pomoc oko trojanca

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:38, on 18.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PeerWeb DC++\PeerWeb DC++.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\vuk\Desktop\dog\TR3.exe..exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 3682 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...


Čime je malware detektovan i kako glasi naziv detektovanog file-a?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 19 Apr 2009 15:09

a-squared(emsi sofware) trojan.win32.agent!ik(a u pod fajlovima su neki numerisani procesi(28 komada),a u produzetku C:\WINDOWS\system32\kernel32.dll


virus.win32.messoum!ik isto kao i predhodno samo 2 procesa,a u produzetku C:\WINDOWS\system32\dmserver.dll i C:\WINDOWS\system32\wuauserv.dll

Dopuna: 19 Apr 2009 15:13

kad probam da ih bacim u karantin restartuje mi komp i daje mi opciju podizanja sistema u safe modu

Dopuna: 19 Apr 2009 15:14

avast ne nalazi nista

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings....

U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK.

Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.


Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.





Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-04-19.05 - vuk 19.04.2009 20:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.495.251 [GMT 2:00]
Running from: c:\documents and settings\vuk\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090419-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-19 13:16 . 2009-04-19 13:16 -------- d-----w c:\documents and settings\vuk\Application Data\BSplayer Pro
2009-04-18 22:27 . 2009-04-18 22:27 -------- d-----w c:\documents and settings\vuk\Local Settings\Application Data\Mozilla
2009-04-18 20:07 . 2005-08-25 23:50 77312 ----a-w c:\windows\system32\ztvunace26.dll
2009-04-18 20:07 . 2006-06-19 11:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll
2009-04-18 20:07 . 2006-05-25 13:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll
2009-04-18 20:07 . 2002-03-05 23:00 75264 ----a-w c:\windows\system32\unacev2.dll
2009-04-18 20:07 . 2003-02-02 18:06 153088 ----a-w c:\windows\system32\UNRAR3.dll
2009-04-18 20:07 . 2009-04-18 20:07 -------- d-----w c:\documents and settings\vuk\Application Data\Simply Super Software
2009-04-18 20:07 . 2009-04-18 20:07 -------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2009-04-18 16:34 . 2009-04-18 16:34 -------- d-----w c:\documents and settings\vuk\Local Settings\Application Data\Identities
2009-04-18 09:00 . 2009-04-18 09:00 -------- d-----w c:\documents and settings\vuk\Application Data\Uniblue
2009-04-16 17:01 . 2009-04-16 17:01 -------- d-----w c:\documents and settings\vuk\Application Data\URSoft
2009-04-16 17:00 . 2009-04-18 20:23 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-16 16:17 . 2009-04-19 13:09 519651328 ----a-w c:\windows\MEMORY.DMP
2009-04-16 15:10 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-16 15:08 . 2009-02-06 17:24 2180480 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-16 15:08 . 2009-02-06 16:49 2015744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-16 15:08 . 2009-02-06 16:49 2057728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-16 15:08 . 2009-02-06 17:22 2136064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-16 15:08 . 2008-10-24 11:10 453632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-16 14:55 . 2004-08-03 22:56 45056 -c--a-w c:\windows\system32\dllcache\ssinc51.dll
2009-04-16 14:54 . 2001-08-23 12:00 229439 -c--a-w c:\windows\system32\dllcache\multibox.dll
2009-04-16 14:53 . 2004-08-03 20:31 811064 -c--a-w c:\windows\system32\dllcache\imjp81k.dll
2009-04-16 14:52 . 2004-08-03 21:04 78848 -c--a-w c:\windows\system32\dllcache\dayi.ime
2009-04-16 14:51 . 2001-08-23 12:00 7168 -c--a-w c:\windows\system32\dllcache\wamregps.dll
