[helen1]Trojanci Pomoc Pomoc!!

2

[helen1]Trojanci Pomoc Pomoc!!

offline
  • ivan.b 
  • Novi MyCity građanin
  • Pridružio: 24 Sep 2008
  • Poruke: 11

Evo sta je ComboFix odgovorio :

ComboFix 08-09-22.06 - Ivan Bosnjak 2008-09-24 18:48:03.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1053.18.1600 [GMT 2:00]
Running from: C:\Documents and Settings\Ivan Bosnjak\Skrivbord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ivan Bosnjak\Skrivbord\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\dJkTCcdd.ini
C:\WINDOWS\system32\dJkTCcdd.ini2
C:\WINDOWS\system32\ggjmnnpo.ini2
C:\WINDOWS\system32\mlJdBssq.dll
C:\WINDOWS\system32\opnnmjgg.VIR
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\dJkTCcdd.ini
C:\WINDOWS\system32\dJkTCcdd.ini2
C:\WINDOWS\system32\ggjmnnpo.ini2
C:\WINDOWS\system32\mlJdBssq.dll
C:\WINDOWS\system32\opnnmjgg.VIR

----- BITS: Possible infected sites -----

hxxp://77.74.48.101
.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.

2008-09-24 15:03 . 2008-09-24 15:03 <KAT> dr------- C:\Documents and Settings\LocalService\Favoriter
2008-09-24 13:10 . 2008-09-24 13:10 <KAT> d-------- C:\Program\Sunbelt Software
2008-09-24 13:10 . 2008-09-24 13:10 <KAT> d-------- C:\Documents and Settings\Ivan Bosnjak\Application Data\Sunbelt
2008-09-24 13:10 . 2008-09-24 13:10 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-09-24 11:11 . 2008-09-24 11:11 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar
2008-09-24 11:11 . 2008-09-24 11:11 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar
2008-09-24 11:11 . 2008-09-24 11:11 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar
2008-09-24 11:11 . 2008-09-24 11:11 <KAT> d-------- C:\Documents and Settings\Ivan Bosnjak\Lokala instõllningar
2008-09-24 02:22 . 2008-09-24 02:32 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-24 02:22 . 2008-09-24 02:22 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-24 02:21 . 2008-09-24 02:21 <KAT> d-------- C:\Program\Kaspersky Lab
2008-09-24 02:21 . 2008-09-24 18:43 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-24 02:21 . 2008-09-24 18:42 3,455,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-24 02:21 . 2008-09-24 18:42 581,664 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-24 02:21 . 2008-09-24 18:42 28,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-24 02:21 . 2008-09-24 18:42 3,068 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-24 02:03 . 2008-09-24 02:03 <KAT> d-------- C:\Program\Microsoft Windows OneCare Live
2008-09-24 01:53 . 2008-09-24 01:53 <KAT> d-------- C:\Program\Trend Micro
2008-09-24 01:44 . 2008-09-24 02:03 <KAT> d-------- C:\Program\Windows Live Safety Center
2008-09-24 01:20 . 2008-09-24 01:21 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-24 01:19 . 2008-09-24 01:19 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-09-24 01:18 . 2008-09-24 01:18 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-23 16:48 . 2008-09-24 00:07 <KAT> d-------- C:\Program\Enigma Software Group
2008-09-22 15:42 . 2008-09-22 15:47 <KAT> d-------- C:\Program\Microsoft Student
2008-09-22 15:41 . 2008-09-22 15:41 <KAT> d-------- C:\Program\Learning Essentials
2008-09-22 15:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-09-16 09:43 . 2008-09-16 09:45 <KAT> d-------- C:\Documents and Settings\Ivan Bosnjak\Application Data\vlc
2008-09-11 08:22 . 2008-09-11 08:22 <KAT> d-------- C:\Program\iTunes
2008-09-11 08:22 . 2008-09-11 08:22 <KAT> d-------- C:\Program\iPod
2008-09-11 08:21 . 2008-09-22 08:05 <KAT> d-------- C:\Program\Bonjour
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-04 11:01 . 2008-09-19 13:13 <KAT> d-------- C:\Program\Delade filer\Symantec Shared
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 14:55 --------- d-----w C:\Program\Mozilla Thunderbird
2008-09-24 14:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-24 10:42 --------- d-----w C:\Program\Delade filer\Real
2008-09-23 23:20 --------- d-----w C:\Program\Lavasoft
2008-09-23 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-23 22:10 --------- d-----w C:\Program\jouououoi
2008-09-23 22:09 --------- d--h--w C:\Program\InstallShield Installation Information
2008-09-23 00:33 --------- d-----w C:\Documents and Settings\Ivan Bosnjak\Application Data\BitTorrent
2008-09-22 23:39 --------- d-----w C:\Program\Yahoo!
2008-09-20 00:01 --------- d-----w C:\Program\BitTorrent
2008-09-16 07:45 --------- d-----w C:\Documents and Settings\Ivan Bosnjak\Application Data\vlc
2008-09-12 15:25 --------- d-----w C:\Documents and Settings\Ivan Bosnjak\Application Data\PowerChallenge
2008-09-11 06:20 --------- d-----w C:\Program\QuickTime
2008-09-11 06:20 --------- d-----w C:\Program\Delade filer\Apple
2008-09-10 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-04 09:07 --------- d-----w C:\Documents and Settings\Ivan Bosnjak\Application Data\Symantec
2008-08-23 14:42 --------- d-----w C:\Program\Java
2008-08-19 21:09 --------- d-----w C:\Program\Microsoft Silverlight
2008-08-18 21:31 --------- d-----w C:\Program\Delade filer\BitDefender
2008-08-18 21:31 --------- d-----w C:\Program\BitDefender
2008-08-18 21:29 --------- d-----w C:\Program\Comodo
2008-08-18 21:29 --------- d-----w C:\Documents and Settings\Ivan Bosnjak\Application Data\Comodo
2008-08-18 14:08 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-08-18 14:08 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2008-08-18 13:32 --------- d-----w C:\Program\Apple Software Update
2008-07-29 18:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-29 18:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:29 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:46 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 08:42 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program\jouououoi ----

