MyCity » Ambulanta -> Arhiva Ambulante » Trojan - ne mogu ga ukloniti

Trojan - ne mogu ga ukloniti

Napisano na dan: 29.3.2009

Strana:
1
2

Trojan - ne mogu ga ukloniti

Sledeća strana

Pagination

Odgovori

Strana:
1
2

bambino Poslao: 29 Mar 2009 22:05 Idi na vrh
offline bambino Novi MyCity građanin Pridružio: 29 Mar 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! NOD32 je "uhvatio" par trojana, te mi prikazuje znak upozorenja svakih 10-ak minuta. Nakon sto pritisnem komandu "terminate", opet se pojave nakon nekog vremena. Pokusao sam napraviti i online scan na TrendMicro, ali bezuspjesno. Internet mi je znacajno usporio, kao i otvaranje pojedinih aplikacija. Evo loga: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:38:42, on 29.3.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\VIAudioi\SBADeck\ADeck.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [588a7752] rundll32.exe "C:\WINDOWS\system32\fgheqqqd.dll",b O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{27FEF9E6-2A8E-4D1F-B4AD-513377348629}: NameServer = 195.222.32.10 195.222.32.20 O20 - AppInit_DLLs: wkpuvg.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe -- End of file - 5044 bytes

Profil

dr_Bora Poslao: 29 Mar 2009 22:54 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

