MyCity » Ambulanta -> Arhiva Ambulante » virtumonde, trojanci i svasta nesto

virtumonde, trojanci i svasta nesto

Napisano na dan: 18.6.2009

virtumonde, trojanci i svasta nesto
Sledeća strana Pagination

Idi na vrh

Poslao: 18 Jun 2009 18:01
Idi na vrh
offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

Napisano: 18 Jun 2009 17:59

problem sa kompom!
ne moze da se instalira ni jedan drajver za hardware, tipa kad ubacim fles ili spojim stampac on mi pokrece onaj wizard (found new hardware) i ne moze nista dalje
sta raditi
ako moze provera loga... pozz


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:15 PM, on 6/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O24 - Desktop Component 0: (no name) - upload.wikimedia.org/wikipedia/commons/thum.....ia.svg.png

--
End of file - 9454 bytes

Dopuna: 18 Jun 2009 18:01

e i zaboravio sam da kazem

skenirao sam i sa spy botom
nasao je nekoliko virusa, valjda su ocisceni mada cisto sumnjam

Poslao: 18 Jun 2009 22:16
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


To što pominješ teško da je problem za Ambulantu, no pošto kažeš da je malware postojao, odradićemo još jednu proveru.





Arrow Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Poslao: 20 Jun 2009 21:11
Idi na vrh
offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

pre svega izvinjavam se sto kasnim sa odgovorom
evo log

ComboFix 09-06-20.01 - Pavic Marko i Bane 06/20/2009 21:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.555 [GMT 2:00]
Running from: c:\documents and settings\Pavic Marko i Bane\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pavic Marko i Bane\Desktop\ZILE\Zile Uzivo\Desktop_.ini
c:\windows\system32\_000006_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.

2009-06-17 14:19 . 2009-06-17 14:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-06-17 13:36 . 2009-06-17 13:36 -------- d-----w- c:\documents and settings\Pavic Marko i Bane\Local Settings\Application Data\Help
2009-06-17 13:32 . 2001-08-17 20:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-06-17 13:26 . 2009-06-17 19:07 -------- d-----w- c:\program files\Lexmark X1100 Series
2009-06-16 20:09 . 2009-06-16 20:09 -------- d-----w- c:\documents and settings\Pavic Marko i Bane\Local Settings\Application Data\ESET
2009-06-16 19:34 . 2009-06-16 19:34 -------- d-----w- c:\program files\Trend Micro
2009-06-16 18:25 . 2009-06-16 18:25 7168 ----a-w- c:\documents and settings\Pavic Marko i Bane\Application Data\Thinstall\TuneUp Utilities 2008\4000008c00002i\RegistryCleaner.exe
2009-06-16 18:25 . 2009-06-16 18:25 7168 ----a-w- c:\documents and settings\Pavic Marko i Bane\Application Data\Thinstall\TuneUp Utilities 2008\4000003d00002i\UpdateWizard.exe
2009-06-16 18:25 . 2009-06-16 18:25 7168 ----a-w- c:\documents and settings\Pavic Marko i Bane\Application Data\Thinstall\TuneUp Utilities 2008\1000000600002i\svchost.exe
2009-06-16 18:25 . 2009-06-16 18:25 -------- d-----w- c:\documents and settings\Pavic Marko i Bane\Application Data\Thinstall
2009-06-16 18:19 . 2009-06-16 18:19 -------- d-----w- c:\program files\ESET
2009-06-16 18:19 . 2009-06-16 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-16 17:51 . 2009-06-16 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-16 17:51 . 2009-06-16 17:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-02 12:34 . 2009-06-02 12:34 -------- d-----w- c:\documents and settings\Pavic Marko i Bane\Application Data\Vitolab
2009-06-02 11:57 . 2009-06-02 12:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-02 11:57 . 2009-06-02 12:10 -------- d-----w- c:\documents and settings\Pavic Marko i Bane\Application Data\Any Video Converter Professional
2009-06-02 11:56 . 2009-06-02 11:57 -------- d-----w- c:\program files\Any Video Converter Professional
2009-06-02 11:21 . 2009-06-02 11:25 -------- d-----w- c:\documents and settings\Pavic Marko i Bane\Application Data\Any Video Converter
2009-06-02 11:21 . 2009-06-02 11:22 -------- d-----w- c:\program files\Any Video Converter
2009-06-01 20:21 . 2009-06-01 20:21 -------- d-----w- c:\windows\Profiles
2009-06-01 20:21 . 2009-06-01 20:21 -------- d-----w- c:\windows\system32\Adobe
2009-06-01 20:21 . 2009-06-01 20:21 -------- d-----w- c:\documents and settings\Pavic Marko i Bane\Application Data\InterTrust
2009-06-01 20:21 . 1998-10-29 13:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-05-31 10:59 . 2009-05-31 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-28 08:45 . 2009-05-28 08:45 -------- d--h--r- c:\documents and settings\Pavic Marko i Bane\Application Data\SecuROM
2009-05-28 08:45 . 2009-05-28 08:45 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-20 19:06 . 2009-03-12 22:30 -------- d-----w- c:\documents and settings\Pavic Marko i Bane\Application Data\DNA
2009-06-20 08:05 . 2009-03-12 22:30 -------- d-----w- c:\program files\DNA
2009-06-19 14:58 . 2009-04-10 08:32 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-19 14:58 . 2009-04-10 08:32 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-15 13:08 . 2009-02-22 14:13 -------- d-----w- c:\program files\Mv2Player
2009-06-01 20:23 . 2009-03-07 11:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-31 19:44 . 2009-02-22 20:08 -------- d-----w- c:\program files\Folder Marker
2009-05-31 11:28 . 2009-02-22 14:27 -------- d-----w- c:\program files\Unlocker
2009-05-28 08:48 . 2009-02-22 13:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-17 09:24 . 2009-05-17 09:24 -------- d-----w- c:\program files\free-downloads.net
2009-05-17 09:24 . 2009-05-17 09:24 -------- d-----w- c:\program files\Conduit
2009-05-17 09:23 . 2009-05-17 09:23 -------- d-----w- c:\program files\Alcohol Soft
2009-05-17 09:20 . 2009-05-17 09:20 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-14 13:49 . 2009-05-14 13:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-04-22 14:14 . 2009-04-22 14:13 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-04-22 14:13 . 2009-04-22 14:13 -------- d-----w- c:\program files\DVDVideoSoft
2009-04-10 08:32 . 2009-04-10 08:32 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
.

