[ DejanAMD @ 03.03.2008. 22:44 ] @
| Pozdrav ljudi, moze li mi neko reci sta je najbolje za uklanjanje trojanca? |
|
[ Binary Mind @ 03.03.2008. 23:18 ] @
Zavisi koji trojanac. U globalu se do sad dosta kod mene dobro pokazao Kasperski antivirus (koristim online scanner za dijagnostiku ali online scanner je dobar pokazatelj koliko je full Kasperski antivirus dobar) + nekoliko dodatnih alata od kojih bih izdvojio HiJackThis i Combofix. Combofix ne koristiti na svoju ruku osim za osnovni sken (ostalo uz iskljucivo uz uputstva naprednijih korisnika osim ako nemate nista protiv toga da ubijete Windows na mrtvo
 eksperimentisuci sa Combofix skriptama), a HiJackThis koristiti iskljucivo uz uputstva iskusnijih dok se ne udje u fazon... Ima i dosta dobrih tutorijala za HiJackThis na netu pa ko je zainteresovan neka izvoli Googlati Za Combofix na zalost nema... Takodje mogu pomoci dodatni antispyware alati kao sto su Spybot Search and Destroy, SUPERantispyware i AVG Antispyware... [ hajduk7 @ 04.03.2008. 02:39 ] @
trojanci uglavnom imaju cudne nazive tako najpre treba videti dal je neki cudan fajl pokrenut u procese zapisati njegovo ime pa ga onda iskljuciti iz procese i posle obrisati fajl
[ nibleri @ 05.03.2008. 10:28 ] @
menio se dešaje ovo kad hoću da otvorim neku particiju
 RavMon.exe molim pomoć [ Binary Mind @ 05.03.2008. 23:07 ] @
@nibleri
HiJackThis i Combofix ce pomoci ako je to ono sto ja mislim da jeste. Skini ih odradi prvo jedan pa drugi sken i posle okachi logove da vidimo sta te muci... [ nibleri @ 05.03.2008. 23:47 ] @
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:46:23, on 6.3.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\VISION~1\ONETOU~2.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\totalcmd\TOTALCMD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\msiexec.exe C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ba/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BlueSoleil.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://nibleri.spaces.live.com/PhotoUpload/MsnPUpld.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4827 bytes [ nibleri @ 06.03.2008. 00:13 ] @
ComboFix 08-03-05.1 - nibleri 2008-03-06 1:08:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.277 [GMT 1:00] Running from: C:\Documents and Settings\nibleri\Desktop\ComboFix.exe * Created a new restore point [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . ((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))) . 2008-03-06 00:37 . 2008-03-06 00:37 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-05 23:51 . 2008-03-05 23:51 <DIR> d-------- C:\WINDOWS\Sun 2008-03-05 23:14 . 2008-03-06 01:10 <DIR> d-------- C:\Documents and Settings\nibleri\Application Data\Skype 2008-03-05 23:12 . 2008-03-05 23:12 <DIR> d-------- C:\Program Files\Skype 2008-03-05 23:12 . 2008-03-05 23:12 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-03-05 23:11 . 2008-03-05 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-03-05 23:00 . 2008-03-05 23:00 <DIR> d-------- C:\WINDOWS\LastGood 2008-03-05 22:59 . 2008-03-05 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-05 22:58 . 2008-03-05 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-03-05 22:54 . 2005-06-03 03:52 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl 2008-03-05 22:53 . 2008-03-05 22:54 <DIR> d-------- C:\Program Files\Java 2008-03-05 22:53 . 2008-03-05 22:53 <DIR> d-------- C:\Program Files\Common Files\Java 2008-03-05 22:44 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-05 22:41 . 2008-03-05 22:41 <DIR> d-------- C:\Program Files\Lavasoft 2008-03-05 22:41 . 2008-03-05 22:41 <DIR> d-------- C:\Documents and Settings\nibleri\Application Data\Lavasoft 2008-03-05 22:37 . 2004-06-23 18:26 1,994,752 --------- C:\WINDOWS\UNNMP.exe 2008-03-05 22:37 . 2004-08-05 12:47 52,478 --------- C:\WINDOWS\UNNMP.cfg 2008-03-05 22:35 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-03-05 22:33 . 2008-03-05 22:34 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-03-05 22:33 . 2008-03-05 22:36 <DIR> d-------- C:\Program Files\Ahead 2008-03-05 22:33 . 2008-03-05 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead 2008-03-05 22:33 . 2004-06-23 18:26 1,994,752 --------- C:\WINDOWS\UNNeroVision.exe 2008-03-05 22:33 . 2001-07-06 14:41 569,344 --------- C:\WINDOWS\system32\imagr5.dll 2008-03-05 22:33 . 2001-07-06 12:44 544,768 --------- C:\WINDOWS\system32\imagx5.dll 2008-03-05 22:33 . 2001-07-06 18:24 283,920 --------- C:\WINDOWS\system32\ImagXpr5.dll 2008-03-05 22:33 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-03-05 22:33 . 2004-08-05 12:47 98,728 --------- C:\WINDOWS\UNNeroVision.cfg 2008-03-05 22:33 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll 2008-03-05 22:33 . 2001-03-08 19:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-03-05 22:24 . 2008-03-05 22:24 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-03-05 22:17 . 2008-03-05 22:17 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-03-05 22:17 . 2008-03-05 22:38 <DIR> d-------- C:\Documents and Settings\nibleri\Contacts 2008-03-05 22:17 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax 2008-03-05 22:17 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax 2008-03-05 22:17 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll 2008-03-05 22:17 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax 2008-03-05 22:17 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax 2008-03-05 22:16 . 