bambino Poslao: 30 Mar 2009 21:56 Idi na vrh
offline bambino Novi MyCity građanin Pridružio: 29 Mar 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Proveo sam proceduru, ali se desilo par stvari. Prilikom pokretanja ComboFixa, izbacivao mi je "warning" poruku da ComboFix nije kompatibilan sa mojim win-om. Nakon toga je uredno obavio scan, i dole ti saljem log file. Nakon što sam se konektovao na internet NOD je opet pokazao virus threat... Evo loga: ComboFix 09-03-29.04 - Korisnik 2009-03-30 21:34:39.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.511.195 [GMT 2:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe AV: Eset NOD32 antivirus system 2.51 On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\bekgjfkb.dll c:\windows\system32\dqqqehgf.ini c:\windows\system32\ffvghlqq.dll c:\windows\system32\fgheqqqd.dll c:\windows\system32\iifcDSlk.dll c:\windows\system32\jebtasqq.dll c:\windows\system32\klSDcfii.ini c:\windows\system32\klSDcfii.ini2 c:\windows\system32\mcrh.tmp c:\windows\system32\npbwhn.dll c:\windows\system32\ssqOHwvw.dll c:\windows\system32\twain32 c:\windows\system32\vtkwox.dll c:\windows\system32\wkpuvg.dll c:\windows\system32\xenldxqw.dll c:\windows\wiaserviv.log . ((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 ))))))))))))))))))))))))))))))) . 2009-03-30 21:28 . 2009-03-30 21:28 39,936 --a------ c:\windows\system32\cbXNFxxy.dll 2009-03-29 21:22 . 2009-03-29 21:22 39,936 --a------ c:\windows\system32\mlJBTkLc.dll 2009-03-29 13:54 . 2009-03-29 13:54 39,936 --a------ c:\windows\system32\yayyXPfg.dll 2009-03-29 13:36 . 2009-03-29 13:36 39,936 --a------ c:\windows\system32\tuvVMgDV.dll 2009-03-28 22:40 . 2009-03-29 15:03 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\HouseCall 6.6 2009-03-28 21:24 . 2009-03-28 21:24 39,936 --a------ c:\windows\system32\fccdcYQg.dll 2009-03-28 20:40 . 2009-03-28 20:40 39,936 --a------ c:\windows\system32\qoMfcAtT.dll 2009-03-28 20:23 . 2009-03-28 20:23 39,936 --a------ c:\windows\system32\yayvuRJy.dll 2009-03-28 20:23 . 2009-03-28 20:23 35,734 --a------ c:\windows\system32\pmnlmKbx.dll 2009-03-21 13:58 . 2009-03-23 22:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\NFS Underground 2009-03-21 13:48 . 2009-03-21 13:48 <DIR> d-------- c:\program files\EA GAMES 2009-03-21 12:03 . 2009-03-21 12:03 <DIR> d-------- c:\program files\Electronic Arts 2009-03-21 12:03 . 2007-10-22 04:39 267,272 --a------ c:\windows\system32\xactengine2_10.dll 2009-03-21 12:02 . 2007-10-12 16:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll 2009-03-21 12:02 . 2007-10-12 16:14 1,374,232 --a------ c:\windows\system32\D3DCompiler_36.dll 2009-03-21 12:02 . 2007-10-02 10:56 444,776 --a------ c:\windows\system32\d3dx10_36.dll 2009-02-19 15:27 . 2009-03-18 20:40 <DIR> d-------- c:\program files\Empire Interactive 2009-02-17 23:42 . 2009-02-18 20:36 <DIR> d-------- c:\program files\Microsoft Money 2005 2009-02-17 22:05 . 2009-02-17 22:02 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-02-17 22:01 . 2009-02-17 23:37 <DIR> d-------- c:\documents and settings\Korisnik\.housecall6.6 2009-02-15 22:22 . 2009-02-17 14:22 <DIR> d-------- c:\program files\Burrrn 2009-02-14 17:02 . 2009-02-14 17:02 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP CD Writer.bmp 2009-02-14 17:02 . 2009-02-14 17:02 13,768 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP CD Writer.dat 2009-02-14 17:02 . 2009-02-14 17:02 7,216 --a------ c:\windows\system32\CreatingCD.bin 2009-02-14 16:57 . 2009-02-14 17:04 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.bmp 2009-02-14 16:57 . 2009-02-14 17:04 2,989 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat 2009-02-14 16:54 . 2009-02-17 14:22 <DIR> d-------- c:\program files\Illustrate(2) 2009-02-10 19:51 . 2009-02-10 19:51 <DIR> d-------- c:\program files\ParallelGraphics 2009-02-10 19:51 . 2009-02-10 19:51 <DIR> d-------- c:\program files\Common Files\ParallelGraphics 2009-02-09 20:05 . 2009-02-09 20:05 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Ace 2009-02-09 14:25 . 2009-02-09 14:25 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Thinstall 2009-02-08 22:35 . 2009-02-08 22:35 268 --ah----- C:\sqmdata06.sqm 2009-02-08 22:35 . 2009-02-08 22:35 244 --ah----- C:\sqmnoopt06.sqm 2009-02-08 18:22 . 2009-02-08 18:22 268 --ah----- C:\sqmdata05.sqm 2009-02-08 18:22 . 