problem sa trojan.generic resen{valjda}

problem sa trojan.generic resen{valjda}

Idi na vrh
offline
  • Pridružio: 15 Maj 2009
  • Poruke: 938

Napisano: 15 Maj 2009 12:16

pre neki dan sam preko usb zaradio trojan.genreric. od zastite sam tada imao samo kis2009(no full version)koji je detektovao trojana ali je rekao da ne moze da ga obrise. usao sam u detalis i video da se trojan nalazi-o u: usb_smss.exe i u c\windows\system32\smss.exe. pre nego sto sam pokrenuo usao na flesku kaspersky mi je detektovao da program na usb-u nema digitalni potpis(pa ko je ovde glup-kaspersky sigurno ne). pajl na usb-u(radi se o fleski)je trebao da bude obicna powerpoint prezentacija. dosta o problemu. da vidimo kako sam ga se resio. skinuo sam instaaciju malwarebytes sa neta(zvanicni proveren sajt-necu a i ne smem da ga reklamiram vec su dovoljno poznati. ali onda sam otkrio da ne mogu da pokrenem nijedan .exe fajl pa sam instalacijupokrenuo na sledeci nacin: desnio klik na ikonu>run as...>ukucam usesr i pass>ok. malwarebytes je proskenirao komp.i izbrisao nesto(mogu da okacim log ili da iskopiram ako treba) i sve je proradilo. zatim sam instalirao spywaredocotor(full) i spybot1.6.2. spybot je nasao nesto ne vezano za ovo: myway.mywaywebsearch, a spywaredoctor 4 problema(ne mogu da kazem tacno sta jer sam ga obrisao jer je istekao kljuc), dok kis nista. onda sam pokrenuo scan u safe modu sa svom zastitom i samo je spywaredoctor nasao nesto:11 problema. secam se koji su bili. mogucnost da me je neko hakovao(1 problem) i tu je bio jos jedan kog sam zaboravio ali su unutar njega bili jos 10(podproblema). izvinjavam se sto ne mogu da budem odredjeniji. imam dial-up(isdn), xpsp3, x2dual core processor 4200+, 2.21ghz, 1.87ram-a

Dopuna: 15 Maj 2009 12:24

vidim da nema opcija edit pa odgovaram sam sebi(tj. drugim korisnicima koji bi trebalo da procitaju ovo). kaspersky je usb_smss.exe i c\windows\system32\smss.exe stavio u karantin i oznacio kao cisto(stiklirano i pise quarantined). kaspersky mi taj problem javlja kad podesim pogled na all detected treats. u active treats nema nista.

Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Inzenjer Informatike
  • Pridružio: 15 Jun 2007
  • Poruke: 5515

Dobrodosao na Forum Smile

Za pocetak procitaj kako se na ovom podforumu otvaraju teme

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Idi na vrh
offline
  • Pridružio: 15 Maj 2009
  • Poruke: 938

Napisano: 15 Maj 2009 15:58

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:42 PM, on 5/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21020)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\WINDOWS\vcdplayx.exe
C:\WINDOWS\nMtsk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\H@cKeR\Desktop\New Folder\017.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32 \smss.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Iz&vezi u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{855A0F80-3478-4F29-9E22-F9A8B352C9E1}: NameServer = 212.62.32.1 212.62.32.5
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 7393 bytes

izvinjavam se to mi je promaklo. moj slucaj znate... GUZ - Glavom U Zid GUZ - Glavom U Zid GUZ - Glavom U Zid GUZ - Glavom U Zid GUZ - Glavom U Zid GUZ - Glavom U Zid GUZ - Glavom U Zid

Dopuna: 16 Maj 2009 0:29

izvinite na svim mojim greskama. nov sam na forumu. hvala za dobrodoslicu i za to sto ste spojili razdvojene teme. sta me je nateralo da otvorim novu temu samo bog zna. procitacu svako upustvo koje nadjem da bi se sto brze prilagodio(mislim - da bi znao gde sta da pisem ili na koji nacin itd.)

Dopuna: 17 Maj 2009 7:42

da li je moj log(komp.)cist. moju flesku(koja nije izvor virusa) sam formatirao i skenirao je onda sa kaspersky, malwarebytes i nod32(sto je sigurno sigurno je).

Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Inzenjer Informatike
  • Pridružio: 15 Jun 2007
  • Poruke: 5515

Iskljuci Kaspersky i Teatimer

http://www.mycity.rs/Uputstva/Iskljucivanje-zastitnog-softvera.html

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Idi na vrh
offline
  • Pridružio: 15 Maj 2009
  • Poruke: 938

Napisano: 17 Maj 2009 21:07

ComboFix 09-05-17.01 - H@cKeR 05/17/2009 20:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1486 [GMT 2:00]
Running from: c:\documents and settings\tata\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\recycler\S-1-5-21-1409082233-1085031214-682003330-1007\INFO2

.
((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.

2009-05-17 18:51 . 2009-05-17 18:51 389120 ----a-w c:\windows\system32\CF4292.exe
2009-05-17 18:43 . 2009-05-17 18:43 -------- d-----w c:\windows\system32\xircom
2009-05-17 18:43 . 2009-05-17 18:43 -------- d-----w c:\program files\microsoft frontpage
2009-05-15 06:53 . 2009-03-06 13:49 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-05-15 06:53 . 2009-02-06 10:36 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-05-15 06:53 . 2009-02-09 10:56 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-05-15 06:53 . 2009-02-06 11:06 110592 ------w c:\windows\system32\dllcache\services.exe
2009-05-15 06:53 . 2009-02-09 10:56 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-05-15 06:53 . 2009-02-06 10:15 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-15 06:53 . 2009-02-09 10:56 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-15 06:53 . 2009-02-09 10:56 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-05-15 06:53 . 2009-02-09 10:56 715264 ------w c:\windows\system32\dllcache\ntdll.dll
2009-05-15 06:52 . 2009-02-06 11:03 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-15 06:52 . 2009-02-06 10:30 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-15 06:52 . 2009-02-06 10:30 2066176 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-05-15 06:02 . 2008-06-17 19:02 8461312 ------w c:\windows\system32\dllcache\shell32.dll
2009-05-15 06:01 . 2009-02-09 11:08 1847552 ------w c:\windows\system32\dllcache\win32k.sys
2009-05-14 16:28 . 2009-05-14 16:28 -------- d-----w c:\documents and settings\tata\Application Data\Malwarebytes
2009-05-14 10:09 . 2009-02-04 09:12 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-05-14 08:47 . 2009-05-14 09:17 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-14 08:47 . 2009-05-15 10:43 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-14 07:25 . 2008-12-20 23:14 1288192 ------w c:\windows\system32\dllcache\quartz.dll
2009-05-14 06:59 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-14 06:59 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-14 06:59 . 2009-05-14 06:59 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-14 06:59 . 2009-05-15 06:57 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-14 06:46 . 2009-05-14 07:02 -------- d-sha-w c:\windows\system32 
2009-05-14 00:38 . 2009-05-15 14:42 -------- d-----w C:\sune
2009-05-13 17:50 . 2009-05-13 17:50 -------- d-----w c:\documents and settings\tata\Application Data\Windows Search
2009-05-13 16:27 . 2009-05-13 16:27 -------- d-----w C:\DivXG400
2009-05-13 16:26 . 2009-05-13 16:26 -------- d-----w c:\program files\XviD
2009-05-13 16:26 . 2009-05-13 16:26 -------- d-----w c:\program files\ffdshow
2009-05-13 10:30 . 2008-06-12 14:23 91648 ------w c:\windows\system32\dllcache\mtxoci.dll
2009-05-13 10:30 . 2008-06-12 14:23 161792 ------w c:\windows\system32\dllcache\msdtcuiu.dll
2009-05-13 10:30 . 2008-06-12 14:23 66560 ------w c:\windows\system32\dllcache\mtxclu.dll
2009-05-13 10:30 . 2008-06-12 14:23 58880 ------w c:\windows\system32\dllcache\msdtclog.dll
2009-05-13 10:30 . 2008-06-12 14:23 956928 ------w c:\windows\system32\dllcache\msdtctm.dll
2009-05-13 10:26 . 2008-12-16 12:30 354304 ------w c:\windows\system32\dllcache\winhttp.dll
2009-05-13 10:25 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-05-13 10:25 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-05-13 10:02 . 2008-12-05 06:58 144896 ------w c:\windows\system32\dllcache\schannel.dll
2009-05-13 07:48 . 2009-05-13 07:48 -------- d-----w c:\program files\CCleaner
2009-05-12 20:43 . 2009-05-15 07:44 -------- d--h--w c:\windows\$hf_mig$
2009-05-12 17:55 . 2009-05-12 18:01 -------- d-----w C:\Pesme
2009-05-12 06:22 . 2009-05-17 18:47 -------- d-----w c:\documents and settings\H@cKeR\Tracing
2009-05-12 05:47 . 2009-05-12 05:47 -------- d-----w c:\documents and settings\lozinka\Application Data\CyberLink
2009-05-12 05:32 . 2009-05-12 05:35 -------- d-----w C:\eSkola
2009-05-11 20:44 . 2009-05-11 20:44 -------- d-----w c:\windows\Profiles
2009-05-11 20:44 . 2009-05-11 20:44 -------- d-----w c:\windows\system32\Adobe
2009-05-11 20:44 . 2009-05-13 08:18 -------- d-----w c:\program files\Common Files\Adobe
2009-05-11 20:44 . 2009-05-11 20:44 -------- d-----w c:\documents and settings\tata\Application Data\InterTrust
2009-05-11 20:38 . 2001-07-16 11:27 36864 ----a-r c:\windows\system32\CAPI2032.DLL
2009-05-11 20:10 . 2008-04-13 15:15 26112 ----a-w c:\windows\system32\drivers\usbser.sys
2009-05-11 20:04 . 2003-07-22 09:17 90112 ----a-r c:\windows\nMtsk.exe
2009-05-11 20:03 . 2009-05-11 20:03 -------- d-----w c:\program files\Intracom S.A
2009-05-11 20:03 . 2009-05-11 20:03 -------- d-----w c:\documents and settings\tata\WINDOWS
2009-05-11 19:00 . 2009-05-17 18:44 -------- d-----w c:\documents and settings\tata\Tracing
