MyCity » Ambulanta -> Arhiva Ambulante » [bobby]nekoliko problema

[bobby]nekoliko problema

Napisano na dan: 17.11.2008
1

[bobby]nekoliko problema
Sledeća strana Pagination

Idi na vrh

Poslao: 17 Nov 2008 19:00
Idi na vrh
offline
  • Pridružio: 17 Nov 2008
  • Poruke: 12

Juce sam sa usb flash "navukao" virus... valjda... Avast je poludeo, trazio da pokrenem boot time scan, uradio, prebrisao virus koji se u medjuvremenu naselio pa zarazio razne exe fajlove ali srecom samo neki programi ne rade, sad radi sve ok osim tih programa koje cu da reinstaliram pa ni to nije strasno. Ali, sad imam problem sa Task manager-om, ne radi ( disabled by your administrator) isto i registry editing.... Sve u svemu evo ga ovaj hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29:53, on 17.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Documents and Settings\dr\Desktop\FeedReader313Setup\feedreader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe
C:\Program Files\Windows Media Player\setup_wm.exe
C:\DOCUME~1\dr\LOCALS~1\Temp\WMC0000.tmp\WMPAU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TuneUp Utilities 2008\OneClick.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Documents and Settings\dr\Desktop\New Folder\ol.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.116.60.34:3128
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FDFA188-DDF7-4E76-B1F6-AFB0CD14BAC6}: NameServer = 77.105.0.18 77.105.0.19
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6920 bytes



Poslao: 17 Nov 2008 19:22
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Pokusaj da pomocu sledeceg uputstva postavis ovde log fajl iz Avasta:
[Link mogu videti samo ulogovani korisnici]



Poslao: 17 Nov 2008 19:33
Idi na vrh
offline
  • Pridružio: 17 Nov 2008
  • Poruke: 12