2009-02-08 18:22 244 --ah----- C:\sqmnoopt05.sqm 2009-02-07 23:11 . 2009-02-07 23:11 268 --ah----- C:\sqmdata04.sqm 2009-02-07 23:11 . 2009-02-07 23:11 244 --ah----- C:\sqmnoopt04.sqm 2009-02-07 16:49 . 2009-02-07 16:49 268 --ah----- C:\sqmdata03.sqm 2009-02-07 16:49 . 2009-02-07 16:49 244 --ah----- C:\sqmnoopt03.sqm 2009-02-07 15:48 . 2009-02-07 15:48 268 --ah----- C:\sqmdata02.sqm 2009-02-07 15:48 . 2009-02-07 15:48 244 --ah----- C:\sqmnoopt02.sqm 2009-02-07 12:19 . 2009-02-07 12:19 268 --ah----- C:\sqmdata01.sqm 2009-02-07 12:19 . 2009-02-07 12:19 244 --ah----- C:\sqmnoopt01.sqm 2009-02-06 21:47 . 2009-02-06 21:47 268 --ah----- C:\sqmdata00.sqm 2009-02-06 21:47 . 2009-02-06 21:47 244 --ah----- C:\sqmnoopt00.sqm 2009-02-06 20:52 . 2009-02-06 20:52 <DIR> d-------- c:\documents and settings\Aida\Contacts 2009-02-06 20:49 . 2009-02-06 20:49 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-02-06 20:49 . 2009-02-06 20:49 <DIR> d-------- c:\program files\MSN Messenger . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-30 19:27 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-03-27 18:13 --------- d-----w c:\program files\Java 2009-03-26 20:03 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys 2009-03-18 18:52 --------- d-----w c:\program files\UBISOFT 2009-03-18 18:45 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-09 04:19 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-26 19:05 --------- d-----w c:\documents and settings\Korisnik\Application Data\LimeWire 2009-02-19 13:30 12,400 ----a-w c:\windows\system32\drivers\secdrv.sys 2009-01-29 17:54 --------- d-----w c:\program files\THQ 2009-01-29 13:56 --------- d-----w c:\documents and settings\Korisnik\Application Data\Image Zone Express . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}] 2009-03-28 20:23 39936 --a------ c:\windows\system32\yayvuRJy.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-15 133104] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768] "AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2006-03-20 516096] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-04-24 917504] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-01 113664] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\yayvuRJy.dll" [2009-03-28 39936] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"="c:\recycler\S-1-5-21-4963949661-0725138579-321253586-4095\hd1.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvuRJy] 2009-03-28 20:23 39936 c:\windows\system32\yayvuRJy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wkpuvg.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"= S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 Viacldpi;Viacldpi; [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . Contents of the 'Scheduled Tasks' folder 2009-03-30 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 19:31] 2009-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1417001333-725345543-1003.job - c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-15 21:45] 2009-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1417001333-725345543-1005.job - c:\documents and settings\Aida\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-26 13:35] . - - - - ORPHANS REMOVED - - - - BHO-{B8E495E6-3820-49E6-B334-43115004AA32} - c:\windows\system32\iifcDSlk.dll BHO-{cad434e4-5f32-4e59-87e4-a6f586229c98} - c:\windows\system32\wkpuvg.dll . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: imon.dll FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\qu7l717h.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]* FF - component: c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\qu7l717h.default\extensions\piclens@cooliris.com\components\piclensstub.dll FF - plugin: c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-03-30 21:45:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(524) c:\windows\system32\yayvuRJy.dll - - - - - - - > 'lsass.exe'(580) c:\windows\system32\imon.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\ESET\nod32krn.exe . ************************************************************************ . Completion time: 2009-03-30 21:48:39 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-30 19:48:36 ComboFix2.txt 2008-10-17 17:43:40 Pre-Run: 3.706.433.536 bytes free Post-Run: 5,281,591,296 bytes free 191

