Možda tražite i:
Nepobedivi virus VIRUT W32.CF
virus,virusi ili....
mbam i sas nasli viruse dali su to stvarno virusi?

MyCity » Ambulanta -> Arhiva Ambulante » Virus pomoć

Virus pomoć

Napisano na dan: 29.11.2008

Virus pomoć

Sledeća strana

Pagination

Odgovori

mita08 Poslao: 29 Nov 2008 14:49 Idi na vrh
offline mita08 Novi MyCity građanin Pridružio: 29 Nov 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo i putanje do virusa, ima ih više (kopirao sam log fajl iz NOD32) 29.11.2008 14:35:44 Real-time file system protection file C:\WINDOWS\system32\dse235rgd0.dll probably a variant of Win32/Spy.Banker trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\kxvo.exe. 29.11.2008 14:34:17 Real-time file system protection file C:\WINDOWS\system32\wedasgads0.dll probably a variant of Win32/PSW.OnLineGames trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\WINDOWS\system32\taskmgr.exe. 29.11.2008 14:34:13 Real-time file system protection file D:\dwg3gngs.exe a variant of Win32/Pacex.Gen virus unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. 29.11.2008 14:34:06 Real-time file system protection file C:\dwg3gngs.exe a variant of Win32/Pacex.Gen virus unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:39:21, on 29.11.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20815) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\File Seeker\FSeekerDBUpdater.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Dijuf\Desktop\New Folder\TR3.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [FileSeekerUpdater] "C:\Program Files\File Seeker\FSeekerDBUpdater.exe" -start O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 7272 bytes

Profil

diarno Poslao: 29 Nov 2008 17:33 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav ... Uradi sledece : Privremeno iskljuci NOD32: Ukoliko je verzija 2.xx * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Ukoliko je verzija 3.xx Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

mita08 Poslao: 29 Nov 2008 21:19 Idi na vrh
offline mita08 Novi MyCity građanin Pridružio: 29 Nov 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo log fajl: ComboFix 08-11-29.02 - Dijuf 2008-11-29 21:11:04.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.389 [GMT 1:00] Running from: c:\documents and settings\Dijuf\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\documents and settings\Dijuf\Application Data\google\runhh6110411.exe c:\windows\system32\kxvo.exe c:\windows\system32\x64 D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 ))))))))))))))))))))))))))))))) . 2008-11-29 09:27 . 2005-10-05 15:44 170,220 -r-hs---- C:\dwg3gngs.exe 2008-11-28 21:44 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg 2008-11-28 21:28 . 2008-11-28 21:28 <DIR> d-------- c:\program files\ESET 2008-11-28 21:28 . 2008-11-28 21:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET 2008-11-28 21:26 . 2008-11-28 21:26 <DIR> d-------- c:\program files\Dobar nod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-29 13:46 --------- d-----w c:\program files\File Seeker 2008-11-28 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-10-27 12:30 --------- d-----w c:\documents and settings\Dijuf\Application Data\Sports Interactive 2008-10-27 12:28 --------- d--h--w c:\program files\Zero G Registry 2008-10-22 18:57 --------- d-----w c:\program files\MathType5_2a 2008-10-22 18:56 --------- d-----w c:\program files\MathType 2008-10-22 18:56 --------- d-----w c:\documents and settings\Dijuf\Application Data\Design Science 2008-10-12 15:01 --------- d-----w c:\program files\Java 2008-10-12 14:58 --------- d-----w c:\program files\Common Files\Java 2008-10-09 17:52 --------- d-----w c:\documents and settings\Dijuf\Application Data\Winamp 2008-10-02 21:15 --------- d-----w c:\documents and settings\Dijuf\Application Data\BSplayer Pro 2008-09-29 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-09-13 18:04 98,304 ----a-w c:\windows\system32\CmdLineExt.dll 2008-09-04 22:36 155,995 ----a-w c:\windows\java\Packages\9R9RDRTB.ZIP 2008-09-02 22:09 307,968 ----a-w c:\windows\system32\TuneUpDefragService.exe 2008-09-02 21:57 505,128 ----a-w c:\windows\system32\msvcp71.dll 2008-09-02 21:57 353,576 ----a-w c:\windows\system32\msvcr71.dll 2008-09-02 21:57 29,480 ----a-w c:\windows\system32\msxml3a.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-04-21 91432] "FileSeekerUpdater"="c:\program files\File Seeker\FSeekerDBUpdater.exe" [2007-01-12 603648] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2005-12-13 217088] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 c:\windows\RTHDCPL.EXE] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "msacm.divxa32"= divxa32.acm "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2008-08-24 308248] R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24:04 41456] R2 LogWatch;Event Log Watch;"c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2005-02-23 53248] S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2008-09-09 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2008-09-09 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2008-09-09 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2008-09-09 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2008-09-09 83344] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 98328] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24901661-7aa8-11dd-80d0-f970e432be62}] \Shell\AutoRun\command - G:\dwg3gngs.exe \Shell\explore\Command - G:\dwg3gngs.exe \Shell\open\Command - G:\dwg3gngs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{351134bf-b67e-11dd-81a8-001eec4adabb}] \Shell\AutoRun\command - G:\xih9.cmd \Shell\explore\Command - G:\xih9.cmd \Shell\open\Command - G:\xih9.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aba19362-899f-11dd-810c-cc84c17d8c6c}] \Shell\AutoRun\command - G:\dwg3gngs.exe \Shell\explore\Command - G:\dwg3gngs.exe \Shell\open\Command - G:\dwg3gngs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3715c47-7d99-11dd-80de-001eec4adabb}] \Shell\AutoRun\command - G:\dwg3gngs.exe \Shell\explore\Command - G:\dwg3gngs.exe \Shell\open\Command - G:\dwg3gngs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdf8178c-9536-11dd-8133-94edc1dc7b6c}] \Shell\AutoRun\command - G:\dwg3gngs.exe \Shell\explore\Command - G:\dwg3gngs.exe \Shell\open\Command - G:\dwg3gngs.exe . Contents of the 'Scheduled Tasks' folder 2008-11-29 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24] . . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Dijuf\Application Data\Mozilla\Firefox\Profiles\y6pyp6l9.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-11-29 21:13:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\igfxsrvc.exe c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe . ************************************************************************ . Completion time: 2008-11-29 21:14:36 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-29 20:14:34 Pre-Run: 36,091,006,976 bytes free Post-Run: 36,093,210,624 bytes free 165

