Sistem otkazao posle ciscenja.... Helpe! :)

1

Sistem otkazao posle ciscenja.... Helpe! :)

offline
  • Pridružio: 12 Sep 2006
  • Poruke: 15
  • Gde živiš: Nis

Cistio sam komp od virusa i koristio Spy Boot (search & destroy), NOD32, Zone Alarm......i na kraju sam pokrenuo Wise Disc Cleaner da ocisti nepotrebne podatke...

Antivirusi su pronasli par trojanaca, desetak spyware-a i toliko...
Medjutim posle restarta mi nista ne funkcionise kako treba. Ne mogu da udjem u C i D, pojedine programe vise ne mogu da pokrenem a one koje mogu mi strasno koci.
Doduse internet i Opera mi rade normalno....(cuti kad bar to radi Smile ).....
Probao sam da uradim Restore ali izgleda da sam obrisao dotadasnji backup tako da je nemoguce....

Kad probam da udjem u C ili D izbacuje mi sledeci prozor:


Evo i log hijack-a:

Logfile of HijackThis v1.97.7
Scan saved at 11:14:22 AM, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Mixa\Desktop\qwerty\ytrewq.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Run DAP (HKLM)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration (HKLM)
O9 - Extra button: Sothink SWF Catcher (HKLM)
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher (HKLM)
O9 - Extra button: ICQ6 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ6 (HKLM)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....3979977553
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Zamolio bih te da obrišeš tu prastaru verziju HijackThis-a i da zatim ispratiš uputstvo za otvaranje teme:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 12 Sep 2006
  • Poruke: 15
  • Gde živiš: Nis

I Opera i IE nece da downloaduju sa linka za HijackThis u ambulanti. Zato sam jedva uspeo da skinem verziju 2.02 i odradim sve sa njom, nadam se da je ovo Ok...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:27 AM, on 1/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....3979977553
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4211 bytes

Dopuna: 15 Jan 2009 8:17

Ima li neko resenja.....neko.....bilo ko....

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ja se izvinjavam. Bio sam ubeđen da sam već odgovorio u temi.




Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 12 Sep 2006
  • Poruke: 15
  • Gde živiš: Nis

Nisam uspeo nista da uradim, probacu da objasnim....

Ni preko opere ni preko IE mi ne prepoznaje linkove za skidanje combofixa koje si postavio, jednostavno nece da pokrene download.
Srecom ja imam neki Combo Fix od ranije, iskopirao sam ga na desktop i pokusao da pokrenem medjutim nista se ne desava. Isto mi se desava i sa Spybot, prikaze proces u Task manageru ali se ne desava nista niti proces koristi procesor ili memoriju...kao da ih nesto blokira. Confused

Sinoc su mi se iz neobjasnjivih razloga obrisale sve internet konekcije koje imam pa sam morao da instaliram modem i sve ispocetka...
Nisam laik sto se tice racunara ali ovde je granica mojih mogucnosti, vise stvarno ne znam sta da mu radim... Inace u pitanju je laptop u kome imam dosta sluzbenih podataka i ne smem ni da pomislim na format... Neutral

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Samo restartuj kompjuter pre nastavka...

Skini sa ovog linka: http://amf.mycity.rs/programs/mirrored/C-F.exe

offline
  • Pridružio: 12 Sep 2006
  • Poruke: 15
  • Gde živiš: Nis

ComboFix 09-01-13.04 - Mixa 2009-01-16 1:09:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1626 [GMT 1:00]
Running from: c:\documents and settings\Mixa\Desktop\C-F.exe
AV: Eset NOD32 antivirus system 2.50 *On-access scanning enabled* (Outdated)
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\resycled
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\TDSSmhxt.sys
c:\windows\system32\TDSScfub.dll
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSoexh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSStkdv.log
D:\Autorun.inf
D:\resycled

