MyCity » Ambulanta -> Arhiva Ambulante » Potrebna pomoc oko virusa ?!

Potrebna pomoc oko virusa ?!

Napisano na dan: 7.12.2008

Potrebna pomoc oko virusa ?!
Sledeća strana Pagination

Idi na vrh

Poslao: 07 Dec 2008 17:13
Idi na vrh
offline
  • Pridružio: 13 Jan 2008
  • Poruke: 40

Zdravo Very Happy...imam problem : usporen rad racunara, sam se restartuje, antivirus mi svakih 2-3 min iskace , trojan je u pitanju...pa vas molim da pokusamo to nekako da resimo ? ...unapred hvala Very Happy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:17 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Antivirus 2009\av2009.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Documents and Settings\Marina\Desktop\Hajackthis\TR3.exe..exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader 8.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender8\bdnagent.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [62842784586645465967789840984062] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Search - [Link mogu videti samo ulogovani korisnici]
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7172 bytes



Poslao: 07 Dec 2008 18:04
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pozdrav, andrej007 Wink

Tvoj kompjuter je zaista zarazen i verovatno je to uzrok usporenosti sistema...

Potrebno je da uradis sledece :


Arrow Klikni desnim tasterom miša na BitDefender ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Show.
Nakon toga, takođe, u donjem, desnom uglu prozora izaberi Settings.
Zatim odštikliraj Real-Time potection is enabled, i u padajućem meniju izaberi Permanently i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.



Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Poslao: 07 Dec 2008 18:25
Idi na vrh
offline
  • Pridružio: 13 Jan 2008
  • Poruke: 40

Stvarno sam se potrudio ali nisam nasho ovu opciju "Zatim odštikliraj Real-Time potection is enabled, i u padajućem meniju izaberi Permanently i klikni OK." pa ako mi mozes pomoci....skinuo sam combo fix

da li da napravim log cobo fix-a i bez toga ili ???

Poslao: 07 Dec 2008 18:27
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pa probaj nekako da iskljucis svoj AV..Ja nikad nisam koristio taj AV...
Ako ne uspes pusti samo Combofix...

Poslao: 07 Dec 2008 18:55
Idi na vrh
offline
  • Pridružio: 13 Jan 2008
  • Poruke: 40

nisam uspeo da ga iskljucim ali evo ga log od combo-a....

