MyCity » Ambulanta -> Arhiva Ambulante » Virusi!Hitno!

Virusi!Hitno!

Napisano na dan: 24.4.2009
2

Virusi!Hitno!
Pagination Prethodna strana

Idi na vrh

Poslao: 26 Apr 2009 11:51
Idi na vrh
offline
  • Pridružio: 16 Jan 2009
  • Poruke: 23

Napisano: 26 Apr 2009 11:34

Uploadovoao sam fajl....

Dopuna: 26 Apr 2009 11:51

ComboFix 09-04-25.03 - Admin 26.04.2009 11:39.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.687 [GMT 2:00]
Running from: c:\documents and settings\Admin.PC-0EC8CDAADA00\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin.PC-0EC8CDAADA00\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\documents and settings\Admin.PC-0EC8CDAADA00\iclose.exe
c:\documents and settings\Admin.PC-0EC8CDAADA00\mscup2.exe
c:\documents and settings\Admin\Local Settings\Application Data\Bron.tok.A16.em.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Local Settings\Application Data\Bron.tok.A16.em.bin
c:\documents and settings\All Users.WINDOWS\Application Data\01381593
c:\documents and settings\All Users.WINDOWS\Application Data\01381593\01381593.exe
c:\documents and settings\All Users.WINDOWS\Application Data\01381593\pc01381593cnf
c:\documents and settings\All Users.WINDOWS\Application Data\01381593\pc01381593ins
c:\documents and settings\All Users.WINDOWS\Application Data\01662234

.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.

2009-04-26 09:25 . 2009-04-26 09:25 512096 ----a-w c:\windows\system32\drivers\amon.sys
2009-04-26 09:25 . 2009-04-26 09:25 298104 ----a-w c:\windows\system32\imon.dll
2009-04-26 09:25 . 2009-04-26 09:25 15424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2009-04-25 09:32 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-25 09:00 . 2009-04-25 09:00 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\Malwarebytes
2009-04-25 09:00 . 2009-04-25 09:00 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-04-24 19:48 . 2009-04-24 19:48 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\Lavasoft
2009-04-23 12:08 . 2009-04-24 19:38 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-22 18:54 . 2009-04-22 18:54 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\2036B
2009-04-22 18:41 . 2009-04-22 18:41 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\182AF
2009-04-22 06:49 . 2009-04-22 06:49 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\3A242
2009-04-13 15:16 . 2009-04-13 15:16 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\369C
2009-04-10 13:02 . 2009-04-10 13:03 -------- d-----w c:\windows\system32\NtmsData
2009-04-08 10:37 . 2009-04-08 10:37 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Google
2009-04-07 20:06 . 2009-04-07 20:06 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-04-07 20:06 . 2009-04-07 20:06 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Google
2009-04-07 20:06 . 2009-04-24 18:22 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\skypePM
2009-04-04 12:47 . 2009-04-04 12:47 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-30 21:57 . 2009-04-25 16:40 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\Skype
2009-03-30 21:57 . 2009-04-07 20:06 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 09:34 . 2008-11-27 20:29 -------- d-----w c:\program files\Eset
2009-04-23 12:02 . 2009-04-23 11:57 -------- d-----w c:\program files\Common Files\Softwin
2009-04-23 08:50 . 2008-07-12 19:26 -------- d-----w c:\program files\Winamp
2009-04-20 17:32 . 2008-12-28 14:08 -------- d-----w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\BearShare
2009-04-18 08:11 . 2009-04-18 08:11 -------- d-----w c:\program files\Alwil Software
2009-04-14 12:22 . 2009-04-14 12:22 0 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\Application Data\~eu37.tmp
2009-04-07 20:07 . 2008-01-09 12:46 -------- d-----w c:\program files\Google
2009-04-07 20:06 . 2009-03-30 21:56 -------- d-----r c:\program files\Skype
2009-04-07 20:06 . 2008-01-23 18:27 -------- d-----w c:\program files\Common Files\Skype
2009-04-04 12:47 . 2008-03-09 20:41 -------- d-----w c:\program files\Java
2009-01-09 21:03 . 2008-11-28 17:56 67928 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-12-10 14:42 . 2008-12-10 14:42 144 ----a-w c:\documents and settings\Admin.PC-0EC8CDAADA00\Local Settings\Application Data\fusioncache.dat
2008-11-15 18:23 . 2008-03-09 20:50 79680 ----a-w c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-09-27 22:00 . 2008-01-09 18:04 87608 ----a-w c:\documents and settings\comp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\All Users.WINDOWS\Application Data\182AF ----

