problem sa msn virusima

2

problem sa msn virusima

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\Documents and Settings\Korisnik\ogbv.exe
C:\Documents and Settings\Korisnik\ayvm.exe
C:\WINDOWS\system32\drivers\ndisio.sys


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

e uradio sam sve ovo ali kad se zavrsilo nisam mogao da se konektujem na net-pa sam uradio system restore....

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Uradio si System Restore i izvršio reinfekciju kompjutera?!

Jesi li kojim slučajem pokušao da rešiš problem sa konekcijom restartovanjem kompjutera?

Koliko unazad si vratio sistem?

Postavi poslednji log koji je bio napravljen (C:\ComboFix.txt).

offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

pokusao sam restartom ali opet nije hteo da se konektuje-a vratio sam ga samo za ovo sa prenosom CFScript.exe jer kad je poceo to da radi napravio je restore point-a kada je zavrsio sa ciscenjem nije izbacio nikakav log!
a uradio sam sve kao sto si rekao

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

OK, ponovićemo postupak.

Ukoliko opet budeš imao nekih problema sa konekcijom, probaj prvo da uradiš Repair (Control Panel > Network Connections: desni klik na konekciju i Repair).

----------------------


Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\Documents and Settings\Korisnik\ogbv.exe
C:\Documents and Settings\Korisnik\ayvm.exe
C:\WINDOWS\system32\drivers\ndisio.sys


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

evo ponovoio sam postupak-ali opet ista stvar: kada je zavrsio i pripremao log situacija je ovako izgledala

i opet nije hteo da se konektuje na net-pokusao sam da popravim konekciju ali tada sam dobio ovakvo obavestenje

probao sam da restartujem-ali nista i na kraju sam opet uradio restore...

u svakom slucaju vazno je da nemam vise problema sa msn-om:)

pozz

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Hmm...

Hajde odradi ovako;

otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\Documents and Settings\Korisnik\ogbv.exe
C:\Documents and Settings\Korisnik\ayvm.exe


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.[/quote]

offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

evo ovaj put je izgleda uspesno zavrseno Smile evo log:

ComboFix 08-09-04.09 - Korisnik 2008-09-06 10:53:24.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.183 [GMT 2:00]
Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Korisnik\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 10
Access is denied.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Korisnik\ayvm.exe
C:\Documents and Settings\Korisnik\ogbv.exe
.
---- Previous Run -------
.
C:\Documents and Settings\Korisnik\ayvm.exe
C:\Documents and Settings\Korisnik\ogbv.exe
C:\WINDOWS\system32\drivers\ndisio.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Passthru
-------\Service_Passthru


((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.

