MyCity » Ambulanta -> Arhiva Ambulante » Sumnjivi aXPFixer i jos ponesto

Sumnjivi aXPFixer i jos ponesto

Napisano na dan: 1.6.2008

Sumnjivi aXPFixer i jos ponesto

Sledeća strana

Pagination

Odgovori

Rastafarii Poslao: 01 Jun 2008 22:25 Idi na vrh
offline Rastafarii Moderator foruma PHP developer Pridružio: 22 Mar 2006 Poruke: 3760 Gde živiš: 127.0.0.1	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sad meni treba pomoc, sva sreca pa nije moj kompjuter u pitanju, ali je zaraza opasna - Avast pisti na 2 sekunde. Simptomi su, pored Avasta (koji nije bio redovno update-ovan) cudne bubasvabe po desktopu (a nije ScreenSaver) i pojava aXPFixera za koji niko ne zna odakle se pojavio. Bip.exe je u stvari HijackThis. Citat:Logfile of HijackThis v1.99.1 Scan saved at 10:11:19 PM, on 6/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\winlogon.exe C:\WINDOWS\system32\ctfmona.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AXPFixer\AXPFixer.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\winlogon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\Administrator\Desktop\bip\bip.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [runwinlogon] C:\WINDOWS\winlogon.exe O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe O4 - HKLM\..\Run: [AXPFixer] C:\Program Files\AXPFixer\AXPFixer.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

Profil

dr_Bora Poslao: 01 Jun 2008 22:58 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Rastafarii Poslao: 02 Jun 2008 00:16 Idi na vrh
offline Rastafarii Moderator foruma PHP developer Pridružio: 22 Mar 2006 Poruke: 3760 Gde živiš: 127.0.0.1	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo sta mi je ComboFix prijavio: ComboFix ::ComboFix 08-06-01.3 - Administrator 2008-06-02 0:01:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.563 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS\system32\ctfmona.exe C:\WINDOWS\system32\drivers\vbF83.sys C:\WINDOWS\system32\WinCtrl32.dl_ C:\WINDOWS\system32\WinCtrl32.dll C:\WINDOWS\winlogon.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_vbF83 ((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))) . 2008-06-02 00:04 . 2008-06-02 00:04 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-06-02 00:04 . 2008-06-02 00:04 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-05-30 17:28 . 2008-05-30 17:28 <DIR> d-------- C:\Program Files\AXPFixer 2008-05-30 17:28 . 2008-05-30 17:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AXPFixer 2008-05-29 08:04 . 2008-05-29 08:04 <DIR> d-------- C:\Program Files\AXPDefender 2008-05-28 11:47 . 2008-05-28 11:47 286 --a------ C:\WINDOWS\pcps.ini 2008-05-20 01:42 . 2008-06-01 23:53 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp 2008-05-20 01:42 . 2008-06-01 23:53 160,256 --a------ C:\WINDOWS\system32\blackster.scr 2008-05-20 01:42 . 2008-05-20 01:42 109,716 --a------ C:\a7187t.exe 2008-05-13 15:50 . 2008-05-14 14:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ice Age 2 2008-05-06 12:27 . 2008-05-06 12:27 268 --ah----- C:\sqmdata04.sqm 2008-05-06 12:27 . 2008-05-06 12:27 244 --ah----- C:\sqmnoopt04.sqm 2008-05-01 19:13 . 2001-12-28 02:22 315,392 -ra------ C:\WINDOWS\system32\iviaudio.ax 2008-05-01 19:13 . 2001-04-05 07:57 56,832 -ra------ C:\WINDOWS\system32\mmswitch.ax 2008-05-01 19:13 . 2001-12-28 02:22 34,816 -ra------ C:\WINDOWS\system32\mpgaudio.ax 2008-05-01 19:12 . 2008-05-01 19:12 <DIR> d-------- C:\Program Files\AC3Filter 2008-05-01 19:12 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-13 13:47 1 ----a-w C:\DXOkay.bin 2008-05-13 13:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-22 19:40 70 ----a-w C:\Program Files\Snakes 2008-04-17 17:44 --------- d-----w C:\Program Files\Sierra 2008-04-16 12:20 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-26 17:23 70 ----a-w C:\Documents and Settings\Administrator\SCORES.DAT . ------- Sigcheck ------- 2006-01-17 01:00 359936 56d8de1785d58df095beb31411e08840 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 07:55 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 07:52 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 07:55 118784] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 12:48 77824 C:\WINDOWS\soundman.exe] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 10:26 2808832 C:\WINDOWS\alcwzrd.exe] "AXPDefender"="C:\Program Files\AXPDefender\AXPDefender.exe" [ ] "AXPFixer"="C:\Program Files\AXPFixer\AXPFixer.exe" [2008-05-19 20:03 1564672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="cmd.exe" [2004-08-03 23:56 388608 C:\WINDOWS\system32\cmd.exe] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 21:59 44544] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\afJ50.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\afJ72.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\afK05.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\afK73.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\diM04.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\glQ04.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\glQ50.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hmQ50.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hmR05.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\joL50.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lqV27.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\otX72.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uaF16.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vbF04.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wcH84.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yfK40.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] --a------ 2003-06-26 13:57 87751 C:\WINDOWS\AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-05-16 10:27 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2004-12-20 20:41 33792 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Sunflowers\\ParaWorld\\bin\\PWServer.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] S0 afJ50;afJ50;C:\WINDOWS\system32\Drivers\afJ50.sys [] S0 afJ72;afJ72;C:\WINDOWS\system32\Drivers\afJ72.sys [] S0 afK05;afK05;C:\WINDOWS\system32\Drivers\afK05.sys [] S0 afK73;afK73;C:\WINDOWS\system32\Drivers\afK73.sys [] S0 diM04;diM04;C:\WINDOWS\system32\Drivers\diM04.sys [] S0 glQ04;glQ04;C:\WINDOWS\system32\Drivers\glQ04.sys [] S0 glQ50;glQ50;C:\WINDOWS\system32\Drivers\glQ50.sys [] S0 hmQ50;hmQ50;C:\WINDOWS\system32\Drivers\hmQ50.sys [] S0 hmR05;hmR05;C:\WINDOWS\system32\Drivers\hmR05.sys [] S0 joL50;joL50;C:\WINDOWS\system32\Drivers\joL50.sys [] S0 lqV27;lqV27;C:\WINDOWS\system32\Drivers\lqV27.sys [] S0 otX72;otX72;C:\WINDOWS\system32\Drivers\otX72.sys [] S0 uaF16;uaF16;C:\WINDOWS\system32\Drivers\uaF16.sys [] S0 vbF04;vbF04;C:\WINDOWS\system32\Drivers\vbF04.sys [] S0 wcH84;wcH84;C:\WINDOWS\system32\Drivers\wcH84.sys [] S0 yfK40;yfK40;C:\WINDOWS\system32\Drivers\yfK40.sys [] . Contents of the 'Scheduled Tasks' folder "2008-06-01 20:12:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-06-02 00:04:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************ . Completion time: 2008-06-02 0:06:05 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-01 22:06:02 Pre-Run: 39,023,308,800 bytes free Post-Run: 40,523,227,136 bytes free 180

