MyCity » Ambulanta -> Arhiva Ambulante » virus pomoc

virus pomoc

Napisano na dan: 13.12.2008

virus pomoc

Sledeća strana

Pagination

Odgovori

slatin Poslao: 13 Dec 2008 07:42 Idi na vrh
offline slatin Novi MyCity građanin Pridružio: 13 Dec 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 7:24:41 AM, on 12/13/2008 Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\windows\explorer.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\McAfee\MSK\MskAgent.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\PROGRA~1\mcafee\msc\mcshell.exe C:\totalcmd\TOTALCMD.EXE C:\HIJACKTHIS\FG5.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ui.skype.com/ui/0/3.2.0.175/en/go/tos F2 - REG:system.ini: Shell=c:\windows\explorer.exe F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: Machine Debug Manager (MDM) - McAfee, Inc. - (no file) O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe Ovo je moj log fajl, a problem je sledeci. Programi mi se gase sami od sebe. Npr Total Commander, MS Officce (sa ovima najvise radim pa sam za njih i primetio). Znaci kad ga otvorim on radi 5-10min. i zatvori se sam od sebe! JEdino se IE ne zatvara. AVG mi nije nasao nista, zamenio sam ga sa MCafee-ijem al opet nista. Ako neko zna nesto bio bih mu zahvalan... Hvala unapred.

Profil

dr_Bora Poslao: 13 Dec 2008 10:40 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... U ovom logu nema tragova aktivnog malware-a. No, odradićemo još jednu proveru. * Klikni desnim tasterom na McAfee Antivirus ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Exit. * Kada se pojavi upit o isključivanju, klikni Yes. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

