Stigli i mene virusi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

* Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana.
* Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


-------------------------------------------------------------------------------------



Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\program files\Common Files\hozidorec.dat
c:\documents and settings\All Users\Application Data\luzu.sys
c:\windows\system32\hocilevyb.dat
c:\windows\system32\kiqibok._dl
c:\program files\Common Files\inuji.pif
c:\windows\vadaxaw._dl
c:\windows\iqax.dl
c:\documents and settings\Bosko\Application Data\milonyrol.dll
c:\documents and settings\All Users\Application Data\ityvuz.dll
c:\windows\system32\usyhazy.scr
c:\program files\Common Files\vaboj.bin
c:\documents and settings\Bosko\Application Data\nusihoraje.bat
c:\documents and settings\Bosko\Application Data\anadexuca.pif
c:\program files\Common Files\ypuqyrery.dll
c:\windows\system32\duhomisuse.pif
c:\windows\egajyke.pif
c:\windows\system32\otehyf.vbs
c:\windows\system32\azobocis.sys
c:\documents and settings\Bosko\Application Data\ulelobexis.scr
c:\documents and settings\All Users\Application Data\ytomofomo.reg
c:\windows\system32\jesos.vbs
c:\windows\arilu.ban
c:\program files\Common Files\bumapod.com
c:\windows\system32\zozo.dat
c:\windows\yhege.bin
c:\program files\Common Files\bakunyhem.sys
c:\documents and settings\All Users\Application Data\ygon.sys
c:\windows\ezuloh.dat
c:\documents and settings\All Users\Application Data\ekadyny.dll
c:\documents and settings\Bosko\Application Data\bane.scr
c:\documents and settings\Bosko\Application Data\uvoraje.com
c:\documents and settings\All Users\Application Data\obuhi.vbs
C:\WINDOWS\system32\avooghj.dll

Folder::
c:\program files\XPProtectionCenter

Driver::
dyfakg
vplhr

NetSvc::
vplhr

DirLook::
c:\documents and settings\Bosko\Application Data\iWin


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

E,mislim da sam sve obrisao al ajde proveri
Logfile of HijackThis v1.99.1
Scan saved at 19:56, on 2008-12-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
C:\Documents and Settings\Bosko\Desktop\HijackThis1991.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "d:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Treba mi ovaj file: C:\ComboFix.txt

a ne HijackThis log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pa ne mogu da ga nadjem,kad sam prevukao cfscript,sve lepo odradi ali kad krene da se restartuje,kompjuter se ukoci.
P.S. Promenio sam AVG,sad imam Kaspera.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

To si mogao odmah da kažeš.

Privremeno deaktiviraj KAV i dvoklikom pokreni ComboFix - postavi log koji dobiješ da bih mogao videti kakvo je sada stanje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izvini sto nisam odmah rekao za kaspera


ComboFix 08-12-01.03 - Bosko 2008-12-02 23:16:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1544 [GMT 1:00]
Running from: c:\documents and settings\Bosko\Desktop\C-F.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\ekadyny.dll
c:\documents and settings\All Users\Application Data\ityvuz.dll
c:\documents and settings\All Users\Application Data\luzu.sys
c:\documents and settings\All Users\Application Data\obuhi.vbs
c:\documents and settings\All Users\Application Data\ygon.sys
c:\documents and settings\All Users\Application Data\ytomofomo.reg
c:\documents and settings\Bosko\Application Data\anadexuca.pif
c:\documents and settings\Bosko\Application Data\bane.scr
c:\documents and settings\Bosko\Application Data\milonyrol.dll
c:\documents and settings\Bosko\Application Data\nusihoraje.bat
c:\documents and settings\Bosko\Application Data\ulelobexis.scr
c:\documents and settings\Bosko\Application Data\uvoraje.com
c:\program files\Common Files\bakunyhem.sys
c:\program files\Common Files\bumapod.com
c:\program files\Common Files\hozidorec.dat
c:\program files\Common Files\inuji.pif
c:\program files\Common Files\vaboj.bin
c:\program files\Common Files\ypuqyrery.dll
c:\program files\XPProtectionCenter
c:\program files\XPProtectionCenter\Uninstall.exe
c:\windows\arilu.ban
c:\windows\egajyke.pif
c:\windows\ezuloh.dat
c:\windows\iqax.dl
c:\windows\system32\azobocis.sys
c:\windows\system32\duhomisuse.pif
c:\windows\system32\hocilevyb.dat
c:\windows\system32\jesos.vbs
c:\windows\system32\kiqibok._dl
c:\windows\system32\otehyf.vbs
c:\windows\system32\usyhazy.scr
c:\windows\system32\zozo.dat
c:\windows\vadaxaw._dl
c:\windows\yhege.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VPLHR
-------\Service_dyfakg
-------\Service_vplhr