Profil

dr_Bora Poslao: 02 Jun 2008 17:15 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Idemo dalje... Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\ctfmonb.bmp C:\WINDOWS\system32\blackster.scr Folder:: C:\Program Files\AXPFixer C:\Documents and Settings\Administrator\Application Data\AXPFixer C:\Program Files\AXPDefender Driver:: afJ50 afJ72 afK05 afK73 diM04 glQ04 glQ50 hmQ50 hmR05 joL50 lqV27 otX72 uaF16 vbF04 wcH84 yfK40 Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AXPDefender"=- "AXPFixer"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\afJ50.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\afJ72.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\afK05.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\afK73.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\diM04.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\glQ04.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\glQ50.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hmQ50.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hmR05.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\joL50.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lqV27.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\otX72.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uaF16.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vbF04.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wcH84.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yfK40.sys] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Rastafarii Poslao: 02 Jun 2008 20:52 Idi na vrh
offline Rastafarii Moderator foruma PHP developer Pridružio: 22 Mar 2006 Poruke: 3760 Gde živiš: 127.0.0.1	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo log fajla nakon novog skena, sa CFScriptom. ComboFix 08-06-01.3 - Administrator 2008-06-02 20:42:06.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.607 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\WINDOWS\system32\blackster.scr C:\WINDOWS\system32\ctfmonb.bmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Application Data\AXPFixer C:\Program Files\AXPDefender C:\Program Files\AXPDefender\AXPDefender.exe.local C:\Program Files\AXPDefender\AXPDefenderSkin.dll C:\Program Files\AXPDefender\database.dat C:\Program Files\AXPDefender\license.txt C:\Program Files\AXPDefender\MFC71.dll C:\Program Files\AXPDefender\MFC71ENU.DLL C:\Program Files\AXPDefender\msvcp71.dll C:\Program Files\AXPDefender\msvcr71.dll C:\Program Files\AXPDefender\Uninstall.exe C:\Program Files\AXPFixer C:\Program Files\AXPFixer\AXPFixer.exe C:\Program Files\AXPFixer\AXPFixer.exe.local C:\Program Files\AXPFixer\AXPFixerSkin.dll C:\Program Files\AXPFixer\database.dat C:\Program Files\AXPFixer\license.txt C:\Program Files\AXPFixer\MFC71.dll C:\Program Files\AXPFixer\MFC71ENU.DLL C:\Program Files\AXPFixer\msvcp71.dll C:\Program Files\AXPFixer\msvcr71.dll C:\Program Files\AXPFixer\Uninstall.exe C:\WINDOWS\system32\blackster.scr C:\WINDOWS\system32\ctfmonb.bmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AFK73 -------\Legacy_DIM04 -------\Legacy_OTX72 -------\Legacy_YFK40 -------\Service_afJ50 -------\Service_afJ72 -------\Service_afK05 -------\Service_afK73 -------\Service_diM04 -------\Service_glQ04 -------\Service_glQ50 -------\Service_hmQ50 -------\Service_hmR05 -------\Service_joL50 -------\Service_lqV27 -------\Service_otX72 -------\Service_uaF16 -------\Service_vbF04 -------\Service_wcH84 -------\Service_yfK40 ((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))) . 2008-06-02 00:04 . 2008-06-02 00:04 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-06-02 00:04 . 2008-06-02 00:04 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-05-28 11:47 . 2008-05-28 11:47 286 --a------ C:\WINDOWS\pcps.ini 2008-05-20 01:42 . 2008-05-20 01:42 109,716 --a------ C:\a7187t.exe 2008-05-13 15:50 . 2008-05-14 14:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ice Age 2 2008-05-06 12:27 . 2008-05-06 12:27 268 --ah----- C:\sqmdata04.sqm 2008-05-06 12:27 . 2008-05-06 12:27 244 --ah----- C:\sqmnoopt04.