ComboFix 08-12-06.06 - Marina 2008-12-07 18:40:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.52 [GMT 1:00]
Running from: c:\documents and settings\Marina\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Antivirus 2009
c:\program files\Antivirus 2009\av2009.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\INSTALL.LOG
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0103E505.bin
c:\program files\MyWebSearch\bar\Cache\0103FCA4.bin
c:\program files\MyWebSearch\bar\Cache\01040B88.bin
c:\program files\MyWebSearch\bar\Cache\01041397.bin
c:\program files\MyWebSearch\bar\Cache\01041B38
c:\program files\MyWebSearch\bar\Cache\0104F183.bin
c:\program files\MyWebSearch\bar\Cache\0104F57B.bin
c:\program files\MyWebSearch\bar\Cache\01050375.bin
c:\program files\MyWebSearch\bar\Cache\01050B06.bin
c:\program files\MyWebSearch\bar\Cache\017A11B4
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\system32\explorer32.exe
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\ieupdates.exe
c:\windows\system32\TDSScfub.dll
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSosvn.dat
c:\windows\system32\TDSStkdv.log
c:\windows\system32\winsrc.dll.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-04 23:13 . 2008-12-04 23:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\espionServerData
2008-12-04 21:17 . 2008-12-07 18:36 <DIR> d-------- c:\program files\Partizan Script
2008-12-02 23:53 . 2008-12-02 23:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-02 23:49 . 2008-12-02 23:49 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-12-02 23:34 . 2008-12-02 23:33 118,520 --------- c:\windows\system32\pxinsi64.exe
2008-12-02 23:34 . 2008-12-02 23:33 116,472 --------- c:\windows\system32\pxcpyi64.exe
2008-12-01 21:16 . 2008-12-01 21:16 <DIR> d-------- c:\documents and settings\Marina\Application Data\Corel
2008-12-01 21:16 . 2008-12-05 22:39 88 -r-hs---- c:\windows\system32\939AC3ABC2.sys
2008-12-01 21:04 . 2008-12-01 21:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2008-12-01 20:57 . 2008-12-01 20:59 <DIR> d-------- c:\program files\Common Files\Corel
2008-12-01 20:50 . 2008-12-05 22:39 2,828 --ahs---- c:\windows\system32\KGyGaAvL.sys
2008-12-01 20:34 . 2008-12-01 20:57 <DIR> d-------- c:\program files\Corel
2008-12-01 20:34 . 2008-12-01 20:34 <DIR> d-------- c:\documents and settings\Marina\Application Data\InstallShield
2008-11-29 07:50 . 2008-12-04 15:03 <DIR> d-------- c:\program files\Counter-Strike 1.6
2008-11-20 23:56 . 2008-11-20 23:56 0 --a------ c:\windows\nsreg.dat
2008-11-18 22:04 . 2008-11-18 22:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bluetooth
2008-11-18 22:02 . 2004-08-03 23:10 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2008-11-18 22:02 . 2004-08-03 23:10 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2008-11-18 22:02 . 2004-08-03 22:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2008-11-18 22:02 . 2004-08-03 22:58 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2008-11-18 22:01 . 2004-08-03 23:10 85,376 --a------ c:\windows\system32\drivers\NABTSFEC.sys
2008-11-18 22:01 . 2004-08-03 23:10 85,376 --a--c--- c:\windows\system32\dllcache\nabtsfec.sys
2008-11-18 22:01 . 2004-08-03 23:10 19,328 --a------ c:\windows\system32\drivers\WSTCODEC.SYS
2008-11-18 22:01 . 2004-08-03 23:10 19,328 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
2008-11-18 22:01 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys
2008-11-18 22:01 . 2004-08-03 23:10 17,024 --a--c--- c:\windows\system32\dllcache\ccdecode.sys
2008-11-18 22:01 . 2004-08-04 00:56 16,384 --a------ c:\windows\system32\ipsink.ax
2008-11-18 22:01 . 2004-08-04 00:56 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2008-11-18 22:01 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2008-11-18 22:01 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\streamip.sys
2008-11-18 22:01 . 2004-08-03 23:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2008-11-18 22:01 . 2004-08-03 23:10 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2008-11-18 21:59 . 2008-11-18 21:59 <DIR> d-------- c:\program files\IVT Corporation
2008-11-18 21:59 . 2004-09-21 18:18 148,830 --a------ c:\windows\system32\drivers\bcbthub.sys
2008-11-18 21:59 . 2004-09-21 18:18 116,021 --a------ c:\windows\system32\drivers\fw203x.sys
2008-11-18 21:59 . 2005-03-25 17:18 82,148 --a------ c:\windows\system32\drivers\VcommMgr.sys
2008-11-18 21:59 . 2004-10-19 13:37 61,312 --a------ c:\windows\system32\drivers\VComm.sys
2008-11-18 21:59 . 2005-04-08 17:19 49,152 --a------ c:\windows\system32\btfunc.dll
2008-11-18 21:59 . 2005-04-30 14:50 28,271 --a------ c:\windows\system32\drivers\BTHidMgr.sys
2008-11-18 21:59 . 2005-05-31 09:42 23,000 --a------ c:\windows\system32\drivers\btcusb.sys
2008-11-18 21:59 . 2005-05-31 15:40 20,480 --a------ c:\windows\system32\drivers\blueletaudio.sys
2008-11-18 21:59 . 2004-12-16 16:32 13,304 --a------ c:\windows\system32\drivers\BTNetFilter.sys
2008-11-18 21:59 . 2005-04-30 14:50 11,860 --a------ c:\windows\system32\drivers\vbtenum.sys
2008-11-18 21:59 . 2005-04-30 14:50 11,736 --a------ c:\windows\system32\drivers\VHIDMini.sys
2008-11-18 21:59 . 2005-04-30 14:48 10,804 --a------ c:\windows\system32\drivers\BtNetDrv.sys
2008-11-18 21:59 . 2004-09-21 18:18 7,680 --a------ c:\windows\system32\btinstall.dll
2008-11-16 22:44 . 2008-11-16 22:44 58 --a------ c:\windows\WININIT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 17:29 --------- d-----w c:\program files\MessengerDiscovery
2008-12-02 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\Close Noun Junk Logo
2008-12-02 22:49 --------- d-----w c:\program files\Common Files\Adobe
2008-12-01 17:35 --------- d-----w c:\program files\Common Files\ACD Systems
2008-11-29 22:47 --------- d-----w c:\documents and settings\Marina\Application Data\Wildfire
2008-11-26 22:10 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-24 20:20 --------- d-----w c:\documents and settings\Marina\Application Data\dog blah bait
2008-11-22 12:18 --------- d-----w c:\program files\GameHouse
2008-11-18 20:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-29 12:11 --------- d-----w c:\documents and settings\All Users\Application Data\Ball mapi owns ping
2008-10-20 19:17 --------- d-----w c:\program files\Super Internet TV
2008-10-20 15:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-20 13:50 --------- d-----w c:\program files\PhotoScape
2008-10-18 17:22 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-18 17:15 --------- d-----w c:\program files\directx
2008-10-10 23:32 --------- d-----w c:\program files\Windows Live
2008-10-10 20:55 12,400 ----a-w c:\windows\system32\drivers\secdrv.sys
2008-06-15 22:02 80 --sh--r c:\windows\system32\48C2C361F1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2006-01-16 454656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-15 185896]
"BDSwitchAgent"="c:\program files\Softwin\BitDefender8\\bdswitch.exe" [2008-09-02 33280]
"BDNewsAgent"="c:\program files\Softwin\BitDefender8\bdnagent.exe" [2004-04-20 4608]
"BDOESRV"="c:\program files\Softwin\BitDefender8\\bdoesrv.exe" [2004-08-05 86016]
"BDMCon"="c:\progra~1\Softwin\BITDEF~1\bdmcon.exe" [2004-11-19 335872]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"nwiz"="nwiz.exe" [2005-11-11 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-11-18 1183744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-09-13 10:12 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2006-07-28 13:05 1056768 c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Professional §©®ÎŢt v.3 Black\\mirc.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero WaveEditor\\DXEnum.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2008-06-09 77312]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;d:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
R2 FILESpy;FILESpy;\??\c:\program files\Softwin\BitDefender8\filespy.sys [2004-08-19 12609]
R3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys [2008-06-16 30336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae50103e-3aad-11dd-a0d6-0011d8f938f2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
.
Contents of the 'Scheduled Tasks' folder

