MyCity » Ambulanta -> Arhiva Ambulante » smitfraud

smitfraud

Napisano na dan: 19.9.2008

smitfraud
Sledeća strana Pagination

Idi na vrh

Poslao: 19 Sep 2008 06:57
Idi na vrh
offline
  • Pridružio: 20 Mar 2009
  • Poruke: 300
  • Gde živiš: Republic Of Srpska Banjaluka

pozdrav ljudi i unapred hvala za pomoc

ime teme je takvo zato sto sam se prepoznao u temi smitfraud
znaci sve me od toga zadesilo s tim sto su mi
nestale ikone sa desktopa
postavljene neke ikone tipa zoosex i sl
nema particije c
prperties na desktop onemogucen
end task onemogucen
na start nema programa opcija run,seerch,control panel itd
properties na my computer ispisuje VIRUS ALERT
desni donji ugao pored sata isto pise VIRUS ALERT
a o radu kompjutera da ne govorim kao puz

e sad ja sam nesto prckao dok nisam nasao ovaj forum i uspio sam povratiti skoro sve samo su ostale opcije START run,control,panel i seerch
i kad se dize sistem malo duze stoji na WELCOME pa onda izbaci samo sliku desktopa pa opet malo stoji i tek onda prikaze desktop

radio sam raznorazna skeniranja nod32(nije mogao obrisati)
avira je brisala ove fajlove kao viruse
TR/Crypt.XPACK.Gen
ADSPY/Adspy.Gen
TR/Dldr.Zlob.Gen
DR/Monder>165888.1
avg je isto tako nesto obrisao al je on uglavnom vidio exe od peograma kao virus
cini mi se da ih je otkacio spyboot u safe modu
nadam se da nisam preopsiran i da sam dobro objasnio svoj problem
prilazem hi jack scan results
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:43, on 9/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ClocX\ClocX.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\PST\Desktop\mixer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\PST\Desktop\Forum\TR3.exe..exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B1CE21C6-F78F-451A-95B0-3E4EA1DE7873} - (no file)
O3 - Toolbar: (no name) - {30ACFAA9-78D6-4C11-845C-804AF8AAC89F} - (no file)
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{81D323A9-3773-4DF3-972D-1E5BD598DEAB}: NameServer = 62.68.96.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: yayvtrqq - yayvtrqq.dll (file missing)
O21 - SSODL: mgxfebsq - {664727EB-C5C8-4F5E-8484-FC8B86741A3F} - (no file)
O21 - SSODL: dtseqrxk - {E2F3564E-17F5-468A-B0B0-A2597064B6C0} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 5959 bytes

i jos jednom hvala



Poslao: 19 Sep 2008 09:59
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8628
  • Gde živiš: Novi Beograd

Zdravo,

* Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana.
* Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

-------------------------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Poslao: 19 Sep 2008 16:28
Idi na vrh
offline
  • Pridružio: 20 Mar 2009
  • Poruke: 300
  • Gde živiš: Republic Of Srpska Banjaluka

pozdrav helen
evo log

ComboFix 08-09-16.05 - PST 2008-09-19 16:07:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.616 [GMT 2:00]
Running from: C:\Documents and Settings\PST\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMff39b789.txt
C:\WINDOWS\BMff39b789.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\edlt.exe
C:\WINDOWS\mqgldfvo.exe
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\bvuhcdms.ini
C:\WINDOWS\system32\gwfeirek.ini
C:\WINDOWS\system32\lVvEgfii.ini
C:\WINDOWS\system32\lVvEgfii.ini2
C:\WINDOWS\system32\msupdte.exe
C:\WINDOWS\system32\rsocosjj.ini

.
((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 )))))))))))))))))))))))))))))))
.