2009-05-11 18:59 . 2009-05-11 18:59 -------- d-----w c:\program files\Microsoft
2009-05-11 18:59 . 2009-05-11 18:59 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-11 18:59 . 2009-05-11 18:59 -------- d-----w c:\program files\Windows Live
2009-05-11 18:37 . 2009-05-11 18:39 -------- d-----w c:\documents and settings\tata\Contacts
2009-05-11 18:37 . 2009-05-11 18:37 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-11 17:40 . 2009-05-11 17:40 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-11 17:09 . 2009-05-11 17:09 -------- d-----w c:\documents and settings\tata\Application Data\MSNInstaller
2009-05-06 11:01 . 2002-04-17 18:27 11264 ----a-r c:\windows\system32\drivers\asapi.sys
2009-05-06 11:01 . 2000-04-27 10:31 19456 ----a-w c:\windows\system32\asapi.dll
2009-05-06 11:01 . 2002-04-18 16:05 619008 ----a-r c:\windows\system32\vobhw.dll
2009-05-06 11:01 . 2009-05-06 11:01 -------- d-----w c:\program files\VOB
2009-05-06 11:00 . 1998-10-29 12:45 306688 ----a-w c:\windows\IsUninst.exe
2009-05-06 11:00 . 2009-05-06 11:00 -------- d-----w c:\documents and settings\H@cKeR\WINDOWS
2009-04-27 05:53 . 2009-04-27 05:53 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2009-04-27 05:52 . 2009-04-27 05:52 -------- d-----w c:\documents and settings\Administrator
2009-04-24 09:53 . 2009-04-24 09:55 -------- d-----w C:\RADNI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 18:55 . 2009-03-26 16:38 237600 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-17 18:55 . 2009-03-26 16:38 2940 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-17 18:49 . 2009-03-16 08:00 996384 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-17 18:49 . 2009-03-16 08:00 9912 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-14 09:19 . 2009-03-15 21:40 -------- d-----w c:\program files\Microsoft Silverlight
2009-05-11 17:18 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-11 17:18 . 2009-03-26 16:38 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-11 17:18 . 2009-03-26 16:38 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-23 17:23 . 2009-03-16 07:49 45024 ----a-w c:\documents and settings\tata\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 17:19 . 2009-03-28 18:44 45024 ----a-w c:\documents and settings\lozinka\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 13:16 . 2009-03-15 21:55 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 10:59 . 2009-04-11 10:59 -------- d-----w c:\program files\Common Files\SWF Studio
2009-04-11 06:42 . 2009-03-18 07:21 616 ----a-w c:\windows\eReg.dat
2009-04-02 16:28 . 2009-04-02 16:28 -------- d-----w c:\program files\Elaborate Bytes
2009-04-02 16:28 . 2009-04-02 16:28 -------- d-----w c:\program files\SlySoft
2009-04-02 16:27 . 2009-04-08 12:58 603 ----a-w c:\windows\win.tmp
2009-04-02 16:27 . 2009-04-02 16:27 -------- d-----w c:\program files\Microsoft.NET
2009-04-01 09:11 . 2009-04-08 12:58 227 ----a-w c:\windows\system.tmp
2009-03-30 06:14 . 2009-03-30 06:14 -------- d-----w c:\program files\NeroInstall.bak
2009-03-30 06:13 . 2009-03-30 06:13 -------- d-----w c:\program files\Common Files\Nero
2009-03-30 06:13 . 2009-03-30 06:13 -------- d-----w c:\program files\Nero
2009-03-29 07:16 . 2009-03-29 07:16 4096 ----a-w c:\windows\d3dx.dat
2009-03-28 07:35 . 2009-03-28 07:35 16528 ----a-w c:\documents and settings\mimi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-26 16:38 . 2009-03-26 16:38 -------- d-----w c:\program files\Kaspersky Lab
2009-03-23 15:44 . 2009-03-18 21:09 -------- d-----w c:\program files\KB 600
2009-03-18 07:32 . 2009-03-18 07:32 5501 ----a-w c:\windows\system32\rtclcmg32.dll
2009-03-16 18:14 . 2009-03-16 18:14 535040 ----a-w c:\windows\flashax.exe
2009-03-16 18:14 . 2009-03-16 18:14 12288 ----a-w c:\windows\impborl.dll
2009-03-15 21:58 . 2009-03-15 21:58 552 ----a-w c:\windows\system32\d3d8caps.dat
2009-03-15 21:41 . 2009-03-15 21:41 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 13:49 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:17 . 2009-02-01 09:00 828416 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2009-02-01 08:58 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-07-12 29896704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"VirtualDrive"="c:\program files\FarStone\VirtualDrive\VDTask.exe" [2002-02-22 192512]
"vcdplayx"="c:\windows\vcdplayx.exe" [2002-02-22 53248]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-11 206088]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-02 1630208]
"nMTaskBarService"="nMtsk.exe" - c:\windows\nMtsk.exe [2003-07-22 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-02-01 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FarStone\\VirtualDrive\\MGR.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29 PM 33808]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [5/6/2009 1:01 PM 11264]
R1 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys [1/24/2002 4:25 PM 46735]
R3 FsHotKey;FsHotKey;c:\windows\system32\drivers\fshotkey.sys [1/19/2002 7:00 PM 3855]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [3/18/2009 11:09 PM 7168]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 7:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 6:06 PM 24592]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [3/15/2009 11:54 PM 279680]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys --> c:\windows\system32\Drivers\gHidPnp.Sys [?]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys --> c:\windows\system32\DRIVERS\gMouPS2.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder

2009-05-17 c:\windows\Tasks\User_Feed_Synchronization-{B14E244A-857E-478D-A028-C263BA7C72CF}.job
- c:\windows\system32\msfeedssync.exe [2008-04-14 17:36]

2009-05-17 c:\windows\Tasks\User_Feed_Synchronization-{E106F666-B61F-483C-9C61-03E8C1FBB77C}.job
- c:\windows\system32\msfeedssync.exe [2008-04-14 17:36]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Iz&vezi u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {855A0F80-3478-4F29-9E22-F9A8B352C9E1} = 212.62.32.1 212.62.32.5
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 20:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3984)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-17 20:58
ComboFix-quarantined-files.txt 2009-05-17 18:58

Pre-Run: 93,477,314,560 bytes free
Post-Run: 93,480,878,080 bytes free

220 --- E O F --- 2009-05-17 05:59

imao sam nekih problema. iskljucio sam sve sto si mi rekao i pokrenuo combofix. nasao je c:\recycle...(nesto tako) i restartovao mi je racunar. kad se ponovo podigao ukljucili su se messanger, anydvd, kaspersky i onda je combofix prekinou(pa le po postoji upozorenje da ne pokrecemo programe dok radi). resetovao sam komp. i iskljucio sve programe u msconfig koji se otvaraju na desktop i pokrenuo combofix. i eve otuda ovaj log. a starog nema(smrk).