2008-05-22 09:00 606720 --a------ C:\Program\jouououoi\mmm.exe
2008-05-22 09:00 164352 --a------ C:\Program\jouououoi\sptcontmenu.dll3


((((((((((((((((((((((((((((( snapshot@2008-09-24_17.22.08.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-24 15:01:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-24 16:01:14 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-24 15:01:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat
+ 2008-09-24 16:01:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"ccleaner"="C:\Program\CCleaner\ccleaner.exe" [2008-08-22 1234160]
"ISUSPM"="C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="C:\Program\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IAAnotif"="C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"CTSysVol"="C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"DVDLauncher"="C:\Program\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-09 7110656]
"AVP"="C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
BankID s„kerhetsprogram.lnk - C:\Program\Personal\bin\Personal.exe [2008-06-17 910864]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\BitTorrent\\bittorrent.exe"=
"C:\\Program\\Bonjour\\mDNSResponder.exe"=
"C:\\Program\\iTunes\\iTunes.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-03-16 33920]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
R2 NMSAccessU;NMSAccessU;C:\Program\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S2 BDVEDISK;BDVEDISK;C:\Program\BitDefender\BitDefender 2009\BDVEDISK.sys [ ]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\135A.tmp [ ]
S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys [ ]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2007-06-08 27136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-24 18:49:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet012\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\135A.tmp"
.
Completion time: 2008-09-24 18:51:31
ComboFix-quarantined-files.txt 2008-09-24 16:50:45
ComboFix2.txt 2008-09-24 15:23:11

Pre-Run: 204 613 230 592 byte ledigt
Post-Run: 204,583,055,360 byte ledigt

202 --- E O F --- 2008-09-23 23:33:35

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8490
  • Gde živiš: Novi Beograd

Iskljuci AV.

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
C:\Program\jouououoi


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • ivan.b 
  • Novi MyCity građanin
  • Pridružio: 24 Sep 2008
  • Poruke: 11

Nakon ComboFix a sam sa kaspersky skanao kompjuter i onda su se pojavili sledeci Trojanci :

General]
TaskType=Scan(ods)
ThreatType=adware (modification)
ThreatName=Heur.Trojan.Generic
ThreatDanger=1
ObjectType=File (PID: -1)
ObjectName=C:\Program\Trend Micro\HijackThis\backups\backup-20080924-015925-192.dll
ScanningBasesTime=2008-09-24 15:06:00

i nasao je nesto sto se zove Vulnerabilities u javi, u programu za misa,gotovo na nekih dvadeset filova.To do sada nije pokazivao !!!
Da li se Trojan tamo mozda sakrio !!!


hvala ti na pomoci !