2008-09-19 06:22 . 2008-09-19 06:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-19 06:13 . 2008-09-19 06:13 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-18 21:19 . 2008-09-18 21:19 <DIR> d-------- C:\Documents and Settings\PST\Application Data\Grisoft
2008-09-18 21:18 . 2008-09-18 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-18 21:18 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-09-18 20:55 . 2008-09-19 15:52 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-18 20:55 . 2008-09-18 20:55 <DIR> d-------- C:\Program Files\AVG
2008-09-18 20:55 . 2008-09-19 06:22 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-18 20:55 . 2008-09-19 06:22 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-18 20:00 . 2008-09-18 20:12 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-18 20:00 . 2008-09-18 20:12 <DIR> d-------- C:\Documents and Settings\PST\Application Data\SUPERAntiSpyware.com
2008-09-18 20:00 . 2008-09-18 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-18 19:38 . 2008-09-18 19:38 5,364 --a------ C:\Documents and Settings\cc_20080918_1938.reg
2008-09-18 09:52 . 2008-09-18 20:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-18 09:39 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-18 09:39 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-18 09:39 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-18 09:39 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-18 09:39 . 2007-09-28 14:26 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-18 07:29 . 2008-09-18 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-18 07:26 . 2008-09-18 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-18 06:46 . 2008-09-18 06:46 14,932 --a------ C:\Documents and Settings\cc_20080918_0646.reg
2008-09-18 06:04 . 2008-09-18 09:43 1,140 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-09 22:41 . 2008-09-09 22:41 21,910 --a------ C:\Documents and Settings\cc_20080909_2240.reg
2008-08-31 20:24 . 2008-08-31 20:25 6,180 --a------ C:\Documents and Settings\cc_20080831_2024.reg
2008-08-29 17:40 . 2008-09-18 20:55 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-28 22:08 . 2008-08-28 22:08 0 --a------ C:\WINDOWS\mngui.INI
2008-08-27 20:50 . 2008-08-27 20:50 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-08-27 20:49 . 2008-08-27 20:49 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-08-27 20:49 . 2008-08-27 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-08-25 18:47 . 2008-08-25 18:47 <DIR> d-------- C:\Documents and Settings\PST\Application Data\Teleca
2008-08-25 18:47 . 2006-09-18 14:59 90,800 -ra------ C:\WINDOWS\system32\drivers\se27unic.sys
2008-08-25 18:47 . 2006-09-18 14:59 18,704 -ra------ C:\WINDOWS\system32\drivers\se27nd5.sys
2008-08-25 18:47 . 2006-09-18 14:58 4,128 -ra------ C:\WINDOWS\system32\drivers\se27cr.sys
2008-08-25 18:46 . 2006-09-18 14:58 97,184 -ra------ C:\WINDOWS\system32\drivers\SE27mdm.sys
2008-08-25 18:46 . 2006-09-18 14:58 88,688 -ra------ C:\WINDOWS\system32\drivers\SE27mgmt.sys
2008-08-25 18:46 . 2006-09-18 14:59 86,560 -ra------ C:\WINDOWS\system32\drivers\SE27obex.sys
2008-08-25 18:46 . 2006-09-18 14:58 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys
2008-08-25 18:46 . 2006-09-18 14:58 9,360 -ra------ C:\WINDOWS\system32\drivers\SE27mdfl.sys
2008-08-25 18:46 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cmnt.sys
2008-08-25 18:46 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cm.sys
2008-08-25 18:46 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys
2008-08-25 18:46 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys
2008-08-25 18:41 . 2008-08-25 18:41 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-08-25 18:31 . 2008-08-25 18:31 <DIR> d-------- C:\Documents and Settings\PST\Application Data\Sony Ericsson
2008-08-25 18:27 . 2008-08-27 20:50 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-25 18:27 . 2008-08-27 20:50 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 14:10 --------- d-----w C:\Documents and Settings\PST\Application Data\uTorrent
2008-09-18 19:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-18 19:14 --------- d-----w C:\Program Files\SpywareBlaster
2008-09-18 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-13 05:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-09 22:24 --------- d-----w C:\Documents and Settings\PST\Application Data\Skype
2008-09-09 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-09 20:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 17:07 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-27 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-18 22:01 --------- d-----w C:\Documents and Settings\PST\Application Data\skypePM
2008-08-18 19:37 --------- d-----w C:\Documents and Settings\PST\Application Data\CyberLink
2008-08-18 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-18 19:36 --------- d-----w C:\Program Files\CyberLink
2008-08-12 21:32 --------- d-----w C:\Program Files\uTorrent
2008-08-05 20:50 --------- d-----w C:\Program Files\DX-Ball
2008-07-30 20:26 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-07-21 22:55 --------- d-----w C:\Program Files\Lavasoft
2008-01-08 13:39 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [2005-01-26 270336]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-19 1235736]

