MyCity » Ambulanta -> Arhiva Ambulante » Pomoć - izgleda da je virus

Pomoć - izgleda da je virus

Napisano na dan: 20.12.2008

Strana:
1
2

Pomoć - izgleda da je virus

Sledeća strana

Pagination

Odgovori

Strana:
1
2

draganela Poslao: 20 Dec 2008 21:56 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:43:31, on 20.12.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\DOCUME~1\User\LOCALS~1\Temp\yyy20403.exe C:\DOCUME~1\User\LOCALS~1\Temp\~tmpb.exe C:\Program Files\WinZip32\WZQKPICK.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\User\LOCALS~1\Temp\~tmpc.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\User\Desktop\kkkkkk\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.freeze.com/?AcquisitionID=4aa809b9-2824-.....=&ipc= O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [Yamaha DS-XG Driver] C:\WINDOWS\system32\vdriver.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\User\LOCALS~1\Temp\~tmpb.exe O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\User\LOCALS~1\Temp\yyy20403.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip32\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 5666 bytes Sinoć sam skidao neke slike i pokupio sam neki virus, ovo mi je prvi put da me virus zeza, tako da ne znam nista o ovome. Jutros mi je prvo NOD prijavio da imam virus-trojanac u jednom folderu i taj sam folder obrisao i posle toga NOD u vezi toga nije nista prijavljivao. Ali ceo dan mi na taskbaru jedna ikonica pokazuje "You have a security problem" i svako 10 minuta mi iskoči prozorčić u kome me upozorava da mi je kompjuter mozda zarazen i da mogu izgubiti sve podatke i ... i pita me da li želim da instaliram VirusRemuver2008 da skenira kompjuter za malware. Ja iako idem na cancel on izbaci još dva prozora i pocne nesto da skenira i onda NOD prijavi sledeće Threat: Win32/Adware. Antivirus2008 aplication trial/InstallAVg-77100106.exe Priključen sam na ADSL - 512 Kbt/s

Profil

bobby Poslao: 20 Dec 2008 23:34 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