slatin Poslao: 13 Dec 2008 19:10 Idi na vrh
offline slatin Novi MyCity građanin Pridružio: 13 Dec 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozz... Evo nadam se da se nesto vidi iz ovoga! ComboFix 08-12-12.05 - user 2008-12-13 18:56:51.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.1342 [GMT 1:00] Running from: f:\install\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt c:\windows\system32\drivers\atmapi.sys c:\windows\system32\nvaux32.dll . ((((((((((((((((((((((((( Files Created from 2008-11-13 to 2008-12-13 ))))))))))))))))))))))))))))))) . 2008-12-13 07:23 . 2008-12-13 07:25 <DIR> d-------- C:\HIJACKTHIS 2008-12-12 22:53 . 2008-12-13 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee 2008-12-12 22:41 . 2008-12-12 22:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8 2008-12-09 17:48 . 2008-12-06 13:27 578,560 --a------ c:\windows\system32\sxewpowlx 2008-12-09 05:22 . 2008-12-06 13:27 578,560 --a------ c:\windows\system32\eycpl 2008-12-09 05:21 . 2008-12-06 13:27 578,560 --a------ c:\windows\system32\yzbukrw 2008-12-06 13:27 . 2008-12-10 15:21 65,024 --a------ c:\windows\system32\r33.es 2008-12-06 13:27 . 2008-12-10 15:21 64,512 --a------ c:\windows\system32\fop.e 2008-12-06 13:27 . 2008-12-10 15:21 32,768 --a------ c:\windows\system32\zed.pa 2008-12-06 13:27 . 2008-12-10 15:21 32,768 --a------ c:\windows\system32\kj.je 2008-12-06 13:27 . 2008-12-10 15:21 21,504 --a------ c:\windows\system32\v1.e2 2008-12-02 07:40 . 2008-12-02 11:22 145 --a------ c:\windows\wcx_ftp.ini 2008-12-02 06:10 . 2008-12-02 06:10 <DIR> d-------- c:\windows\system32\Adobe 2008-12-02 06:10 . 2008-12-02 06:10 <DIR> d-------- c:\windows\Profiles 2008-12-02 06:10 . 2008-12-02 06:10 <DIR> d-------- c:\documents and settings\user\Application Data\InterTrust 2008-12-01 12:36 . 2008-12-01 12:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems 2008-12-01 12:35 . 2008-12-01 12:35 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2008-12-01 07:23 . 2008-12-03 11:22 <DIR> d-------- c:\documents and settings\user\Application Data\skypePM 2008-12-01 07:23 . 2008-12-01 07:23 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-11-28 17:51 . 2008-11-28 17:51 <DIR> d-------- c:\windows\Sun 2008-11-23 11:10 . 2008-11-23 11:10 0 --a------ C:\LOG32A.tmp 2008-11-13 19:29 . 2008-11-13 19:29 0 --a------ C:\LOG37.tmp 2008-11-13 17:49 . 2008-11-13 17:49 0 --a------ C:\LOG9.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-13 06:52 --------- d-----w c:\program files\Common Files\Adobe 2008-12-06 12:27 578,560 ----a-w c:\windows\system32\user32.DLL 2008-12-02 06:42 --------- d-----w c:\documents and settings\user\Application Data\uTorrent 2008-12-01 06:22 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2008-11-29 17:06 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-23 10:19 --------- d-----w c:\documents and settings\user\Application Data\U3 2008-11-10 18:55 --------- d-----w c:\program files\KONAMI 2008-11-06 20:52 --------- d-----w c:\program files\uTorrent 2008-10-24 15:46 --------- d-----w c:\program files\ATI 2008-10-24 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\ATI 2008-10-24 15:43 --------- d-----w c:\program files\ATI Technologies 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 21:00 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll 2008-10-23 16:03 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\ATI 2008-10-23 14:44 --------- d-----w c:\program files\Common Files\Logitech 2008-10-23 14:43 --------- d-----w c:\program files\Logitech 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-22 18:55 --------- d-----w c:\program files\Common Files\DirectX 2008-10-22 18:42 --------- d-----w c:\program files\EA GAMES 2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 10:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 10:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 10:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 10:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 10:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 10:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 10:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 10:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-24 02:18 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll 2008-09-24 02:17 311,296 ------w c:\windows\system32\ati2dvag.dll 2008-09-24 02:09 10,772,480 ----a-w c:\windows\system32\atioglxx.dll 2008-09-24 02:07 188,416 ----a-w c:\windows\system32\atipdlxx.dll 2008-09-24 02:06 43,520 ----a-w c:\windows\system32\ati2edxx.dll 2008-09-24 02:06 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe 2008-09-24 02:06 143,360 ----a-w c:\windows\system32\Oemdspif.dll 2008-09-24 02:06 143,360 ----a-w c:\windows\system32\ati2evxx.dll 2008-09-24 02:04 581,632 ----a-w c:\windows\system32\ati2evxx.exe 2008-09-24 02:03 53,248 ----a-w c:\windows\system32\ATIDDC.DLL 2008-09-24 01:56 307,200 ----a-w c:\windows\system32\atiiiexx.dll 2008-09-24 01:54 4,008,864 ------w c:\windows\system32\ati3duag.dll 2008-09-24 01:38 2,399,744 ------w c:\windows\system32\ativvaxx.dll 2008-09-24 01:24 48,640 ----a-w c:\windows\system32\amdpcom32.dll 2008-09-24 01:20 380,928 ----a-w c:\windows\system32\atikvmag.dll 2008-09-24 01:19 39,424 ----a-w c:\windows\system32\atiadlxx.dll 2008-09-24 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll 2008-09-24 01:18 17,408 ----a-w c:\windows\system32\atitvo32.dll 2008-09-24 01:12 573,440 ------w c:\windows\system32\ati2cqag.dll 2008-09-23 18:05 593,920 ------w c:\windows\system32\ati2sgag.exe 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys . file copied: c:\windows\system32\user32.dll -> c:\qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir ( 578560 bytes ) Infected c:\windows\system32\user32.dll hex repaired ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-11-30 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-13 68856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-11-30 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "CnxDslTaskBar"="c:\program files\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2003-10-29 462848] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] c:\documents and settings\user\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 568176] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"= "c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"= S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2008-09-27 60288] S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2008-09-27 646784] S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2008-09-27 108675] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b052634-ae90-11dd-9eb1-001c23865aa3}] \Shell\AutoRun\command - wscript.exe .vbs \Shell\open\command - wscript.exe .vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b25ede2e-6080-11dd-9e92-e5e3fde9551e}] \Shell\AutoRun\command - i:\wd_windows_tools\Setup.exe . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com./ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://ui.skype.com/ui/0/3.2.0.175/en/go/tos uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\0vv29r24.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - plugin: c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-13 18:59:44 Windows 5.1.2600 Service Pack 3, v.5657 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(952) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe . ************************************************************************ . Completion time: 2008-12-13 19:00:53 - machine was rebooted [user] ComboFix-quarantined-files.txt 2008-12-13 18:00:50 Pre-Run: 8,715,636,736 bytes free Post-Run: 9,732,313,088 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS [operating systems] d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 191 --- E O F --- 2008-12-12 21:17:17

