MyCity » Ambulanta -> Arhiva Ambulante » WORM/Conficker.Y.15 [worm]

WORM/Conficker.Y.15 [worm]

Napisano na dan: 5.2.2010

WORM/Conficker.Y.15 [worm]

Sledeća strana

Pagination

Odgovori

ulf Poslao: 05 Feb 2010 11:55 Idi na vrh
offline ulf Građanin Pridružio: 27 Avg 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: ljudi ako mozete pomagajte imam problem sa confickerom Y 15,racunar nam je u mrezi od 10 racunara i zadnja tri mjeseca se javlja, avira ga detektuje ali ne moze da obrise ('WORM/Conficker.Y.15 [worm]' detected in file 'C:\WINDOWS\system32\pwyhgaex.fo.) i on se vraca naravno. nema nekih smetnji ali konstantno se javlja. imam adsl 512kbp/s i 32 bitni racunar. ako neko moze sto detaljnije da me navede,bio bih zahvalan, evo pokusacu sve potrebno da prilozim,pa ako nesto nije kako treba javite, hvala unaprijed DDS (Ver_09-12-01.01) - NTFSx86 Run by pc at 11:48:05,35 on 04.02.2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2047.1448 [GMT 1:00] AV: AntiVir Desktop On-access scanning enabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows Defender enabled (Updated) {FDFE477F-8FE7-4B17-A05C-9D1F9EB603CB} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Dealio Toolbar\SearchSettings.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Terminal Services Client\MSTSC.EXE C:\Program Files\Winamp\winamp.exe C:\Program Files\Terminal Services Client\MSTSC.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\Documents and Settings\pc\Desktop\CONFICKER\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.ba/ uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [SearchSettings] c:\program files\dealio toolbar\SearchSettings.exe mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [<NO NAME>] dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: {41F91B00-7789-4660-9BDD-A083B38DA6C1} = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-14 11608] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\common files\abbyy\finereader\9.00\licensing\pe\NetworkLicenseServer.exe [2007-12-6 660768] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-14 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-14 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-14 56816] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-7-30 269648] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-30 19160] S2 mndddtzr;Support Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\msn messenger\usnsvc.exe [2007-1-19 97136] =============== Created Last 30 ================ 2010-01-14 11:44:30 0 d-----w- C:\nextBackup ==================== Find3M ==================== 2010-01-14 10:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe 2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-08 05:25:08 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2002-01-25 14:57:52 3544576 -c--a-w- c:\program files\LIPSETUP.MSI 2009-08-24 11:22:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009082420090825\index.dat 2009-08-27 17:33:09 2109472 --sha-w- c:\windows\system32\drivers\fidbox.dat ============= FINISH: 11:48:24,25 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png nadam se da sam dobro odradio sto je potrebno za pomoc, hvala unaprijed!!!

Profil

argus Poslao: 05 Feb 2010 12:09 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljuci racunar sa mreze. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