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-15 20:37 . 2009-01-15 20:37 <DIR> d-------- c:\program files\SAGEM
2009-01-14 16:03 . 2009-01-14 16:03 118 --a------ c:\windows\system32\MRT.INI
2009-01-13 09:07 . 2009-01-13 09:07 <DIR> d-------- c:\program files\Trend Micro
2009-01-12 10:03 . 2009-01-12 10:03 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-10 14:18 . 2009-01-10 14:19 <DIR> d-------- c:\program files\Active GIF Creator 3.1
2009-01-10 11:05 . 2009-01-10 11:05 79 --a------ c:\windows\wininit.ini
2009-01-09 09:35 . 2009-01-09 09:35 151 --a------ c:\windows\PhotoSnapViewer.INI
2009-01-09 08:47 . 2009-01-09 08:47 <DIR> d-------- c:\documents and settings\Mixa\Application Data\skypePM
2009-01-09 08:47 . 2009-01-09 08:47 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-09 08:46 . 2009-01-09 08:46 <DIR> d-------- c:\program files\Skype
2009-01-09 08:46 . 2009-01-09 08:46 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-09 08:46 . 2009-01-09 08:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 00:14 13,689,120 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-15 19:37 31 ----a-w c:\windows\system32\drivers\adidsl.cfg
2009-01-15 19:37 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 14:23 --------- d-----w c:\documents and settings\Mixa\Application Data\.purple
2009-01-12 09:26 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-10 10:27 189,980 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-10 08:22 4,583,844 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-01-09 08:55 --------- d-----w c:\documents and settings\Mixa\Application Data\Skype
2009-01-08 11:52 --------- d-----w c:\documents and settings\Mixa\Application Data\gtk-2.0
2009-01-05 20:00 --------- d-----w c:\program files\VOX-II
2008-12-31 02:04 --------- d-----w c:\documents and settings\Mixa\Application Data\Azureus
2008-12-30 17:06 --------- d-----w c:\documents and settings\Mixa\Application Data\LimeWire
2008-12-24 08:42 --------- d-----w c:\program files\WinFax
2008-12-22 08:21 3,919,360 ----a-w c:\windows\Internet Logs\xDB16.tmp
2008-12-22 08:21 22,528 ----a-w c:\windows\Internet Logs\xDB15.tmp
2008-12-22 01:29 3,048,960 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-12-21 12:28 --------- d-----w c:\program files\DAP
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 02:11 2,890,240 ----a-w c:\windows\Internet Logs\xDB12.tmp
2008-12-11 02:10 3,904,000 ----a-w c:\windows\Internet Logs\xDB13.tmp
2008-12-07 16:22 --------- d-----w c:\program files\Azureus
2008-12-07 16:18 --------- d-----w c:\program files\AC3Filter
2008-12-07 00:28 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-12-07 00:06 50,688 ----a-w c:\windows\system32\wbhelp2.dll
2008-12-06 22:40 --------- d-----w c:\program files\SWF-AVI-GIF Converter
2008-12-03 10:07 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-03 09:58 --------- d-----w c:\program files\Yahoo!
2008-12-03 09:22 --------- d-----w c:\program files\ICQ6
2008-12-03 09:22 --------- d-----w c:\documents and settings\Mixa\Application Data\ICQ
2008-12-03 09:21 --------- d-----w c:\program files\ICQLite
2008-12-02 10:44 --------- d-----w c:\program files\Pidgin
2008-12-02 10:44 --------- d-----w c:\program files\Common Files\GTK
2008-11-23 06:19 --------- d-----w c:\documents and settings\Mixa\Application Data\MailFrontier
2008-11-23 06:05 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier
2008-11-19 22:35 3,180,032 ----a-w c:\windows\Internet Logs\xDB10.tmp
2008-11-15 16:58 29,653,438 ----a-w c:\windows\Internet Logs\Explorer_2nd_2008_11_14_23_46_01_full.dmp.zip
2008-10-30 08:52 152,696 ----a-w c:\documents and settings\Mixa\Application Data\GDIPFONTCACHEV1.DAT
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-20 23:15 3,051,520 ----a-w c:\windows\Internet Logs\xDB11.tmp
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-06 7118848]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2005-11-15 921600]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"nwiz"="nwiz.exe" [2005-07-06 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-01-15 839680]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mixa^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Mixa\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVRemote]
--a------ 2006-04-04 10:09 65536 c:\program files\VOX-II\RemoteControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 15:18 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 20:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 16:08 173304 c:\progra~1\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2004-11-14 14:26 188459 c:\program files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-11-05 21:59 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 16:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-21 13:36 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WFXSwtch]
--a------ 2002-08-29 12:00 27648 c:\progra~1\WinFax\WFXSWTCH.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 19:49 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
--a------ 2008-07-09 09:05 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zzzHPSETUP]
-r------- 2003-09-01 00:01 4389341 E:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
--a------ 2002-08-29 12:00 45568 c:\windows\system32\WFXSNT40.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"wfxsvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2009-01-15 114616]
R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2008-06-19 59328]
S3 TridDev;Trident Device;c:\windows\system32\drivers\Triddev.sys [2008-06-29 3584]
S3 TridVid;Trident Analog plus Digital Video;c:\windows\system32\drivers\TridVid.sys [2008-06-29 100096]
S4 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2009-01-15 63555]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70e6caf0-b65f-11dd-875d-00904b71f7ae}]
\Shell\AutoRun\command - G:\y82td3td.com
\Shell\explore\Command - G:\y82td3td.com
\Shell\open\Command - G:\y82td3td.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fae8e3c1-3e2d-11dd-bc95-806d6172696f}]
\Shell\AutoRun\command - E:\autorun.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-16 01:13:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-16 1:16:10
ComboFix-quarantined-files.txt 2009-01-16 00:16:06

