Poslao: 26 Maj 2008 12:59
|
offline
- Pridružio: 09 Jun 2004
- Poruke: 137
- Gde živiš: Beograd
|
Vec n puta sam obarao sistem i uvek se desi isto. Ne znam šta pokupim, ali se dese dve stvari:
Prvo, svi hidden folderi i fajlovi se ne vide. Kada u folder options štikliram "Show hidden files and folders" ne menja se ništa. Ako štikliram "Do not show..." i Apply, ne reaguje, odnosno, kad sledeci put otvorim Folder options, štiklirano je opet "Show hidden...".
Drugo, kada ubacim flash memoriju, prikacim fotoaparat ili mp3 plejer, Avast (koristim poslednju verziju, 4. pali alarm gde je virus prisutan na G:\Autorun.exe iako Autorun.exe ne bi trebalo da postoji ni na fotoaparatu ni na flash-u ni na plejeru. Ako iz My computer dvokliknem na G:\ (prenosivi uredaj), ovo se desi. Ako kliknem desnim klikom, otvara se meni na kome se dva puta pojavljuje Open. Prvi na listi je boldiran i taj ima isti efekat kao dvoklik, a drugi je par redova niže, i ako kliknem na njega Win otvara prozor G: najnormalnije. Skeniram, ocistim, sve bude okej jedno vreme i onda ponovo...
Os je Win XP + SP2.
Kad sam on line posecujem, ali, bukvalno, pet adresa ukljucujuci MC. Ništa od rizicnih websiteova.
Kao što rekoh, koristim Avast 4.8.
U suštini, osim cimanja sa usb uredajima i cinjenice da ne mogu da vidim hidden sadržaj, sistem radi bez problema. Sve funkcioniše. Samo, UŽASNO me živcira to što mi se to dešava, pa, redovno! Oborim sistem, sve bude fino, pukne, oborim sistem... U cemu je stvar? Kad skeniram sistem Avast prijavi neki Trojan, pobriše sve zaražene fajlove i kao, ocisti sistem. Posle nekog vremena, ponovo isto. Mislim, da li je moguce da redovno kupim virus na MC, gmail-u, facebook-u???
Mene najviše zanima da li to može da se reši na neki drugi nacin osim obaranjem sistema... Pocelo je da me smara...
Unapred hvala.
Logfile of HijackThis v1.99.1
Scan saved at 02:08:46, on 20.05.2008
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\server.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Downloads\Software\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://E:\content\drivers\swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BA9810A-F703-49B4-8C8F-AC78E15003E8}: NameServer = 85.222.160.152 217.26.64.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BA9810A-F703-49B4-8C8F-AC78E15003E8}: NameServer = 85.222.160.152 217.26.64.131
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe" -s DefaultInstance (file missing)
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe" -s DefaultInstance (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
|
|
|
|
|
Poslao: 26 Maj 2008 15:23
|
offline
- Pridružio: 09 Jun 2004
- Poruke: 137
- Gde živiš: Beograd
|
Logfile of HijackThis v1.99.1
Scan saved at 14:46:10, on 26.05.2008
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Opera\Opera.exe
D:\ZA REZANJE\instalacije\nije_to_sto_mislite.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://E:\content\drivers\swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe" -s DefaultInstance (file missing)
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe" -s DefaultInstance (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
ComboFix 08-05-25.4 - stanislav 2008-05-26 14:52:31.1 - NTFSx86
Running from: C:\Documents and Settings\stanislav\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.
