|
Poslao: 08 Okt 2007 18:28
|
offline
- M78
- Građanin
- Pridružio: 07 Feb 2007
- Poruke: 161
- Gde živiš: Novi Sad
|
ComboFix 07-10-07.2 - Mane&Mika 2007-10-08 18:19:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.2070.18.165 [GMT 2:00]
Executando de: C:\Documents and Settings\Mane&Mika\Ambiente de trabalho\ComboFix.exe
* Criado um novo ponto de restauro
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mane&Mika\Application Data\MessengerSkinner
C:\Documents and Settings\Mane&Mika\Application Data\MessengerSkinner\Userdata\Install_MessengerSkinner.zip
C:\Documents and Settings\Mane&Mika\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\Mane&Mika\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Programas\messengerskinner
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\bdamilhuxs.dat
C:\WINDOWS\system32\bdamilhuxs.exe
C:\WINDOWS\system32\bdamilhuxs_nav.dat
C:\WINDOWS\system32\bdamilhuxs_navps.dat
C:\WINDOWS\system32\nvs2.inf
.
((((((((((((((((((((((( Ficheiros criados de 2007-09-08 to 2007-10-08 ))))))))))))))))))))))))))))))))
.
2007-10-08 18:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 10:14 268,288 --a------ C:\WINDOWS\system32\nwcekninxq.exe
2007-10-07 21:37 <DIR> d-------- C:\Programas\Diskeeper Corporation
2007-10-07 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2007-10-07 18:34 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-07 17:01 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-07 16:46 106 --a------ C:\delete.bat
2007-10-07 16:12 278,016 --a------ C:\WINDOWS\system32\tnwtqtn.exe
2007-10-07 11:25 280,576 --a------ C:\WINDOWS\system32\uizauyfch.exe
2007-10-06 10:33 275,456 --a------ C:\WINDOWS\system32\xobxke.exe
2007-10-05 23:13 1,985 --a------ C:\WINDOWS\mozver.dat
2007-10-05 23:13 <DIR> d-------- C:\Programas\Panda Security
2007-10-05 15:23 275,456 --a------ C:\WINDOWS\system32\ejnvlrnrz.exe
2007-10-05 10:29 280,576 --a------ C:\WINDOWS\system32\qlraouyq.exe
2007-10-04 23:07 <DIR> d-------- C:\Documents and Settings\Mane&Mika\Application Data\JustVoip
2007-10-04 23:04 <DIR> d-------- C:\Programas\JustVoip.com
2007-10-04 14:06 272,896 --a------ C:\WINDOWS\system32\wqaeqb.exe
2007-10-04 12:22 278,528 --a------ C:\WINDOWS\system32\swyaiw.exe
2007-10-02 23:24 <DIR> d-------- C:\Programas\URUSoft
2007-09-29 00:01 <DIR> d-------- C:\Programas\bobyte
2007-09-27 23:35 <DIR> d-------- C:\Programas\Free Desktop Clock
2007-09-25 23:37 <DIR> d-------- C:\Programas\CCleaner
2007-09-23 10:44 <DIR> d-------- C:\Programas\QuickTime
2007-09-23 10:43 <DIR> d-------- C:\Programas\Apple Software Update
2007-09-23 10:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-19 00:21 <DIR> d-------- C:\NoLopBackups
2007-09-17 23:07 <DIR> d-------- C:\WINDOWS\pss
2007-09-17 17:07 <DIR> d-------- C:\Programas\a-squared Anti-Malware
2007-09-16 18:28 <DIR> d-------- C:\kav
2007-09-16 16:29 <DIR> d-------- C:\Programas\Total Video Converter
2007-09-16 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-16 13:00 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-09-16 13:00 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-09-16 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-16 11:45 <DIR> d-------- C:\Programas\Ficheiros comuns\Wise Installation Wizard
2007-09-16 11:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-13 15:55 <DIR> d-------- C:\Documents and Settings\Mane&Mika\Application Data\Skype
2007-09-13 15:54 <DIR> d-------- C:\Programas\Skype
2007-09-13 15:54 <DIR> d-------- C:\Programas\Ficheiros comuns\Skype
2007-09-13 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-09-12 21:20 <DIR> d-------- C:\Programas\wait live joy
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 16:28 --------- d-------- C:\Documents and Settings\Mane&Mika\Application Data\LimeWire
2007-09-25 23:33 --------- d-------- C:\Programas\LimeWire
2007-09-23 10:44 --------- d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-19 12:05 --------- d-------- C:\Programas\Comodo
2007-09-18 00:35 --------- d-------- C:\Programas\Webteh
2007-09-16 11:54 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-09-16 11:54 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-16 11:46 --------- d-------- C:\Programas\Lavasoft
2007-09-06 14:59 --------- d-------- C:\Programas\Telefonica
2007-09-04 17:31 --------- d-------- C:\Documents and Settings\Mane&Mika\Application Data\Google
2007-09-04 17:28 --------- d-------- C:\Programas\Google
2007-09-02 18:07 --------- d-------- C:\Documents and Settings\Mane&Mika\Application Data\Ahead