Profil

dr_Bora Poslao: 30 Mar 2009 22:17 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\cbXNFxxy.dll c:\windows\system32\mlJBTkLc.dll c:\windows\system32\yayyXPfg.dll c:\windows\system32\tuvVMgDV.dll c:\windows\system32\fccdcYQg.dll c:\windows\system32\qoMfcAtT.dll c:\windows\system32\yayvuRJy.dll c:\windows\system32\pmnlmKbx.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvuRJy] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"="" Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

bambino Poslao: 31 Mar 2009 13:25 Idi na vrh
offline bambino Novi MyCity građanin Pridružio: 29 Mar 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sad vec komp radi brze, a posebno internet. Medjutim, nakon konekcije opet je NOD izbacio virus threat (ovaj put samo jedan, a bilo ih je 4), cini mi se ovq ili owq trojan. Evo loga: ComboFix 09-03-29.04 - Korisnik 2009-03-30 22:25:47.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.511.255 [GMT 2:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt AV: Eset NOD32 antivirus system 2.51 On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\windows\system32\cbXNFxxy.dll c:\windows\system32\fccdcYQg.dll c:\windows\system32\mlJBTkLc.dll c:\windows\system32\pmnlmKbx.dll c:\windows\system32\qoMfcAtT.dll c:\windows\system32\tuvVMgDV.dll c:\windows\system32\yayvuRJy.dll c:\windows\system32\yayyXPfg.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\cbXNFxxy.dll c:\windows\system32\DJjTvyxx.ini c:\windows\system32\DJjTvyxx.ini2 c:\windows\system32\fccdcYQg.dll c:\windows\system32\mlJBTkLc.dll c:\windows\system32\pmnlmKbx.dll c:\windows\system32\qoMfcAtT.dll c:\windows\system32\tuvVMgDV.dll c:\windows\system32\xxyvTjJD.dll c:\windows\system32\yayvuRJy.dll c:\windows\system32\yayyXPfg.dll . ((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 ))))))))))))))))))))))))))))))) . 2009-03-30 22:22 . 2009-03-30 22:22 39,936 --a------ c:\windows\system32\opnmNDwu.dll 2009-03-30 21:53 . 2009-03-30 21:53 39,936 --a------ c:\windows\system32\tuvSIAsp.dll 2009-03-30 21:51 . 2009-03-30 21:51 45,814 --a------ c:\windows\system32\awtqRhEu.dll 2009-03-28 22:40 . 2009-03-29 15:03 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\HouseCall 6.6 2009-03-21 13:58 . 2009-03-23 22:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\NFS Underground 2009-03-21 13:48 . 2009-03-21 13:48 <DIR> d-------- c:\program files\EA GAMES 2009-03-21 12:03 . 2009-03-21 12:03 <DIR> d-------- c:\program files\Electronic Arts 2009-03-21 12:03 . 2007-10-22 04:39 267,272 --a------ c:\windows\system32\xactengine2_10.dll 2009-03-21 12:02 . 2007-10-12 16:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll 2009-03-21 12:02 . 2007-10-12 16:14 1,374,232 --a------ c:\windows\system32\D3DCompiler_36.dll 2009-03-21 12:02 . 2007-10-02 10:56 444,776 --a------ c:\windows\system32\d3dx10_36.dll 2009-02-19 15:27 . 2009-03-18 20:40 <DIR> d-------- c:\program files\Empire Interactive 2009-02-17 23:42 . 2009-02-18 20:36 <DIR> d-------- c:\program files\Microsoft Money 2005 2009-02-17 22:05 . 2009-02-17 22:02 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-02-17 22:01 . 2009-02-17 23:37 <DIR> d-------- c:\documents and settings\Korisnik\.housecall6.6 2009-02-15 22:22 . 2009-02-17 14:22 <DIR> d-------- c:\program files\Burrrn 2009-02-14 17:02 . 2009-02-14 17:02 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP CD Writer.bmp 2009-02-14 17:02 . 2009-02-14 17:02 13,768 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP CD Writer.dat 2009-02-14 17:02 . 2009-02-14 17:02 7,216 --a------ c:\windows\system32\CreatingCD.bin 2009-02-14 16:57 . 2009-02-14 17:04 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.bmp 2009-02-14 16:57 . 2009-02-14 17:04 2,989 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat 2009-02-14 16:54 . 2009-02-17 14:22 <DIR> d-------- c:\program files\Illustrate(2) 2009-02-10 19:51 . 2009-02-10 19:51 <DIR> d-------- c:\program files\ParallelGraphics 2009-02-10 19:51 . 2009-02-10 19:51 <DIR> d-------- c:\program files\Common Files\ParallelGraphics 2009-02-09 20:05 . 2009-02-09 20:05 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Ace 2009-02-09 14:25 . 2009-02-09 14:25 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Thinstall 2009-02-08 22:35 . 2009-02-08 22:35 268 --ah----- C:\sqmdata06.sqm 2009-02-08 22:35 . 