zarazen kompjuter

1

zarazen kompjuter

offline
  • Pridružio: 07 Jun 2008
  • Poruke: 104

moja drugarica ima prob. sa kompjuterom nija ga koristila neko vrijeme pa sad joj nesta sa netom nije uredu da li je do virusa ili nesta slicno,pa mozete li mi nekako pomoci?poz

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ne mozemo joj pomoci...

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

e kad to uradis onda mozemo da joj pomognemo Wink

offline
  • Pridružio: 07 Jun 2008
  • Poruke: 104

Napisano: 12 Jun 2009 13:35

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:18, on 12.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\x\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66020
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=66020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=66020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = toolbar.ask.com/toolbarv/askRedirect?o=1665&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = toolbar.ask.com/toolbarv/askRedirect?o=1665&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZCfox000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [searching] Search from the Address bar
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 5867 bytes

Dopuna: 12 Jun 2009 18:54

oćeli mu biti pomoći----..

Dopuna: 13 Jun 2009 16:16

neradi joj kompjuter,mozete li pomoci mojoj drugarici?

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi Dr.Web CureIt (~13 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)

Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu


Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

offline
  • Pridružio: 07 Jun 2008
  • Poruke: 104

testabd.dll c:\program files\thunmail Trojan.PWS.Wow.1315 Deleted.
winse32.exe c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013 Trojan.Packed.469 Deleted.
dncyool64.sys C:\WINDOWS\system32 Trojan.Click.25715 Deleted.
youtubesetup.exe\data001 C:\Documents and Settings\x\My Documents\Programi\youtubesetup.exe BackDoor.BlackHole.3160
youtubesetup.exe C:\Documents and Settings\x\My Documents\Programi Archive contains infected objects Moved.
BcbtRmv_1.7.exe C:\Program Files\D-Link\Bluetooth Software\bin Win32.Virut.56 Cured.
MSACCESS.EXE C:\Program Files\Microsoft Office\Office Win32.Virut.56 Cured.
vcredist_x64.exe C:\Program Files\Sony Setup\Sound Forge 9.0\nrpack Win32.Virut.56 Cured.
vmuvc.exe C:\Program Files\Vimicro Corporation\VMUVC Win32.Virut.56 Cured.
msimg32.dll C:\Program Files\Windows Live\Messenger Adware.MyWebSearch.6 Incurable.Moved.
riched20.dll C:\Program Files\Windows Live\Messenger Adware.MyWebSearch.8 Incurable.Moved.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 07 Jun 2008
  • Poruke: 104

Napisano: 15 Jun 2009 19:31

ComboFix 09-05-22.04 - x 15.06.2009 18:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.72 [GMT 2:00]
Running from: c:\documents and settings\x\Desktop\co mbbb\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\program files\Common Files\System\Uninstall
c:\program files\Common Files\System\Uninstall\Uninstall A360.lnk
c:\program files\ThunMail
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
c:\windows\Install.txt
c:\windows\jestertb.dll
c:\windows\system32\3361
c:\windows\system32\FInstall.sys
c:\windows\system32\Install.txt

.
((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.