2007-09-02 18:00 --------- d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-02 17:58 --------- d-------- C:\Programas\Ficheiros comuns\Ahead
2007-09-02 17:47 --------- d-------- C:\Programas\Nero
2007-09-02 17:47 --------- d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-08-29 20:50 --------- d-------- C:\Documents and Settings\Mane&Mika\Application Data\AdobeUM
2007-08-29 20:40 --------- d-------- C:\Programas\Windows Media Connect 2
2007-08-29 00:44 --------- d-------- C:\Documents and Settings\Mane&Mika\Application Data\Media Player Classic
2007-08-28 18:14 --------- d-------- C:\Programas\Picasa2
2007-08-28 12:32 --------- d-------- C:\Programas\MSN Messenger
2007-08-21 14:13 --------- d-------- C:\Documents and Settings\Mane&Mika\Application Data\Real
2007-08-21 13:56 --------- d-------- C:\Programas\Real
2007-08-21 13:56 --------- d-------- C:\Programas\Ficheiros comuns\xing shared
2007-08-21 13:55 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-21 13:55 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-08-21 13:55 --------- d-------- C:\Programas\Ficheiros comuns\Real
2007-08-21 12:50 --------- d-------- C:\Programas\MSXML 4.0
2007-08-20 19:16 --------- d-------- C:\Programas\Trustix
2007-08-20 19:12 --------- d-------- C:\Documents and Settings\Mane&Mika\Application Data\Comodo
2007-08-20 19:12 --------- d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-08-20 18:59 --------- d-------- C:\Programas\Ficheiros comuns\SWF Studio
2007-08-12 23:17 15781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-08-12 23:17 --------- d--h----- C:\Programas\InstallShield Installation Information
2007-08-12 23:17 --------- d-------- C:\Programas\WLAN
2007-08-12 22:41 --------- d-------- C:\Documents and Settings\Mane&Mika\Application Data\Help
2007-07-30 21:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 21:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 21:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 21:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 21:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 21:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 21:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 21:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-10 20:55 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias & legítimas por defeito não são mostradas.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-09 23:10]
"SynTPLpr"="C:\Programas\Synaptics\SynTP\SynTPLpr.exe" [2004-01-22 19:09]
"SynTPEnh"="C:\Programas\Synaptics\SynTP\SynTPEnh.exe" [2004-01-22 19:08]
"TPSMain"="TPSMain.exe" [2004-05-04 13:45 C:\WINDOWS\system32\TPSMain.exe]
"THotkey"="C:\Programas\Toshiba\Toshiba Applet\thotkey.exe" [2004-04-30 18:42]
"SmoothView"="C:\Programas\TOSHIBA\Utilitário de Zooming da TOSHIBA\SmoothView.exe" []
"PadTouch"="C:\Programas\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 14:04]
"TFncKy"="TFncKy.exe" []
"RemoteControl"="C:\Programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24]
"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 06:00]
"Comodo Firewall"="C:\Programas\Comodo\Firewall\CPF.exe" [2007-08-21 02:15]
"TkBellExe"="C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2007-08-21 13:55]
"NeroFilterCheck"="C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 17:57]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 17:00 C:\WINDOWS\agrsmmsg.exe]
"QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2007-06-29 06:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-26 16:51]
"!AVG Anti-Spyware"="C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]
"TOSCDSPD"="C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-16 10:49]
"updateMgr"="C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 18:45]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 21:03]
"SpybotSD TeaTimer"="C:\Programas\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"SkinClock"="C:\Programas\Free Desktop Clock\DesktopClock.exe" [2006-10-01 16:50]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Programas\Picasa2\PicasaMediaDetector.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
Adobe Reader Speed Launch.lnk - C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
GConfig.lnk - C:\Programas\WLAN\GConfig\GConfig.exe [2007-08-12 23:19:24]
R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys
S3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Programas\Comodo\CBOClean\BOCDRIVE.sys
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys
*Newly Created Service* - CATCHME
.
