MyCity » Ambulanta -> Arhiva Ambulante » Napali virusi, jedva sam se konektovao na internet - pomoć

Napali virusi, jedva sam se konektovao na internet - pomoć

Napisano na dan: 8.6.2010
1

Napali virusi, jedva sam se konektovao na internet - pomoć
Sledeća strana Pagination

Idi na vrh

Poslao: 08 Jun 2010 01:32
Idi na vrh
offline
  • Dragan Đurašinović
  • Pridružio: 20 Dec 2008
  • Poruke: 82

Pre dva dana komp me počeo zezati, izbacuje mi da ima neke viruse, prečistim ga NOD-om i očisti dosta virusa, ali neke ne može, prikazuje mi da mi je komponenta koja se nalazi u drajverima - cdrom.sys zarazena i ne mogu je ni obrisati ni ocistiti, komp se sve teze pali nakon deset puta upali jednom, a na internet sam jedva usao. Drug mi predložio da zamenim NOD sa AVG, a deinstalirao sam NOD, a sad AVG neće da instalira. Koristim 3G internet!

DDS ne može da pokrene, skinuo sam sa dva izvora, al čim se pokaže crni prozor, odmah u sekundi nestane!

Tu su Gmerovi.

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Poslao: 08 Jun 2010 15:18
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav.


Skini program RSIT na Desktop:

http://images.malwareremoval.com/random/RSIT.exe


Pokreni ga dvoklikom a zatim klikni Continue.


Na kraju procesa će se otvoriti dva loga: prvi, log.txt će biti maksimizovan i njega je potrebno iskopirati u temu na forumu, te drugi, info.txt koji će biti minimizovan (koji nam za sada ne treba).


Postavi sadržaj file-a log.txt u iduću poruku (taj file će biti sačuvan kao C:\rsit\log.txt).

Poslao: 08 Jun 2010 16:16
Idi na vrh
offline
  • Dragan Đurašinović
  • Pridružio: 20 Dec 2008
  • Poruke: 82

Pozdrav druže,

Nisam uspeo upaliti komp, pa sam ga startovao u Safe modu i onda skenirao, ne znam da li je to problem.

Sadržaj log fajla!

Logfile of random's system information tool 1.07 (written by random/random)
Run by Sassa at 2010-06-08 15:33:02
Microsoft Windows XP Professional Service Pack 2
System drive C: has 836 MB (4%) free of 19 GB
Total RAM: 502 MB (72% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\BMMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPKBDLED"=C:\WINDOWS\system32\TpScrLk.exe [2002-10-08 40960]
"BMMGAG"=RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor []
"BMMLREF"=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2005-04-20 20480]
"BMMMONWND"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll [2005-04-20 396288]
"BLOG"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL [2005-04-20 208896]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2006-02-14 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-02-14 512000]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2005-11-07 106496]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-07-25 94208]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-11-02 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]
"PRONoMgrWired"=C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe [2003-08-06 86016]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-11-09 128920]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-13 149280]
"syncman"=c:\windows\system32\wuaucldt.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-07-14 1961984]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-10-09 288560]
"syncman"=c:\documents and settings\sassa\wuaucldt.exe [2010-06-02 30208]
"MSConfig"=C:\Documents and Settings\Sassa\mimn.exe [2010-06-06 11264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\Sassa\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csbdll]
C:\WINDOWS\system32\csbdll.dll [2010-06-08 68608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ecczcizl]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fnsuuobu]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqluidnn.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tsdveuzo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ecczcizl]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\fnsuuobu]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rqluidnn.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tsdveuzo]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\Sassa\Desktop\utorrent.exe"="C:\Documents and Settings\Sassa\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\autorun6e.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c7de2a4-dc5e-11dc-8597-ae7294a50cab}]
shell\Auto\command - G:\AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34e3dc20-a8fd-11dc-8546-ace2c9c8ada8}]
shell\Auto\command - G:\AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fd69d38-a59d-11dc-853c-f677a0361737}]
shell\Auto\command - G:\AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bc0b373-6865-11dd-85fe-ce756bba56ab}]
shell\Auto\command - G:\AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{804baeb0-18ac-11df-87b8-00112545a046}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8795d010-3768-11df-87f4-00112545a046}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{909e4570-bf85-11dc-8574-d37ad4b72cab}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96067250-236a-11de-8701-00112545a046}]
shell\AutoRun\command - G:\fooool.exe
shell\explore\command - G:\fooool.exe
shell\open\command - G:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5ed3f93-cd38-11dd-8684-00112545a046}]
shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af47be90-a915-11dd-863c-86651cd00aab}]
shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3920610-a394-11dd-8631-ed7eafcd0eaa}]
shell\AutoRun\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ine32.exe
shell\open\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ine32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b996a861-f317-11de-8783-00112545a046}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0d41361-ff58-11de-8795-00112545a046}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL aDMiNIsTraTor.exE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e28b2c60-bd53-11dc-856f-d853186fe6a8}]
shell\AutoOpen\command - E:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e62e85e1-cb60-11dd-8681-00112545a046}]
shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e689ce93-123f-11de-86e6-00112545a046}]
shell\AutoRun\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ine32.exe
shell\open\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ine32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe59bad0-d979-11dc-8592-cf1ce3dfd7ab}]
shell\AutoRun\command - G:\
shell\explore\command - WScript.exe .\autorun.vbs
shell\open\command - WScript.exe .\autorun.vbs


