Možda tražite i:
Nepobedivi virus VIRUT W32.CF
virus,virusi ili....
mbam i sas nasli viruse dali su to stvarno virusi?

MyCity » Ambulanta -> Arhiva Ambulante » virus

virus

Napisano na dan: 29.9.2009

virus

Sledeća strana

Pagination

Odgovori

gvozd Poslao: 29 Sep 2009 13:06 Idi na vrh
offline gvozd Novi MyCity građanin Pridružio: 05 Sep 2007 Poruke: 28	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 29 Sep 2009 11:38 Kao prvo,znam da tema nije ispravno otvorena,ali nemam izbora,ovo kuckam sa mobilnog telefona,jer sa racunara ne mogu,jer mi se racunar stalno redirektuje na thefeedonline.com,pa zatim na mycompscanner42.com.Molim vas za pomoc. Dopuna: 29 Sep 2009 12:48 Posto imam ogranicenje od 256 karaktera na mobilnom,pisacu u nastavcima.Operativni sistem je XP SP2,instaliran KIS2010 sa licencom koja vazi jos 90 dana,kljuc skinut sa neta,ali i pre ove pojave nisam mogao raditi update baze,tako da mi je baza azurirana.. Dopuna: 29 Sep 2009 12:55 zakljucno sa 9.7.-inace,antivirus je instaliran pre cetiri dana kada sam i dobio wireless signal.Prilikom redirekcije pojavljuje se prozor sa zapocetim downloadom softvera Antivirus 2010 i brojem detektovanih malicioznih programa.KIS2010 i dalje radi i ne Dopuna: 29 Sep 2009 13:00 Detektuje nista sumnjivo,nakon sto je prvi put otkrio 9 virusi i uklonio ih,naknadna dva full scana su bila cista,ali redirekcija na gore spomenutb adrese i dalje postoji,kako preko opere,tako i preko firefoxa,osim odlazaka na homepage,svaki sl. link je Dopuna: 29 Sep 2009 13:06 redirekcija,tako da sam totalno blokiran.Mail klijenti rade uredno,Operin integrisani i Outlook Express. Napominjem da znam da tema nije ispravno postavljena,ali trenutno ne mogu da skinem dijagnosticke alate koji su neophodni za pravilno postavljanje iste

Profil

diarno Poslao: 29 Sep 2009 13:40 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Idi kod nekoga i Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno ti prebaci ovaj program preko usb-a na svoj komp i onda uradi sledece : deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