2009-02-08 22:35 244 --ah----- C:\sqmnoopt06.sqm 2009-02-08 18:22 . 2009-02-08 18:22 268 --ah----- C:\sqmdata05.sqm 2009-02-08 18:22 . 2009-02-08 18:22 244 --ah----- C:\sqmnoopt05.sqm 2009-02-07 23:11 . 2009-02-07 23:11 268 --ah----- C:\sqmdata04.sqm 2009-02-07 23:11 . 2009-02-07 23:11 244 --ah----- C:\sqmnoopt04.sqm 2009-02-07 16:49 . 2009-02-07 16:49 268 --ah----- C:\sqmdata03.sqm 2009-02-07 16:49 . 2009-02-07 16:49 244 --ah----- C:\sqmnoopt03.sqm 2009-02-07 15:48 . 2009-02-07 15:48 268 --ah----- C:\sqmdata02.sqm 2009-02-07 15:48 . 2009-02-07 15:48 244 --ah----- C:\sqmnoopt02.sqm 2009-02-07 12:19 . 2009-02-07 12:19 268 --ah----- C:\sqmdata01.sqm 2009-02-07 12:19 . 2009-02-07 12:19 244 --ah----- C:\sqmnoopt01.sqm 2009-02-06 21:47 . 2009-02-06 21:47 268 --ah----- C:\sqmdata00.sqm 2009-02-06 21:47 . 2009-02-06 21:47 244 --ah----- C:\sqmnoopt00.sqm 2009-02-06 20:52 . 2009-02-06 20:52 <DIR> d-------- c:\documents and settings\Aida\Contacts 2009-02-06 20:49 . 2009-02-06 20:49 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-02-06 20:49 . 2009-02-06 20:49 <DIR> d-------- c:\program files\MSN Messenger . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-30 19:27 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-03-27 18:13 --------- d-----w c:\program files\Java 2009-03-26 20:03 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys 2009-03-18 18:52 --------- d-----w c:\program files\UBISOFT 2009-03-18 18:45 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-09 04:19 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-26 19:05 --------- d-----w c:\documents and settings\Korisnik\Application Data\LimeWire 2009-02-19 13:30 12,400 ----a-w c:\windows\system32\drivers\secdrv.sys 2009-01-29 17:54 --------- d-----w c:\program files\THQ 2009-01-29 13:56 --------- d-----w c:\documents and settings\Korisnik\Application Data\Image Zone Express . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-30 20:31:49 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5f0.dat + 2009-03-30 20:31:43 16,384 ----atw c:\windows\temp\Perflib_Perfdata_b4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-15 133104] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768] "AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2006-03-20 516096] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-04-24 917504] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-01 113664] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"="c:\recycler\S-1-5-21-4963949661-0725138579-321253586-4095\hd1.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"= S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 Viacldpi;Viacldpi; [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . Contents of the 'Scheduled Tasks' folder 2009-03-30 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 19:31] 2009-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1417001333-725345543-1003.job - c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-15 21:45] 2009-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1417001333-725345543-1005.job - c:\documents and settings\Aida\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-26 13:35] . - - - - ORPHANS REMOVED - - - - BHO-{535613E3-BADD-4A5E-A768-9085E48496C8} - c:\windows\system32\xxyvTjJD.dll . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: imon.dll FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\qu7l717h.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]* FF - component: c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\qu7l717h.default\extensions\piclens@cooliris.com\components\piclensstub.dll FF - plugin: c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-03-30 22:33:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(580) c:\windows\system32\imon.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\ESET\nod32krn.exe . ************************************************************************ . Completion time: 2009-03-30 22:36:35 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-30 20:36:32 ComboFix2.txt 2009-03-30 19:48:41 ComboFix3.txt 2008-10-17 17:43:40 Pre-Run: 5.282.664.448 bytes free Post-Run: 5,280,464,896 bytes free 186 Dopuna: 31 Mar 2009 13:25 Ništa, još uvijek problemi... Obavijest o virusima mi daje cim se konektujem na internet. Osim toga, prijavljuje mi bug na explorer.exe. Komp radi brze, ali problem nije riješen. Ima li kakva sugestija? Thanx

