MyCity » Ambulanta -> Arhiva Ambulante » Trojanci :S

Trojanci :S

Napisano na dan: 26.9.2008

Strana:
1
2
3
4

Trojanci :S

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

helen1 Poslao: 27 Sep 2008 19:04 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Janki, ne nasedaj na komentare:) Uploaduj mi: C:\WINDOWS\system32\dots.exe http://www.mycity.rs/ambulanta-upload.php

Profil

Janki90 Poslao: 27 Sep 2008 20:06 Idi na vrh
offline Janki90 Elitni građanin Pridružio: 28 Maj 2006 Poruke: 1536 Gde živiš: Seven holy paths to hell	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne nasedam... :p ,ali bio sam uploadovao na virscan i dobio ovaj rezlutat http://virscan.org/report/48ccc88f742b1f46ff2731980a6f2a29.html uploadovao sam file ^_^

Profil

helen1 Poslao: 27 Sep 2008 20:08 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK. Ali fajl ce ipak pogledati neki AMF rank 2. Posto ja sutra putujem, tebe ce preuzeti neko od njih. Pozzz

Profil

Janki90 Poslao: 27 Sep 2008 21:53 Idi na vrh
offline Janki90 Elitni građanin Pridružio: 28 Maj 2006 Poruke: 1536 Gde živiš: Seven holy paths to hell	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! k , thx za pomoc pozz