2008-03-05 22:16 <DIR> d-------- C:\Program Files\IVT Corporation 2008-03-05 22:08 . 2008-03-05 22:16 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-05 22:07 . 2008-03-05 22:19 <DIR> d-------- C:\Program Files\Windows Live 2008-03-05 22:07 . 2008-03-05 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-05 22:06 . 2008-03-05 22:06 <DIR> d-------- C:\totalcmd 2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\UC.PIF 2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\RAR.PIF 2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\LHA.PIF 2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\ARJ.PIF 2008-03-05 22:06 . 2008-03-05 23:11 401 --a------ C:\WINDOWS\wincmd.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-05 21:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-05 21:15 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-05 20:48 --------- d-----w C:\Program Files\Canon 2008-03-05 20:47 --------- d-----w C:\Program Files\Common Files\Canon 2008-03-05 20:44 --------- d-----w C:\Program Files\Visioneer OneTouch 2008-03-05 20:42 --------- d-----w C:\Program Files\ScanSoft 2008-03-05 20:42 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared 2008-03-05 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-03-05 20:29 --------- d-----w C:\Program Files\ASUSTeK 2008-03-05 19:31 --------- d-----w C:\Program Files\microsoft frontpage . [color=red]Files Infected - Win32.Agent.zb[/color] . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PPWebCap"="C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2000-03-01 09:37 48128] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 06:35 4603904] "nwiz"="nwiz.exe" [2004-09-30 06:35 921600 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 06:35 86016] "OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [2000-06-19 12:53 69632] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-03-05 22:51 6731312] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52 36975] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:56 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-06-30 02:49] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31] *Newly Created Service* - AVGASCLN *Newly Created Service* - BLUESOLEIL_HID_SERVICE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-06 01:10:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-06 1:11:40 . 2008-03-05 21:14:00 --- E O F --- [ nibleri @ 06.03.2008. 10:17 ] @
izgleda da su meni bile inficirane particije D, E i F
AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 23:35:49 5.3.2008 + Scan result: C:\Documents and Settings\nibleri\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\nibleri\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Cleaned. C:\Documents and Settings\nibleri\Cookies\nibleri@skype[1].txt -> TrackingCookie.Skype : Cleaned. D:\AutoRun.inf -> Trojan.Agent.abt : Cleaned. E:\AutoRun.inf -> Trojan.Agent.abt : Cleaned. F:\AutoRun.inf -> Trojan.Agent.abt : Cleaned. ::Report end od jutros AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 11:02:33 6.3.2008 + Scan result: C:\Documents and Settings\nibleri\Cookies\nibleri@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\nibleri\Cookies\nibleri@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\nibleri\Cookies\nibleri@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\nibleri\Cookies\nibleri@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\nibleri\Cookies\nibleri@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\nibleri\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end [ nibleri @ 06.03.2008. 10:17 ] @
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:12, on 6.3.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\VISION~1\ONETOU~2.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ba/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://nibleri.spaces.live.com/PhotoUpload/MsnPUpld.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4870 bytes [ nibleri @ 06.03.2008. 10:19 ] @
ComboFix 08-03-05.1 - nibleri 2008-03-06 11:17:58.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.253 [GMT 1:00] Running from: C:\Documents and Settings\nibleri\Desktop\ComboFix.exe [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . ((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))) . 2008-03-06 10:46 . 2008-03-06 10:46 404 --a------ C:\WINDOWS\ODBC.INI 2008-03-06 10:45 . 2008-03-06 10:45 <DIR> d-------- C:\WINDOWS\LastGood 2008-03-06 10:42 . 2008-03-06 10:42 <DIR> d-------- C:\WINDOWS\ShellNew 2008-03-06 10:41 . 2008-03-06 10:41 <DIR> d-------- C:\Documents and Settings\nibleri\Application Data\Microsoft Web Folders 2008-03-06 09:33 . 2004-08-04 05:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-03-06 00:37 . 2008-03-06 00:37 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-05 23:51 . 2008-03-05 23:51 <DIR> d-------- C:\WINDOWS\Sun 2008-03-05 23:14 . 2008-03-06 10:49 <DIR> d-------- C:\Documents and Settings\nibleri\Application Data\Skype 2008-03-05 23:12 . 2008-03-05 23:12 <DIR> d-------- C:\Program Files\Skype 2008-03-05 23:12 . 2008-03-05 23:12 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-03-05 23:11 . 2008-03-05 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-03-05 22:59 . 2008-03-05 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-05 22:58 . 