MyCity » Ambulanta -> Arhiva Ambulante » Trojan, warm...? Pomoc!

Trojan, warm...? Pomoc!

Napisano na dan: 12.4.2008

Strana:
1
2

Trojan, warm...? Pomoc!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

AnaIvanovicFan Poslao: 12 Apr 2008 16:05 Idi na vrh
offline AnaIvanovicFan Novi MyCity građanin Pridružio: 12 Apr 2008 Poruke: 27 Gde živiš: Vojvodina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Treba mi pomoc u vezi virusa. U mom laptopu imam Spyware terminator i i Kaspersky antivirus (Kaspersky je blokiran od strane virusa, tako da se ne moze obaviti skeniranje) . Operativni sistem je WINDOWS SP2, bezicni internet. Logfile of HijackThis v1.99.1 Scan saved at 2:09:27 PM, on 4/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\PROGRA~1\SPYWAR~1\sp_rsser.exe C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe C:\Program Files\DAEMON Tools\daemon.exe C:\DOCUME~1\ASUSX5~1\LOCALS~1\Temp\wininnurr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\bhroxyo.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Asus X51R\Start Menu\Programs\Startup\systemnt.exe c:\windows\system32\mslogon.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Volumouse\volumouse.exe C:\WINDOWS\system32\rundll32.exe G:\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [IpSec] C:\DOCUME~1\ASUSX5~1\LOCALS~1\Temp\wininnurr.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKLM\..\Run: [BM8346990d] Rundll32.exe "C:\WINDOWS\system32\quiliyle.dll",s O4 - HKLM\..\Run: [8075aa91] rundll32.exe "C:\WINDOWS\system32\crnhxmxg.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent O4 - HKCU\..\Run: [WintelUpdate] C:\bhroxyo.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: systemnt.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]*\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe

Profil

DEMIAN Poslao: 12 Apr 2008 16:14 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozz Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

AnaIvanovicFan Poslao: 12 Apr 2008 16:21 Idi na vrh
offline AnaIvanovicFan Novi MyCity građanin Pridružio: 12 Apr 2008 Poruke: 27 Gde živiš: Vojvodina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozz i tebi Kaspersky mi javlja ''File contains virus. You are advised to terminate this download.'' Virus: HEUR.INVADER da li taj ComboFix ima virus? Da li da otvorim aplikaciju?

Profil

DEMIAN Poslao: 12 Apr 2008 16:25 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Isključi AV i pokreni ComboFix slobodno.. Od nas sigurno nećeš zaraditi malware.

Profil

AnaIvanovicFan Poslao: 12 Apr 2008 16:32 Idi na vrh
offline AnaIvanovicFan Novi MyCity građanin Pridružio: 12 Apr 2008 Poruke: 27 Gde živiš: Vojvodina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skenira se. Malo sam se istripovao, jel treba da pise ''Deleting Files/folders? hehe

Profil

DEMIAN Poslao: 12 Apr 2008 16:35 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa kad ima šta da deletne od maliciozni filesi i foldersi - da Videćemo o čemu se tačno radi kada kopiraš log u poruku posle završenog skeniranja.

