Izdvojeno iz druge teme

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png



ComboFix 08-12-01.01 - xp pro 2008-12-05 22:54:35.5 - NTFSx86
Running from: c:\documents and settings\xp pro\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\xp pro\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
c:\windows\system32PLSR.006
c:\windows\system32PLSR.007
c:\windows\system32PLSR.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32PLSR.006
c:\windows\system32PLSR.007
c:\windows\system32PLSR.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-05 16:54 . 2008-12-05 16:55 250 --a------ c:\windows\gmer.ini
2008-12-03 12:39 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2008-12-02 08:17 . 2008-12-02 08:17 <DIR> d-------- c:\program files\3D-Relax
2008-12-02 07:35 . 2008-12-02 07:35 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-01 20:46 . 2008-12-01 20:46 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Thinstall
2008-12-01 19:51 . 2008-12-02 07:33 <DIR> d-------- c:\program files\Lavasoft
2008-11-30 12:55 . 2008-11-30 13:17 <DIR> d-------- c:\program files\T-Com Antidialer
2008-11-30 12:46 . 2008-11-30 12:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Netsweeper
2008-11-28 12:49 . 2008-12-02 13:11 <DIR> d-------- c:\program files\Trojan Remover
2008-11-26 20:17 . 2005-05-03 11:43 69,632 -ra------ c:\windows\Alcmtr.exe
2008-11-23 22:09 . 2008-12-05 16:45 171,135 --a------ c:\windows\system32\nvapps.xml
2008-11-23 22:08 . 2008-11-23 22:08 <DIR> d-------- c:\windows\nview
2008-11-23 22:08 . 2008-02-28 06:34 360,448 -ra------ c:\windows\system32\nvuninst.exe
2008-11-23 22:08 . 2008-02-28 06:34 360,448 --a------ c:\windows\system32\nvudisp.exe
2008-11-23 22:08 . 2008-02-28 06:34 17,848 --a------ c:\windows\system32\nvdisp.nvu
2008-11-23 21:31 . 2008-11-30 09:26 <DIR> d-------- c:\program files\Dr.Hardware 2008 english
2008-11-22 17:54 . 2008-11-24 11:22 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-18 14:13 . 2008-11-18 14:13 <DIR> d-------- c:\windows\Green Valley Fun on the Farm
2008-11-18 13:46 . 2008-11-18 13:49 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Ancient Quest of Saqqarah__cminion
2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\StoneLoops!
2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Saqqarah
2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\MagicMatch
2008-11-15 19:51 . 2008-11-15 19:57 <DIR> d-------- c:\documents and settings\xp pro\Application Data\DMCache
2008-11-15 00:08 . 2008-11-15 00:08 <DIR> d-------- c:\windows\3planesoft 3D Screensavers [36-in-1] 32-bit
2008-11-09 20:23 . 2008-11-11 12:57 <DIR> d-------- c:\program files\XP Repair Pro 2007
2008-11-05 10:17 . 2008-11-08 22:16 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-05 09:23 . 2008-11-05 09:23 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Sahmon Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 21:41 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2008-12-05 21:10 --------- d-----w c:\documents and settings\xp pro\Application Data\uTorrent
2008-12-05 15:43 --------- d-----w c:\program files\SuperCleaner
2008-12-04 13:36 --------- d-----w c:\program files\Puzzle Express
2008-12-02 12:10 --------- d-----w c:\documents and settings\xp pro\Application Data\Gearbox Software
2008-12-01 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-26 19:25 16,376 ----a-w c:\windows\gdrv.sys
2008-11-18 13:14 --------- d-----w c:\documents and settings\All Users\Application Data\Intenium
2008-11-08 21:31 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-05 09:25 --------- d-----w c:\program files\GameHouse
2008-11-05 09:22 --------- d-----w c:\program files\Platypus II
2008-11-05 09:22 --------- d-----w c:\program files\Pinocchio ENG
2008-11-04 21:59 --------- d-----w c:\documents and settings\All Users\Application Data\HipSoft
2008-11-03 09:35 --------- d-----w c:\program files\Nero
2008-11-03 09:35 --------- d-----w c:\program files\Common Files\Nero
2008-11-03 09:34 --------- d-----w c:\program files\Windows Sidebar
2008-11-03 09:23 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-31 10:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 10:35 --------- d-----w c:\program files\EA GAMES