Profil

diarno Poslao: 29 Nov 2008 22:12 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\dwg3gngs.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Skini sledeci program - http://amf.mycity.rs/personal/bobby/USB_blocker/usb_blocker.exe - startuj ga i odaberi opciju Auto block - ubaci USB stick u komp i sacekaj koji sekund (recimo 5-10 sekundi) - program je sada uradio analizu sticka (vidi se u donjem delu programa, u logu) - gore levo klikni duplo na slovo koje oznacava particiju, tj. tvoj USB stick - dole kraj sata ce se pojaviti poruka da smes da izvadis USB stick iz kompa - ne gasi program, vec ubaci sledeci USB stick i za njega isto sacekaj par sekundi, i tako redom za sve stickove, MP3 plejere, mobilni - zapamti kojim redom su ubacivani stickovi Kada sve to zavrsis, log u donjem delu programa ce sadrzati sve podatke koji su meni potrebni da bih video koji stick je zarazen. Klikni desnim dugmetom misa na log/izvestaj i odaberi Save log. Automatski ce se otvoriti Notepad i u njemu izvestaj. Iskopiraj mi taj izvestaj ovde na forum.

Profil

mita08 Poslao: 30 Nov 2008 15:55 Idi na vrh
offline mita08 Novi MyCity građanin Pridružio: 29 Nov 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-11-29.03 - Dijuf 2008-11-30 15:43:36.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.482 [GMT 1:00] Running from: c:\documents and settings\Dijuf\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Dijuf\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\dwg3gngs.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\dwg3gngs.exe . ((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 ))))))))))))))))))))))))))))))) . 2008-11-30 14:47 . 2008-11-30 14:47 <DIR> d-------- c:\documents and settings\Dijuf\LocalLow 2008-11-30 14:47 . 2008-11-30 14:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\TVU Networks 2008-11-28 21:44 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg 2008-11-28 21:28 . 2008-11-28 21:28 <DIR> d-------- c:\program files\ESET 2008-11-28 21:28 . 2008-11-28 21:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET 2008-11-28 21:26 . 2008-11-28 21:26 <DIR> d-------- c:\program files\Dobar nod 2008-10-27 13:30 . 2008-10-27 13:30 <DIR> d-------- c:\documents and settings\Dijuf\Application Data\Sports Interactive 2008-10-27 13:28 . 2008-10-27 13:28 <DIR> d--h----- c:\program files\Zero G Registry 2008-10-27 13:28 . 2008-10-27 13:28 <DIR> d--h----- c:\documents and settings\Dijuf\InstallAnywhere 2008-10-22 19:57 . 2008-10-22 19:57 <DIR> d-------- c:\program files\MathType5_2a 2008-10-22 19:56 . 2008-10-22 19:56 <DIR> d-------- c:\program files\MathType 2008-10-22 19:56 . 2008-10-22 19:56 <DIR> d-------- c:\documents and settings\Dijuf\Application Data\Design Science 2008-10-20 18:47 . 2008-10-26 21:15 <DIR> d-------- C:\Proba 2008-10-19 22:17 . 2008-10-19 22:18 3,025 --a------ c:\windows\ST5UNST.000 2008-10-19 22:12 . 2000-12-06 00:00 209,608 --a------ c:\windows\system32\TABCTL32.OCX 2008-10-19 22:12 . 1995-07-26 00:00 200,704 --a------ c:\windows\system32\THREED32.OCX 2008-10-19 22:10 . 1996-12-09 00:00 71,680 --a------ c:\windows\ST5UNST.EXE 2008-10-19 22:10 . 1996-12-09 00:00 29,696 --a------ c:\windows\system32\VB5StKit.dll 2008-10-12 16:02 . 2008-10-12 16:02 <DIR> d-------- c:\windows\Sun 2008-10-12 16:01 . 2008-10-12 16:01 <DIR> d-------- c:\program files\Java 2008-10-12 16:01 . 2008-06-10 01:32 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-10-12 15:58 . 