Da li sam se zarazila?!

1

Da li sam se zarazila?!

offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:30, on 15.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Sandra\Desktop\rmplstinski\cleaner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.eu.avon.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MsgTranAgt] C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Hotkey\HControl.exe
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V.....9293699312
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.eu.avon.com/dwa7W.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10304 bytes


Upalih jutros komp i izbacio mi da ima neku gresku blabla, kreten nisam zapamtila sta je pisalo samo onako bunovna kliknuh na cancel. Posle toga mi se ceo komp zamrznuo tj desktop misem nisam mogla da kliknem ni na jednu ikonicu, nije radio ni jedan taster na tastaturi ni win dugme niti bilo sta, restartovala sam a onda je kis izbacio da je detektova riskwear invader u svchost.exe.....

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,

da pogledamo:

* Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection.
* U prozoru koji se otvori, izaberi By User Request.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


-----------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

ComboFix 09-03-14.01 - Sandra 2009-03-15 11:37:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2214 [GMT 1:00]
Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-06 21:10 . 2009-03-06 21:10 <DIR> d-------- c:\windows\system32\NtmsData
2009-03-06 16:25 . 2008-04-14 00:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-03-06 16:25 . 2008-04-14 00:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-03-04 22:54 . 2009-03-04 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Phenomedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 10:41 996,384 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-15 10:41 18,425,376 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-15 10:40 95,480 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-15 10:40 249,860 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-15 10:03 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-06 20:25 --------- d-----w c:\documents and settings\Sandra\Application Data\POP Peeper
2009-02-16 09:28 --------- d-----w c:\program files\POP Peeper
2009-02-03 22:49 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 22:49 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-02 22:36 --------- d-----w c:\documents and settings\Sandra\Application Data\ACD Systems
2009-02-02 22:35 9,856 ----a-w c:\windows\system32\drivers\pfc.sys
2009-02-02 22:35 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-02 22:35 --------- d-----w c:\program files\ACD Systems
2009-02-02 22:35 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-23 10:28 --------- d-----w c:\program files\UltraSnap
2008-12-15 00:45 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-14 22:57 1,851,544 ----a-w c:\program files\install_flash_player.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2008-03-12 1429504]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-10-20 166456]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13545472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-07-21 450649]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 227856]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-18 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-09-19 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]


Samo da napomenem kad se zavrsilo skeniranje kav mi se totalno ugasio i upalio mi se win security alerts

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Fali veliki deo loga?

offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

E... kad sam sve zavrsila pojavilo mi se ovo na desktopu....




Dopuna: 15 Mar 2009 11:54

Sorry.... nisam dobro prekopirala...

ComboFix 09-03-14.01 - Sandra 2009-03-15 11:37:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2214 [GMT 1:00]
Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-06 21:10 . 2009-03-06 21:10 <DIR> d-------- c:\windows\system32\NtmsData
2009-03-06 16:25 . 2008-04-14 00:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-03-06 16:25 . 2008-04-14 00:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-03-04 22:54 . 2009-03-04 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Phenomedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 10:41 996,384 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-15 10:41 18,425,376 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-15 10:40 95,480 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-15 10:40 249,860 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-15 10:03 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-06 20:25 --------- d-----w c:\documents and settings\Sandra\Application Data\POP Peeper
2009-02-16 09:28 --------- d-----w c:\program files\POP Peeper
2009-02-03 22:49 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 22:49 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-02 22:36 --------- d-----w c:\documents and settings\Sandra\Application Data\ACD Systems
2009-02-02 22:35 9,856 ----a-w c:\windows\system32\drivers\pfc.sys
2009-02-02 22:35 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-02 22:35 --------- d-----w c:\program files\ACD Systems
2009-02-02 22:35 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-23 10:28 --------- d-----w c:\program files\UltraSnap
2008-12-15 00:45 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-14 22:57 1,851,544 ----a-w c:\program files\install_flash_player.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2008-03-12 1429504]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-10-20 166456]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13545472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-07-21 450649]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 227856]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-18 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-09-19 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Sandra\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM 113664]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [1/8/2009 2:06:03 PM 20992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [4/14/2008 2:03:54 PM 596584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\progra~1\ASUS\ATKHOT~1\ASNDIS5.SYS [5/27/2004 6:13:04 PM 16269]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [12/13/2007 1:28:40 PM 24592]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/14/2008 12:18:09 AM 41376]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [10/18/2007 11:31:54 AM 98328]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [12/14/2008 12:34:03 AM 57408]
S2 msile;microsoft install le;c:\windows\system\msile.exe [3/15/2009 11:42:38 AM 51715]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MSILE
.
.
------- Supplementary Scan -------
.
uStart Page = https://webmail.eu.avon.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\9bo71q6s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=home
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 11:41:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(316)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(372)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\acs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-15 11:44:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-15 10:43:59

Pre-Run: 13.527.089.152 bytes free
Post-Run: 13,560,459,264 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

164

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Izgleda da si se zarazila:

uploaduj mi:

c:\windows\system\msile.exe

preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

Bila sam restartovala komp i opet mi se kav uopste nije pojavio samo onaj win security alerts i opet mi je izbacio application error.

Uploadovala sam onaj fajl. Proveri jel je sve ok jer nije hteo da ga vidi na browse pa sam ukucala c:\windows\system\msile.exe i onda je hteo da ga uploaduje, valjda...

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system\msile.exe

Driver::
msile

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

Uopste nema slike ispod... jel je samo ja ne vidim il?!

Jel taj novi notpade sto snimim treba da prevucem u combofix?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Da. Prevuces u ikonicu ComboFixa.

Ja je vidim.

Ko je trenutno na forumu
 

Ukupno su 1332 korisnika na forumu :: 24 registrovanih, 8 sakrivenih i 1300 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amaterSRB, babaroga, Cobi026, GandorCC, Georgius, Ivan001, JOntra, Litostroton, mile23, milutin134, MiroslavD, mrav pesadinac, nesa1962, Posmatrac77OKB, ruma, S2M, sevenino, skvara, stegonosa, vandrej, vasa.93, vathra, Vlada1389, vladulns