problem sa msn virusima

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zipuj/raruj kompletan older: C:\qoobox\quarantine

i uploaduj ga: http://www.mycity.rs/ambulanta-upload.php


-------------------------------------------------------------------------------------


Postavi svež ComboFix log (pokreni ga dvoklikom) i priloži uz poruku i svež Gmer Rootkit/Malware scan log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

uploadovao sam ovaj folder i uradio scanove...
evo logova:



ComboFix 08-09-04.09 - Korisnik 2008-09-07 8:46:04.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.168 [GMT 2:00]
Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.

2008-09-07 00:40 . 2008-09-07 00:40 <DIR> d-------- C:\filmovi
2008-09-07 00:15 . 2008-09-07 00:15 135,168 --a------ C:\zip.exe
2008-09-07 00:15 . 2008-09-07 00:15 19,286 --a------ C:\cleanup.exe
2008-09-07 00:15 . 2008-09-07 00:15 2,671 --a------ C:\backup.reg
2008-09-07 00:15 . 2008-09-07 00:15 574 --a------ C:\cleanup.bat
2008-09-05 15:32 . 2008-09-05 15:32 <DIR> d-------- C:\Program Files\jIRCii
2008-09-04 09:04 . 2008-09-04 23:07 250 --a------ C:\WINDOWS\gmer.ini
2008-09-02 00:47 . 2008-09-02 00:47 <DIR> d-------- C:\Program Files\COMODO
2008-09-02 00:47 . 2008-09-02 00:47 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Comodo
2008-09-02 00:47 . 2008-09-02 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-09-02 00:47 . 2008-09-02 00:47 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-09-02 00:47 . 2008-09-02 00:47 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-09-02 00:47 . 2008-09-02 00:47 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-31 00:51 . 2008-08-31 00:51 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-08-29 21:39 . 2008-08-31 01:12 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-08-28 19:51 . 2008-09-03 04:34 <DIR> d-------- C:\DVDVideoSoft
2008-08-28 15:45 . 2008-08-28 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiComponents
2008-08-28 14:59 . 2008-08-28 20:02 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-08-28 14:59 . 2008-08-28 20:03 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-08-25 23:44 . 2008-08-26 01:28 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Winamp
2008-08-25 20:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-25 20:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-25 14:42 . 2008-08-25 14:42 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-25 14:39 . 2008-08-25 20:23 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-25 14:23 . 2008-09-01 17:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-23 13:04 . 2008-08-25 13:20 <DIR> d-------- C:\Program Files\SpeedFan
2008-08-08 13:09 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-08 13:09 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-08 13:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-08 13:09 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-08 13:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-08 13:08 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-08-08 13:08 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-08 13:08 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 09:27 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\BearShare
2008-09-03 23:31 --------- d-----w C:\Program Files\Planplus
2008-09-01 15:12 --------- d-----w C:\Program Files\Winamp Toolbar
2008-08-30 22:57 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\DNA
2008-08-30 00:02 --------- d-----w C:\Program Files\DNA
2008-08-28 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-25 21:44 --------- d-----w C:\Program Files\Winamp
2008-08-24 22:02 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-07-18 12:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 12:10 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-07-18 12:10 --------- d-----w C:\Program Files\AvRack
2008-07-16 12:32 --------- d-----w C:\Program Files\Warcraft III
2008-07-15 20:30 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-15 13:56 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-13 17:33 1,283,912 ----a-w C:\Program Files\WoW-2.3.0.7561-enUS-downloader.exe
2008-07-13 17:33 --------- d-----w C:\Program Files\WoW-2.3.0.7561-enUS
2008-07-13 17:33 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-13 14:03 --------- d-----w C:\Program Files\SweetIM
2008-07-10 17:51 103,832 ----a-w C:\Documents and Settings\Korisnik\Application Data\GDIPFONTCACHEV1.DAT
2008-07-10 10:29 --------- d--h--r C:\Documents and Settings\Korisnik\Application Data\SecuROM
2008-07-10 09:56 --------- d-----w C:\Program Files\Aspyr
2008-07-10 09:36 --------- d-----w C:\Program Files\Black Bean
2008-07-09 18:09 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Desktop Sidebar
2008-07-09 17:15 --------- d-----w C:\Program Files\YouTube Downloader
2008-07-09 17:03 --------- d-----w C:\Program Files\MyFreeWeather
2008-07-07 23:18 --------- d-----w C:\Program Files\Typing Test TQ
2008-07-07 23:15 --------- d-----w C:\Program Files\10 Finger BreakOut
2008-07-07 22:22 --------- d-----w C:\Program Files\Fildza's Entertainment Company
2008-07-05 17:34 10,886,008 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-06-11 18:19 1,376,528 ----a-w C:\WINDOWS\system32\MSVBVM60.DLL
