Možda tražite i:
Trojan horse BackDoor Generic_r.EO
Trojan.BackDoor.Generic_r.EO
Trojan Generic BT

MyCity » Ambulanta -> Arhiva Ambulante » problem sa trojan.generic resen{valjda}

problem sa trojan.generic resen{valjda}

Napisano na dan: 15.5.2009

problem sa trojan.generic resen{valjda}

Sledeća strana

Pagination

Odgovori

elzike7 Poslao: 15 Maj 2009 12:24 Idi na vrh
offline elzike7 Počasni građanin Pridružio: 15 Maj 2009 Poruke: 963	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 15 Maj 2009 12:16 pre neki dan sam preko usb zaradio trojan.genreric. od zastite sam tada imao samo kis2009(no full version)koji je detektovao trojana ali je rekao da ne moze da ga obrise. usao sam u detalis i video da se trojan nalazi-o u: usb_smss.exe i u c\windows\system32\smss.exe. pre nego sto sam pokrenuo usao na flesku kaspersky mi je detektovao da program na usb-u nema digitalni potpis(pa ko je ovde glup-kaspersky sigurno ne). pajl na usb-u(radi se o fleski)je trebao da bude obicna powerpoint prezentacija. dosta o problemu. da vidimo kako sam ga se resio. skinuo sam instaaciju malwarebytes sa neta(zvanicni proveren sajt-necu a i ne smem da ga reklamiram vec su dovoljno poznati. ali onda sam otkrio da ne mogu da pokrenem nijedan .exe fajl pa sam instalacijupokrenuo na sledeci nacin: desnio klik na ikonu>run as...>ukucam usesr i pass>ok. malwarebytes je proskenirao komp.i izbrisao nesto(mogu da okacim log ili da iskopiram ako treba) i sve je proradilo. zatim sam instalirao spywaredocotor(full) i spybot1.6.2. spybot je nasao nesto ne vezano za ovo: myway.mywaywebsearch, a spywaredoctor 4 problema(ne mogu da kazem tacno sta jer sam ga obrisao jer je istekao kljuc), dok kis nista. onda sam pokrenuo scan u safe modu sa svom zastitom i samo je spywaredoctor nasao nesto:11 problema. secam se koji su bili. mogucnost da me je neko hakovao(1 problem) i tu je bio jos jedan kog sam zaboravio ali su unutar njega bili jos 10(podproblema). izvinjavam se sto ne mogu da budem odredjeniji. imam dial-up(isdn), xpsp3, x2dual core processor 4200+, 2.21ghz, 1.87ram-a Dopuna: 15 Maj 2009 12:24 vidim da nema opcija edit pa odgovaram sam sebi(tj. drugim korisnicima koji bi trebalo da procitaju ovo). kaspersky je usb_smss.exe i c\windows\system32\smss.exe stavio u karantin i oznacio kao cisto(stiklirano i pise quarantined). kaspersky mi taj problem javlja kad podesim pogled na all detected treats. u active treats nema nista.

Profil

diarno Poslao: 15 Maj 2009 13:27 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dobrodosao na Forum Za pocetak procitaj kako se na ovom podforumu otvaraju teme http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

elzike7 Poslao: 17 Maj 2009 07:42 Idi na vrh
offline elzike7 Počasni građanin Pridružio: 15 Maj 2009 Poruke: 963	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 15 Maj 2009 15:58 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:51:42 PM, on 5/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21020) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\FarStone\VirtualDrive\VDTask.exe C:\WINDOWS\vcdplayx.exe C:\WINDOWS\nMtsk.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\H@cKeR\Desktop\New Folder\017.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32 \smss.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file) O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file) O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Iz&vezi u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{855A0F80-3478-4F29-9E22-F9A8B352C9E1}: NameServer = 212.62.32.1 212.62.32.5 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe -- End of file - 7393 bytes izvinjavam se to mi je promaklo. moj slucaj znate... Dopuna: 16 Maj 2009 0:29 izvinite na svim mojim greskama. nov sam na forumu. hvala za dobrodoslicu i za to sto ste spojili razdvojene teme. sta me je nateralo da otvorim novu temu samo bog zna. procitacu svako upustvo koje nadjem da bi se sto brze prilagodio(mislim - da bi znao gde sta da pisem ili na koji nacin itd.) Dopuna: 17 Maj 2009 7:42 da li je moj log(komp.)cist. moju flesku(koja nije izvor virusa) sam formatirao i skenirao je onda sa kaspersky, malwarebytes i nod32(sto je sigurno sigurno je).

