Poslao: 24 Dec 2008 19:38
|
offline
- Registar
- Novi MyCity građanin
- Pridružio: 19 Dec 2008
- Poruke: 11
|
Uh, valjda je to to
Pozdrav
ComboFix 08-12-23.01 - D 2008-12-24 19:33:10.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.27 [GMT 1:00]
Running from: c:\documents and settings\D\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.
2008-12-21 15:23 . 2008-12-21 18:02 <DIR> d-------- c:\program files\Morton Benson
2008-12-19 22:58 . 2008-12-19 22:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2008-12-19 22:23 . 2008-12-19 22:44 <DIR> d-------- c:\program files\USB Disk Security
2008-12-19 22:10 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-12-19 22:10 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-19 22:08 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-19 22:08 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-19 22:08 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-19 22:08 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-19 22:07 . 2008-12-19 22:50 <DIR> d--h----- c:\windows\$hf_mig$
2008-12-19 22:04 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-19 22:04 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-19 22:04 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-19 22:04 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-19 22:00 . 2008-12-19 22:00 <DIR> d-------- c:\program files\Trend Micro
2008-12-11 21:05 . 2008-12-11 21:05 1,606,064 --a------ c:\program files\googletalk-setup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 18:37 23,392,288 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-24 14:58 276,572 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-22 21:19 11,871,410 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-19 18:51 --------- d-----w c:\program files\Opera
2008-12-11 20:05 --------- d-----w c:\program files\Google
2008-11-14 19:12 --------- d-----w c:\program files\Ahead
2008-11-14 12:01 --------- d-----w c:\documents and settings\D\Application Data\Image Zone Express
2008-10-25 15:45 1,851,544 ----a-w c:\program files\install_flash_player.exe
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2006-12-03 13:36 1,917,607 ----a-w c:\program files\PictureAce.exe
2006-12-03 13:23 5,900,416 ----a-w c:\program files\Firefox Setup 2.0.exe
2006-12-03 13:23 1,440,683 ----a-w c:\program files\removeit_pro.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-01 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-01 20560]
S3 efipsk;efipsk;\??\c:\docume~1\D\LOCALS~1\Temp\efipsk.sys []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fa77657-c2f4-11dd-809a-000ea634fb91}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll
Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll
FF - ProfilePath - c:\documents and settings\D\Application Data\Mozilla\Firefox\Profiles\nm6vty6k.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Opera\Program\Plugins\np32dsw.dll
FF - plugin: c:\program files\Opera\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera\Program\Plugins\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-24 19:36:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-24 19:38:45
ComboFix-quarantined-files.txt 2008-12-24 18:38:42
Pre-Run: 1,838,870,528 bytes free
Post-Run: 1,819,459,584 bytes free
125 --- E O F --- 2008-12-21 21:23:40
|
|
|
|
Poslao: 25 Dec 2008 07:51
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
O, da, to je to, napokon.
Znaci Avast je bio ubio CF, pa nije mogao da radi.
Uradi sledece:
Skini sledeci program - http://amf.mycity.rs/personal/bobby/USB_blocker/usb_blocker.exe
- startuj ga i odaberi opciju Auto block
- ubaci USB stick u komp i sacekaj koji sekund (recimo 5-10 sekundi)
- program je sada uradio analizu sticka (vidi se u donjem delu programa, u logu)
- gore levo klikni duplo na slovo koje oznacava particiju, tj. tvoj USB stick
- dole kraj sata ce se pojaviti poruka da smes da izvadis USB stick iz kompa
- ne gasi program, vec ubaci sledeci USB stick i za njega isto sacekaj par sekundi, i tako redom za sve stickove, MP3 plejere, mobilni
- zapamti kojim redom su ubacivani stickovi
Kada sve to zavrsis, log u donjem delu programa ce sadrzati sve podatke koji su meni potrebni da bih video koji stick je zarazen.
Klikni desnim dugmetom misa na log/izvestaj i odaberi Save log.
Automatski ce se otvoriti Notepad i u njemu izvestaj.
Iskopiraj mi taj izvestaj ovde na forum.
|
|
|
|
Poslao: 25 Dec 2008 19:28
|
offline
- Registar
- Novi MyCity građanin
- Pridružio: 19 Dec 2008
- Poruke: 11
|
Stize. 5 USB flash-ova. Doduse, ovaj poslednji mi je nesto cudan, za razliku od ostalih on se predstavio kao G:, a u logu je zauzeo dva ili tri mesta, kao da je rec o 2-3 uredjaja. Valjda ce ti biti jasno.