ulf Poslao: 05 Feb 2010 14:03 Idi na vrh
offline ulf Građanin Pridružio: 27 Avg 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png evo log od combo fix.... ComboFix 10-02-04.06 - pc 05.02.2010 13:55:49.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2047.1609 [GMT 1:00] Running from: c:\documents and settings\pc\Desktop\CONFICKER\ComboFix.exe AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows Defender disabled (Updated) {FDFE477F-8FE7-4B17-A05C-9D1F9EB603CB} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\docume~1\pc\LOCALS~1\Temp\svchost.exe c:\documents and settings\pc\Application Data\Microsoft\svchost.exe c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\config.ini c:\program files\Dealio Toolbar\DealioToolbarIE.dll c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\separator.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml c:\program files\Dealio Toolbar\SearchSettings.exe c:\program files\Dealio Toolbar\SearchSettingsRes409.dll c:\program files\Dealio Toolbar\sscfg.ini c:\program files\Dealio Toolbar\WidgiHelper.exe c:\windows\system32\twain_32.dll . ((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 ))))))))))))))))))))))))))))))) . 2010-02-05 11:39 . 2010-02-05 11:41 -------- d-----w- C:\Precice programa 2010-02-04 11:39 . 2010-02-04 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2010-02-04 11:39 . 2010-02-04 11:39 -------- d-----w- c:\documents and settings\pc\Application Data\AVS4YOU 2010-02-04 11:38 . 2010-02-04 11:39 -------- d-----w- c:\program files\Common Files\AVSMedia 2010-02-04 11:38 . 2003-05-21 23:50 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2010-02-04 11:38 . 2003-05-21 11:50 24576 ----a-w- c:\windows\system32\msxml3a.dll 2010-02-04 11:38 . 2010-02-04 11:39 -------- d-----w- c:\program files\AVS4YOU 2010-01-14 12:01 . 2006-04-25 05:07 69120 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp43e.DLL 2010-01-14 11:44 . 2010-01-14 11:57 -------- d-----w- C:\nextBackup . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-04 05:31 . 2009-04-07 12:44 -------- d-----w- c:\program files\Google 2010-01-29 14:08 . 2009-02-20 13:39 -------- d-----w- c:\documents and settings\pc\Application Data\BitTorrent 2010-01-14 10:12 . 2009-10-14 12:24 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-13 07:12 . 2009-02-22 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-03 09:22 . 2010-01-03 09:22 -------- d-----w- c:\documents and settings\pc\Application Data\Apple Computer 2009-12-26 08:55 . 2009-03-07 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-12-21 19:14 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-14 12:31 . 2009-02-19 12:13 -------- d-----w- c:\program files\Common Files\SWF Studio 2009-12-08 05:25 . 2009-10-14 11:15 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-25 12:06 . 2009-08-05 06:02 117760 ----a-w- c:\documents and settings\pc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-11-21 15:51 . 2004-08-03 22:56 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-12 10:00 . 2009-11-12 10:00 2686232 ----a-w- c:\documents and settings\All Users\Application Data\SolidDocuments\Installer\Solid Converter PDF\pc\SolidSFX_Data\components\vcredist_x86.exe 2002-01-25 14:57 . 2008-09-11 18:49 3544576 -c--a-w- c:\program files\LIPSETUP.MSI 2009-08-27 17:33 . 2009-08-27 11:11 2109472 --sha-w- c:\windows\system32\drivers\fidbox.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2008-10-14 20:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2009-10-07 04:16 323392 ----a-w- c:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2005-01-07 16:07 61952 ------w- c:\windows\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKey] 2004-03-15 12:27 45056 ----a-w- c:\progra~1\MEDIAK~1\MagicKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-09-01 14:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-02-07 15:24 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient] 2002-12-16 15:51 36864 ----a-w- c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-07-25 03:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup] 2003-03-31 18:28 155648 -c--a-w- c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8520:TCP"= 8520:TCP:ovwfkqq R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [06.12.2007 21:03 660768] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14.10.2009 12:15 108289] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30.07.2009 07:56 269648] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30.07.2009 07:56 19160] S2 mndddtzr;Support Helper;c:\windows\system32\svchost.exe -k netsvcs [03.08.2004 23:56 14336] S2 opkmm;Support Boot;c:\windows\system32\svchost.exe -k netsvcs [03.08.2004 23:56 14336] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03.11.2006 18:19 13592] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [19.01.2007 12:54 97136] --- Other Services/Drivers In Memory --- NewlyCreated - OPKMM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs opkmm [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 12:45] 2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 12:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ba/ uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {41F91B00-7789-4660-9BDD-A083B38DA6C1} = 192.168.1.1 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\Dealio Toolbar\SearchSettings.dll BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\Dealio Toolbar\SearchSettings.dll Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll HKLM-Run-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe MSConfigStartUp-Adobe_ID0EYTHM - c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE ************************************************************************ scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mndddtzr] "ServiceDll"="c:\windows\system32\pwyhgaex.dll.old" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\opkmm] "ServiceDll"="c:\windows\system32\pwyhgaex.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1044) c:\windows\system32\Ati2evxx.dll . Completion time: 2010-02-05 14:00:39 ComboFix-quarantined-files.txt 2010-02-05 13:00 ComboFix2.txt 2009-08-24 09:45 Pre-Run: 91.546.669.056 bytes free Post-Run: 93.585.260.544 bytes free - - End Of File - - 6538D18BC11D34D97A86EEB32B99D24C