Dopuna: 17 Maj 2009 21:10

pa izgleda da nema razloga za plakanje jer je zabelezeno detektovano iz proslog skeniranja. pa prvi put koristim combofix. sta da radim kad ne znam

Dopuna: 17 Maj 2009 21:32

ahm. samo da napomenem jos nesto. neznam kad ali kaspersky mi je danas detektovao da se pokrece neki programi koji nemaju digitalan potpis(eto opet). ovaj put sam rekao no.

Dopuna: 17 Maj 2009 22:34

samo pisem neke dopune. uvek zaboravim da napisem nesto. imam nekoliko da da kazem:
1.da, ja sam kriv zbog kasperskog jer sam podesio da se aktivira nakon restarta;
2.da, pre nego sto sam opet pokrenuo combofix iskljucio sam ono sto ste mi rekli(ponovo) i kasperskog(ovog puta sam podesio na rucno ukljucivanje);
3.da, ja sam kriv jer sam zaboravio da combofix resetuje racunar posle skeniranja(u nekim slucajevima);
4.da, znam da recycle folder predstavlja ostatak stetocine;
5.da, tu sam do 23h;
6.da, fleska zaraznik nije moja i nije u ovom gradu;
7.i da, mislim da je moja druga fleska zarazena

Dopuna: 18 Maj 2009 9:53

rekao sam juce da je kaspersky detektovao neki program bez digitalnog potpisa. tu sam napravio gresku jer je to bilo ne vezano za moj problem. bio sam ubacio neki cd i ukljucio se autorun i pokrenulo se nesto sto je kaspersky detektovao da nema potpis. to je bio cd gameplay casopisa. na auto runu je moglo da se izabere da li da se instalira igrica i imala je neka slika casopisa i kad sam kljiknuo na sliku kaspersky se pojavio. predpostavcljam da slika nista nije radila nego da je tu samo stojala(mozda)

Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Inzenjer Informatike
  • Pridružio: 15 Jun 2007
  • Poruke: 5515

Ok ... ok.. opusteno Wink

Kazi mi dali imas jos neke probleme a da su vezane za detekciju malware-a?

Idi na vrh
offline
  • Pridružio: 15 Maj 2009
  • Poruke: 938

Napisano: 18 Maj 2009 13:48

nema nista vise.

Dopuna: 18 Maj 2009 13:51

nema potrebe da mi kazes da se opustim. samo se pravdam

Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Inzenjer Informatike
  • Pridružio: 15 Jun 2007
  • Poruke: 5515

Nema potrebe za pravdanjem Smile Sve sam ja to video u logu, sto si mi ti ispricao:)
Zato sam ti rekao opusteno Smile

Ok.. Start>Run i kucaj Combofix /u to ce deinstalirati Combofix

I to bi bilo to..POzZz

Idi na vrh
offline
  • Pridružio: 15 Maj 2009
  • Poruke: 938

fala care. cao. nadam se da se necemo do skoro citati ovde. oda ja sada na 'zastita od virusa'.


Potreban je samo minut da se registrujete - da biste učestvovali u diskusiji:
Izaberite vaše korisničko ime [username] :
Vaša email adresa je [email] : Email adresa mora biti tačna!
Ukucajte željenu šifru [password] :
Ukucajte šifru ponovo [password again] :
Jezik [language] :




Ili se jednostavno uloguj preko Facebook-a:
Ko je trenutno na forumu
 

Ukupno su 233 korisnika na forumu :: 21 registrovanih, 2 sakrivenih i 210 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1311 - dana 15 Nov 2012 21:40

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _commandos_, _Sale, Acid_Burn, aramis s, bigfoot2, Chuck Norris, Davor Kondic, galijot, krkalon, lažni đoko, mcgunner, Radovan Vinčić, raketaš, scout01, Toro, Vislaseki, zgoljo, zixo, zmajognjeniivan, zziko, Žan Klod vam dam
Siguran hosting