2008-09-05 15:32 . 2008-09-05 15:32 <DIR> d-------- C:\Program Files\jIRCii
2008-09-04 09:04 . 2008-09-04 23:07 250 --a------ C:\WINDOWS\gmer.ini
2008-09-02 00:47 . 2008-09-02 00:47 <DIR> d-------- C:\Program Files\COMODO
2008-09-02 00:47 . 2008-09-02 00:47 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Comodo
2008-09-02 00:47 . 2008-09-02 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-09-02 00:47 . 2008-09-02 00:47 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-09-02 00:47 . 2008-09-02 00:47 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-09-02 00:47 . 2008-09-02 00:47 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-09-01 17:13 . 2008-09-01 22:40 107,520 --a------ C:\WINDOWS\system32\drivers\ndisio.sys
2008-08-31 00:51 . 2008-08-31 00:51 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-08-29 21:39 . 2008-08-31 01:12 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-08-28 19:51 . 2008-09-03 04:34 <DIR> d-------- C:\DVDVideoSoft
2008-08-28 15:45 . 2008-08-28 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiComponents
2008-08-28 14:59 . 2008-08-28 20:02 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-08-28 14:59 . 2008-08-28 20:03 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-08-25 23:44 . 2008-08-26 01:28 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Winamp
2008-08-25 20:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-25 20:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-25 14:42 . 2008-08-25 14:42 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-25 14:39 . 2008-08-25 20:23 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-25 14:23 . 2008-09-01 17:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-23 13:04 . 2008-08-25 13:20 <DIR> d-------- C:\Program Files\SpeedFan
2008-08-08 13:09 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-08 13:09 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-08 13:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-08 13:09 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-08 13:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-08 13:08 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-08-08 13:08 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-08 13:08 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 08:47 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\BearShare
2008-09-03 23:31 --------- d-----w C:\Program Files\Planplus
2008-09-01 15:12 --------- d-----w C:\Program Files\Winamp Toolbar
2008-08-30 22:57 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\DNA
2008-08-30 00:02 --------- d-----w C:\Program Files\DNA
2008-08-28 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-25 21:44 --------- d-----w C:\Program Files\Winamp
2008-08-24 22:02 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-07-18 12:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 12:10 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-07-18 12:10 --------- d-----w C:\Program Files\AvRack
2008-07-16 12:32 --------- d-----w C:\Program Files\Warcraft III
2008-07-15 20:30 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-15 13:56 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-13 17:33 1,283,912 ----a-w C:\Program Files\WoW-2.3.0.7561-enUS-downloader.exe
2008-07-13 17:33 --------- d-----w C:\Program Files\WoW-2.3.0.7561-enUS
2008-07-13 17:33 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-13 14:03 --------- d-----w C:\Program Files\SweetIM
2008-07-10 17:51 103,832 ----a-w C:\Documents and Settings\Korisnik\Application Data\GDIPFONTCACHEV1.DAT
2008-07-10 10:29 --------- d--h--r C:\Documents and Settings\Korisnik\Application Data\SecuROM
2008-07-10 09:56 --------- d-----w C:\Program Files\Aspyr
2008-07-10 09:36 --------- d-----w C:\Program Files\Black Bean
2008-07-09 18:09 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Desktop Sidebar
2008-07-09 17:15 --------- d-----w C:\Program Files\YouTube Downloader
2008-07-09 17:03 --------- d-----w C:\Program Files\MyFreeWeather
2008-07-07 23:18 --------- d-----w C:\Program Files\Typing Test TQ
2008-07-07 23:15 --------- d-----w C:\Program Files\10 Finger BreakOut
2008-07-07 22:22 --------- d-----w C:\Program Files\Fildza's Entertainment Company
2008-07-06 22:24 --------- d-----w C:\Program Files\SaljiPoruke-desktop
2008-07-06 22:20 --------- d-----w C:\Program Files\Sun
2008-07-06 22:20 --------- d-----w C:\Program Files\Java
2008-07-05 17:34 10,886,008 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-06-11 18:19 1,376,528 ----a-w C:\WINDOWS\system32\MSVBVM60.DLL
2008-06-10 21:29 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-03 16:27 8 ----a-w C:\Documents and Settings\Korisnik\Application Data\usb.dat.bin
2007-05-07 11:18 92,064 ----a-w C:\Documents and Settings\Korisnik\mqdmmdm.sys
2007-05-07 11:18 9,232 ----a-w C:\Documents and Settings\Korisnik\mqdmmdfl.sys
2007-05-07 11:18 79,328 ----a-w C:\Documents and Settings\Korisnik\mqdmserd.sys
2007-05-07 11:18 66,656 ----a-w C:\Documents and Settings\Korisnik\mqdmbus.sys
2007-05-07 11:18 6,208 ----a-w C:\Documents and Settings\Korisnik\mqdmcmnt.sys
2007-05-07 11:18 5,936 ----a-w C:\Documents and Settings\Korisnik\mqdmwhnt.sys
2007-05-07 11:18 4,048 ----a-w C:\Documents and Settings\Korisnik\mqdmcr.sys
2007-05-07 11:18 25,600 ----a-w C:\Documents and Settings\Korisnik\usbsermptxp.sys
2007-05-07 11:18 22,768 ----a-w C:\Documents and Settings\Korisnik\usbsermpt.sys
2007-12-02 14:33 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-09-05_ 7.41.45.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-23 23:44:50 60,112 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-05 15:07:25 60,112 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-23 23:44:50 394,778 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-05 15:07:25 394,778 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-08-29 19:48:52 57,480 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-09-06 07:09:37 368,708 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Windows Live Messenger"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"myweather"="C:\Program Files\MyFreeWeather\myweather.exe" [2008-06-20 3115008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-15 921600]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 45632]
"ClocX"="D:\sat\ClocX.exe" [2002-12-31 103936]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\713xRMTMon.exe" [2006-10-11 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 36352]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-09-02 1655552]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.AP41"= APmpg4v1.dll
"vidc.GBXX"= GBXXvfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Openwares LiveUpdate"=C:\Program Files\LiveUpdate\LiveUpdate.exe
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"C:\\Sierra\\Half-Life\\hl.exe"=
"C:\\Sierra\\Half-Life\\hltv.exe"=
"C:\\Program Files\\FarStone\\VirtualDrive\\MGR.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\WINDOWS\\system32\\AUTMGR32.EXE"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2002-01-24 46735]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-02 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-02 24208]
R2 713xTVCard;SAA7130 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2006-10-11 279552]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 WDMTVTuner;Universal WDM TV Tuner;C:\WINDOWS\system32\drivers\WDMTuner.sys [2006-10-11 25984]
R3 FsHotKey;FsHotKey;C:\WINDOWS\system32\drivers\FsHotKey.sys [2002-01-19 3855]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [ ]
S0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [ ]
S1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [ ]
S1 vbev5mp;vbev5mp;C:\WINDOWS\system32\Drivers\vbev5mp.sys [2003-05-07 57008]
S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [ ]
S3 DrmCDriverV32;DrmCDriverV32;C:\WINDOWS\system32\drivers\DrmCDriverV32.sys [2008-04-17 508544]
S3 DrmCVideo32;DrmCVideo32;C:\WINDOWS\system32\DRIVERS\DrmCVideo32.sys [2008-04-17 3768]
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys [ ]
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [ ]
S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-06-04 3768]
S3 SmartCd;SmartCd;C:\WINDOWS\system32\Drivers\SmartCd.sys [2002-01-19 6356]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2008-06-04 508544]
S3 SoundMovieServer;SoundMovieServer;C:\WINDOWS\system32\snmvtsvc.exe [2008-06-04 184320]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bd48f08-d30d-11db-86d5-0018f377d88b}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f026ec-0af4-11dc-88cf-96e49dc590c9}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-06 10:56:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = C:\WINDOWS\713xRMTMon.exe???8}??????????T?a??A??x???????`}??????????????x???????????x???????????????????????????????????x???U????B??????????T?a?x???m?a?x??????????????|?A??8}??????????????8}??????????????????????????????????0}??h???????????0}??(???8}????A????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vbev5mp]
"ImagePath"="System32\Drivers\vbev5mp.sys"
.
Completion time: 2008-09-06 10:58:41
ComboFix-quarantined-files.txt 2008-09-06 08:58:36
ComboFix2.txt 2008-09-05 05:43:26
ComboFix3.txt 2008-08-29 23:45:37