======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-06-08 15:33:04 ----D---- C:\Program Files\trend micro
2010-06-08 15:33:02 ----D---- C:\rsit
2010-06-08 00:24:19 ----A---- C:\WINDOWS\system32\csbdll.dll
2010-06-06 19:41:44 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2010-06-05 00:27:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-06-05 00:22:49 ----SHD---- C:\Config.Msi
2010-06-03 23:34:33 ----D---- C:\Avenger
2010-06-03 23:16:28 ----SHD---- C:\WINDOWS\CSC
2010-06-03 22:36:21 ----A---- C:\WINDOWS\ntbtlog.txt
2010-06-03 00:50:51 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2010-06-03 00:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2010-06-03 00:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-06-03 00:50:14 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2010-06-03 00:50:01 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2010-06-03 00:49:48 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2010-06-03 00:49:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-06-03 00:49:01 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-06-03 00:48:41 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2010-06-03 00:48:27 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2010-06-03 00:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-06-03 00:48:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-06-03 00:47:55 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-06-03 00:47:43 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$
2010-06-03 00:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2010-06-03 00:47:15 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2010-06-03 00:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2010-06-03 00:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2010-06-03 00:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2010-06-03 00:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-06-03 00:46:09 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2010-06-03 00:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2010-06-03 00:45:38 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2010-06-03 00:45:25 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-06-03 00:45:11 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-06-03 00:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2010-06-03 00:44:46 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2010-06-03 00:44:28 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2010-06-03 00:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-06-03 00:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-06-03 00:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-06-03 00:43:29 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2010-06-03 00:43:14 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2010-06-03 00:43:02 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2010-06-03 00:42:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-06-03 00:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2010-06-03 00:42:02 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2010-06-03 00:41:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-06-03 00:41:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-06-03 00:40:51 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2010-06-03 00:40:32 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2010-06-03 00:40:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-06-03 00:40:02 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2010-06-03 00:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2010-06-03 00:39:40 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2010-06-03 00:39:30 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-06-03 00:38:39 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2010-06-03 00:38:27 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-06-03 00:38:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-06-03 00:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2010-06-03 00:37:50 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2010-06-03 00:36:36 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-06-03 00:36:16 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-06-03 00:36:06 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2010-06-03 00:35:53 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2010-06-03 00:35:41 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2010-06-03 00:35:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-06-03 00:35:14 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2010-06-03 00:35:02 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2010-06-03 00:34:51 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2010-06-03 00:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2010-06-03 00:34:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-06-03 00:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2010-06-03 00:33:38 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2010-06-03 00:33:25 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2010-06-03 00:33:15 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2010-06-03 00:33:04 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2010-06-03 00:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2010-06-03 00:32:31 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-06-03 00:32:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-06-03 00:31:57 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-06-03 00:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2010-06-03 00:31:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-06-03 00:30:49 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2010-06-03 00:30:14 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2010-06-03 00:30:00 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2010-06-03 00:29:49 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2010-06-03 00:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2010-06-03 00:29:22 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2010-06-03 00:29:06 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2010-06-03 00:28:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-06-03 00:28:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-06-03 00:28:06 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2010-06-02 22:06:47 ----RSH---- C:\Documents and Settings\Sassa\Application Data\kyrnmy.exe
2010-06-02 21:45:32 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-06-02 21:44:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-06-02 21:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-06-02 21:41:27 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-06-02 21:40:09 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-06-02 21:39:53 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9L$
2010-05-31 12:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-05-31 09:57:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-28 15:02:44 ----RSHD---- C:\WINDOWS\CIDD_P