2008-10-12 15:58 <DIR> d-------- c:\program files\Common Files\Java 2008-10-10 21:55 . 2008-10-13 15:05 172 --a------ c:\windows\wcx_ftp.ini 2008-10-10 21:54 . 2008-11-07 23:44 <DIR> d-------- C:\totalcmd 2008-10-10 21:54 . 2008-11-29 14:32 1,119 --a------ c:\windows\wincmd.ini 2008-10-10 21:54 . 2007-09-05 06:02 545 --a------ c:\windows\UC.PIF 2008-10-10 21:54 . 2007-09-05 06:02 545 --a------ c:\windows\RAR.PIF 2008-10-10 21:54 . 2007-09-05 06:02 545 --a------ c:\windows\PKZIP.PIF 2008-10-10 21:54 . 2007-09-05 06:02 545 --a------ c:\windows\PKUNZIP.PIF 2008-10-10 21:54 . 2007-09-05 06:02 545 --a------ c:\windows\NOCLOSE.PIF 2008-10-10 21:54 . 2007-09-05 06:02 545 --a------ c:\windows\LHA.PIF 2008-10-10 21:54 . 2007-09-05 06:02 545 --a------ c:\windows\ARJ.PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-29 13:46 --------- d-----w c:\program files\File Seeker 2008-11-28 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-10-09 17:52 --------- d-----w c:\documents and settings\Dijuf\Application Data\Winamp 2008-10-02 21:15 --------- d-----w c:\documents and settings\Dijuf\Application Data\BSplayer Pro 2008-09-29 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-09-13 18:04 98,304 ----a-w c:\windows\system32\CmdLineExt.dll 2008-09-04 22:36 155,995 ----a-w c:\windows\java\Packages\9R9RDRTB.ZIP 2008-09-02 22:09 307,968 ----a-w c:\windows\system32\TuneUpDefragService.exe 2008-09-02 21:57 505,128 ----a-w c:\windows\system32\msvcp71.dll 2008-09-02 21:57 353,576 ----a-w c:\windows\system32\msvcr71.dll 2008-09-02 21:57 29,480 ----a-w c:\windows\system32\msxml3a.dll 2008-08-24 02:33 3,127 ----a-w c:\windows\system32\presetup.cmd 2008-08-24 02:33 28,672 ----a-w c:\windows\system32\setupold.exe 2008-08-24 01:23 96,792 ----a-w c:\windows\system32\basecsp.dll . ((((((((((((((((((((((((((((( snapshot@2008-11-29_21.14.16.29 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-29 13:39:34 76,572 ----a-w c:\windows\system32\perfc009.dat + 2008-11-30 12:25:17 76,572 ----a-w c:\windows\system32\perfc009.dat - 2008-11-29 13:39:34 439,338 ----a-w c:\windows\system32\perfh009.dat + 2008-11-30 12:25:17 439,338 ----a-w c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-04-21 91432] "FileSeekerUpdater"="c:\program files\File Seeker\FSeekerDBUpdater.exe" [2007-01-12 603648] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2005-12-13 217088] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 c:\windows\RTHDCPL.EXE] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "msacm.divxa32"= divxa32.acm "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2008-08-24 308248] R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24:04 41456] R2 LogWatch;Event Log Watch;"c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2005-02-23 53248] S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2008-09-09 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2008-09-09 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2008-09-09 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2008-09-09 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2008-09-09 83344] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 98328] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24901661-7aa8-11dd-80d0-f970e432be62}] \Shell\AutoRun\command - G:\dwg3gngs.exe \Shell\explore\Command - G:\dwg3gngs.exe \Shell\open\Command - G:\dwg3gngs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{351134bf-b67e-11dd-81a8-001eec4adabb}] \Shell\AutoRun\command - G:\xih9.cmd \Shell\explore\Command - G:\xih9.cmd \Shell\open\Command - G:\xih9.