MyCity » Ambulanta -> Arhiva Ambulante » [bobby] Opet ovi virusi... Pomoc!

[bobby] Opet ovi virusi... Pomoc!

Napisano na dan: 26.2.2009

Strana:
1
2

[bobby] Opet ovi virusi... Pomoc!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

eleanor Poslao: 26 Feb 2009 19:37 Idi na vrh
offline eleanor Građanin Pridružio: 10 Dec 2007 Poruke: 40	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ne otvara you tube, baguje mi svaka stranica na netu, isto i dok ovo sve postavljam, i ne znam vishe sta da radim? Kad pokrenem task menager i iskljucim neki program, o5 radi normalno al nije to to.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:31:28 AM, on 2/26/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\Documents and Settings\ILIJA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\ILIJA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\ILIJA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\ILIJA\Desktop\New Folder (2)\TR4.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.atcomet.com/b/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Automatic Service] System32.exe O4 - HKLM\..\Run: [Microsoft] wplayer.exe O4 - HKLM\..\RunServices: [Microsoft] wplayer.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 6115 bytes Dopuna: 26 Feb 2009 19:37 Ako mu uopste nesto fali?

Profil

bobby Poslao: 26 Feb 2009 19:46 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zasto nemas instaliran antivirus? Zasto nemas instaliran Service Pack 3 za Windows? Ne fali mu nista, ima viska virusa. ============================= Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

eleanor Poslao: 26 Feb 2009 20:20 Idi na vrh
offline eleanor Građanin Pridružio: 10 Dec 2007 Poruke: 40	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Koj antivirus? Servis pack 3 mi nije toliko bitan... kako mislis viska virusa? Dopuna: 26 Feb 2009 20:14 aha, nesto sam prevideo, tako da poslednju recenicu ne racunaj Dopuna: 26 Feb 2009 20:20 ComboFix 09-02-25.02 - ILIJA 2009-02-26 11:13:18.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.246 [GMT -8:00] Running from: c:\documents and settings\ILIJA\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32.exe . ((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 ))))))))))))))))))))))))))))))) . 2009-02-25 08:44 . 2009-02-25 08:44 1,757,184 --a------ C:\type4.exe 2009-02-22 06:49 . 2009-02-22 06:49 <DIR> d-------- c:\program files\Cooolsoft 2009-02-20 04:50 . 2009-02-20 04:50 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-18 11:26 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-02-18 11:26 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2009-02-16 09:23 . 2009-02-16 09:23 <DIR> d-------- c:\program files\Funnsystems YuMp3Com-User-Authorization 2009-02-14 09:56 . 2009-02-14 09:56 <DIR> d-------- c:\windows\Funnsystems 2009-02-10 11:08 . 2009-02-10 11:08 <DIR> d-------- C:\C-F 2009-02-07 12:34 . 2009-02-07 12:34 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-02-07 12:34 . 2009-02-07 12:34 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-02-04 07:47 . 2009-02-04 07:47 <DIR> d-------- c:\program files\Monster Trucks Nitro Demo 2009-02-02 12:05 . 2009-02-02 12:05 315 --a------ C:\test.exe 2009-01-27 13:25 . 2009-01-27 13:26 262,878 --a------ c:\windows\IPUI_DivXG400.exe 2009-01-27 13:25 . 2009-01-27 13:26 245,760 --a------ c:\windows\system32\DivXG400.ax 2009-01-27 13:25 . 2009-01-27 13:26 21,869 --a------ c:\windows\system32\divxg400.htm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-26 18:28 --------- d-----w c:\program files\Mozilla Thunderbird 2009-02-26 18:22 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-26 14:48 --------- d-----w c:\documents and settings\ILIJA\Application Data\LimeWire 2009-02-26 12:00 --------- d-----w c:\program files\Bandoo 2009-02-20 12:50 --------- d-----w c:\program files\Java 2009-01-29 16:41 --------- d-----w c:\program files\TuneUp Utilities 2008 2009-01-28 16:08 --------- d-----w c:\documents and settings\ILIJA\Application Data\uTorrent 2009-01-24 12:20 --------- d-----w c:\program files\LimeWire 2009-01-20 16:11 --------- d-----w c:\program files\uTorrent 2009-01-10 01:37 --------- d-----w c:\program files\Nokia 2009-01-10 01:37 --------- d-----w c:\program files\Common Files\PCSuite 2009-01-10 01:37 --------- d-----w c:\program files\Common Files\Nokia 2009-01-10 01:36 --------- d-----w c:\program files\PC Connectivity Solution 2009-01-10 01:31 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2009-01-01 15:37 --------- d-----w c:\documents and settings\VELJKOVIC\Application Data\PC Suite 2007-06-13 10:23 1,757,184 --sh--r c:\windows\system32\wplayer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "Google Update"="c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-02 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864] "TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-20 148888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\bandoo\bndhook.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Google Update"="c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SoundMan"=SOUNDMAN.EXE "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\XTCS Counter-Strike 1.6 Final Release\\cstrike.exe"= "d:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\wplayer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19685:TCP"= 19685:TCP:BitComet 19685 TCP "19685:UDP"= 19685:UDP:BitComet 19685 UDP S2 Bandoo Coordinator;Bandoo Coordinator;c:\progra~1\Bandoo\Bandoo.exe [2008-12-09 1484736] S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2004-08-03 18560] S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-11-21 83880] S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-11-21 15016] S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-11-21 110632] S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-11-21 104616] S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-11-21 25512] S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-11-21 100648] S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-11-21 110120] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-02-26 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24] 2008-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-26 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] 2009-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-838170752-682003330-1003.job - c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 09:32] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Windows Automatic Service - System32.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://google.atcomet.com/b/ uInternet Settings,ProxyOverride = <local> IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe FF - ProfilePath - c:\documents and settings\ILIJA\Application Data\Mozilla\Firefox\Profiles\xid2t7u7.default\ FF - prefs.js: browser.startup.homepage - hxxp://download.muzicki.net/ FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-26 11:14:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1715567821-838170752-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(536) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-26 11:16:22 ComboFix-quarantined-files.txt 2009-02-26 19:16:11 ComboFix2.txt 2009-02-10 08:58:20 Pre-Run: 1,100,263,424 bytes free Post-Run: 1,472,036,864 bytes free 151 --- E O F --- 2008-07-01 19:07:47

