problem sa messanger virusom

2

problem sa messanger virusom

offline
  • Pridružio: 07 Maj 2008
  • Poruke: 9

ComboFix 08-05-07.2 - Korisnik 2008-05-08 22:58:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.642 [GMT 2:00]
Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Korisnik\Application Data\urlredir.cfg
C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\webhdll.dll
C:\Program Files\webhancer\Programs\whagent.exe
C:\Program Files\webhancer\Programs\whagent.ini
C:\Program Files\webhancer\Programs\whiehlpr.dll
C:\Program Files\webhancer\Programs\whinstaller.exe
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\DcadsSocial-uninstall.exe
C:\WINDOWS\system32\nsy94.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.

2008-05-07 16:51 . 2008-05-07 16:51 <DIR> d-------- C:\_OTMoveIt
2008-05-05 13:50 . 2008-05-05 13:50 253,952 --a------ C:\WINDOWS\system32\ruxhuxnbcy.exe
2008-05-05 01:40 . 2008-05-05 01:40 245,760 --a------ C:\WINDOWS\system32\ydzwahpfgggf.exe
2008-05-04 23:40 . 2008-05-04 23:40 249,856 --a------ C:\WINDOWS\system32\vunylztcoyhyu.exe
2008-05-04 18:45 . 2008-05-04 18:45 245,760 --a------ C:\WINDOWS\system32\fatlzjubwb.exe
2008-05-04 16:25 . 2008-05-04 16:25 249,856 --a------ C:\WINDOWS\system32\cbtelqitbmbl.exe
2008-05-03 21:10 . 2008-05-03 21:10 268 --ah----- C:\sqmdata03.sqm
2008-05-03 21:10 . 2008-05-03 21:10 244 --ah----- C:\sqmnoopt03.sqm
2008-05-03 20:12 . 2008-05-03 20:12 268 --ah----- C:\sqmdata02.sqm
2008-05-03 20:12 . 2008-05-03 20:12 244 --ah----- C:\sqmnoopt02.sqm
2008-04-26 21:23 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-26 21:23 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-04-24 22:46 . 2008-04-24 22:46 180,224 --a------ C:\WINDOWS\system32\vlfaqgtuki.exe
2008-04-24 22:46 . 2008-04-24 22:46 180,224 --a------ C:\WINDOWS\system32\tmlmnhz.exe
2008-04-24 22:46 . 2008-04-24 22:46 180,224 --a------ C:\WINDOWS\system32\gnnfju.exe
2008-04-18 21:08 . 2008-04-18 21:08 268 --ah----- C:\sqmdata01.sqm
2008-04-18 21:08 . 2008-04-18 21:08 244 --ah----- C:\sqmnoopt01.sqm
2008-04-18 19:39 . 2008-04-18 19:39 268 --ah----- C:\sqmdata00.sqm
2008-04-18 19:39 . 2008-04-18 19:39 244 --ah----- C:\sqmnoopt00.sqm
2008-04-11 00:01 . 2008-04-11 00:01 <DIR> d-------- C:\Program Files\SweetIM
2008-04-11 00:01 . 2008-04-11 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 16:06 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\AVG7
2008-04-27 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-04 17:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-04 11:17 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-04 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-04 11:15 --------- d-----w C:\Program Files\Trend Micro
2008-04-04 11:00 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2007-12-21 19:41 7,317,344 ----a-w C:\Program Files\msnsusii.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 18:06 577536 C:\WINDOWS\soundman.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-07 14:40 282624]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 04:03 49263]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 13:20 579584]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-04 13:17 219136]

C:\Documents and Settings\Korisnik\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-10-13 15:03:08 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22 10872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\Program Files\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

S2 ikic8adinxdluern;CommServer;C:\WINDOWS\system32\zwfwrhbdtwp.exe []
S2 ovaehtyayoou1;DeepSight Extractor Service for NP08;C:\WINDOWS\system32\zwfwrhbdtwp.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40c22e4e-115a-11dc-8d59-0002446c7dc7}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50ade121-fda7-11db-8d3f-0002446c7dc7}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b072e206-0e19-11dc-8d53-0002446c7dc7}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b072e207-0e19-11dc-8d53-0002446c7dc7}]
\Shell\AutoRun\command - G:\USBNB.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 20:57:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-05-08 23:02:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2008-05-08 23:04:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-08 21:04:05

Pre-Run: 126,006,386,688 bytes free
Post-Run: 126,610,001,920 bytes free

166 --- E O F --- 2007-12-27 14:26:23

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Izvinjavam se na kašnjenju. Promaklo mi je da si pisala u temi...



Arrow Preuzmi program Flash_Disinfector.

program se pokreće dvoklikom na Flash_Disinfector.exe
kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay)
kliknuti na OK i sačekati da se proces završi
kada se pojavi poruka Done !!, kliknuti na OK.