Conteúdo da pasta 'Tarefas Agendadas'
"2007-09-23 08:43:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programas\Apple Software Update\SoftwareUpdate.exe
"2007-05-26 14:40:58 C:\WINDOWS\Tasks\Lembrete do registo 1.job"
"2007-05-26 14:40:59 C:\WINDOWS\Tasks\Lembrete do registo 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-10-08 18:23:25
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************
.
Tempo para conclusão: 2007-10-08 18:24:40
C:\ComboFix-quarantined-files.txt ... 2007-10-08 18:24
.
--- E O F ---
|
|
|
|
|
|
|
Poslao: 08 Okt 2007 18:37
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Vidim gde cuci zec. U pitanju je Navilog infekcija koja ti je stigla sa MailSkinner programom.
Rekao bih da je ComboFix sredio tu infekciju, ali ostaje nesto sto mi lici na Vundo.
Skini VundoFix:
http://www.atribune.org/ccount/click.php?id=4
* Dvoklikom se startuje fajl VundoFix.exe.
* Izabere opcija Scan for Vundo.
* Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK.
* Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo.
* Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes.
* Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a.
* Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK.
* Uključi se računar i podigne sistem iznova.
* Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu.
Ukoliko Vundo nista ne nadje automatski (moze da se desi u ovom slucaju), onda cemo morati rucno.
|
|
|
|
|
|
|
Poslao: 08 Okt 2007 18:44
|
offline
- M78
- Građanin
- Pridružio: 07 Feb 2007
- Poruke: 161
- Gde živiš: Novi Sad
|
VundoFix nije nista nasao!Znaci idemo na rucno?
|
|
|
|
|
|
|
Poslao: 08 Okt 2007 18:52
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Moracu da te zamolim za upload sumnjivih fajlova, ne smem napamet da te uputim na brisanje.
Spakuj sledece fajlove u jedan ZIP:
C:\WINDOWS\system32\tnwtqtn.exe
C:\WINDOWS\system32\uizauyfch.exe
C:\WINDOWS\system32\xobxke.exe
C:\WINDOWS\system32\ejnvlrnrz.exe
C:\WINDOWS\system32\qlraouyq.exe
C:\WINDOWS\system32\wqaeqb.exe
C:\WINDOWS\system32\swyaiw.exe
Pripremljeni ZIP uploaduj preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php
Sto se tice onih reklama, iskacu li jos ili smo se njih resili uz pomoc ComboFixa?
|
|
|
|
|
|
|
Poslao: 08 Okt 2007 19:06
|
offline
- M78
- Građanin
- Pridružio: 07 Feb 2007
- Poruke: 161
- Gde živiš: Novi Sad
|
Upload obavljen-nadam se uspesno.
A sto se tice reklama, cini se da vise ne iskacu!
|
|
|
|
|
|
|
Poslao: 08 Okt 2007 19:27
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Pregledano sa 32 antivirusa, i ni jedan nije nista zucnuo...
Ja cu te fajlove da posaljem u neku od AV laboratorija na pregled, da vidimo da li je nesto novo ili stvarno nije maliciozno.
To ce da potraje par dana.