C:\Documents and Settings\PST\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-01-18 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DVSD"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Native Instruments\\Traktor DJ Studio 2\\TraktorDJStudio2.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\PST\\Desktop\\Skype.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-09-05 77056]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-19 97928]
R2 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-05-12 8768]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-19 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-19 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-19 76040]
R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 8864]
R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 8864]
R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 8864]
R2 Tdlpt;Tdlpt;C:\WINDOWS\system32\drivers\Tdlpt.sys [2001-10-16 8012]
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-12-21 29152]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1190db55-d7af-11db-82e1-00112fb41aa6}]
\Shell\AutoRun\command - H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5016ee38-06e7-11dd-8442-00112fb41aa6}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5016ee3d-06e7-11dd-8442-00112fb41aa6}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{B1CE21C6-F78F-451A-95B0-3E4EA1DE7873} - (no file)
Toolbar-{30ACFAA9-78D6-4C11-845C-804AF8AAC89F} - (no file)
HKU-Default-Run-Norton SystemWorks - C:\Program Files\Norton SystemWorks\cfgwiz.exe
SSODL-mgxfebsq-{664727EB-C5C8-4F5E-8484-FC8B86741A3F} - (no file)
SSODL-dtseqrxk-{E2F3564E-17F5-468A-B0B0-A2597064B6C0} - (no file)
Notify-yayvtrqq - yayvtrqq.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R0 -: HKCU-Main,SearchMigratedDefaultURL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-09-19 16:11:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-09-19 16:17:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-19 14:17:42

Pre-Run: 7,059,496,960 bytes free
Post-Run: 6,955,819,008 bytes free

185

i jos samo da pitam po tvom misljenju da li da se vratin na nod32 i da li on moze kad skenira rar ili zip prepoznati virus??
pozdrav

Dopuna: 19 Sep 2008 16:28

ih ne bi sad da spamujem ali moram
na opciji start je sve povraceno ali mi je na desktop izbacio neku ikonu
Micro Antivirus 2009 a ja ga nisam skidao eto samo to

Poslao: 19 Sep 2008 22:01
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8628
  • Gde živiš: Novi Beograd

Ponovo iskljuci AVG i uradi sledece:

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5016ee38-06e7-11dd-8442-00112fb41aa6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5016ee3d-06e7-11dd-8442-00112fb41aa6}]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.


Mozes i da promenis AVG. NOD32 je OK.

Poslao: 20 Sep 2008 13:07
Idi na vrh
offline
  • Pridružio: 20 Mar 2009
  • Poruke: 300
  • Gde živiš: Republic Of Srpska Banjaluka

evo ga

ComboFix 08-09-16.05 - PST 2008-09-20 12:44:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.658 [GMT 2:00]
Running from: C:\Documents and Settings\PST\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\PST\Desktop\CFScript
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-20 to 2008-09-20 )))))))))))))))))))))))))))))))
.