======List of files/folders modified in the last 1 months======

2010-06-08 15:33:04 ----D---- C:\Program Files
2010-06-08 01:43:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-08 01:42:51 ----D---- C:\Documents and Settings\Sassa\Application Data\uTorrent
2010-06-08 01:42:28 ----D---- C:\WINDOWS\Prefetch
2010-06-08 01:39:57 ----D---- C:\Program Files\MODEM Mobile Connection
2010-06-08 01:39:01 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem.txt
2010-06-08 01:13:19 ----AD---- C:\WINDOWS\Temp
2010-06-08 00:24:19 ----D---- C:\WINDOWS\system32
2010-06-08 00:19:06 ----D---- C:\WINDOWS
2010-06-07 23:11:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-07 12:20:31 ----D---- C:\WINDOWS\system32\drivers
2010-06-07 00:32:51 ----SHD---- C:\WINDOWS\Installer
2010-06-06 19:41:54 ----HD---- C:\WINDOWS\inf
2010-06-06 19:38:28 ----D---- C:\WINDOWS\WinSxS
2010-06-06 19:38:28 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-06-06 19:29:20 ----SD---- C:\Documents and Settings\Sassa\Application Data\Microsoft
2010-06-06 19:29:20 ----D---- C:\Documents and Settings\Sassa\Application Data\The Bat!
2010-06-05 22:55:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-05 09:14:21 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-05 09:13:45 ----RSD---- C:\WINDOWS\assembly
2010-06-05 00:25:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-04 22:13:02 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem #2.txt
2010-06-03 23:34:33 ----RD---- C:\WINDOWS\Offline Web Pages
2010-06-03 11:35:24 ----D---- C:\WINDOWS\Minidump
2010-06-03 11:25:48 ----D---- C:\WINDOWS\AppPatch
2010-06-03 11:25:47 ----D---- C:\WINDOWS\msagent
2010-06-03 00:50:56 ----A---- C:\WINDOWS\imsins.BAK
2010-06-03 00:43:31 ----D---- C:\Program Files\Messenger
2010-06-03 00:42:04 ----D---- C:\Program Files\Windows Media Player
2010-06-03 00:41:29 ----D---- C:\Program Files\Movie Maker
2010-06-03 00:41:19 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-03 00:40:54 ----D---- C:\Program Files\Outlook Express
2010-06-03 00:40:53 ----D---- C:\Program Files\Common Files\System
2010-06-03 00:36:58 ----D---- C:\Program Files\Internet Explorer
2010-05-31 09:41:43 ----D---- C:\WINDOWS\Help
2010-05-25 23:37:20 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-05-20 23:46:39 ----D---- C:\Documents and Settings\Sassa\Application Data\Nokia Multimedia Player
2010-05-17 16:45:28 ----A---- C:\WINDOWS\win.ini
2010-05-17 15:11:27 ----RSHD---- C:\Win
2010-05-12 20:34:07 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-01-04 223128]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2005-11-11 10112]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-02-14 177664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 ShockMgr;ShockMgr; C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 4736]
S1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-04-24 14848]
S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
S1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-04-24 9343]
S1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
S1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2005-04-20 16384]
S1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2006-07-21 7168]
S2 fkbwcedoa;\??\C:\DOC; \??\C:\DOCUME~1\Sassa\LOCALS~1\Temp\iwfacinh.sys []
S2 gpxrqelwgxqusv;\??\C:\DOCUME~1; \??\C:\DOCUME~1\Sassa\LOCALS~1\Temp\tymffdzqnugchyi.sys []
S2 ipdvrrzoiuxlm;\??\C:\DOCUME~; \??\C:\DOCUME~1\Sassa\LOCALS~1\Temp\xxlsuyxqphwqfy.sys []
S2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
S2 kohsfb;\??\C:\; \??\C:\DOCUME~1\Sassa\LOCALS~1\Temp\scknrqtt.sys []
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
S2 ralghwujmb;\??\C:\DOCU; \??\C:\DOCUME~1\Sassa\LOCALS~1\Temp\rhdeb.sys []
S2 spsbkrri;\??\C:\DO; \??\C:\DOCUME~1\Sassa\LOCALS~1\Temp\gtetefmsjruktti.sys []
S2 tftup;\??\C:; \??\C:\DOCUME~1\Sassa\LOCALS~1\Temp\yakmylwa.sys []
S2 tsdveuzo;tsdveuzo; C:\WINDOWS\system32\drivers\tsdveuzo.sys [2010-06-07 136192]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-06-06 30104]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-06-06 30104]
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
S3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2004-10-26 125952]
S3 edauurmv;edauurmv; \??\C:\WINDOWS\System32\Drivers\edauurmv.sys []
S3 grirtykr;grirtykr; \??\C:\WINDOWS\System32\Drivers\grirtykr.sys []
S3 hidusatj;hidusatj; \??\C:\WINDOWS\System32\Drivers\hidusatj.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
S3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-10-18 242304]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-08-19 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-08-19 100480]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-04 22016]
S3 mylmemaf;mylmemaf; \??\C:\WINDOWS\System32\Drivers\mylmemaf.sys []
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WINDOWS\system32\DRIVERS\NetMotCM.sys [2004-09-29 15360]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-04 28672]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 rjpneyet;rjpneyet; \??\C:\WINDOWS\System32\Drivers\rjpneyet.sys []
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 szmczsen;szmczsen; \??\C:\WINDOWS\System32\Drivers\szmczsen.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S3 xibplnnx;xibplnnx; \??\C:\WINDOWS\System32\Drivers\xibplnnx.sys []
S3 zntccjur;zntccjur; \??\C:\WINDOWS\System32\Drivers\zntccjur.sys []
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-07-15 104960]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-07-15 104960]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-07-15 104960]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2005-11-11 73782]
S2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-13 153376]
S2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.EXE [2005-06-20 77824]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-09-29 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-07-16 143360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]