Profil

AnaIvanovicFan Poslao: 12 Apr 2008 18:08 Idi na vrh
offline AnaIvanovicFan Novi MyCity građanin Pridružio: 12 Apr 2008 Poruke: 27 Gde živiš: Vojvodina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-04-11.8 - Asus X51R 2008-04-12 17:29:11.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.420 [GMT 3:00] Running from: G:\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - svchost.exe: deleted 28672 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Helper C:\Program Files\Helper\1207677015.dll C:\Program Files\Mozilla Firefox\patch.exe C:\WINDOWS\BM8346990d.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\176793.exe C:\WINDOWS\system32\crnhxmxg.dll C:\WINDOWS\system32\drivers\grande48.sys C:\WINDOWS\system32\drivers\nyjf57.sys C:\WINDOWS\system32\geBsrQgG.dll C:\WINDOWS\system32\GgQrsBeg.ini C:\WINDOWS\system32\GgQrsBeg.ini2 C:\WINDOWS\system32\gxmxhnrc.ini C:\WINDOWS\system32\htkofwfk.dll C:\WINDOWS\system32\imwkanov.dll C:\WINDOWS\system32\lixvbnay.dll C:\WINDOWS\system32\ljdbkkin.ini C:\WINDOWS\system32\ljJAQHww.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\quiliyle.dll C:\WINDOWS\system32\rrxsxwmj.ini C:\WINDOWS\system32\winpdc32.dll C:\WINDOWS\system32\yanbvxil.ini C:\WINDOWS\zalpqbj.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_fci -------\Legacy_nyjf57 -------\Service_fci -------\Service_nyjf57 -------\Service_zalpqbj ((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))) . 2008-04-12 17:36 . 2008-04-12 18:35 188,448 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-12 17:36 . 2008-04-12 19:01 1,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-12 17:36 . 2008-04-12 17:36 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-04-12 17:36 . 2008-04-12 17:36 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-12 16:28 . 2008-04-12 16:28 78,415 --a------ C:\WINDOWS\system32\drivers\klif.cab 2008-04-12 16:27 . 2008-04-12 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-04-12 16:22 . 2008-04-12 16:22 <DIR> d-------- C:\Program Files\Flock 2008-04-12 16:22 . 2008-04-12 16:22 <DIR> d-------- C:\Documents and Settings\Asus X51R\Application Data\Flock 2008-04-11 12:43 . 2008-04-11 12:43 3,648 --a------ C:\WINDOWS\system32\kejraxck.dll 2008-04-10 12:45 . 2008-04-10 12:45 3,648 --a------ C:\WINDOWS\system32\dyhgewap.dll 2008-04-10 12:18 . 2008-04-10 12:21 99,328 --a------ C:\WINDOWS\ScUnin.exe 2008-04-10 12:18 . 2008-04-10 12:21 32,845 --a------ C:\WINDOWS\scunin.dat 2008-04-10 12:18 . 2008-04-10 12:21 967 --a------ C:\WINDOWS\ScUnin.pif 2008-04-09 12:41 . 2008-04-09 12:41 3,648 --a------ C:\WINDOWS\system32\fgttckyh.dll 2008-04-08 23:45 . 2008-04-08 23:45 67,072 -ra------ C:\WINDOWS\mrofinu.exe 2008-04-08 21:06 . 2008-04-08 21:06 614 --a------ C:\WINDOWS\eReg.dat 2008-04-08 20:55 . 2008-04-08 20:55 <DIR> d-------- C:\Program Files\EA Games 2008-04-08 20:48 . 2008-04-08 20:48 87,552 --a------ C:\evaqwp.exe 2008-04-08 20:48 . 2008-04-08 20:48 37,376 --a------ C:\WINDOWS\mrofinu2000352.exe.tmp 2008-04-08 20:48 . 2008-04-08 20:48 13,312 --a------ C:\bhroxyo.exe 2008-04-08 20:48 . 2008-04-08 20:48 705 --a------ C:\d1.exe 2008-04-08 20:48 . 2008-04-08 20:48 29 --a------ C:\WINDOWS\system32\yypqhhra.tmp 2008-04-08 20:48 . 2008-04-08 20:48 2 --a------ C:\-2139772354 2008-04-07 12:25 . 2008-04-07 12:25 <DIR> d--h----- C:\WINDOWS\PIF 2008-04-04 03:03 . 2008-04-12 19:01 <DIR> d-------- C:\Program Files\Steam 2008-04-03 02:16 . 2008-04-03 02:35 <DIR> d-------- C:\Program Files\NFS 2008-04-02 13:03 . 2008-04-02 13:07 <DIR> d-------- C:\Program Files\Valve 2008-03-31 13:29 . 2008-03-31 13:29 <DIR> d-------- C:\Documents and Settings\Asus X51R\Application Data\Thunderbird 2008-03-31 12:01 . 2008-04-05 18:13 <DIR> d-------- C:\Program Files\Mozilla Thunderbird 2008-03-28 02:05 . 2008-04-09 13:50 <DIR> d-------- C:\Documents and Settings\Asus X51R\Application Data\Yahoo! 