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8490
  • Gde živiš: Novi Beograd

Pa daj mi log od poslednjeg skeniranja.

offline
  • ivan.b 
  • Novi MyCity građanin
  • Pridružio: 24 Sep 2008
  • Poruke: 11

ComboFix 08-09-22.06 - Ivan Bosnjak 2008-09-24 18:48:03.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1053.18.1600 [GMT 2:00]
Running from: C:\Documents and Settings\Ivan Bosnjak\Skrivbord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ivan Bosnjak\Skrivbord\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\dJkTCcdd.ini
C:\WINDOWS\system32\dJkTCcdd.ini2
C:\WINDOWS\system32\ggjmnnpo.ini2
C:\WINDOWS\system32\mlJdBssq.dll
C:\WINDOWS\system32\opnnmjgg.VIR
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\dJkTCcdd.ini
C:\WINDOWS\system32\dJkTCcdd.ini2
C:\WINDOWS\system32\ggjmnnpo.ini2
C:\WINDOWS\system32\mlJdBssq.dll
C:\WINDOWS\system32\opnnmjgg.VIR

----- BITS: Possible infected sites -----

hxxp://77.74.48.101
.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.

2008-09-24 15:03 . 2008-09-24 15:03 <KAT> dr------- C:\Documents and Settings\LocalService\Favoriter
2008-09-24 13:10 . 2008-09-24 13:10 <KAT> d-------- C:\Program\Sunbelt Software
2008-09-24 13:10 . 2008-09-24 13:10 <KAT> d-------- C:\Documents and Settings\Ivan Bosnjak\Application Data\Sunbelt
2008-09-24 13:10 . 2008-09-24 13:10 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-09-24 11:11 . 2008-09-24 11:11 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar
2008-09-24 11:11 . 2008-09-24 11:11 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar
2008-09-24 11:11 . 2008-09-24 11:11 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar
2008-09-24 11:11 . 2008-09-24 11:11 <KAT> d-------- C:\Documents and Settings\Ivan Bosnjak\Lokala instõllningar
2008-09-24 02:22 . 2008-09-24 02:32 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-24 02:22 . 2008-09-24 02:22 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-24 02:21 . 2008-09-24 02:21 <KAT> d-------- C:\Program\Kaspersky Lab
2008-09-24 02:21 . 2008-09-24 18:43 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-24 02:21 . 2008-09-24 18:42 3,455,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-24 02:21 . 2008-09-24 18:42 581,664 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-24 02:21 . 2008-09-24 18:42 28,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-24 02:21 . 2008-09-24 18:42 3,068 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-24 02:03 . 2008-09-24 02:03 <KAT> d-------- C:\Program\Microsoft Windows OneCare Live
2008-09-24 01:53 . 2008-09-24 01:53 <KAT> d-------- C:\Program\Trend Micro
2008-09-24 01:44 . 2008-09-24 02:03 <KAT> d-------- C:\Program\Windows Live Safety Center
2008-09-24 01:20 . 2008-09-24 01:21 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-24 01:19 . 2008-09-24 01:19 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-09-24 01:18 . 2008-09-24 01:18 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-23 16:48 . 2008-09-24 00:07 <KAT> d-------- C:\Program\Enigma Software Group
2008-09-22 15:42 . 2008-09-22 15:47 <KAT> d-------- C:\Program\Microsoft Student
2008-09-22 15:41 . 2008-09-22 15:41 <KAT> d-------- C:\Program\Learning Essentials
2008-09-22 15:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-09-16 09:43 . 2008-09-16 09:45 <KAT> d-------- C:\Documents and Settings\Ivan Bosnjak\Application Data\vlc
2008-09-11 08:22 . 2008-09-11 08:22 <KAT> d-------- C:\Program\iTunes
2008-09-11 08:22 . 2008-09-11 08:22 <KAT> d-------- C:\Program\iPod
2008-09-11 08:21 . 2008-09-22 08:05 <KAT> d-------- C:\Program\Bonjour
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-04 11:01 . 2008-09-19 13:13 <KAT> d-------- C:\Program\Delade filer\Symantec Shared
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 14:55 --------- d-----w C:\Program\Mozilla Thunderbird
2008-09-24 14:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-24 10:42 --------- d-----w C:\Program\Delade filer\Real
2008-09-23 23:20 --------- d-----w C:\Program\Lavasoft
2008-09-23 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-23 22:10 --------- d-----w C:\Program\jouououoi
2008-09-23 22:09 --------- d--h--w C:\Program\InstallShield Installation Information
2008-09-23 00:33 --------- d-----w C:\Documents and Settings\Ivan Bosnjak\Application Data\BitTorrent
2008-09-22 23:39 --------- d-----w C:\Program\Yahoo!
2008-09-20 00:01 --------- d-----w C:\Program\BitTorrent
2008-09-16 07:45 --------- d-----w C:\Documents and Settings\Ivan Bosnjak\Application Data\vlc
2008-09-12 15:25 --------- d-----w C:\Documents and Settings\Ivan Bosnjak\Application Data\PowerChallenge
2008-09-11 06:20 --------- d-----w C:\Program\QuickTime
2008-09-11 06:20 --------- d-----w C:\Program\Delade filer\Apple
2008-09-10 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-04 09:07 --------- d-----w C:\Documents and Settings\Ivan Bosnjak\Application Data\Symantec
2008-08-23 14:42 --------- d-----w C:\Program\Java
2008-08-19 21:09 --------- d-----w C:\Program\Microsoft Silverlight
2008-08-18 21:31 --------- d-----w C:\Program\Delade filer\BitDefender
2008-08-18 21:31 --------- d-----w C:\Program\BitDefender
2008-08-18 21:29 --------- d-----w C:\Program\Comodo
2008-08-18 21:29 --------- d-----w C:\Documents and Settings\Ivan Bosnjak\Application Data\Comodo
2008-08-18 14:08 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-08-18 14:08 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2008-08-18 13:32 --------- d-----w C:\Program\Apple Software Update
2008-07-29 18:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-29 18:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:29 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:46 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 08:42 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program\jouououoi ----