Profil

dr_Bora Poslao: 13 Dec 2008 19:46 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\sxewpowlx c:\windows\system32\eycpl c:\windows\system32\yzbukrw c:\windows\system32\r33.es c:\windows\system32\fop.e c:\windows\system32\zed.pa c:\windows\system32\kj.je c:\windows\system32\v1.e2 Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b052634-ae90-11dd-9eb1-001c23865aa3}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

slatin Poslao: 13 Dec 2008 23:39 Idi na vrh
offline slatin Novi MyCity građanin Pridružio: 13 Dec 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ga sadrzaj. Mislim da je sad sve ok. Barem mi se ne zatvaraju programi vise. ComboFix 08-12-12.05 - user 2008-12-13 23:30:41.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.1326 [GMT 1:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-11-13 to 2008-12-13 ))))))))))))))))))))))))))))))) . 2008-12-13 19:31 . 2008-12-13 19:31 <DIR> d-------- c:\program files\Alwil Software 2008-12-13 07:23 . 2008-12-13 07:25 <DIR> d-------- C:\HIJACKTHIS 2008-12-12 22:53 . 2008-12-13 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee 2008-12-12 22:41 . 2008-12-12 22:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8 2008-12-09 17:48 . 2008-12-06 13:27 578,560 --a------ c:\windows\system32\sxewpowlx 2008-12-09 05:22 . 2008-12-06 13:27 578,560 --a------ c:\windows\system32\eycpl 2008-12-09 05:21 . 2008-12-06 13:27 578,560 --a------ c:\windows\system32\yzbukrw 2008-12-06 13:27 . 2008-12-10 15:21 65,024 --a------ c:\windows\system32\r33.es 2008-12-06 13:27 . 2008-12-10 15:21 64,512 --a------ c:\windows\system32\fop.e 2008-12-06 13:27 . 2008-12-10 15:21 32,768 --a------ c:\windows\system32\zed.pa 2008-12-06 13:27 . 2008-12-10 15:21 32,768 --a------ c:\windows\system32\kj.je 2008-12-06 13:27 . 2008-12-10 15:21 21,504 --a------ c:\windows\system32\v1.e2 2008-12-02 07:40 . 2008-12-02 11:22 145 --a------ c:\windows\wcx_ftp.ini 2008-12-02 06:10 . 2008-12-02 06:10 <DIR> d-------- c:\windows\system32\Adobe 2008-12-02 06:10 . 2008-12-02 06:10 <DIR> d-------- c:\windows\Profiles 2008-12-02 06:10 . 2008-12-02 06:10 <DIR> d-------- c:\documents and settings\user\Application Data\InterTrust 2008-12-01 12:36 . 2008-12-01 12:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems 2008-12-01 12:35 . 2008-12-01 12:35 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2008-12-01 07:23 . 2008-12-03 11:22 <DIR> d-------- c:\documents and settings\user\Application Data\skypePM 2008-12-01 07:23 . 2008-12-01 07:23 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-11-28 17:51 . 2008-11-28 17:51 <DIR> d-------- c:\windows\Sun 2008-11-23 11:10 . 2008-11-23 11:10 0 --a------ C:\LOG32A.tmp 2008-11-13 19:29 . 2008-11-13 19:29 0 --a------ C:\LOG37.tmp 2008-11-13 17:49 . 2008-11-13 17:49 0 --a------ C:\LOG9.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-13 06:52 --------- d-----w c:\program files\Common Files\Adobe 2008-12-06 12:27 578,560 ----a-w c:\windows\system32\user32.DLL 2008-12-02 06:42 --------- d-----w c:\documents and settings\user\Application Data\uTorrent 2008-12-01 06:22 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2008-11-29 17:06 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-23 10:19 --------- d-----w c:\documents and settings\user\Application Data\U3 2008-11-10 18:55 --------- d-----w c:\program files\KONAMI 2008-11-06 20:52 --------- d-----w c:\program files\uTorrent 2008-10-24 15:46 --------- d-----w c:\program files\ATI 2008-10-24 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\ATI 2008-10-24 15:43 --------- d-----w c:\program files\ATI Technologies 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 21:00 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll 2008-10-23 16:03 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\ATI 2008-10-23 14:44 --------- d-----w c:\program files\Common Files\Logitech 2008-10-23 14:43 --------- d-----w c:\program files\Logitech 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-22 18:55 --------- d-----w c:\program files\Common Files\DirectX 2008-10-22 18:42 --------- d-----w c:\program files\EA GAMES 2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 10:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 10:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 10:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 10:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 10:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 10:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 10:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 10:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-24 02:18 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll 2008-09-24 02:17 311,296 ------w c:\windows\system32\ati2dvag.dll 2008-09-24 02:09 10,772,480 ----a-w c:\windows\system32\atioglxx.dll 2008-09-24 02:07 188,416 ----a-w c:\windows\system32\atipdlxx.dll 2008-09-24 02:06 43,520 ----a-w c:\windows\system32\ati2edxx.dll 2008-09-24 02:06 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe 2008-09-24 02:06 143,360 ----a-w c:\windows\system32\Oemdspif.dll 2008-09-24 02:06 143,360 ----a-w c:\windows\system32\ati2evxx.dll 2008-09-24 02:04 581,632 ----a-w c:\windows\system32\ati2evxx.exe 2008-09-24 02:03 53,248 ----a-w c:\windows\system32\ATIDDC.DLL 2008-09-24 01:56 307,200 ----a-w c:\windows\system32\atiiiexx.dll 2008-09-24 01:54 4,008,864 ------w c:\windows\system32\ati3duag.dll 2008-09-24 01:38 2,399,744 ------w c:\windows\system32\ativvaxx.dll 2008-09-24 01:24 48,640 ----a-w c:\windows\system32\amdpcom32.dll 2008-09-24 01:20 380,928 ----a-w c:\windows\system32\atikvmag.dll 2008-09-24 01:19 39,424 ----a-w c:\windows\system32\atiadlxx.dll 2008-09-24 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll 2008-09-24 01:18 17,408 ----a-w c:\windows\system32\atitvo32.dll 2008-09-24 01:12 573,440 ------w c:\windows\system32\ati2cqag.dll 2008-09-23 18:05 593,920 ------w c:\windows\system32\ati2sgag.exe 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((( snapshot@2008-12-13_19.00.30.56 ))))))))))))))))))))))))))))))))))))))))) . + 2006-09-25 16:45:08 666,240 ----a-w c:\windows\system32\aswBoot.exe + 2006-09-25 16:37:03 90,112 ----a-w c:\windows\system32\AVASTSS.scr + 2006-09-25 16:37:49 24,560 ----a-w c:\windows\system32\drivers\aavmker4.sys + 2006-09-25 16:40:55 85,952 ----a-w c:\windows\system32\drivers\aswmon.sys + 2006-09-25 16:40:41 87,424 ----a-w c:\windows\system32\drivers\aswmon2.sys + 2006-09-25 16:39:25 16,352 ----a-w c:\windows\system32\drivers\aswRdr.sys + 2006-09-25 16:39:01 36,176 ----a-w c:\windows\system32\drivers\aswTdi.sys - 2008-12-13 17:54:12 58,794 ----a-w c:\windows\system32\perfc009.dat + 2008-12-13 18:04:01 58,794 ----a-w c:\windows\system32\perfc009.dat - 2008-12-13 17:54:12 392,534 ----a-w c:\windows\system32\perfh009.dat + 2008-12-13 18:04:01 392,534 ----a-w c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-11-30 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-13 68856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-11-30 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "CnxDslTaskBar"="c:\program files\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2003-10-29 462848] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2006-09-25 108160] c:\documents and settings\user\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 568176] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"= "c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"= S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2008-09-27 60288] S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2008-09-27 646784] S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2008-09-27 108675] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b25ede2e-6080-11dd-9e92-e5e3fde9551e}] \Shell\AutoRun\command - i:\wd_windows_tools\Setup.exe . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com./ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://ui.skype.com/ui/0/3.2.0.175/en/go/tos uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\0vv29r24.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - plugin: c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-13 23:31:26 Windows 5.1.2600 Service Pack 3, v.5657 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(952) c:\windows\system32\Ati2evxx.dll . Completion time: 2008-12-13 23:31:52 ComboFix-quarantined-files.txt 2008-12-13 22:31:50 ComboFix2.txt 2008-12-13 18:00:53 Pre-Run: 9,673,736,192 bytes free Post-Run: 9,669,521,408 bytes free 178 --- E O F --- 2008-12-12 21:17:17

Profil

dr_Bora Poslao: 14 Dec 2008 00:32 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zamolio bih te da ponoviš postupak - u Notepad je potrebno iskopirati sve što se nalazi unutar kod polja.