Profil

bobby Poslao: 27 Sep 2008 22:03 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo Janki90, Jesi li instalirao nesto u medjuvremenu? Posecujes li neke sajtove koji su sumnjivi? Moramo nekako da otkrijemo kako se i zasto infekcija obnavlja. Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Desni klik na sred forme programa. Pojaviće se menij u kojem je potrebno otići na Options i tu štiklirati opciju Only non MS files Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao fajl file3.txt Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde fajl koji smo malopre snimili Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\dots.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Janki90 Poslao: 27 Sep 2008 22:14 Idi na vrh
offline Janki90 Elitni građanin Pridružio: 28 Maj 2006 Poruke: 1536 Gde živiš: Seven holy paths to hell	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nisam instlirao nista...jedino sam uninstlirao.Komp mi je poceo cudno ponasati 25.09 kad je nod32 pronasao sprint.dll (detektovao ga je kao trojan downloader) i od tad mi komp se restartirao .Sajtove posecujem iste ,koje sam posecivao pre pola godine (tad sam instlirao win).Tako da ne znam odakle mi ovaj virus :S evo log gmer-a GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-09-27 22:09:34 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT sptd.sys ZwCreateKey [0xF74ED0D0] SSDT sptd.sys ZwEnumerateKey [0xF74F2FB2] SSDT sptd.sys ZwEnumerateValueKey [0xF74F3340] SSDT sptd.sys ZwOpenKey [0xF74ED0B0] SSDT sptd.sys ZwQueryKey [0xF74F3418] SSDT sptd.sys ZwQueryValueKey [0xF74F3298] SSDT sptd.sys ZwSetValueKey [0xF74F34AA] ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process. .text USBPORT.SYS!DllUnload B808562C 5 Bytes JMP 8A32D1C8 ? System32\Drivers\a8ic8oqe.SYS The system cannot find the file specified. ! ---- User code sections - GMER 1.0.14 ---- .text C:\Program Files\Winamp\winamp.exe[480] USER32.dll!SetScrollInfo 77D4902C 7 Bytes JMP 0121A68D C:\Program Files\Winamp\Plugins\gen_jumpex.dll .text C:\Program Files\Winamp\winamp.exe[480] USER32.dll!GetScrollPos 77D4F66F 5 Bytes JMP 0121A63D C:\Program Files\Winamp\Plugins\gen_jumpex.dll .text C:\Program Files\Winamp\winamp.exe[480] USER32.dll!SetScrollRange 77D4F6BB 5 Bytes JMP 0121A6E3 C:\Program Files\Winamp\Plugins\gen_jumpex.dll .text C:\Program Files\Winamp\winamp.exe[480] USER32.dll!SetScrollPos 77D4F780 5 Bytes JMP 0121A6B8 C:\Program Files\Winamp\Plugins\gen_jumpex.dll .text C:\Program Files\Winamp\winamp.exe[480] USER32.dll!GetScrollRange 77D4F7B7 5 Bytes JMP 0121A662 C:\Program Files\Winamp\Plugins\gen_jumpex.dll .text C:\Program Files\Winamp\winamp.exe[480] USER32.dll!ShowScrollBar 77D50142 5 Bytes JMP 0121A711 C:\Program Files\Winamp\Plugins\gen_jumpex.dll .text C:\Program Files\Winamp\winamp.exe[480] USER32.dll!GetScrollInfo 77D53A2F 7 Bytes JMP 0121A615 C:\Program Files\Winamp\Plugins\gen_jumpex.dll .text C:\Program Files\Winamp\winamp.exe[480] USER32.dll!EnableScrollBar 77D97BAD 7 Bytes JMP 0121A5ED C:\Program Files\Winamp\Plugins\gen_jumpex.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1420] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [ C2, 04, 00, 00 ] ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74EDAD4] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74EDC1A] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74EDB9C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74EE748] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74EE61E] sptd.sys ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 8A6091E8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\NetBT \Device\NetBT_Tcpip_{64BFF9FC-5B33-42ED-8C8B-7A810BDE103F} 89B54518 Device \Driver\usbohci \Device\USBPDO-0 8A32C1E8 Device \Driver\usbohci \Device\USBPDO-1 8A32C1E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5991E8 Device \Driver\dmio \Device\DmControl\DmConfig 8A5991E8 Device \Driver\dmio \Device\DmControl\DmPnP 8A5991E8 Device \Driver\dmio \Device\DmControl\DmInfo 8A5991E8 Device \Driver\usbohci \Device\USBPDO-2 8A32C1E8 Device \Driver\PCI_NTPNP8504 \Device\00000053 sptd.sys Device \Driver\PCI_NTPNP8504 \Device\00000053 sptd.sys Device \Driver\usbohci \Device\USBPDO-3 8A32C1E8 Device \Driver\usbohci \Device\USBPDO-4 8A32C1E8 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys Device \Driver\usbehci \Device\USBPDO-5 8A41E790 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A60C1E8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\Ftdisk \Device\HarddiskVolume2 8A60C1E8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\Cdrom \Device\CdRom0 8A4DB1E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8A60C1E8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\NetBT \Device\NetBT_Tcpip_{FED74750-F77B-4734-8094-EB6A31216EAD} 89B54518 Device \Driver\Cdrom \Device\CdRom1 8A4DB1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 8A60B1E8 Device \Driver\atapi \Device\Ide\IdePort0 8A60B1E8 Device \Driver\atapi \Device\Ide\IdePort1 8A60B1E8 Device \Driver\atapi \Device\Ide\IdePort2 8A60B1E8 Device \Driver\atapi \Device\Ide\IdePort3 8A60B1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 8A60B1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 8A60B1E8 Device \Driver\Ftdisk \Device\HarddiskVolume4 8A60C1E8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\Cdrom \Device\CdRom2 8A4DB1E8 Device \Driver\Ftdisk \Device\HarddiskVolume5 8A60C1E8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\NetBT \Device\NetBt_Wins_Export 89B54518 Device \Driver\NetBT \Device\NetbiosSmb 89B54518 Device \Driver\usbohci \Device\USBFDO-0 8A32C1E8 Device \Driver\usbohci \Device\USBFDO-1 8A32C1E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89B361E8 Device \Driver\usbohci \Device\USBFDO-2 8A32C1E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89B361E8 Device \Driver\usbohci \Device\USBFDO-3 8A32C1E8 Device \Driver\usbohci \Device\USBFDO-4 8A32C1E8 Device \Driver\Ftdisk \Device\FtControl 8A60C1E8 Device \Driver\usbehci \Device\USBFDO-5 8A41E790 Device \Driver\NetBT \Device\NetBT_Tcpip_{7A58C9A5-84F2-40C7-9994-5A15292A4439} 89B54518 Device \Driver\a8ic8oqe \Device\Scsi\a8ic8oqe1 8A2E91E8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port5Path0Target0Lun0 8A60A1E8 Device \Driver\a8ic8oqe \Device\Scsi\a8ic8oqe1Port6Path0Target0Lun0 8A2E91E8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 8A60A1E8 Device \Driver\JRAID \Device\Scsi\JRAID1 8A5981E8 Device \FileSystem\Cdfs \Cdfs 89AB31E8 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x74 0xF5 0x78 0xF1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2A 0xC4 0x14 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2C 0x99 0x12 0xBD ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x74 0xF5 0x78 0xF1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2A 0xC4 0x14 0xE0 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2C 0x99 0x12 0xBD ... ---- EOF - GMER 1.0.14 ---- Dopuna: 27 Sep 2008 22:14 combofix log ComboFix 08-09-26.06 - Janki 2008-09-27 22:11:15.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1546 [GMT 2:00] Running from: C:\Documents and Settings\Janki\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Janki\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\dots.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\dots.exe . ((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 ))))))))))))))))))))))))))))))) . 2008-09-27 12:58 . 2008-09-27 21:51 0 --a------ C:\WINDOWS\system32\ativvaxx.cap 2008-09-26 23:04 . 2008-09-26 23:04 <DIR> d-------- C:\Documents and Settings\Administrator 2008-09-26 21:30 . 2008-09-26 21:30 <DIR> d---s---- C:\WINDOWS\Cookies 2008-09-26 20:53 . 2008-09-26 21:31 <DIR> d-------- C:\Documents and Settings\Janki\Application Data\BSplayer PRO 2008-09-26 15:11 . 2008-09-26 15:15 <DIR> d-------- C:\Program Files\a-squared Free 2008-09-26 15:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\a-squared Anti-Malware 2008-09-18 20:16 . 2008-09-18 20:16 <DIR> d-------- C:\Program Files\Safer Networking 2008-09-18 20:11 . 