MyCity » Ambulanta -> Arhiva Ambulante » usporen pc i virusi koji se ne mogu izbrisati

usporen pc i virusi koji se ne mogu izbrisati

Napisano na dan: 1.7.2008

usporen pc i virusi koji se ne mogu izbrisati
Sledeća strana Pagination

Idi na vrh

Poslao: 01 Jul 2008 22:59
Idi na vrh
offline
  • Pridružio: 13 Maj 2007
  • Poruke: 163
  • Gde živiš: Gracanica

avira mi pronajde dva virusa:system 32/khffcstj.dll i system32/rqRJBQkk.dll

i ne moze ni jedan da izbrise,a evo kako mi izgleda logfile od hijackthis:



Logfile of HijackThis v1.99.1
Scan saved at 10:54:48 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
D:\Program files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\WLAN\ACU.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
D:\Program files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Documents and Settings\Jasmin\Desktop\TSD\TR3.exe..exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.bearshare.com/intl/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18C6BA00-F4CC-4CEF-84EE-0BF530C0D45C} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll (file missing)
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: (no name) - {71C53EE1-BCD9-46C4-84FA-85933AF96873} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B2BAC412-99EC-471A-BD37-63C2327C97A3} - C:\WINDOWS\system32\ruwfciim.dll (file missing)
O2 - BHO: (no name) - {C9F315B0-F86C-40B8-B593-CF21C81EE1C6} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {CCEA4202-06DC-4552-AA26-CA6D7E36E30F} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {D6258CA6-2028-4CDD-B496-CACC18721A60} - C:\WINDOWS\system32\rqRJBQkK.dll
O2 - BHO: (no name) - {D81C6A1E-82B2-4E92-9CE9-9533155834D8} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {E9DA74DB-27B6-4A75-8A28-F44524401435} - C:\WINDOWS\system32\khffCsTj.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\WLAN\ACU.exe" -nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [8cf8a9f2] rundll32.exe "C:\WINDOWS\system32\nnhojuvd.dll",b
O4 - HKLM\..\Run: [avgnt] "D:\Program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....3723188921
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: rqRJBQkK - C:\WINDOWS\SYSTEM32\rqRJBQkK.dll
O23 - Service: WLAN Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Poslao: 01 Jul 2008 23:22
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...




Arrow Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


-------------------------------------------------------------------------------------


Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 02 Jul 2008 00:14
Idi na vrh
offline
  • Pridružio: 13 Maj 2007
  • Poruke: 163
  • Gde živiš: Gracanica