Profil

slatin Poslao: 14 Dec 2008 08:24 Idi na vrh
offline slatin Novi MyCity građanin Pridružio: 13 Dec 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moguce da sam nesto omasio. Evo ga opet. ComboFix 08-12-12.05 - user 2008-12-14 8:15:49.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.1318 [GMT 1:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\system32\eycpl c:\windows\system32\fop.e c:\windows\system32\kj.je c:\windows\system32\r33.es c:\windows\system32\sxewpowlx c:\windows\system32\v1.e2 c:\windows\system32\yzbukrw c:\windows\system32\zed.pa . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\eycpl c:\windows\system32\fop.e c:\windows\system32\kj.je c:\windows\system32\r33.es c:\windows\system32\sxewpowlx c:\windows\system32\v1.e2 c:\windows\system32\yzbukrw c:\windows\system32\zed.pa . ((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 ))))))))))))))))))))))))))))))) . 2008-12-13 19:31 . 2008-12-13 19:31 <DIR> d-------- c:\program files\Alwil Software 2008-12-13 07:23 . 2008-12-13 07:25 <DIR> d-------- C:\HIJACKTHIS 2008-12-12 22:53 . 2008-12-13 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee 2008-12-12 22:41 . 2008-12-12 22:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8 2008-12-02 07:40 . 2008-12-02 11:22 145 --a------ c:\windows\wcx_ftp.ini 2008-12-02 06:10 . 2008-12-02 06:10 <DIR> d-------- c:\windows\system32\Adobe 2008-12-02 06:10 . 2008-12-02 06:10 <DIR> d-------- c:\windows\Profiles 2008-12-02 06:10 . 2008-12-02 06:10 <DIR> d-------- c:\documents and settings\user\Application Data\InterTrust 2008-12-01 12:36 . 2008-12-01 12:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems 2008-12-01 12:35 . 2008-12-01 12:35 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2008-12-01 07:23 . 2008-12-03 11:22 <DIR> d-------- c:\documents and settings\user\Application Data\skypePM 2008-12-01 07:23 . 2008-12-01 07:23 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-11-28 17:51 . 2008-11-28 17:51 <DIR> d-------- c:\windows\Sun 2008-11-23 11:10 . 2008-11-23 11:10 0 --a------ C:\LOG32A.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-13 06:52 --------- d-----w c:\program files\Common Files\Adobe 2008-12-06 12:27 578,560 ----a-w c:\windows\system32\user32.DLL 2008-12-02 06:42 --------- d-----w c:\documents and settings\user\Application Data\uTorrent 2008-12-01 06:22 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2008-11-29 17:06 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-23 10:19 --------- d-----w c:\documents and settings\user\Application Data\U3 2008-11-10 18:55 --------- d-----w c:\program files\KONAMI 2008-11-06 20:52 --------- d-----w c:\program files\uTorrent 2008-10-24 15:46 --------- d-----w c:\program files\ATI 2008-10-24 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\ATI 2008-10-24 15:43 --------- d-----w c:\program files\ATI Technologies 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 21:00 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll 2008-10-23 16:03 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\ATI 2008-10-23 14:44 --------- d-----w c:\program files\Common Files\Logitech 2008-10-23 14:43 --------- d-----w c:\program files\Logitech 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-22 18:55 --------- d-----w c:\program files\Common Files\DirectX 2008-10-22 18:42 --------- d-----w c:\program files\EA GAMES 2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 10:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 10:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 10:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 10:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 10:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 10:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 10:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 10:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-24 02:18 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll 2008-09-24 02:17 311,296 ------w c:\windows\system32\ati2dvag.dll 2008-09-24 02:09 10,772,480 ----a-w c:\windows\system32\atioglxx.dll 2008-09-24 02:07 188,416 ----a-w c:\windows\system32\atipdlxx.dll 2008-09-24 02:06 43,520 ----a-w c:\windows\system32\ati2edxx.dll 2008-09-24 02:06 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe 2008-09-24 02:06 143,360 ----a-w c:\windows\system32\Oemdspif.dll 2008-09-24 02:06 143,360 ----a-w c:\windows\system32\ati2evxx.dll 2008-09-24 02:04 581,632 ----a-w