gvozd Poslao: 29 Sep 2009 18:12 Idi na vrh
offline gvozd Novi MyCity građanin Pridružio: 05 Sep 2007 Poruke: 28	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-09-28.01 - XP 29.09.2009 17:43.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.479.214 [GMT 2:00] Running from: c:\documents and settings\XP\Desktop\ComboFix.exe AV: Kaspersky Internet Security On-access scanning disabled (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\cofa.sys c:\documents and settings\All Users\Application Data\rowabohaqy.inf c:\documents and settings\All Users\Documents\arov.sys c:\documents and settings\All Users\Documents\inogidyw.pif c:\documents and settings\All Users\Documents\ukimohe.bin c:\documents and settings\XP\Application Data\Adssite Advanced Toolbar c:\documents and settings\XP\Application Data\Adssite Advanced Toolbar\selected.xml c:\program files\Adssite Advanced Toolbar c:\program files\Adssite Advanced Toolbar\buttons.xml c:\program files\Adssite Advanced Toolbar\search.xml c:\program files\Adssite Advanced Toolbar\toolbar.dll c:\program files\Adssite Advanced Toolbar\uninstall.exe c:\program files\Common Files\inijan.reg c:\program files\Common Files\jyjefivuw.bat c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\apehe.exe c:\windows\Installer\d0a29.msi c:\windows\keku.pif c:\windows\lumo.reg c:\windows\system32\_scui.cpl c:\windows\system32\config\systemprofile\Application Data\daku.reg c:\windows\system32\config\systemprofile\Application Data\lizkavd.exe c:\windows\system32\config\systemprofile\Application Data\seres.exe c:\windows\system32\config\systemprofile\Application Data\svcst.exe c:\windows\system32\config\systemprofile\Application Data\tadaqyxino.dl c:\windows\system32\config\systemprofile\Cookies\eqoxig._dl c:\windows\system32\config\systemprofile\Cookies\mymosubo.db c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\dykyhojuxu.inf c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\kaqod.inf c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\keze.dl c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\litase.dll c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\uqigen.vbs c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\ygapivypu._sy c:\windows\system32\config\systemprofile\Start Menu\Programs\AntivirusPro_2010 c:\windows\system32\config\systemprofile\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk c:\windows\system32\config\systemprofile\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk c:\windows\system32\drivers\gasfkybwwfwcvu.sys c:\windows\system32\ezecu.scr c:\windows\system32\gasfkyalfkylru.dll c:\windows\system32\gasfkyspquowyk.dat c:\windows\system32\gasfkyvcvnbdvb.dll c:\windows\system32\gasfkyxnopphev.dll c:\windows\system32\gasfkyxsducrop.dat c:\windows\system32\imekec.sys c:\windows\system32\rightonadz-uninst.exe c:\windows\system32\xyvemucuqi.sys c:\windows\wudu.dll c:\windows\zixu.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gasfkyqqoejwmd -------\Legacy_gasfkyqqoejwmd ((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 ))))))))))))))))))))))))))))))) . 2009-09-29 15:53 . 2009-09-29 15:53 -------- d-----w- C:\found.000 2009-09-29 15:41 . 2009-09-29 15:41 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat 2009-09-28 20:22 . 2009-09-28 20:22 24576 -csha-w- c:\documents and settings\LocalService\ntuser.dll 2009-09-28 20:16 . 2009-09-28 20:16 15876 ----a-w- c:\windows\mopojewe.com 2009-09-28 20:16 . 2009-09-28 20:16 18419 ----a-w- c:\windows\ywivewifec.dat 2009-09-28 20:16 . 2009-09-28 20:16 18274 ----a-w- c:\program files\Common Files\edysukedid.dat 2009-09-28 20:09 . 2009-09-28 20:09 24576 -csha-w- c:\documents and settings\XP\ntuser.dll 2009-09-28 20:09 . 2009-09-28 20:25 24576 --sha-w- c:\windows\system32\calc.dll 2009-09-28 20:09 . 2009-09-28 20:09 24576 --sha-w- c:\windows\system32\config\systemprofile\ntuser.dll 2009-09-28 07:00 . 2009-09-28 07:00 157696 -c--a-w- C:\ppwgx.exe 2009-09-28 07:00 . 2009-09-28 07:00 28672 -c--a-w- C:\vkhflsmw.exe 2009-09-28 06:59 . 2009-09-28 07:00 103936 -c--a-w- C:\hmbpqsde.exe 2009-09-28 06:59 . 2009-09-28 06:59 10752 -c--a-w- C:\omecnut.exe 2009-09-27 20:17 . 2009-09-27 20:17 94643 ----a-w- c:\windows\system32\drivers\klick.dat 2009-09-27 20:17 . 2009-09-27 20:17 105395 ----a-w- c:\windows\system32\drivers\klin.dat 2009-09-27 20:16 . 2009-09-27 20:16 -------- d-----w- c:\program files\Kaspersky Lab 2009-09-26 22:06 . 2009-09-26 22:06 -------- d-----w- c:\program files\Common Files\Skype 2009-09-26 17:31 . 