Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Worm.Win32.Delf.bd

[es] :: Zaštita :: Worm.Win32.Delf.bd

[ Pregleda: 2760 | Odgovora: 9 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

Zoro67

Član broj: 57386
Poruke: 99
*.ADSL.neobee.net.



Profil

icon Worm.Win32.Delf.bd17.11.2008. u 10:19 - pre 188 meseci
Kupio sam polovnu Windows XP konfiguraciju na kojoj je bio instaliran NOD32. Umesto NOD-a instalirah Kaspersky 7.0 jer za Kasperskog imam placenu licencu. Pre instalacije Kasperskog skenrao sam ceo sistem sa NOD32 ali bez novih definicija i NOD nije nasao nista opasno. Zatim sam skenirao sistem i sa Kasperskim koji takodje nije nasao nista. Jutros sam dobio obavestenje od KAV da je potrebno da uradim update iako sam pre desetak sati uradio update. Napravio sam update ali nisam zeleo da ponovo skeniram sistem jer sam to uradio takodje pre desetak sati. Iako nisam skenirao ponovo ceo sistem, Kasperski mi je zakrestao desetak minuta posle update-a i izbacio poruku: "virus Worm.Win32.Delf.bd File: C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\GameSetup.exe//FSG" i ponudio mi je da obrisem file. File sam obrisao ali posle 3-4 min Kaspersky se ponovo oglasio sa istom porukom. Brisao sam isti file mnogo puta ali se uporno pojavljivao na svakih 5 minuta sa istom porukom. Sada sam restartovao masinu i KAV se vise ne oglasava. Da li sam uspeo da ga se otarasim?
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Worm.Win32.Delf.bd17.11.2008. u 10:42 - pre 188 meseci
Ne znamo ali mozemo da proverimo

Skini program Hijack This
Stavi ga na desktop u zaseban folder (folderu daj ime TG2)
Promeni ime Hijack This.exe u TG2.exe
Pokreni program i klikni na "Do a system scan and save a logfile"
Kad zavrsi scan izbacice log u notepadu
Iskopiraj taj log (copy/paste) i postavi ovde na forum.
 
Odgovor na temu

Zoro67

Član broj: 57386
Poruke: 99
*.ADSL.neobee.net.



Profil

icon Re: Worm.Win32.Delf.bd17.11.2008. u 12:39 - pre 188 meseci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:49, on 17.Nov.08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\TIADSL~1\bin\win2k\tidslmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Ahead\Nero\nero.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rs2.travian.com/dorf1.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/help/aw/evhelp/2.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\TIADSL~1\bin\win2k\tidslmon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Paleta Alatki RoboForma - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Podesi Meni - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Popuni Formular - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Sacuvaj Formular - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Popuni - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Popuni Formular - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Sacuvaj - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Sacuvaj Formular - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Paleta Alatki RoboForma - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE0EB572-B62A-4F3D-98D9-8C8AC4971BEE}: NameServer = 80.74.160.26 80.74.160.38
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 8377 bytes
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Worm.Win32.Delf.bd17.11.2008. u 13:03 - pre 188 meseci
U HJT logu se ne vidi, ali mozemo da uradimo jos jednu proveru ako zelis.

Iskljuci privremeno Kaspersky
Klikni desni klik na ikonicu pored sata
Izaberi Pause Protection.
U prozoru koji se otvori izaberi By User Request.

Skini ComboFix na desktop
Pokreni Combofix i ne diraj prozor programa dok skenira (prati uputstva)
Kad zavrsi iskopiraj log ovde na forumu (C:\ComboFix.txt)
 
Odgovor na temu

Zoro67

Član broj: 57386
Poruke: 99
*.ADSL.neobee.net.



Profil

icon Re: Worm.Win32.Delf.bd17.11.2008. u 14:19 - pre 188 meseci
Izvinjavam se ako kasnim.

ComboFix 08-11-16.05 - ivica 2008-11-17 15:09:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1494 [GMT 1:00]
Running from: c:\documents and settings\ivica\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documents\My Music\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\Desktop_.ini
c:\windows\system32\_000110_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.