2008-03-28 02:05 . 2008-03-28 02:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-03-27 23:03 . 2008-03-27 23:03 1,158 --a------ C:\WINDOWS\mozver.dat 2008-03-27 22:51 . 2008-04-12 19:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-27 22:51 . 2008-03-27 22:51 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-27 22:50 . 2008-03-27 22:50 <DIR> d-------- C:\Program Files\iTunes 2008-03-27 22:50 . 2008-03-27 22:50 <DIR> d-------- C:\Program Files\iPod 2008-03-27 22:50 . 2008-03-27 22:50 <DIR> d-------- C:\Program Files\Bonjour 2008-03-27 22:50 . 2008-03-27 23:26 <DIR> d-------- C:\Documents and Settings\Asus X51R\Application Data\Apple Computer 2008-03-27 22:49 . 2008-03-27 22:49 <DIR> d-------- C:\Program Files\QuickTime 2008-03-27 22:49 . 2008-03-27 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-27 22:48 . 2008-03-27 22:48 <DIR> d-------- C:\Program Files\Apple Software Update 2008-03-27 22:47 . 2008-03-27 22:47 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-03-27 22:47 . 2008-03-27 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-03-26 19:57 . 2008-03-26 19:57 279 --a------ C:\WINDOWS\system32\2b6494.exe 2008-03-26 19:57 . 2008-03-26 19:57 279 --a------ C:\WINDOWS\system32\2b5fa3.exe 2008-03-26 19:34 . 2008-03-26 19:34 279 --a------ C:\WINDOWS\system32\16b8b6.exe 2008-03-26 19:34 . 2008-03-26 19:34 279 --a------ C:\WINDOWS\system32\16b451.exe 2008-03-26 19:11 . 2008-03-26 19:11 279 --a------ C:\WINDOWS\system32\20ff4.exe 2008-03-26 19:11 . 2008-03-26 19:11 279 --a------ C:\WINDOWS\system32\20d73.exe 2008-03-26 19:09 . 2008-03-26 19:09 279 --a------ C:\WINDOWS\system32\685e62.exe 2008-03-26 19:09 . 2008-03-26 19:09 279 --a------ C:\WINDOWS\system32\685b16.exe 2008-03-26 18:46 . 2008-03-26 18:46 279 --a------ C:\WINDOWS\system32\53b448.exe 2008-03-26 18:46 . 2008-03-26 18:46 279 --a------ C:\WINDOWS\system32\53b12b.exe 2008-03-26 18:45 . 2008-03-26 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-03-26 18:23 . 2008-03-26 18:23 279 --a------ C:\WINDOWS\system32\3f0a5d.exe 2008-03-26 18:23 . 2008-03-26 18:23 279 --a------ C:\WINDOWS\system32\3efadd.exe 2008-03-26 17:17 . 2008-03-26 17:17 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-03-26 17:13 . 2008-03-26 17:13 279 --a------ C:\WINDOWS\system32\bad74c.exe 2008-03-26 17:13 . 2008-03-26 17:13 279 --a------ C:\WINDOWS\system32\bad3b2.exe 2008-03-26 17:04 . 2008-03-26 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-03-26 16:51 . 2008-03-26 16:51 279 --a------ C:\WINDOWS\system32\a62cc5.exe 2008-03-26 16:51 . 2008-03-26 16:51 279 --a------ C:\WINDOWS\system32\a61882.exe 2008-03-26 02:02 . 2008-03-26 02:02 279 --a------ C:\WINDOWS\system32\2bebea6.exe 2008-03-26 02:02 . 2008-03-26 02:02 279 --a------ C:\WINDOWS\system32\2beb772.exe 2008-03-26 01:40 . 2008-03-26 01:40 279 --a------ C:\WINDOWS\system32\2aa0fba.exe 2008-03-26 01:40 . 2008-03-26 01:40 279 --a------ C:\WINDOWS\system32\2aa0b93.exe 2008-03-26 01:26 . 2008-03-26 01:26 <DIR> d-------- C:\Program Files\DNA 2008-03-26 01:26 . 2008-03-26 01:26 <DIR> d-------- C:\Program Files\BitTorrent 2008-03-26 01:26 . 2008-04-12 17:35 <DIR> d-------- C:\Documents and Settings\Asus X51R\Application Data\DNA 2008-03-26 01:26 . 2008-04-10 12:08 <DIR> d-------- C:\Documents and Settings\Asus X51R\Application Data\BitTorrent 2008-03-26 01:17 . 2008-03-26 01:17 279 --a------ C:\WINDOWS\system32\29562a2.exe 2008-03-26 01:17 . 2008-03-26 01:17 279 --a------ C:\WINDOWS\system32\2955ab3.exe 2008-03-26 00:54 . 2008-03-26 00:54 279 --a------ C:\WINDOWS\system32\2809cc3.exe 2008-03-26 00:54 . 2008-03-26 00:54 279 --a------ C:\WINDOWS\system32\28091b7.exe 2008-03-18 12:13 . 2008-03-18 12:13 405 --a------ C:\WINDOWS\barcode.