2005-12-26 22:09 41472 ----a-w- c:\windows\system32\RASPPPOE.DLL 2009-09-26 17:31 . 2005-12-26 22:09 33792 ----a-w- c:\windows\system32\drivers\RMSPPPOE.SYS 2009-09-26 17:31 . 2005-12-26 22:09 16896 ----a-w- c:\windows\system32\RASPPPOE.EXE 2009-09-26 17:20 . 2005-12-21 08:16 470048 ----a-w- c:\windows\system32\drivers\ar5211.sys 2009-09-26 17:20 . 2005-12-21 08:16 470048 ----a-w- c:\windows\system32\ar5211.sys 2009-09-26 17:20 . 2005-12-30 06:15 36864 ----a-w- c:\windows\system32\acs.exe 2009-09-26 17:20 . 2009-09-26 17:20 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-09-26 17:20 . 2005-12-30 06:04 315392 ----a-w- c:\windows\system32\AegisI5.exe 2009-09-26 17:20 . 2006-03-21 07:52 249856 ----a-w- c:\windows\system32\wgapi.dll 2009-09-26 17:20 . 2005-12-30 06:15 385024 ----a-w- c:\windows\system32\athcfg11.dll 2009-09-26 17:20 . 2005-12-30 06:14 77824 ----a-w- c:\windows\system32\athcfg11res.dll 2009-09-26 17:20 . 2005-12-30 06:10 237568 ----a-w- c:\windows\system32\wcapi.dll 2009-09-26 17:20 . 2005-12-30 06:04 1396835 ----a-w- c:\windows\system32\AegisE5.dll 2009-09-26 17:20 . 2009-09-26 17:20 -------- d-----w- c:\program files\TP-LINK 2009-09-17 14:20 . 2009-09-17 14:20 -------- d-----w- c:\windows\system32\wbem\Repository 2009-09-15 18:36 . 2009-09-15 18:36 -------- dc----w- C:\USR . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-29 14:55 . 2007-11-29 01:10 -------- dc----w- c:\documents and settings\XP\Application Data\Skype 2009-09-29 14:54 . 2007-11-29 01:18 -------- dc----w- c:\documents and settings\XP\Application Data\skypePM 2009-09-29 09:04 . 2008-12-02 10:04 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-09-28 20:16 . 2009-09-28 20:16 17836 ----a-w- c:\program files\Common Files\deqevycy._sy 2009-09-27 20:15 . 2008-03-30 15:12 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-09-27 18:30 . 2005-12-26 15:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-26 22:06 . 2007-11-29 01:10 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype 2009-09-26 19:13 . 2008-12-02 10:04 573472 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-09-26 19:13 . 2008-12-02 10:04 5136 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-09-26 19:13 . 2008-12-02 10:04 2720288 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-09-26 19:13 . 2008-12-02 10:04 24428 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-09-17 14:19 . 2009-06-21 09:07 -------- d-----w- c:\program files\GameSpy Arcade 2009-07-03 13:48 . 2009-07-03 13:48 219664 ----a-w- c:\windows\system32\klogon.dll 2009-07-03 13:45 . 2009-07-03 13:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat 2007-10-17 22:58 . 2007-10-17 22:58 24 --sh--w- c:\windows\S96320A04.tmp 2004-08-03 22:56 . 2004-08-03 22:56 170505 --sha-r- c:\windows\system32\zskhb.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "calc"="c:\docume~1\XP\ntuser.dll" [2009-09-28 24576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-15 185896] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544] "calc"="c:\windows\system32\calc.dll" [2009-09-28 24576] "avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] "calc"="c:\docume~1\LOCALS~1\ntuser.dll" [2009-09-28 24576] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^XP^Start Menu^Programs^Startup^..] path=c:\documents and settings\XP\Start Menu\Programs\Startup\.. backup=c:\windows\pss\..Startup [HKLM\~\startupfolder\C:^Documents and Settings^XP^Start Menu^Programs^Startup^Pravoslavac 2008.lnk] path=c:\documents and settings\XP\Start Menu\Programs\Startup\Pravoslavac 2008.lnk backup=c:\windows\pss\Pravoslavac 2008.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Opera\\Opera.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "d:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1242:TCP"= 1242:TCP:wooeu R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15.12.2008 20:41 33808] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.05.2009 17:46 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16.05.2009 20:59 19472] R3 PAC207;i-Look 111;c:\windows\system32\drivers\PFC027.SYS [29.06.2007 16:32 611584] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [26.09.2009 19:31 33792] S2 ACSAlerter;TP-LINK Configuration Service ACSAlerter;c:\windows\TEMP\wopmslmlnm.exe service --> c:\windows\TEMP\wopmslmlnm.exe service [?] S2 lioxtol;Image Time;c:\windows\system32\svchost.exe -k netsvcs [04.08.2004 0:56 14336] S3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [26.12.2005 18:29 