draganela Poslao: 21 Dec 2008 00:01 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Instalirao sam Spybot i prečistio ga i radi za sad ok!!!! Posle sam video šta ste mi vi preporučili pa sam uradio i to, ali posle Spybot-a. Nadam se da nisam nešto zabrljao. Tu je izveštaj pa pogledajte ComboFix 08-12-20.03 - User 2008-12-20 23:39:24.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1596 [GMT 1:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\windows\system32\mpg4c32.dll c:\windows\system32\r6uxWgY1.exe.a_a . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WERFGH ((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 ))))))))))))))))))))))))))))))) . 2008-12-20 23:28 . 2008-12-20 23:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\EmailNotifier 2008-12-20 22:44 . 2008-12-20 22:44 146 --a------ c:\windows\wininit.ini 2008-12-20 22:27 . 2008-12-20 22:27 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-12-20 22:27 . 2008-12-20 22:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-20 17:09 . 2008-12-20 17:09 <DIR> d-------- c:\program files\Microsoft Silverlight 2008-12-20 16:37 . 2008-12-20 18:23 <DIR> d-------- c:\windows\system32\CatRoot_bak 2008-12-20 16:29 . 2008-12-20 16:29 50 --a------ c:\windows\MegaManager.INI 2008-12-20 15:50 . 2008-12-20 16:25 <DIR> d--h----- c:\windows\$hf_mig$ 2008-12-16 16:04 . 2008-12-17 22:39 <DIR> d-------- c:\program files\WinZip32 2008-12-14 17:57 . 2008-12-14 17:57 54,156 --ah----- c:\windows\QTFont.qfn 2008-12-14 17:57 . 2008-12-14 17:57 1,409 --a------ c:\windows\QTFont.for 2008-12-05 21:33 . 2008-12-09 16:49 <DIR> d-------- c:\program files\XviD 2008-12-05 21:22 . 2008-12-05 21:22 <DIR> d-------- c:\windows\system32\QuickTime 2008-12-05 21:22 . 2008-12-04 21:42 815,104 --a------ c:\windows\system32\xvidcore.dll 2008-12-05 21:22 . 2004-09-23 18:57 747,008 --a------ c:\windows\system32\Indeo4.qtx 2008-12-05 21:22 . 2002-12-20 12:40 675,328 --a------ c:\windows\system32\ir50_32.qtx 2008-12-05 21:22 . 2005-06-10 17:40 360,504 --a------ c:\windows\system32\QTPlugin.ocx 2008-12-05 21:22 . 2004-09-23 18:57 323,072 --a------ c:\windows\system32\QuickTime.cpl 2008-12-05 21:22 . 2002-11-08 20:04 225,280 --a------ c:\windows\system32\qtmlClient.dll 2008-12-05 21:22 . 2004-01-22 19:06 157,696 --a------ c:\windows\system32\unrar.dll 2008-12-05 21:22 . 2004-09-23 18:57 70,144 --a------ c:\windows\system32\QuickTimeCheck.ocx 2008-12-05 21:16 . 2008-12-05 21:16 848 --ahs---- c:\windows\system32\KGyGaAvL.sys 2008-12-05 21:01 . 2008-12-05 21:01 <DIR> d-------- c:\program files\Kodeci 2008-12-02 19:38 . 2008-12-02 19:38 <DIR> d-------- c:\program files\Mail me 2008-11-21 22:47 . 2008-11-21 22:47 3,596,288 --a------ c:\windows\system32\qt-dx331.dll 2008-11-21 22:47 . 2008-11-21 22:47 524,288 --a------ c:\windows\system32\DivXsm.exe 2008-11-21 22:47 . 2008-11-21 22:47 4,816 --a------ c:\windows\system32\divxsm.tlb 2008-11-21 22:46 . 2008-11-21 22:46 1,044,480 --a------ c:\windows\system32\libdivx.dll 2008-11-21 22:46 . 2008-11-21 22:46 200,704 --a------ c:\windows\system32\ssldivx.dll 2008-11-21 22:44 . 2008-11-21 22:44 161,096 --a------ c:\windows\system32\DivXCodecVersionChecker.exe 2008-11-21 22:44 . 2008-11-21 22:44 12,288 --a------ c:\windows\system32\DivXWMPExtType.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-20 21:44 --------- d-----w c:\program files\Free Offers from Freeze.com 2008-12-20 15:29 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-09 15:51 --------- d-----w c:\documents and settings\User\Application Data\DivX 2008-12-09 15:50 --------- d-----w c:\program files\DivX 2008-12-06 09:08 --------- d-----w c:\program files\Real Alternative 2008-12-05 20:32 --------- d-----w c:\program files\AngelPotion Video Codec V1 2008-12-05 20:22 --------- d-----w c:\program files\K-Lite Codec Pack 2008-12-02 18:38 737,280 ----a-w c:\windows\iun6002.exe 2008-11-27 16:41 --------- d-----w c:\program files\Google 2008-11-21 21:47 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys 2008-11-21 21:47 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys 2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys 2008-11-19 19:23 --------- d-----w c:\program files\VLC player 2008-11-17 12:54 --------- d-----w c:\program files\FLV Player 2008-11-11 18:28 --------- d-----w c:\program files\Common Files\Adobe 2008-11-10 18:01 --------- d-----w c:\program files\YouTube Downloader 2008-11-07 14:50 --------- d-----w c:\documents and settings\User\Application Data\vlc 2008-11-07 14:49 --------- d-----w c:\program files\VideoLAN 2008-11-06 23:27 --------- d-----w c:\program files\Real 2008-11-06 23:27 --------- d-----w c:\program files\Common Files\Real 2008-11-06 23:27 --------- d-----w c:\documents and settings\All Users\Application Data\Winferno 2008-11-06 23:23 --------- d-----w c:\program files\Winferno 2008-11-06 23:23 --------- d-----w c:\program files\Common Files\Winferno 2008-11-06 22:58 --------- d-----w c:\documents and settings\User\Application Data\bsplayer 2008-11-04 17:53 --------- d-----w c:\program files\Eset 2007-12-13 18:38 22,328 ----a-w c:\documents and settings\User\Application Data\PnkBstrK.sys 2008-11-27 16:42 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2008-12-20 15:36 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-12-20 15:36 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-20 15:36 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-12-20 15:36 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-12-20 15:36 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-09-19 14:32 56 --sh--r c:\windows\system32\2D490C189A.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-12-04 949376] "TkBellExe"="c:\program files\K-Lite Codec Pack\Real\Update_OB\realsched.exe" [2008-09-20 180269] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-27 30192] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinZip Quick Pick.lnk - c:\program files\WinZip32\WZQKPICK.EXE [2008-12-16 106560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.AP41"= APmpg4v1.dll "VIDC.X264"= x264vfw.dll "vidc.i263"= i263_32.drv "vidc.i420"= i263_32.drv "msacm.l3fhg"= mp3fhg.acm "msacm.imc"= imc32.acm "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "VIDC.HFYU"= huffyuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"= R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-12-04 15424] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-27 30192] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{288cddf3-4add-11dd-a55e-0019dbd0ba74}] \Shell\AutoRun\command - G:\semo2x.exe \Shell\explore\Command - G:\semo2x.exe \Shell\open\Command - G:\semo2x.