Profil

argus Poslao: 05 Feb 2010 20:52 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\pwyhgaex.dll c:\windows\system32\pwyhgaex.dll.old Driver:: mndddtzr opkmm NetSvcs:: opkmm Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8520:TCP"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

ulf Poslao: 06 Feb 2010 15:31 Idi na vrh
offline ulf Građanin Pridružio: 27 Avg 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Mislim da sam sve doboro odradio. Evo ga log file. mycity.rs/must-login.png ComboFix 10-02-04.06 - pc 06.02.2010 15:14:44.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2047.1625 [GMT 1:00] Running from: c:\documents and settings\pc\Desktop\CONFICKER\ComboFix.exe Command switches used :: c:\documents and settings\pc\Desktop\CFScript.txt AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows Defender disabled (Updated) {FDFE477F-8FE7-4B17-A05C-9D1F9EB603CB} FILE :: "c:\windows\system32\pwyhgaex.dll" "c:\windows\system32\pwyhgaex.dll.old" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MNDDDTZR -------\Legacy_OPKMM -------\Service_mndddtzr -------\Service_opkmm ((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 ))))))))))))))))))))))))))))))) . 2010-02-05 11:39 . 2010-02-05 11:41 -------- d-----w- C:\Precice programa 2010-02-04 11:39 . 2010-02-04 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2010-02-04 11:39 . 2010-02-04 11:39 -------- d-----w- c:\documents and settings\pc\Application Data\AVS4YOU 2010-02-04 11:38 . 2010-02-04 11:39 -------- d-----w- c:\program files\Common Files\AVSMedia 2010-02-04 11:38 . 2003-05-21 23:50 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2010-02-04 11:38 . 2003-05-21 11:50 24576 ----a-w- c:\windows\system32\msxml3a.dll 2010-02-04 11:38 . 2010-02-04 11:39 -------- d-----w- c:\program files\AVS4YOU 2010-01-14 12:01 . 2006-04-25 05:07 69120 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp43e.DLL 2010-01-14 11:44 . 2010-01-14 11:57 -------- d-----w- C:\nextBackup . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-04 05:31 . 2009-04-07 12:44 -------- d-----w- c:\program files\Google 2010-01-29 14:08 . 2009-02-20 13:39 -------- d-----w- c:\documents and settings\pc\Application Data\BitTorrent 2010-01-14 10:12 . 2009-10-14 12:24 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-13 07:12 . 2009-02-22 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-03 09:22 . 2010-01-03 09:22 -------- d-----w- c:\documents and settings\pc\Application Data\Apple Computer 2009-12-26 08:55 . 2009-03-07 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-12-21 19:14 . 2004-08-03 22:56 916480 ------w- c:\windows\system32\wininet.dll 2009-12-14 12:31 . 2009-02-19 12:13 -------- d-----w- c:\program files\Common Files\SWF Studio 2009-12-08 05:25 . 2009-10-14 11:15 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-25 12:06 . 2009-08-05 06:02 117760 ----a-w- c:\documents and settings\pc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-11-21 15:51 . 2004-08-03 22:56 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-12 10:00 . 2009-11-12 10:00 2686232 ----a-w- c:\documents and settings\All Users\Application Data\SolidDocuments\Installer\Solid Converter PDF\pc\SolidSFX_Data\components\vcredist_x86.exe 2002-01-25 14:57 . 2008-09-11 18:49 3544576 -c--a-w- c:\program files\LIPSETUP.MSI 2009-08-27 17:33 . 2009-08-27 11:11 2109472 --sha-w- c:\windows\system32\drivers\fidbox.dat . ((((((((((((((((((((((((((((( SnapShot@2010-02-05_12.59.38 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-06 14:19 . 2010-02-06 14:19 16384 c:\windows\temp\Perflib_Perfdata_370.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2008-10-14 20:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2009-10-07 04:16 323392 ----a-w- c:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2005-01-07 16:07 61952 ------w- c:\windows\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKey] 2004-03-15 12:27 45056 ----a-w- c:\progra~1\MEDIAK~1\MagicKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-09-01 14:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-02-07 15:24 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient] 2002-12-16 15:51 36864 ----a-w- c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-07-25 03:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup] 2003-03-31 18:28 155648 -c--a-w- c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [06.12.2007 21:03 660768] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14.10.2009 12:15 108289] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30.07.2009 07:56 269648] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30.07.2009 07:56 19160] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03.11.2006 18:19 13592] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [19.01.2007 12:54 97136] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 12:45] 2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 12:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ba/ uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {41F91B00-7789-4660-9BDD-A083B38DA6C1} = 192.168.1.1 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-02-06 15:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1100) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2500) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CyberLink\Shared files\RichVideo.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . ************************************************************************ . Completion time: 2010-02-06 15:25:07 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-06 14:25 ComboFix2.txt 2010-02-05 13:00 ComboFix3.txt 2009-08-24 09:45 Pre-Run: 93.596.278.784 bytes free Post-Run: 93.454.151.680 bytes free - - End Of File - - AFA912E658768446AD72C95069BB8411