2008-11-17 13:39 . 2008-11-17 13:39 <DIR> d-------- c:\program files\Trend Micro
2008-11-17 10:30 . 2008-11-17 10:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\RoboForm
2008-11-17 10:26 . 2008-11-17 10:26 <DIR> d-------- c:\program files\Siber Systems
2008-11-17 07:40 . 2008-11-17 07:40 <DIR> d-------- c:\program files\BillP Studios
2008-11-17 07:40 . 2008-11-17 07:40 <DIR> d-------- c:\documents and settings\ivica\Application Data\WinPatrol
2008-11-17 06:55 . 2008-11-17 06:55 <DIR> d-------- c:\program files\Anders Kjersem
2008-11-17 02:36 . 2008-11-17 02:36 <DIR> d-------- c:\program files\Kaspersky Lab
2008-11-17 02:36 . 2008-11-17 15:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-17 02:36 . 2008-11-17 15:11 10,226,976 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-17 02:36 . 2008-11-17 10:35 139,736 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-17 02:36 . 2008-11-17 02:53 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-11-17 02:36 . 2008-11-17 02:53 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-11-17 02:36 . 2008-11-17 15:11 25,888 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-17 02:36 . 2008-11-17 10:35 3,872 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-17 02:26 . 2008-11-17 02:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-17 01:36 . 2002-02-22 17:11 140,510 --a------ c:\windows\system32\drivers\tiau5tp.bin
2008-11-17 01:36 . 2002-04-02 13:06 57,093 --a------ c:\windows\system32\drivers\tiau5co.sys
2008-11-17 01:36 . 2001-07-18 15:49 15,256 --a------ c:\windows\system32\drivers\tiau5fw.bin
2008-11-17 01:36 . 2002-04-02 13:05 11,775 --a------ c:\windows\system32\drivers\tiau5bt.sys
2008-11-17 01:36 . 2002-07-28 09:00 8,929 --a------ c:\windows\system32\drivers\tiauxco.cat
2008-11-17 01:29 . 2008-11-17 01:29 <DIR> d-------- c:\program files\TI ADSL
2008-11-17 01:29 . 2002-02-22 17:11 140,510 --a------ c:\windows\system\TIAU5TP.BIN
2008-11-17 01:29 . 2002-04-02 13:06 57,093 --a------ c:\windows\system\TIAU5CO.SYS
2008-11-17 01:29 . 2001-07-18 15:49 15,256 --a------ c:\windows\system\TIAU5FW.BIN
2008-11-17 01:29 . 2002-04-02 13:05 11,775 --a------ c:\windows\system\TIAU5BT.SYS
2008-11-17 01:28 . 2008-11-17 01:28 <DIR> d-------- c:\program files\ActionTec
2008-11-16 21:59 . 2008-11-16 21:59 <DIR> d-------- c:\program files\Common Files\SWF Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 02:54 --------- d-----w c:\program files\Blaero Start Orb
2008-11-17 01:54 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-11-17 01:15 --------- d-----w c:\program files\Eset
2008-11-17 01:06 --------- d-----w c:\documents and settings\ivica\Application Data\The Bat!
2008-11-17 00:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 00:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-16 14:38 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-16 14:38 107,832 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-16 14:35 --------- d-----w c:\program files\AIMP2
2008-11-16 12:56 --------- d-----w c:\program files\BSplayerPro
2008-10-21 19:04 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-21 19:04 --------- d-----w c:\program files\MKVtoolnix
2008-10-21 19:04 --------- d-----w c:\program files\JetAudio
2008-09-28 12:21 --------- d-----w c:\program files\BearPaw 1200CU Plus
2008-09-28 12:20 --------- d-----w c:\program files\Temp
2008-09-19 16:11 --------- d-----w c:\documents and settings\ivica\Application Data\Azureus
2008-01-06 23:36 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-11-09 12:01 22,328 ----a-w c:\documents and settings\ivica\Application Data\PnkBstrK.sys
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-11-17 139322]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"TIxDSL"="c:\progra~1\TIADSL~1\bin\win2k\tidslmon.exe" [2002-08-27 425984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-12-12 222784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-11-10 14:27 229376 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.XFR1"= xfcodec.dll
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"d:\\Programi\\utorrent 1.6.1.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=