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-12 16:01 5,477 ----a-w C:\WINDOWS\system32\drivers\klrhon.sys 2008-04-12 13:33 --------- d-----w C:\Program Files\Kaspersky Lab 2008-04-12 13:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-12 13:31 82,258 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-04-12 13:31 82,258 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-04-12 00:40 --------- d-----w C:\Program Files\Warcraft III 2008-04-10 21:16 --------- d-----w C:\Program Files\Spyware Terminator 2008-04-10 09:33 --------- d-----w C:\Program Files\Starcraft 2008-04-10 09:11 --------- d-----w C:\Documents and Settings\Asus X51R\Application Data\Spyware Terminator 2008-04-08 21:17 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-04-02 19:43 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-02 18:31 --------- d-----w C:\Program Files\Winamp 2008-04-02 10:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-27 13:57 --------- d-----w C:\Program Files\ESET 2008-03-26 15:43 --------- d-----w C:\Program Files\Yahoo! 2008-03-25 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-03-18 09:36 --------- d-----w C:\Program Files\Corel 2006-06-11 21:11 73,728 --sh--r C:\WINDOWS\system32\mslogon.exe . ------- Sigcheck ------- 2008-01-17 11:27 359040 c81d6a930a7805f6daa0c7902b99037e C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-01-17 11:27 359040 c81d6a930a7805f6daa0c7902b99037e C:\WINDOWS\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-11 02:39 288576] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704] "Steam"="C:\Program Files\Steam\Steam.exe" [2003-09-11 13:32 987136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2007-11-28 00:10 2953216] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 17:57 133016] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] C:\Documents and Settings\Asus X51R\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 22:24:54 98632] systemnt.exe [2006-06-12 00:11:14 73728] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\kasperskyantivirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\Starcraft\\starcraft.exe"= "C:\\Program Files\\Warcraft III\\Warcraft III.exe"= "C:\\WINDOWS\\system32\\1bd4b1.exe"= "C:\\WINDOWS\\system32\\979c.exe"= "C:\\WINDOWS\\system32\\15d626.exe"= "C:\\WINDOWS\\system32\\a8d2.exe"= "C:\\WINDOWS\\system32\\99bf.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\00 INSTALL\\sdc212\\StrongDC.exe"= "C:\\Program Files\\Valve\\hl.exe"= R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-11-28 00:10] R2 NdisFileServices32;NdisFileServices32;C:\WINDOWS\system32\drivers\klrhon.sys [2008-04-12 19:04] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 12:13] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{047d50f8-c851-11dc-9aa7-001d6057786b}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{515cdb4f-8e1d-11d9-aade-001d6057786b}] \Shell\Auto\command - boot.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a00f4652-9afd-11dc-9a57-0015af380954}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1fede1e-f504-11dc-aaf2-001d6057786b}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b52a9d33-f4c8-11dc-aaf1-001d6057786b}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf643a9-f666-11dc-aaf5-001d6057786b}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e39aa6cd-fe5c-11dc-ab09-001d6057786b}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe . Contents of the 'Scheduled Tasks' folder "2008-03-28 19:28:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-04-12 19:01:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\wmdrtc32.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Asus X51R\Start Menu\Programs\Startup\systemnt.exe C:\WINDOWS\system32\mslogon.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************ . Completion time: 2008-04-12 19:04:19 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-12 16:04:11 Pre-Run: 5,815,017,472 bytes free Post-Run: 6,554,988,544 bytes free