2008-09-19 06:22 . 2008-09-19 06:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-19 06:13 . 2008-09-19 06:13 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-18 21:19 . 2008-09-18 21:19 <DIR> d-------- C:\Documents and Settings\PST\Application Data\Grisoft
2008-09-18 21:18 . 2008-09-18 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-18 21:18 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-09-18 20:55 . 2008-09-19 15:52 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-18 20:55 . 2008-09-18 20:55 <DIR> d-------- C:\Program Files\AVG
2008-09-18 20:55 . 2008-09-19 06:22 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-18 20:55 . 2008-09-19 06:22 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-18 20:00 . 2008-09-18 20:12 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-18 20:00 . 2008-09-18 20:12 <DIR> d-------- C:\Documents and Settings\PST\Application Data\SUPERAntiSpyware.com
2008-09-18 20:00 . 2008-09-18 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-18 19:38 . 2008-09-18 19:38 5,364 --a------ C:\Documents and Settings\cc_20080918_1938.reg
2008-09-18 09:52 . 2008-09-18 20:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-18 09:39 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-18 09:39 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-18 09:39 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-18 09:39 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-18 09:39 . 2007-09-28 14:26 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-18 07:29 . 2008-09-18 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-18 07:26 . 2008-09-18 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-18 06:46 . 2008-09-18 06:46 14,932 --a------ C:\Documents and Settings\cc_20080918_0646.reg
2008-09-18 06:04 . 2008-09-18 09:43 1,140 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-09 22:41 . 2008-09-09 22:41 21,910 --a------ C:\Documents and Settings\cc_20080909_2240.reg
2008-08-31 20:24 . 2008-08-31 20:25 6,180 --a------ C:\Documents and Settings\cc_20080831_2024.reg
2008-08-29 17:40 . 2008-09-18 20:55 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-28 22:08 . 2008-08-28 22:08 0 --a------ C:\WINDOWS\mngui.INI
2008-08-27 20:50 . 2008-08-27 20:50 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-08-27 20:49 . 2008-08-27 20:49 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-08-27 20:49 . 2008-08-27 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-08-25 18:47 . 2008-08-25 18:47 <DIR> d-------- C:\Documents and Settings\PST\Application Data\Teleca
2008-08-25 18:47 . 2006-09-18 14:59 90,800 -ra------ C:\WINDOWS\system32\drivers\se27unic.sys
2008-08-25 18:47 . 2006-09-18 14:59 18,704 -ra------ C:\WINDOWS\system32\drivers\se27nd5.sys
2008-08-25 18:47 . 2006-09-18 14:58 4,128 -ra------ C:\WINDOWS\system32\drivers\se27cr.sys
2008-08-25 18:46 . 2006-09-18 14:58 97,184 -ra------ C:\WINDOWS\system32\drivers\SE27mdm.sys
2008-08-25 18:46 . 2006-09-18 14:58 88,688 -ra------ C:\WINDOWS\system32\drivers\SE27mgmt.sys
2008-08-25 18:46 . 2006-09-18 14:59 86,560 -ra------ C:\WINDOWS\system32\drivers\SE27obex.sys
2008-08-25 18:46 . 2006-09-18 14:58 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys
2008-08-25 18:46 . 2006-09-18 14:58 9,360 -ra------ C:\WINDOWS\system32\drivers\SE27mdfl.sys
2008-08-25 18:46 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cmnt.sys
2008-08-25 18:46 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cm.sys
2008-08-25 18:46 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys
2008-08-25 18:46 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys
2008-08-25 18:41 . 2008-08-25 18:41 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-08-25 18:31 . 2008-08-25 18:31 <DIR> d-------- C:\Documents and Settings\PST\Application Data\Sony Ericsson
2008-08-25 18:27 . 2008-08-27 20:50 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-25 18:27 . 2008-08-27 20:50 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 19:02 --------- d-----w C:\Documents and Settings\PST\Application Data\uTorrent
2008-09-18 19:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-18 19:14 --------- d-----w C:\Program Files\SpywareBlaster
2008-09-18 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-18 07:54 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-09-13 05:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-12 04:40 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-09-09 22:24 --------- d-----w C:\Documents and Settings\PST\Application Data\Skype
2008-09-09 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-09 20:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 17:07 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-27 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-18 22:01 --------- d-----w C:\Documents and Settings\PST\Application Data\skypePM
2008-08-18 19:37 --------- d-----w C:\Documents and Settings\PST\Application Data\CyberLink
2008-08-18 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-18 19:36 --------- d-----w C:\Program Files\CyberLink
2008-08-12 21:32 --------- d-----w C:\Program Files\uTorrent
2008-08-06 22:20 299,392 ----a-w C:\WINDOWS\system32\imon.dll
2008-08-05 20:50 --------- d-----w C:\Program Files\DX-Ball
2008-07-30 20:26 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-07-21 22:55 --------- d-----w C:\Program Files\Lavasoft
2008-07-02 04:07 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-01-08 13:39 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [2005-01-26 270336]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-19 1235736]