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aba19362-899f-11dd-810c-cc84c17d8c6c}] \Shell\AutoRun\command - G:\dwg3gngs.exe \Shell\explore\Command - G:\dwg3gngs.exe \Shell\open\Command - G:\dwg3gngs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3715c47-7d99-11dd-80de-001eec4adabb}] \Shell\AutoRun\command - G:\dwg3gngs.exe \Shell\explore\Command - G:\dwg3gngs.exe \Shell\open\Command - G:\dwg3gngs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdf8178c-9536-11dd-8133-94edc1dc7b6c}] \Shell\AutoRun\command - G:\dwg3gngs.exe \Shell\explore\Command - G:\dwg3gngs.exe \Shell\open\Command - G:\dwg3gngs.exe . Contents of the 'Scheduled Tasks' folder 2008-11-30 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-11-30 15:44:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . Completion time: 2008-11-30 15:45:14 ComboFix-quarantined-files.txt 2008-11-30 14:44:57 ComboFix2.txt 2008-11-29 20:14:38 Pre-Run: 34,637,574,144 bytes free Post-Run: 34,626,772,992 bytes free 178 _____________________________________________________________ Evo log i od USB_blockera: USB_blocker by bobby Started at 30.11.2008 15:46:35 Scanning for connected USB Mass storage... ======================================== ======================================== Scanning for other storage... ======================================== D: d051bcb4-78d0-11dd-b452-806d6172696f C: d051bcb6-78d0-11dd-b452-806d6172696f ======================================== Scanning fixed storage for autorun.inf files... ======================================== ======================================== New device connected at 30.11.2008 15:46:58 Scanning for connected USB Mass storage... ======================================== G: 7b0f4119-816c-11dd-80ec-f4ca18b0cc63 ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== Sanitizing Shell Menu... Sanitized 7b0f4119-816c-11dd-80ec-f4ca18b0cc63 ======================================== New device connected at 30.11.2008 15:48:06 Scanning for connected USB Mass storage... ======================================== G: c3715c47-7d99-11dd-80de-001eec4adabb ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== autorun.inf found on G: File G:\autorun.inf renamed successfully Sanitizing Shell Menu... No key for GUID: c3715c47-7d99-11dd-80de-001eec4adabb ======================================== New device connected at 30.11.2008 15:49:09 Scanning for connected USB Mass storage... ======================================== G: 7b0f4117-816c-11dd-80ec-f4ca18b0cc63 ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== Sanitizing Shell Menu... No key for GUID: 7b0f4117-816c-11dd-80ec-f4ca18b0cc63 ======================================== New device connected at 30.11.2008 15:49:11 Scanning for connected USB Mass storage... ======================================== G: 7b0f4117-816c-11dd-80ec-f4ca18b0cc63 ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== Sanitizing Shell Menu... No key for GUID: 7b0f4117-816c-11dd-80ec-f4ca18b0cc63 ======================================== New device connected at 30.11.2008 15:50:00 Scanning for connected USB Mass storage... ======================================== G: cdf8178c-9536-11dd-8133-94edc1dc7b6c ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== Sanitizing Shell Menu... No key for GUID: cdf8178c-9536-11dd-8133-94edc1dc7b6c ========================================