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-13 13:47 1 ----a-w C:\DXOkay.bin 2008-05-13 13:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-01 17:12 --------- d-----w C:\Program Files\AC3Filter 2008-04-22 19:40 70 ----a-w C:\Program Files\Snakes 2008-04-17 17:44 --------- d-----w C:\Program Files\Sierra 2008-04-16 12:20 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-26 17:23 70 ----a-w C:\Documents and Settings\Administrator\SCORES.DAT . ------- Sigcheck ------- 2006-01-17 01:00 359936 56d8de1785d58df095beb31411e08840 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-02_ 0.05.52.34 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-01 22:04:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-02 18:44:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-02 18:44:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_654.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 07:55 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 07:52 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 07:55 118784] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 12:48 77824 C:\WINDOWS\soundman.exe] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 10:26 2808832 C:\WINDOWS\alcwzrd.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="cmd.exe" [2004-08-03 23:56 388608 C:\WINDOWS\system32\cmd.exe] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 21:59 44544] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] --a------ 2003-06-26 13:57 87751 C:\WINDOWS\AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-05-16 10:27 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2004-12-20 20:41 33792 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Sunflowers\\ParaWorld\\bin\\PWServer.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] . Contents of the 'Scheduled Tasks' folder "2008-06-02 18:13:58 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-02 20:44:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\Setup\avast.setup . ************************************************************************ . Completion time: 2008-06-02 20:46:03 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-02 18:46:00 ComboFix2.txt 2008-06-01 22:06:05 Pre-Run: 40,564,465,664 bytes free Post-Run: 40,563,167,232 bytes free 170

Profil

dr_Bora Poslao: 02 Jun 2008 21:05 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upload-uj mi sledeći file: C:\a7187t.exe preko ovog linka: [Link mogu videti samo ulogovani korisnici] Kakvo je sada stanje? Prijavljuje li avast! nešto?

Profil

Rastafarii Poslao: 02 Jun 2008 21:30 Idi na vrh
offline Rastafarii Moderator foruma PHP developer Pridružio: 22 Mar 2006 Poruke: 3760 Gde živiš: 127.0.0.1	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadovao sam trazeni fajl. Avast za sada ne prijavljuje nista (bar ja nisam video), nema bubasvaba - da kucnem u drvo sve je normalno.

Profil

dr_Bora Poslao: 02 Jun 2008 21:45 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

Rastafarii Poslao: 02 Jun 2008 21:46 Idi na vrh
offline Rastafarii Moderator foruma PHP developer Pridružio: 22 Mar 2006 Poruke: 3760 Gde živiš: 127.0.0.1	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Deinstalacija ce sacekati sutra, pre minut - dva sam prekinuo remote desktop sesiju Veliko HVALA na pomoci!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Sumnjivi aXPFixer i jos ponesto

Ko je trenutno na forumu

Ukupno su 1022 korisnika na forumu :: 60 registrovanih, 9 sakrivenih i 953 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: ALEXV, Alooo, Baltimor, chervoncy, dankisha, darionis, dearg, deLacy, Dimitrise93, ds69, dzoni19, ivica976, jodzula, Jose, Jozo74, Kobrim, Kriglord, Lj_ubo, ljubo70, LostInSpaceandTime, mantrox, Metanoja, milenko crazy north, Milo97, Mis uz pusku, Mldo, monomah, mrgud2025, Myamoto Musashi, Nikolajevic, nnovakis, Paklenica, pein, Petarvu, PlayerOne, pobeda, Prečanin30, PrincipL, procesor, raketaš, Razdroid, ruso, Samo gledam, sap, Sir Budimir, Sirius, SOVO515, Srle993, strn, tanakadzo, TBoy, Username1000, V-98, Vlada1389, voja64, vuksa72, wexy, wizzardone, Yellow Pinky, yrraf

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by