2009-06-13 17:25 . 2009-06-13 17:25 -------- d-----w c:\documents and settings\x\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 09:43 . 2008-05-24 16:04 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-06-10 11:36 . 2008-10-24 18:41 -------- d-----w c:\documents and settings\x\Application Data\skypePM
2009-06-10 11:36 . 2008-10-23 20:00 -------- d-----w c:\documents and settings\x\Application Data\Skype
2009-05-19 16:31 . 2009-04-25 09:35 0 ----a-w c:\windows\system32\drivers\1d91fa8d.sys
2009-05-08 14:47 . 2009-05-07 21:24 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-08 14:47 . 2009-05-07 21:24 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-08 14:40 . 2009-05-08 14:31 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-08 14:30 . 2009-05-07 21:10 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-08 14:13 . 2009-05-08 14:13 -------- d-----w c:\program files\Realtek Sound Manager
2009-05-08 14:13 . 2004-10-06 15:50 -------- d-----w c:\program files\AvRack
2009-05-08 14:13 . 2009-05-08 14:12 -------- d-----w c:\program files\Realtek AC97
2009-05-08 13:04 . 2004-10-06 06:17 22776 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-08 10:10 . 2009-05-08 10:10 36864 ----a-w c:\windows\system32\slrundll.exe
2009-05-08 06:37 . 2008-03-10 18:01 -------- d-----w c:\program files\Winamp
2009-05-08 05:55 . 2009-05-08 05:49 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-07 19:55 . 2009-05-07 19:55 -------- d-----w c:\documents and settings\x\Application Data\TuneUp Software
2009-05-07 13:38 . 2008-10-10 20:50 90112 ----a-w c:\windows\unvise32qt.exe
2009-05-07 13:38 . 2006-07-14 14:29 970752 ----a-w c:\windows\UNRecode.exe
2009-05-07 13:38 . 2006-07-14 14:29 970752 ----a-w c:\windows\UNNeroVision.exe
2009-05-07 13:29 . 2004-10-06 15:53 26624 ----a-w c:\windows\system32\xpsp1hfm.exe
2009-05-07 13:13 . 2004-10-06 16:03 323584 ----a-w c:\windows\system32\nwiz.exe
2009-05-07 13:12 . 1998-10-01 19:00 39936 ----a-w c:\windows\system32\MAPISRVR.EXE
2009-05-07 13:12 . 2004-10-06 16:03 290816 ----a-w c:\windows\system32\keystone.exe
2009-05-07 13:11 . 2002-08-29 03:41 172544 ----a-w c:\windows\system32\jview.exe
2009-05-07 13:11 . 2002-08-29 03:41 14848 ----a-w c:\windows\system32\jdbgmgr.exe
2009-05-07 13:11 . 2004-08-03 23:56 22016 ----a-w c:\windows\system32\faxpatch.exe
2009-05-07 13:05 . 2004-08-03 23:56 8704 ----a-w c:\windows\system32\spdwnwxp.exe
2009-05-07 13:05 . 2007-07-15 21:46 165376 ----a-w c:\windows\system32\SpoonUninstall.exe
2009-05-07 13:05 . 2004-08-03 23:56 22016 ----a-w c:\windows\system32\spupdwxp.exe
2009-05-07 12:50 . 2007-08-08 18:21 47104 ----a-w c:\windows\system32\uwdf.exe
2009-05-07 12:46 . 2002-08-29 03:41 171520 ----a-w c:\windows\system32\wjview.exe
2009-05-07 12:46 . 2002-08-29 03:41 81920 ----a-w c:\windows\system32\wmpstub.exe
2009-05-07 12:42 . 2008-10-29 18:17 9728 ----a-w c:\windows\system32\comsdupd.exe
2009-05-07 12:42 . 2002-08-29 03:41 50176 ----a-w c:\windows\system32\clspack.exe
2009-05-06 22:51 . 2005-01-18 06:58 300032 ----a-w c:\windows\uninst.exe
2009-05-06 22:51 . 2005-01-18 06:58 302592 ----a-w c:\windows\unin040c.exe
2009-05-06 22:51 . 2005-08-09 21:38 274432 ----a-w c:\windows\TLCUninstall.exe
2009-05-06 22:51 . 2004-10-06 15:49 307712 ----a-w c:\windows\IsUninst.exe
2009-05-06 22:10 . 1999-08-02 09:47 391680 ----a-w c:\program files\YuRecnik.exe
2009-05-06 22:10 . 1999-08-02 09:40 224256 ----a-w c:\program files\MiniYuRecnik.exe
2009-05-06 22:10 . 1999-01-25 04:27 29184 ----a-w c:\program files\Uninstal.exe
2009-05-06 19:45 . 2004-10-06 16:00 335872 ----a-r c:\windows\Anvshell.exe
2009-05-06 19:45 . 2004-10-06 16:00 24576 -c--a-r c:\windows\ANVUNIS.exe
2009-05-06 18:57 . 2004-10-09 22:26 1094656 ----a-w c:\documents and settings\Recnik\Recnik.EXE
2009-05-06 18:49 . 2008-11-18 14:55 2560 ----a-w c:\windows\_MSRSTRT.EXE
2009-05-06 18:01 . 2008-12-25 23:32 184320 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-06 17:56 . 2007-08-08 18:21 38912 ----a-w c:\windows\system32\wdfmgr.exe
2009-05-06 17:56 . 2004-10-06 16:03 73728 ----a-w c:\windows\system32\nvsvc32.exe
2009-05-06 17:54 . 2004-10-10 00:35 221184 ----a-w c:\windows\system32\srkey.exe
2009-04-28 15:06 . 2006-12-12 23:45 -------- d-----w c:\program files\Recnik20
2009-04-28 14:35 . 2009-02-01 12:48 -------- d-----w c:\program files\Mp3 Knife
2009-04-28 14:35 . 2009-02-01 13:06 -------- d-----w c:\program files\DVD Knife
2009-01-07 20:56 . 2007-03-12 01:08 1123 ----a-w c:\program files\Yurecnik.ini
2009-01-07 11:54 . 2007-03-12 01:08 258 ----a-w c:\program files\Mini-YuRecnik.ini
2007-08-07 21:20 . 2004-10-08 04:05 778240 ----a-w c:\program files\Mv2Player.exe
2007-03-12 01:07 . 2007-03-12 01:06 10819 ---ha-w c:\program files\Yurecnik.GID
2007-03-12 01:06 . 2007-03-12 01:06 1909 ----a-w c:\program files\uninstal.log
2007-02-17 23:17 . 2005-05-11 00:02 313 ----a-w c:\program files\MV2Player.rcn
2007-02-17 23:17 . 2005-05-11 00:02 10751 ----a-w c:\program files\MV2Player.ini
2007-02-17 23:17 . 2005-05-11 00:02 36 ----a-w c:\program files\LastSet.mv2
1999-08-02 09:35 . 1999-08-02 09:35 9559 ----a-w c:\program files\YURECNIK.HLP
1999-08-02 09:35 . 1999-08-02 09:35 57 ----a-w c:\program files\Yurecnik.CNT
1999-07-29 09:43 . 1999-07-29 09:43 2447472 ----a-w c:\program files\Reci.dat
1996-09-06 12:08 . 1996-09-06 12:08 30070 ----a-w c:\program files\Fb_deflt.dic
1996-02-23 15:26 . 1996-02-23 15:26 469504 -c--a-w c:\program files\Fb_11k8.dll
1996-02-23 14:59 . 1996-02-23 14:59 34816 ----a-w c:\program files\Fb_spch.dll
1996-02-23 14:48 . 1996-02-23 14:48 4608 ----a-w c:\program files\Fb_timer.dll
1996-02-23 14:46 . 1996-02-23 14:46 29184 ----a-w c:\program files\Fb_ngn.exe
1996-02-23 14:21 . 1996-02-23 14:21 16896 ----a-w c:\program files\Uraspec.exe
1996-02-23 14:17 . 1996-02-23 14:17 18432 ----a-w c:\program files\Dictmgr.exe
1993-11-29 08:32 . 1993-11-29 08:32 16896 ----a-w c:\program files\Monologw.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-28 185872]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-04-02 49152]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^x^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cognac
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reader_s
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vt100 emulator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