2008-09-18 20:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-09-18 20:11 . 2008-09-27 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-18 12:31 . 2008-09-18 12:33 <DIR> d-------- C:\Program Files\Magic Swf2Avi 2008 2008-09-18 00:51 . 2008-09-27 17:19 <DIR> d-------- C:\Documents and Settings\Janki\Application Data\SWF.max 2008-09-17 19:34 . 2008-09-17 19:34 <DIR> d-------- C:\Program Files\SWF.max 2008-09-17 19:27 . 2008-09-17 19:29 <DIR> d-------- C:\Program Files\FlashGet 2008-09-16 22:53 . 2008-09-27 22:04 250 --a------ C:\WINDOWS\gmer.ini 2008-09-08 16:38 . 2008-09-08 16:38 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-09-08 16:37 . 2008-09-08 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-09-08 16:37 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-09-08 16:36 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-09-08 16:36 . 2008-09-08 16:36 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-09-08 16:36 . 2008-09-08 16:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-09-08 16:36 . 2008-09-08 16:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-09-08 16:35 . 2008-09-08 16:36 <DIR> d-------- C:\Program Files\Common Files\Logishrd 2008-09-08 16:35 . 2008-09-08 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2008-09-08 15:30 . 2008-09-08 15:30 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-03 23:59 . 2008-09-03 23:59 <DIR> d-------- C:\Program Files\Binaryfish 2008-09-03 17:22 . 2008-09-03 17:22 <DIR> d-------- C:\Program Files\Muff 2008-08-30 13:04 . 2008-08-30 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-27 15:37 --------- d-----w C:\Documents and Settings\Janki\Application Data\uTorrent 2008-09-27 15:33 --------- d-----w C:\Documents and Settings\Janki\Application Data\Orbit 2008-09-27 10:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-27 10:17 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-09-27 10:16 --------- d-----w C:\Program Files\TQ Defiler 2008-09-27 10:11 --------- d-----w C:\Documents and Settings\Janki\Application Data\My Games 2008-09-26 19:49 --------- d-----w C:\Program Files\DAEMON Tools Pro 2008-09-25 17:27 --------- d-----w C:\Program Files\ICQ6 2008-09-23 11:02 --------- d-----w C:\Documents and Settings\Janki\Application Data\OpenOffice.org2 2008-09-19 15:00 --------- d-----w C:\Program Files\SpeedFan 2008-09-08 14:38 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-09-08 14:36 --------- d-----w C:\Program Files\Common Files\Logitech 2008-09-08 13:57 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-08-30 11:02 --------- d-----w C:\Program Files\ATI Technologies 2008-08-28 22:23 --------- d-----w C:\Documents and Settings\Janki\Application Data\skypePM 2008-08-28 22:23 --------- d-----w C:\Documents and Settings\Janki\Application Data\Skype 2008-08-24 18:33 --------- d-----w C:\Documents and Settings\Janki\Application Data\MyPhoneExplorer 2008-08-23 13:56 --------- d-----w C:\Program Files\Lavalys 2008-08-19 22:09 --------- d-----w C:\Documents and Settings\Janki\Application Data\Winamp 2008-08-13 17:50 --------- d-----w C:\Program Files\Western Digital 2008-08-08 04:23 --------- d-----w C:\Program Files\Recuva 2008-08-03 02:24 --------- d-----w C:\Program Files\Skype 2008-08-03 02:24 --------- d-----w C:\Program Files\Common Files\Skype 2008-08-03 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-08-02 14:52 --------- d-----w C:\Program Files\Opera 2008-08-01 06:38 3,266,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-08-01 05:40 9,928,704 ----a-w C:\WINDOWS\system32\atioglxx.dll 2008-08-01 04:58 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-08-01 04:33 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-08-01 04:23 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-08-01 04:23 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-08-01 04:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-08-01 04:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-08-01 04:22 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-08-01 04:21 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-08-01 04:19 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-08-01 04:10 3,917,568 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-08-01 03:59 2,183,552 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-08-01 03:46 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-08-01 03:42 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-08-01 03:40 35,328 ----a-w C:\WINDOWS\system32\atiadlxx.dll 2008-08-01 03:40 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-08-01 03:39 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-08-01 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-08-01 03:34 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-07-31 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe 2008-07-14 07:07 714 ----a-w C:\ma477.bin 2008-07-09 21:48 2,829 ----a-w C:\WINDOWS\War3Unin.pif 2008-07-09 21:48 139,264 ----a-w C:\WINDOWS\War3Unin.exe 2008-06-30 18:08 692,058 ----a-w C:\WINDOWS\system32\unins000.exe 2008-03-09 05:25 236 ----a-w C:\Program Files\Common Files\dx.reg . ------- Sigcheck ------- 2008-05-15 16:51 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-05-15 16:51 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\TCPIP.SYS 2004-08-04 02:56 57856 5274e48efcd5a464b7d17424debc3d6d C:\WINDOWS\system32\spoolsv.exe 2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\system32\dllcache\spoolsv.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-09-03 267056] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-06-10 2645528] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RivaTuner"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456] "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440] "RTHDCPL"="RTHDCPL.EXE" [2008-03-26 C:\WINDOWS\RTHDCPL.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-09-08 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer] -r------- 2007-05-25 06:13 1957888 C:\WINDOWS\system32\xRaidSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2004-06-16 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2004-06-16 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] -r------- 2007-03-20 08:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall] --a------ 2007-02-22 19:53 2209224 C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2008-07-16 16:57 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "C:\\Program Files\\ICQ6\\ICQ.exe"= "D:\\Games\\Pro Evolution Soccer 2008\\PES2008.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 13696] R1 BS_I2cIo;BS_I2cIo;C:\WINDOWS\system32\drivers\BS_I2cIo.sys [2006-04-13 8192] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312] R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-10 1386008] R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 3712] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] S3 GPU-Z;GPU-Z;C:\DOCUME~1\Janki\LOCALS~1\Temp\GPU-Z.sys [ ] S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536] S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360] S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 97088] S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624] S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 18704] S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 86432] S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 90800] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-08 354560] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f5ecb81-5739-11dd-b5bc-00055dd3fac7}] \Shell\AutoRun\command - I:\Programs\totalcmd\TCPowerPack.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-27 22:11:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc] "ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . Completion time: 2008-09-27 22:12:20 ComboFix-quarantined-files.txt 2008-09-27 20:12:18 ComboFix2.txt 2008-09-27 14:29:59 ComboFix3.txt 2008-09-26 18:39:39 Pre-Run: 19,390,259,200 bytes free Post-Run: 19,377,762,304 bytes free 206