2008-03-05 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-03-05 22:54 . 2005-06-03 03:52 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl 2008-03-05 22:53 . 2008-03-05 22:54 <DIR> d-------- C:\Program Files\Java 2008-03-05 22:53 . 2008-03-05 22:53 <DIR> d-------- C:\Program Files\Common Files\Java 2008-03-05 22:44 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-05 22:41 . 2008-03-05 22:41 <DIR> d-------- C:\Program Files\Lavasoft 2008-03-05 22:41 . 2008-03-05 22:41 <DIR> d-------- C:\Documents and Settings\nibleri\Application Data\Lavasoft 2008-03-05 22:37 . 2004-06-23 18:26 1,994,752 --------- C:\WINDOWS\UNNMP.exe 2008-03-05 22:37 . 2004-08-05 12:47 52,478 --------- C:\WINDOWS\UNNMP.cfg 2008-03-05 22:35 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-03-05 22:33 . 2008-03-05 22:34 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-03-05 22:33 . 2008-03-05 22:36 <DIR> d-------- C:\Program Files\Ahead 2008-03-05 22:33 . 2008-03-05 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead 2008-03-05 22:33 . 2004-06-23 18:26 1,994,752 --------- C:\WINDOWS\UNNeroVision.exe 2008-03-05 22:33 . 2001-07-06 14:41 569,344 --------- C:\WINDOWS\system32\imagr5.dll 2008-03-05 22:33 . 2001-07-06 12:44 544,768 --------- C:\WINDOWS\system32\imagx5.dll 2008-03-05 22:33 . 2001-07-06 18:24 283,920 --------- C:\WINDOWS\system32\ImagXpr5.dll 2008-03-05 22:33 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-03-05 22:33 . 2004-08-05 12:47 98,728 --------- C:\WINDOWS\UNNeroVision.cfg 2008-03-05 22:33 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll 2008-03-05 22:33 . 2001-03-08 19:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-03-05 22:24 . 2008-03-05 22:24 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-03-05 22:17 . 2008-03-05 22:17 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-03-05 22:17 . 2008-03-05 22:38 <DIR> d-------- C:\Documents and Settings\nibleri\Contacts 2008-03-05 22:17 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax 2008-03-05 22:17 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax 2008-03-05 22:17 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll 2008-03-05 22:17 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax 2008-03-05 22:17 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax 2008-03-05 22:16 . 2008-03-05 22:16 <DIR> d-------- C:\Program Files\IVT Corporation 2008-03-05 22:08 . 2008-03-05 22:16 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-05 22:07 . 2008-03-05 22:19 <DIR> d-------- C:\Program Files\Windows Live 2008-03-05 22:07 . 2008-03-05 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-05 22:06 . 2008-03-05 22:06 <DIR> d-------- C:\totalcmd 2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\UC.PIF 2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\RAR.PIF 2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\LHA.PIF 2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\ARJ.PIF 2008-03-05 22:06 . 2008-03-06 01:32 401 --a------ C:\WINDOWS\wincmd.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-06 09:41 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-05 21:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-05 21:15 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-05 20:48 --------- d-----w C:\Program Files\Canon 2008-03-05 20:47 --------- d-----w C:\Program Files\Common Files\Canon 2008-03-05 20:44 --------- d-----w C:\Program Files\Visioneer OneTouch 2008-03-05 20:42 --------- d-----w C:\Program Files\ScanSoft 2008-03-05 20:42 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared 2008-03-05 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-03-05 20:29 --------- d-----w C:\Program Files\ASUSTeK 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PPWebCap"="C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2000-03-01 09:37 48128] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 06:35 4603904] "nwiz"="nwiz.exe" [2004-09-30 06:35 921600 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 06:35 86016] "OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [2000-06-19 12:53 69632] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-03-05 22:51 6731312] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52 36975] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696] BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-03-05 22:16:52 1048576] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56 65588] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-06-30 02:49] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-06 11:18:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-06 11:19:05 ComboFix2.txt 2008-03-06 10:11:10 ComboFix3.txt 2008-03-06 00:11:41 . 2008-03-06 08:35:54 --- E O F --- [ Binary Mind @ 06.03.2008. 19:55 ] @
Ja ovde ne vidim probleme sa malware-om osim onih sto je izbrisao AVG Anti-Spyware. Da li je problem resen?
[ nibleri @ 06.03.2008. 21:17 ] @
mislim da jeste
a koliko sam ja primjetila da je HT i ComboFix očitavao sa particije C pa i nije mogao očitati ništa jer je problem bio u particijama D, E i F u svakom slučaju hvala [ Binary Mind @ 06.03.2008. 21:53 ] @
Combofix bi trebalo da skenira sve particije, ili bar u nekim okolnostima, dok HiJackThis skenira aktivne procese ma gde oni bili. Vazno je da si resila problem. I ja koristim AVG Anti-Spyware i dobar je...
Copyright (C) 2001-2025 by www.elitesecurity.org. All rights reserved.
|