evo ga,nisam mogao brze Smile



ComboFix 08-06-30.2 - Jasmin 2008-07-01 23:44:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.115 [GMT 2:00]
Running from: C:\Documents and Settings\Jasmin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\axffosbu.ini
C:\WINDOWS\system32\bqcmsauj.ini
C:\WINDOWS\system32\cgnxtcye.ini
C:\WINDOWS\system32\cjeqouay.ini
C:\WINDOWS\system32\dvujohnn.ini
C:\WINDOWS\system32\ejgirgtx.dll
C:\WINDOWS\system32\fpxnawaf.ini
C:\WINDOWS\system32\hxybckki.ini
C:\WINDOWS\system32\jTsCffhk.ini
C:\WINDOWS\system32\jTsCffhk.ini2
C:\WINDOWS\system32\khffCsTj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msssc.dll
C:\WINDOWS\system32\nnhojuvd.dll
C:\WINDOWS\system32\pgiqkwcx.ini
C:\WINDOWS\system32\rqRJBQkK.dll
C:\WINDOWS\system32\rvkxeakl.ini
C:\WINDOWS\system32\skykqgjk.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-07-01 14:36 . 2008-07-01 14:36 <DIR> d-------- C:\Program Files\OGPlanet
2008-07-01 13:28 . 2008-07-01 13:28 <DIR> d-------- C:\Program Files\Games-Masters.com
2008-06-29 01:13 . 2008-06-29 01:13 <DIR> d-------- C:\Documents and Settings\Jasmin\Logs
2008-06-29 01:05 . 2008-06-29 01:05 <DIR> d-------- C:\Logs
2008-06-26 16:42 . 2008-06-26 16:42 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-25 17:19 . 2008-06-25 17:19 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-06-25 17:18 . 2008-06-25 17:18 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-25 16:35 . 2008-06-25 16:35 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-06-25 16:35 . 2008-06-25 16:35 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-06-25 16:31 . 2008-06-25 16:31 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-25 16:31 . 2008-06-25 16:31 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6397.sys
2008-06-23 23:57 . 2008-06-25 15:45 <DIR> d-------- C:\Program Files\BearShare Applications
2008-06-23 23:57 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-06-20 23:56 . 2008-06-20 23:56 <DIR> d-------- C:\Documents and Settings\Jasmin\Application Data\atitray
2008-06-20 16:49 . 2008-06-20 16:49 <DIR> d-------- C:\ATI
2008-06-20 16:47 . 2008-06-20 16:47 <DIR> d-------- C:\Program Files\Ray Adams
2008-06-20 10:57 . 2008-06-20 10:57 761 --a------ C:\WINDOWS\system32\tutgfppp.dll
2008-06-20 00:17 . 2008-06-20 00:17 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-20 00:09 . 2008-06-20 00:09 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-20 00:07 . 2008-06-20 00:10 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-20 00:06 . 2008-06-20 00:06 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-19 16:56 . 2008-06-19 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-06-19 13:42 . 2008-06-19 13:42 900 --a------ C:\WINDOWS\system32\ixhfrpcc.dll
2008-06-19 01:14 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-18 15:23 . 2008-06-20 11:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-18 14:47 . 2008-06-30 22:30 <DIR> d-------- C:\Documents and Settings\Jasmin\amsn
2008-06-18 14:45 . 2008-06-18 14:46 <DIR> d-------- C:\Program Files\aMSN
2008-06-18 14:39 . 2008-06-18 14:39 <DIR> d-------- C:\Documents and Settings\Jasmin\Application Data\GRETECH
2008-06-18 14:35 . 2008-06-18 14:35 900 --a------ C:\WINDOWS\system32\oqgnfykb.dll
2008-06-18 14:32 . 2008-06-18 14:32 761 --a------ C:\WINDOWS\system32\epgjsdbe.dll
2008-06-18 08:28 . 2008-06-22 00:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-18 04:10 . 2008-06-17 19:36 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-18 04:05 . 2008-07-02 00:00 7,991,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-18 04:05 . 2008-07-02 00:00 95,696 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-18 04:02 . 2008-06-18 04:02 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-06-18 04:02 . 2008-07-01 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-18 04:00 . 2008-06-18 04:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-18 03:59 . 2008-07-01 23:41 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-06-18 03:59 . 2008-06-18 03:59 <DIR> d-------- C:\Program Files\Zone Labs
2008-06-18 03:58 . 2008-06-18 03:58 <DIR> d-------- C:\Program Files\WLAN
2008-06-18 03:57 . 2008-06-18 03:57 <DIR> d-------- C:\temp
2008-06-18 03:29 . 2008-06-18 03:29 <DIR> d-------- C:\DAIBLO
2008-06-18 03:28 . 2007-12-23 15:34 39 --a------ C:\realmlist.wtf
2008-06-18 03:16 . 2008-06-18 03:16 <DIR> d-------- C:\Program Files\Intel
2008-06-18 03:16 . 2002-10-15 09:00 101,431 --a------ C:\WINDOWS\system32\drivers\IdeChnDr.sys
2008-06-18 03:16 . 2002-10-15 09:00 44,875 --a------ C:\WINDOWS\system32\IPrtCnst.dll
2008-06-18 03:16 . 2002-10-15 09:00 13,891 --a------ C:\WINDOWS\system32\drivers\IdeBusDr.sys
2008-06-18 03:14 . 2004-08-04 08:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-06-18 03:13 . 2008-06-18 03:13 <DIR> d-------- C:\WINDOWS\VirtualEar
2008-06-18 03:13 . 2008-06-18 03:13 <DIR> d-------- C:\Program Files\Analog Devices
2008-06-18 03:12 . 2000-03-29 08:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-06-18 03:12 . 2008-06-18 03:12 2,961 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-06-18 03:10 . 2005-02-22 21:05 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-06-18 03:10 . 2005-02-23 05:46 299,008 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-06-18 03:09 . 2008-06-17 22:09 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 03:09 . 2008-06-18 03:57 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-18 03:09 . 2008-06-18 03:11 <DIR> d-------- C:\Program Files\ATI Technologies
2008-06-18 03:07 . 2003-01-29 09:29 8,703 -r------- C:\WINDOWS\system32\drivers\EIO.sys
2008-06-18 03:05 . 2008-07-01 18:26 <DIR> d-------- C:\Documents and Settings\Jasmin
2008-06-18 03:01 . 2008-06-18 03:01 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-06-18 03:01 . 2008-06-18 03:01 <DIR> d--hs---- C:\Documents and Settings\NetworkService
2008-06-18 03:01 . 2008-07-01 22:21 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-06-18 01:31 . 2008-06-19 18:50 <DIR> d-------- C:\Program Files\Uniblue
2008-06-18 01:31 . 2008-06-19 18:50 <DIR> d-------- C:\Documents and Settings\Jasmin\Application Data\Uniblue
2008-06-18 00:53 . 2008-06-18 00:54 164 --a------ C:\install.dat
2008-06-17 23:24 . 2008-06-17 23:25 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-17 17:56 . 2008-06-17 17:57 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-06-17 17:52 . 2008-06-17 17:52 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-06-17 17:28 . 2008-06-17 17:28 <DIR> d-------- C:\Program Files\Comodo
2008-06-17 17:28 . 2008-06-17 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-06-17 17:28 . 2008-06-17 17:28 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-06-17 17:28 . 2008-06-17 17:28 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-06-17 17:28 . 2008-06-17 17:28 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-06-17 17:28 . 2008-06-17 17:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-06-17 17:28 . 2008-06-17 17:28 216,576 --a------ C:\WINDOWS\system32\monln.dll
2008-06-17 17:24 . 2008-06-17 17:24 <DIR> d-------- C:\Program Files\Codebox
2008-06-17 17:16 . 2008-06-17 17:47 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-17 17:16 . 2005-02-25 05:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-17 17:12 . 2008-06-17 17:12 <DIR> d-------- C:\Program Files\GRETECH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 16:23 2,638,848 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-06-23 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-18 01:58 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-06-18 00:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-17 17:36 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-17 17:36 --------- d-----w C:\Program Files\Windows Live
2008-06-17 17:33 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-06-17 17:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 17:32 --------- d-----w C:\Documents and Settings\Jasmin\Application Data\TuneUp Software
2008-06-17 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-06-17 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-19 13:33 4,445,184 ----a-w C:\WINDOWS\system32\msi.dll
2008-05-19 13:33 332,800 ----a-w C:\WINDOWS\system32\msihnd.dll
2008-05-19 13:33 18,944 ----a-w C:\WINDOWS\system32\msisip.dll
2008-05-19 08:57 95,744 ----a-w C:\WINDOWS\system32\msiexec.exe
2008-04-17 08:43 2,560 ----a-w C:\WINDOWS\system32\msimsg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
2008-04-17 09:44 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 20:34 5724184]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 12:22 1923352]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 09:50 9442584]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2006-12-06 15:00 516608]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 09:50 1424648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 21:05 339968]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 17:57 143360]
"ACU"="C:\Program Files\WLAN\ACU.exe" [2006-01-06 01:47 303104]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 08:11 919016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
"avgnt"="D:\Program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bitmeter2.lnk - C:\Program Files\Codebox\BitMeter\BitMeter2.exe [2006-02-11 17:35:08 1359872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2006-11-30 10:05]
R3 AR5523;WLAN USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-06 01:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e57bb4e5-3c8f-11dd-a300-806d6172696f}]
\Shell\AutoRun\command - E:\Bin\asusqfe.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 15:15:56 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-06-29 16:50:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-19 16:50:48 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-29 16:37:04 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-06-21 22:31:16 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{18C6BA00-F4CC-4CEF-84EE-0BF530C0D45C} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll
BHO-{71C53EE1-BCD9-46C4-84FA-85933AF96873} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll
BHO-{B2BAC412-99EC-471A-BD37-63C2327C97A3} - C:\WINDOWS\system32\ruwfciim.dll
BHO-{C9F315B0-F86C-40B8-B593-CF21C81EE1C6} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll
BHO-{CCEA4202-06DC-4552-AA26-CA6D7E36E30F} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll
BHO-{D81C6A1E-82B2-4E92-9CE9-9533155834D8} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll
HKLM-Run-8cf8a9f2 - C:\WINDOWS\system32\nnhojuvd.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-02 00:01:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\acs.exe
D:\Program files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\SoftwareDistribution\Download\07fc28da31fb67510471389f08fbbe93\update\update.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-02 0:07:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-01 22:07:39