((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-12-02 13:30 . 2008-12-02 13:30 <DIR> d-------- c:\documents and settings\Bosko\Application Data\ImTOO Software Studio
2008-12-02 13:26 . 2008-12-02 13:26 <DIR> d-------- c:\program files\ImTOO
2008-12-02 12:30 . 2008-12-02 12:30 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-12-02 12:30 . 2008-12-02 12:30 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-12-02 12:29 . 2008-12-02 23:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-02 12:29 . 2008-12-02 23:18 1,107,488 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-02 12:29 . 2008-12-02 23:20 229,408 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-02 12:29 . 2008-12-02 23:18 10,780 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-02 12:29 . 2008-12-02 23:18 2,884 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-27 13:33 . 2008-11-27 13:33 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-27 10:55 . 2008-11-27 10:55 421,888 --a------ c:\windows\system32\RealMediaSplitter.ax
2008-11-25 15:58 . 2008-11-27 18:17 <DIR> d-------- c:\program files\AxBx
2008-11-21 13:35 . 2008-11-21 13:35 <DIR> d-------- c:\documents and settings\Bosko\Application Data\Media Player Classic
2008-11-20 10:01 . 2008-11-20 10:01 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-20 10:01 . 2008-11-20 10:01 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-11-20 09:46 . 2008-11-20 09:46 <DIR> d-------- C:\USBFlashDriver
2008-11-20 09:46 . 2006-11-02 09:09 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-11-20 09:46 . 2007-09-25 16:37 20,520 --a------ c:\windows\system32\drivers\ggsemc.sys
2008-11-20 09:46 . 2007-09-25 16:37 13,352 --a------ c:\windows\system32\drivers\ggflt.sys
2008-11-20 00:23 . 2008-11-20 00:23 <DIR> d-------- c:\program files\Memeo
2008-11-20 00:23 . 2008-11-20 00:25 <DIR> d-------- c:\program files\Common Files\eSellerate
2008-11-20 00:23 . 2008-11-20 00:23 <DIR> d-------- c:\documents and settings\Bosko\Application Data\Memeo
2008-11-19 23:58 . 2007-03-12 23:34 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-19 23:58 . 2007-03-12 23:34 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-19 23:58 . 2007-03-12 23:34 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-18 22:33 . 2008-11-18 22:33 <DIR> d-------- c:\program files\Microsoft Office Outlook Connector
2008-11-18 22:32 . 2008-09-04 22:03 56,344 --a------ c:\windows\system32\drivers\fssfltr.sys
2008-11-18 22:30 . 2008-11-18 22:30 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-18 22:30 . 2006-10-08 21:51 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-11-18 22:13 . 2008-11-18 22:13 <DIR> d-------- c:\program files\Microsoft
2008-11-18 21:35 . 2008-11-18 21:35 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-11-18 21:25 . 2008-11-18 22:32 <DIR> d-------- c:\program files\Windows Live
2008-11-18 21:15 . 2008-11-27 18:19 <DIR> d-------- c:\documents and settings\Bosko\Application Data\Hamachi
2008-11-18 21:15 . 2008-11-18 21:15 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2008-11-18 12:21 . 2008-11-18 12:21 <DIR> d-------- c:\program files\Avanquest update
2008-11-18 12:21 . 2008-11-18 12:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2008-11-18 12:21 . 2007-06-19 09:51 107,304 --a------ c:\windows\system32\drivers\s816mdm.sys
2008-11-18 12:21 . 2007-06-19 09:51 99,112 --a------ c:\windows\system32\drivers\s816mgmt.sys
2008-11-18 12:21 . 2007-06-19 09:51 97,704 --a------ c:\windows\system32\drivers\s816unic.sys
2008-11-18 12:21 . 2007-06-19 09:51 97,320 --a------ c:\windows\system32\drivers\s816obex.sys
2008-11-18 12:21 . 2007-06-19 09:51 81,832 --a------ c:\windows\system32\drivers\s816bus.sys
2008-11-18 12:21 . 2007-06-19 09:51 21,928 --a------ c:\windows\system32\drivers\s816nd5.sys
2008-11-18 12:21 . 2007-06-19 09:51 13,864 --a------ c:\windows\system32\drivers\s816mdfl.sys
2008-11-18 12:21 . 2007-06-19 09:51 11,176 --a------ c:\windows\system32\drivers\s816whnt.sys
2008-11-18 12:21 . 2007-06-19 09:51 11,176 --a------ c:\windows\system32\drivers\s816wh.sys
2008-11-18 12:21 . 2007-06-19 09:51 11,176 --a------ c:\windows\system32\drivers\s816cmnt.sys