Profil

diarno Poslao: 30 Nov 2008 20:09 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokreni ponovo Combofix i postavi mi svez log.

Profil

mita08 Poslao: 30 Nov 2008 20:40 Idi na vrh
offline mita08 Novi MyCity građanin Pridružio: 29 Nov 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ga: ComboFix 08-11-29.03 - Dijuf 2008-11-30 20:34:20.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.386 [GMT 1:00] Running from: c:\documents and settings\Dijuf\Desktop\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 ))))))))))))))))))))))))))))))) . 2008-11-30 14:47 . 2008-11-30 14:47 <DIR> d-------- c:\documents and settings\Dijuf\LocalLow 2008-11-30 14:47 . 2008-11-30 14:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\TVU Networks 2008-11-28 21:44 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg 2008-11-28 21:28 . 2008-11-28 21:28 <DIR> d-------- c:\program files\ESET 2008-11-28 21:28 . 2008-11-28 21:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET 2008-11-28 21:26 . 2008-11-28 21:26 <DIR> d-------- c:\program files\Dobar nod 2008-10-27 13:30 . 2008-10-27 13:30 <DIR> d-------- c:\documents and settings\Dijuf\Application Data\Sports Interactive 2008-10-27 13:28 . 2008-10-27 13:28 <DIR> d--h----- c:\program files\Zero G Registry 2008-10-27 13:28 . 2008-10-27 13:28 <DIR> d--h----- c:\documents and settings\Dijuf\InstallAnywhere 2008-10-22 19:57 . 2008-10-22 19:57 <DIR> d-------- c:\program files\MathType5_2a 2008-10-22 19:56 . 2008-10-22 19:56 <DIR> d-------- c:\program files\MathType 2008-10-22 19:56 . 2008-10-22 19:56 <DIR> d-------- c:\documents and settings\Dijuf\Application Data\Design Science 2008-10-20 18:47 . 2008-10-26 21:15 <DIR> d-------- C:\Proba 2008-10-19 22:17 . 2008-10-19 22:18 3,025 --a------ c:\windows\ST5UNST.000 2008-10-19 22:12 . 2000-12-06 00:00 209,608 --a------ c:\windows\system32\TABCTL32.OCX 2008-10-19 22:12 . 1995-07-26 00:00 200,704 --a------ c:\windows\system32\THREED32.OCX 2008-10-19 22:10 . 1996-12-09 00:00 71,680 --a------ c:\windows\ST5UNST.EXE 2008-10-19 22:10 . 1996-12-09 00:00 29,696 --a------ c:\windows\system32\VB5StKit.dll 2008-10-12 16:02 . 2008-10-12 16:02 <DIR> d-------- c:\windows\Sun 2008-10-12 16:01 . 2008-10-12 16:01 <DIR> d-------- c:\program files\Java 2008-10-12 16:01 . 2008-06-10 01:32 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-10-12 15:58 . 2008-10-12 15:58 <DIR> d-------- c:\program files\Common Files\Java 2008-10-10 21:55 . 2008-10-13 15:05 172 --a------ c:\windows\wcx_ftp.ini 2008-10-10 21:54 . 2008-11-07 23:44 <DIR> d-------- C:\totalcmd 2008-10-10 21:54 . 2008-11-29 14:32 1,119 --a------ c:\windows\wincmd.ini 2008-10-10 21:54 . 2007-09-05 06:02 545 --a------ c:\windows\UC.PIF 2008-10-10 21:54 . 2007-09-05 06:02 545 --a------ c:\windows\RAR.PIF 2008-10-10 21:54 . 2007-09-05 06:02 545 --a------ c:\windows\PKZIP.PIF 2008-10-10 21:54 . 2007-09-05 06:02 545 --a------ c:\windows\PKUNZIP.PIF 2008-10-10 21:54 . 2007-09-05 06:02 545 --a------ c:\windows\NOCLOSE.PIF 2008-10-10 21:54 . 2007-09-05 06:02 545 --a------ c:\windows\LHA.PIF 2008-10-10 21:54 . 2007-09-05 06:02 545 --a------ c:\windows\ARJ.PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-29 13:46 --------- d-----w c:\program files\File Seeker 2008-11-28 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-10-09 17:52 --------- d-----w c:\documents and settings\Dijuf\Application Data\Winamp 2008-10-02 21:15 --------- d-----w c:\documents and settings\Dijuf\Application Data\BSplayer Pro 2008-09-29 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-09-13 18:04 98,304 ----a-w c:\windows\system32\CmdLineExt.dll 2008-09-04 22:36 155,995 ----a-w c:\windows\java\Packages\9R9RDRTB.ZIP 2008-09-02 22:09 307,968 ----a-w c:\windows\system32\TuneUpDefragService.exe 2008-09-02 21:57 505,128 ----a-w c:\windows\system32\msvcp71.dll 2008-09-02 21:57 353,576 ----a-w c:\windows\system32\msvcr71.dll 2008-09-02 21:57 29,480 ----a-w