pomoc-trojanci drugi deo :)

1

pomoc-trojanci drugi deo :)

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 46

e ovde se vec svasta izdesavalo. evo log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51:28, on 28.02.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Hotkey\Hotkey.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\b1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Hotkey] C:\Program Files\Hotkey\Hotkey.exe
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: wampapache - Apache Software Foundation - c:\programfiles\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\programfiles\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 5923 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Evo i mene ponovo,

* Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana.
* Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


--------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 46

ComboFix 09-02-26.02 - User 2009-02-28 17:00:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.446.136 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\zastita racunara\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32
-------\Service_Passthru


((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.

2009-02-28 15:48 . 2009-02-28 15:55 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-28 15:48 . 2009-02-28 15:48 <DIR> d-------- c:\program files\AVG
2009-02-28 15:48 . 2009-02-28 15:48 96,520 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-28 15:48 . 2009-02-28 15:48 75,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-28 15:48 . 2009-02-28 15:48 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-28 15:02 . 2009-02-28 15:43 <DIR> d-------- c:\program files\ESET
2009-02-28 14:22 . 2009-02-28 14:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-28 14:22 . 2009-02-28 14:22 <DIR> d-------- c:\documents and settings\User\Application Data\Malwarebytes
2009-02-28 14:22 . 2009-02-28 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-28 14:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-28 14:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-27 19:53 . 2009-02-27 19:53 537,088 --a------ c:\windows\system\wmibus.exe.vir
2009-02-27 19:53 . 2009-02-27 19:53 51,904 --a------ c:\windows\system32\drivers\ndisio.sys.vir
2009-02-27 19:53 . 2009-02-27 19:53 34,016 --a------ c:\windows\system32\drivers\gvifcayh.sys.vir
2009-02-27 19:34 . 2009-02-27 19:34 <DIR> d-------- c:\program files\Trend Micro
2009-02-27 19:31 . 2009-02-27 19:31 250 --a------ c:\windows\gmer.ini
2009-02-27 19:00 . 2009-02-27 19:00 67,584 ---h----- c:\windows\system32\secupdat.dat
2009-02-27 19:00 . 2009-02-27 19:00 10,752 --a------ c:\documents and settings\LocalService\pvipd.exe.vir
2009-02-27 18:39 . 2009-02-27 18:39 <DIR> d-------- c:\documents and settings\User\DoctorWeb
2009-02-27 18:30 . 2009-02-27 18:30 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-02-27 18:30 . 2009-02-27 18:30 385 --a------ c:\windows\system32\user_gensett.xml
2009-02-27 18:27 . 2009-02-27 18:27 <DIR> d-------- c:\windows\system32\logs
2009-02-27 18:26 . 2009-02-28 16:27 <DIR> d-------- C:\USBNoRisk
2009-02-27 18:26 . 2009-02-27 18:27 <DIR> d-------- c:\program files\BitDefender
2009-02-27 18:24 . 2009-02-28 14:16 <DIR> d-------- c:\program files\Common Files\BitDefender
2009-02-27 18:10 . 2009-02-28 15:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-02-27 10:27 . 2009-02-27 10:27 <DIR> d-------- c:\documents and settings\User\Application Data\Simply Super Software
2009-02-27 10:27 . 2009-02-27 10:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-02-27 07:53 . 2009-02-28 15:23 <DIR> d-------- c:\program files\Trojan Remover
2009-02-27 07:53 . 2009-02-28 15:31 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-27 07:53 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-02-27 07:53 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-02-27 07:53 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-02-27 07:53 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-02-27 07:53 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-02-27 07:31 . 2006-11-23 13:31 304,896 -ra------ c:\windows\system32\drivers\rtl8185.sys
2009-02-17 12:06 . 2009-02-17 12:06 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-11 11:43 . 2009-02-06 02:03 553,472 --a------ c:\windows\system\wmisvmgr.exe.vir
2009-02-06 07:30 . 2007-12-12 01:05 356,437 --a------ c:\windows\system32\GDS32.DLL
2009-02-06 07:30 . 2007-12-12 01:05 356,437 --a------ c:\windows\system32\FBCLIENT.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 06:14 --------- d-----w c:\program files\ZipSoft
2009-02-18 11:03 --------- d-----w c:\documents and settings\User\Application Data\OpenOffice.org2
2009-02-06 06:28 --------- d-----w c:\program files\Winamp
2009-01-20 12:24 --------- d-----w c:\documents and settings\User\Application Data\U3
2009-01-20 10:46 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-20 10:30 --------- d-----w c:\program files\MSECache
2009-01-09 10:44 --------- d-----w c:\program files\Wesnoth
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2007-03-15 40960]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975]
"Hotkey"="c:\program files\Hotkey\Hotkey.exe" [2004-04-03 36864]
"MagicRotation"="c:\program files\MagicRotation\MagicPvt.exe" [2005-12-26 1089536]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-28 1177368]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-16 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Catalyst System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-12 45056]
NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2007-03-15 155715]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Repair Registry Pro]
--a------ 2005-06-06 18:39 1608249 c:\program files\Repair Registry Pro\RepairRegistryPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-28 96520]
R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [2007-03-15 9728]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-28 902424]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-28 282904]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-28 75272]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S0 gvifcayh;gvifcayh; [x]
S2 WMIBUS;WMI Bus Database; [x]
S2 WMISMGR;Windows Sync-Manager; [x]
S3 Crypbrvnpnn;Crypbrvnpnn;c:\windows\system32\drivers\atmarpc.sys [2004-08-04 59904]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-28 17:03:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548-)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2009-02-28 17:06:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-28 16:06:29

