MyCity » Ambulanta -> Arhiva Ambulante » Virus-dsdmo32.dll

Virus-dsdmo32.dll

Napisano na dan: 8.1.2009
2

Virus-dsdmo32.dll
Pagination Prethodna strana

Idi na vrh

Poslao: 08 Jan 2009 22:15
Idi na vrh
offline
  • Pridružio: 18 Avg 2006
  • Poruke: 37

evo sad cu to da odradim mojne da se ljutis nego ja sam malo nervozan jel mi se sve ispokocilo i nervira me ne mogu da funkcionisem kako ja hocu...aj cim zavrsi kacim ti log

Poslao: 08 Jan 2009 22:19
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ne nerviram se Smile

Nisam ja nista mogao da shvatim sta si gore napisao o onom skidanju sa neta i placanju karticom.
Brate, meni srpski nije maternji jezik, ali imam osecaj da daleko vise postujem pravopis od vas kojima je to maternji Smile

Zato, daj ti meni log, pa cu da vidim sta mogu odatle da zakljucim.

Poslao: 08 Jan 2009 22:36
Idi na vrh
offline
  • Pridružio: 18 Avg 2006
  • Poruke: 37

Evo drugar:
ComboFix 09-01-08.01 - dexon 2009-01-08 21:17:47.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.224.79 [GMT 0:00]
Running from: c:\documents and settings\dexon\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\dexon\Application Data\020000003121d529511C.manifest
c:\documents and settings\dexon\Application Data\020000003121d529511O.manifest
c:\documents and settings\dexon\Application Data\020000003121d529511P.manifest
c:\documents and settings\dexon\Application Data\020000003121d529511S.manifest
c:\windows\system32\skinboxer43.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-08 03:49 . 2009-01-08 13:41 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-07 21:14 . 2009-01-08 00:50 <DIR> d-------- c:\documents and settings\dexon\Application Data\F-Secure
2009-01-07 21:13 . 2009-01-07 21:13 <DIR> d-------- c:\documents and settings\dexon\Application Data\PEX
2009-01-07 20:42 . 2009-01-07 20:42 <DIR> d-------- c:\documents and settings\dexon\Application Data\ispnews
2009-01-07 20:30 . 2009-01-08 18:02 <DIR> d-------- c:\program files\F-Secure Internet Security
2009-01-07 19:46 . 2009-01-07 20:27 63,335,624 --a------ C:\fs2006f.exe
2009-01-07 16:35 . 2009-01-07 23:10 135,168 --a------ c:\windows\system32\DSDMO32.1LL
2009-01-07 16:35 . 2009-01-07 16:35 135,168 --a------ c:\windows\system32\DSDMO32.0LL
2009-01-02 17:00 . 2009-01-02 17:00 11,809 ---hs---- C:\Folder.jpg
2009-01-02 17:00 . 2009-01-02 17:00 11,809 ---hs---- C:\AlbumArt_{07406626-9D3A-461C-8CF1-4EA34BECAF3D}_Large.jpg
2009-01-02 17:00 . 2009-01-02 17:00 2,719 ---hs---- C:\AlbumArtSmall.jpg
2009-01-02 17:00 . 2009-01-02 17:00 2,719 ---hs---- C:\AlbumArt_{07406626-9D3A-461C-8CF1-4EA34BECAF3D}_Small.jpg
2009-01-02 17:00 . 2009-01-02 17:00 293 ---hs---- C:\desktop.ini
2009-01-02 16:51 . 2009-01-02 16:51 6,911,864 --a------ C:\The Doors - Riders On The Storm.mp3
2009-01-02 16:43 . 2009-01-02 16:43 4,945,074 --a------ C:\Gin And Juice.mp3
2009-01-02 11:16 . 2009-01-08 18:05 <DIR> d-------- c:\documents and settings\dexon\Application Data\LimeWire
2009-01-02 11:15 . 2009-01-02 11:15 7,336,328 --a------ C:\LimeWireWin.exe
2009-01-01 21:34 . 2009-01-01 21:34 <DIR> d-------- c:\documents and settings\dexon\Application Data\Bitsoft
2009-01-01 21:33 . 2009-01-01 21:34 1,164,643 --a------ C:\atg.exe
2009-01-01 15:36 . 2009-01-01 15:36 532,616 --a------ C:\ImageResizerPowertoySetup.exe
2009-01-01 15:31 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-01-01 15:31 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-01-01 15:30 . 2009-01-01 15:30 150,192 --a------ C:\TweakUiPowertoySetup.exe
2009-01-01 14:26 . 2009-01-01 14:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-01 14:21 . 2009-01-08 03:49 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-01-01 14:07 . 2009-01-01 14:07 41,122,888 --a------ C:\acdsee.exe
2009-01-01 05:55 . 2009-01-01 05:55 459,551 --a------ C:\FastImageResizer_096.exe
2008-12-30 02:29 . 2008-12-30 03:55 67 --a------ c:\windows\#1 Video Converter.INI
2008-12-30 02:28 . 2008-12-30 02:28 <DIR> d-------- c:\program files\NO1 Video Converter
2008-12-12 17:25 . 2008-12-12 17:25 123,651 --a------ C:\m_abc56d92106448ab8d7d971285ff4883.gif