c:\windows\system32\msxml3a.dll 2008-08-24 02:33 3,127 ----a-w c:\windows\system32\presetup.cmd 2008-08-24 02:33 28,672 ----a-w c:\windows\system32\setupold.exe 2008-08-24 01:23 96,792 ----a-w c:\windows\system32\basecsp.dll . ((((((((((((((((((((((((((((( snapshot@2008-11-29_21.14.16.29 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-29 13:39:34 76,572 ----a-w c:\windows\system32\perfc009.dat + 2008-11-30 12:25:17 76,572 ----a-w c:\windows\system32\perfc009.dat - 2008-11-29 13:39:34 439,338 ----a-w c:\windows\system32\perfh009.dat + 2008-11-30 12:25:17 439,338 ----a-w c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-04-21 91432] "FileSeekerUpdater"="c:\program files\File Seeker\FSeekerDBUpdater.exe" [2007-01-12 603648] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2005-12-13 217088] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 c:\windows\RTHDCPL.EXE] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "msacm.divxa32"= divxa32.acm "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2008-08-24 308248] R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24:04 41456] R2 LogWatch;Event Log Watch;"c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2005-02-23 53248] S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2008-09-09 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2008-09-09 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2008-09-09 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2008-09-09 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2008-09-09 83344] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 98328] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24901661-7aa8-11dd-80d0-f970e432be62}] \Shell\AutoRun\command - G:\dwg3gngs.exe \Shell\explore\Command - G:\dwg3gngs.exe \Shell\open\Command - G:\dwg3gngs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{351134bf-b67e-11dd-81a8-001eec4adabb}] \Shell\AutoRun\command - G:\xih9.cmd \Shell\explore\Command - G:\xih9.cmd \Shell\open\Command - G:\xih9.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aba19362-899f-11dd-810c-cc84c17d8c6c}] \Shell\AutoRun\command - G:\dwg3gngs.exe \Shell\explore\Command - G:\dwg3gngs.exe \Shell\open\Command - G:\dwg3gngs.exe Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-11-30 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24] . . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Dijuf\Application Data\Mozilla\Firefox\Profiles\y6pyp6l9.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com FF -: plugin - c:\documents and settings\Dijuf\Application Data\Mozilla\Firefox\Profiles\y6pyp6l9.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-11-30 20:35:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(784) c:\windows\system32\igfxdev.dll . Completion time: 2008-11-30 20:35:56 ComboFix-quarantined-files.txt 2008-11-30 19:35:43 ComboFix2.txt 2008-11-30 14:45:15 ComboFix3.txt 2008-11-29 20:14:38 Pre-Run: 33,158,008,832 bytes free Post-Run: 33,147,142,144 bytes free 175

Profil

diarno Poslao: 30 Nov 2008 21:38 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Uradi sledece : Skini [url=https://www.mycity.rs/must-login.png fajl[/url] i pokreni ga dvoklikom.Na sledece upit klikni Yes . I zavrsili smo... Jos samo da deinstaliramo Combofix : Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore To je sve...

Profil

mita08 Poslao: 30 Nov 2008 22:19 Idi na vrh
offline mita08 Novi MyCity građanin Pridružio: 29 Nov 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala puno i nadam se da se necemo vise cuti

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virus pomoć

Ko je trenutno na forumu

Ukupno su 923 korisnika na forumu :: 15 registrovanih, 2 sakrivenih i 906 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: brundo65, dragoljub11987, goxin, havoc995, Insan, JOntra, Koridor, kovac9mm, Krvava Devetka, mikki jons, pein, radionica1, sasa76, wizzardone, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by