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{288cddf9-4add-11dd-a55e-0019dbd0ba74}] \Shell\AutoRun\command - G:\semo2x.exe \Shell\explore\Command - G:\semo2x.exe \Shell\open\Command - G:\semo2x.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bc3cc1a-a371-11dc-a47a-0019dbd0ba74}] \Shell\AutoRun\command - F:\fooool.exe \Shell\explore\Command - F:\fooool.exe \Shell\open\Command - F:\fooool.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{398fdb0c-1f4c-11dd-a527-0019dbd0ba74}] \Shell\Auto\command - G:\Autorun.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39aa99ef-d659-11dc-a4c5-0019dbd0ba74}] \Shell\Auto\command - H:\Autorun.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47a859a0-2004-11dd-a528-0019dbd0ba74}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47a859b1-2004-11dd-a528-0019dbd0ba74}] \Shell\AutoRun\command - G:\semo2x.exe \Shell\explore\Command - G:\semo2x.exe \Shell\open\Command - G:\semo2x.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d75d832-1638-11dd-a520-0019dbd0ba74}] \Shell\Auto\command - G:\Autorun.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56955b9c-ff20-11dc-a501-0019dbd0ba74}] \Shell\Auto\command - G:\Autorun.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6174c261-ad5f-11dc-a490-0019dbd0ba74}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8227b11a-c997-11dc-a4b4-0019dbd0ba74}] \Shell\Auto\command - H:\Autorun.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{985ac207-8b36-11dd-a5ca-0019dbd0ba74}] \Shell\AutoRun\command - G:\semo2x.exe \Shell\explore\Command - G:\semo2x.exe \Shell\open\Command - G:\semo2x.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a995b618-a73a-11dc-a485-0019dbd0ba74}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a995b61a-a73a-11dc-a485-0019dbd0ba74}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9f201e1-c426-11dc-a4aa-0019dbd0ba74}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc2b656c-391b-11dd-a546-0019dbd0ba74}] \Shell\AutoRun\command - G:\semo2x.exe \Shell\explore\Command - G:\semo2x.exe \Shell\open\Command - G:\semo2x.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be53063e-c740-11dc-a4af-0019dbd0ba74}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{becfe586-39ec-11dd-a547-0019dbd0ba74}] \Shell\Auto\command - G:\Autorun.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{becfe587-39ec-11dd-a547-0019dbd0ba74}] \Shell\Auto\command - G:\Autorun.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d204993e-ec45-11dc-a4e3-0019dbd0ba74}] \Shell\Auto\command - G:\Autorun.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd54b60f-b137-11dc-a499-0019dbd0ba74}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd906a04-c6a4-11dc-a4ad-0019dbd0ba74}] \Shell\Auto\command - H:\Autorun.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe . Contents of the 'Scheduled Tasks' folder 2008-12-19 c:\windows\Tasks\At1.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-19 c:\windows\Tasks\At10.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-19 c:\windows\Tasks\At11.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-20 c:\windows\Tasks\At12.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-20 c:\windows\Tasks\At13.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-20 c:\windows\Tasks\At14.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-19 c:\windows\Tasks\At15.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-19 c:\windows\Tasks\At16.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-20 c:\windows\Tasks\At17.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-20 c:\windows\Tasks\At18.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-20 c:\windows\Tasks\At19.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-19 c:\windows\Tasks\At2.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-20 c:\windows\Tasks\At20.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-19 c:\windows\Tasks\At21.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-20 c:\windows\Tasks\At22.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-20 c:\windows\Tasks\At23.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-20 c:\windows\Tasks\At24.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-19 c:\windows\Tasks\At3.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-19 c:\windows\Tasks\At4.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-19 c:\windows\Tasks\At5.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-19 c:\windows\Tasks\At6.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-19 c:\windows\Tasks\At7.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-19 c:\windows\Tasks\At8.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-19 c:\windows\Tasks\At9.job - c:\windows\system32\r6uxWgY1.exe [] 2008-12-20 c:\windows\Tasks\PCConfidential.job - c:\program files\Winferno\PC Confidential\PCConfidential.exe [2008-04-01 14:10] 2008-12-20 c:\windows\Tasks\RegPowerClean.job - c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2008-10-28 14:48] 2008-12-20 c:\windows\Tasks\RPCReminder.job - c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2008-10-28 14:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Yamaha DS-XG Driver - c:\windows\system32\vdriver.exe HKCU-Run-amva - c:\windows\system32\amvo.exe . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\fzy7oxrv.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.gogle.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-20 23:41:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(804) c:\windows\system32\imon.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\rundll32.exe c:\program files\Eset\nod32krn.exe c:\program files\NVIDIA Corporation\nTune\nTuneService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe . ************************************************************************ . Completion time: 2008-12-20 23:43:26 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-20 22:43:23 Pre-Run: 6.890.463.232 bytes free Post-Run: 6,832,271,360 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 311 --- E O F --- 2008-12-20 18:15:04 Dopuna: 21 Dec 2008 0:01 Sad mi je instaliran i Spybot i NOD, da ostavim tako ili da bršem nešto.