Pozdrav
USB_blocker by bobby
Started at 25/12/2008 19:23:27
Scanning for connected USB Mass storage...
========================================
========================================
Scanning for other storage...
========================================
C: cf0cef52-770a-11d9-8266-806d6172696f
D: cf0cef53-770a-11d9-8266-806d6172696f
========================================
Scanning fixed storage for autorun.inf files...
========================================
========================================
New device connected at 25/12/2008 19:24:55
Scanning for connected USB Mass storage...
========================================
E: 155b6358-ca6e-11da-b62a-000ea634fb91
========================================
Scanning USB mass storage for autorun.inf and desktop.ini files...
========================================
Sanitizing Shell Menu...
Sanitized 155b6358-ca6e-11da-b62a-000ea634fb91
========================================
New device connected at 25/12/2008 19:25:42
Scanning for connected USB Mass storage...
========================================
E: 8aaa3f30-7706-11d9-8526-dc9ca7334845
========================================
Scanning USB mass storage for autorun.inf and desktop.ini files...
========================================
Sanitizing Shell Menu...
No key for GUID: 8aaa3f30-7706-11d9-8526-dc9ca7334845
========================================
New device connected at 25/12/2008 19:26:48
Scanning for connected USB Mass storage...
========================================
E: 3304fe10-cdf4-11dd-80bf-d8a4d68dc8e9
========================================
Scanning USB mass storage for autorun.inf and desktop.ini files...
========================================
Sanitizing Shell Menu...
No key for GUID: 3304fe10-cdf4-11dd-80bf-d8a4d68dc8e9
========================================
New device connected at 25/12/2008 19:27:19
Scanning for connected USB Mass storage...
========================================
E: 511f8fae-353e-11dd-9e0a-000ea634fb91
========================================
Scanning USB mass storage for autorun.inf and desktop.ini files...
========================================
Sanitizing Shell Menu...
No key for GUID: 511f8fae-353e-11dd-9e0a-000ea634fb91
========================================
New device connected at 25/12/2008 19:27:58
Scanning for connected USB Mass storage...
========================================
========================================
Scanning USB mass storage for autorun.inf and desktop.ini files...
========================================
Sanitizing Shell Menu...
========================================
New device connected at 25/12/2008 19:27:59
Scanning for connected USB Mass storage...
========================================
G: 7d716c46-c9ed-11dd-80ae-000ea634fb91
========================================
Scanning USB mass storage for autorun.inf and desktop.ini files...
========================================
Sanitizing Shell Menu...
No key for GUID: 7d716c46-c9ed-11dd-80ae-000ea634fb91
========================================
New device connected at 25/12/2008 19:28:00
Scanning for connected USB Mass storage...
========================================
G: 7d716c46-c9ed-11dd-80ae-000ea634fb91
========================================
Scanning USB mass storage for autorun.inf and desktop.ini files...
========================================
Sanitizing Shell Menu...
No key for GUID: 7d716c46-c9ed-11dd-80ae-000ea634fb91
========================================
|
|
|
|
Poslao: 26 Dec 2008 08:52
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
Kakvo je sad stanje, ima li problema?
Za dalje, nadam se da cu ti se sutra javiti. Ako ne, onda u ponedeljak.
|
|
|
|
Poslao: 26 Dec 2008 09:21
|
offline
- Registar
- Novi MyCity građanin
- Pridružio: 19 Dec 2008
- Poruke: 11
|
Hvala,
Nema trenutno problema, ali otkad smo krenuli sa prepiskom nisam ni zeleo da koristim USB flash-ove. Juče kada sam ih skenirao video sam da je na njima i dalje onih par kB iako ne prikazuje nikakav fajl ili folder. Ne znam da li je to nešto što USB flash-ovi generalno ima interno, a ja to nisam ranije primetio ili je nešto drugo.
S obzirom da koristim i kompjuter na poslu, a tu ne bih smeo baš da se igram jer pripada većem sistemu, a nisam siguran da li je potpuno čist, trebao bi mi savet da li da instaliram neki programčić na kućnom koji će sprečiti širenje virusa/trojanaca preko USB? Možda još neki savet za ubuduće, kako da prepoznam probleme i da ih i sam rešim...?