Profil

diarno Poslao: 17 Maj 2009 18:58 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljuci Kaspersky i Teatimer http://www.mycity.rs/Uputstva/Iskljucivanje-zastitnog-softvera.html Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

elzike7 Poslao: 18 Maj 2009 09:53 Idi na vrh
offline elzike7 Počasni građanin Pridružio: 15 Maj 2009 Poruke: 963	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 17 Maj 2009 21:07 ComboFix 09-05-17.01 - H@cKeR 05/17/2009 20:56.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1486 [GMT 2:00] Running from: c:\documents and settings\tata\Desktop\ComboFix.exe AV: Kaspersky Internet Security On-access scanning disabled (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\recycler\S-1-5-21-1409082233-1085031214-682003330-1007\INFO2 . ((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 ))))))))))))))))))))))))))))))) . 2009-05-17 18:51 . 2009-05-17 18:51 389120 ----a-w c:\windows\system32\CF4292.exe 2009-05-17 18:43 . 2009-05-17 18:43 -------- d-----w c:\windows\system32\xircom 2009-05-17 18:43 . 2009-05-17 18:43 -------- d-----w c:\program files\microsoft frontpage 2009-05-15 06:53 . 2009-03-06 13:49 284160 ------w c:\windows\system32\dllcache\pdh.dll 2009-05-15 06:53 . 2009-02-06 10:36 35328 ------w c:\windows\system32\dllcache\sc.exe 2009-05-15 06:53 . 2009-02-09 10:56 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-05-15 06:53 . 2009-02-06 11:06 110592 ------w c:\windows\system32\dllcache\services.exe 2009-05-15 06:53 . 2009-02-09 10:56 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-05-15 06:53 . 2009-02-06 10:15 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-05-15 06:53 . 2009-02-09 10:56 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-05-15 06:53 . 2009-02-09 10:56 729088 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-05-15 06:53 . 2009-02-09 10:56 715264 ------w c:\windows\system32\dllcache\ntdll.dll 2009-05-15 06:52 . 2009-02-06 11:03 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe 2009-05-15 06:52 . 2009-02-06 10:30 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe 2009-05-15 06:52 . 2009-02-06 10:30 2066176 ------w c:\windows\system32\dllcache\ntkrnlpa.exe 2009-05-15 06:02 . 2008-06-17 19:02 8461312 ------w c:\windows\system32\dllcache\shell32.dll 2009-05-15 06:01 . 2009-02-09 11:08 1847552 ------w c:\windows\system32\dllcache\win32k.sys 2009-05-14 16:28 . 2009-05-14 16:28 -------- d-----w c:\documents and settings\tata\Application Data\Malwarebytes 2009-05-14 10:09 . 2009-02-04 09:12 56832 ------w c:\windows\system32\dllcache\secur32.dll 2009-05-14 08:47 . 2009-05-14 09:17 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-14 08:47 . 2009-05-15 10:43 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-05-14 07:25 . 2008-12-20 23:14 1288192 ------w c:\windows\system32\dllcache\quartz.dll 2009-05-14 06:59 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-14 06:59 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-14 06:59 . 2009-05-14 06:59 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-14 06:59 . 2009-05-15 06:57 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-14 06:46 . 2009-05-14 07:02 -------- d-sha-w c:\windows\system32 2009-05-14 00:38 . 2009-05-15 14:42 -------- d-----w C:\sune 2009-05-13 17:50 . 2009-05-13 17:50 -------- d-----w c:\documents and settings\tata\Application Data\Windows Search 2009-05-13 16:27 . 2009-05-13 16:27 -------- d-----w C:\DivXG400 2009-05-13 16:26 . 2009-05-13 16:26 -------- d-----w c:\program files\XviD 2009-05-13 16:26 . 2009-05-13 16:26 -------- d-----w c:\program files\ffdshow 2009-05-13 10:30 . 2008-06-12 14:23 91648 ------w c:\windows\system32\dllcache\mtxoci.dll 2009-05-13 10:30 . 2008-06-12 14:23 161792 ------w c:\windows\system32\dllcache\msdtcuiu.dll 2009-05-13 10:30 . 2008-06-12 14:23 66560 ------w c:\windows\system32\dllcache\mtxclu.dll 2009-05-13 10:30 . 2008-06-12 14:23 58880 ------w c:\windows\system32\dllcache\msdtclog.dll 2009-05-13 10:30 . 2008-06-12 14:23 956928 ------w c:\windows\system32\dllcache\msdtctm.dll 2009-05-13 10:26 . 2008-12-16 12:30 354304 ------w c:\windows\system32\dllcache\winhttp.dll 2009-05-13 10:25 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-05-13 10:25 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe 2009-05-13 10:02 . 2008-12-05 06:58 144896 ------w c:\windows\system32\dllcache\schannel.dll 2009-05-13 07:48 . 2009-05-13 07:48 -------- d-----w c:\program files\CCleaner 2009-05-12 20:43 . 2009-05-15 07:44 -------- d--h--w c:\windows\$hf_mig$ 2009-05-12 17:55 . 2009-05-12 18:01 -------- d-----w C:\Pesme 2009-05-12 06:22 . 2009-05-17 18:47 -------- d-----w c:\documents and settings\H@cKeR\Tracing 2009-05-12 05:47 . 2009-05-12 05:47 -------- d-----w c:\documents and settings\lozinka\Application Data\CyberLink 2009-05-12 05:32 . 