Imam li razlog za brigu?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of HijackThis v1.99.1
Scan saved at 9:42:11 PM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Fast.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Documents and Settings\Media\Desktop\Ekskurzija\Slike.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {803E93C8-A79D-42E7-BE52-20DE96B6744A} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: winopn32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zdravo Svetlana,

Uradi jos i sledece:
skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Ovaj log nam je potreban zbog detaljnije analize.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zdravo bobby,

Zahvaljujem se na brzini kojom ste pristupili mom problemu. Evo i loga:

ComboFix 08-08-03.05 - Media 2008-08-04 22:11:08.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.116 [GMT 2:00]
Running from: C:\Documents and Settings\Media\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\mdm.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-04 20:15 . 2008-08-04 20:15 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-03 23:29 . 2008-08-03 23:29 82 --a------ C:\WINDOWS\netdet.ini
2008-08-03 23:29 . 2008-08-03 23:29 0 --ah----- C:\WINDOWS\47614073-51
2008-07-19 21:36 . 2008-07-19 21:36 <DIR> d-------- C:\Documents and Settings\Media\Application Data\Alawar
2008-07-13 23:27 . 2008-07-25 15:52 <DIR> d-------- C:\Program Files\Tropico
2008-07-11 10:56 . 2008-08-04 04:10 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-11 10:56 . 2008-07-11 10:56 <DIR> d-------- C:\Program Files\AVG
2008-07-11 10:56 . 2008-07-11 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-11 10:56 . 2008-07-11 10:56 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-11 10:56 . 2008-07-11 10:56 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-11 10:56 . 2008-07-11 10:56 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 19:41 --------- d-----w C:\Documents and Settings\Media\Application Data\uTorrent
2008-08-04 19:32 --------- d-----w C:\Documents and Settings\Media\Application Data\Skype
2008-08-04 18:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-08-03 22:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-03 20:27 --------- d-----w C:\Program Files\MathType
2008-08-03 08:46 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-25 13:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 08:11 --------- d-----w C:\Program Files\Passware
2008-06-29 09:44 --------- d-----w C:\Documents and Settings\Media\Application Data\PlayFirst
2008-06-29 09:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-25 21:33 --------- d-----w C:\Documents and Settings\Media\Application Data\Apple Computer
2008-06-25 21:32 --------- d-----w C:\Program Files\Safari
2008-06-25 21:32 --------- d-----w C:\Program Files\Apple Software Update
2008-06-25 21:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-06-25 16:31 --------- d-----w C:\Program Files\Microsoft Games
2008-05-28 18:29 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-01-23 11:46 312 ----a-w C:\Documents and Settings\Media\Application Data\bbbconfig.dat
2007-02-25 15:48 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30 249856]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-10-04 12:38 163840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-11 10:56 1232152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinNC - Launch WinNC - multiplelicense (external programming station).lnk]
backup=C:\WINDOWS\pss\WinNC - Launch WinNC - multiplelicense (external programming station).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^3DO Registration.lnk]
backup=C:\WINDOWS\pss\3DO Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^H3 The Shadow of Death(TM).lnk]
backup=C:\WINDOWS\pss\H3 The Shadow of Death(TM).lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^MostFun.lnk]
backup=C:\WINDOWS\pss\MostFun.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 09:27 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-09-29 22:58 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-03-18 04:24 184320 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 23:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2003-09-23 11:06 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2006-05-18 08:27 16207872 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LIVESRV"=2 (0x2)
"VSSERV"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\AoEII\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"C:\\Documents and Settings\\Media\\My Documents\\Duke3D.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10317:TCP"= 10317:TCP:BitComet 10317 TCP
"10317:UDP"= 10317:UDP:BitComet 10317 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-11 10:56]
R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2007-03-18 22:29]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-11 10:56]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-11 10:56]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-11 10:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\_AUTORUN\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1649dd9a-2e8e-11dd-9a17-001485dee0db}]
\Shell\Auto\command - Config.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Config.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{607b2247-34d5-11dd-9a1f-001485dee0db}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{803E93C8-A79D-42E7-BE52-20DE96B6744A} - (no file)
Notify-winopn32 - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Media\Application Data\Mozilla\Firefox\Profiles\edbk3j11.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-08-04 22:13:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-08-04 22:17:04
ComboFix-quarantined-files.txt 2008-08-04 20:16:01
ComboFix2.txt 2008-04-20 14:58:38