Profil

DEMIAN Poslao: 12 Apr 2008 18:29 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odlično. Javim ti se sa uputstvom za dalje malo kasnije kada budem tačno proverio ovo što je postavljeno. Isprati/refreshuj temu za oko sat..

Profil

AnaIvanovicFan Poslao: 12 Apr 2008 20:17 Idi na vrh
offline AnaIvanovicFan Novi MyCity građanin Pridružio: 12 Apr 2008 Poruke: 27 Gde živiš: Vojvodina	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! DEMIAN ::Odlično. Javim ti se sa uputstvom za dalje malo kasnije kada budem tačno proverio ovo što je postavljeno. Isprati/refreshuj temu za oko sat.. Hvala puno! Cekam odgovor

Profil

DEMIAN Poslao: 12 Apr 2008 20:17 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pre svega uključi prikaz skrivenih foldera i fajlova [Link mogu videti samo ulogovani korisnici] Preko ovog linka --> [Link mogu videti samo ulogovani korisnici] Zipuj i pošalji mi sledeće Folder i njegov sadržaj sa putanje "C:\-2139772354" ako ti je nepoznat tj. nisi ga ti kreirao Fajl sa putanje "C:\WINDOWS\system32\drivers\klrhon.sys" Kada to završiš isprati ovo uputstvo.. Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\kejraxck.dll C:\WINDOWS\system32\dyhgewap.dll C:\WINDOWS\system32\fgttckyh.dll C:\WINDOWS\mrofinu.exe C:\evaqwp.exe C:\WINDOWS\mrofinu2000352.exe.tmp C:\bhroxyo.exe C:\d1.exe C:\WINDOWS\system32\yypqhhra.tmp C:\WINDOWS\system32\2b6494.exe C:\WINDOWS\system32\2b5fa3.exe C:\WINDOWS\system32\16b8b6.exe C:\WINDOWS\system32\16b451.exe C:\WINDOWS\system32\20ff4.exe C:\WINDOWS\system32\20d73.exe C:\WINDOWS\system32\685e62.exe C:\WINDOWS\system32\685b16.exe C:\WINDOWS\system32\53b448.exe C:\WINDOWS\system32\53b12b.exe C:\WINDOWS\system32\bad74c.exe C:\WINDOWS\system32\bad3b2.exe C:\WINDOWS\system32\a62cc5.exe C:\WINDOWS\system32\a61882.exe C:\WINDOWS\system32\2bebea6.exe C:\WINDOWS\system32\2beb772.exe C:\WINDOWS\system32\2aa0fba.exe C:\WINDOWS\system32\2aa0b93.exe C:\WINDOWS\system32\29562a2.exe C:\WINDOWS\system32\2955ab3.exe C:\WINDOWS\system32\2809cc3.exe C:\WINDOWS\system32\28091b7.exe C:\WINDOWS\system32\mslogon.exe C:\Documents and Settings\Asus X51R\Start Menu\Programs\Startup\systemnt.exe C:\WINDOWS\system32\wmdrtc32.dll C:\WINDOWS\system32\wmdrtc32.dl_ C:\WINDOWS\system32\drivers\klrhon.sys Folder:: C:\Documents and Settings\All Users\Application Data\Trymedia Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\1bd4b1.exe"=- "C:\\WINDOWS\\system32\\979c.exe"=- "C:\\WINDOWS\\system32\\15d626.exe"=- "C:\\WINDOWS\\system32\\a8d2.exe"=- "C:\\WINDOWS\\system32\\99bf.exe"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{047d50f8-c851-11dc-9aa7-001d6057786b}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{515cdb4f-8e1d-11d9-aade-001d6057786b}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a00f4652-9afd-11dc-9a57-0015af380954}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1fede1e-f504-11dc-aaf2-001d6057786b}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b52a9d33-f4c8-11dc-aaf1-001d6057786b}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf643a9-f666-11dc-aaf5-001d6057786b}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e39aa6cd-fe5c-11dc-ab09-001d6057786b}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Trojan, warm...? Pomoc!

Ko je trenutno na forumu

Ukupno su 2445 korisnika na forumu :: 113 registrovanih, 13 sakrivenih i 2319 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 13297 - dana 20 Jan 2026 17:42

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: -[CoA]-, 100ka, A.R.Chafee.Jr., Abebe Bikila, airsuba, annon, Aska, Automaticar, awathorn, Baltimor, Beardonitch, Bobrock1, bojan_t, bojank, bojankrstc, BORUTUS, BSD, Chainsaw, Dannyboy, darkdruid72, del boy, Denaya, Desmond, Despot1, djonsule, doktor1964, DonRumataEstorski, DzigiNS, dzoni19, g_g, Hans Gajger, hvost, Ice, icemilos, IQ116, ivan_8282, Jaksa loznica, jalos, jeen yuhs, Jeremiah, Jester, JimmyNapoli, JK, Jomini, Jose, kaisarevic1, Kajzer Soze, kaput21, Klass, Kubovac, KUZMAR, kybonacci, Levi, Limeni91, LUDI, M74AB3, madza, mane123, MarkoMarkovic86, miki kv, MIKI63, Miletić Zoran, milimoj, miljannis, MILJEVINAC, mir juzni, mm1811, nazgul75, neutrino, nnovakis, Novakomp, OtacMakarije, Papadubi, pavlepopic, pceklic, pedja.st, pein, Perudin_92, Peruta, Pilence, Povratak1912, procesor, Qvazimodo, RajkoB, RJ, rodoljub, rovac, samoborac, saputnik plavetnila, ShtagodShtagod, Slingshot, smuk, starlights, Steeeefan, Stevan Visoki, Superastro, Tamo neko, The Boss, travisrise, Troja, Tumansky, tvlada, vidra1, Vlada76, Vladovbl, voja64, Vzor50, xAlex2, Zdenko, zlaya011, zombicar153, |_MeD_|, 1453

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by