5.11.2008 18:42:21 SYSTEM 1288 Sign of "Win32:Sality-gen" has been found in "G:\LaunchU3.exe" file.
5.11.2008 18:52:09 dr 3084 Sign of "VBS:Malware-gen" has been found in "G:\autorun.inf" file.
5.11.2008 19:11:44 SYSTEM 1288 Sign of "Win32:Sality-gen" has been found in "G:\winamp5541_full_emusic-7plus_en-us.exe" file.
5.11.2008 19:11:57 SYSTEM 1288 Sign of "Win32:Sality-gen" has been found in "G:\mv2p070RC2p.exe" file.
5.11.2008 19:12:44 dr 2952 Sign of "Win32:Sality-gen" has been found in "G:\pavohl.pif" file.
5.11.2008 19:12:52 dr 2952 Sign of "Win32:Sality-gen" has been found in "G:\xlk9.com" file.
5.11.2008 20:08:49 dr 1240 Sign of "Win32:Sality-gen" has been found in "G:\Typing Master Pro 7 Eng 2006\Typing Master Pro 7 Eng 2006.exe" file.
5.11.2008 20:09:18 dr 1240 Sign of "Win32:Sality-gen" has been found in "G:\aagush.pif" file.
5.11.2008 20:09:18 dr 1240 Sign of "Win32:Sality-gen" has been found in "G:\xlk9.com" file.
5.11.2008 20:42:11 dr 3848 Sign of "Win32:Sality-gen" has been found in "G:\xlk9.com" file.
6.11.2008 20:19:37 dr 876 Sign of "Win32:Inject-PW [Trj]" has been found in "F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe" file.
6.11.2008 20:19:53 dr 876 Sign of "BV:AutoRun-G [Wrm]" has been found in "F:\autorun.inf" file.
7.11.2008 18:56:46 dr 700 Sign of "Win32:Wukill-B [Wrm]" has been found in "F:\WINFILE.EXE" file.
7.11.2008 18:56:56 dr 700 Sign of "VBS:Malware-gen" has been found in "F:\comment.htt" file.
14.11.2008 20:12:27 dr 908 Sign of "Win32:Inject-PW [Trj]" has been found in "F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe" file.
14.11.2008 20:12:38 dr 908 Sign of "BV:AutoRun-G [Wrm]" has been found in "F:\autorun.inf" file.
14.11.2008 22:40:02 dr 1480 Sign of "Win32:Sality-gen" has been found in "G:\aswclnr.exe" file.
14.11.2008 22:40:20 dr 1480 Sign of "Win32:Sality-gen" has been found in "G:\nikj.exe" file.
17.11.2008 1:09:25 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "G:\LaunchU3.exe" file.
17.11.2008 1:10:02 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "G:\pcbxx.exe" file.
17.11.2008 1:10:11 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "C:\Program Files\Real\RealPlayer\RecordingManager.exe" file.
17.11.2008 1:10:19 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "G:\pcbxx.exe" file.
17.11.2008 1:10:31 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "G:\pcbxx.exe" file.
17.11.2008 1:10:34 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "C:\PROGRAM FILES\ADOBE\READER 9.0\READER\READER_SL.EXE" file.
17.11.2008 1:10:41 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "G:\pcbxx.exe" file.
17.11.2008 1:10:46 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "D:\CD4C0867D9A98018D13CB584B02D\spuninst.exe" file.
17.11.2008 1:10:52 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "G:\pcbxx.exe" file.
17.11.2008 1:10:57 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" file.
17.11.2008 1:11:03 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "D:\CD4C0867D9A98018D13CB584B02D\spupdsvc.exe" file.
17.11.2008 1:11:14 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "G:\pcbxx.exe" file.
17.11.2008 1:11:26 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "G:\pcbxx.exe" file.
17.11.2008 1:11:30 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "D:\CD4C0867D9A98018D13CB584B02D\UPDATE\idndl.exe" file.
17.11.2008 1:11:37 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "G:\pcbxx.exe" file.
17.11.2008 1:11:40 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\YAHOO!\YUPDATER\yupdater.exe" file.
17.11.2008 1:11:52 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "G:\pcbxx.exe" file.
17.11.2008 1:12:02 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe" file.
17.11.2008 1:12:22 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "G:\pcbxx.exe" file.
17.11.2008 1:12:25 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "D:\CD4C0867D9A98018D13CB584B02D\UPDATE\iesetup.exe" file.
17.11.2008 1:12:32 SYSTEM 1380 Sign of "Win32:Sality-gen" has been found in "G:\pcbxx.exe" file.
17.11.2008 1:22:47 dr 1300 Sign of "Win32:Sality-gen" has been found in "C:\PROGRAM FILES\COREL\CORELDRAW GRAPHICS SUITE 13\PROGRAMS\CORELDRW.EXE" file.
17.11.2008 1:22:47 dr 1300 Sign of "Win32:Sality-gen" has been found in "C:\PROGRAM FILES\COREL\CORELDRAW GRAPHICS SUITE 13\PROGRAMS\CORELPP.EXE" file.
17.11.2008 1:22:52 dr 1300 Sign of "Win32:Sality-gen" has been found in "C:\PROGRAM FILES\ADOBE\ADOBE PHOTOSHOP CS2\IMAGEREADY.EXE" file.
17.11.2008 1:23:13 dr 1300 Sign of "Win32:Sality-gen" has been found in "C:\WINDOWS\SYSTEM32\NEROCHECK.EXE" file.
17.11.2008 1:25:59 dr 1292 Sign of "Win32:Sality-gen" has been found in "C:\PROGRAM FILES\COREL\CORELDRAW GRAPHICS SUITE 13\PROGRAMS\CORELDRW.EXE" file.
17.11.2008 1:25:59 dr 1292 Sign of "Win32:Sality-gen" has been found in "C:\PROGRAM FILES\COREL\CORELDRAW GRAPHICS SUITE 13\PROGRAMS\CORELPP.EXE" file.
17.11.2008 1:26:02 dr 1292 Sign of "Win32:Sality-gen" has been found in "C:\PROGRAM FILES\ADOBE\ADOBE PHOTOSHOP CS2\IMAGEREADY.EXE" file.
17.11.2008 1:26:24 dr 1292 Sign of "Win32:Sality-gen" has been found in "C:\WINDOWS\SYSTEM32\NEROCHECK.EXE" file.
17.11.2008 1:28:41 dr 3004 Sign of "Win32:Sality-gen" has been found in "c:\windows\system32\nerocheck.exe" file.
17.11.2008 4:19:30 SYSTEM 420 Sign of "JS:Agent-DE [Trj]" has been found in "http://pro-scan-online.com/2009/1/en/_freescan.php?nu=88675" file.