556416] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [06.08.2007 13:34 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [06.08.2007 13:34 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [06.08.2007 13:34 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [06.08.2007 13:34 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [06.08.2007 13:34 83344] S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [26.12.2005 18:28 6400] S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [07.09.2005 16:42 57648] S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [07.09.2005 16:42 8336] S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [07.09.2005 16:43 93488] S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [07.09.2005 16:43 84928] S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [07.09.2005 16:43 82864] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs lioxtol . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - d:\cdpoker\casino.exe FF - ProfilePath - c:\documents and settings\XP\Application Data\Mozilla\Firefox\Profiles\8rnmmtws.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.chesshere.com FF - component: c:\documents and settings\XP\Application Data\Mozilla\Firefox\Profiles\8rnmmtws.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: d:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll FF - plugin: d:\program files\Opera\program\plugins\npdsplay.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin2.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin3.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin4.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin5.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin6.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin7.dll FF - plugin: d:\program files\Opera\program\plugins\NPSWF32.dll FF - plugin: d:\program files\Opera\program\plugins\npwmsdrm.dll FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nppl3260.dll FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprjplug.dll FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll . - - - - ORPHANS REMOVED - - - - Notify-AtiExtEvent - (no file) *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-09-29 17:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\documents and settings\XP\Start Menu\Programs\Startup\scandisk.dll 24576 bytes executable c:\documents and settings\XP\Start Menu\Programs\Startup\scandisk.lnk 643 bytes c:\windows\system32\calc.dll 24576 bytes executable scan completed successfully hidden files: 3 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lioxtol] "ServiceDll"="c:\windows\system32\zskhb.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,e7,73,0d,02,8d, 8a,e1,be,c8,28,51,af,b0,29,a3,98,16,60,7b,09,cc,e4,72,32,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,fc,11,dd,1d,13, 62,a2,3c,71,3b,04,66,8b,46,0d,96,f8,73,2d,02,9e,03,b4,ae,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,59,32,c6,b2,cb, 10,07,22,25,da,ec,7e,55,20,c9,26,2e,2f,c3,50,5f,3e,0a,f8,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,50,3d,bd,62,1b, d8,f9,c9,3e,1e,9e,e0,57,5a,93,61,6c,92,e3,70,eb,cf,b5,fe,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,79,e2,86,e6,c1, e4,26,6b,cd,44,cd,b9,a6,33,6c,cd,c7,8c,25,70,04,c5,18,f3,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,96,f8,33,56,5e, 49,99,5d,b0,18,ed,a7,3f,8d,37,a4,37,cf,d0,1d,03,fb,fa,f1,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,4f,ae,08,7f,80, c8,69,5e,31,77,e1,ba,b1,f8,68,02,9a,fc,41,3d,b5,4e,12,1d,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,41,f9,3c,a3,9b, 46,6f,c1,83,6c,56,8b,a0,85,96,ab,bd,f8,b9,3b,ca,17,29,10,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,ca,b7,21,ed,97, cf,71,18,51,fa,6e,91,28,9e,14,cc,9b,35,e4,a9,c7,db,9d,36,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,48,bc,73,f0,f6, 7d,cb,fc,b1,cd,45,5a,a8,c4,f8,b9,fb,c7,d3,0e,24,d6,da,db,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,af,6b,36,0e,c7, a9,a3,e3,e3,0e,66,d5,eb,bc,2f,6b,b9,48,6a,e8,b8,a2,3c,3c,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,a4,07,5c,20,ae, 69,44,2a,fa,ea,66,7f,d4,3b,6b,70,09,cc,21,0a,41,d8,d9,2e,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2476) c:\windows\system32\calc.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\rundll32.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-09-29 17:58 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-29 15:58 Pre-Run: 3,463,393,280 bytes free Post-Run: 4,701,147,136 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 323