C:\Documents and Settings\PST\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-01-18 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DVSD"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Native Instruments\\Traktor DJ Studio 2\\TraktorDJStudio2.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\PST\\Desktop\\Skype.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-09-05 77056]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-19 97928]
R2 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-05-12 8768]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-19 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-19 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-19 76040]
R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 8864]
R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 8864]
R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 8864]
R2 Tdlpt;Tdlpt;C:\WINDOWS\system32\drivers\Tdlpt.sys [2001-10-16 8012]
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-12-21 29152]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1190db55-d7af-11db-82e1-00112fb41aa6}]
\Shell\AutoRun\command - H:\autorun.exe
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-09-20 12:46:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-20 12:48:51
ComboFix-quarantined-files.txt 2008-09-20 10:48:23
ComboFix2.txt 2008-09-19 14:17:49

Pre-Run: 6,931,791,872 bytes free
Post-Run: 6,917,500,928 bytes free

145

Dopuna: 20 Sep 2008 12:57

ajoj majko moja zaboravio sam ugasiti avg onu opciju prije skeniranja
sta sad?
mogu iskljuciti pa ponoviti skeniranje???????e jesam levat pravi

Dopuna: 20 Sep 2008 13:07

ma odradio sam ja njega bez avg-a pa sta bude evo

ComboFix 08-09-16.05 - PST 2008-09-20 12:56:40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.634 [GMT 2:00]
Running from: C:\Documents and Settings\PST\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\PST\Desktop\CFScript
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-20 to 2008-09-20 )))))))))))))))))))))))))))))))
.