Profil

bobby Poslao: 21 Dec 2008 11:58 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job DirLook:: c:\program files\Free Offers from Freeze.com Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{288cddf3-4add-11dd-a55e-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{288cddf9-4add-11dd-a55e-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bc3cc1a-a371-11dc-a47a-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{398fdb0c-1f4c-11dd-a527-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39aa99ef-d659-11dc-a4c5-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47a859a0-2004-11dd-a528-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47a859b1-2004-11dd-a528-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d75d832-1638-11dd-a520-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56955b9c-ff20-11dc-a501-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6174c261-ad5f-11dc-a490-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8227b11a-c997-11dc-a4b4-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{985ac207-8b36-11dd-a5ca-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a995b618-a73a-11dc-a485-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a995b61a-a73a-11dc-a485-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc2b656c-391b-11dd-a546-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be53063e-c740-11dc-a4af-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{becfe586-39ec-11dd-a547-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{becfe587-39ec-11dd-a547-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d204993e-ec45-11dc-a4e3-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd54b60f-b137-11dc-a499-0019dbd0ba74}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd906a04-c6a4-11dc-a4ad-0019dbd0ba74}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Imas zarazene vise USB uredjaja (USB stickovi, flash diskovi, MP3 plejeri, mobilni koji se prikljucuje na USB, eksterni HD ili nesto slicno) Skini sledeci program - http://amf.mycity.rs/personal/bobby/USB_blocker/usb_blocker.exe - startuj ga i odaberi opciju Auto block - ubaci USB stick u komp i sacekaj koji sekund (recimo 5-10 sekundi) - program je sada uradio analizu sticka (vidi se u donjem delu programa, u logu) - gore levo klikni duplo na slovo koje oznacava particiju, tj. tvoj USB stick - dole kraj sata ce se pojaviti poruka da smes da izvadis USB stick iz kompa - ne gasi program, vec ubaci sledeci USB stick i za njega isto sacekaj par sekundi, i tako redom za sve stickove, MP3 plejere, mobilni - zapamti kojim redom su ubacivani stickovi Kada sve to zavrsis, log u donjem delu programa ce sadrzati sve podatke koji su meni potrebni da bih video koji stick je zarazen. Klikni desnim dugmetom misa na log/izvestaj i odaberi Save log. Automatski ce se otvoriti Notepad i u njemu izvestaj. Iskopiraj mi taj izvestaj ovde na forum.