2008-05-22 09:00 606720 --a------ C:\Program\jouououoi\mmm.exe
2008-05-22 09:00 164352 --a------ C:\Program\jouououoi\sptcontmenu.dll3


((((((((((((((((((((((((((((( snapshot@2008-09-24_17.22.08.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-24 15:01:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-24 16:01:14 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-24 15:01:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat
+ 2008-09-24 16:01:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"ccleaner"="C:\Program\CCleaner\ccleaner.exe" [2008-08-22 1234160]
"ISUSPM"="C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="C:\Program\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IAAnotif"="C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"CTSysVol"="C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"DVDLauncher"="C:\Program\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-09 7110656]
"AVP"="C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
BankID s„kerhetsprogram.lnk - C:\Program\Personal\bin\Personal.exe [2008-06-17 910864]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\BitTorrent\\bittorrent.exe"=
"C:\\Program\\Bonjour\\mDNSResponder.exe"=
"C:\\Program\\iTunes\\iTunes.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-03-16 33920]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
R2 NMSAccessU;NMSAccessU;C:\Program\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S2 BDVEDISK;BDVEDISK;C:\Program\BitDefender\BitDefender 2009\BDVEDISK.sys [ ]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\135A.tmp [ ]
S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys [ ]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2007-06-08 27136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-24 18:49:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0
Jednom sam ga stavio ali neznam sta se desilo da ga nema na forumu
**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet012\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\135A.tmp"
.
Completion time: 2008-09-24 18:51:31
ComboFix-quarantined-files.txt 2008-09-24 16:50:45
ComboFix2.txt 2008-09-24 15:23:11

Pre-Run: 204 613 230 592 byte ledigt
Post-Run: 204,583,055,360 byte ledigt

202 --- E O F --- 2008-09-23 23:33:35

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8490
  • Gde živiš: Novi Beograd

helen1 ::Iskljuci AV.

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
C:\Program\jouououoi


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Ovo uradi, pa mi taj log daj.

offline
  • ivan.b 
  • Novi MyCity građanin
  • Pridružio: 24 Sep 2008
  • Poruke: 11

Evo odgovora :

ComboFix 08-09-22.06 - Ivan Bosnjak 2008-09-24 21:14:36.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1053.18.1537 [GMT 2:00]
Running from: C:\Documents and Settings\Ivan Bosnjak\Skrivbord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ivan Bosnjak\Skrivbord\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program\jouououoi
C:\Program\jouououoi\mmm.exe
C:\Program\jouououoi\sptcontmenu.dll3

.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.