Pozdrav
|
|
|
|
Poslao: 26 Dec 2008 13:14
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
Otvoriti Notepad i iskopirati sledeci tekst:
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fa77657-c2f4-11dd-809a-000ea634fb91}]
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
|
|
|
|
Poslao: 26 Dec 2008 21:20
|
offline
- Registar
- Novi MyCity građanin
- Pridružio: 19 Dec 2008
- Poruke: 11
|
Stize. Dvoumio sam se da li da iskljucujem AV kao sto sam gore radio ili da doslovno pratim uputstva iz prethodne poruke. Izabrao sam ovo drugo i izgleda da je proslo OK.
Pozdrav
ComboFix 08-12-23.01 - D 2008-12-26 21:12:58.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.73 [GMT 1:00]
Running from: c:\documents and settings\D\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\D\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-11-26 to 2008-12-26 )))))))))))))))))))))))))))))))
.
2008-12-21 15:23 . 2008-12-21 18:02 <DIR> d-------- c:\program files\Morton Benson
2008-12-19 22:58 . 2008-12-19 22:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2008-12-19 22:23 . 2008-12-19 22:44 <DIR> d-------- c:\program files\USB Disk Security
2008-12-19 22:10 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-12-19 22:10 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-19 22:08 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-19 22:08 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-19 22:08 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-19 22:08 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-19 22:07 . 2008-12-19 22:50 <DIR> d--h----- c:\windows\$hf_mig$
2008-12-19 22:04 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-12-19 22:04 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-12-19 22:04 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-19 22:04 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-12-19 22:00 . 2008-12-19 22:00 <DIR> d-------- c:\program files\Trend Micro
2008-12-11 21:05 . 2008-12-11 21:05 1,606,064 --a------ c:\program files\googletalk-setup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 20:16 23,652,384 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-26 20:01 279,620 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-25 18:53 --------- d-----w c:\program files\Opera
2008-12-24 22:02 12,549,983 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-11 20:05 --------- d-----w c:\program files\Google
2008-11-14 19:12 --------- d-----w c:\program files\Ahead
2008-11-14 12:01 --------- d-----w c:\documents and settings\D\Application Data\Image Zone Express
2008-10-25 15:45 1,851,544 ----a-w c:\program files\install_flash_player.exe
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2006-12-03 13:36 1,917,607 ----a-w c:\program files\PictureAce.exe
2006-12-03 13:23 5,900,416 ----a-w c:\program files\Firefox Setup 2.0.exe
2006-12-03 13:23 1,440,683 ----a-w c:\program files\removeit_pro.exe
.
((((((((((((((((((((((((((((( snapshot@2008-12-24_19.37.41.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-26 20:01:41 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_52c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-01 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-01 20560]
S3 efipsk;efipsk;\??\c:\docume~1\D\LOCALS~1\Temp\efipsk.sys []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll
Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll
FF - ProfilePath - c:\documents and settings\D\Application Data\Mozilla\Firefox\Profiles\nm6vty6k.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Opera\Program\Plugins\np32dsw.dll
FF - plugin: c:\program files\Opera\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera\Program\Plugins\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-26 21:16:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-26 21:18:39
ComboFix-quarantined-files.txt 2008-12-26 20:18:35
ComboFix2.txt 2008-12-24 18:38:49
Pre-Run: 1,726,500,864 bytes free
Post-Run: 1,704,820,736 bytes free
127 --- E O F --- 2008-12-21 21:23:40
|
|
|
|
Poslao: 27 Dec 2008 10:46
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
Gotovo. Cist si.
Uradi jos ovo:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK
Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore
Pozz
|
|
|
|
Poslao: 28 Dec 2008 14:58
|
offline
- Registar
- Novi MyCity građanin
- Pridružio: 19 Dec 2008
- Poruke: 11
|
Uradjeno, hvala puno.
Uzgred, na flash-ovima se i dalje nalazi onih par kB. Da li su to mozda neki njegovi interni podaci, treba li to da me brine? Pitam zato sto to nisam ranije primecivao.
Takodje, imas li mozda neki savet za zastitu od virusa/trojanaca... koji se prenose preko flash-ova.
Hvala
Pozdrav
|
|
|
|
Poslao: 29 Dec 2008 07:44
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
Ovako, ti fajlovi nemam pojma sta su. Neka ostani, nisu losi.
Od zastite ti je dovoljan antivirus i firewall. Koliko znam ne postoji zastita samo za Flash.
Tako da, ako te nece onda te nece.
Pozzz
|
|
|
|