2008-11-18 12:21 . 2007-06-19 09:51 11,176 --a------ c:\windows\system32\drivers\s816cm.sys
2008-11-18 12:21 . 2007-06-19 09:51 9,768 --a------ c:\windows\system32\drivers\s816cr.sys
2008-11-18 12:20 . 2008-11-18 12:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-11-17 17:33 . 2008-11-17 17:33 268 --ah----- C:\sqmdata19.sqm
2008-11-17 17:33 . 2008-11-17 17:33 244 --ah----- C:\sqmnoopt19.sqm
2008-11-17 13:51 . 2008-11-17 13:55 <DIR> d-------- c:\program files\FlashGet
2008-11-17 13:25 . 2008-11-17 13:25 268 --ah----- C:\sqmdata18.sqm
2008-11-17 13:25 . 2008-11-17 13:25 244 --ah----- C:\sqmnoopt18.sqm
2008-11-17 13:20 . 2008-11-17 13:20 268 --ah----- C:\sqmdata17.sqm
2008-11-17 13:20 . 2008-11-17 13:20 244 --ah----- C:\sqmnoopt17.sqm
2008-11-17 13:19 . 2008-11-17 13:25 728,858 --a------ c:\program files\Common Files\unins000.exe
2008-11-17 13:19 . 2008-11-17 13:25 5,340 --a------ c:\program files\Common Files\unins000.dat
2008-11-13 18:02 . 2008-11-13 18:02 268 --ah----- C:\sqmdata16.sqm
2008-11-13 18:02 . 2008-11-13 18:02 244 --ah----- C:\sqmnoopt16.sqm
2008-11-13 17:23 . 2008-11-13 17:23 <DIR> d-------- c:\documents and settings\Bosko\Application Data\iWin
2008-11-12 23:48 . 2008-11-12 23:48 268 --ah----- C:\sqmdata15.sqm
2008-11-12 23:48 . 2008-11-12 23:48 244 --ah----- C:\sqmnoopt15.sqm
2008-11-12 22:49 . 2008-11-12 22:49 268 --ah----- C:\sqmdata14.sqm
2008-11-12 22:49 . 2008-11-12 22:49 244 --ah----- C:\sqmnoopt14.sqm
2008-11-12 17:47 . 2008-11-12 17:47 268 --ah----- C:\sqmdata13.sqm
2008-11-12 17:47 . 2008-11-12 17:47 244 --ah----- C:\sqmnoopt13.sqm
2008-11-11 20:00 . 2008-11-11 20:00 218,376 --a------ c:\windows\system32\klogon.dll
2008-11-11 19:58 . 2008-11-11 19:58 25,601 --a------ c:\windows\system32\drivers\klopp.dat
2008-11-10 00:11 . 2008-11-10 00:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-10 00:11 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-11-10 00:11 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-11-10 00:11 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-11-10 00:11 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-11-10 00:11 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-11-10 00:06 . 2008-11-10 00:06 <DIR> d-------- c:\windows\Logs
2008-11-02 16:50 . 2008-11-02 16:50 <DIR> d-------- c:\program files\NCT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 16:26 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-28 16:14 --------- d-----w c:\documents and settings\Bosko\Application Data\uTorrent
2008-11-28 16:14 --------- d-----w c:\documents and settings\Bosko\Application Data\Sports Interactive
2008-11-27 12:33 --------- d-----w c:\program files\Java
2008-11-23 12:56 10,186 ----a-w c:\program files\Common Files\rucoqalux.lib
2008-11-18 21:53 --------- d-----w c:\program files\Common Files\Adobe
2008-11-18 11:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 23:57 --------- d-----w c:\program files\Sports Interactive
2008-11-17 20:04 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-03 17:54 --------- d-----w c:\documents and settings\Bosko\Application Data\GetRightToGo
2008-11-03 16:57 --------- d-----w c:\program files\Garena
2008-10-31 11:36 --------- d-----w c:\documents and settings\Bosko\Application Data\Image Zone Express
2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-19 11:02 729,088 ----a-w c:\windows\iun6002.exe
2008-10-17 16:35 --------- d-----w c:\program files\Valve
2008-10-17 06:09 602,112 ----a-w c:\windows\system32\nvapi.dll
2008-09-27 21:48 286,720 ----a-w c:\windows\iun506.exe
2008-09-18 14:47 940,304 ----a-w c:\windows\system32\msjava.dll
2008-09-18 14:47 73,728 ----a-w c:\windows\system32\CompressATI2.dll
2008-09-18 14:47 430,088 ----a-w c:\windows\system32\D3D10SDKLayers.DLL
2008-09-18 14:47 1,171,456 ----a-w c:\windows\system32\msvcr80d.dll
2008-09-14 20:21 22,016 ----a-w c:\windows\system32\gcpta.dll
2008-09-08 23:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2008-09-05 14:56 287,744 ----a-w c:\windows\WLXPGSS.SCR
2008-07-26 15:26 22,328 ----a-w c:\documents and settings\Bosko\Application Data\PnkBstrK.sys
2008-05-21 21:02 88,712 ----a-w c:\program files\StartPortableApps.exe
.