2008-05-26 13:22 . 2008-05-26 13:23 <DIR> d-------- C:\Program Files\Opera
2008-05-26 03:39 . 2008-05-26 03:42 <DIR> d-------- C:\Documents and Settings\stanislav\Application Data\DBDesigner4
2008-05-26 03:38 . 2008-05-26 03:38 <DIR> d-------- C:\Program Files\Common Files\fabFORCE
2008-05-26 03:37 . 2008-05-26 03:38 <DIR> d-------- C:\Program Files\fabFORCE
2008-05-25 15:31 . 2008-05-25 15:31 <DIR> d-------- C:\Program Files\Quest Software
2008-05-25 01:52 . 2008-04-14 12:57 462,848 --a------ C:\WINDOWS\system32\Firebird2Control.cpl
2008-05-25 01:52 . 2008-04-14 12:52 450,560 --a------ C:\WINDOWS\system32\GDS32.DLL
2008-05-24 19:01 . 2008-05-24 19:01 <DIR> d-------- C:\Program Files\FlameRobin
2008-05-18 23:40 . 2008-05-18 23:40 <DIR> d--h----- C:\New Folder (2)
2008-05-18 23:40 . 2008-05-18 23:40 <DIR> d--h----- C:\New Folder
2008-05-09 17:15 . 2008-05-10 16:35 <DIR> d-------- C:\Program Files\Platypus Free Trial
2008-05-09 14:12 . 2008-05-09 14:12 <DIR> d-------- C:\Documents and Settings\stanislav\Application Data\AdobeUM
2008-05-07 11:31 . 2008-05-07 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Contrast
2008-05-07 11:30 . 2008-05-07 11:30 <DIR> d-------- C:\Program Files\Contrast
2008-05-04 19:56 . 2008-05-04 20:00 <DIR> d-------- C:\WINDOWS\system32\Spider-Man 3 (Black Suit) dir
2008-04-27 03:30 . 2008-05-04 20:00 <DIR> d-------- C:\WINDOWS\system32\Spider-Man 3 (Sandman) dir
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 12:58 --------- d-----w C:\Documents and Settings\stanislav\Application Data\Free Download Manager
2008-05-21 18:23 3,001 --sha-w C:\Documents and Settings\stanislav\ppUser.dat
2008-05-18 11:11 --------- d-----w C:\Program Files\CDlyse
2008-05-17 10:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-25 16:42 --------- d-----w C:\Program Files\DirectX Buster
2008-04-25 14:36 --------- d-----w C:\Program Files\Firebird
2008-04-24 08:48 --------- d-----w C:\Documents and Settings\stanislav\Application Data\Contrast
2008-04-22 16:15 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-04-22 16:15 --------- d-----w C:\Program Files\Easy CD-DA Extractor 5.0
2008-04-21 17:25 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe
2005-08-27 15:26 1,581,056 ----a-w C:\Program Files\SAFlashPlayer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-03-12 03:18 14336]
"WhenUSave"="C:\Program Files\Save\Save.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 07:16 5058560]
"nwiz"="nwiz.exe" [2003-10-06 07:16 741376 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"PCTVRemote"="C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe" [2002-01-28 20:12 61440]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-03-12 03:18 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-04-02 16:05]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24ac38a1-1d18-11dd-a820-806d6172696f}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{599a90f0-ef0e-11dc-85fe-806d6172696f}]
\Shell\Auto\command - G:\Autorun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{929f8f0c-ccfc-11dc-8591-806d6172696f}]
\Shell\Auto\command - H:\Autorun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{971d0cf3-e20c-11dc-85d0-806d6172696f}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\\msencobe.dll,InstallM
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-05-26 14:58:37
Windows 5.1.2600 Service Pack 2, v.2096 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-26 15:06:07
ComboFix-quarantined-files.txt 2008-05-26 13:05:26
Pre-Run: 1,625,968,640 bytes free
Post-Run: 2,300,395,520 bytes free
105
|
|
|
|
|
Poslao: 30 Maj 2008 05:00
|
offline
- Pridružio: 09 Jun 2004
- Poruke: 137
- Gde živiš: Beograd
|
Koji si ti car, čak si postavio i animated gif!!!
Kad obavim sve ovo postavljam log! Hvala!
Dopuna: 30 Maj 2008 4:55
ComboFix 08-05-25.4 - stanislav 2008-05-29 16:03:37.2 - NTFSx86
Running from: C:\Documents and Settings\stanislav\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\stanislav\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.