Profil

dr_Bora Poslao: 31 Mar 2009 14:14 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\opnmNDwu.dll c:\windows\system32\tuvSIAsp.dll c:\windows\system32\awtqRhEu.dll c:\recycler\S-1-5-21-4963949661-0725138579-321253586-4095\hd1.exe Driver:: Viacldpi Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

bambino Poslao: 31 Mar 2009 15:28 Idi na vrh
offline bambino Novi MyCity građanin Pridružio: 29 Mar 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odradio proceduru, ali nije dovrsio log file niti nakon sat vremena. Restartovao sam komp, i dosad ne javlja nista o virusima. Hocu li ponoviti postupak?

Profil

dr_Bora Poslao: 31 Mar 2009 18:32 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dvoklikom pokreni ComboFix i postavi log koji dobiješ.

Profil

bambino Poslao: 31 Mar 2009 20:03 Idi na vrh
offline bambino Novi MyCity građanin Pridružio: 29 Mar 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo loga: ComboFix 09-03-29.04 - Korisnik 2009-03-31 19:45:36.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.511.247 [GMT 2:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe AV: Eset NOD32 antivirus system 2.51 On-access scanning disabled (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\DdKRBJlm.ini c:\windows\system32\DdKRBJlm.ini2 c:\windows\system32\diqlyjwo.dll c:\windows\system32\ghvtcutt.dll c:\windows\system32\mlJBRKdD.dll c:\windows\system32\nghgjhyx.dll c:\windows\system32\nkyioltv.ini c:\windows\system32\vbflgo.dll c:\windows\system32\vekpkrrt.dll c:\windows\system32\vtloiykn.dll c:\windows\system32\yeowftcc.dll . ---- Previous Run ------- . c:\recycler\S-1-5-21-4963949661-0725138579-321253586-4095\hd1.exe c:\windows\system32\awtqRhEu.dll c:\windows\system32\echiuh.dll c:\windows\system32\ehflkafh.dll c:\windows\system32\opnmNDwu.dll c:\windows\system32\opnNHBtU.dll c:\windows\system32\svnrdbfi.dll c:\windows\system32\tuvSIAsp.dll c:\windows\system32\UtBHNnpo.ini c:\windows\system32\UtBHNnpo.ini2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Viacldpi ((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 ))))))))))))))))))))))))))))))) . 2009-03-31 14:41 . 2009-03-31 14:41 39,936 --a------ c:\windows\system32\byXQGwUL.dll 2009-03-31 13:19 . 2009-03-31 13:19 39,936 --a------ c:\windows\system32\fcccaXon.dll 2009-03-31 13:18 . 2009-03-31 13:18 39,936 --a------ c:\windows\system32\rqRHXrPg.dll 2009-03-30 22:39 . 2009-03-30 22:39 42,934 --a------ c:\windows\system32\hgGyvwXr.dll 2009-03-30 22:39 . 2009-03-30 22:39 39,936 --a------ c:\windows\system32\ljJBrOfD.dll 2009-03-28 22:40 . 2009-03-29 15:03 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\HouseCall 6.6 2009-03-21 13:58 . 2009-03-23 22:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\NFS Underground 2009-03-21 13:48 . 2009-03-21 13:48 <DIR> d-------- c:\program files\EA GAMES 2009-03-21 12:03 . 2009-03-21 12:03 <DIR> d-------- c:\program files\Electronic Arts 2009-03-21 12:03 . 2007-10-22 04:39 267,272 --a------ c:\windows\system32\xactengine2_10.dll 2009-03-21 12:02 . 2007-10-12 16:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll 2009-03-21 12:02 . 2007-10-12 16:14 1,374,232 --a------ c:\windows\system32\D3DCompiler_36.dll 2009-03-21 12:02 . 2007-10-02 10:56 444,776 --a------ c:\windows\system32\d3dx10_36.dll 2009-02-19 15:27 . 2009-03-18 20:40 <DIR> d-------- c:\program files\Empire Interactive 2009-02-17 23:42 . 2009-02-18 20:36 <DIR> d-------- c:\program files\Microsoft Money 2005 2009-02-17 22:05 . 2009-02-17 22:02 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-02-17 22:01 . 2009-02-17 23:37 <DIR> d-------- c:\documents and settings\Korisnik\.housecall6.6 2009-02-15 22:22 . 2009-02-17 14:22 <DIR> d-------- c:\program files\Burrrn 2009-02-14 17:02 . 2009-02-14 17:02 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP CD Writer.bmp 2009-02-14 17:02 . 2009-02-14 17:02 13,768 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP CD Writer.dat 2009-02-14 17:02 . 2009-02-14 17:02 7,216 --a------ c:\windows\system32\CreatingCD.bin 2009-02-14 16:57 . 2009-02-14 17:04 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.bmp 2009-02-14 16:57 . 2009-02-14 17:04 2,989 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat 2009-02-14 16:54 . 2009-02-17 14:22 <DIR> d-------- c:\program files\Illustrate(2) 2009-02-10 19:51 . 2009-02-10 19:51 <DIR> d-------- c:\program files\ParallelGraphics 2009-02-10 19:51 . 2009-02-10 19:51 <DIR> d-------- c:\program files\Common Files\ParallelGraphics 2009-02-09 20:05 . 2009-02-09 20:05 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Ace 2009-02-09 14:25 . 2009-02-09 14:25 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Thinstall 2009-02-08 22:35 . 