Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

trojanci uklanjanje???

[es] :: Zaštita :: trojanci uklanjanje???

[ Pregleda: 4183 | Odgovora: 12 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

DejanAMD
DEJAN MEDJO
SERVISER
Republika Srpska

Član broj: 173666
Poruke: 22
91.191.10.*



Profil

icon trojanci uklanjanje???03.03.2008. u 22:44 - pre 195 meseci
Pozdrav ljudi, moze li mi neko reci sta je najbolje za uklanjanje trojanca?
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-a-1.sezampro.yu.



+3778 Profil

icon Re: trojanci uklanjanje???03.03.2008. u 23:18 - pre 195 meseci
Zavisi koji trojanac. U globalu se do sad dosta kod mene dobro pokazao Kasperski antivirus (koristim online scanner za dijagnostiku ali online scanner je dobar pokazatelj koliko je full Kasperski antivirus dobar) + nekoliko dodatnih alata od kojih bih izdvojio HiJackThis i Combofix. Combofix ne koristiti na svoju ruku osim za osnovni sken (ostalo uz iskljucivo uz uputstva naprednijih korisnika osim ako nemate nista protiv toga da ubijete Windows na mrtvo eksperimentisuci sa Combofix skriptama), a HiJackThis koristiti iskljucivo uz uputstva iskusnijih dok se ne udje u fazon... Ima i dosta dobrih tutorijala za HiJackThis na netu pa ko je zainteresovan neka izvoli Googlati Za Combofix na zalost nema... Takodje mogu pomoci dodatni antispyware alati kao sto su Spybot Search and Destroy, SUPERantispyware i AVG Antispyware...
 
Odgovor na temu

hajduk7

Član broj: 132919
Poruke: 435
91.148.90.*



+3 Profil

icon Re: trojanci uklanjanje???04.03.2008. u 02:39 - pre 195 meseci
trojanci uglavnom imaju cudne nazive tako najpre treba videti dal je neki cudan fajl pokrenut u procese zapisati njegovo ime pa ga onda iskljuciti iz procese i posle obrisati fajl
Ako te snadje muka pozovi hajduka
Pazi se hajduka ako ga snjadje muka
 
Odgovor na temu

nibleri
mostar

Član broj: 47962
Poruke: 598
89.146.188.*



Profil

icon Re: trojanci uklanjanje???05.03.2008. u 10:28 - pre 195 meseci
menio se dešaje ovo kad hoću da otvorim neku particiju



RavMon.exe

molim pomoć
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-a-1.sezampro.yu.



+3778 Profil

icon Re: trojanci uklanjanje???05.03.2008. u 23:07 - pre 195 meseci
@nibleri

HiJackThis i Combofix ce pomoci ako je to ono sto ja mislim da jeste. Skini ih odradi prvo jedan pa drugi sken i posle okachi logove da vidimo sta te muci...
 
Odgovor na temu

nibleri
mostar

Član broj: 47962
Poruke: 598
*.PPPoE-7970.sa.bih.net.ba.



Profil

icon Re: trojanci uklanjanje???05.03.2008. u 23:47 - pre 195 meseci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:46:23, on 6.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ba/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://nibleri.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4827 bytes
 
Odgovor na temu

nibleri
mostar

Član broj: 47962
Poruke: 598
*.PPPoE-7970.sa.bih.net.ba.



Profil

icon Re: trojanci uklanjanje???06.03.2008. u 00:13 - pre 195 meseci
ComboFix 08-03-05.1 - nibleri 2008-03-06 1:08:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.277 [GMT 1:00]
Running from: C:\Documents and Settings\nibleri\Desktop\ComboFix.exe
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.