Pre-Run: 1,684,910,080 bytes free
Post-Run: 1,686,376,448 bytes free

166

Dopuna: 28 Feb 2009 17:12

zaboravio sam reci da posle korekcija uradjenih u malwarebytes-u mrezna vise nije radila

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Idi na www.virustotal.com

i tamo uploaduj sledeci fajl: c:\windows\system32\drivers\atmarpc.sys

Kad stignu rezultati skeniranja, postavi mi ovde taj link.

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 46

virustotal.com/reanalisis.html?8ba891b0bd49ff48ba8959522bbdd4e0

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Iskljuci AVG.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system\wmibus.exe.vir
c:\windows\system32\drivers\ndisio.sys.vir
c:\windows\system32\drivers\gvifcayh.sys.vir
c:\windows\system32\secupdat.dat
c:\documents and settings\LocalService\pvipd.exe.vir
c:\windows\system\wmisvmgr.exe.vir

Driver::
gvifcayh
WMIBUS
WMISMGR


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 46

ComboFix 09-02-26.02 - User 2009-02-28 17:56:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.446.141 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\documents and settings\LocalService\pvipd.exe.vir
c:\windows\system\wmibus.exe.vir
c:\windows\system\wmisvmgr.exe.vir
c:\windows\system32\drivers\gvifcayh.sys.vir
c:\windows\system32\drivers\ndisio.sys.vir
c:\windows\system32\secupdat.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\pvipd.exe.vir
c:\windows\system\wmibus.exe.vir
c:\windows\system\wmisvmgr.exe.vir
c:\windows\system32\drivers\gvifcayh.sys.vir
c:\windows\system32\drivers\ndisio.sys.vir
c:\windows\system32\secupdat.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GVIFCAYH
-------\Legacy_WMIBUS
-------\Legacy_WMISMGR
-------\Service_gvifcayh
-------\Service_WMIBUS
-------\Service_WMISMGR


((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.

2009-02-28 15:48 . 2009-02-28 15:55 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-28 15:48 . 2009-02-28 15:48 <DIR> d-------- c:\program files\AVG
2009-02-28 15:48 . 2009-02-28 15:48 96,520 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-28 15:48 . 2009-02-28 15:48 75,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-28 15:48 . 2009-02-28 15:48 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-28 15:02 . 2009-02-28 15:43 <DIR> d-------- c:\program files\ESET
2009-02-28 14:22 . 2009-02-28 14:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-28 14:22 . 2009-02-28 14:22 <DIR> d-------- c:\documents and settings\User\Application Data\Malwarebytes
2009-02-28 14:22 . 2009-02-28 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-28 14:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-28 14:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-27 19:34 . 2009-02-27 19:34 <DIR> d-------- c:\program files\Trend Micro
2009-02-27 19:31 . 2009-02-27 19:31 250 --a------ c:\windows\gmer.ini
2009-02-27 18:39 . 2009-02-27 18:39 <DIR> d-------- c:\documents and settings\User\DoctorWeb
2009-02-27 18:30 . 2009-02-27 18:30 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-02-27 18:30 . 2009-02-27 18:30 385 --a------ c:\windows\system32\user_gensett.xml
2009-02-27 18:27 . 2009-02-27 18:27 <DIR> d-------- c:\windows\system32\logs
2009-02-27 18:26 . 2009-02-28 16:27 <DIR> d-------- C:\USBNoRisk
2009-02-27 18:26 . 2009-02-27 18:27 <DIR> d-------- c:\program files\BitDefender
2009-02-27 18:24 . 2009-02-28 14:16 <DIR> d-------- c:\program files\Common Files\BitDefender
2009-02-27 18:10 . 2009-02-28 15:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-02-27 10:27 . 2009-02-27 10:27 <DIR> d-------- c:\documents and settings\User\Application Data\Simply Super Software
2009-02-27 10:27 . 2009-02-27 10:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-02-27 07:53 . 2009-02-28 15:23 <DIR> d-------- c:\program files\Trojan Remover
2009-02-27 07:53 . 2009-02-28 15:31 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-27 07:53 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-02-27 07:53 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-02-27 07:53 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-02-27 07:53 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-02-27 07:53 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-02-27 07:31 . 2006-11-23 13:31 304,896 -ra------ c:\windows\system32\drivers\rtl8185.sys
2009-02-17 12:06 . 2009-02-17 12:06 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-06 07:30 . 2007-12-12 01:05 356,437 --a------ c:\windows\system32\GDS32.DLL
2009-02-06 07:30 . 2007-12-12 01:05 356,437 --a------ c:\windows\system32\FBCLIENT.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 06:14 --------- d-----w c:\program files\ZipSoft
2009-02-18 11:03 --------- d-----w c:\documents and settings\User\Application Data\OpenOffice.org2
2009-02-06 06:28 --------- d-----w c:\program files\Winamp
2009-01-20 12:24 --------- d-----w c:\documents and settings\User\Application Data\U3
2009-01-20 10:46 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-20 10:30 --------- d-----w c:\program files\MSECache
2009-01-09 10:44 --------- d-----w c:\program files\Wesnoth
.