Profil

diarno Poslao: 29 Sep 2009 18:40 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\ppwgx.exe C:\vkhflsmw.exe C:\hmbpqsde.exe C:\omecnut.exe c:\documents and settings\XP\ntuser.dll c:\windows\system32\calc.dll c:\windows\system32\config\systemprofile\ntuser.dll c:\windows\mopojewe.com c:\windows\ywivewifec.dat c:\program files\Common Files\edysukedid.dat c:\documents and settings\LocalService\ntuser.dll c:\windows\system32\zskhb.dll c:\documents and settings\XP\Start Menu\Programs\Startup\scandisk.dll c:\documents and settings\XP\Start Menu\Programs\Startup\scandisk.lnk Driver:: lioxtol Netsvc:: lioxtol Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "calc"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "calc"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "calc"=- Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

gvozd Poslao: 29 Sep 2009 19:31 Idi na vrh
offline gvozd Novi MyCity građanin Pridružio: 05 Sep 2007 Poruke: 28	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-09-28.01 - XP 29.09.2009 19:09.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.479.178 [GMT 2:00] Running from: c:\documents and settings\XP\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\XP\Desktop\CFScript.txt AV: Kaspersky Internet Security On-access scanning disabled (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0} FILE :: "c:\documents and settings\LocalService\ntuser.dll" "c:\documents and settings\XP\ntuser.dll" "c:\documents and settings\XP\Start Menu\Programs\Startup\scandisk.dll" "c:\documents and settings\XP\Start Menu\Programs\Startup\scandisk.lnk" "C:\hmbpqsde.exe" "C:\omecnut.exe" "C:\ppwgx.exe" "c:\program files\Common Files\edysukedid.dat" "C:\vkhflsmw.exe" "c:\windows\mopojewe.com" "c:\windows\system32\calc.dll" "c:\windows\system32\config\systemprofile\ntuser.dll" "c:\windows\system32\zskhb.dll" "c:\windows\ywivewifec.dat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\ntuser.dll c:\documents and settings\XP\ntuser.dll c:\documents and settings\XP\Start Menu\Programs\Startup\scandisk.dll c:\documents and settings\XP\Start Menu\Programs\Startup\scandisk.lnk C:\hmbpqsde.exe C:\omecnut.exe C:\ppwgx.exe c:\program files\Common Files\edysukedid.dat C:\vkhflsmw.exe c:\windows\mopojewe.com c:\windows\system32\calc.dll c:\windows\system32\config\systemprofile\ntuser.dll c:\windows\ywivewifec.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_LIOXTOL -------\Service_lioxtol ((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 ))))))))))))))))))))))))))))))) . 2009-09-29 15:53 . 2009-09-29 15:53 -------- d-----w- C:\found.000 2009-09-29 15:41 . 2009-09-29 15:41 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat 2009-09-27 20:17 . 2009-09-27 20:17 94643 ----a-w- c:\windows\system32\drivers\klick.dat 2009-09-27 20:17 . 2009-09-27 20:17 105395 ----a-w- c:\windows\system32\drivers\klin.dat 2009-09-27 20:16 . 2009-09-27 20:16 -------- d-----w- c:\program files\Kaspersky Lab 2009-09-26 22:06 . 2009-09-26 22:06 -------- d-----w- c:\program files\Common Files\Skype 2009-09-26 17:31 . 2005-12-26 22:09 41472 ----a-w- c:\windows\system32\RASPPPOE.DLL 2009-09-26 17:31 . 2005-12-26 22:09 33792 ----a-w- c:\windows\system32\drivers\RMSPPPOE.SYS 2009-09-26 17:31 . 2005-12-26 22:09 16896 ----a-w- c:\windows\system32\RASPPPOE.EXE 2009-09-26 17:20 . 2005-12-21 08:16 470048 ----a-w- c:\windows\system32\drivers\ar5211.sys 2009-09-26 17:20 . 2005-12-21 08:16 470048 ----a-w- c:\windows\system32\ar5211.sys 2009-09-26 17:20 . 2005-12-30 06:15 36864 ----a-w- c:\windows\system32\acs.exe 2009-09-26 17:20 . 2009-09-26 17:20 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-09-26 17:20 . 2005-12-30 06:04 315392 ----a-w- c:\windows\system32\AegisI5.exe 2009-09-26 17:20 . 2006-03-21 07:52 249856 ----a-w- c:\windows\system32\wgapi.dll 2009-09-26 17:20 . 2005-12-30 06:15 385024 ----a-w- c:\windows\system32\athcfg11.dll 2009-09-26 17:20 . 2005-12-30 06:14 77824 ----a-w- c:\windows\system32\athcfg11res.dll 2009-09-26 17:20 . 