Profil

bobby Poslao: 27 Sep 2008 22:19 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ono je bio pogresan GMER log, nisi lepo sledio uputstvo koje sam ti napisao... Ne znam da li je to vise bitno sada, posto si vec pustio ComboFix. Bilo mi je bitno da se taj GMER log uradi pre ComboFixa. Trenutno su cisti logovi. Daces mi sutra novi ComboFix log (startuj ComboFix normalno, bez prevlacenja skripta na ikonicu ComboFixa) da se uverim u to da se infekcija nije obnovila.

Profil

Janki90 Poslao: 27 Sep 2008 23:02 Idi na vrh
offline Janki90 Elitni građanin Pridružio: 28 Maj 2006 Poruke: 1536 Gde živiš: Seven holy paths to hell	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! tt , moja greska Posle combofix-a sam resetovao komp i radi dosta usporeno pratio sam malo task manger i vidim da sve aplikacije koje koriste internet (utorrent , icq) opterecuju procesor do 60% o.O sto je dosta cudno...jer nikad mi procesor nije opterecen preko 50%

Profil

bobby Poslao: 27 Sep 2008 23:06 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Daj mi novi ComboFix log, kao i sledece GMER logove (upustva su pisana za dva pokretanja GMER-a, mozes sva tri loga da uradis i sa samo jednim ukljucivanjem GMER-a): Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Desni klik na sred forme programa. Pojaviće se menij u kojem je potrebno otići na Options i tu štiklirati opciju Only non MS files Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao fajl file3.txt Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde fajl koji smo malopre snimili

Profil

Janki90 Poslao: 27 Sep 2008 23:16 Idi na vrh
offline Janki90 Elitni građanin Pridružio: 28 Maj 2006 Poruke: 1536 Gde živiš: Seven holy paths to hell	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Trojanci :S

Ko je trenutno na forumu

Ukupno su 600 korisnika na forumu :: 8 registrovanih, 1 sakriven i 591 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., goxin, Koridor, Mixelotti, nemkea71, radionica1, saputnik plavetnila, TBF1D

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by