2008-06-10 21:29 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-03 16:27 8 ----a-w C:\Documents and Settings\Korisnik\Application Data\usb.dat.bin
2007-05-07 11:18 92,064 ----a-w C:\Documents and Settings\Korisnik\mqdmmdm.sys
2007-05-07 11:18 9,232 ----a-w C:\Documents and Settings\Korisnik\mqdmmdfl.sys
2007-05-07 11:18 79,328 ----a-w C:\Documents and Settings\Korisnik\mqdmserd.sys
2007-05-07 11:18 66,656 ----a-w C:\Documents and Settings\Korisnik\mqdmbus.sys
2007-05-07 11:18 6,208 ----a-w C:\Documents and Settings\Korisnik\mqdmcmnt.sys
2007-05-07 11:18 5,936 ----a-w C:\Documents and Settings\Korisnik\mqdmwhnt.sys
2007-05-07 11:18 4,048 ----a-w C:\Documents and Settings\Korisnik\mqdmcr.sys
2007-05-07 11:18 25,600 ----a-w C:\Documents and Settings\Korisnik\usbsermptxp.sys
2007-05-07 11:18 22,768 ----a-w C:\Documents and Settings\Korisnik\usbsermpt.sys
2007-12-02 14:33 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-09-05_ 7.41.45.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-23 23:44:50 60,112 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-05 15:07:25 60,112 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-23 23:44:50 394,778 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-05 15:07:25 394,778 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-08-29 19:48:52 57,480 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-09-06 07:09:37 368,708 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Windows Live Messenger"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"myweather"="C:\Program Files\MyFreeWeather\myweather.exe" [2008-06-20 3115008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-15 921600]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 45632]
"ClocX"="D:\sat\ClocX.exe" [2002-12-31 103936]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\713xRMTMon.exe" [2006-10-11 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 36352]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-09-02 1655552]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.AP41"= APmpg4v1.dll
"vidc.GBXX"= GBXXvfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Openwares LiveUpdate"=C:\Program Files\LiveUpdate\LiveUpdate.exe
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"C:\\Sierra\\Half-Life\\hl.exe"=
"C:\\Sierra\\Half-Life\\hltv.exe"=
"C:\\Program Files\\FarStone\\VirtualDrive\\MGR.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\WINDOWS\\system32\\AUTMGR32.EXE"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2002-01-24 46735]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-02 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-02 24208]
R2 713xTVCard;SAA7130 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2006-10-11 279552]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 WDMTVTuner;Universal WDM TV Tuner;C:\WINDOWS\system32\drivers\WDMTuner.sys [2006-10-11 25984]
R3 FsHotKey;FsHotKey;C:\WINDOWS\system32\drivers\FsHotKey.sys [2002-01-19 3855]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [ ]
S0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [ ]
S1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [ ]
S1 vbev5mp;vbev5mp;C:\WINDOWS\system32\Drivers\vbev5mp.sys [2003-05-07 57008]
S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [ ]
S3 DrmCDriverV32;DrmCDriverV32;C:\WINDOWS\system32\drivers\DrmCDriverV32.sys [2008-04-17 508544]
S3 DrmCVideo32;DrmCVideo32;C:\WINDOWS\system32\DRIVERS\DrmCVideo32.sys [2008-04-17 3768]
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys [ ]
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [ ]
S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-06-04 3768]
S3 SmartCd;SmartCd;C:\WINDOWS\system32\Drivers\SmartCd.sys [2002-01-19 6356]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2008-06-04 508544]
S3 SoundMovieServer;SoundMovieServer;C:\WINDOWS\system32\snmvtsvc.exe [2008-06-04 184320]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bd48f08-d30d-11db-86d5-0018f377d88b}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f026ec-0af4-11dc-88cf-96e49dc590c9}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\58tpz96z.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.rs/
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-07 08:49:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = C:\WINDOWS\713xRMTMon.exe???????????????T?a??C??x???????????????????????x???????????x???????????????????????????????????x????????C??????????T?a?x???m?a?x??????????????|\C??????????????????????????????????????????????????????????h???????????????(?????????A????

scanning hidden files ...


C:\DOCUME~1\Korisnik\LOCALS~1\Temp\TMP4352$.TMP

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vbev5mp]
"ImagePath"="System32\Drivers\vbev5mp.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-09-07 8:51:22
ComboFix-quarantined-files.txt 2008-09-07 06:51:16
ComboFix2.txt 2008-09-05 05:43:26
ComboFix3.txt 2008-08-29 23:45:37

Pre-Run: 18,656,481,280 bytes free
Post-Run: 18,638,053,376 bytes free

228




Gmer log: mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obriši sledeće file-ove:

C:\zip.exe
C:\cleanup.exe
C:\backup.reg
C:\cleanup.bat


Ukoliko si to uspešno odradio, obavezno uradi i sledeće:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


To bi bilo sve. Kompjuter bi trebao biti čist.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

done...
tnx na pomoci!
pozz