Pre-Run: 18,668,142,592 bytes free
Post-Run: 18,660,405,248 bytes free

232


i ovaj put se sistem nije restartovao....

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Imamo još jedan file za ukloniti.


Pre nastavka, skini WinSock XP Fix 1.2 :
http://www.majorgeeks.com/WinSock_XP_Fix_d4372.html

Za sada nemoj da ga pokrećeš - ukoliko nakon sledećeg postupka budeš imao probleme sa internet konekcijom, dvoklikom pokreni program i klikni Fix.

Znači, to je samo u slučaju da zatreba...





Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

Drivers to delete:
Passthru

Files to delete:
C:\WINDOWS\system32\drivers\ndisio.sys


Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u

Iskopiraj sadržaj dobijenog loga u temu na forumu.

offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

uradio sam kao sto si rekao-ali nakon restarta opet nije hteo da se konektuje pa sam onda pokrenuo winsockxpfix i on je izgleda odradio posao Smile evo log za avenger:

Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "Passthru" deleted successfully.
File "C:\WINDOWS\system32\drivers\ndisio.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Ko je trenutno na forumu
 

Ukupno su 824 korisnika na forumu :: 55 registrovanih, 6 sakrivenih i 763 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., arsa, Belac91, caesar, Chainsaw, crnitrn, djboj, dragoljub11987, dragon986, Drug pukovnik, Filip Marinković, flash12, FOX, goxin, HrcAk47, ikan, ILGromovnik, Insan, Jovan Nenad, Khaless, kolateralnasteta, Korisnik038, krkalon, KUZMAR, laki_bb, lelemud, Lucije Kvint, mercedesamg, mushroom, nemkea71, Neutral-M, nuke92, Oluj2.1, operniki, Oscar2, Penzula, Regrut Boskica, RiV, shaja1, Simon simonović, Singidunumac, Sirius, Srki94, tamburski, theNedjeljko, Tragač, USSVoyager, vasa.93, vathra, Vlada1389, vlvl, yufighter, zamtours, zlatkoa987