2008-10-31 10:21 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap Games
2008-10-30 11:30 --------- d-----w c:\documents and settings\xp pro\Application Data\SolSuite
2008-10-30 11:19 --------- d-----w c:\program files\SolSuite
2008-10-30 11:19 --------- d-----w c:\documents and settings\All Users\Application Data\TreeCardGames
2008-10-29 10:44 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-10-29 10:38 --------- d-----w c:\program files\Midway Games
2008-10-28 07:31 --------- d-----w c:\program files\Escape From Paradise
2008-10-28 07:28 --------- d-----w c:\program files\Rainforest Adventure
2008-10-27 12:40 --------- d-----w c:\program files\Fire Maple Games
2008-10-27 12:39 472,576 ----a-w c:\windows\uninstall.exe
2008-10-27 12:39 26,555,220 ----a-w c:\windows\system32\ntx263769828.exe
2008-10-27 12:39 26,555,220 ----a-w c:\windows\system32\ntx263766796.exe
2008-10-27 12:39 --------- d-----w c:\program files\Mahjong Forests
2008-10-21 17:37 --------- d-----w c:\documents and settings\xp pro\Application Data\Playfirst
2008-10-21 17:37 --------- d-----w c:\documents and settings\All Users\Application Data\Playfirst
2008-10-21 16:36 --------- d-----w c:\documents and settings\xp pro\Application Data\Righteous Kill
2008-10-21 15:56 --------- d-----w c:\program files\LeeGTs Games
2008-10-21 15:27 --------- d-----w c:\program files\Chromentum 2
2008-10-17 01:36 --------- d-----w c:\program files\JLC's Software
2008-10-17 01:28 --------- d-----w c:\documents and settings\xp pro\Application Data\JLC's Software
2008-10-14 21:01 81,920 ----a-w c:\documents and settings\xp pro\Application Data\ezpinst.exe
2008-10-14 21:01 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-14 21:01 47,360 ----a-w c:\documents and settings\xp pro\Application Data\pcouffin.sys
2008-10-14 21:01 --------- d-----w c:\program files\Video Convert Premier
2008-10-14 21:01 --------- d-----w c:\documents and settings\xp pro\Application Data\Vso
2008-10-07 20:48 --------- d-----w c:\program files\Webteh
2008-10-07 20:48 --------- d-----w c:\documents and settings\xp pro\Application Data\BSplayer PRO
2008-10-05 11:14 --------- d-----w c:\program files\UltraISO
2008-10-05 11:13 --------- d-----w c:\program files\Common Files\EZB Systems
2007-07-26 19:00 23,800,756 ----a-w c:\program files\Burning Studio 7.1.0.exe
2002-07-01 14:13 224 --sha-w c:\documents and settings\xp pro\Application Data\maildriver32.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-02_13.40.24.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-05 15:54:18 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 20:13:02 811,008 ----a-r c:\windows\gmer.exe
- 2008-11-07 10:44:54 10,134 ----a-r c:\windows\Installer\{98B987B8-17AE-4883-879A-65E6FB41A51C}\callmsi.exe
+ 2008-12-03 11:38:14 10,134 ----a-r c:\windows\Installer\{98B987B8-17AE-4883-879A-65E6FB41A51C}\callmsi.exe
- 2008-11-07 10:44:54 136,448 ----a-r c:\windows\Installer\{98B987B8-17AE-4883-879A-65E6FB41A51C}\egui.exe
+ 2008-12-03 11:38:14 136,448 ----a-r c:\windows\Installer\{98B987B8-17AE-4883-879A-65E6FB41A51C}\egui.exe
+ 2008-12-05 15:54:18 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2008-12-02 2468200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

*Newly Created Service* - GMER
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-05 22:55:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
Completion time: 2008-12-05 22:56:11
ComboFix-quarantined-files.txt 2008-12-05 21:56:05
ComboFix2.txt 2008-12-03 10:57:22
ComboFix3.txt 2008-12-03 10:14:08
ComboFix4.txt 2008-12-02 12:52:32
ComboFix5.txt 2008-12-05 21:53:51

Pre-Run: 66.849.955.840 bytes free
Post-Run: 66,837,221,376 bytes free

162

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

I, kakvo je sada stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Konekcija deluje dobro i stabilno jos od prvog saveta,hvala veliko,ako bude problema obraticu se, a i da nesto imi smrtnici naucimo od majstora.Svaka cast.hvala jos jednom na utrosenom vremenu

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradi još i ovo:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


To je sve.