2005-12-30 06:10 237568 ----a-w- c:\windows\system32\wcapi.dll 2009-09-26 17:20 . 2005-12-30 06:04 1396835 ----a-w- c:\windows\system32\AegisE5.dll 2009-09-26 17:20 . 2009-09-26 17:20 -------- d-----w- c:\program files\TP-LINK 2009-09-17 14:20 . 2009-09-17 14:20 -------- d-----w- c:\windows\system32\wbem\Repository 2009-09-15 18:36 . 2009-09-15 18:36 -------- dc----w- C:\USR . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-29 17:00 . 2008-12-02 10:04 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-09-29 14:55 . 2007-11-29 01:10 -------- dc----w- c:\documents and settings\XP\Application Data\Skype 2009-09-29 14:54 . 2007-11-29 01:18 -------- dc----w- c:\documents and settings\XP\Application Data\skypePM 2009-09-28 20:16 . 2009-09-28 20:16 17836 ----a-w- c:\program files\Common Files\deqevycy._sy 2009-09-27 20:15 . 2008-03-30 15:12 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-09-27 18:30 . 2005-12-26 15:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-26 22:06 . 2007-11-29 01:10 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype 2009-09-26 19:13 . 2008-12-02 10:04 573472 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-09-26 19:13 . 2008-12-02 10:04 5136 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-09-26 19:13 . 2008-12-02 10:04 2720288 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-09-26 19:13 . 2008-12-02 10:04 24428 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-09-17 14:19 . 2009-06-21 09:07 -------- d-----w- c:\program files\GameSpy Arcade 2009-07-03 13:48 . 2009-07-03 13:48 219664 ----a-w- c:\windows\system32\klogon.dll 2009-07-03 13:45 . 2009-07-03 13:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat 2007-10-17 22:58 . 2007-10-17 22:58 24 --sh--w- c:\windows\S96320A04.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-15 185896] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544] "avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^XP^Start Menu^Programs^Startup^..] path=c:\documents and settings\XP\Start Menu\Programs\Startup\.. backup=c:\windows\pss\..Startup [HKLM\~\startupfolder\C:^Documents and Settings^XP^Start Menu^Programs^Startup^Pravoslavac 2008.lnk] path=c:\documents and settings\XP\Start Menu\Programs\Startup\Pravoslavac 2008.lnk backup=c:\windows\pss\Pravoslavac 2008.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Opera\\Opera.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "d:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1242:TCP"= 1242:TCP:wooeu R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15.12.2008 20:41 33808] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.05.2009 17:46 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16.05.2009 20:59 19472] R3 PAC207;i-Look 111;c:\windows\system32\drivers\PFC027.SYS [29.06.2007 16:32 611584] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [26.09.2009 19:31 33792] S2 ACSAlerter;TP-LINK Configuration Service ACSAlerter;c:\windows\TEMP\wopmslmlnm.exe service --> c:\windows\TEMP\wopmslmlnm.exe service [?] S3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [26.12.2005 18:29 556416] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [06.08.2007 13:34 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [06.08.2007 13:34 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [06.08.2007 13:34 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [06.08.2007 13:34 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [06.08.2007 13:34 83344] S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [26.12.2005 18:28 6400] S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [07.09.2005 16:42 57648] S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [07.09.2005 16:42 8336] S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [07.09.2005 16:43 93488] S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [07.09.2005 16:43 84928] S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [07.09.2005 16:43 82864] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - d:\cdpoker\casino.exe FF - ProfilePath - c:\documents and settings\XP\Application Data\Mozilla\Firefox\Profiles\8rnmmtws.