Dopuna: 17 Nov 2008 19:33

Mislim da sam usspeo, jesam li? Je l' to?

Poslao: 17 Nov 2008 19:43
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Jeste to, ali imam losu vest - mi ne mozemo da pomognemo u uklanjanju Sality virusa. To je fajl-infektor, i njega moze da ukloni samo dobar AV program, mada ni to nije neka garancija jer posle uklanjanja virusa postoji velika sanasa da programi koji su bili zarazeni nece vise funkcionisati.
Ukoliko virus zahvati sistemske fajlove, onda tesko da mozes proci drugacije osim sa reinstalacijom Windowsa uz obavezno formatiranje celog HD-a pre toga.
Formatiranje je obavezno i za sve USB stickove i ostale medije koje kacis preko USB prikjucka (MP3 player, mobilni, eksterni HD itd.)

Problem je sada, ukoliko prvo instaliras Windows, pa onda prikljucis inficirani USB stick - ponovo ces zaraziti komp.
Ukoliko pak sada ocistis USB, moguce je da bude ponovo zarazen pre nego sto stignes da ga iscupas iz racunara.

Optimalno resenje bi bilo formatiranje USB stickova i ostalih USB uredjaja sa nekog racunara koji radi na Linuxu, ili pak koriscenjem nekog Linux LiveCD-a.

Drugo resenje bi bilo da preformatiras HD, instaliras Windows i neki anti-virus, pa da se opet ovde javis, ali da u medjuvremenu ne ubacujes USB stick ili bilo sta drugo sto ide na USB portove (mobilni, eksterni HD itd.)
Ja cu ti onda dati program koji ce onemoguciti da virus predje sa USB sticka na komp, pa ces ti onda moci na miru da formatiras USB stick.

Poslao: 17 Nov 2008 19:50
Idi na vrh
offline
  • Pridružio: 17 Nov 2008
  • Poruke: 12

Ali meni Avast vise ne prijavljuje da imam virus, mislis da je jos uvek tu? Epa stvarno losa vest... Imam 160gb podataka a rezac mi se pokvario pre nedelju dana... A i pitanje, ako ja krenem da rezem sve sa harda na diskove nece li da "predje" i virus?

Poslao: 17 Nov 2008 19:53
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Hajmo onda ovako:

1. Proskeniraj ceo komp Avastom. Ukoliko bilo sta prijavi, postavi ovde novi log, bas kao sto si malopre uradio

2. Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings....

U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK.

Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.


Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.

3. Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 17 Nov 2008 20:01
Idi na vrh
offline
  • Pridružio: 17 Nov 2008
  • Poruke: 12

Mnogo ti hvala, javicu se za jedno dva- tri sata jer mu toliko treba da preskenira i da okacim sve to... Pozz

Poslao: 17 Nov 2008 20:23
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

OK.
Ako se desi da vec podjem na spavanje (posto ustajem u 5), onda cu moci da pregledam tek sutra, kad se vratim s posla.

Poslao: 18 Nov 2008 18:50
Idi na vrh
offline
  • Pridružio: 17 Nov 2008
  • Poruke: 12

E, ovako stoje stvari, skenirao sam boot time scan i pronasao ga je i obrisao ali samo na jednom mestu, uostalom evo kako stoje stvari

11/17/2008 20:09
Skenira sve lokalne diskove

Datoteka: C:\Documents and Settings\dr\My Documents\My Videos\ULarko27.rar.part\ULarko27\VA - Ultra Lounge, Cocktails With Cole Porter (2004)\18 - Ella Fitzgerald & Duke Ellington & His Orchestra - Let's Do It (Let's Fall In Love).mp3 Greška 42126 {RAR arhiva je oštecena.}
Datoteka: D:\Instalacije\ANTIVIRUSI\Norton AntiVirus 2004\SUPPORT\MSIE\IEAK6OPT.CAB\ie55urd.exe\Wise0021.bin Greška 42146 {Instalaciona arhiva je oštecena.}
Datoteka: D:\Instalacije\mikro inst\SpellunkerSetup.exe\[Embedded#02d004]\{app}\Spellunker.RWG je inficirana sa Win32:Swizzor-N [Trj], Obrisan
Datoteka: D:\System Volume Information\_restore{9E70937D-7879-4321-ADA8-2558C9E8805B}\RP86\A0011194.exe je inficirana sa Win32:Sality-gen, Obrisan
Datoteka: D:\System Volume Information\_restore{9E70937D-7879-4321-ADA8-2558C9E8805B}\RP89\A0012263.exe\[Embedded#02d004]\{app}\Spellunker.RWG je inficirana sa Win32:Swizzor-N [Trj], Obrisan
Broj skeniranih fascikla: 5952
Broj testiranih datoteka: 606272
Broj inficiranih datoteka: 3