Pre-Run: 23,207,968,768 bytes free
Post-Run: 23,095,652,352 bytes free

225 --- E O F --- 2008-06-17 15:16:07

Poslao: 02 Jul 2008 17:58
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\tutgfppp.dll
C:\WINDOWS\system32\ixhfrpcc.dll
C:\WINDOWS\system32\oqgnfykb.dll
C:\WINDOWS\system32\epgjsdbe.dll


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 02 Jul 2008 18:59
Idi na vrh
offline
  • Pridružio: 13 Maj 2007
  • Poruke: 163
  • Gde živiš: Gracanica

evo ga :


ComboFix 08-06-30.2 - Jasmin 2008-07-02 18:51:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.173 [GMT 2:00]
Running from: C:\Documents and Settings\Jasmin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jasmin\Desktop\CFScript.txt

Poslao: 02 Jul 2008 20:25
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Logfile nije kompletan. Priloži ga uz poruku korišćenjem opcije Prikači fajl.

Poslao: 02 Jul 2008 21:11
Idi na vrh
offline
  • Pridružio: 13 Maj 2007
  • Poruke: 163
  • Gde živiš: Gracanica

koliko sam ja shvatio,ovo si trazio Smile


mycity.rs/must-login.png

Poslao: 02 Jul 2008 21:32
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poslao: 02 Jul 2008 22:17
Idi na vrh
offline
  • Pridružio: 13 Maj 2007
  • Poruke: 163
  • Gde živiš: Gracanica

uradio sam,hvala ti puno Wink

MyCity » Ambulanta -> Arhiva Ambulante » usporen pc i virusi koji se ne mogu izbrisati

Ko je trenutno na forumu
 

Ukupno su 822 korisnika na forumu :: 6 registrovanih, 0 sakrivenih i 816 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: deNSki, lcc, nemkea71, Rogan33, Valter071, Čivi