2009-05-12 05:35 -------- d-----w C:\eSkola 2009-05-11 20:44 . 2009-05-11 20:44 -------- d-----w c:\windows\Profiles 2009-05-11 20:44 . 2009-05-11 20:44 -------- d-----w c:\windows\system32\Adobe 2009-05-11 20:44 . 2009-05-13 08:18 -------- d-----w c:\program files\Common Files\Adobe 2009-05-11 20:44 . 2009-05-11 20:44 -------- d-----w c:\documents and settings\tata\Application Data\InterTrust 2009-05-11 20:38 . 2001-07-16 11:27 36864 ----a-r c:\windows\system32\CAPI2032.DLL 2009-05-11 20:10 . 2008-04-13 15:15 26112 ----a-w c:\windows\system32\drivers\usbser.sys 2009-05-11 20:04 . 2003-07-22 09:17 90112 ----a-r c:\windows\nMtsk.exe 2009-05-11 20:03 . 2009-05-11 20:03 -------- d-----w c:\program files\Intracom S.A 2009-05-11 20:03 . 2009-05-11 20:03 -------- d-----w c:\documents and settings\tata\WINDOWS 2009-05-11 19:00 . 2009-05-17 18:44 -------- d-----w c:\documents and settings\tata\Tracing 2009-05-11 18:59 . 2009-05-11 18:59 -------- d-----w c:\program files\Microsoft 2009-05-11 18:59 . 2009-05-11 18:59 -------- d-----w c:\program files\Windows Live SkyDrive 2009-05-11 18:59 . 2009-05-11 18:59 -------- d-----w c:\program files\Windows Live 2009-05-11 18:37 . 2009-05-11 18:39 -------- d-----w c:\documents and settings\tata\Contacts 2009-05-11 18:37 . 2009-05-11 18:37 -------- dc----w c:\windows\system32\DRVSTORE 2009-05-11 17:40 . 2009-05-11 17:40 -------- d-----w c:\program files\Common Files\Windows Live 2009-05-11 17:09 . 2009-05-11 17:09 -------- d-----w c:\documents and settings\tata\Application Data\MSNInstaller 2009-05-06 11:01 . 2002-04-17 18:27 11264 ----a-r c:\windows\system32\drivers\asapi.sys 2009-05-06 11:01 . 2000-04-27 10:31 19456 ----a-w c:\windows\system32\asapi.dll 2009-05-06 11:01 . 2002-04-18 16:05 619008 ----a-r c:\windows\system32\vobhw.dll 2009-05-06 11:01 . 2009-05-06 11:01 -------- d-----w c:\program files\VOB 2009-05-06 11:00 . 1998-10-29 12:45 306688 ----a-w c:\windows\IsUninst.exe 2009-05-06 11:00 . 2009-05-06 11:00 -------- d-----w c:\documents and settings\H@cKeR\WINDOWS 2009-04-27 05:53 . 2009-04-27 05:53 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Ahead 2009-04-27 05:52 . 2009-04-27 05:52 -------- d-----w c:\documents and settings\Administrator 2009-04-24 09:53 . 2009-04-24 09:55 -------- d-----w C:\RADNI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-17 18:55 . 2009-03-26 16:38 237600 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-05-17 18:55 . 2009-03-26 16:38 2940 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-05-17 18:49 . 2009-03-16 08:00 996384 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-05-17 18:49 . 2009-03-16 08:00 9912 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-05-14 09:19 . 2009-03-15 21:40 -------- d-----w c:\program files\Microsoft Silverlight 2009-05-11 17:18 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-05-11 17:18 . 2009-03-26 16:38 89601 ----a-w c:\windows\system32\drivers\klick.dat 2009-05-11 17:18 . 2009-03-26 16:38 101287 ----a-w c:\windows\system32\drivers\klin.dat 2009-04-23 17:23 . 2009-03-16 07:49 45024 ----a-w c:\documents and settings\tata\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-23 17:19 . 2009-03-28 18:44 45024 ----a-w c:\documents and settings\lozinka\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-23 13:16 . 2009-03-15 21:55 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-11 10:59 . 2009-04-11 10:59 -------- d-----w c:\program files\Common Files\SWF Studio 2009-04-11 06:42 . 2009-03-18 07:21 616 ----a-w c:\windows\eReg.dat 2009-04-02 16:28 . 2009-04-02 16:28 -------- d-----w c:\program files\Elaborate Bytes 2009-04-02 16:28 . 2009-04-02 16:28 -------- d-----w c:\program files\SlySoft 2009-04-02 16:27 . 2009-04-08 12:58 603 ----a-w c:\windows\win.tmp 2009-04-02 16:27 . 2009-04-02 16:27 -------- d-----w c:\program files\Microsoft.NET 2009-04-01 09:11 . 2009-04-08 12:58 227 ----a-w c:\windows\system.tmp 2009-03-30 06:14 . 2009-03-30 06:14 -------- d-----w c:\program files\NeroInstall.bak 2009-03-30 06:13 . 2009-03-30 06:13 -------- d-----w c:\program files\Common Files\Nero 2009-03-30 06:13 . 2009-03-30 06:13 -------- d-----w c:\program files\Nero 2009-03-29 07:16 . 2009-03-29 07:16 4096 ----a-w c:\windows\d3dx.dat 2009-03-28 07:35 . 2009-03-28 07:35 16528 ----a-w c:\documents and settings\mimi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-26 16:38 . 2009-03-26 16:38 -------- d-----w c:\program files\Kaspersky Lab 2009-03-23 15:44 . 2009-03-18 21:09 -------- d-----w c:\program files\KB 600 2009-03-18 07:32 . 2009-03-18 07:32 5501 ----a-w c:\windows\system32\rtclcmg32.dll 2009-03-16 18:14 . 2009-03-16 18:14 535040 ----a-w c:\windows\flashax.exe 2009-03-16 18:14 . 2009-03-16 18:14 12288 ----a-w c:\windows\impborl.dll 2009-03-15 21:58 . 