2008-05-28 01:33 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-28 01:30 . 2008-05-28 01:33 <DIR> d-------- C:\Program Files\Java
2008-05-28 01:30 . 2008-05-28 01:30 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-26 13:22 . 2008-05-26 13:23 <DIR> d-------- C:\Program Files\Opera
2008-05-26 03:38 . 2008-05-26 16:38 <DIR> d-------- C:\Program Files\Common Files\fabFORCE
2008-05-25 15:31 . 2008-05-25 15:31 <DIR> d-------- C:\Program Files\Quest Software
2008-05-25 01:52 . 2008-04-14 12:57 462,848 --a------ C:\WINDOWS\system32\Firebird2Control.cpl
2008-05-25 01:52 . 2008-04-14 12:52 450,560 --a------ C:\WINDOWS\system32\GDS32.DLL
2008-05-24 19:01 . 2008-05-24 19:01 <DIR> d-------- C:\Program Files\FlameRobin
2008-05-18 23:40 . 2008-05-18 23:40 <DIR> d--h----- C:\New Folder (2)
2008-05-18 23:40 . 2008-05-18 23:40 <DIR> d--h----- C:\New Folder
2008-05-09 17:15 . 2008-05-10 16:35 <DIR> d-------- C:\Program Files\Platypus Free Trial
2008-05-09 14:12 . 2008-05-09 14:12 <DIR> d-------- C:\Documents and Settings\stanislav\Application Data\AdobeUM
2008-05-07 11:31 . 2008-05-07 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Contrast
2008-05-07 11:30 . 2008-05-07 11:30 <DIR> d-------- C:\Program Files\Contrast
2008-05-04 19:56 . 2008-05-04 20:00 <DIR> d-------- C:\WINDOWS\system32\Spider-Man 3 (Black Suit) dir
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 02:31 --------- d-----w C:\Documents and Settings\stanislav\Application Data\Free Download Manager
2008-05-21 18:23 3,001 --sha-w C:\Documents and Settings\stanislav\ppUser.dat
2008-05-18 11:11 --------- d-----w C:\Program Files\CDlyse
2008-05-17 10:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-25 16:42 --------- d-----w C:\Program Files\DirectX Buster
2008-04-25 14:36 --------- d-----w C:\Program Files\Firebird
2008-04-24 08:48 --------- d-----w C:\Documents and Settings\stanislav\Application Data\Contrast
2008-04-22 16:15 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-04-22 16:15 --------- d-----w C:\Program Files\Easy CD-DA Extractor 5.0
2008-04-21 17:25 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe
2005-08-27 15:26 1,581,056 ----a-w C:\Program Files\SAFlashPlayer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-26_15.04.37,36 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-26 10:30:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-29 13:29:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-09-24 21:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-24 21:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-24 22:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-05-29 13:30:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-03-12 03:18 14336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 07:16 5058560]
"nwiz"="nwiz.exe" [2003-10-06 07:16 741376 C:\WINDOWS\system32\nwiz.exe]
"PCTVRemote"="C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe" [2002-01-28 20:12 61440]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-03-12 03:18 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-05-29 16:08:19
Windows 5.1.2600 Service Pack 2, v.2096 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-29 16:14:26
ComboFix-quarantined-files.txt 2008-05-29 14:13:58
ComboFix2.txt 2008-05-26 13:06:17
Pre-Run: 2,370,895,872 bytes free
Post-Run: 2,384,773,120 bytes free
102
Dakle, ne znam šta se desilo, ali, hidden files se vide! Sve se ponaša prilično normalno! Jedino šro sam primetio da se na obe particije pojavljuju skriveni folderi karakterističnih imena. Ne znam da li su oni vezani za FixPolicies, Flash_Disinfector ili ComboFix, ili su vezani za xp, samo mi je čudno što se pojavljuju i na D particiji koja nije sistemska. Ako pokušam da ih obrišem iznova se generišu svaki put kada otvorim prozor u winexploreru...
Što se tiče USBa, formatirao sam ga...
Hvala do neba za pomoć, a ako ne tražim previše, samo mi objasni šta da radim u vezi ovih "Cumnjivih" hidden foldera? Da li bi mogli da mi prave problem?
E, da, još jedna stvar!
Dopuna: 30 Maj 2008 5:00
Daklem, još jedna stvar! Kao što se vidi na slici C particije, jedan od fajlova je i ntldr!!! Kako je, dođavola, on dospeo tu??? Da li je to ONAJ ntldr? Da li sam puk'o ako ga deletujem?
Još jednom, hvaaalaaa!!!
|
|
|
|
|
|
Poslao: 30 Maj 2008 15:47
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Obrisala ga je neka od alatki izgleda automatski.
Po meni je ovo resen slucaj.
Ima li jos nekakvih simptoma?
|
|
|
|
Poslao: 30 Maj 2008 19:06
|
offline
- Pridružio: 09 Jun 2004
- Poruke: 137
- Gde živiš: Beograd
|
Nicht! Sve radi k'o sat!
Daklem, posle X puta oborenog sistema... Najzad!
Hvala puno! Nadam se da ću jednom uzvratiti uslugu tako što ću moći nekom da pomognem...
Pozdrav!
|
|
|
|