Ostalo sam uradio po instrukcijama i rezultat je sledeci

ComboFix 08-11-16.02 - dr 2008-11-17 23:52:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.466 [GMT 1:00]
Running from: c:\documents and settings\dr\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.

2008-11-17 18:45 . 2008-11-17 18:45 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-17 18:44 . 2008-11-17 18:44 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-17 18:44 . 2008-11-17 18:44 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-13 14:26 . 2008-11-17 18:46 1,393 --a------ c:\windows\imsins.BAK
2008-11-13 14:23 . 2008-11-14 20:07 <DIR> d-------- c:\program files\Super Internet TV
2008-11-13 14:17 . 2008-10-03 18:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-13 14:17 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-13 14:17 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-13 14:17 . 2008-08-26 08:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-13 14:17 . 2008-08-26 08:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-13 14:17 . 2008-08-26 08:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-13 14:17 . 2008-08-26 08:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-13 14:17 . 2008-08-26 08:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-13 14:17 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-12 12:30 . 2008-11-12 12:30 306,432 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-11-12 12:30 . 2007-12-20 10:41 29,440 --a------ c:\windows\system32\uxtuneup.dll
2008-11-12 02:38 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 01:20 . 2008-11-10 01:20 <DIR> d-------- c:\program files\Yahoo!
2008-11-10 01:20 . 2008-11-10 01:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-08 17:11 . 2008-11-17 18:09 116 --a------ c:\windows\NeroDigital.ini
2008-11-08 14:58 . 2008-11-08 14:58 <DIR> d-------- c:\program files\Common Files\Ahead
2008-11-08 14:58 . 2008-11-08 14:58 <DIR> d-------- c:\program files\Ahead
2008-11-08 14:58 . 2004-07-26 16:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2008-11-08 14:58 . 2004-07-26 16:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2008-11-08 14:58 . 2004-07-26 16:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2008-11-08 14:58 . 2004-07-09 08:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2008-11-08 14:58 . 2004-07-26 16:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2008-11-08 14:58 . 2005-09-01 11:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys
2008-11-08 14:58 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-11-08 14:58 . 2005-09-01 11:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys
2008-11-05 19:25 . 2008-11-05 19:25 30,946 --a------ c:\windows\system32\drivers\Partizan.sys
2008-11-05 19:25 . 2008-11-05 19:25 28,672 --a------ c:\windows\system32\Partizan.exe
2008-11-05 19:25 . 2005-04-03 15:02 8,944 --a------ c:\windows\system32\drivers\UnHackMeDrv.sys
2008-11-05 18:40 . 2008-11-17 01:12 <DIR> d-------- c:\documents and settings\dr\Application Data\U3
2008-11-04 18:53 . 2008-11-13 15:00 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-04 16:33 . 2008-11-04 16:33 <DIR> d-------- C:\RootkitNO
2008-11-04 16:33 . 2008-11-04 16:33 123 --a------ c:\windows\rootkitno.ini
2008-11-04 11:52 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-11-04 11:51 . 2008-11-04 11:51 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-11-04 11:51 . 2008-11-04 11:51 <DIR> d-------- c:\program files\Common Files\L&H
2008-11-04 11:50 . 2008-11-04 11:50 <DIR> d-------- c:\program files\Microsoft Works
2008-11-04 11:49 . 2008-11-04 11:51 <DIR> d-------- c:\windows\SHELLNEW
2008-11-04 11:49 . 2008-11-04 11:49 <DIR> d-------- c:\program files\Microsoft.NET
2008-11-04 11:14 . 2008-11-04 11:14 <DIR> d-------- c:\windows\Globalization
2008-11-04 11:14 . 2008-11-04 11:14 <DIR> d-------- c:\program files\Sublight
2008-11-04 10:55 . 2008-11-17 01:15 <DIR> d-------- c:\program files\UnHackMe
2008-11-04 10:55 . 2008-11-05 19:25 (2) -rahs-ot- c:\windows\winstart.bat
2008-11-02 16:50 . 2008-11-08 20:55 <DIR> d-------- c:\documents and settings\dr\Application Data\Feedreader
