[bobby] Opet ovi virusi... Pomoc!

1

[bobby] Opet ovi virusi... Pomoc!

offline
  • Pridružio: 10 Dec 2007
  • Poruke: 40

ne otvara you tube, baguje mi svaka stranica na netu, isto i dok ovo sve postavljam, i ne znam vishe sta da radim? Kad pokrenem task menager i iskljucim neki program, o5 radi normalno al nije to to....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:28 AM, on 2/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Documents and Settings\ILIJA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ILIJA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ILIJA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ILIJA\Desktop\New Folder (2)\TR4.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Automatic Service] System32.exe
O4 - HKLM\..\Run: [Microsoft] wplayer.exe
O4 - HKLM\..\RunServices: [Microsoft] wplayer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6115 bytes

Dopuna: 26 Feb 2009 19:37

Ako mu uopste nesto fali?

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Zasto nemas instaliran antivirus?
Zasto nemas instaliran Service Pack 3 za Windows?

Ne fali mu nista, ima viska virusa.

=============================




Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 10 Dec 2007
  • Poruke: 40

Koj antivirus?
Servis pack 3 mi nije toliko bitan...
kako mislis viska virusa?

Dopuna: 26 Feb 2009 20:14

aha, nesto sam prevideo, tako da poslednju recenicu ne racunaj

Dopuna: 26 Feb 2009 20:20

ComboFix 09-02-25.02 - ILIJA 2009-02-26 11:13:18.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.246 [GMT -8:00]
Running from: c:\documents and settings\ILIJA\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 )))))))))))))))))))))))))))))))
.

2009-02-25 08:44 . 2009-02-25 08:44 1,757,184 --a------ C:\type4.exe
2009-02-22 06:49 . 2009-02-22 06:49 <DIR> d-------- c:\program files\Cooolsoft
2009-02-20 04:50 . 2009-02-20 04:50 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-18 11:26 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-02-18 11:26 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-02-16 09:23 . 2009-02-16 09:23 <DIR> d-------- c:\program files\Funnsystems YuMp3Com-User-Authorization
2009-02-14 09:56 . 2009-02-14 09:56 <DIR> d-------- c:\windows\Funnsystems
2009-02-10 11:08 . 2009-02-10 11:08 <DIR> d-------- C:\C-F
2009-02-07 12:34 . 2009-02-07 12:34 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-07 12:34 . 2009-02-07 12:34 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-04 07:47 . 2009-02-04 07:47 <DIR> d-------- c:\program files\Monster Trucks Nitro Demo
2009-02-02 12:05 . 2009-02-02 12:05 315 --a------ C:\test.exe
2009-01-27 13:25 . 2009-01-27 13:26 262,878 --a------ c:\windows\IPUI_DivXG400.exe
2009-01-27 13:25 . 2009-01-27 13:26 245,760 --a------ c:\windows\system32\DivXG400.ax
2009-01-27 13:25 . 2009-01-27 13:26 21,869 --a------ c:\windows\system32\divxg400.htm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 18:28 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-26 18:22 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-26 14:48 --------- d-----w c:\documents and settings\ILIJA\Application Data\LimeWire
2009-02-26 12:00 --------- d-----w c:\program files\Bandoo
2009-02-20 12:50 --------- d-----w c:\program files\Java
2009-01-29 16:41 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-01-28 16:08 --------- d-----w c:\documents and settings\ILIJA\Application Data\uTorrent
2009-01-24 12:20 --------- d-----w c:\program files\LimeWire
2009-01-20 16:11 --------- d-----w c:\program files\uTorrent
2009-01-10 01:37 --------- d-----w c:\program files\Nokia
2009-01-10 01:37 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-10 01:37 --------- d-----w c:\program files\Common Files\Nokia
2009-01-10 01:36 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-10 01:31 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-01-01 15:37 --------- d-----w c:\documents and settings\VELJKOVIC\Application Data\PC Suite
2007-06-13 10:23 1,757,184 --sh--r c:\windows\system32\wplayer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Google Update"="c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-20 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\bandoo\bndhook.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\XTCS Counter-Strike 1.6 Final Release\\cstrike.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\wplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19685:TCP"= 19685:TCP:BitComet 19685 TCP
"19685:UDP"= 19685:UDP:BitComet 19685 UDP

S2 Bandoo Coordinator;Bandoo Coordinator;c:\progra~1\Bandoo\Bandoo.exe [2008-12-09 1484736]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2004-08-03 18560]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-11-21 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-11-21 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-11-21 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-11-21 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-11-21 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-11-21 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-11-21 110120]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-02-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24]

2008-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-26 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-838170752-682003330-1003.job
- c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 09:32]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Windows Automatic Service - System32.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = <local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
FF - ProfilePath - c:\documents and settings\ILIJA\Application Data\Mozilla\Firefox\Profiles\xid2t7u7.default\
FF - prefs.js: browser.startup.homepage - hxxp://download.muzicki.net/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-26 11:14:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-838170752-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-26 11:16:22
ComboFix-quarantined-files.txt 2009-02-26 19:16:11
ComboFix2.txt 2009-02-10 08:58:20

Pre-Run: 1,100,263,424 bytes free
Post-Run: 1,472,036,864 bytes free

151 --- E O F --- 2008-07-01 19:07:47

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Antivirus odaberi sam. Ja ne mogu da ti preporucim ni jedan jer bi to bilo ne-fer prema AV kompanijama koje se reklamiraju na nasem forumu.

Service Pack 3 jeste bitan jer su to zakrpe za propuste u sistemu. Malware koristi te propuste da bi se ubacio na tvoj sistem.