((((((((((((((((((((((((((((( snapshot@2008-12-01_20.16.35.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-21 16:34:36 121,872 ----a-w c:\windows\system32\drivers\kl1.sys
+ 2008-01-29 16:29:38 32,784 ----a-w c:\windows\system32\drivers\klbg.sys
+ 2008-12-02 11:28:52 227,344 ----a-w c:\windows\system32\drivers\klif.sys
+ 2008-04-30 16:06:48 24,592 ----a-w c:\windows\system32\drivers\klim5.sys
+ 2008-11-27 09:55:30 278,528 ----a-w c:\windows\system32\pncrt.dll
+ 2008-11-27 09:55:32 181,736 ----a-w c:\windows\system32\rmoc3260.dll
+ 2008-12-02 22:19:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_644.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"DAEMON Tools"="d:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-22 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-09 3513344]
"Sony Ericsson PC Suite"="d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-14 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-14 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088]
"nwiz"="nwiz.exe" [2007-02-14 c:\windows\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 c:\windows\AGRSMMSG.exe]
"C-Media Mixer"="Mixer.exe" [2004-08-11 c:\windows\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-07-26 1205840]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Bosko\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"d:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\Bosko\\My Documents\\Portable_Firefox_3.0_Multilingual\\Firefox 3\\App\\firefox\\firefox.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Bosko\\Desktop\\Counter Strike 1.6 Portable\\root\\cstrike.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1203:UDP"= 1203:UDP:Windows Media Format SDK (firefox.exe)
"1202:UDP"= 1202:UDP:Windows Media Format SDK (firefox.exe)
"1206:UDP"= 1206:UDP:Windows Media Format SDK (firefox.exe)
"3666:TCP"= 3666:TCP:WWW

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2008-07-26 9216]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-11-18 56344]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2008-07-26 104344]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2008-07-26 69656]
S3 fsssvc;Windows Live Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2008-09-04 512536]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-11-20 13352]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2008-09-21 29184]
S3 PciCon;PciCon;\??\E:\PciCon.sys []
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2008-11-18 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2008-11-18 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2008-11-18 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2008-11-18 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2008-11-18 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2008-11-18 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2008-11-18 97704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c60c4f11-5b11-11dd-beed-001109c35801}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\At1.job
- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 22:50]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 23:19:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\ac3acm.acm
c:\windows\system32\vorbis.acm
c:\windows\system32\sirenacm.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-12-02 23:21:55 - machine was rebooted [Bosko]
ComboFix-quarantined-files.txt 2008-12-02 22:21:53
ComboFix2.txt 2008-12-01 19:17:22

Pre-Run: 19,177,238,528 bytes free
Post-Run: 19,175,071,744 bytes free

290

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Fino.


Obriši file: c:\program files\Common Files\rucoqalux.lib




Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.



Takođe, napiši i kakvo je sada stanje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo izgleda ok.

Kakvo je sada stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ekstra,radi isto dobro kao i pre.Hvala na svemu.