c:\windows\system32\ati2evxx.exe 2008-09-24 02:03 53,248 ----a-w c:\windows\system32\ATIDDC.DLL 2008-09-24 01:56 307,200 ----a-w c:\windows\system32\atiiiexx.dll 2008-09-24 01:54 4,008,864 ------w c:\windows\system32\ati3duag.dll 2008-09-24 01:38 2,399,744 ------w c:\windows\system32\ativvaxx.dll 2008-09-24 01:24 48,640 ----a-w c:\windows\system32\amdpcom32.dll 2008-09-24 01:20 380,928 ----a-w c:\windows\system32\atikvmag.dll 2008-09-24 01:19 39,424 ----a-w c:\windows\system32\atiadlxx.dll 2008-09-24 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll 2008-09-24 01:18 17,408 ----a-w c:\windows\system32\atitvo32.dll 2008-09-24 01:12 573,440 ------w c:\windows\system32\ati2cqag.dll 2008-09-23 18:05 593,920 ------w c:\windows\system32\ati2sgag.exe 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((( snapshot@2008-12-13_19.00.30.56 ))))))))))))))))))))))))))))))))))))))))) . + 2006-09-25 16:45:08 666,240 ----a-w c:\windows\system32\aswBoot.exe + 2006-09-25 16:37:03 90,112 ----a-w c:\windows\system32\AVASTSS.scr + 2006-09-25 16:37:49 24,560 ----a-w c:\windows\system32\drivers\aavmker4.sys + 2006-09-25 16:40:55 85,952 ----a-w c:\windows\system32\drivers\aswmon.sys + 2006-09-25 16:40:41 87,424 ----a-w c:\windows\system32\drivers\aswmon2.sys + 2006-09-25 16:39:25 16,352 ----a-w c:\windows\system32\drivers\aswRdr.sys + 2006-09-25 16:39:01 36,176 ----a-w c:\windows\system32\drivers\aswTdi.sys - 2008-12-13 17:54:12 58,794 ----a-w c:\windows\system32\perfc009.dat + 2008-12-13 18:04:01 58,794 ----a-w c:\windows\system32\perfc009.dat - 2008-12-13 17:54:12 392,534 ----a-w c:\windows\system32\perfh009.dat + 2008-12-13 18:04:01 392,534 ----a-w c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-11-30 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-13 68856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-11-30 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "CnxDslTaskBar"="c:\program files\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2003-10-29 462848] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2006-09-25 108160] c:\documents and settings\user\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 568176] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"= "c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"= S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2008-09-27 60288] S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2008-09-27 646784] S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2008-09-27 108675] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b25ede2e-6080-11dd-9e92-e5e3fde9551e}] \Shell\AutoRun\command - i:\wd_windows_tools\Setup.exe . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com./ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://ui.skype.com/ui/0/3.2.0.175/en/go/tos uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\0vv29r24.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - plugin: c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-14 08:16:27 Windows 5.1.2600 Service Pack 3, v.5657 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(952) c:\windows\system32\Ati2evxx.dll . Completion time: 2008-12-14 8:16:55 ComboFix-quarantined-files.txt 2008-12-14 07:16:52 ComboFix2.txt 2008-12-13 22:31:53 ComboFix3.txt 2008-12-13 18:00:53 Pre-Run: 9,638,678,528 bytes free Post-Run: 9,650,683,904 bytes free 189 --- E O F --- 2008-12-12 21:17:17

Profil

dr_Bora Poslao: 14 Dec 2008 10:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To je to... Ovo sada izgleda ok. Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore I to je sve...

Profil

slatin Poslao: 14 Dec 2008 13:12 Idi na vrh
offline slatin Novi MyCity građanin Pridružio: 13 Dec 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Doktore zahvaljujem, pomislio sam da cu morati da reinstaliram windows i izvodim razne akrobacije. ) Pozdrav...

Profil

MyCity » Ambulanta -> Arhiva Ambulante » virus pomoc

Ko je trenutno na forumu

Ukupno su 1094 korisnika na forumu :: 37 registrovanih, 6 sakrivenih i 1051 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: aleksmajstor, Alibaba1981, amaterSRB, babaroga, bata19801, Ben Roj, Bickoooo, comi_pfc, DejanCG, Denaya, dolinalima, DPera, dragoljub11987, GORDI, Haris, Japidson, Joja, kybonacci, Leonov, mercedesamg, milimoj, nazgul75, nemkea71, Povratak1912, procesor, rodoljub, solic, Srki94, Srle993, stegonosa, Tvrtko I, vasa.93, vaso1, VJ, zodiac94, Žrnov, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by