Legalni KIS7 upao na black listu

1

Legalni KIS7 upao na black listu

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7912
  • Gde živiš: Moskva, Rusija

Danas popodne kad sam dosao kuci "obraduje" me popup od Kasperskog da je kljuc na crnoj listi. Kupio sam legalan KIS 7 pre 4-5 meseci, kljuc je (trebalo da bude) validan do oktobra 2008. Za slucaj da sam pokupio neki exploit ili nesto slicno, dajem HT log ovde. Ako je cisto, selim se u deo za Zastitu da potrazim savet sta i kako dalje.

Logfile of HijackThis v1.99.1
Scan saved at 20:09:35, on 27.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\ABBYY Lingvo 12\Lvagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Documents and Settings\Misko\Desktop\OtmiOvo\TjapiGa.exe

R3 - URLSearchHook: free-downloads.net Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfre1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: free-downloads.net Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfre1.dll
O3 - Toolbar: free-downloads.net Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfre1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Добавить в Анти-Баннер - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Cтатистика Веб-Антивируса - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BFEA9F4-5E98-4ACA-8DF7-177EF9890A45}: NameServer = 212.188.4.10,195.34.32.116
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Ovaj "free-downloads.net Toolbar" mi je potpuna enigma, nista slicno nisam instalirao!

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Jesi li menjao nesto od hardwera?
Jesi li davao jos nekome tu licencu?
Jesi li na vise od jednog kompa instalirao KIS sa istom tom licencom?

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7912
  • Gde živiš: Moskva, Rusija

Ne, ne i ne Smile

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Hajde da pustimo Combofix za svaki slucaj, mada mislim da je ovo ipak slucaj za tehnicku podrsku Kasperskog.

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7912
  • Gde živiš: Moskva, Rusija

ComboFix 08-02-25.3 - Misko 2008-02-27 20:37:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.1083 [GMT 3:00]
Running from: C:\Documents and Settings\Misko\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-26 21:55 . 2008-02-26 21:55 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-26 21:55 . 2008-02-26 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-25 12:58 . 2001-06-05 15:12 1,114,112 --a------ C:\WINDOWS\UninstA3.exe
2008-02-25 12:54 . 2000-10-20 13:25 487,184 --a------ C:\WINDOWS\system32\Mrt7enu.dll
2008-02-25 12:54 . 2000-10-20 13:25 79,360 --a------ C:\WINDOWS\system32\acdbres.dll
2008-02-25 12:54 . 2000-10-20 13:25 31,744 --a------ C:\WINDOWS\system32\Hlp95en.dll
2008-02-25 12:53 . 2008-02-25 12:54 <DIR> d-------- C:\Program Files\Volo View Express
2008-02-25 12:53 . 2008-02-25 12:53 <DIR> d-------- C:\Program Files\Common Files\Wextech Shared
2008-02-25 12:52 . 2008-02-25 19:37 <DIR> d-------- C:\Program Files\AutoCAD 2002
2008-02-23 11:16 . 2008-02-26 21:57 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-21 07:33 . 2008-02-21 07:33 244 --ah----- C:\sqmnoopt02.sqm
2008-02-21 07:33 . 2008-02-21 07:33 232 --ah----- C:\sqmdata02.sqm
2008-02-19 22:17 . 2008-02-19 22:17 9,662 --a------ C:\WINDOWS\EPISME00.SWB
2008-02-16 20:38 . 2008-02-16 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 17:46 25,475,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-27 17:46 1,132,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-27 17:45 --------- d-----w C:\Program Files\PeerGuardian2
2008-02-27 17:43 --------- d-----w C:\Documents and Settings\Misko\Application Data\Skype
2008-02-27 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-27 04:26 353,660 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-27 04:26 112,136 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-26 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 16:35 --------- d-----w C:\Documents and Settings\Misko\Application Data\uTorrent
2008-02-25 10:01 --------- d-----w C:\Documents and Settings\Misko\Application Data\Autodesk
2008-02-25 09:58 --------- d-----w C:\Program Files\Radimpex
2008-02-25 09:55 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-02-10 17:13 --------- d-----w C:\Program Files\FinePixViewer
2008-01-31 19:04 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-01-22 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-29 17:42 --------- d-----w C:\Program Files\Screamer Radio
2007-12-17 21:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]
2007-12-19 23:28 1502232 --a------ C:\Program Files\free-downloads\tbfre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D3E23B4B-F153-4687-82C2-816319DD3C5A}

[HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D3E23B4B-F153-4687-82C2-816319DD3C5A}"= C:\Program Files\free-downloads\tbfre1.dll [2007-12-19 23:28 1502232]

[HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40 1421824]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"QIP2005"="C:\Program Files\QIP\qip.exe" [2007-07-15 13:43 3259904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-17 19:00 16062464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-15 19:00 2879488 C:\WINDOWS\SkyTel.exe]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-13 17:25 363008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 18:44 8429568]
"nwiz"="nwiz.exe" [2007-04-12 18:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 18:44 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 00:43 227856]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 21:37 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 21:39 77824]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 07:00 98304]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"Lingvo Launcher"="C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" [2006-12-14 00:09 258048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Programi\\uTorrent\\utorrent-1.2.3-beta-build-361.exe"=
"D:\\Igre\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ec38183-9a1c-11dc-a447-0018f30e4639}]
\Shell\AutoRun\command - H:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83e83600-6149-11dc-91c6-0018f30e4639}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

*Newly Created Service* - PGFILTER
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 20:46:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-27 20:47:51
.
2008-02-13 04:39:23 --- E O F ---

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Vidim tragove jedne infekcije koja inficira DOC fajlove.

Koristis li Explorer za manipulisanje fajlovima, ili imas neki file manager tipa Total Commander?

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7912
  • Gde živiš: Moskva, Rusija

Total Commander u 99% slucajeva. Samo ako se desi da ime fajla ima neka specijalna slova koja zbune Total Commander, onda koristim Explorer.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

u TC-u idi na Configuration > Display, pa ukljuci Show Hidden/System files

Onda pogledaj C particiju, pa tu potrazi folder Recycler (tu idu fajlovi koji brisanjem odu u korpu).
Pretrazi lepo Recycler i vidi da li u njemu postoji CTFMON.EXE

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7912
  • Gde živiš: Moskva, Rusija

Nema. Ima samo neki INFO2 (velikim slovima) i desktop.ini.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

OK. To znaci da je ona infekcija o kojoj sam pricao odstranjena, ostali samo tragovi u reg. bazi.

Evo ovako, ovde ne vidim nista kriticno.
Onaj toolbar nije nista sporan, a i ona infekcija je izgleda sanirana jos ranije.

Izgleda da je rec o necem desetom, zato je najbolje da pozoves njihovu tehnicku podrsku.

Ko je trenutno na forumu
 

Ukupno su 1356 korisnika na forumu :: 45 registrovanih, 4 sakrivenih i 1307 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksandar Tomić, aleksmajstor, Apok, BlekMen, Brana01, cemix, Dimitrije Paunovic, Dimitrise93, Djordjevic, draganca, dragoljub11987, dule10savic, Georgius, Griffon vulture, ILGromovnik, Ivan001, Ivica1102, JOntra, kuntalo, ladro, Mcdado, mercedesamg, mikrimaus, milanovic, milenko crazy north, MilosKop, milutin134, nenad81, nick79, NoOneEver Dreams, Seeker, Sirius, SlaKoj, solic, srbijaiznadsvega, Srle993, Sumadija34, suton, Tragač, vathra, Vlad000, vladaa012, VP6919, zzapNDjuric99