Poslao: 21 Jan 2009 00:44
|
offline
- Pridružio: 23 Okt 2007
- Poruke: 49
|
Imam problema sa mreznim stampacem koji se nalazi vezan na drugom kompjuteru a kojeg moj kompjuter nemoze prepoznati. Cudno je sto internet radi a mreza ne.
Tu je log fajl pa vidite moze li se sto uraditi
Hvala
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:06 PM, on 20/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [zzgykzeh.exe] C:\WINDOWS\zzgykzeh.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {F9463571-87CB-4A90-A1AC-2284B7F5AF4E} (Persits Software XEncrypt) - banka.com.mk/Ctrls/Ctrls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D2FB415-11D7-4B62-97D7-B4ACE794EB1F}: NameServer = 195.26.152.19
O17 - HKLM\System\CS1\Services\Tcpip\..\{9D2FB415-11D7-4B62-97D7-B4ACE794EB1F}: NameServer = 195.26.152.19
O17 - HKLM\System\CS2\Services\Tcpip\..\{9D2FB415-11D7-4B62-97D7-B4ACE794EB1F}: NameServer = 195.26.152.19
O20 - Winlogon Notify: tqtzyy - C:\WINDOWS\SYSTEM32\tqtzyy.dll
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 4369 bytes
|
|
|
|
|
Poslao: 22 Jan 2009 10:48
|
offline
- Pridružio: 23 Okt 2007
- Poruke: 49
|
Javili su se problemi sa memorijom. Pri skeniranju sam ComboFix mi je javio da nemoze proveriti memoriju a zatim mi je sam kompjuter pao na plavi ekran gde upozorava da ima nekih hardverskih ili softverskih problema i pravi damp memoriji.
Sad sam u nedoumici dali je zaista problem sa memorijom ili neka zaraza prouzrokuje ovaj problem. Kako bi mogao proveriti ispravnost memorije?
|
|
|
|
Poslao: 22 Jan 2009 10:53
|
offline
- diarno
- Anti Malware Fighter
Rank 2
- Pridružio: 15 Jun 2007
- Poruke: 5572
|
Aj ovako... Probaj da iskljucis nekako Antivirus koji koristis...
Pa onda pusti combofix... Ako ni tako nece... Onda ocekuj moj odgovor oko 17 h danas.... NE verujem da je memorija jer su vidljivi znaci nekoliko infekcija...
|
|
|
|
Poslao: 22 Jan 2009 14:13
|
offline
- Pridružio: 23 Okt 2007
- Poruke: 49
|
Tako sam i probao, iskljucio sam i anti virus i spyware terminator. Jos jedna napomena, iskljucio sam se i od interneta jer iskljucujem AV. Probao sam i u save modu i ponovo se javlja isti problem.
Dopuna: 22 Jan 2009 14:13
Probao sam jos jednom i uspeo da dodjem do log fajla.
Napominjem da je pri ponovnom startanju kompjutera i pri ispisivanju log fajla automatski su se podigli AV program i spyware terminator.
Isto tako, na pocetku je Combofix izbacio prozor da THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED i trazio je internet konekciju kako bi izvrsio instalaciju ali sam ja ignorirao tu napomenu, nakon cega je izvrseno skeniranje sa log fajlom koji sledi
ComboFix 09-01-21.02 - Ace 2009-01-22 13:38:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247.113 [GMT 1:00]
Running from: c:\documents and settings\Ace\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\tqtzyy.dll
c:\windows\system32\tqtzyy32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FCI
-------\Legacy_ICF
-------\Service_ICF
-------\Service_restore
((((((((((((((((((((((((( Files Created from 2008-12-22 to 2009-01-22 )))))))))))))))))))))))))))))))
.