-----------------EOF-----------------

Poslao: 10 Jun 2010 11:53
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Izvini sto si morao malo da sacekas na moj odgovor!


Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:


Files to delete:
c:\windows\system32\wuaucldt.exe
c:\documents and settings\sassa\wuaucldt.exe
C:\Documents and Settings\Sassa\mimn.exe
C:\WINDOWS\system32\csbdll.dll
C:\Documents and Settings\Sassa\Application Data\kyrnmy.exe
C:\DOCUME~1\Sassa\LOCALS~1\Temp\iwfacinh.sys
C:\DOCUME~1\Sassa\LOCALS~1\Temp\tymffdzqnugchyi.sys
C:\DOCUME~1\Sassa\LOCALS~1\Temp\xxlsuyxqphwqfy.sys
C:\DOCUME~1\Sassa\LOCALS~1\Temp\scknrqtt.sys
C:\DOCUME~1\Sassa\LOCALS~1\Temp\rhdeb.sys
C:\DOCUME~1\Sassa\LOCALS~1\Temp\gtetefmsjruktti.sys
C:\DOCUME~1\Sassa\LOCALS~1\Temp\yakmylwa.sys
C:\WINDOWS\system32\drivers\tsdveuzo.sys
C:\WINDOWS\System32\Drivers\edauurmv.sys
C:\WINDOWS\System32\Drivers\grirtykr.sys
C:\WINDOWS\System32\Drivers\hidusatj.sys
C:\WINDOWS\System32\Drivers\mylmemaf.sys
C:\WINDOWS\System32\Drivers\rjpneyet.sys
C:\WINDOWS\System32\Drivers\szmczsen.sys
C:\WINDOWS\System32\Drivers\xibplnnx.sys
C:\WINDOWS\System32\Drivers\zntccjur.sys
C:\DOCUME~1\Sassa\LOCALS~1\Temp\4A9E.tmp.dll
C:\DOCUME~1\Sassa\LOCALS~1\Temp\msdrv32e.exe
C:\WINDOWS\System32\Drivers\rqluidnn.sys
C:\WINDOWS\System32\Drivers\ggid.sys

Folders to delete:
C:\WINDOWS\CIDD_P
C:\Win

Drivers to delete:
fkbwcedoa
gpxrqelwgxqusv
ipdvrrzoiuxlm
kohsfb
ralghwujmb
spsbkrri
tftup
tsdveuzo
AVPsys
edauurmv
grirtykr
hidusatj
mylmemaf
rjpneyet
szmczsen
xibplnnx
zntccjur
rqluidnn
xpcd

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csbdll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ecczcizl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fnsuuobu
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqluidnn.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tsdveuzo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ecczcizl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\fnsuuobu
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rqluidnn.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tsdveuzo

Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|syncman
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman


Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u
Iskopiraj sadržaj dobijenog loga u temu na forumu.