Profil

draganela Poslao: 21 Dec 2008 12:25 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio sam ovo prvo, uskoro ću i ovo za USB stickove. ComboFix 08-12-20.03 - User 2008-12-21 12:04:12.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1507 [GMT 1:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt * Created a new restore point * Resident AV is active FILE :: c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . ((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 ))))))))))))))))))))))))))))))) . 2008-12-21 11:02 . 2008-12-21 11:11 <DIR> d-------- c:\windows\LastGood 2008-12-21 11:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2008-12-21 11:02 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2008-12-21 11:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2008-12-20 23:28 . 2008-12-20 23:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\EmailNotifier 2008-12-20 22:44 . 2008-12-20 22:44 146 --a------ c:\windows\wininit.ini 2008-12-20 22:27 . 2008-12-21 10:52 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-12-20 22:27 . 2008-12-21 10:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-20 17:09 . 2008-12-20 17:09 <DIR> d-------- c:\program files\Microsoft Silverlight 2008-12-20 16:37 . 2008-12-21 11:14 <DIR> d-------- c:\windows\system32\CatRoot_bak 2008-12-20 16:29 . 2008-12-20 16:29 50 --a------ c:\windows\MegaManager.INI 2008-12-20 15:50 . 2008-12-20 16:25 <DIR> d--h----- c:\windows\$hf_mig$ 2008-12-16 16:04 . 2008-12-17 22:39 <DIR> d-------- c:\program files\WinZip32 2008-12-14 17:57 . 2008-12-14 17:57 54,156 --ah----- c:\windows\QTFont.qfn 2008-12-14 17:57 . 2008-12-14 17:57 1,409 --a------ c:\windows\QTFont.for 2008-12-05 21:33 . 2008-12-09 16:49 <DIR> d-------- c:\program files\XviD 2008-12-05 21:22 . 2008-12-05 21:22 <DIR> d-------- c:\windows\system32\QuickTime 2008-12-05 21:22 . 2008-12-04 21:42 815,104 --a------ c:\windows\system32\xvidcore.dll 2008-12-05 21:22 . 2004-09-23 18:57 747,008 --a------ c:\windows\system32\Indeo4.qtx 2008-12-05 21:22 . 2002-12-20 12:40 675,328 --a------ c:\windows\system32\ir50_32.qtx 2008-12-05 21:22 . 2005-06-10 17:40 360,504 --a------ c:\windows\system32\QTPlugin.ocx 2008-12-05 21:22 . 2004-09-23 18:57 323,072 --a------ c:\windows\system32\QuickTime.cpl 2008-12-05 21:22 . 2002-11-08 20:04 225,280 --a------ c:\windows\system32\qtmlClient.dll 2008-12-05 21:22 . 2004-01-22 19:06 157,696 --a------ c:\windows\system32\unrar.dll 2008-12-05 21:22 . 2004-09-23 18:57 70,144 --a------ c:\windows\system32\QuickTimeCheck.ocx 2008-12-05 21:16 . 2008-12-05 21:16 848 --ahs---- c:\windows\system32\KGyGaAvL.sys 2008-12-05 21:01 . 2008-12-05 21:01 <DIR> d-------- c:\program files\Kodeci 2008-12-02 19:38 . 2008-12-02 19:38 <DIR> d-------- c:\program files\Mail me 2008-11-21 22:47 . 2008-11-21 22:47 3,596,288 --a------ c:\windows\system32\qt-dx331.dll 2008-11-21 22:47 . 2008-11-21 22:47 524,288 --a------ c:\windows\system32\DivXsm.exe 2008-11-21 22:47 . 2008-11-21 22:47 4,816 --a------ c:\windows\system32\divxsm.tlb 2008-11-21 22:46 . 2008-11-21 22:46 1,044,480 --a------ c:\windows\system32\libdivx.dll 2008-11-21 22:46 . 2008-11-21 22:46 200,704 --a------ c:\windows\system32\ssldivx.dll 2008-11-21 22:44 . 2008-11-21 22:44 161,096 --a------ c:\windows\system32\DivXCodecVersionChecker.exe 2008-11-21 22:44 . 2008-11-21 22:44 12,288 --a------ c:\windows\system32\DivXWMPExtType.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-20 21:44 --------- d-----w c:\program files\Free Offers from Freeze.com 2008-12-20 15:29 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-09 15:51 --------- d-----w c:\documents and settings\User\Application Data\DivX 2008-12-09 15:50 --------- d-----w c:\program files\DivX 2008-12-06 09:08 --------- d-----w c:\program files\Real Alternative 2008-12-05 20:32 --------- d-----w c:\program files\AngelPotion Video Codec V1 2008-12-05 20:22 --------- d-----w c:\program files\K-Lite Codec Pack 2008-12-04 20:46 180,224 ----a-w c:\windows\system32\xvidvfw.dll 2008-12-02 18:38 737,280 ----a-w c:\windows\iun6002.exe 2008-11-27 16:41 --------- d-----w c:\program files\Google 2008-11-21 21:47 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys 2008-11-21 21:47 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys 2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys 2008-11-21 21:47 129,784 ------w c:\windows\system32\pxafs.dll 2008-11-21 21:47 120,056 ------w c:\windows\system32\pxcpyi64.exe 2008-11-21 21:47 118,520 ------w c:\windows\system32\pxinsi64.exe 2008-11-19 19:23 --------- d-----w c:\program files\VLC player 2008-11-17 12:54 --------- d-----w c:\program files\FLV Player 2008-11-13 15:43 103,736 ----a-w c:\windows\system32\PnkBstrB.exe 2008-11-11 18:28 --------- d-----w c:\program files\Common Files\Adobe 2008-11-10 18:01 --------- d-----w c:\program files\YouTube Downloader 2008-11-07 14:50 --------- d-----w c:\documents and settings\User\Application Data\vlc 2008-11-07 14:49 --------- d-----w c:\program files\VideoLAN 2008-11-06 23:27 --------- d-----w c:\program files\Real 2008-11-06 23:27 --------- d-----w c:\program files\Common Files\Real 2008-11-06 23:27 --------- d-----w c:\documents and settings\All Users\Application Data\Winferno 2008-11-06 23:23 --------- d-----w c:\program files\Winferno 2008-11-06 23:23 --------- d-----w c:\program files\Common Files\Winferno 2008-11-06 22:58 --------- d-----w c:\documents and settings\User\Application Data\bsplayer 2008-11-04 17:53 --------- d-----w c:\program files\Eset 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2007-12-13 18:38 22,328 ----a-w c:\documents and settings\User\Application Data\PnkBstrK.sys 2008-11-27 16:42 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2008-12-20 15:36 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-12-20 15:36 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-20 15:36 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-12-20 15:36 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-12-20 15:36 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-09-19 14:32 56 --sh--r c:\windows\system32\2D490C189A.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\program files\Free Offers from Freeze.com ---- 2008-11-07 00:23 80 --a------ c:\program files\Free Offers from Freeze.com\3772.url 2008-11-07 00:23 79 --a------ c:\program files\Free Offers from Freeze.com\3766.url 2008-11-07 00:23 78 --a------ c:\program files\Free Offers from Freeze.com\3773.url 2008-11-07 00:23 319 --a------ c:\program files\Free Offers from Freeze.com\control.txt ((((((((((((((((((((((((((((( snapshot@2008-12-20_23.43.06.14 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-21 09:53:02 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2c4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-12-04 949376] "TkBellExe"="c:\program files\K-Lite Codec Pack\Real\Update_OB\realsched.exe" [2008-09-20 180269] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-27 30192] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinZip Quick Pick.lnk - c:\program files\WinZip32\WZQKPICK.EXE [2008-12-16 106560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.AP41"= APmpg4v1.dll "VIDC.X264"= x264vfw.dll "vidc.i263"= i263_32.drv "vidc.i420"= i263_32.drv "msacm.l3fhg"= mp3fhg.acm "msacm.imc"= imc32.acm "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "VIDC.HFYU"= huffyuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"= R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-12-04 15424] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-27 30192] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9f201e1-c426-11dc-a4aa-0019dbd0ba74}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs . Contents of the 'Scheduled Tasks' folder 2008-12-21 c:\windows\Tasks\PCConfidential.job - c:\program files\Winferno\PC Confidential\PCConfidential.exe [2008-04-01 14:10] 2008-12-21 c:\windows\Tasks\RegPowerClean.job - c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2008-10-28 14:48] 2008-12-21 c:\windows\Tasks\RPCReminder.job - c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2008-10-28 14:34] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\fzy7oxrv.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.gogle.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-21 12:05:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(744) c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(800) c:\windows\system32\imon.dll . Completion time: 2008-12-21 12:05:50 ComboFix-quarantined-files.txt 2008-12-21 11:05:48 ComboFix2.txt 2008-12-20 22:43:27 Pre-Run: 6.626.836.480 bytes free Post-Run: 6,614,949,888 bytes free 253 --- E O F --- 2008-12-20 18:15:04