2008-09-19 06:22 . 2008-09-19 06:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-19 06:13 . 2008-09-19 06:13 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-18 21:19 . 2008-09-18 21:19 <DIR> d-------- C:\Documents and Settings\PST\Application Data\Grisoft
2008-09-18 21:18 . 2008-09-18 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-18 21:18 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-09-18 20:55 . 2008-09-19 15:52 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-18 20:55 . 2008-09-18 20:55 <DIR> d-------- C:\Program Files\AVG
2008-09-18 20:55 . 2008-09-19 06:22 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-18 20:55 . 2008-09-19 06:22 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-18 20:00 . 2008-09-18 20:12 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-18 20:00 . 2008-09-18 20:12 <DIR> d-------- C:\Documents and Settings\PST\Application Data\SUPERAntiSpyware.com
2008-09-18 20:00 . 2008-09-18 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-18 19:38 . 2008-09-18 19:38 5,364 --a------ C:\Documents and Settings\cc_20080918_1938.reg
2008-09-18 09:52 . 2008-09-18 20:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-18 09:39 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-18 09:39 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-18 09:39 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-18 09:39 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-18 09:39 . 2007-09-28 14:26 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-18 07:29 . 2008-09-18 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-18 07:26 . 2008-09-18 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-18 06:46 . 2008-09-18 06:46 14,932 --a------ C:\Documents and Settings\cc_20080918_0646.reg
2008-09-18 06:04 . 2008-09-18 09:43 1,140 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-09 22:41 . 2008-09-09 22:41 21,910 --a------ C:\Documents and Settings\cc_20080909_2240.reg
2008-08-31 20:24 . 2008-08-31 20:25 6,180 --a------ C:\Documents and Settings\cc_20080831_2024.reg
2008-08-29 17:40 . 2008-09-18 20:55 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-28 22:08 . 2008-08-28 22:08 0 --a------ C:\WINDOWS\mngui.INI
2008-08-27 20:50 . 2008-08-27 20:50 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-08-27 20:49 . 2008-08-27 20:49 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-08-27 20:49 . 2008-08-27 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-08-25 18:47 . 2008-08-25 18:47 <DIR> d-------- C:\Documents and Settings\PST\Application Data\Teleca
2008-08-25 18:47 . 2006-09-18 14:59 90,800 -ra------ C:\WINDOWS\system32\drivers\se27unic.sys
2008-08-25 18:47 . 2006-09-18 14:59 18,704 -ra------ C:\WINDOWS\system32\drivers\se27nd5.sys
2008-08-25 18:47 . 2006-09-18 14:58 4,128 -ra------ C:\WINDOWS\system32\drivers\se27cr.sys
2008-08-25 18:46 . 2006-09-18 14:58 97,184 -ra------ C:\WINDOWS\system32\drivers\SE27mdm.sys
2008-08-25 18:46 . 2006-09-18 14:58 88,688 -ra------ C:\WINDOWS\system32\drivers\SE27mgmt.sys
2008-08-25 18:46 . 2006-09-18 14:59 86,560 -ra------ C:\WINDOWS\system32\drivers\SE27obex.sys
2008-08-25 18:46 . 2006-09-18 14:58 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys
2008-08-25 18:46 . 2006-09-18 14:58 9,360 -ra------ C:\WINDOWS\system32\drivers\SE27mdfl.sys
2008-08-25 18:46 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cmnt.sys
2008-08-25 18:46 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cm.sys
2008-08-25 18:46 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys
2008-08-25 18:46 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys
2008-08-25 18:41 . 2008-08-25 18:41 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-08-25 18:31 . 2008-08-25 18:31 <DIR> d-------- C:\Documents and Settings\PST\Application Data\Sony Ericsson
2008-08-25 18:27 . 2008-08-27 20:50 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-25 18:27 . 2008-08-27 20:50 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 19:02 --------- d-----w C:\Documents and Settings\PST\Application Data\uTorrent
2008-09-18 19:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-18 19:14 --------- d-----w C:\Program Files\SpywareBlaster
2008-09-18 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-18 07:54 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-09-13 05:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-12 04:40 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-09-09 22:24 --------- d-----w C:\Documents and Settings\PST\Application Data\Skype
2008-09-09 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-09 20:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 17:07 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-27 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-18 22:01 --------- d-----w C:\Documents and Settings\PST\Application Data\skypePM
2008-08-18 19:37 --------- d-----w C:\Documents and Settings\PST\Application Data\CyberLink
2008-08-18 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-18 19:36 --------- d-----w C:\Program Files\CyberLink
2008-08-12 21:32 --------- d-----w C:\Program Files\uTorrent
2008-08-06 22:20 299,392 ----a-w C:\WINDOWS\system32\imon.dll
2008-08-05 20:50 --------- d-----w C:\Program Files\DX-Ball
2008-07-30 20:26 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-07-21 22:55 --------- d-----w C:\Program Files\Lavasoft
2008-07-02 04:07 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-01-08 13:39 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [2005-01-26 270336]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-19 1235736]

C:\Documents and Settings\PST\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-01-18 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DVSD"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Native Instruments\\Traktor DJ Studio 2\\TraktorDJStudio2.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\PST\\Desktop\\Skype.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-09-05 77056]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-19 97928]
R2 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-05-12 8768]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-19 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-19 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-19 76040]
R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 8864]
R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 8864]
R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 8864]
R2 Tdlpt;Tdlpt;C:\WINDOWS\system32\drivers\Tdlpt.sys [2001-10-16 8012]
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-12-21 29152]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1190db55-d7af-11db-82e1-00112fb41aa6}]
\Shell\AutoRun\command - H:\autorun.exe
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-09-20 12:58:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-20 13:00:34
ComboFix-quarantined-files.txt 2008-09-20 11:00:00
ComboFix2.txt 2008-09-20 10:48:53
ComboFix3.txt 2008-09-19 14:17:49

Pre-Run: 6,896,087,040 bytes free
Post-Run: 6,882,361,344 bytes free

146

Poslao: 20 Sep 2008 13:29
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8628
  • Gde živiš: Novi Beograd

Kakvo je sad stanje?