2008-03-06 00:37 . 2008-03-06 00:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-05 23:51 . 2008-03-05 23:51 <DIR> d-------- C:\WINDOWS\Sun
2008-03-05 23:14 . 2008-03-06 01:10 <DIR> d-------- C:\Documents and Settings\nibleri\Application Data\Skype
2008-03-05 23:12 . 2008-03-05 23:12 <DIR> d-------- C:\Program Files\Skype
2008-03-05 23:12 . 2008-03-05 23:12 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-05 23:11 . 2008-03-05 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-03-05 23:00 . 2008-03-05 23:00 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-05 22:59 . 2008-03-05 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-05 22:58 . 2008-03-05 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-03-05 22:54 . 2005-06-03 03:52 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-03-05 22:53 . 2008-03-05 22:54 <DIR> d-------- C:\Program Files\Java
2008-03-05 22:53 . 2008-03-05 22:53 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-05 22:44 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-05 22:41 . 2008-03-05 22:41 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-05 22:41 . 2008-03-05 22:41 <DIR> d-------- C:\Documents and Settings\nibleri\Application Data\Lavasoft
2008-03-05 22:37 . 2004-06-23 18:26 1,994,752 --------- C:\WINDOWS\UNNMP.exe
2008-03-05 22:37 . 2004-08-05 12:47 52,478 --------- C:\WINDOWS\UNNMP.cfg
2008-03-05 22:35 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-05 22:33 . 2008-03-05 22:34 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-05 22:33 . 2008-03-05 22:36 <DIR> d-------- C:\Program Files\Ahead
2008-03-05 22:33 . 2008-03-05 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-05 22:33 . 2004-06-23 18:26 1,994,752 --------- C:\WINDOWS\UNNeroVision.exe
2008-03-05 22:33 . 2001-07-06 14:41 569,344 --------- C:\WINDOWS\system32\imagr5.dll
2008-03-05 22:33 . 2001-07-06 12:44 544,768 --------- C:\WINDOWS\system32\imagx5.dll
2008-03-05 22:33 . 2001-07-06 18:24 283,920 --------- C:\WINDOWS\system32\ImagXpr5.dll
2008-03-05 22:33 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-03-05 22:33 . 2004-08-05 12:47 98,728 --------- C:\WINDOWS\UNNeroVision.cfg
2008-03-05 22:33 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-03-05 22:33 . 2001-03-08 19:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-03-05 22:24 . 2008-03-05 22:24 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-05 22:17 . 2008-03-05 22:17 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-05 22:17 . 2008-03-05 22:38 <DIR> d-------- C:\Documents and Settings\nibleri\Contacts
2008-03-05 22:17 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-03-05 22:17 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-03-05 22:17 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-03-05 22:17 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-03-05 22:17 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-03-05 22:16 . 2008-03-05 22:16 <DIR> d-------- C:\Program Files\IVT Corporation
2008-03-05 22:08 . 2008-03-05 22:16 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-05 22:07 . 2008-03-05 22:19 <DIR> d-------- C:\Program Files\Windows Live
2008-03-05 22:07 . 2008-03-05 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-05 22:06 . 2008-03-05 22:06 <DIR> d-------- C:\totalcmd
2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\UC.PIF
2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\RAR.PIF
2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\LHA.PIF
2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\ARJ.PIF
2008-03-05 22:06 . 2008-03-05 23:11 401 --a------ C:\WINDOWS\wincmd.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 21:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-05 21:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-05 20:48 --------- d-----w C:\Program Files\Canon
2008-03-05 20:47 --------- d-----w C:\Program Files\Common Files\Canon
2008-03-05 20:44 --------- d-----w C:\Program Files\Visioneer OneTouch
2008-03-05 20:42 --------- d-----w C:\Program Files\ScanSoft
2008-03-05 20:42 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-03-05 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-05 20:29 --------- d-----w C:\Program Files\ASUSTeK
2008-03-05 19:31 --------- d-----w C:\Program Files\microsoft frontpage
.
[color=red]Files Infected - Win32.Agent.zb[/color]
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPWebCap"="C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2000-03-01 09:37 48128]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 06:35 4603904]
"nwiz"="nwiz.exe" [2004-09-30 06:35 921600 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 06:35 86016]
"OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [2000-06-19 12:53 69632]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-03-05 22:51 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52 36975]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-06-30 02:49]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]

*Newly Created Service* - AVGASCLN
*Newly Created Service* - BLUESOLEIL_HID_SERVICE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 01:10:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-06 1:11:40
.
2008-03-05 21:14:00 --- E O F ---
 
Odgovor na temu

nibleri
mostar

Član broj: 47962
Poruke: 598
*.PPPoE-2611.sa.bih.net.ba.