2009-03-15 21:58 552 ----a-w c:\windows\system32\d3d8caps.dat 2009-03-15 21:41 . 2009-03-15 21:41 21640 ----a-w c:\windows\system32\emptyregdb.dat 2009-03-06 13:49 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:17 . 2009-02-01 09:00 828416 ----a-w c:\windows\system32\wininet.dll 2009-02-20 18:09 . 2009-02-01 08:58 78336 ----a-w c:\windows\system32\ieencode.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-07-12 29896704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016] "VirtualDrive"="c:\program files\FarStone\VirtualDrive\VDTask.exe" [2002-02-22 192512] "vcdplayx"="c:\windows\vcdplayx.exe" [2002-02-22 53248] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-11 206088] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-02 1630208] "nMTaskBarService"="nMtsk.exe" - c:\windows\nMtsk.exe [2003-07-22 90112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-02-01 304128] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\FarStone\\VirtualDrive\\MGR.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29 PM 33808] R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [5/6/2009 1:01 PM 11264] R1 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys [1/24/2002 4:25 PM 46735] R3 FsHotKey;FsHotKey;c:\windows\system32\drivers\fshotkey.sys [1/19/2002 7:00 PM 3855] R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [3/18/2009 11:09 PM 7168] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 6:06 PM 24592] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [3/15/2009 11:54 PM 279680] S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?] S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys --> c:\windows\system32\Drivers\gHidPnp.Sys [?] S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys --> c:\windows\system32\DRIVERS\gMouPS2.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register . Contents of the 'Scheduled Tasks' folder 2009-05-17 c:\windows\Tasks\User_Feed_Synchronization-{B14E244A-857E-478D-A028-C263BA7C72CF}.job - c:\windows\system32\msfeedssync.exe [2008-04-14 17:36] 2009-05-17 c:\windows\Tasks\User_Feed_Synchronization-{E106F666-B61F-483C-9C61-03E8C1FBB77C}.job - c:\windows\system32\msfeedssync.exe [2008-04-14 17:36] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.rs/ IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm IE: Iz&vezi u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {855A0F80-3478-4F29-9E22-F9A8B352C9E1} = 212.62.32.1 212.62.32.5 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-17 20:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3984) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-05-17 20:58 ComboFix-quarantined-files.txt 2009-05-17 18:58 Pre-Run: 93,477,314,560 bytes free Post-Run: 93,480,878,080 bytes free 220 --- E O F --- 2009-05-17 05:59 imao sam nekih problema. iskljucio sam sve sto si mi rekao i pokrenuo combofix. nasao je c:\recycle...(nesto tako) i restartovao mi je racunar. kad se ponovo podigao ukljucili su se messanger, anydvd, kaspersky i onda je combofix prekinou(pa le po postoji upozorenje da ne pokrecemo programe dok radi). resetovao sam komp. i iskljucio sve programe u msconfig koji se otvaraju na desktop i pokrenuo combofix. i eve otuda ovaj log. a starog nema(smrk). Dopuna: 17 Maj 2009 21:10 pa izgleda da nema razloga za plakanje jer je zabelezeno detektovano iz proslog skeniranja. pa prvi put koristim combofix. sta da radim kad ne znam Dopuna: 17 Maj 2009 21:32 ahm. samo da napomenem jos nesto. neznam kad ali kaspersky mi je danas detektovao da se pokrece neki programi koji nemaju digitalan potpis(eto opet). ovaj put sam rekao no. Dopuna: 17 Maj 2009 22:34 samo pisem neke dopune. uvek zaboravim da napisem nesto. imam nekoliko da da kazem: 1.da, ja sam kriv zbog kasperskog jer sam podesio da se aktivira nakon restarta; 2.da, pre nego sto sam opet pokrenuo combofix iskljucio sam ono sto ste mi rekli(ponovo) i kasperskog(ovog puta sam podesio na rucno ukljucivanje); 3.da, ja sam kriv jer sam zaboravio da combofix resetuje racunar posle skeniranja(u nekim slucajevima); 4.da, znam da recycle folder predstavlja ostatak stetocine; 5.da, tu sam do 23h; 6.da, fleska zaraznik nije moja i nije u ovom gradu; 7.i da, mislim da je moja druga fleska zarazena Dopuna: 18 Maj 2009 9:53 rekao sam juce da je kaspersky detektovao neki program bez digitalnog potpisa. tu sam napravio gresku jer je to bilo ne vezano za moj problem. bio sam ubacio neki cd i ukljucio se autorun i pokrenulo se nesto sto je kaspersky detektovao da nema potpis. to je bio cd gameplay casopisa. na auto runu je moglo da se izabere da li da se instalira igrica i imala je neka slika casopisa i kad sam kljiknuo na sliku kaspersky se pojavio. predpostavcljam da slika nista nije radila nego da je tu samo stojala(mozda)