Pre-Run: 4,647,510,016 bytes free
Post-Run: 4,661,411,840 bytes free

192

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ima jos par sitnica, ali to cu morati nazalost da ostavim za sutra uvece.
Ono sto je bilo glavno, to je ComboFix automatski resio.

Citamo se sutra uvece. Tada cemo pogledati USB flash drajvove koje imas, posto izgleda da je na tvoj komp ukljucivan neki flash drive koji je bio zarazen necim. Do sutra uvece nemoj prikljucivati ni jedan flash drive na komp. Isto vazi i za MP3 plejere, mobilni i slicne stvarcice koje se kace na USB port.

pozz

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala Vam puno.
Do sutra uvece, pozz

Dopuna: 05 Avg 2008 23:50

Dobro vece!
Evo mene ponovo, po dogovoru. Koji su sledeci koraci koje treba da ucinim?
Pozz

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Svetlana, izvini sto kasnim, malko sam sinoc bio u frci s vremenom, pa sam potpuno zaboravio.

Skini sledeci program - http://amf.mycity.rs/personal/bobby/USB_blocker/usb_blocker_beta.exe
- startuj ga i odaberi opciju Auto block
- ubaci USB stick u komp i sacekaj koji sekund (recimo 5-10 sekundi)
- program je sada uradio analizu sticka (vidi se u donjem delu programa, u logu)
- gore levo klikni duplo na slovo koje oznacava particiju, tj. tvoj USB stick
- dole kraj sata ce se pojaviti poruka da smes da izvadis USB stick iz kompa
- ne gasi program, vec ubaci sledeci USB stick i za njega isto sacekaj par sekundi, i tako redom za sve stickove, MP3 plejere, mobilni
- zapamti kojim redom su ubacivani stickovi

Kada sve to zavrsis, log u donjem delu programa ce sadrzati sve podatke koji su meni potrebni da bih video koji stick je zarazen.
Klikni desnim dugmetom misa na log/izvestaj i odaberi Save log.
Automatski ce se otvoriti Notepad i u njemu izvestaj.
Iskopiraj mi taj izvestaj ovde na forum.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozz, bobby!
Postoji jedan problem. USB, nemam. Jedino sto je moglo napraviti problem je fotoaparat koji su deca odnela na more. Cula sam se sa njima i izvestili su me da je pre izvesnog vremena njima AV prijavio problem, ali ne mogu da se sete sta je bilo u pitanju. To je sve sto znam. Izvini sto ne mogu da budem od vece pomoci. Da li postoji nesto drugo sto mogu da ucinim povodom ovoga?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Iz loga bih rekao da su na ovaj komp bila prikljucivana barem dva razlicita USB uredjaja.
Mozda neki pozajmljeni USB stick?

Interesuje me sta je particija G: ?
Jel to particija na hard disku, ili je spoljnji uredjaj?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sad sam u veliko rebusu.

Sto se tice USB uredjaja, pretpostavljam da su to bili uredjaji od drugova moje dece.
Ali za patriciju G, ne znam sta da kazem. Pored, A (floppy drive), C (sistemska), D (dokumenti), E (DWD-RW drive), ja ovde vidim jos neke dve F: i H:, ali ne znam odakle one tu. Zapravo, one su stalno tu, ali nikad nisam pitala decu od cega su. Mozda neki virtuelni, za igrice. G: ne vidim.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nije frka. Rekoh vec ranije da su nam ostale sitnice. Ono sto je bilo sigurno lose - to smo vec uklonili.

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1649dd9a-2e8e-11dd-9a17-001485dee0db}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{607b2247-34d5-11dd-9a1f-001485dee0db}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.