-------------------------------------------------------------------------------------



Arrow Otvoriti Notepad i iskopirati sledeci tekst:


File::
C:\WINDOWS\system32\ruxhuxnbcy.exe
C:\WINDOWS\system32\ydzwahpfgggf.exe
C:\WINDOWS\system32\vunylztcoyhyu.exe
C:\WINDOWS\system32\fatlzjubwb.exe
C:\WINDOWS\system32\cbtelqitbmbl.exe
C:\WINDOWS\system32\vlfaqgtuki.exe
C:\WINDOWS\system32\tmlmnhz.exe
C:\WINDOWS\system32\gnnfju.exe

Driver::
ikic8adinxdluern
ovaehtyayoou1

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40c22e4e-115a-11dc-8d59-0002446c7dc7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50ade121-fda7-11db-8d3f-0002446c7dc7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b072e206-0e19-11dc-8d53-0002446c7dc7}]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 07 Maj 2008
  • Poruke: 9

ComboFix 08-05-07.2 - Korisnik 2008-05-11 18:44:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.626 [GMT 2:00]
Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Korisnik\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\cbtelqitbmbl.exe
C:\WINDOWS\system32\fatlzjubwb.exe
C:\WINDOWS\system32\gnnfju.exe
C:\WINDOWS\system32\ruxhuxnbcy.exe
C:\WINDOWS\system32\tmlmnhz.exe
C:\WINDOWS\system32\vlfaqgtuki.exe
C:\WINDOWS\system32\vunylztcoyhyu.exe
C:\WINDOWS\system32\ydzwahpfgggf.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cbtelqitbmbl.exe
C:\WINDOWS\system32\fatlzjubwb.exe
C:\WINDOWS\system32\gnnfju.exe
C:\WINDOWS\system32\ruxhuxnbcy.exe
C:\WINDOWS\system32\tmlmnhz.exe
C:\WINDOWS\system32\vlfaqgtuki.exe
C:\WINDOWS\system32\vunylztcoyhyu.exe
C:\WINDOWS\system32\ydzwahpfgggf.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IKIC8ADINXDLUERN
-------\Legacy_OVAEHTYAYOOU1
-------\Service_ikic8adinxdluern
-------\Service_ovaehtyayoou1


((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-07 16:51 . 2008-05-07 16:51 <DIR> d-------- C:\_OTMoveIt
2008-05-03 21:10 . 2008-05-03 21:10 268 --ah----- C:\sqmdata03.sqm
2008-05-03 21:10 . 2008-05-03 21:10 244 --ah----- C:\sqmnoopt03.sqm
2008-05-03 20:12 . 2008-05-03 20:12 268 --ah----- C:\sqmdata02.sqm
2008-05-03 20:12 . 2008-05-03 20:12 244 --ah----- C:\sqmnoopt02.sqm
2008-04-26 21:23 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-26 21:23 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-04-18 21:08 . 2008-04-18 21:08 268 --ah----- C:\sqmdata01.sqm
2008-04-18 21:08 . 2008-04-18 21:08 244 --ah----- C:\sqmnoopt01.sqm
2008-04-18 19:39 . 2008-04-18 19:39 268 --ah----- C:\sqmdata00.sqm
2008-04-18 19:39 . 2008-04-18 19:39 244 --ah----- C:\sqmnoopt00.sqm
2008-04-11 00:01 . 2008-04-11 00:01 <DIR> d-------- C:\Program Files\SweetIM
2008-04-11 00:01 . 2008-04-11 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 15:35 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\AVG7
2008-04-27 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-04 17:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-04 11:17 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-04 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-04 11:15 --------- d-----w C:\Program Files\Trend Micro
2008-04-04 11:00 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2007-12-21 19:41 7,317,344 ----a-w C:\Program Files\msnsusii.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-08_23.03.55.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-08 21:01:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-11 16:47:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 18:06 577536 C:\WINDOWS\soundman.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-07 14:40 282624]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 04:03 49263]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 13:20 579584]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-04 13:17 219136]

C:\Documents and Settings\Korisnik\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-10-13 15:03:08 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22 10872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\Program Files\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b072e207-0e19-11dc-8d53-0002446c7dc7}]
\Shell\AutoRun\command - G:\USBNB.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-11 15:57:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-05-11 18:47:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2008-05-11 18:49:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-11 16:49:53
ComboFix2.txt 2008-05-08 21:04:09

Pre-Run: 126,412,943,360 bytes free
Post-Run: 126,471,598,080 bytes free

164 --- E O F --- 2007-12-27 14:26:23

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Čist log.


Kakvo je sada stanje?

offline
  • Pridružio: 07 Maj 2008
  • Poruke: 9

pa ne znam, valjda ne saljem sad te poruke sa virusom na msn-u...
sad cu da pitam nekog pa ti javljem... jel ja da sad izbrisem one programe sto sam instalirala ili..?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

offline
  • Pridružio: 07 Maj 2008
  • Poruke: 9

Xvala Smile))

Ko je trenutno na forumu
 

Ukupno su 1082 korisnika na forumu :: 56 registrovanih, 4 sakrivenih i 1022 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: arsa, babaroga, bojank, bojanM84, BORUTUS, brundo65, dankisha, Dannyboy, DeerHunter, djboj, Djokislav, Djokkinen, doklevise, Dorcolac, dragoljub11987, GandorCC, gorval, havoc995, ikan, Istman, ivan979, Još malo pa deda, jukeboxer, Klecaviks, kovinacc, Kubovac, kunktator, kybonacci, lord sir giga, Luka Blažević, Lukaaa, mercedesamg, Metanoja, mgolub, milenko crazy north, Misirac, mkukoleca, nemkea71, oldtimer, opt1, pein, raptorsi, sap, sasa87, slonic_tonic, Stoilkovic, vathra, VJ, Vlad000, vladulns, voja64, wolverined4, Wrangler, zixmix, zlaya011, 79693