Profil

diarno Poslao: 18 Maj 2009 13:42 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok ... ok.. opusteno Kazi mi dali imas jos neke probleme a da su vezane za detekciju malware-a?

Profil

elzike7 Poslao: 18 Maj 2009 13:51 Idi na vrh
offline elzike7 Počasni građanin Pridružio: 15 Maj 2009 Poruke: 963	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 18 Maj 2009 13:48 nema nista vise. Dopuna: 18 Maj 2009 13:51 nema potrebe da mi kazes da se opustim. samo se pravdam

Profil

diarno Poslao: 18 Maj 2009 13:54 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nema potrebe za pravdanjem Sve sam ja to video u logu, sto si mi ti ispricao:) Zato sam ti rekao opusteno Ok.. Start>Run i kucaj Combofix /u to ce deinstalirati Combofix I to bi bilo to..POzZz

Profil

elzike7 Poslao: 18 Maj 2009 14:02 Idi na vrh
offline elzike7 Počasni građanin Pridružio: 15 Maj 2009 Poruke: 963	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! fala care. cao. nadam se da se necemo do skoro citati ovde. oda ja sada na 'zastita od virusa'.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » problem sa trojan.generic resen{valjda}

Ko je trenutno na forumu

Ukupno su 1386 korisnika na forumu :: 59 registrovanih, 13 sakrivenih i 1314 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: amstel, Atomski čoban, babaroga, Ben Roj, bladesu, bojcistv, bokisha253, Boris90, brundo65, cenejac111, comi_pfc, delboy, Doca, DonRumataEstorski, Dorcolac, dozorni, dragoljub11987, dule10savic, GandorCC, gomago, goxin, hatman, ikan, JimmyNapoli, Joco Skljoco, Karla, Kibice, kokodakalo, Krusarac, kunktator, kybonacci, Levi, Litostroton, Luka Blažević, Marko Marković, mercedesamg, mile23, MILICAT, Nemanja.M, nemkea71, oldtimer, panzerwaffe, raptorsi, rasok, rovac, ruso, ser.hill, solic, SR-3m, Srle993, Stoilkovic, t84dar, vathra, virked, vlad4, Vladko, wolf431, Wrangler, Zimbabwe

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by