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 21:04 --------- d-----w c:\program files\Google
2009-01-08 18:06 --------- d-----w c:\program files\Vamp
2009-01-01 15:35 --------- d-sh--w c:\documents and settings\All Users\Application Data\MPK
2009-01-01 14:24 --------- d-----w c:\documents and settings\dexon\Application Data\ACD Systems
2009-01-01 14:22 --------- d-----w c:\program files\Yahoo!
2009-01-01 14:22 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-01 13:26 --------- d-----w c:\program files\Common Files\Adobe
2009-01-01 05:56 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-28 11:40 --------- d-----w c:\documents and settings\dexon\Application Data\uTorrent
2008-11-26 17:02 240,182 ----a-w C:\recovery-for-windows-live-setup.exe
2008-11-26 14:20 --------- d-----w c:\program files\ES Demo
2008-11-22 23:25 --------- d-----w c:\program files\FriendBlasterPro
2008-11-22 12:00 2,400,784 ----a-w C:\WLinstaller.exe
2008-11-22 11:42 84,175 ----a-w C:\tamper_data-10.1.0-fx.zip
2008-11-22 00:28 --------- d-----w c:\program files\Trojan Remover
2008-11-21 19:27 --------- d-----w c:\documents and settings\dexon\Application Data\Nokia
2008-11-21 18:41 --------- d-----w c:\documents and settings\dexon\Application Data\PC Suite
2008-11-21 18:41 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-11-21 18:38 --------- d-----w c:\program files\PC Connectivity Solution
2008-11-21 18:36 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-11-02 01:58 304,957 ----a-w C:\hjsplit.zip
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-19 14:03 5,033,984 ----a-w c:\program files\nero5003.exe
2008-10-19 14:03 283,648 ----a-w c:\windows\uninst.exe
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 09:32 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-01-08 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
"HTpatch"="c:\windows\htpatch.exe" [2003-03-27 28672]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-26 185896]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-22 1234312]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera 9.5 beta\\opera.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-08 21:20:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-08 21:22:51
ComboFix-quarantined-files.txt 2009-01-08 21:22:13
ComboFix2.txt 2008-11-22 15:15:02

Pre-Run: 2,620,399,616 bytes free
Post-Run: 2,937,786,368 bytes free

159 --- E O F --- 2008-12-24 22:49:42

Poslao: 08 Jan 2009 22:54
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Obrisi sledeca dva fajla:
c:\windows\system32\DSDMO32.1LL
c:\windows\system32\DSDMO32.0LL

To je sve sto vidim da je ostalo od malwarea na tvom kompu.

Nakon toga nadji sebi neki besplatan antivirus ukoliko vec nemas mogucnosti za neki komercijalan.
Imas gomilu besplatnih tipa Avira, Avast, AVG itd.

Kada budes instalirao neki od njih, proskeniraj pa javi da li je naisao na nesto ili je sve cisto.

Nakon toga cemo da uradimo deinstalaciju ComboFixa. Neka ga za sada jos uvek tu kod tebe, za svaki slucaj.

Poslao: 09 Jan 2009 20:32
Idi na vrh
offline
  • Pridružio: 18 Avg 2006
  • Poruke: 37

Svaka pohvala,cim sam obrisao ova dva fajla sto si mi rekao odmah se kompjuter vratio u normalu i radi kao nov.Bravo!Sutra cu da nadjem neki od ovih Antivirusa sto si mi napisao i da skinem,pa cu proskeniram i obavesticu te kakvo je stanje.Pozdrav.

Dopuna: 09 Jan 2009 20:31

Skinuo sam Avast i skenirao i nasao je jos neke i izbrisao ih...psle sam ga pustio jos jednom da skenira i nije nasao nista...za sad mi je sve Ok!
Samo i dalje imam problem kada upalim kompjuter sa onim sta sam ti napisao u prethodnim porukama:genuine microsoft software.

Dopuna: 09 Jan 2009 20:32

Jel mogu sada da izbrisem Combofix?

Poslao: 09 Jan 2009 20:43
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

dexon303 ::Samo i dalje imam problem kada upalim kompjuter sa onim sta sam ti napisao u prethodnim porukama:genuine microsoft software.
To znaci da nemas legitiman Windows.
Mi tu ne mozemo da ti pruzimo nikakvu podrsku osim da ti kazemo da kupis original.

Sto se tice ComboFixa, deinstalacija ide ovako:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

Poslao: 09 Jan 2009 21:12
Idi na vrh
offline
  • Pridružio: 18 Avg 2006
  • Poruke: 37

Hvala ti zaista puno sto si odvojio svoje vreme da mi pomognes.
Ja to postujem.Svako dobro i pozdrav i jos jednom ti hvala.

Poslao: 09 Jan 2009 21:18
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Wink

MyCity » Ambulanta -> Arhiva Ambulante » Virus-dsdmo32.dll

Ko je trenutno na forumu
 

Ukupno su 896 korisnika na forumu :: 6 registrovanih, 1 sakriven i 889 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Fabius, Marko Marković, opt1, Romibrat, SR-3m, TBF1D