2008-09-24 21:00 . 2008-09-24 21:02 <KAT> d-------- C:\MetaStock Pro
2008-09-24 20:40 . 1999-09-16 20:58 344,064 --a------ C:\WINDOWS\system32\OLVI70.dll
2008-09-24 20:40 . 1999-09-16 20:41 184,320 --a------ C:\WINDOWS\system32\msfl70.dll
2008-09-24 15:03 . 2008-09-24 15:03 <KAT> dr------- C:\Documents and Settings\LocalService\Favoriter
2008-09-24 13:10 . 2008-09-24 13:10 <KAT> d-------- C:\Program\Sunbelt Software
2008-09-24 13:10 . 2008-09-24 13:10 <KAT> d-------- C:\Documents and Settings\Ivan Bosnjak\Application Data\Sunbelt
2008-09-24 13:10 . 2008-09-24 13:10 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-09-24 11:11 . 2008-09-24 11:11 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar
2008-09-24 11:11 . 2008-09-24 11:11 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar
2008-09-24 11:11 . 2008-09-24 11:11 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar
2008-09-24 11:11 . 2008-09-24 11:11 <KAT> d-------- C:\Documents and Settings\Ivan Bosnjak\Lokala instõllningar
2008-09-24 02:22 . 2008-09-24 02:32 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-24 02:22 . 2008-09-24 02:22 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-24 02:21 . 2008-09-24 02:21 <KAT> d-------- C:\Program\Kaspersky Lab
2008-09-24 02:21 . 2008-09-24 20:36 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-24 02:21 . 2008-09-24 20:35 3,455,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-24 02:21 . 2008-09-24 21:13 589,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-24 02:21 . 2008-09-24 20:35 28,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-24 02:21 . 2008-09-24 21:13 3,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-24 02:03 . 2008-09-24 02:03 <KAT> d-------- C:\Program\Microsoft Windows OneCare Live
2008-09-24 01:53 . 2008-09-24 01:53 <KAT> d-------- C:\Program\Trend Micro
2008-09-24 01:44 . 2008-09-24 02:03 <KAT> d-------- C:\Program\Windows Live Safety Center
2008-09-24 01:20 . 2008-09-24 01:21 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-24 01:19 . 2008-09-24 01:19 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-09-24 01:18 . 2008-09-24 01:18 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-23 16:48 . 2008-09-24 00:07 <KAT> d-------- C:\Program\Enigma Software Group
2008-09-22 15:42 . 2008-09-22 15:47 <KAT> d-------- C:\Program\Microsoft Student
2008-09-22 15:41 . 2008-09-22 15:41 <KAT> d-------- C:\Program\Learning Essentials
2008-09-22 15:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-09-16 09:43 . 2008-09-16 09:45 <KAT> d-------- C:\Documents and Settings\Ivan Bosnjak\Application Data\vlc
2008-09-11 08:22 . 2008-09-11 08:22 <KAT> d-------- C:\Program\iTunes
2008-09-11 08:22 . 2008-09-11 08:22 <KAT> d-------- C:\Program\iPod
2008-09-11 08:21 . 2008-09-22 08:05 <KAT> d-------- C:\Program\Bonjour
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-04 11:01 . 2008-09-19 13:13 <KAT> d-------- C:\Program\Delade filer\Symantec Shared
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 19:04 --------- d-----w C:\Program\Mozilla Thunderbird
2008-09-24 18:51 --------- d-----w C:\Program\Equis
2008-09-24 14:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-24 10:42 --------- d-----w C:\Program\Delade filer\Real
2008-09-23 23:20 --------- d-----w C:\Program\Lavasoft
2008-09-23 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-23 22:09 --------- d--h--w C:\Program\InstallShield Installation Information
2008-09-23 00:33 --------- d-----w C:\Documents and Settings\Ivan Bosnjak\Application Data\BitTorrent
2008-09-22 23:39 --------- d-----w C:\Program\Yahoo!
2008-09-20 00:01 --------- d-----w C:\Program\BitTorrent
2008-09-16 07:45 --------- d-----w C:\Documents and Settings\Ivan Bosnjak\Application Data\vlc
2008-09-12 15:25 --------- d-----w C:\Documents and Settings\Ivan Bosnjak\Application Data\PowerChallenge
2008-09-11 06:20 --------- d-----w C:\Program\QuickTime
2008-09-11 06:20 --------- d-----w C:\Program\Delade filer\Apple
2008-09-10 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-04 09:07 --------- d-----w C:\Documents and Settings\Ivan Bosnjak\Application Data\Symantec
2008-08-23 14:42 --------- d-----w C:\Program\Java
2008-08-19 21:09 --------- d-----w C:\Program\Microsoft Silverlight
2008-08-18 21:31 --------- d-----w C:\Program\Delade filer\BitDefender
2008-08-18 21:31 --------- d-----w C:\Program\BitDefender
2008-08-18 21:29 --------- d-----w C:\Program\Comodo
2008-08-18 21:29 --------- d-----w C:\Documents and Settings\Ivan Bosnjak\Application Data\Comodo
2008-08-18 14:08 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-08-18 14:08 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2008-08-18 13:32 --------- d-----w C:\Program\Apple Software Update
2008-07-29 18:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-29 18:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:29 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:46 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 08:42 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-24_17.22.08.93 )))))))))))))))))))))))))))))))))))))))))
.
- 1998-10-02 17:00:48 327,168 ----a-w C:\WINDOWS\IsUninst.exe
+ 1998-10-29 14:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe
- 2008-09-24 15:01:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-24 16:01:14 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-24 15:01:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat
+ 2008-09-24 16:01:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat
- 2004-08-04 12:00:00 199,168 -c--a-w C:\WINDOWS\system32\ir32_32.dll
+ 1995-11-07 10:46:00 199,168 -c--a-w C:\WINDOWS\system32\ir32_32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"ccleaner"="C:\Program\CCleaner\ccleaner.exe" [2008-08-22 1234160]
"ISUSPM"="C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="C:\Program\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IAAnotif"="C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"CTSysVol"="C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"DVDLauncher"="C:\Program\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-09 7110656]
"AVP"="C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
BankID s„kerhetsprogram.lnk - C:\Program\Personal\bin\Personal.exe [2008-06-17 910864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ir32"= C:\WINDOWS\system32\ir32_32.dll
"vidc.ir31"= C:\WINDOWS\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\BitTorrent\\bittorrent.exe"=
"C:\\Program\\Bonjour\\mDNSResponder.exe"=
"C:\\Program\\iTunes\\iTunes.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-03-16 33920]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
R2 NMSAccessU;NMSAccessU;C:\Program\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S2 BDVEDISK;BDVEDISK;C:\Program\BitDefender\BitDefender 2009\BDVEDISK.sys [ ]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\135A.tmp [ ]
S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys [ ]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2007-06-08 27136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-24 21:16:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet012\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\135A.tmp"
.
Completion time: 2008-09-24 21:18:06
ComboFix-quarantined-files.txt 2008-09-24 19:17:19
ComboFix2.txt 2008-09-24 16:51:32
ComboFix3.txt 2008-09-24 15:23:11