2008-10-31 15:13 . 2008-11-12 12:30 <DIR> d-------- c:\program files\TuneUp Utilities 2008
2008-10-31 15:13 . 2008-10-31 15:13 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-31 15:13 . 2008-10-31 15:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2008-10-31 06:13 . 2007-07-30 19:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-10-31 06:13 . 2007-07-30 19:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-10-31 06:13 . 2007-07-30 19:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-30 23:14 . 2008-10-30 23:14 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-10-30 23:14 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-10-30 22:44 . 2008-10-30 23:16 <DIR> d-------- c:\program files\Windows Live
2008-10-30 22:44 . 2008-10-30 22:49 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-10-30 22:44 . 2008-10-30 22:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-29 11:29 . 2008-10-29 11:29 <DIR> d-------- c:\documents and settings\dr\Application Data\TuneUp Software
2008-10-28 18:40 . 2008-10-28 18:40 <DIR> d---s---- c:\documents and settings\dr\UserData
2008-10-27 16:36 . 2008-10-27 16:36 <DIR> d-------- c:\program files\MSXML 6.0
2008-10-26 15:30 . 2008-10-26 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Phase One
2008-10-26 12:45 . 2008-10-26 12:45 <DIR> d-------- c:\program files\ReflexiveArcade
2008-10-26 12:45 . 2008-10-26 12:48 <DIR> d-------- c:\program files\Ballistik
2008-10-26 12:24 . 2008-10-26 12:24 <DIR> d-------- c:\program files\Phase One
2008-10-26 12:05 . 2008-10-26 12:05 <DIR> d-------- c:\program files\MSBuild
2008-10-26 12:02 . 2008-10-26 12:02 <DIR> d-------- c:\windows\system32\XPSViewer
2008-10-26 12:02 . 2008-10-26 12:02 <DIR> d-------- c:\program files\Reference Assemblies
2008-10-26 12:02 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-10-23 17:15 . 2008-10-23 17:15 <DIR> d-------- c:\program files\MSXML 4.0
2008-10-23 13:38 . 2008-10-23 13:38 <DIR> d-------- c:\program files\DivX
2008-10-23 13:38 . 2003-03-15 21:15 90,112 --a------ c:\windows\unvise32.exe
2008-10-22 23:58 . 2008-10-22 23:58 <DIR> d-------- c:\windows\Sun
2008-10-22 16:09 . 2008-10-22 16:09 42 --a------ c:\windows\system32\Jiii_PNUCT.pnc
2008-10-22 16:08 . 2008-10-22 16:36 <DIR> d-------- c:\program files\Perfect Uninstaller
2008-10-22 16:08 . 2008-10-22 16:08 42 --a------ c:\windows\system32\AK083E209605E394C.lie
2008-10-22 15:04 . 2008-10-22 15:04 <DIR> d-------- c:\program files\Common Files\xing shared
2008-10-21 20:54 . 2008-10-22 16:43 272 --a------ c:\documents and settings\dr\Application Data\ltbpr.dat
2008-10-21 19:01 . 2008-10-21 19:02 <DIR> d-------- c:\program files\Ydde
2008-10-21 17:45 . 2004-08-03 22:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-21 17:13 . 2008-10-24 14:05 104 -r-hs---- c:\windows\system32\8E03600645.sys
2008-10-21 15:58 . 2008-11-03 19:30 100 --a------ c:\windows\cdplayer.ini
2008-10-21 13:09 . 2008-10-21 13:09 <DIR> d-------- c:\program files\AcreSoft Health Stars
2008-10-21 13:09 . 2008-10-22 15:04 1,000 --a------ c:\windows\posteriza.INI
2008-10-21 12:04 . 2008-10-21 12:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-10-21 12:00 . 2008-10-24 14:05 7,520 --ahs---- c:\windows\system32\KGyGaAvL.sys
2008-10-21 11:59 . 2008-11-17 17:48 <DIR> d-------- c:\program files\Corel
2008-10-20 22:19 . 2008-10-20 22:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2008-10-20 22:18 . 2008-10-20 22:18 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-10-20 20:03 . 2008-10-20 20:03 <DIR> d-------- c:\program files\Real
2008-10-20 20:03 . 2008-10-22 15:04 <DIR> d-------- c:\program files\Common Files\Real
2008-10-20 12:58 . 2004-08-04 02:07 221,184 --a------ c:\windows\system32\wmpns.dll
2008-10-20 08:25 . 2008-10-20 08:25 <DIR> d-------- c:\program files\Java
2008-10-20 08:25 . 2008-06-10 01:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-19 21:58 . 2008-10-19 21:58 <DIR> d-------- c:\program files\URUSoft
2008-10-19 21:47 . 2008-10-19 21:47 <DIR> d-------- c:\program files\Webteh
2008-10-19 21:28 . 2008-10-19 21:28 <DIR> d-------- c:\program files\AMD
2008-10-19 21:28 . 2006-11-01 13:42 33,280 --a------ c:\windows\system32\drivers\AmdLLD.sys
