Moguc virus

Moguc virus

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

ovako,jednom godiste ili dvaput proveravam racunar...ipak,ovoga puta mislim da se nesto cudno dogadja sa njim...

evo logova:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 19:39:17.15 on Thu 02/04/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1152.734 [GMT 1:00]

AV: avast! antivirus 4.8.1368 [VPS 100204-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Programi\protiv komaraca\Anti_Mosquito.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Programi\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
E:\Programi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Programi\Opera browser\opera.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.turkojan.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.uwininstaller.co.nr/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RocketDock] "e:\programi\rocketdock\RocketDock.exe"
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [C-Media Echo Control] c:\program files\pci audio applications\bin\EchoCtrl.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Anti Mosquito] e:\programi\protiv komaraca\Anti_Mosquito.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
dRun: [RAM Medic] c:\program files\iomatic\ram medic\RAMMedic.exe
dRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-10 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-10-2 138680]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-10-2 2368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-10-2 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-10-6 352920]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2007-10-2 30336]
S0 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys --> c:\windows\system32\drivers\fvdscsi.sys [?]
S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\docume~1\admini~1\locals~1\temp\hwinfo32.sys --> c:\docume~1\admini~1\locals~1\temp\HWiNFO32.SYS [?]
S3 MaplomL;MaplomL; [x]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-11-15 38976]
S4 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys --> c:\windows\system32\drivers\CDAWDM.sys [?]

=============== Created Last 30 ================

2010-01-25 22:26:53 0 d-----w- c:\docume~1\admini~1\applic~1\TeamViewer
2010-01-25 22:26:43 0 d-----w- c:\documents and settings\administrator\temp
2010-01-23 10:57:39 1547 ----a-w- c:\documents and settings\administrator\.recently-used.xbel
2010-01-14 09:57:35 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-06 14:11:55 82 ----a-w- c:\windows\mafosav.INI

==================== Find3M ====================

2010-02-04 18:21:08 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-02-04 18:21:06 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-12-22 05:42:49 662016 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:42:45 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 16:51:27 45056 ----a-w- c:\windows\NCUNINST.EXE
2009-11-21 08:46:32 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-08 11:06:02 411368 ----a-w- c:\windows\system32\deploytk.dll

============= FINISH: 19:41:02.40 ===============

nije htelo da mi uplouduje preko "Prikaci fajl"

http://rapidshare.com/files/345916701/Attach.txt.html

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Gde ga postavi na rapidshare... Ima da cekam 5 godina..

Attach mi nije bitan.. okaci mi gmer ili rootrepeal logove

megaupload, hotfile> jedan od ova dva.

i definisi cudno. .zamisli da ti je kilometarski log.. i ja da ga pregledam a ne znam sta trazim Smile

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Napisano: 04 Feb 2010 21:02

ovako,danas se sam od sebe restartovao (tako mi rekao brat) a i sporije je ocitavalo nego obicno a i nekada pri radu samo vidim kako kursor dobije onaj "pescaniK' kao da nesto ocitava sto je jako cudno...mozda i nema virusa ali vredi pokusati u ambulanti,kazem Smile

o5 ne radi "Prikaci fajl" Sad

http://www.megaupload.com/?d=T7CTUL85

Dopuna: 04 Feb 2010 21:03

veceras ili sutra kacim ostale logove...

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pa log deluje prilicno cisto, da ne kazem kao suza Very Happy

Aj da vidimo te druge logove. Tu sam ja Smile

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Napisano: 05 Feb 2010 13:02

Nece da mi skenira Gmer-om...nznm zasto...jednostavno stoji i nece dalje...cekao sam dugo ali nista...

Dopuna: 05 Feb 2010 13:02

sad cu root repeal da probam...

Ko je trenutno na forumu
 

Ukupno su 755 korisnika na forumu :: 5 registrovanih, 0 sakrivenih i 750 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: draganl, Karla, milenko crazy north, Tvrtko I, vladaa012