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.chesshere.com FF - component: c:\documents and settings\XP\Application Data\Mozilla\Firefox\Profiles\8rnmmtws.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: d:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll FF - plugin: d:\program files\Opera\program\plugins\npdsplay.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin2.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin3.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin4.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin5.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin6.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin7.dll FF - plugin: d:\program files\Opera\program\plugins\NPSWF32.dll FF - plugin: d:\program files\Opera\program\plugins\npwmsdrm.dll FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nppl3260.dll FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprjplug.dll FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-09-29 19:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,e7,73,0d,02,8d, 8a,e1,be,c8,28,51,af,b0,29,a3,98,16,60,7b,09,cc,e4,72,32,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,fc,11,dd,1d,13, 62,a2,3c,71,3b,04,66,8b,46,0d,96,f8,73,2d,02,9e,03,b4,ae,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,59,32,c6,b2,cb, 10,07,22,25,da,ec,7e,55,20,c9,26,2e,2f,c3,50,5f,3e,0a,f8,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,50,3d,bd,62,1b, d8,f9,c9,3e,1e,9e,e0,57,5a,93,61,6c,92,e3,70,eb,cf,b5,fe,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,79,e2,86,e6,c1, e4,26,6b,cd,44,cd,b9,a6,33,6c,cd,c7,8c,25,70,04,c5,18,f3,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,96,f8,33,56,5e, 49,99,5d,b0,18,ed,a7,3f,8d,37,a4,37,cf,d0,1d,03,fb,fa,f1,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,4f,ae,08,7f,80, c8,69,5e,31,77,e1,ba,b1,f8,68,02,9a,fc,41,3d,b5,4e,12,1d,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,41,f9,3c,a3,9b, 46,6f,c1,83,6c,56,8b,a0,85,96,ab,bd,f8,b9,3b,ca,17,29,10,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,ca,b7,21,ed,97, cf,71,18,51,fa,6e,91,28,9e,14,cc,9b,35,e4,a9,c7,db,9d,36,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,48,bc,73,f0,f6, 7d,cb,fc,b1,cd,45,5a,a8,c4,f8,b9,fb,c7,d3,0e,24,d6,da,db,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,af,6b,36,0e,c7, a9,a3,e3,e3,0e,66,d5,eb,bc,2f,6b,b9,48,6a,e8,b8,a2,3c,3c,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,a4,07,5c,20,ae, 69,44,2a,fa,ea,66,7f,d4,3b,6b,70,09,cc,21,0a,41,d8,d9,2e,6c,43,2d,1e,aa,22,\ . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-09-29 19:19 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-29 17:19 ComboFix2.txt 2009-09-29 15:58 Pre-Run: 4,685,459,456 bytes free Post-Run: 4,687,589,376 bytes free 264

Profil

diarno Poslao: 29 Sep 2009 19:58 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kazi mi kakvo je sad stanje..a ja cu kasnije log pogledati detaljnjije..

Profil

gvozd Poslao: 29 Sep 2009 21:22 Idi na vrh
offline gvozd Novi MyCity građanin Pridružio: 05 Sep 2007 Poruke: 28	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sada je sve ok, veliko hvala. Cak je i KIS 2010 uradio update baze.

Profil

diarno Poslao: 30 Sep 2009 00:13 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! to bi bilo to.. uradi jos ovo Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: combofix /u Primeti da postoji razmak između "ComboFix" i "/u". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. pozzz

Profil

gvozd Poslao: 30 Sep 2009 01:57 Idi na vrh
offline gvozd Novi MyCity građanin Pridružio: 05 Sep 2007 Poruke: 28	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, done, pozz...

Profil

MyCity » Ambulanta -> Arhiva Ambulante » virus

Ko je trenutno na forumu

Ukupno su 509 korisnika na forumu :: 6 registrovanih, 0 sakrivenih i 503 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: anta, bato, Bobrock1, goxin, milenko crazy north, sasa76

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by