S1 1d91fa8d;1d91fa8d;c:\windows\system32\drivers\1d91fa8d.sys [25.4.2009 11:35 0]
S2 PowerManager;Power Manager; [x]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10.12.2008 19:51 29744]
S3 ISOUSB;Vimicro UVC generic driver;c:\windows\system32\drivers\vgeneric.sys [28.10.2008 22:20 64000]
S3 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [18.10.2007 12:31 98328]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [29.10.2008 21:04 249984]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [29.10.2008 21:04 476032]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04570f19-a671-11dd-ba8b-000c761c93fc}]
\Shell\AutoRun\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
\Shell\open\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bc85b93-2b66-11de-bc2b-000c761c93fc}]
\Shell\AutoRun\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
\Shell\open\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8529539-f1f1-11dd-bb8b-000c761c93fc}]
\Shell\AutoOpen\command - f:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=1665&gct=&gc=1&q=%s
IE: &Search - ?p=ZCfox000
IE: Send to &Bluetooth Device... - c:\program files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\x\Application Data\Mozilla\Firefox\Profiles\255yjv76.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=1665&gct=&gc=1&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\Npindeo.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nppl3260.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nprjplug.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera75\Program\Plugins\npwmsdrm.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-06-15 18:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\autorun]
"ImagePath"="\??\C:\huadio.tmp"
.
Completion time: 2009-06-15 18:47
ComboFix-quarantined-files.txt 2009-06-15 16:46

Pre-Run: 6.659.788.800 bytes free
Post-Run: 6.647.955.456 bytes free

213

Dopuna: 16 Jun 2009 22:05

Jesmo sve uredu napravili, koji je sledeći korak

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Start>Run i kucaj Combofix /u

Zatim

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 07 Jun 2008
  • Poruke: 104

Pa mi smo jednom radili ovo,treba li ponoviti?

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Mora.. i obrisi staru verziju i skini program sa neki od ovih linkova tacno na Desktop a ne kao u prethodnom slucaju

c:\documents and settings\x\Desktop\co mbbb\ComboFix.exe

Ko je trenutno na forumu
 

Ukupno su 1194 korisnika na forumu :: 37 registrovanih, 5 sakrivenih i 1152 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 100ka, A.R.Chafee.Jr., Acivi, avijacija, babaroga, Bickoooo, Bobrock1, bojank, bojcistv, comi_pfc, Denaya, Duh sa sekirom, Dzoni90, Georgius, jukeboxer, Kubovac, kybonacci, laurusri, M1los, Marko Marković, Metanoja, mile33, milenko crazy north, MiroslavD, nebojsag, nenooo, nextyamb, raketaš, raptorsi, Smajser, Stanlio, strelac07, tmanda323, uruk, Vatreni Zmaj, wolf431, zlaya011