2009-04-22 18:41 . 2008-12-01 16:12 2242 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\182AF\{23A44D65-5BD9-4EE3-8FDC-4023B7119B57}.swf

---- Directory of c:\documents and settings\All Users.WINDOWS\Application Data\2036B ----

2009-04-22 18:54 . 2008-12-01 16:12 2242 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\2036B\{568E89DC-427E-4E94-9553-ECE44D17AA8B}.swf

---- Directory of c:\documents and settings\All Users.WINDOWS\Application Data\369C ----

2009-04-13 15:16 . 2008-12-01 16:12 2242 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\369C\{A5A80C55-6778-40E7-9C79-0D2F8B88FB82}.swf

---- Directory of c:\documents and settings\All Users.WINDOWS\Application Data\3A242 ----

2009-04-22 06:49 . 2008-12-01 16:12 2242 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\3A242\{CBF2156B-9C03-4185-9225-CDF47FC1EA13}.swf


((((((((((((((((((((((((((((( SnapShot@2009-04-25_07.13.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
- 2009-04-25 07:03 . 2009-04-25 07:03 16384 c:\windows\Temp\Perflib_Perfdata_190.dat
+ 2009-04-26 09:36 . 2009-04-26 09:36 16384 c:\windows\Temp\Perflib_Perfdata_190.dat
+ 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 32768]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-10-19 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-04 148888]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-04-26 949376]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"nMTaskBarService"="nMtsk.exe" - c:\windows\nMtsk.exe [2005-05-06 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-12-13 7094272]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 gupdate1c9b7bc57c12942;?????? Google Update (gupdate1c9b7bc57c12942);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 133104]
R3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
R3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
R3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
R3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
R3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-04-26 15424]


--- Other Services/Drivers In Memory ---

*Deregistered* - gupdate1c9b7bc57c12942
.
Contents of the 'Scheduled Tasks' folder

2009-04-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 20:06]
.
- - - - ORPHANS REMOVED - - - -

BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\system32\imon.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-26 11:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\imon.dll
.
Completion time: 2009-04-26 11:42
ComboFix-quarantined-files.txt 2009-04-26 09:41
ComboFix2.txt 2009-04-25 07:14

Pre-Run: 7.413.772.288 bytes free
Post-Run: 7.421.939.712 bytes free

175

Poslao: 26 Apr 2009 13:30
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

@brainstolen

Obrisi rucno ovaj fajl c:\documents and settings\Admin.PC-0EC8CDAADA00\bv2.exe

Kazi mi kakvo je trenutno stanje, da li sada ok.

Poslao: 26 Apr 2009 18:29
Idi na vrh
offline
  • Pridružio: 16 Jan 2009
  • Poruke: 23

Sad je OK...

Poslao: 26 Apr 2009 21:00
Idi na vrh
rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Deinstalacija ComboFix-a i čišćenje SR-a:


Deinstalacija ComboFix-a:
Klikni START a zatim RUN.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.

MyCity » Ambulanta -> Arhiva Ambulante » Virusi!Hitno!

Ko je trenutno na forumu
 

Ukupno su 1132 korisnika na forumu :: 32 registrovanih, 6 sakrivenih i 1094 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., acatomic, airsuba, ajo baba, Andrija357, Ben Roj, bojank, cavatina, cenejac111, Denaya, Dorcolac, goxin, Jakov01, JimmyNapoli, jukeboxer, Kibice, kunktator, milutin134, operniki, procesor, savaskytec, Shinobi, Sirius, stankolich, suponik, Toper, VJ, zdrebac, Zoca, Šraf, Žrnov, 1107