2008-10-19 21:27 . 2008-10-21 20:54 <DIR> d-------- c:\windows\Downloaded Installations
2008-10-19 21:10 . 2008-10-19 21:10 <DIR> d-------- c:\documents and settings\dr\Application Data\CyberLink
2008-10-19 21:09 . 2008-10-19 21:09 <DIR> d-------- c:\program files\CyberLink
2008-10-19 21:09 . 2008-10-19 21:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2008-10-19 21:07 . 2008-10-19 21:07 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-10-19 21:07 . 2008-07-23 17:50 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-10-19 21:07 . 2008-07-04 07:34 860,160 --a------ c:\windows\system32\lameACM.acm
2008-10-19 21:07 . 2008-01-10 13:15 755,027 --a------ c:\windows\system32\xvidcore.dll
2008-10-19 21:07 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-10-19 21:07 . 2007-09-04 17:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-10-19 21:07 . 2008-01-10 13:16 159,839 --a------ c:\windows\system32\xvidvfw.dll
2008-10-19 21:07 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2008-10-19 21:07 . 2008-07-25 09:34 81,920 --a------ c:\windows\system32\dpl100.dll
2008-10-19 21:07 . 2008-06-12 19:36 7,680 --a------ c:\windows\system32\ff_vfw.dll
2008-10-19 21:07 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-10-19 21:07 . 2007-10-03 16:03 414 --a------ c:\windows\system32\lame_acm.xml
2008-10-19 21:07 . 2008-07-30 20:09 38 --a------ c:\windows\avisplitter.ini
2008-10-19 20:43 . 2008-10-19 20:43 <DIR> d-------- c:\documents and settings\dr\Application Data\Media Player Classic
2008-10-19 20:10 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-19 20:10 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-19 20:10 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-19 20:10 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-19 19:34 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-10-19 19:34 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-19 19:25 . 2008-10-19 19:25 <DIR> d-------- c:\program files\Common Files\Java
2008-10-19 18:59 . 2008-11-16 00:54 <DIR> d--h----- c:\windows\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:23 --------- d-----w c:\program files\Mv2Player
2008-10-21 11:04 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-20 21:20 --------- d-----w c:\program files\Common Files\Adobe
2008-10-19 20:09 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-19 16:57 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-19 16:53 --------- d-----w c:\program files\Alwil Software
2008-10-19 16:48 --------- d-----w c:\program files\Conexant
2008-10-19 16:29 --------- d-----w c:\program files\Realtek
2008-10-19 15:55 --------- d-----w c:\program files\microsoft frontpage
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 19:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2006-10-03 01:43 2,402,550 ----a-w c:\windows\inf\SET1E2.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2007-09-17 228352]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-07 8425472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-07 81920]
"CnxDslTaskBar"="c:\program files\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2003-10-29 462848]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"nwiz"="nwiz.exe" [2007-03-07 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\dr\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-19 20560]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 14336]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2008-10-19 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2008-10-19 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2008-10-19 108675]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2008-11-05 30946]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-11-12 306432]
S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"c:\program files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 98328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48496bca-aa86-11dd-8ecc-0016e69d9ceb}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48496bcb-aa86-11dd-8ecc-0016e69d9ceb}]
\sHEll\AutopLAy\COmmand - G:\inyul.pif
\sHEll\AutoRun\command - G:\inyul.pif
\sHEll\eXPlORE\COMMand - G:\inyul.pif
\sHEll\OpEn\comMand - G:\inyul.pif