2009-04-16 14:49 . 2009-04-16 14:49 488 ---ha-r c:\windows\system32\logonui.exe.manifest
2009-04-16 14:48 . 2009-04-16 14:48 749 ---ha-r c:\windows\WindowsShell.Manifest
2009-04-16 14:48 . 2009-04-16 14:48 749 ---ha-r c:\windows\system32\wuaucpl.cpl.manifest
2009-04-16 14:48 . 2009-04-16 14:48 749 ---ha-r c:\windows\system32\sapi.cpl.manifest
2009-04-16 14:48 . 2009-04-16 14:48 749 ---ha-r c:\windows\system32\nwc.cpl.manifest
2009-04-16 14:48 . 2009-04-16 14:48 749 ---ha-r c:\windows\system32\ncpa.cpl.manifest
2009-04-12 18:59 . 2009-04-12 18:59 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-12 18:59 . 2008-11-24 11:19 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-12 18:59 . 2009-04-12 18:59 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-12 18:49 . 2009-04-12 18:49 -------- d-----w c:\documents and settings\vuk\Application Data\TuneUp Software
2009-04-12 18:48 . 2009-04-12 18:48 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-04-12 18:48 . 2009-04-12 18:48 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-12 17:34 . 2003-06-18 15:31 17920 ----a-w c:\windows\system32\mdimon.dll
2009-04-12 17:25 . 2009-04-12 17:29 -------- d--h--w c:\windows\ShellNew
2009-04-12 16:37 . 2009-04-12 16:37 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-04-12 16:32 . 2009-04-12 16:32 -------- d-----w c:\documents and settings\vuk\Application Data\AdobeUM
2009-04-12 16:31 . 2009-04-12 16:31 -------- d-----w c:\documents and settings\vuk\Local Settings\Application Data\Adobe
2009-04-12 12:06 . 2005-05-31 04:53 545 ----a-w c:\windows\UC.PIF
2009-04-12 12:06 . 2005-05-31 04:53 545 ----a-w c:\windows\RAR.PIF
2009-04-12 12:06 . 2005-05-31 04:53 545 ----a-w c:\windows\PKZIP.PIF
2009-04-12 12:06 . 2005-05-31 04:53 545 ----a-w c:\windows\PKUNZIP.PIF
2009-04-12 12:06 . 2005-05-31 04:53 545 ----a-w c:\windows\NOCLOSE.PIF
2009-04-12 12:06 . 2005-05-31 04:53 545 ----a-w c:\windows\LHA.PIF
2009-04-12 12:06 . 2005-05-31 04:53 545 ----a-w c:\windows\ARJ.PIF
2009-04-12 12:06 . 2009-04-12 12:36 263 ----a-w c:\windows\wincmd.ini
2009-04-12 12:06 . 2009-04-12 12:12 -------- d-----w C:\totalcmd
2009-04-12 11:52 . 2009-04-19 08:18 116 ----a-w c:\windows\NeroDigital.ini
2009-04-12 10:26 . 2004-12-20 18:37 20016 ----a-w c:\windows\system32\drivers\pxhelp20.sys
2009-04-12 10:26 . 2009-04-13 19:21 192 ----a-w c:\windows\winamp.ini
2009-04-12 10:24 . 2009-04-12 10:24 1172 ----a-w c:\windows\mozver.dat
2009-04-12 10:19 . 2005-03-30 16:47 49668 ----a-w c:\windows\UNNMP.cfg
2009-04-12 10:19 . 2005-02-08 11:12 2670592 ----a-w c:\windows\UNNMP.exe
2009-04-12 10:15 . 2001-07-09 09:50 155648 ----a-w c:\windows\system32\NeroCheck.exe
2009-04-12 10:12 . 2005-03-30 16:47 211802 ----a-w c:\windows\UNNeroVision.cfg
2009-04-12 10:11 . 2005-02-17 10:21 2682880 ----a-w c:\windows\UNNeroVision.exe
2009-04-12 10:11 . 2001-03-08 17:30 24064 ----a-w c:\windows\system32\msxml3a.dll
2009-04-12 10:10 . 2009-04-12 10:10 -------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-04-12 10:10 . 2004-07-09 07:43 364544 ----a-w c:\windows\system32\TwnLib4.dll
2009-04-12 10:10 . 2004-07-26 15:16 471040 ----a-w c:\windows\system32\ImagXRA7.dll
2009-04-12 10:10 . 2004-07-26 15:16 262144 ----a-w c:\windows\system32\ImagXR7.dll
2009-04-12 10:10 . 2004-07-26 15:16 476320 ----a-w c:\windows\system32\ImagXpr7.dll
2009-04-12 10:10 . 2004-07-26 15:16 1568768 ----a-w c:\windows\system32\ImagX7.dll
2009-04-12 10:10 . 2001-06-26 06:15 38912 ----a-w c:\windows\system32\picn20.dll
2009-04-12 10:10 . 2000-06-26 09:45 106496 ----a-w c:\windows\system32\TwnLib20.dll
2009-04-12 09:58 . 2009-04-12 09:58 0 ----a-w c:\windows\nsreg.dat
2009-04-12 09:55 . 2008-07-09 07:38 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-12 09:55 . 2009-04-16 16:04 -------- d--h--w c:\windows\$hf_mig$