2009-01-21 12:27 . 2009-01-21 12:27 <DIR> d-------- c:\program files\Sophos
2009-01-21 11:17 . 2009-01-21 11:17 <DIR> d-------- c:\program files\CA
2009-01-21 08:05 . 2009-01-21 08:05 <DIR> d-------- c:\program files\AVG
2009-01-21 07:56 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-01-21 07:56 . 2003-03-18 20:14 499,712 --a------ c:\windows\system32\MSVCP71.dll
2009-01-20 14:46 . 2004-08-04 13:00 59,904 --a------ c:\windows\system32\drivers\atmarpc.sys.bak
2009-01-20 14:44 . 2004-08-04 13:00 14,336 --a------ c:\windows\system32\drivers\asyncmac.sys.bak
2009-01-16 14:06 . 2009-01-16 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-16 12:41 . 2009-01-21 08:56 5,760 --a------ c:\windows\system32\drivers\restore.sys
2009-01-16 08:42 . 2009-01-16 08:42 <DIR> d-------- c:\program files\Trend Micro
2009-01-15 15:20 . 2009-01-15 15:20 <DIR> d-------- c:\documents and settings\Ace\Application Data\Lavasoft
2009-01-15 14:11 . 2009-01-22 13:17 <DIR> d-------- c:\program files\Spyware Terminator
2009-01-15 14:11 . 2009-01-22 13:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-01-15 14:11 . 2009-01-22 11:00 <DIR> d-------- c:\documents and settings\Ace\Application Data\Spyware Terminator
2009-01-15 14:11 . 2009-01-15 14:11 138,752 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-01-15 14:10 . 2009-01-15 14:10 <DIR> d-------- c:\program files\Alwil Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 07:56 14,336 ----a-w c:\windows\system32\svchost.exe
2009-01-20 13:46 136,640 ----a-w c:\windows\system32\drivers\atmarpc.sys
2009-01-15 13:53 --------- d-----w c:\program files\Yahoo! Games
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-10-15 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-10-15 114688]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-01-16 2957824]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]
"SoundMan"="SOUNDMAN.EXE" [2002-08-02 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"IE7-10"="advpack.dll" [2007-09-20 c:\windows\system32\advpack.dll]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 1.0.2.lnk - c:\program files\OpenOffice.org1.0.2\program\quickstart.exe [2003-03-13 61440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7bhxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-01-15 138752]
S0 ati7bhxx;ati7bhxx;c:\windows\system32\Drivers\ati7bhxx.sys --> c:\windows\system32\Drivers\ati7bhxx.sys [?]
S3 EL910;3Com 3CSOHO100B-TX PCI;c:\windows\system32\drivers\EL910N51.sys [2002-05-29 38400]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\everestultimate450\kerneld.wnt --> e:\everestultimate450\kerneld.wnt [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S4 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [2000-06-08 50176]
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-zzgykzeh.exe - c:\windows\zzgykzeh.exe
Notify-tqtzyy - tqtzyy32.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {9D2FB415-11D7-4B62-97D7-B4ACE794EB1F} = 195.26.152.19
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F9463571-87CB-4A90-A1AC-2284B7F5AF4E} - hxxps://www.banka.com.mk/Ctrls/Ctrls.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-22 13:43:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\e:\everestultimate450\kerneld.wnt"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\eTrust Antivirus\InoRpc.exe
c:\program files\CA\eTrust Antivirus\InoRT.exe
c:\program files\CA\eTrust Antivirus\InoTask.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Spyware Terminator\sp_rsser.exe
.
**************************************************************************
.
Completion time: 2009-01-22 13:48:33 - machine was rebooted [Ace]
ComboFix-quarantined-files.txt 2009-01-22 12:48:27
Pre-Run: 8,626,667,520 bytes free
Post-Run: 8,700,993,536 bytes free
131
|
|
|
|
|
Poslao: 23 Jan 2009 11:10
|
offline
- Pridružio: 23 Okt 2007
- Poruke: 49
|
Uradjeno, evo log fajla
ComboFix 09-01-21.04 - Ace 2009-01-23 9:28:17.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247.83 [GMT 1:00]
Running from: c:\documents and settings\Ace\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ace\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:\windows\system32\Drivers\ati7bhxx.sys
c:\windows\system32\drivers\restore.sys
.