Pre-Run: 204 210 700 288 byte ledigt
Post-Run: 204,185,145,344 byte ledigt

196 --- E O F --- 2008-09-23 23:33:35

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8490
  • Gde živiš: Novi Beograd

Kakvo je sad stanje?

Ono sto ti KAV nalazi, to je back up HJT-a.

offline
  • ivan.b 
  • Novi MyCity građanin
  • Pridružio: 24 Sep 2008
  • Poruke: 11

Kaspersky je sada ovo nasao :

2008-09-24 21:23:24 Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{619781AC-CF96-4B2F-8E58-2353903809FC}\RP598\A0147029.dll

2008-09-24 21:23:24 Untreated: Heur.Trojan.Generic C:\System Volume Information\_restore{619781AC-CF96-4B2F-8E58-2353903809FC}\RP598\A0147029.dll Postponed

i nalazi puno Vulnerabilities....

Kaspersky pita sta da radi sa trojancem svaki put kada ga nadje,samo hoce u karanten da ga stavi i to se ponavlja kod svakog skeniranja.

Evo takvo je sada stanje !

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8490
  • Gde živiš: Novi Beograd

Opusteno. Sve je uredu. To je heuristika.

Uradi ovo:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore




Pa skeniraj sa Kasperskim, pa mi napisi sta kaze.

Ko je trenutno na forumu
 

Ukupno su 640 korisnika na forumu :: 26 registrovanih, 7 sakrivenih i 607 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Apok, Areal84, Atomski čoban, Cecenski_Rambo, dragon986, indja, kovinacc, Krusarac, liman, ljuba, mercedesamg, Mercury, MiGac, Najax, nobutado, ObelixSRB, Recce, royst33, segax1, Sirius, Stanlio, USSVoyager, Vlada1389, vladom6, yufighter, zexoni