Profil

icon Re: trojanci uklanjanje???06.03.2008. u 10:17 - pre 195 meseci
izgleda da su meni bile inficirane particije D, E i F


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:35:49 5.3.2008

+ Scan result:



C:\Documents and Settings\nibleri\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\nibleri\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\nibleri\Cookies\nibleri@skype[1].txt -> TrackingCookie.Skype : Cleaned.
D:\AutoRun.inf -> Trojan.Agent.abt : Cleaned.
E:\AutoRun.inf -> Trojan.Agent.abt : Cleaned.
F:\AutoRun.inf -> Trojan.Agent.abt : Cleaned.


::Report end


od jutros


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:02:33 6.3.2008

+ Scan result:



C:\Documents and Settings\nibleri\Cookies\nibleri@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\nibleri\Cookies\nibleri@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\nibleri\Cookies\nibleri@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\nibleri\Cookies\nibleri@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\nibleri\Cookies\nibleri@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\nibleri\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end
 
Odgovor na temu

nibleri
mostar

Član broj: 47962
Poruke: 598
*.PPPoE-2611.sa.bih.net.ba.



Profil

icon Re: trojanci uklanjanje???06.03.2008. u 10:17 - pre 195 meseci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:12, on 6.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://nibleri.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4870 bytes
 
Odgovor na temu

nibleri
mostar

Član broj: 47962
Poruke: 598
*.PPPoE-2611.sa.bih.net.ba.



Profil

icon Re: trojanci uklanjanje???06.03.2008. u 10:19 - pre 195 meseci
ComboFix 08-03-05.1 - nibleri 2008-03-06 11:17:58.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.253 [GMT 1:00]
Running from: C:\Documents and Settings\nibleri\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.