Profil

bobby Poslao: 21 Dec 2008 12:39 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dok to radis, evo jedan savet koji nema veze sa virusima: c:\program files\AngelPotion Video Codec V1 - ovaj kodek je stariji od 6 godina, bolje nemoj da ga koristis, tj. deinstaliraj ga.

Profil

draganela Poslao: 21 Dec 2008 12:48 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio sam i ovo, imam jedan USB i mobilni! USB_blocker by bobby Started at 21.12.2008 12:39:24 Scanning for connected USB Mass storage... ======================================== ======================================== Scanning for other storage... ======================================== C: 651e61c3-9f8c-11dc-9db7-806d6172696f D: 651e61c4-9f8c-11dc-9db7-806d6172696f ======================================== Scanning fixed storage for autorun.inf files... ======================================== ======================================== New device connected at 21.12.2008 12:39:35 Scanning for connected USB Mass storage... ======================================== G: 066aa6be-a027-11dc-a470-0019dbd0ba74 ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== Sanitizing Shell Menu... No key for GUID: 066aa6be-a027-11dc-a470-0019dbd0ba74 ======================================== New device connected at 21.12.2008 12:40:39 Scanning for connected USB Mass storage... ======================================== ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== Sanitizing Shell Menu... ========================================

Profil

bobby Poslao: 21 Dec 2008 12:54 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Oba su cista. Pretpostavljam da je mobilni prikljucen kao drugi. Izgleda da si infekcije pokupio sa pozajmljenih USB uredjaja. Malopre sam propustio nesto, pa bih te zamolio da jos jednom pustimo ComboFix. Registry Power Cleaner je laznjak, pa ga treba obrisati. Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\Tasks\RegPowerClean.job c:\windows\Tasks\RPCReminder.job Folder:: c:\program files\Winferno\RegistryPowerCleaner\ Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9f201e1-c426-11dc-a4aa-0019dbd0ba74}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