2009-04-12 09:07 . 2009-04-17 13:24 63592 ----a-w c:\documents and settings\vuk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 13:09 . 2009-04-18 20:07 -------- d-----w c:\program files\Trojan Remover
2009-04-19 12:00 . 2009-04-14 19:03 -------- d-----w c:\program files\a-squared Free
2009-04-19 09:28 . 2009-04-12 10:08 -------- d-----w c:\program files\PeerWeb DC++
2009-04-19 08:51 . 2009-04-18 21:12 2328 ----a-w C:\rapport.txt
2009-04-18 23:57 . 2009-04-18 23:56 -------- d-----w c:\program files\Theorica Divx ;-) Codecs
2009-04-18 20:16 . 2009-04-18 15:52 -------- d-----w c:\program files\a-squared Anti-Malware
2009-04-18 20:11 . 2009-04-15 16:27 -------- d-----w c:\program files\a-squared HiJackFree
2009-04-16 17:10 . 2009-04-16 16:58 -------- d-----w c:\program files\Your Uninstaller 2008
2009-04-16 14:46 . 2009-04-12 08:07 22720 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-12 18:59 . 2009-04-12 18:48 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-12 17:30 . 2009-04-12 17:30 -------- d-----w c:\program files\Common Files\L&H
2009-04-12 17:30 . 2009-04-12 17:30 -------- d-----w c:\program files\Microsoft.NET
2009-04-12 17:29 . 2009-04-12 17:29 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-12 17:26 . 2009-04-12 17:26 -------- d-----w c:\program files\Microsoft Works
2009-04-12 16:36 . 2009-04-12 16:34 -------- d-----w c:\program files\CyberLink
2009-04-12 16:34 . 2009-04-12 16:34 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-12 16:34 . 2009-04-12 16:34 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-12 16:13 . 2009-04-12 16:13 -------- d-----w c:\program files\Common Files\Adobe
2009-04-12 15:54 . 2009-04-12 15:54 -------- d-----w c:\program files\Webteh
2009-04-12 10:29 . 2009-04-12 10:26 -------- d-----w c:\program files\Winamp
2009-04-12 10:19 . 2009-04-12 10:10 -------- d-----w c:\program files\Ahead
2009-04-12 10:15 . 2009-04-12 10:15 -------- d-----w c:\program files\Common Files\Nero
2009-04-12 10:10 . 2009-04-12 10:10 -------- d-----w c:\program files\Common Files\Ahead
2009-04-12 09:11 . 2009-04-12 08:11 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-12 08:45 . 2009-04-12 08:45 -------- d-----w c:\program files\Alwil Software
2009-04-12 08:13 . 2009-04-12 08:13 -------- d-----w c:\program files\microsoft frontpage
2009-03-06 14:44 . 2004-08-03 22:56 283648 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:30 . 2004-08-03 22:56 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:30 . 2004-08-03 22:56 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2004-08-03 22:56 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-08-03 22:56 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-08-03 22:56 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-03 22:56 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:19 . 2004-08-03 21:17 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2004-08-03 21:20 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2004-08-03 22:56 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2001-08-23 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2004-08-03 22:59 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2004-08-03 22:56 55808 ----a-w c:\windows\system32\secur32.dll
2009-04-17 22:2009-04-12 09:58 33:36 . c:\program files\mozilla firefox\components\jar50.dll
2009-04-17 22:2009-04-12 09:58 33:36 . c:\program files\mozilla firefox\components\jsd3250.dll
2009-04-17 22:2009-04-12 09:58 33:36 . c:\program files\mozilla firefox\components\myspell.dll
2009-04-17 22:2009-04-12 09:58 33:40 . c:\program files\mozilla firefox\components\spellchk.dll
2009-04-17 22:2009-04-12 09:58 33:40 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2007-08-29 474704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"=c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PeerWeb DC++\\PeerWeb DC++.exe"=