Citat:kako mislis viska virusa?
Zar virus na sistemu nije visak, i to nepozeljan visak?

=======================

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 10 Dec 2007
  • Poruke: 40

Jeste, jeste Very Happy Eno iskopirao sam lod sa CF-a gore...

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Daj sledeci fajl na upload:
C:\type4.exe

Uploaduj ga preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 10 Dec 2007
  • Poruke: 40

Uploadovao...

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\type4.exe
c:\windows\system32\wplayer.exe

FCOPY::
c:\windows\system32\drivers\tdi.sys|c:\uploaduj.bin


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.


=============================


Uploaduj mi preko iste forme i sledeci fajl:
c:\uploaduj.bin

offline
  • Pridružio: 10 Dec 2007
  • Poruke: 40

ComboFix 09-02-25.02 - ILIJA 2009-02-26 13:24:36.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.231 [GMT -8:00]
Running from: c:\documents and settings\ILIJA\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ILIJA\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\type4.exe
c:\windows\system32\wplayer.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\type4.exe
c:\windows\system32\wplayer.exe

.
--------------- FCopy ---------------

c:\windows\system32\drivers\tdi.sys --> c:\uploaduj.bin
.
((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 )))))))))))))))))))))))))))))))
.

2009-02-26 13:24 . 2004-08-03 17:07 18,560 --a------ C:\uploaduj.bin
2009-02-22 06:49 . 2009-02-22 06:49 <DIR> d-------- c:\program files\Cooolsoft
2009-02-20 04:50 . 2009-02-20 04:50 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-18 11:26 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-02-18 11:26 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-02-16 09:23 . 2009-02-16 09:23 <DIR> d-------- c:\program files\Funnsystems YuMp3Com-User-Authorization
2009-02-14 09:56 . 2009-02-14 09:56 <DIR> d-------- c:\windows\Funnsystems
2009-02-10 11:08 . 2009-02-10 11:08 <DIR> d-------- C:\C-F
2009-02-07 12:34 . 2009-02-07 12:34 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-07 12:34 . 2009-02-07 12:34 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-04 07:47 . 2009-02-04 07:47 <DIR> d-------- c:\program files\Monster Trucks Nitro Demo
2009-02-02 12:05 . 2009-02-02 12:05 315 --a------ C:\test.exe
2009-01-27 13:25 . 2009-01-27 13:26 262,878 --a------ c:\windows\IPUI_DivXG400.exe
2009-01-27 13:25 . 2009-01-27 13:26 245,760 --a------ c:\windows\system32\DivXG400.ax
2009-01-27 13:25 . 2009-01-27 13:26 21,869 --a------ c:\windows\system32\divxg400.htm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 18:28 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-26 18:22 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-26 14:48 --------- d-----w c:\documents and settings\ILIJA\Application Data\LimeWire
2009-02-26 12:00 --------- d-----w c:\program files\Bandoo
2009-02-20 12:50 --------- d-----w c:\program files\Java
2009-01-29 16:41 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-01-28 16:08 --------- d-----w c:\documents and settings\ILIJA\Application Data\uTorrent
2009-01-24 12:20 --------- d-----w c:\program files\LimeWire
2009-01-20 16:11 --------- d-----w c:\program files\uTorrent
2009-01-10 01:37 --------- d-----w c:\program files\Nokia
2009-01-10 01:37 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-10 01:37 --------- d-----w c:\program files\Common Files\Nokia
2009-01-10 01:36 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-10 01:31 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-01-01 15:37 --------- d-----w c:\documents and settings\VELJKOVIC\Application Data\PC Suite
.

((((((((((((((((((((((((((((( SnapShot@2009-02-26_11.15.20.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 04:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-02-26 21:27:03 16,384 ----atw c:\windows\temp\Perflib_Perfdata_b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Google Update"="c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-20 148888]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\XTCS Counter-Strike 1.6 Final Release\\cstrike.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19685:TCP"= 19685:TCP:BitComet 19685 TCP
"19685:UDP"= 19685:UDP:BitComet 19685 UDP

R2 Bandoo Coordinator;Bandoo Coordinator;c:\progra~1\Bandoo\Bandoo.exe [2008-12-09 1484736]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2004-08-03 18560]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-11-21 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-11-21 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-11-21 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-11-21 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-11-21 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-11-21 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-11-21 110120]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-02-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24]

2008-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-26 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-838170752-682003330-1003.job
- c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 09:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = <local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
FF - ProfilePath - c:\documents and settings\ILIJA\Application Data\Mozilla\Firefox\Profiles\xid2t7u7.default\
FF - prefs.js: browser.startup.homepage - hxxp://download.muzicki.net/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-26 13:27:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-838170752-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Bandoo\Bandoo.exe
c:\progra~1\Bandoo\BandooUI.exe
c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2009-02-26 13:29:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-26 21:29:22
ComboFix2.txt 2009-02-26 19:16:23
ComboFix3.txt 2009-02-10 08:58:20

Pre-Run: 1,581,760,512 bytes free
Post-Run: 1,538,183,168 bytes free

170 --- E O F --- 2008-07-01 19:07:47

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Hajde molim te odradi i ostatak onoga sto sam ti gore napisao.
Treba mi onaj fajl da ga pogledam.

Ko je trenutno na forumu
 

Ukupno su 479 korisnika na forumu :: 18 registrovanih, 2 sakrivenih i 459 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., CrazySerb_MLD, djboj, dragon986, Duh sa sekirom, goxin, goxsys, ivan1973, Kaplar2, Krusarac, nenad81, novator, Rakenica, royst33, Skywhaler, suton, Trpe Grozni, vlvl