threat

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

pokrenula sam tako i opet sam nije izbacio sam izvestaj...ComboFix 11-12-06.01 - Marijana 12/07/2011 15:00:45.12.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1503.1052 [GMT 1:00]
Running from: C:\Documents and Settings\Marijana\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Marijana\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


---- Previous Run -------

C:\WINDOWS\pkunzip.pif
C:\WINDOWS\pkzip.pif

-- Previous Run --

C:\WINDOWS\system32\midimap.dll . . . is infected!!

-- Previous Run --

C:\WINDOWS\system32\midimap.dll . . . is infected!!

--------

C:\WINDOWS\system32\midimap.dll . . . is infected!!

-- Previous Run --

C:\WINDOWS\system32\midimap.dll . . . is infected!!

-- Previous Run --

C:\WINDOWS\system32\midimap.dll . . . is infected!!

--------

C:\WINDOWS\system32\midimap.dll . . . is infected!!

--------

C:\WINDOWS\system32\midimap.dll . . . is infected!!

--------

C:\WINDOWS\system32\midimap.dll . . . is infected!!


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALZOXGRYH
-------\Service_alzoxgryh


((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))))


.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-11-28 18:01:25 . 2011-09-03 19:58:44 41184 ----a-w- C:\WINDOWS\avastSS.scr
2011-11-28 18:01:23 . 2011-09-03 19:58:44 199816 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2011-11-28 17:53:53 . 2011-09-03 19:58:56 435032 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-11-28 17:53:35 . 2011-09-03 19:58:57 314456 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2011-11-28 17:52:19 . 2011-09-03 19:58:56 34392 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-11-28 17:52:16 . 2011-09-03 19:58:56 52952 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-11-28 17:52:02 . 2011-09-03 19:58:56 111320 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-11-28 17:51:59 . 2011-09-03 19:58:56 105176 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2011-11-28 17:51:50 . 2011-09-03 19:58:57 20568 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-11-28 17:48:49 . 2011-09-03 19:58:56 30808 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-10-10 14:22:41 . 2010-10-27 04:03:56 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-10-03 03:06:03 . 2011-01-25 13:30:54 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2011-10-03 00:37:52 . 2011-01-25 13:30:54 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2011-09-28 07:06:50 . 2008-04-13 22:41:52 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll
2011-09-26 09:41:20 . 2011-09-26 09:41:20 611328 ------w- C:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 09:41:20 . 2004-08-04 12:00:00 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll
2011-09-26 09:41:14 . 2004-08-04 12:00:00 20480 ----a-w- C:\WINDOWS\system32\oleaccrc.dll
2011-09-09 08:35:41 . 2011-09-09 08:35:41 388096 ----a-r- C:\Documents and Settings\Marijana\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-10 22:09:19 . 2011-09-03 02:09:11 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2008-04-28 09:18:38 . CB75214525D36F923D3948DA3CD1562D . 1390080 . . [2001.12.4414.700] . . C:\WINDOWS\system32\comres.dll

[-] 2008-04-28 09:24:10 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\winlogon.exe

[7] 2008-04-13 22:42:52 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-03-20 18:36:10 . 1CA39C7E1423FF8821664E0E06FEA55E . 343040 . . [7.0.2600.5508 (xpsp.080320-1628-)] . . C:\WINDOWS\system32\msvcrt.dll
[7] 2004-08-04 12:00:00 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0 (xpclient.010817-1148-)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2008-03-20 18:36:16 . F92D8964B5286DE225BD2B6BF89764BE . 578560 . . [5.1.2600.5508 (xpsp.080320-1622)] . . C:\WINDOWS\system32\user32.dll

[-] 2008-08-18 18:17:14 . 4A90F51B778FA0157F60D206E8B37D2A . 1616384 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe

[-] 2008-04-13 22:42:34 . 18B0915F58A5342AB0F3D01D57261E32 . 267264 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\regedit.exe

[-] 2008-04-28 09:22:50 . B5E8782D4AF1B3756F38E11E7C157BBE . 25088 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\ctfmon.exe

[-] 2008-04-26 03:58:34 . BC298B78B311397B421D4D52B44B49EC . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll

[-] 2008-04-28 09:19:18 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\hnetcfg.dll

[-] 2008-04-28 09:19:42 . 66620EE56B0FFB1B267BD24ECF942A9B . 42496 . . [5.1.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\midimap.dll

((((((((((((((((((((((((((((( SnapShot_2011-12-06_20.01.16 )))))))))))))))))))))))))))))))))))))))))