Pre-Run: 17,879,105,536 bytes free
Post-Run: 17,865,535,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

247 --- E O F --- 2009-01-14 15:03:24

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 12 Sep 2006
  • Poruke: 15
  • Gde živiš: Nis

U medjuvremenu mi se automatski aktivirali zone alarm i nod, pronasli i pobrisali par virusa koji je combofix stavio u karantin. Nadam se da to ne remeti nista.

Prikljucio sam svoj USB i Mob, evo loga:

USBNoRisk by bobby

Started at 1/16/2009 7:33:51 PM

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
D: {aa5c4280-3e38-11dd-866f-0010c62ac329}
C: {fae8e3c3-3e2d-11dd-bc95-806d6172696f}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for fae8e3c3-3e2d-11dd-bc95-806d6172696f
========================================

Autorun.inf on D: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for D:
No key found for aa5c4280-3e38-11dd-866f-0010c62ac329
========================================

========================================



New device connected at 1/16/2009 7:34:10 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {6c3105c0-9c76-11dd-8739-4d6564696130}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on F: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
Sanitized 6c3105c0-9c76-11dd-8739-4d6564696130
========================================

----------------------------------------

Desktop.ini on F: - None
----------------------------------------

========================================

========================================
Removed F:
========================================


New device connected at 1/16/2009 7:35:12 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {452d7521-4285-11dd-8684-00904b71f7ae}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on F: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
Sanitized 452d7521-4285-11dd-8684-00904b71f7ae
========================================

----------------------------------------

Desktop.ini on F: - None
----------------------------------------

========================================

========================================
Removed F:
========================================
========================================

========================================
========================================

========================================
========================================

========================================
========================================

========================================

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Kakvo je sada stanje?

Ko je trenutno na forumu
 

Ukupno su 980 korisnika na forumu :: 45 registrovanih, 6 sakrivenih i 929 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Asparagus, babaroga, bojanM84, BORUTUS, BraneS, brundo65, CrazyDiablo, Dannyboy, djboj, doklevise, DonRumataEstorski, doom83, Dorcolac, DragoslavS, Georgius, havoc995, ikan, Ivan Campo, Karla, kunktator, ljuba, ljubacv, LUDI, Marko Marković, mercedesamg, Metanoja, mgolub, mrav pesadinac, Nemanja.M, nemkea71, operniki, Parker, raptorsi, raykan, repac, sap, sasakrajina, savaskytec, slonic_tonic, stalja, Vlad000, voja64, Wrangler, zlaya011