Ti u medjuvremenu javi ako se reklame ipak pojave, da mi radimo na tome dok ne stignu ovi rezultati.
|
|
|
|
|
|
|
Poslao: 08 Okt 2007 19:32
|
offline
- M78
- Građanin
- Pridružio: 07 Feb 2007
- Poruke: 161
- Gde živiš: Novi Sad
|
Dogovoreno!
Hvala puno!
Veliki pozdrav!
|
|
|
|
|
|
|
Poslao: 08 Okt 2007 22:00
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Skinuti Navilog1 sa sledece adrese:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
Raspakovati i pokrenuti instalaciju. Nakon instalacije ce na Desktopu biti nova ikonica Navilog1.bat.
Pokrenuti Navilog1.bat i na prvom ekranu odabrati jezik (E za Engleski jezik).
Na sledeca tri ekrana je samo potrebno pritisnuti bilo koji taster da bi se preslo na naredni ekran.
Kada se stigne do ekrana na kojem je potrebno odabrati sta Navilog1 treba da uradi, odabrati opciju 1 - Search.
Po zavrsetku skeniranja Navilog1 ce otvoriti Notepad, i u Notepadu ce biti log koji je potrebno iskopirati u poruci na forumu.
|
|
|
|
|
|
|
Poslao: 08 Okt 2007 22:32
|
offline
- M78
- Građanin
- Pridružio: 07 Feb 2007
- Poruke: 161
- Gde živiš: Novi Sad
|
Search Navipromo version 3.2.1 began on 08-10-2007 at 22:27:47,46
!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Programas\navilog1
Updated on 03.10.2007 at 20h00 by IL-MAFIOSO
Microsoft Windows XP [VersÆo 5.1.2600]
Version Internet Explorer : 6.0.2900.2180
Done in normal mode
*** Searching for installed Software ***
*** Search folders in C:\WINDOWS ***
*** Search folders in C:\Programas ***
*** Search folders in C:\Documents and Settings\All Users\Application Data ***
*** Search folders in C:\DOCUME~1\ALLUSE~1\MENUIN~1\PROGRA~1 ***
*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : gmer.net
No file found in :
- C:\WINDOWS\system32
- C:\DOCUME~1\MANE
*** Search with GenericNaviSearch ***
!!! Possibility of legitims files in the result !!!
!!! To be always checked before manually deleting !!!
* Scan C:\WINDOWS\system32 *
Files found :
ejnvlrnrz.exe found !
nwcekninxq.exe found !
qlraouyq.exe found !
swyaiw.exe found !
tnwtqtn.exe found !
uizauyfch.exe found !
wqaeqb.exe found !
xobxke.exe found !
* Scan C:\DOCUME~1\MANE *
gnc.exe missing, Scan not done in C:\DOCUME~1\MANE !
*** Search files ***
C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-148A96D1.pf found !
C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-1F092850.pf found !
*** Search registry keys ***
*** Complementary Search ***
(Search specifics files)
1)Search known files:
2)Heuristic Search :
3)Certificates Search :
Certificate Egroup not found !
*** Search completed on 08-10-2007 at 22:29:41,93 ***
|
|
|
|
|
|
|
Poslao: 08 Okt 2007 22:39
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Hajmo da ocistimo to sto je nadjeno.
Pokrenuti Navilog1.bat i na prvom ekranu odabrati jezik (E za Engleski jezik).
Na sledeca tri ekrana je samo potrebno pritisnuti bilo koji taster da bi se preslo na naredni ekran.
Kada se stigne do ekrana na kojem je potrebno odabrati sta Navilog1 treba da uradi, odabrati opciju 2 - Automatic Cleaning.
U toku skeniranja bice zatrazen restart racunara. Ciscenje ce se nastaviti nakon restarta.
Po zavrsetku ciscenja Navilog1 ce napraviti log fajl C:\fixnavi.txt. Taj log otvoriti u Notepadu i iskopirati sadrzaj u poruci na forumu.
Dopuna: 08 Okt 2007 22:39
Zaboravih da ti kazem: ja cu moci da nastavim tek sutra, sada moram vec polako na pocinak (ustajem rano za na posao).
|
|
|
|
|
|