draganela Poslao: 21 Dec 2008 13:09 Idi na vrh
offline draganela Građanin Dragan Đurašinović Pridružio: 20 Dec 2008 Poruke: 82	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-12-20.03 - User 2008-12-21 12:54:39.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1589 [GMT 1:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt * Created a new restore point * Resident AV is active FILE :: c:\windows\Tasks\RegPowerClean.job c:\windows\Tasks\RPCReminder.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Winferno\RegistryPowerCleaner\ c:\program files\Winferno\RegistryPowerCleaner\\CHives.dll c:\program files\Winferno\RegistryPowerCleaner\\regpowerclean.chm c:\program files\Winferno\RegistryPowerCleaner\\RegPowerClean.exe c:\program files\Winferno\RegistryPowerCleaner\\RPCL.DLL c:\program files\Winferno\RegistryPowerCleaner\\RPCReminder.exe c:\program files\Winferno\RegistryPowerCleaner\\SysRst.exe c:\program files\Winferno\RegistryPowerCleaner\\unins000.dat c:\program files\Winferno\RegistryPowerCleaner\\unins000.exe c:\program files\Winferno\RegistryPowerCleaner\\WinCMR.dll c:\windows\Tasks\RegPowerClean.job c:\windows\Tasks\RPCReminder.job . ((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 ))))))))))))))))))))))))))))))) . 2008-12-21 11:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2008-12-21 11:02 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2008-12-21 11:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2008-12-20 23:28 . 2008-12-20 23:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\EmailNotifier 2008-12-20 22:44 . 2008-12-20 22:44 146 --a------ c:\windows\wininit.ini 2008-12-20 22:27 . 2008-12-21 10:52 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-12-20 22:27 . 2008-12-21 10:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-20 17:09 . 2008-12-20 17:09 <DIR> d-------- c:\program files\Microsoft Silverlight 2008-12-20 16:37 . 2008-12-21 11:14 <DIR> d-------- c:\windows\system32\CatRoot_bak 2008-12-20 16:29 . 2008-12-20 16:29 50 --a------ c:\windows\MegaManager.INI 2008-12-20 15:50 . 2008-12-20 16:25 <DIR> d--h----- c:\windows\$hf_mig$ 2008-12-16 16:04 . 2008-12-17 22:39 <DIR> d-------- c:\program files\WinZip32 2008-12-14 17:57 . 2008-12-14 17:57 54,156 --ah----- c:\windows\QTFont.qfn 2008-12-14 17:57 . 2008-12-14 17:57 1,409 --a------ c:\windows\QTFont.for 2008-12-05 21:33 . 2008-12-09 16:49 <DIR> d-------- c:\program files\XviD 2008-12-05 21:22 . 2008-12-05 21:22 <DIR> d-------- c:\windows\system32\QuickTime 2008-12-05 21:22 . 2008-12-04 21:42 815,104 --a------ c:\windows\system32\xvidcore.dll 2008-12-05 21:22 . 2004-09-23 18:57 747,008 --a------ c:\windows\system32\Indeo4.qtx 2008-12-05 21:22 . 2002-12-20 12:40 675,328 --a------ c:\windows\system32\ir50_32.qtx 2008-12-05 21:22 . 2005-06-10 17:40 360,504 --a------ c:\windows\system32\QTPlugin.ocx 2008-12-05 21:22 . 2004-09-23 18:57 323,072 --a------ c:\windows\system32\QuickTime.cpl 2008-12-05 21:22 . 2002-11-08 20:04 225,280 --a------ c:\windows\system32\qtmlClient.dll 2008-12-05 21:22 . 2004-01-22 19:06 157,696 --a------ c:\windows\system32\unrar.dll 2008-12-05 21:22 . 2004-09-23 18:57 70,144 --a------ c:\windows\system32\QuickTimeCheck.ocx 2008-12-05 21:16 . 2008-12-05 21:16 848 --ahs---- c:\windows\system32\KGyGaAvL.sys 2008-12-05 21:01 . 2008-12-05 21:01 <DIR> d-------- c:\program files\Kodeci 2008-12-02 19:38 . 2008-12-02 19:38 <DIR> d-------- c:\program files\Mail me 2008-11-21 22:47 . 2008-11-21 22:47 3,596,288 --a------ c:\windows\system32\qt-dx331.dll 2008-11-21 22:47 . 2008-11-21 22:47 524,288 --a------ c:\windows\system32\DivXsm.exe 2008-11-21 22:47 . 2008-11-21 22:47 4,816 --a------ c:\windows\system32\divxsm.tlb 2008-11-21 22:46 . 2008-11-21 22:46 1,044,480 --a------ c:\windows\system32\libdivx.dll 2008-11-21 22:46 . 2008-11-21 22:46 200,704 --a------ c:\windows\system32\ssldivx.dll 2008-11-21 22:44 . 2008-11-21 22:44 161,096 --a------ c:\windows\system32\DivXCodecVersionChecker.exe 2008-11-21 22:44 . 2008-11-21 22:44 12,288 --a------ c:\windows\system32\DivXWMPExtType.