Profil

bobby Poslao: 26 Feb 2009 20:21 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Antivirus odaberi sam. Ja ne mogu da ti preporucim ni jedan jer bi to bilo ne-fer prema AV kompanijama koje se reklamiraju na nasem forumu. Service Pack 3 jeste bitan jer su to zakrpe za propuste u sistemu. Malware koristi te propuste da bi se ubacio na tvoj sistem. Citat:kako mislis viska virusa? Zar virus na sistemu nije visak, i to nepozeljan visak? ======================= Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

eleanor Poslao: 26 Feb 2009 20:33 Idi na vrh
offline eleanor Građanin Pridružio: 10 Dec 2007 Poruke: 40	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jeste, jeste Eno iskopirao sam lod sa CF-a gore...

Profil

bobby Poslao: 26 Feb 2009 20:49 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Daj sledeci fajl na upload: C:\type4.exe Uploaduj ga preko sledece forme: http://www.mycity.rs/ambulanta-upload.php

Profil

eleanor Poslao: 26 Feb 2009 21:00 Idi na vrh
offline eleanor Građanin Pridružio: 10 Dec 2007 Poruke: 40	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadovao...

Profil

bobby Poslao: 26 Feb 2009 21:20 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\type4.exe c:\windows\system32\wplayer.exe FCOPY:: c:\windows\system32\drivers\tdi.sys\|c:\uploaduj.bin` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. ============================= Uploaduj mi preko iste forme i sledeci fajl: c:\uploaduj.bin