/wow section - STAGE 27
((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.
2009-01-21 12:27 . 2009-01-21 12:27 <DIR> d-------- c:\program files\Sophos
2009-01-21 11:17 . 2009-01-21 11:17 <DIR> d-------- c:\program files\CA
2009-01-21 08:05 . 2009-01-21 08:05 <DIR> d-------- c:\program files\AVG
2009-01-21 07:56 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-01-21 07:56 . 2003-03-18 20:14 499,712 --a------ c:\windows\system32\MSVCP71.dll
2009-01-20 14:46 . 2004-08-04 13:00 59,904 --a------ c:\windows\system32\drivers\atmarpc.sys.bak
2009-01-20 14:44 . 2004-08-04 13:00 14,336 --a------ c:\windows\system32\drivers\asyncmac.sys.bak
2009-01-16 14:06 . 2009-01-16 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-16 08:42 . 2009-01-16 08:42 <DIR> d-------- c:\program files\Trend Micro
2009-01-15 15:20 . 2009-01-15 15:20 <DIR> d-------- c:\documents and settings\Ace\Application Data\Lavasoft
2009-01-15 14:11 . 2009-01-22 13:17 <DIR> d-------- c:\program files\Spyware Terminator
2009-01-15 14:11 . 2009-01-22 13:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-01-15 14:11 . 2009-01-22 11:00 <DIR> d-------- c:\documents and settings\Ace\Application Data\Spyware Terminator
2009-01-15 14:11 . 2009-01-15 14:11 138,752 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-01-15 14:10 . 2009-01-15 14:10 <DIR> d-------- c:\program files\Alwil Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 07:56 14,336 ----a-w c:\windows\system32\svchost.exe
2009-01-20 13:46 136,640 ----a-w c:\windows\system32\drivers\atmarpc.sys
2009-01-15 13:53 --------- d-----w c:\program files\Yahoo! Games
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-10-15 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-10-15 114688]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-01-16 2957824]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]
"SoundMan"="SOUNDMAN.EXE" [2002-08-02 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"IE7-10"="advpack.dll" [2007-09-20 c:\windows\system32\advpack.dll]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 1.0.2.lnk - c:\program files\OpenOffice.org1.0.2\program\quickstart.exe [2003-03-13 61440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-01-15 138752]
S3 EL910;3Com 3CSOHO100B-TX PCI;c:\windows\system32\drivers\EL910N51.sys [2002-05-29 38400]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\everestultimate450\kerneld.wnt --> e:\everestultimate450\kerneld.wnt [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S4 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [2000-06-08 50176]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {9D2FB415-11D7-4B62-97D7-B4ACE794EB1F} = 195.26.152.19
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F9463571-87CB-4A90-A1AC-2284B7F5AF4E} - hxxps://www.banka.com.mk/Ctrls/Ctrls.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-23 09:30:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\e:\everestultimate450\kerneld.wnt"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\TelnetServer\1.0\ReadConfig]
@DACL=(02 0000)
"Defaults"=dword:00000000
.
Completion time: 2009-01-23 9:32:48
ComboFix-quarantined-files.txt 2009-01-23 08:32:41
ComboFix2.txt 2009-01-23 08:20:03
ComboFix3.txt 2009-01-22 12:48:36
Pre-Run: 8,684,462,080 bytes free
Post-Run: 8,675,590,144 bytes free
108
|
|
|
|
|
Poslao: 23 Jan 2009 13:58
|
offline
- Pridružio: 23 Okt 2007
- Poruke: 49
|
Zasad je dobro. Bilo je dobro i prije slanja prvog log fajla samo se je znalo povremeno ponovo pojaviti blokiranje stampaca.
Na kraju jedno pitanje, dali je moguce kompletno ocistiti zarazu na kompjuteru instaliranjem razlicitih AV i Antispyware programa (Instaliram jedan pa ga obrisem pa ponovo drugi itd.) ili se mora napraviti ciscenje uz pomoc Combobox-a ?
Na kraju hvala na pomoci
|
|
|
|
|