Pitanje

2

Pitanje

offline
  • Pridružio: 04 Mar 2008
  • Poruke: 38
  • Gde živiš: SER

ComboFix 08-03-20.5 - ks 2008-03-24 15:10:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.974 [GMT 1:00]
Running from: C:\Documents and Settings\ks\Desktop\Bases\combofix\ComboFix.exe
Command switches used :: C:\Documents and Settings\ks\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\ks\admin.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ks\admin.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

2008-03-24 11:01 . 2008-03-24 11:01 2,855 --a------ C:\Documents and Settings\ks\admin.PIF
2008-03-23 15:04 . 2008-03-23 15:04 <DIR> d-------- C:\WINDOWS\system32\Sys
2008-03-18 21:49 . 2008-03-18 21:49 35,328 --a------ C:\WINDOWS\system32\COMCT332.oca
2008-03-17 14:47 . 2008-03-17 14:47 348,160 --a------ C:\WINDOWS\system32\FM20.oca
2008-03-16 14:48 . 2008-03-16 14:48 <DIR> d-------- C:\New Folder
2008-03-15 09:37 . 2008-03-15 14:42 <DIR> d-------- C:\Documents and Settings\ks\Application Data\Beyond
2008-03-14 12:38 . 2008-03-14 12:38 <DIR> d-------- C:\Documents and Settings\ks\Application Data\Ubisoft
2008-03-14 12:38 . 2008-03-14 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-14 12:14 . 2008-03-14 12:14 <DIR> d-------- C:\Documents and Settings\ks\Application Data\InstallShield
2008-03-09 19:21 . 2008-03-09 19:21 1,363,456 --a------ C:\WINDOWS\system32\mshtml.oca
2008-03-08 15:10 . 2008-03-08 15:10 43,008 --a------ C:\WINDOWS\system32\TABCTL32.oca
2008-03-08 15:00 . 2008-03-08 15:00 265,728 --a------ C:\WINDOWS\system32\MSCOMCTL.oca
2008-03-08 15:00 . 2008-03-08 15:00 62,976 --a------ C:\WINDOWS\system32\shdocvw.oca
2008-03-08 10:31 . 2008-03-08 10:31 22,016 --a------ C:\WINDOWS\system32\MSWINSCK.oca
2008-03-07 16:54 . 2008-03-07 16:54 0 --a------ C:\sudoku.dat
2008-03-06 22:32 . 2008-03-06 22:43 <DIR> d-------- C:\Program Files\DU Meter
2008-03-06 22:32 . 2008-03-06 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-02-25 21:55 . 2008-02-25 21:55 <DIR> d-------- C:\Program Files\Web Publish
2008-02-25 21:55 . 2008-02-25 21:55 288 --a------ C:\WINDOWS\ODBC.INI
2008-02-25 21:48 . 1998-05-31 18:11 5 -ra------ C:\WINDOWS\vb98pro.mif
2008-02-25 18:56 . 2008-02-25 18:56 <DIR> d-------- C:\Documents and Settings\ks\Application Data\AKVIS LLC
2008-02-25 18:45 . 2008-02-25 19:02 <DIR> d-------- C:\Program Files\AKVIS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 14:12 52,331,808 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-24 14:12 1,644,064 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-24 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-24 14:09 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-24 13:46 --------- d-----w C:\Documents and Settings\ks\Application Data\Skype
2008-03-24 11:04 707,564 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-24 11:04 161,228 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-17 17:38 --------- d-----w C:\Program Files\Zuma Deluxe
2008-03-16 13:49 --------- d-----w C:\Program Files\Absolute Video Converter
2008-03-16 11:53 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-14 11:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-23 18:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-15 15:41 --------- d-----w C:\Program Files\Mobile Secret CodeX v1.35
2008-02-02 19:46 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-01-29 22:10 --------- d-----w C:\Program Files\MOBILedit! Forensic
2008-01-24 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-24 16:12 --------- d-----w C:\Program Files\ReflexiveArcade
2008-01-24 16:01 --------- d-----w C:\Program Files\Winamp
2001-09-28 16:00 164,864 ----a-w C:\WINDOWS\Fonts\UNWISE.EXE
.

Dopuna: 24 Mar 2008 19:30

evo i loga iz Gmer-a,kasperski se nesto cudno ponasa ???

GMER 1.0.14.14205 - gmer.net
Rootkit scan 2008-03-24 19:28:07
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xAB6A25B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xAB6A2660]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xAB6B0AD0]

Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 898A9420

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)

Device \FileSystem\Fastfat \Fat 893DCBF0

AttachedDevice \FileSystem\Fastfat \Fat klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Modules - GMER 1.0.14 ----

Module _________ BA6E5000-BA6FD000 (98304 bytes)

---- Threads - GMER 1.0.14 ----

Thread 4:132 8959D330
Thread 4:136 8959D330
Thread 4:140 8956EF10
Thread 4:144 8956EF10
Thread 4:148 8956EF10
Thread 4:424 8959D330
Thread 4:608 8959D330

---- EOF - GMER 1.0.14 ----

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

ComboFix log nije kompletan - iskopiraj ga opet (nalazi se na C:\ComboFix.txt).

Obriši file: C:\Documents and Settings\ks\admin.PIF



Citat:kasperski se nesto cudno ponasa ???