2008-03-06 10:46 . 2008-03-06 10:46 404 --a------ C:\WINDOWS\ODBC.INI
2008-03-06 10:45 . 2008-03-06 10:45 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-06 10:42 . 2008-03-06 10:42 <DIR> d-------- C:\WINDOWS\ShellNew
2008-03-06 10:41 . 2008-03-06 10:41 <DIR> d-------- C:\Documents and Settings\nibleri\Application Data\Microsoft Web Folders
2008-03-06 09:33 . 2004-08-04 05:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-06 00:37 . 2008-03-06 00:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-05 23:51 . 2008-03-05 23:51 <DIR> d-------- C:\WINDOWS\Sun
2008-03-05 23:14 . 2008-03-06 10:49 <DIR> d-------- C:\Documents and Settings\nibleri\Application Data\Skype
2008-03-05 23:12 . 2008-03-05 23:12 <DIR> d-------- C:\Program Files\Skype
2008-03-05 23:12 . 2008-03-05 23:12 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-05 23:11 . 2008-03-05 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-03-05 22:59 . 2008-03-05 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-05 22:58 . 2008-03-05 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-03-05 22:54 . 2005-06-03 03:52 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-03-05 22:53 . 2008-03-05 22:54 <DIR> d-------- C:\Program Files\Java
2008-03-05 22:53 . 2008-03-05 22:53 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-05 22:44 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-05 22:41 . 2008-03-05 22:41 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-05 22:41 . 2008-03-05 22:41 <DIR> d-------- C:\Documents and Settings\nibleri\Application Data\Lavasoft
2008-03-05 22:37 . 2004-06-23 18:26 1,994,752 --------- C:\WINDOWS\UNNMP.exe
2008-03-05 22:37 . 2004-08-05 12:47 52,478 --------- C:\WINDOWS\UNNMP.cfg
2008-03-05 22:35 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-05 22:33 . 2008-03-05 22:34 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-05 22:33 . 2008-03-05 22:36 <DIR> d-------- C:\Program Files\Ahead
2008-03-05 22:33 . 2008-03-05 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-05 22:33 . 2004-06-23 18:26 1,994,752 --------- C:\WINDOWS\UNNeroVision.exe
2008-03-05 22:33 . 2001-07-06 14:41 569,344 --------- C:\WINDOWS\system32\imagr5.dll
2008-03-05 22:33 . 2001-07-06 12:44 544,768 --------- C:\WINDOWS\system32\imagx5.dll
2008-03-05 22:33 . 2001-07-06 18:24 283,920 --------- C:\WINDOWS\system32\ImagXpr5.dll
2008-03-05 22:33 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-03-05 22:33 . 2004-08-05 12:47 98,728 --------- C:\WINDOWS\UNNeroVision.cfg
2008-03-05 22:33 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-03-05 22:33 . 2001-03-08 19:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-03-05 22:24 . 2008-03-05 22:24 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-05 22:17 . 2008-03-05 22:17 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-05 22:17 . 2008-03-05 22:38 <DIR> d-------- C:\Documents and Settings\nibleri\Contacts
2008-03-05 22:17 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-03-05 22:17 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-03-05 22:17 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-03-05 22:17 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-03-05 22:17 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-03-05 22:16 . 2008-03-05 22:16 <DIR> d-------- C:\Program Files\IVT Corporation
2008-03-05 22:08 . 2008-03-05 22:16 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-05 22:07 . 2008-03-05 22:19 <DIR> d-------- C:\Program Files\Windows Live
2008-03-05 22:07 . 2008-03-05 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-05 22:06 . 2008-03-05 22:06 <DIR> d-------- C:\totalcmd
2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\UC.PIF
2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\RAR.PIF
2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\LHA.PIF
2008-03-05 22:06 . 2003-12-03 06:01 545 --a------ C:\WINDOWS\ARJ.PIF
2008-03-05 22:06 . 2008-03-06 01:32 401 --a------ C:\WINDOWS\wincmd.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 09:41 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-05 21:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-05 21:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-05 20:48 --------- d-----w C:\Program Files\Canon
2008-03-05 20:47 --------- d-----w C:\Program Files\Common Files\Canon
2008-03-05 20:44 --------- d-----w C:\Program Files\Visioneer OneTouch
2008-03-05 20:42 --------- d-----w C:\Program Files\ScanSoft
2008-03-05 20:42 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-03-05 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-05 20:29 --------- d-----w C:\Program Files\ASUSTeK
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPWebCap"="C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2000-03-01 09:37 48128]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 06:35 4603904]
"nwiz"="nwiz.exe" [2004-09-30 06:35 921600 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 06:35 86016]
"OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [2000-06-19 12:53 69632]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-03-05 22:51 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52 36975]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-03-05 22:16:52 1048576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-06-30 02:49]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 11:18:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-06 11:19:05
ComboFix2.txt 2008-03-06 10:11:10
ComboFix3.txt 2008-03-06 00:11:41
.
2008-03-06 08:35:54 --- E O F ---
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-a-1.sezampro.yu.



+3778 Profil

icon Re: trojanci uklanjanje???06.03.2008. u 19:55 - pre 195 meseci
Ja ovde ne vidim probleme sa malware-om osim onih sto je izbrisao AVG Anti-Spyware. Da li je problem resen?
 
Odgovor na temu

nibleri
mostar

Član broj: 47962
Poruke: 598
89.146.191.*



Profil

icon Re: trojanci uklanjanje???06.03.2008. u 21:17 - pre 195 meseci
mislim da jeste

a koliko sam ja primjetila da je HT i ComboFix očitavao sa particije C pa i nije mogao očitati ništa jer je problem bio u particijama D, E i F

u svakom slučaju hvala
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-2.sezampro.yu.



+3778 Profil

icon Re: trojanci uklanjanje???06.03.2008. u 21:53 - pre 195 meseci
Combofix bi trebalo da skenira sve particije, ili bar u nekim okolnostima, dok HiJackThis skenira aktivne procese ma gde oni bili. Vazno je da si resila problem. I ja koristim AVG Anti-Spyware i dobar je...
 
Odgovor na temu

[es] :: Zaštita :: trojanci uklanjanje???

[ Pregleda: 4183 | Odgovora: 12 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.