Profil

eleanor Poslao: 26 Feb 2009 22:34 Idi na vrh
offline eleanor Građanin Pridružio: 10 Dec 2007 Poruke: 40	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-02-25.02 - ILIJA 2009-02-26 13:24:36.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.231 [GMT -8:00] Running from: c:\documents and settings\ILIJA\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\ILIJA\Desktop\CFScript.txt * Created a new restore point FILE :: C:\type4.exe c:\windows\system32\wplayer.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\type4.exe c:\windows\system32\wplayer.exe . --------------- FCopy --------------- c:\windows\system32\drivers\tdi.sys --> c:\uploaduj.bin . ((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 ))))))))))))))))))))))))))))))) . 2009-02-26 13:24 . 2004-08-03 17:07 18,560 --a------ C:\uploaduj.bin 2009-02-22 06:49 . 2009-02-22 06:49 <DIR> d-------- c:\program files\Cooolsoft 2009-02-20 04:50 . 2009-02-20 04:50 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-18 11:26 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-02-18 11:26 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2009-02-16 09:23 . 2009-02-16 09:23 <DIR> d-------- c:\program files\Funnsystems YuMp3Com-User-Authorization 2009-02-14 09:56 . 2009-02-14 09:56 <DIR> d-------- c:\windows\Funnsystems 2009-02-10 11:08 . 2009-02-10 11:08 <DIR> d-------- C:\C-F 2009-02-07 12:34 . 2009-02-07 12:34 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-02-07 12:34 . 2009-02-07 12:34 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-02-04 07:47 . 2009-02-04 07:47 <DIR> d-------- c:\program files\Monster Trucks Nitro Demo 2009-02-02 12:05 . 2009-02-02 12:05 315 --a------ C:\test.exe 2009-01-27 13:25 . 2009-01-27 13:26 262,878 --a------ c:\windows\IPUI_DivXG400.exe 2009-01-27 13:25 . 2009-01-27 13:26 245,760 --a------ c:\windows\system32\DivXG400.ax 2009-01-27 13:25 . 2009-01-27 13:26 21,869 --a------ c:\windows\system32\divxg400.htm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-26 18:28 --------- d-----w c:\program files\Mozilla Thunderbird 2009-02-26 18:22 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-26 14:48 --------- d-----w c:\documents and settings\ILIJA\Application Data\LimeWire 2009-02-26 12:00 --------- d-----w c:\program files\Bandoo 2009-02-20 12:50 --------- d-----w c:\program files\Java 2009-01-29 16:41 --------- d-----w c:\program files\TuneUp Utilities 2008 2009-01-28 16:08 --------- d-----w c:\documents and settings\ILIJA\Application Data\uTorrent 2009-01-24 12:20 --------- d-----w c:\program files\LimeWire 2009-01-20 16:11 --------- d-----w c:\program files\uTorrent 2009-01-10 01:37 --------- d-----w c:\program files\Nokia 2009-01-10 01:37 --------- d-----w c:\program files\Common Files\PCSuite 2009-01-10 01:37 --------- d-----w c:\program files\Common Files\Nokia 2009-01-10 01:36 --------- d-----w c:\program files\PC Connectivity Solution 2009-01-10 01:31 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2009-01-01 15:37 --------- d-----w c:\documents and settings\VELJKOVIC\Application Data\PC Suite . ((((((((((((((((((((((((((((( SnapShot@2009-02-26_11.15.20.92 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-21 04:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2009-02-26 21:27:03 16,384 ----atw c:\windows\temp\Perflib_Perfdata_b8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "Google Update"="c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-02 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864] "TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-20 148888] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Google Update"="c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SoundMan"=SOUNDMAN.EXE "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\XTCS Counter-Strike 1.6 Final Release\\cstrike.exe"= "d:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19685:TCP"= 19685:TCP:BitComet 19685 TCP "19685:UDP"= 19685:UDP:BitComet 19685 UDP R2 Bandoo Coordinator;Bandoo Coordinator;c:\progra~1\Bandoo\Bandoo.exe [2008-12-09 1484736] S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2004-08-03 18560] S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-11-21 83880] S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-11-21 15016] S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-11-21 110632] S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-11-21 104616] S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-11-21 25512] S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-11-21 100648] S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-11-21 110120] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-02-26 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24] 2008-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-26 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] 2009-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-838170752-682003330-1003.job - c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 09:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.atcomet.com/b/ uInternet Settings,ProxyOverride = <local> IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe FF - ProfilePath - c:\documents and settings\ILIJA\Application Data\Mozilla\Firefox\Profiles\xid2t7u7.default\ FF - prefs.js: browser.startup.homepage - hxxp://download.muzicki.net/ FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-26 13:27:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1715567821-838170752-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(540) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Bandoo\Bandoo.exe c:\progra~1\Bandoo\BandooUI.exe c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe . ************************************************************************ . Completion time: 2009-02-26 13:29:24 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-26 21:29:22 ComboFix2.txt 2009-02-26 19:16:23 ComboFix3.txt 2009-02-10 08:58:20 Pre-Run: 1,581,760,512 bytes free Post-Run: 1,538,183,168 bytes free 170 --- E O F --- 2008-07-01 19:07:47

Profil

bobby Poslao: 26 Feb 2009 22:43 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hajde molim te odradi i ostatak onoga sto sam ti gore napisao. Treba mi onaj fajl da ga pogledam.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » [bobby] Opet ovi virusi... Pomoc!

Ko je trenutno na forumu

Ukupno su 1176 korisnika na forumu :: 48 registrovanih, 7 sakrivenih i 1121 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., airsuba, aleksmajstor, Apok, bankulen, bigfoot, bojcistv, Bokiboks, Boris BM, CikaKURE, darkojbn, Denaya, djboj, Dovla, drimer, Fog of War, ginjica, gomago, hologram, Još malo pa deda, Kibice, kripo, Marko Marković, mercedesamg, Mercury, milanovic, Millennium, Milos ZA, minmatar34957, nenad81, nesa1962, nikoli_ca, panzerwaffe, Parker, radoznao, Sass Drake, Springfield, Stanlio, suton, TheBeastOfMG, Trpe Grozni, vathra, Vatreni Zmaj, vladulns, x9, zlaya011, Zoca, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by