Poslao: 10 Jun 2010 16:10
Idi na vrh
offline
  • Dragan Đurašinović
  • Pridružio: 20 Dec 2008
  • Poruke: 82

Posle skeniranja mi je prikazivao da ne može da instalira neki dll, A juče sam instalirao AVG antivirus i sad mi prikazuje da je fajl C:\windows\system32\drivers\cdrom.sys yara\en zaražen virusom Trojanski konj Rootkit - Agent EL, a ovaj avenger sto sam sad pokretao zaražen sa još neka dva trojanca.


Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\system32\wuaucldt.exe" not found!
Deletion of file "c:\windows\system32\wuaucldt.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\documents and settings\sassa\wuaucldt.exe" not found!
Deletion of file "c:\documents and settings\sassa\wuaucldt.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Documents and Settings\Sassa\mimn.exe" not found!
Deletion of file "C:\Documents and Settings\Sassa\mimn.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\csbdll.dll" deleted successfully.

Error: file "C:\Documents and Settings\Sassa\Application Data\kyrnmy.exe" not found!
Deletion of file "C:\Documents and Settings\Sassa\Application Data\kyrnmy.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\DOCUME~1\Sassa\LOCALS~1\Temp\iwfacinh.sys" not found!
Deletion of file "C:\DOCUME~1\Sassa\LOCALS~1\Temp\iwfacinh.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\DOCUME~1\Sassa\LOCALS~1\Temp\tymffdzqnugchyi.sys" not found!
Deletion of file "C:\DOCUME~1\Sassa\LOCALS~1\Temp\tymffdzqnugchyi.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\DOCUME~1\Sassa\LOCALS~1\Temp\xxlsuyxqphwqfy.sys" not found!
Deletion of file "C:\DOCUME~1\Sassa\LOCALS~1\Temp\xxlsuyxqphwqfy.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\DOCUME~1\Sassa\LOCALS~1\Temp\scknrqtt.sys" not found!
Deletion of file "C:\DOCUME~1\Sassa\LOCALS~1\Temp\scknrqtt.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\DOCUME~1\Sassa\LOCALS~1\Temp\rhdeb.sys" not found!
Deletion of file "C:\DOCUME~1\Sassa\LOCALS~1\Temp\rhdeb.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\DOCUME~1\Sassa\LOCALS~1\Temp\gtetefmsjruktti.sys" not found!
Deletion of file "C:\DOCUME~1\Sassa\LOCALS~1\Temp\gtetefmsjruktti.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\DOCUME~1\Sassa\LOCALS~1\Temp\yakmylwa.sys" not found!
Deletion of file "C:\DOCUME~1\Sassa\LOCALS~1\Temp\yakmylwa.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\drivers\tsdveuzo.sys" deleted successfully.

Error: file "C:\WINDOWS\System32\Drivers\edauurmv.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\edauurmv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\Drivers\grirtykr.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\grirtykr.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\Drivers\hidusatj.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\hidusatj.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\Drivers\mylmemaf.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\mylmemaf.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\Drivers\rjpneyet.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\rjpneyet.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\Drivers\szmczsen.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\szmczsen.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\Drivers\xibplnnx.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\xibplnnx.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\Drivers\zntccjur.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\zntccjur.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\DOCUME~1\Sassa\LOCALS~1\Temp\4A9E.tmp.dll" deleted successfully.
File "C:\DOCUME~1\Sassa\LOCALS~1\Temp\msdrv32e.exe" deleted successfully.
File "C:\WINDOWS\System32\Drivers\rqluidnn.sys" deleted successfully.