((((((((((((((((((((((((((((( SnapShot@2009-02-28_17.05.51.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00:00 294,400 -c--a-w c:\windows\system32\dllcache\msctf.dll
+ 2008-02-26 11:59:50 294,912 -c--a-w c:\windows\system32\dllcache\msctf.dll
- 2006-06-08 16:19:52 5,967,776 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-11 19:56:18 21,244,872 ----a-w c:\windows\system32\MRT.exe
- 2004-08-04 12:00:00 294,400 ----a-w c:\windows\system32\MSCTF.dll
+ 2008-02-26 11:59:50 294,912 ----a-w c:\windows\system32\msctf.dll
- 2005-06-28 08:20:24 13,536 ----a-w c:\windows\system32\spmsg.dll
+ 2007-03-06 01:22:36 14,048 ------w c:\windows\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2007-03-15 40960]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-28 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975]
"Hotkey"="c:\program files\Hotkey\Hotkey.exe" [2004-04-03 36864]
"MagicRotation"="c:\program files\MagicRotation\MagicPvt.exe" [2005-12-26 1089536]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-28 1177368]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-16 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Catalyst System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-12 45056]
NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2007-03-15 155715]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Repair Registry Pro]
--a------ 2005-06-06 18:39 1608249 c:\program files\Repair Registry Pro\RepairRegistryPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-28 96520]
R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [2007-03-15 9728]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-28 902424]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-28 282904]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-28 75272]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S3 Crypbrvnpnn;Crypbrvnpnn;c:\windows\system32\drivers\atmarpc.sys [2004-08-04 59904]
.
Contents of the 'Scheduled Tasks' folder

2009-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1597234714-813958858-793999233-1008.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-28 17:45]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-28 18:01:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548-)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2009-02-28 18:05:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-28 17:05:28
ComboFix2.txt 2009-02-28 16:06:34

Pre-Run: 1,707,114,496 bytes free
Post-Run: 1,711,202,304 bytes free

191

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Smesti u jedan ZIP/RAR i uploaduj mi:
c:\qoobox\quarantine

preko:

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 28 Feb 2009
  • Poruke: 46

e jbg vec sam deinstalirao combofix

Dopuna: 28 Feb 2009 18:31

mislim da sad ne vredi da ponovo pokrenem cf

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Joj, ubicu te, pa ko ti je rekao da deinstaliras CF?

Sad je gotovo....

Ko je trenutno na forumu
 

Ukupno su 896 korisnika na forumu :: 58 registrovanih, 10 sakrivenih i 828 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, airsuba, Alibaba1981, alkatraz080, Arahne, Arhiv, arzak, bojankrstc, Boris BM, Brada i Gibanica, Bubimir, Cranium, Dimitrije Paunovic, doklevise, Drug pukovnik, Dukelander, flash12, Griffon vulture, HDMI, jmsk, Krusarac, kybonacci, ladro, mackenzie, manda87, Markoni29, marsovac 2, mercedesamg, Milan A. Nikolic, MiroslavD, Miskohd, mr.mudri, ofbeyond, Outis, pvoman, raskoljnikov, rikirubio, RJ, RobinHood12, S2M, sakota79, Simon simonović, Skywhaler, SlaKoj, slonic_tonic, solic, Srle993, StepskiVuk, Stuka76, TheBeastOfMG, tmanda323, v0idmp3, Vlad000, VladaNS1978, vobo, vukovi, wolf431, zillbg