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\dr\Application Data\Mozilla\Firefox\Profiles\m1i65m0j.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - [Link mogu videti samo ulogovani korisnici]
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-11-17 23:53:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-17 23:54:47
ComboFix-quarantined-files.txt 2008-11-17 22:54:45

Pre-Run: 2.216.456.192 bytes free
Post-Run: 2,264,248,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

260 --- E O F --- 2008-11-15 23:55:00

Dopuna: 18 Nov 2008 0:34

Malo sam bio sporiji nego sto sam rekao, izvini ako si cekao.. Poz pa sutra, prekosutra... kad nadjes vremena...

Dopuna: 18 Nov 2008 0:38

A, da, Task Manager sad radi....

Dopuna: 18 Nov 2008 18:48

A imam i neki Bog-te-pita program, valjda anti trojan, sad on nesto prijavljuje, elem pokusao sam da ga uslikam i valjda sam uspeo, sad cu da prikacim, mada jedan nistam slikao, nisam nista brisao niti popravljao da ne bi napravio veci haos.


Dopuna: 18 Nov 2008 18:50

mislim da je druga prijava bila za taj combofix pa zato nisam popravljao, racunam da to mora tako

Poslao: 18 Nov 2008 20:15
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Verujem da ti je neki od USB stickova ili neka druga vrsta USB mas-medija, inficiran.

Skini sledeci program - [Link mogu videti samo ulogovani korisnici]
- startuj ga i odaberi opciju Auto block
- ubaci USB stick u komp i sacekaj koji sekund (recimo 5-10 sekundi)
- program je sada uradio analizu sticka (vidi se u donjem delu programa, u logu)
- gore levo klikni duplo na slovo koje oznacava particiju, tj. tvoj USB stick
- dole kraj sata ce se pojaviti poruka da smes da izvadis USB stick iz kompa
- ne gasi program, vec ubaci sledeci USB stick i za njega isto sacekaj par sekundi, i tako redom za sve stickove, MP3 plejere, mobilni
- zapamti kojim redom su ubacivani stickovi

Kada sve to zavrsis, log u donjem delu programa ce sadrzati sve podatke koji su meni potrebni da bih video koji stick je zarazen.
Klikni desnim dugmetom misa na log/izvestaj i odaberi Save log.
Automatski ce se otvoriti Notepad i u njemu izvestaj.
Iskopiraj mi taj izvestaj ovde na forum.

MyCity » Ambulanta -> Arhiva Ambulante » [bobby]nekoliko problema

Ko je trenutno na forumu
 

Ukupno su 2074 korisnika na forumu :: 80 registrovanih, 2 sakrivenih i 1992 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: B61, babaroga, bokicacar, boro975, boromir, Bubimir, Coficab, cuvarkuca, DalmatinacMF, dd201176, Dorcolac, dragan_mig31, DrFlyFisherman, Dzoni2412, ElvisP, eulereix, Folkstar, Frunze, gasha, Georgius, Gheljda, Glavni Oružni, Goran 0000, GrobarPovratak, Hardenberg, HrcAk47, iceburn, Insan, jalos, jeen yuhs, Jeremiah, Kamov, Kenanjoz, komsija1, Kozi-RS, Kruger, ladro, ljuba, LostInSpaceandTime, marko.markovic, mikrimaus, milanpb, milenko crazy north, mishkooo, mix1, Mićko, mux, N.e.m.a.nj.a., Neutral-M, niksa517, novator, Orc, panzermilan45, Peruta, Povratak1912, qurtamurta, redstar72, sasics, Sevatar, Skok23, skvara, skylab1111, Snorks, spalev, stefanmpurtic, superwhy, theNedjeljko, tooooom, tritonus, VanZan, Vlada78, vladaa012, VX1, Wepp, zajcev1, Zanimljivo, Zoran1959, zoran77, Zorge, Žoržo