Error: file "C:\WINDOWS\System32\Drivers\ggid.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\ggid.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\WINDOWS\CIDD_P" deleted successfully.
Folder "C:\Win" deleted successfully.
Driver "fkbwcedoa" deleted successfully.
Driver "gpxrqelwgxqusv" deleted successfully.
Driver "ipdvrrzoiuxlm" deleted successfully.
Driver "kohsfb" deleted successfully.
Driver "ralghwujmb" deleted successfully.
Driver "spsbkrri" deleted successfully.
Driver "tftup" deleted successfully.
Driver "tsdveuzo" deleted successfully.
Driver "AVPsys" deleted successfully.
Driver "edauurmv" deleted successfully.
Driver "grirtykr" deleted successfully.
Driver "hidusatj" deleted successfully.
Driver "mylmemaf" deleted successfully.
Driver "rjpneyet" deleted successfully.
Driver "szmczsen" deleted successfully.
Driver "xibplnnx" deleted successfully.
Driver "zntccjur" deleted successfully.
Driver "rqluidnn" deleted successfully.
Driver "xpcd" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ecczcizl" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fnsuuobu" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqluidnn.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tsdveuzo" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ecczcizl" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\fnsuuobu" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rqluidnn.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tsdveuzo" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csbdll" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|syncman" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Poslao: 10 Jun 2010 20:32
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Snimi sledeci file na Desktop:

-> https://www.mycity.rs/must-login.png


Pokreni ga i sacekaj. Log koji bude izbacio prekopiraj u sledecoj poruci.

Poslao: 10 Jun 2010 22:35
Idi na vrh
offline
  • Dragan Đurašinović
  • Pridružio: 20 Dec 2008
  • Poruke: 82

Volume in drive C has no label.
Volume Serial Number is 7C2D-ABEA

Directory of C:\Program Files\Ahead\Nero

29/10/2004 11:11 238,909 CDROM.CFG
22/07/2005 20:25 262,211 CDROM.dll
2 File(s) 501,120 bytes

Directory of C:\WINDOWS\inf

04/08/2004 00:06 35,450 cdrom.inf
01/12/2009 19:02 56,516 cdrom.PNF
2 File(s) 91,966 bytes

Directory of C:\WINDOWS\system32\dllcache

10/06/2010 19:15 84,800 cdrom.sys
1 File(s) 84,800 bytes

Directory of C:\WINDOWS\system32\drivers

10/06/2010 19:15 84,800 cdrom.sys
1 File(s) 84,800 bytes

Total Files Listed:
6 File(s) 762,686 bytes
0 Dir(s) 2,012,520,448 bytes free

Poslao: 11 Jun 2010 15:56
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Pre praćenja donjeg uputstva, obavezno pročitaj privatne poruke.



Arrow Ponovo ćemo koristiti program The Avenger.

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:


Files to delete:
C:\WINDOWS\system32\dllcache\cdrom.sys

Files to move:
C:\cdrom.sys|C:\WINDOWS\system32\drivers\cdrom.sys



Obeleži kvadratiće ispred sledećih opcija:
Scan for rootkits
Automatically disable any rootkits found

Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u

Iskopiraj sadržaj dobijenog loga u temu na forumu.

Poslao: 11 Jun 2010 21:55
Idi na vrh
offline
  • Dragan Đurašinović
  • Pridružio: 20 Dec 2008
  • Poruke: 82

Pozdrav, evo uradio sam.

Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\dllcache\cdrom.sys" deleted successfully.
File move operation "C:\cdrom.sys|C:\WINDOWS\system32\drivers\cdrom.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Poslao: 11 Jun 2010 22:12
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Kakvo je sada stanje? Detektuje li antivirus nešto?


Arrow Skini na Desktop: https://www.mycity.rs/must-login.png

dvoklikni i kada se pojavi upit, klikni Yes.


Arrow Postavi svež RSIT log.


Imaš li nekih USB uređaja (flash memorije, eksterni diskovi, ...)?

MyCity » Ambulanta -> Arhiva Ambulante » Napali virusi, jedva sam se konektovao na internet - pomoć

Ko je trenutno na forumu
 

Ukupno su 1082 korisnika na forumu :: 55 registrovanih, 8 sakrivenih i 1019 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amstel, Apok, babaroga, bobomicek, Bobrock1, bokisha253, brundo65, cavatina, cinoeye, darcaud, Denaya, Dorcolac, Dovla, DPera, dragan_mig31, draganl, FileFinder, goranperović66, h8propaganda, HrcAk47, hyla, ikan, kovinacc, Krusarac, Kubovac, kybonacci, Leonov, ljuba, lord sir giga, maiden6657, mean_machine, MiGac, Mihajlo, Mika_NS, mikrimaus, milenko crazy north, MrNo, nebidrag, Neutral-M, nick79, nikoladim, Parker, Romibrat, solic, Srle993, Stanlio, suponik, tmanda323, Tvrtko I, vathra, vlad4, Volkhov-M, vukovi, zillbg