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-21 11:54 --------- d-----w c:\program files\Winferno 2008-12-20 21:44 --------- d-----w c:\program files\Free Offers from Freeze.com 2008-12-20 15:29 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-09 15:51 --------- d-----w c:\documents and settings\User\Application Data\DivX 2008-12-09 15:50 --------- d-----w c:\program files\DivX 2008-12-06 09:08 --------- d-----w c:\program files\Real Alternative 2008-12-05 20:32 --------- d-----w c:\program files\AngelPotion Video Codec V1 2008-12-05 20:22 --------- d-----w c:\program files\K-Lite Codec Pack 2008-12-04 20:46 180,224 ----a-w c:\windows\system32\xvidvfw.dll 2008-12-02 18:38 737,280 ----a-w c:\windows\iun6002.exe 2008-11-27 16:41 --------- d-----w c:\program files\Google 2008-11-21 21:47 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys 2008-11-21 21:47 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys 2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys 2008-11-21 21:47 129,784 ------w c:\windows\system32\pxafs.dll 2008-11-21 21:47 120,056 ------w c:\windows\system32\pxcpyi64.exe 2008-11-21 21:47 118,520 ------w c:\windows\system32\pxinsi64.exe 2008-11-19 19:23 --------- d-----w c:\program files\VLC player 2008-11-17 12:54 --------- d-----w c:\program files\FLV Player 2008-11-13 15:43 103,736 ----a-w c:\windows\system32\PnkBstrB.exe 2008-11-11 18:28 --------- d-----w c:\program files\Common Files\Adobe 2008-11-10 18:01 --------- d-----w c:\program files\YouTube Downloader 2008-11-07 14:50 --------- d-----w c:\documents and settings\User\Application Data\vlc 2008-11-07 14:49 --------- d-----w c:\program files\VideoLAN 2008-11-06 23:27 --------- d-----w c:\program files\Real 2008-11-06 23:27 --------- d-----w c:\program files\Common Files\Real 2008-11-06 23:27 --------- d-----w c:\documents and settings\All Users\Application Data\Winferno 2008-11-06 23:23 --------- d-----w c:\program files\Common Files\Winferno 2008-11-06 22:58 --------- d-----w c:\documents and settings\User\Application Data\bsplayer 2008-11-04 17:53 --------- d-----w c:\program files\Eset 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2007-12-13 18:38 22,328 ----a-w c:\documents and settings\User\Application Data\PnkBstrK.sys 2008-11-27 16:42 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2008-12-20 15:36 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-12-20 15:36 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-20 15:36 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-12-20 15:36 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-12-20 15:36 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-09-19 14:32 56 --sh--r c:\windows\system32\2D490C189A.sys . ((((((((((((((((((((((((((((( snapshot@2008-12-20_23.43.06.14 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-21 11:37:01 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_444.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-12-04 949376] "TkBellExe"="c:\program files\K-Lite Codec Pack\Real\Update_OB\realsched.exe" [2008-09-20 180269] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-27 30192] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinZip Quick Pick.lnk - c:\program files\WinZip32\WZQKPICK.EXE [2008-12-16 106560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.AP41"= APmpg4v1.dll "VIDC.X264"= x264vfw.dll "vidc.i263"= i263_32.drv "vidc.i420"= i263_32.drv "msacm.l3fhg"= mp3fhg.acm "msacm.imc"= imc32.acm "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "VIDC.HFYU"= huffyuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"= R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-12-04 15424] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-27 30192] . Contents of the 'Scheduled Tasks' folder 2008-12-21 c:\windows\Tasks\PCConfidential.job - c:\program files\Winferno\PC Confidential\PCConfidential.exe [2008-04-01 14:10] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\fzy7oxrv.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.gogle.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-21 12:55:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(800) c:\windows\system32\imon.dll . Completion time: 2008-12-21 12:56:22 ComboFix-quarantined-files.txt 2008-12-21 11:56:20 ComboFix2.txt 2008-12-21 11:05:51 ComboFix3.txt 2008-12-20 22:43:27 Pre-Run: 6.605.258.752 bytes free Post-Run: 6,576,881,664 bytes free 204 --- E O F --- 2008-12-20 18:15:04 Dopuna: 21 Dec 2008 13:09 Gde se nalazi taj Registry Power Cleaner da ga obrišem.

Profil

bobby Poslao: 21 Dec 2008 13:14 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upravo smo ga obrisali ComboFixom. Kazi mi sada ima li jos nekih vidljivih simptoma? Kako se komp ponasa? Ja u logovima ne vidim vise nista maliciozno.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pomoć - izgleda da je virus

Ko je trenutno na forumu

Ukupno su 903 korisnika na forumu :: 21 registrovanih, 10 sakrivenih i 872 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Alibaba1981, bokisha253, Botovac, branko7, cenejac111, cifra, dekao, Denaya, Dorcolac, esx66, HogarStrashni, Koja79, koom0001, Kubovac, mercedesamg, mikrimaus, mnn2, pein, predragc, vathra, vukovi

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by