R1 nltdi;nltdi;\??\c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]
R3 AtmElan;ATM Emulated LAN;c:\windows\system32\DRIVERS\atmlane.sys [2004-08-03 55936]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 TIAU5CO;Actiontec Home DSL Modem(WAN) Service;c:\windows\system32\DRIVERS\TIAU5CO.sys [2008-11-17 57093]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2003-08-26 9728]
S3 AtmLane;ATM LAN Emulation;c:\windows\system32\DRIVERS\atmlane.sys [2004-08-03 55936]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\DRIVERS\BTCamDrv.sys [2008-01-23 228352]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55239fba-a8cf-11db-9a04-806d6172696f}]
\Shell\AutoRun\command - E:\Run.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de9a41ab-9fa5-11dc-8658-0016e6847bcb}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fecbf68f-fd03-11dc-867c-0016e6847bcb}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-LClock - c:\program files\LClock\LClock.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\ivica\Application Data\Mozilla\Firefox\Profiles\4olle9w2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 15:11:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-11-17 15:13:03
ComboFix-quarantined-files.txt 2008-11-17 14:12:00

Pre-Run: 5,358,342,144 bytes free
Post-Run: 6,715,314,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

162
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Worm.Win32.Delf.bd17.11.2008. u 14:32 - pre 188 meseci
Sve je u redu, odradi sad ovo
Klik na start pa na Run, u prozoru za tekst ukucaj Combofix /u i klikni OK.
To ce ti izmedju ostalog deinstalirati Combofix i resetovati System restore.

Nezaboravi da ponovo ukljucis AV i jos nesto, deinstaliraj Javu i skini najnoviju verziju.
To bi bilo sve.
 
Odgovor na temu

Zoro67

Član broj: 57386
Poruke: 99
*.ADSL.neobee.net.



Profil

icon Re: Worm.Win32.Delf.bd17.11.2008. u 15:18 - pre 188 meseci
Hvala puno kristi1 na strpljenju, pomoci i savetima.
 
Odgovor na temu

pyc
Marko Domanović
Beograd

Član broj: 2771
Poruke: 902

Sajt: www.getmonero.org


+80 Profil

icon Re: Worm.Win32.Delf.bd02.12.2008. u 07:28 - pre 187 meseci
Win32.Delf.rtk ...... to je moja muka ovih dana......
Nista ne pomaze, ni combofix ni jos jedno 5 slicnih utilitija, ni online skeneri svi moguci, ni nod32, samo se vidi u procesima mabidwe.exe i soxpeca.exe, ima neke servise, spybot s&d teatimer non stop blokira soxpeca.... i kada se resetuje masina, pojavljuju se kratko neke reklame...... Ja jos nisam sreo zajebaniji virus..
monero: http://www.getmonero.org
 
Odgovor na temu

Goran Mijailovic

Član broj: 12684
Poruke: 6907



+437 Profil

icon Re: Worm.Win32.Delf.bd02.12.2008. u 11:25 - pre 187 meseci
A jesi probao Malwarebytes' Anti-Malware?

http://www.malwarebytes.org/
 
Odgovor na temu

Goran Mijailovic

Član broj: 12684
Poruke: 6907



+437 Profil

icon Re: Worm.Win32.Delf.bd02.12.2008. u 11:30 - pre 187 meseci
BTW imas ovde ceo postupak borbe sa tom napasti, nisam se mnogo udubljivao u postupak. Javi ako pomogne.

http://216.239.59.132/search?q...amp;hl=sr&ct=clnk&cd=1
 
Odgovor na temu

[es] :: Zaštita :: Worm.Win32.Delf.bd

[ Pregleda: 2760 | Odgovora: 9 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.