2009-02-08 22:35 268 --ah----- C:\sqmdata06.sqm 2009-02-08 22:35 . 2009-02-08 22:35 244 --ah----- C:\sqmnoopt06.sqm 2009-02-08 18:22 . 2009-02-08 18:22 268 --ah----- C:\sqmdata05.sqm 2009-02-08 18:22 . 2009-02-08 18:22 244 --ah----- C:\sqmnoopt05.sqm 2009-02-07 23:11 . 2009-02-07 23:11 268 --ah----- C:\sqmdata04.sqm 2009-02-07 23:11 . 2009-02-07 23:11 244 --ah----- C:\sqmnoopt04.sqm 2009-02-07 16:49 . 2009-02-07 16:49 268 --ah----- C:\sqmdata03.sqm 2009-02-07 16:49 . 2009-02-07 16:49 244 --ah----- C:\sqmnoopt03.sqm 2009-02-07 15:48 . 2009-02-07 15:48 268 --ah----- C:\sqmdata02.sqm 2009-02-07 15:48 . 2009-02-07 15:48 244 --ah----- C:\sqmnoopt02.sqm 2009-02-07 12:19 . 2009-02-07 12:19 268 --ah----- C:\sqmdata01.sqm 2009-02-07 12:19 . 2009-02-07 12:19 244 --ah----- C:\sqmnoopt01.sqm 2009-02-06 21:47 . 2009-02-06 21:47 268 --ah----- C:\sqmdata00.sqm 2009-02-06 21:47 . 2009-02-06 21:47 244 --ah----- C:\sqmnoopt00.sqm 2009-02-06 20:52 . 2009-02-06 20:52 <DIR> d-------- c:\documents and settings\Aida\Contacts 2009-02-06 20:49 . 2009-02-06 20:49 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-02-06 20:49 . 2009-02-06 20:49 <DIR> d-------- c:\program files\MSN Messenger . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-30 19:27 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-03-27 18:13 --------- d-----w c:\program files\Java 2009-03-26 20:03 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys 2009-03-18 18:52 --------- d-----w c:\program files\UBISOFT 2009-03-18 18:45 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-09 04:19 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-26 19:05 --------- d-----w c:\documents and settings\Korisnik\Application Data\LimeWire 2009-02-19 13:30 12,400 ----a-w c:\windows\system32\drivers\secdrv.sys 2009-01-29 17:54 --------- d-----w c:\program files\THQ 2009-01-29 13:56 --------- d-----w c:\documents and settings\Korisnik\Application Data\Image Zone Express . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-31 17:51:50 16,384 ----atw c:\windows\temp\Perflib_Perfdata_2b4.dat + 2009-03-31 17:53:18 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6c0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{676F3403-0B4D-4C34-87CE-894BA73CC7AA}] c:\windows\system32\opnNHBtU.dll [BU] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}] 2009-03-30 22:39 39936 --a------ c:\windows\system32\ljJBrOfD.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-15 133104] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768] "AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2006-03-20 516096] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-04-24 917504] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-01 113664] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\ljJBrOfD.dll" [2009-03-30 39936] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJBrOfD] 2009-03-30 22:39 39936 c:\windows\system32\ljJBrOfD.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"= S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . Contents of the 'Scheduled Tasks' folder 2009-03-31 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 19:31] 2009-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1417001333-725345543-1003.job - c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-15 21:45] 2009-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1417001333-725345543-1005.job - c:\documents and settings\Aida\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-26 13:35] . - - - - ORPHANS REMOVED - - - - BHO-{7C0CCD2B-1A5E-4E98-94A3-81A5C4390650} - c:\windows\system32\mlJBRKdD.dll . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: imon.dll FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\qu7l717h.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]* FF - component: c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\qu7l717h.default\extensions\piclens@cooliris.com\components\piclensstub.dll FF - plugin: c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-03-31 19:53:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(524) c:\windows\system32\ljJBrOfD.dll - - - - - - - > 'lsass.exe'(580) c:\windows\system32\imon.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\ESET\nod32krn.exe . ************************************************************************ . Completion time: 2009-03-31 19:57:24 - machine was rebooted [Korisnik] ComboFix-quarantined-files.txt 2009-03-31 17:57:12 ComboFix2.txt 2009-03-30 20:36:37 ComboFix3.txt 2009-03-30 19:48:41 ComboFix4.txt 2008-10-17 17:43:40 Pre-Run: 5,268,500,480 bytes free Post-Run: 5,265,637,376 bytes free 201