Preciznije... Kada? U toku Gmer skeniranja?

offline
  • Pridružio: 04 Mar 2008
  • Poruke: 38
  • Gde živiš: SER

ComboFix 08-03-20.5 - ks 2008-03-24 15:10:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.974 [GMT 1:00]
Running from: C:\Documents and Settings\ks\Desktop\Bases\combofix\ComboFix.exe
Command switches used :: C:\Documents and Settings\ks\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\ks\admin.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ks\admin.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

2008-03-24 11:01 . 2008-03-24 11:01 2,855 --a------ C:\Documents and Settings\ks\admin.PIF
2008-03-23 15:04 . 2008-03-23 15:04 <DIR> d-------- C:\WINDOWS\system32\Sys
2008-03-18 21:49 . 2008-03-18 21:49 35,328 --a------ C:\WINDOWS\system32\COMCT332.oca
2008-03-17 14:47 . 2008-03-17 14:47 348,160 --a------ C:\WINDOWS\system32\FM20.oca
2008-03-16 14:48 . 2008-03-16 14:48 <DIR> d-------- C:\New Folder
2008-03-15 09:37 . 2008-03-15 14:42 <DIR> d-------- C:\Documents and Settings\ks\Application Data\Beyond
2008-03-14 12:38 . 2008-03-14 12:38 <DIR> d-------- C:\Documents and Settings\ks\Application Data\Ubisoft
2008-03-14 12:38 . 2008-03-14 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-14 12:14 . 2008-03-14 12:14 <DIR> d-------- C:\Documents and Settings\ks\Application Data\InstallShield
2008-03-09 19:21 . 2008-03-09 19:21 1,363,456 --a------ C:\WINDOWS\system32\mshtml.oca
2008-03-08 15:10 . 2008-03-08 15:10 43,008 --a------ C:\WINDOWS\system32\TABCTL32.oca
2008-03-08 15:00 . 2008-03-08 15:00 265,728 --a------ C:\WINDOWS\system32\MSCOMCTL.oca
2008-03-08 15:00 . 2008-03-08 15:00 62,976 --a------ C:\WINDOWS\system32\shdocvw.oca
2008-03-08 10:31 . 2008-03-08 10:31 22,016 --a------ C:\WINDOWS\system32\MSWINSCK.oca
2008-03-07 16:54 . 2008-03-07 16:54 0 --a------ C:\sudoku.dat
2008-03-06 22:32 . 2008-03-06 22:43 <DIR> d-------- C:\Program Files\DU Meter
2008-03-06 22:32 . 2008-03-06 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-02-25 21:55 . 2008-02-25 21:55 <DIR> d-------- C:\Program Files\Web Publish
2008-02-25 21:55 . 2008-02-25 21:55 288 --a------ C:\WINDOWS\ODBC.INI
2008-02-25 21:48 . 1998-05-31 18:11 5 -ra------ C:\WINDOWS\vb98pro.mif
2008-02-25 18:56 . 2008-02-25 18:56 <DIR> d-------- C:\Documents and Settings\ks\Application Data\AKVIS LLC
2008-02-25 18:45 . 2008-02-25 19:02 <DIR> d-------- C:\Program Files\AKVIS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 14:12 52,331,808 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-24 14:12 1,644,064 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-24 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-24 14:09 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-24 13:46 --------- d-----w C:\Documents and Settings\ks\Application Data\Skype
2008-03-24 11:04 707,564 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-24 11:04 161,228 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-17 17:38 --------- d-----w C:\Program Files\Zuma Deluxe
2008-03-16 13:49 --------- d-----w C:\Program Files\Absolute Video Converter
2008-03-16 11:53 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-14 11:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-23 18:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-15 15:41 --------- d-----w C:\Program Files\Mobile Secret CodeX v1.35
2008-02-02 19:46 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-01-29 22:10 --------- d-----w C:\Program Files\MOBILedit! Forensic
2008-01-24 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-24 16:12 --------- d-----w C:\Program Files\ReflexiveArcade
2008-01-24 16:01 --------- d-----w C:\Program Files\Winamp
2001-09-28 16:00 164,864 ----a-w C:\WINDOWS\Fonts\UNWISE.EXE
.

Dopuna: 25 Mar 2008 11:10

to je kompletan log,a Kasperski se malo usporio kod podizanja...

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Hajde da odradimo još jedno skeniranje...



Preuzmi Dr.Web CureIt (~9 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)

Dvoklikom pokreni cureit.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu


Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

offline
  • Pridružio: 04 Mar 2008
  • Poruke: 38
  • Gde živiš: SER

evo loga DR.web

psexec.cfexe;C:\ComboFix;Program.PsExec.171;;
PersoBuilder_v1[1].02.exe;C:\Documents and Settings\ks\My Documents;Trojan.Hooker.21038;Deleted.;
SteamGEN.006;C:\WINDOWS\system32\Sys;Program.Ardamax;Incurable.Moved.;
SteamGEN.007;C:\WINDOWS\system32\Sys;Program.Ardamax;Incurable.Moved.;
SteamGEN.exe;C:\WINDOWS\system32\Sys;Program.Ardamax;Incurable.Moved.;
Air_Strike_3D_II_Gulf_Thunder_(zabranjeno).exe;E:\;Tool.ASEye.2;Incurable.Moved.;

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

offline
  • Pridružio: 04 Mar 2008
  • Poruke: 38
  • Gde živiš: SER

Hvala puno
pozdrav

Ko je trenutno na forumu
 

Ukupno su 1025 korisnika na forumu :: 22 registrovanih, 6 sakrivenih i 997 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ccoogg123, cenejac111, darkojbn, HogarStrashni, hyla, ikan, Istman, JOntra, jukeboxer, ladro, loon123, mean_machine, Mendonca, Mi lao shu, Milan A. Nikolic, Oscar2, Skywhaler, SlaKoj, Tvrtko I, virked, voja64