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-04-12 603904]

.
Contents of the 'Scheduled Tasks' folder

2009-04-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 14:46]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-19 20:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-19 20:40
ComboFix-quarantined-files.txt 2009-04-19 18:39

Pre-Run: 71.870.373.888 bytes free
Post-Run: 71.861.776.384 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

194 --- E O F --- 2009-04-18 16:07

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo izgleda čisto.

Izvrši skeniranje a-squared - om i postavi ovde logfile (mislim da postoji Save Report taster).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 20 Apr 2009 1:14

a-squared Free - Version 4.0
Last update: 19.4.2009 22:00:22

Scan settings:

Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 19.4.2009 22:02:50

[564] C:\WINDOWS\system32\KERNEL32.dll detected: Trojan.Win32.Agent!IK
[588] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[632] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[652] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[808] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[852] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[920] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[920] c:\windows\system32\dmserver.dll detected: Virus.Win32.Messoum!IK
[920] c:\windows\system32\wuauserv.dll detected: Virus.Win32.Messoum!IK
[964] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[1052] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[1108] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[1192] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[1424] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[1432] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[1472] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[1916] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[2012] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[2040] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[220] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[260] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[372] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[1884] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[2364] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[3148] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[2296] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
[3120] C:\WINDOWS\system32\kernel32.dll detected: Trojan.Win32.Agent!IK
c:\documents and settings\vuk\application data\bsplayer pro detected: Trace.Directory.BSplayer!A2
c:\documents and settings\vuk\application data\bsplayer pro\bsplayer.xml detected: Trace.File.BSplayer!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1580818891-854245398-1003\Software\BST\bsplayerv1 --> AppPath detected: Trace.Registry.BSplayer!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1580818891-854245398-1003\Software\BST\bsplayerv1 --> AppVer detected: Trace.Registry.BSplayer!A2
Key: HKEY_USERS\S-1-5-21-1078081533-1580818891-854245398-1003\software\kazaa detected: Trace.Registry.KaZaA!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:27 detected: Trace.TrackingCookie.www6.addfreestats.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:37 detected: Trace.TrackingCookie.doubleclick.net!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:44 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:49 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:50 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:53 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:54 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:63 detected: Trace.TrackingCookie.www.burstnet.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:68 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:69 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:70 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:71 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:72 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:83 detected: Trace.TrackingCookie.ad.httpool.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:132 detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:135 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:136 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:137 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:248 detected: Trace.TrackingCookie.zedo.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:249 detected: Trace.TrackingCookie.zedo.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:250 detected: Trace.TrackingCookie.zedo.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:251 detected: Trace.TrackingCookie.zedo.com!A2
C:\Documents and Settings\vuk\Application Data\Mozilla\Firefox\Profiles\d83s4qwv.default\cookies.txt:274 detected: Trace.TrackingCookie.statse.webtrendslive!A2

Scanned

Files: 24366
Traces: 590262
Cookies: 357
Processes: 26

Found

Files: 0
Traces: 5
Cookies: 25
Processes: 27
Registry keys: 0

Scan end: 19.4.2009 23:11:18
Scan time: 1:08:28

Dopuna: 20 Apr 2009 14:54

da izbrisem ne mogu,a kad hocu da ga bacim u karantin komp se restartuje

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Upload-uj sledeće file-ove:

C:\WINDOWS\system32\KERNEL32.dll
c:\windows\system32\dmserver.dll
c:\windows\system32\wuauserv.dll


preko ovog linka: http://www.mycity.rs/ambulanta-upload.php


-------------------------------------------------------------------------------------



Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.


Ponovo pokreni gmer.exe: Izaberi Rootkit/Malware Tab na vrhu.
Desni klik na sred forme programa. Pojaviće se menij u kojem je potrebno otići na Options i tu štiklirati opciju Only non MS files
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao fajl file3.txt

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde fajl koji smo malopre snimili.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 20 Apr 2009 19:04

C:\WINDOWS\system32\KERNEL32.dll
c:\windows\system32\dmserver.dll
c:\windows\system32\wuauserv.dll

upload-ovao sam ove fajlove

-----------------------------------------------------------------------------------------

Dopuna: 20 Apr 2009 19:50

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png


-----------------------------------------------------------------------------------------

ja ovo kao uradi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izgleda kao da dva prva skeniranja nisu odrađena pravilno.

Pokreni Gmer - odmah pri startu program će da izvrši kratkotrajno skeniranje.

Nakon toga klikni Scan. Kada skeniranje bude završeno, sačuvaj log.


Zatim klikni >>> kako bi omogućio pristup ostalim tabovima.

Pređi na Autostart tab i klikni Scan. Kada skeniranje bude završeno, sačuvaj log.


Prikači te logove uz poruku.