS\mozver.dat 2008-06-01 21:37 . 2008-06-01 21:37 <DIR> d-------- C:\Documents and Settings\Administrator 2008-06-01 21:16 . 2008-06-01 21:16 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-01 19:23 . 2008-06-30 10:39 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll 2008-06-01 19:21 . 2008-06-01 19:21 <DIR> d-------- C:\Program Files\Avira 2008-06-01 19:21 . 2008-06-01 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-01 19:10 . 2008-06-01 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 17:36 --------- d-----w C:\Program Files\hp 2008-05-18 17:35 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2008-05-18 17:16 --------- d-----w C:\Program Files\Hewlett-Packard 2008-05-18 17:01 --------- d-----w C:\Program Files\Common Files\Ahead 2008-05-18 17:01 --------- d-----w C:\Program Files\Ahead 2008-05-18 16:56 --------- d-----w C:\Documents and Settings\Misa\Application Data\Winamp 2008-05-18 16:55 --------- d-----w C:\Program Files\Winamp 2008-05-18 16:55 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-18 16:42 712,704 ----a-w C:\WINDOWS\system32\Audio3D.dll 2008-05-18 16:42 712,704 ----a-w C:\WINDOWS\system32\a3d.dll 2008-05-18 16:42 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2008-05-18 16:42 379,726 ----a-w C:\WINDOWS\system32\drivers\cmaudio.sys 2008-05-18 16:42 32,768 ----a-w C:\WINDOWS\system32\cmnprop.dll 2008-05-18 16:42 139,264 ----a-w C:\WINDOWS\cmuninst.exe 2008-05-18 16:42 1,581,056 ----a-w C:\WINDOWS\mixer.exe 2008-05-18 16:42 --------- d-----w C:\Program Files\C-Media 2008-05-18 16:33 --------- d-----w C:\Program Files\ASTRA32 2008-05-18 16:15 --------- d-----w C:\Program Files\Alwil Software 2008-05-18 15:49 --------- d-----w C:\Program Files\Microsoft.NET 2008-05-18 15:49 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-05-18 15:49 --------- d-----w C:\Program Files\Common Files\L&H 2008-05-18 15:48 --------- d-----w C:\Program Files\Microsoft Works 2008-05-18 14:36 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Agm06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhn85.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\biO28.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Flr38.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Iou17.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lrx52.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msX52.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mty84.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ntb30.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oub30.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pwd06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qwd85.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rag74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rxe06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rye41.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ubH74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vcH41.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vci06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vci28.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vcI52.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vdj63.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdj41.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xek73.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yfl85.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ygm62.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;C:\Program Files\ASTRA32\ASTRA32.sys [2007-02-22 11:28] S0 Agm06;Agm06;C:\WINDOWS\system32\Drivers\Agm06.sys [] S0 Bhn85;Bhn85;C:\WINDOWS\system32\Drivers\Bhn85.sys [] S0 biO28;biO28;C:\WINDOWS\system32\Drivers\biO28.sys [] S0 Flr38;Flr38;C:\WINDOWS\system32\Drivers\Flr38.sys [] S0 Iou17;Iou17;C:\WINDOWS\system32\Drivers\Iou17.sys [] S0 Lrx52;Lrx52;C:\WINDOWS\system32\Drivers\Lrx52.sys [] S0 msX52;msX52;C:\WINDOWS\system32\Drivers\msX52.sys [] S0 Mty84;Mty84;C:\WINDOWS\system32\Drivers\Mty84.sys [] S0 Ntb30;Ntb30;C:\WINDOWS\system32\Drivers\Ntb30.sys [] S0 Oub30;Oub30;C:\WINDOWS\system32\Drivers\Oub30.sys [] S0 Pwd06;Pwd06;C:\WINDOWS\system32\Drivers\Pwd06.sys [] S0 Qwd85;Qwd85;C:\WINDOWS\system32\Drivers\Qwd85.sys [] S0 Rag74;Rag74;C:\WINDOWS\system32\Drivers\Rag74.sys [] S0 Rxe06;Rxe06;C:\WINDOWS\system32\Drivers\Rxe06.sys [] S0 Rye41;Rye41;C:\WINDOWS\system32\Drivers\Rye41.sys [] S0 ubH74;ubH74;C:\WINDOWS\system32\Drivers\ubH74.sys [] S0 vcH41;vcH41;C:\WINDOWS\system32\Drivers\vcH41.sys [] S0 Vci06;Vci06;C:\WINDOWS\system32\Drivers\Vci06.sys [] S0 Vci28;Vci28;C:\WINDOWS\system32\Drivers\Vci28.sys [] S0 vcI52;vcI52;C:\WINDOWS\system32\Drivers\vcI52.sys [] S0 Vdj63;Vdj63;C:\WINDOWS\system32\Drivers\Vdj63.sys [] S0 Wdj41;Wdj41;C:\WINDOWS\system32\Drivers\Wdj41.sys [] S0 Xek73;Xek73;C:\WINDOWS\system32\Drivers\Xek73.sys [] S0 Yfl85;Yfl85;C:\WINDOWS\system32\Drivers\Yfl85.sys [] S0 Ygm62;Ygm62;C:\WINDOWS\system32\Drivers\Ygm62.sys [] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-01 19:38:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\dumprep.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-07-01 19:40:27 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-01 17:40:20 Pre-Run: 13,650,419,712 bytes free Post-Run: 27,006,910,464 bytes free 176 --- E O F --- 2008-05-28 22:21:06 WinNt64.dll --> cudoviste koji salje spam.