Profil

dr_Bora Poslao: 31 Mar 2009 22:49 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\byXQGwUL.dll c:\windows\system32\fcccaXon.dll c:\windows\system32\rqRHXrPg.dll c:\windows\system32\hgGyvwXr.dll c:\windows\system32\ljJBrOfD.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{676F3403-0B4D-4C34-87CE-894BA73CC7AA}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJBrOfD]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Trojan - ne mogu ga ukloniti

Ko je trenutno na forumu

Ukupno su 1939 korisnika na forumu :: 113 registrovanih, 8 sakrivenih i 1818 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 33 bren, A.R.Chafee.Jr., airsuba, amblemi_vrs, aramis s, Aristotle2002, Arsenije, Avalon015, Bane san, bobomicek, bokicacar, Borski1977, boxbole, BSD, bufanje, bunker, chitach, Cicumile, Citalac, Colt D, cptVLK, dano, Darth Malak, Dejan_vw, dekan.m, dekiz, Denaya, DezurniOperativni, dj.ape, djuradj, Dorcolac, Dugme1984, dulleo, dusko barajevo, Dzuki, ElvisP, engel, EXIT78, geo.dule, Istman, ivan1973, Jablan, Jan, Kamov, klepesina, KonstantinR, kubura91, larix, Lazur_01, littlebunny, LostInSpaceandTime, Lotus, lucko1, lukisa, Macalone, Marko43, Maschinekalibar, maxim_von_burdengate, mačković, mercedesamg, Mercury, mexo, Miki 84, milutin134, moldway, MrNo, Nemanja.M, nenad81, neutrino, nevjerna beba, Novakomp, Orc, orfanel, Paklenica, Pantelejmon, Papadubi, perko91, PITT, pobeda, Povratak1912, proka89, Radio operater, raso76, Resad76, Rogan33, Sale0501, samsung, sap, saputnik plavetnila, Saša1989, sekretar, shiro, Sir Budimir, Skenderbeg, stefanmpurtic, tanakadzo, tomo2, TRZH92, V-98, vathra, Velizar Laro, vjekosuki, Vlada1389, vukajlo71, VX1, xAlex2, Zastava, ZlatniRez, Zmaj Tolak, Zoran1959, Zorge, Zrcalo, Živković

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by