Poslao: 20 Sep 2008 13:56
Idi na vrh
offline
  • Pridružio: 20 Mar 2009
  • Poruke: 300
  • Gde živiš: Republic Of Srpska Banjaluka

pa cini mi se da je kao i prije samo sto pri podizanju sistema malo duze stoji desktop pa se onda pojave ikone al sto se ostalog tice cini mi se da je u redu

Dopuna: 20 Sep 2008 13:38

si vidjela da sam dopunjavao poruku?prethodnu

Dopuna: 20 Sep 2008 13:56

izgleda cu ja tebi dosaditi upravo sam dobio pp da nisi zensko pa se izvinjavam i jos usput da dodam ovo
kad sam nasao ovaj forum citajuci naletim da spominjete program smitfraud i ja ga skinuo i skenirao sa njim sistem(to je bilo prije otvaranja teme) nisam se zelio praviti pametan nego nisam mogao naci prokleto dugme za pravljenje nove TEME pa cisto da znas sta sam radio i moze li to nekako skoditi

pozz

Poslao: 20 Sep 2008 14:05
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8628
  • Gde živiš: Novi Beograd

Ne brini ti nista. Video sam ja u logu da si koristio Smitfraud, ma da nisi trebao. Posto mi dajemo ovde alate, i nikako ih ne koristi na svoju ruku.

Uradi jos ovo:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

Pozdrav od Dusana

Poslao: 20 Sep 2008 15:07
Idi na vrh
offline
  • Pridružio: 20 Mar 2009
  • Poruke: 300
  • Gde živiš: Republic Of Srpska Banjaluka

pozdrav dusane vratio si mi vjeru u zivot Razz

ako ope bude problema navraticu do ambulante
i svakako da pohvalim forum i operatore svaka vam cast na ovome

veliki pozdrav iz banjaluke

MyCity » Ambulanta -> Arhiva Ambulante » smitfraud

Ko je trenutno na forumu
 

Ukupno su 2033 korisnika na forumu :: 92 registrovanih, 10 sakrivenih i 1931 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 5253 - dana 09 Dec 2025 16:26

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, 100ka, ALEXV, amonsrb, Andrija357, Ba4e, Baždaranac, Bbbggg1979, Bgorando, Bobrock1, CCCP, ccoogg123, Chainsaw, Cicumile, colji, comi, crnirocko, darkojbn, Dimitrije Paunovic, Dimitrise93, Dixtrix, djonsule, djordjemiklusev, Djota1, Doc, dragan_mig31, DrNeoCortex, dzada, Džekson, Electron, famoso, Feller, g_g, goxin, Hardenberg, Jaxupa, Jeremiah, joca83, K a s p e r, Kajzer Soze, kolle.the.kid, kuntakinte, Lap720, laurusri, luka35, Malahit, Marjan Janevski, markolopin, MarkoW, mercedesamg, mexo, milenko crazy north, Milo97, milutin134, mkukoleca, moldway, Naj-Turs, nevjerna beba, Nole, nsharambasa, OgnjenMitric, opt1, OtacMakarije, Pekman, pera bager, PlayerOne, pobeda, procesor, Ripanjac, Roksi, skvara, sluga, Smiljkovich, SOM, sonico, Srky Boy, tajvankanasta, tooooom, tuf, uljmanac, uruk, VanZan, versus, VladaKG1980, vladulns, voja64, Vojkan Petrovic, VonDrobac, zdrebac, zlatkoa987, zokizemun, Žoržo