Profil

dr_Bora Poslao: 03 Jul 2008 21:04 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Tri stvari: 1) Gde u uputstvu za otvaranje teme piše da treba postaviti ComboFix logfile? Nigde. Idući put će tema biti obrisana. 2) U logu nema tragova USB infektora. 3) > Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\WinNt32.dl_ C:\WINDOWS\system32\cbOCR.dll Driver:: Agm06 Bhn85 biO28 Flr38 Iou17 Lrx52 msX52 Mty84 Ntb30 Oub30 Pwd06 Qwd85 Rag74 Rxe06 Rye41 ubH74 vcH41 Vci06 Vci28 vcI52 Vdj63 Wdj41 Xek73 Yfl85 Ygm62 Registry:: [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Agm06.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhn85.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\biO28.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Flr38.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Iou17.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lrx52.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msX52.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mty84.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ntb30.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oub30.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pwd06.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qwd85.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rag74.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rxe06.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rye41.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ubH74.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vcH41.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vci06.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vci28.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vcI52.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vdj63.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdj41.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xek73.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yfl85.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ygm62.sys] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

][v][ A T R I X™ Poslao: 04 Jul 2008 03:57 Idi na vrh
offline ][v][ A T R I X™ Legendarni građanin Pridružio: 28 Apr 2005 Poruke: 3686 Gde živiš: The Circle	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! dr_Bora ::Pozdrav... Tri stvari: 1) Gde u uputstvu za otvaranje teme piše da treba postaviti ComboFix logfile? Nigde. Idući put će tema biti obrisana. 2) U logu nema tragova USB infektora. Ne pise ali posto je problem isti kao u prethodnoj temi (sada u arhivi amb) postupio sam po istoj logici tj. savetu a to je Combofix. Mislim da je pozitivno da onaj ko trazi pomoc uradi i nesto samostalno kako bi olaksao posao onima od kojih trazi savet. Kada kazem USB infekcija mislim na put fizickog prenosa, ne na neki specificni USB malware Jer covek je nosio USB na posao gde je cela mreza racunara zarazena, pri ubacivanju USB-a trojanac se nakacio i sakrio (skeniranjem USB-a Avira je pronasla i eliminisala neki hidden .exe i .dll). Tako je cudoviste dospelo i na njegov home racunar. Za korak br. 3 ne mogu da uradim posto masina nije moja i nemam stalni pristup (moram da ugovorim odlazak na licino mesto). Inace tokom skeniranja by Combofix upravo jer je avira ostala enable-ovana i combo je obrisao deo trojanca i avira... od glave visak ne boli, full system scan kasnije nije nasao nikakve ostatke kao ni ponovno pokretanje combofixa. Sto znaci da je nezeljeni malware uspesno neutralisan, barem se nadam. Za notepad i taj custom conf fajl za combofix takodje nisam u mogucnosti trenutno da sprovedem u delo, iz gore navedenih razloga Just in case i ova dva koraka cu probati kada budem u prilici, premda sam 'naredio' da masina bude formatirana sto je pre moguce i sistem instaliran ponovo posto je ispao toliki problem da je korisnik privremeno skinut sa broadband interneta od strane provajdera zbog enormne kolicine spam-a koji je trojanac slao. Format resava sve.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Racunar koji voli Red Light District :)

Ko je trenutno na forumu

Ukupno su 849 korisnika na forumu :: 48 registrovanih, 6 sakrivenih i 795 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., aleksmajstor, Andrija357, babaroga, Battlehammer, Ben Roj, Bobrock1, Bojan85, bokisha253, darkangel, Denaya, djboj, DonRumataEstorski, FOX, ivan1973, Karla, kikisp, krkalon, laurusri, Marko Marković, Mercury, Milos ZA, MiroslavD, mrav pesadinac, Neutral-M, Oscar2, procesor, radoznao, raptorsi, Sirius, solic, SR-3m, Srle993, Stoilkovic, theNedjeljko, Trpe Grozni, tubular, vaso1, VJ, Vlad000, VP6919, W123, wizzardone, YU-UKI, Zimbabwe, Zoca, zziko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by