+ 2011-12-07 14:14:41 . 2011-12-07 14:14:41 16384 C:\WINDOWS\temp\Perflib_Perfdata_208.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01:17 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 06:58:52 495616]
"AnalogClock"="C:\Program Files\Windows7\Analog Clock\AnalogClock.exe" [2005-11-05 06:10:06 480256]
"TopDesk"="C:\Program Files\Windows7\TopDesk\topdesk.exe" [2007-06-20 08:21:06 1912832]
"TransBar"="C:\Program Files\Windows7\TransBar\TransBar.exe" [2005-06-01 15:41:18 65536]
"UberIcon"="C:\Program Files\Windows7\UberIcon\UberIcon Manager.exe" [2006-05-21 03:43:08 180224]
"CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 15:46:45 416768]
"Advanced SystemCare 3"="C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 15:19:34 2402512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KRun"="C:\Program Files\Windows7\RunMe\RunMe.exe" [2007-04-06 14:15:40 518656]
"Visual Task Tips"="C:\Program Files\Windows7\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 17:20:12 36352]
"Pie Dock"="C:\Program Files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe" [2007-09-02 06:12:18 586240]
"UFD Monitor"="C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe" [2002-11-28 07:41:14 45056]
"UFD Utility"="C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe" [2002-12-04 03:37:20 413696]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 08:22:04 577536]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 22:22:22 35328]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 17:47:42 31016]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 10:15:12 106496]
"SiSRaid"="C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2005-05-18 07:44:08 905216]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-11-28 18:01:24 3744552]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 11:06:06 254696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-28 09:22:50 25088]

C:\Documents and Settings\Marijana\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2010-12-21 593920]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2010-10-27 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [10/27/2010 6:01:01 AM 685816]
R0 Vax347b;Vax347b;C:\WINDOWS\system32\drivers\Vax347b.sys [10/27/2010 5:52:59 AM 159616]
R0 Vax347s;Vax347s;C:\WINDOWS\system32\drivers\Vax347s.sys [10/27/2010 5:52:59 AM 5248]
R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [9/3/2011 8:58:56 PM 435032]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [9/3/2011 8:58:57 PM 314456]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [9/3/2011 8:58:57 PM 20568]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [12/26/2010 10:16:51 AM 136176]
S2 OxSer;PCI Serial Driver;C:\WINDOWS\system32\drivers\OxSer.sys [10/27/2010 8:02:41 AM 54584]

Contents of the 'Scheduled Tasks' folder

2011-12-07 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-26 09:16:51 . 2010-12-26 09:16:47]

2011-12-07 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-26 09:16:51 . 2010-12-26 09:16:47]

2011-12-06 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1343024091-1417001333-1003Core.job
- C:\Documents and Settings\Marijana\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-03 01:53:19 . 2011-08-05 15:48:49]

2011-12-07 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1343024091-1417001333-1003UA.job
- C:\Documents and Settings\Marijana\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-03 01:53:19 . 2011-08-05 15:48:49]

2011-12-07 C:\WINDOWS\Tasks\User_Feed_Synchronization-{578B29E4-648E-4140-82DC-CD9AB335F645}.job
- C:\WINDOWS\system32\msfeedssync.exe [2008-04-26 03:44:58 . 2009-03-08 02:31:54]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U sistemu nemaš više tragova aktivne infekcije.

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.






Obavezno posjeti temu Testirajte da li vam je pretraživač ranjiv, pročitaj i isprati link koji stoji u njoj.






- Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield. Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.

Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obavještenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/

Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html



Pozdrav.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 07 Dec 2011 20:26

dok sam deinstalirala combo fix avast mi je radio i nasao je 9 virusa i onaj iexplore.exe i to je kao u avast autosandboxu i probam da pokrenem avast da skenira i da pobrisem te viruse i iskace mi obavestenje kao da je sistem ugrozen...sta da radim?

Dopuna: 07 Dec 2011 20:28

i combofix mi se nije deinstalirao jos je na desktopu

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem desnom uglu ekrana i izaberi Open Avast! User Interface.

U prozoru koji se otvori,u gornjem desnom uglu, izaberi opciju Settings. U novom prozoru koji će se otvoriti izaberi opciju Troubleshooting, deštikliraj opciju Enable avast! self-defence i klikni OK.

Ponovo klikni desnim tasterom miša na avast! ikonicu ( ) u donjem desnom uglu ekrana i izaberi avast! shields control.

U meniju koji se pojavi izaberi Disable Permanently. Kada se pojavi upit o isključivanju zaštite, klikni Yes.

Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.


Kad isključiš avast, opet pokušaj deinstalirati ComboFix.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 07 Dec 2011 22:43

uklonila sam combofix skenirala sam sa avastom nije nasao nista ali je pisalo da nije mogao sve skenirati. HVALA PUNO! pozdrav

Dopuna: 07 Dec 2011 23:15

pozdrav probala sam da skinem taj program sto skenira usb mem.uredjaje i preuzmem ga kad ga pokrenem pise ocorupted file i nemoze da se otvori.isto tako kad sam testirala pretrazivac nisam mogla da popravim tj. da preuzmem najnoviju verziju DivXWebPleyera....

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Te probleme iznesi u odgovarajućim temama (imaš linkove u prethodnim porulkama). Ovde se bavimo isključivo ukanjanjem malwarea.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok, hvala ti puno!