Profil

argus Poslao: 06 Feb 2010 17:27 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Na tvom PC-u Conficker vise nije aktivan. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. ---------------------------------------- O kakvoj se mrezi radi, da li je to privatna mreza? Ukoliko ti AV detektuje Conficker to dolazi sa mreze.

Profil

ulf Poslao: 08 Feb 2010 09:45 Idi na vrh
offline ulf Građanin Pridružio: 27 Avg 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 06 Feb 2010 19:38 mreza je na poslu,, od 10 tak racunara,ali amo na ovom kompu ga primjeti,samo na njemu,,nikad na drugom. a vidjecu u ponedeljak ima li ga pa se javim, hvala mnogo,pravi ste!!! Dopuna: 08 Feb 2010 9:45 evo mene sve sam odradio,ali kao sto si i pretpostavio conficker je negdje u mrezi, tako da je opet se antivira oglasila,na ovom istom racunaru. Ako znas sta bi bilo rjesenje ajde kazi pa da vidim ima li sanse da to odradim, hvala jos jednom! pozdrav

Profil

argus Poslao: 08 Feb 2010 10:05 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Krajnje resenje je da se svi racunari otkace sa mreze i da se ciste jedan po jedan. Ali posto je to mreza u firmi, mi to ne radimo, ipak smo mi samo volonteri a ovde se radi o profesionalnoj organizaciji. Sto se tice tvog racunara, skini ovu zakrpu http://www.microsoft.com/downloads/details.aspx?fa.....laylang=en Diskonektuj se sa mreze i interneta i instaliraj je.

Profil

ulf Poslao: 08 Feb 2010 12:30 Idi na vrh
offline ulf Građanin Pridružio: 27 Avg 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ok,razumijem i ispravno 100 %. ni meni nije da cistim po firmi ;( ja sam mislio da je do mog kompa,, samo to. jos jednom samo da kazem da sam odusevljen vasim radom,,znanjem i azurnosti,,HVALA!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » WORM/Conficker.Y.15 [worm]

Ko je trenutno na forumu

Ukupno su 1170 korisnika na forumu :: 38 registrovanih, 8 sakrivenih i 1124 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Bobrock1, Boris BM, botta, cavatina, CikaKURE, comi_pfc, doktor1964, Dvojac005, galerija, HrcAk47, Kubovac, kybonacci, Leonov, ljuba, MB120mm, Mi lao shu, mik7, Mikulino, Milenaaa, Milos82, milutin134, Mlav, mocnijogurt, mrav pesadinac, Ne doznajem se u oružje, nemkea71, Parker, procesor, RJ, rodoljub, shone34, Singidunumac, stegonosa, tomigun, Trpe Grozni, vlajkox, wolverined4, 1107

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by