------- Sigcheck -------

[-] 2008-04-14 03:42 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[-] 2008-04-14 03:42 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 03:42 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[-] 2008-04-14 03:42 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\dllcache\user32.dll

[-] 2008-04-14 03:42 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[-] 2008-04-14 03:42 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-04-13 22:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 03:42 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[-] 2008-04-14 03:42 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-13 22:50 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 22:50 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 22:23 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 22:23 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 03:42 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2008-04-14 03:42 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-14 03:42 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[-] 2008-04-14 03:42 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 03:42 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[-] 2008-04-14 03:42 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 03:42 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[-] 2008-04-14 03:42 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 03:42 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[-] 2008-04-14 03:42 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 03:42 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[-] 2008-04-14 03:42 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 03:42 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[-] 2008-04-14 03:42 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 03:41 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[-] 2008-04-14 03:41 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\dllcache\imm32.dll

[-] 2008-04-14 03:42 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 03:42 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 03:41 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\appmgmts.dll
[-] 2008-04-14 03:41 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\dllcache\appmgmts.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 16:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2009-03-10 09:47 2079256 ----a-w- c:\program files\free-downloads.net\tbfree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-12 321344]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-03-12 81920]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-06-01 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\COUNTER STRIKE 1.6\\Counter-Strike 1.6\\hl.exe"=

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [3/11/2009 9:05 PM 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [3/11/2009 9:05 PM 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [5/14/2009 3:49 PM 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2/22/2009 10:57 PM 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [12/17/2007 12:13 PM 523816]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2/22/2009 10:09 PM 16512]
.
Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-06-20 21:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-20 21:08
ComboFix-quarantined-files.txt 2009-06-20 19:08

Pre-Run: 13,734,744,064 bytes free
Post-Run: 13,806,518,272 bytes free

184 --- E O F --- 2009-04-30 11:34

Poslao: 20 Jun 2009 21:56
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Upload-uj sledeće file-ove:


c:\windows\system32\svchost.exe
c:\windows\system32\lsass.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\userinit.exe


Upload link: http://www.mycity.rs/ambulanta-upload.php

Poslao: 20 Jun 2009 22:24
Idi na vrh
offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

uploadovano
imam jos jedan problemcic-na fejsbuku mi stalno izlazi nesto bad request
kao server ne moze da prepozna zahtev-tj ono sto sam klikno ne znam kako to da resim

Poslao: 20 Jun 2009 22:37
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ništa maliciozno ovde nema (čisti logovi, file-ovi su ok).

Preporučio bih da za problem sa inst. drivera otvoriš temu u Windows forumu, a za ovaj drugi u forumu Internet klijenti.

MyCity » Ambulanta -> Arhiva Ambulante » virtumonde, trojanci i svasta nesto

Ko je trenutno na forumu
 

Ukupno su 1211 korisnika na forumu :: 27 registrovanih, 7 sakrivenih i 1177 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Bane san, Ben Roj, Brana01, Denaya, doloress, draganl, galijot, gmlale, ikan, krkalon, kunktator, Lieutenant, ljiljak, mercedesamg, Metanoja, Mi lao shu, Mihajlo, Oscar, pape, pein, procesor, Sirius, virked, Vlada78, vladaa012, VladaKG1980, wolverined4