2008-12-07 c:\windows\Tasks\ADDCF714918B6A0C.job
- c:\docume~1\marina\applic~1\dogbla~1\beeplicensesurf.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-Device Detector - DevDetect.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = [Link mogu videti samo ulogovani korisnici]{searchTerms}
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search - [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Marina\Application Data\Mozilla\Firefox\Profiles\qxqihidr.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - [Link mogu videti samo ulogovani korisnici]
FireFox -: prefs.js - STARTUP.HOMEPAGE - [Link mogu videti samo ulogovani korisnici]
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-12-07 18:45:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\program files\VIAudioi\SBADeck\ADeck.exe 1?$??????i?|????$i?|????` $??????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\windows\system32\rundll32.exe
c:\program files\Softwin\BitDefender8\bdswitch.exe
c:\program files\Softwin\BitDefender8\bdoesrv.exe
c:\program files\MessengerDiscovery\MessengerDiscovery Live.exe
c:\progra~1\Softwin\BITDEF~1\vsserv.exe
.
**************************************************************************
.
Completion time: 2008-12-07 18:49:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 17:49:07

Pre-Run: 22,397,755,392 bytes free
Post-Run: 22,709,645,312 bytes free

292

Poslao: 08 Dec 2008 00:11
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi Lop S&D na Desktop.
Dvoklikom pokreni LopSD.exe
Na prvom ekranu odaberi jezik kucajući E i Enter a zatim klikni OK
Odaberi opciju 1 - Search kucajući 1 i Enter
Sačekaj nekoliko minuta da program završi skeniranje
Na kraju procesa, log C:\LopR.txt će se otvoriti u Notepad-u
Iskopiraj dobijeni log u temu na forumu.

MyCity » Ambulanta -> Arhiva Ambulante » Potrebna pomoc oko virusa ?!

Ko je trenutno na forumu
 

Ukupno su 772 korisnika na forumu :: 19 registrovanih, 0 sakrivenih i 753 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Alibaba1981, bigfoot, bojan313, BZ, Citalac, dunavzed, Georgius, IAR80, Jaz, Jovan.D, Kobrim, Makeitdrip, MiloradKomadic, Milos ZA, Rectifier, ruma, Slingshot, zlaya011, zziko