log drugi racunar

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Bobby evo ga i log sa druge masine

ComboFix 09-03-03.01 - User 2009-03-04 12:26:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.166 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-04 06:24 . 2009-03-04 06:24 <DIR> d-------- c:\windows\LastGood
2009-03-03 13:10 . 2008-05-08 13:28 202,752 --------- c:\windows\system32\dllcache\rmcast.sys
2009-03-03 13:09 . 2008-12-11 12:57 333,184 --------- c:\windows\system32\dllcache\srv.sys
2009-03-03 13:09 . 2008-05-01 15:30 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-03-03 13:08 . 2008-10-24 12:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-03 13:01 . 2008-12-21 00:15 6,066,688 --------- c:\windows\system32\dllcache\ieframe.dll
2009-03-03 13:01 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-03 13:01 . 2007-03-08 06:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-03 13:01 . 2008-04-11 19:50 683,520 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-03-03 13:01 . 2008-12-21 00:15 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-03 13:01 . 2008-12-21 00:15 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-03 13:01 . 2008-12-21 00:15 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-03-03 13:01 . 2008-12-21 00:15 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-03-03 13:01 . 2008-12-21 00:15 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-03 13:01 . 2008-12-19 10:10 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-03-03 12:59 . 2008-09-04 17:42 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2009-03-03 12:59 . 2008-10-15 17:57 332,800 --------- c:\windows\system32\dllcache\netapi32.dll
2009-03-03 12:59 . 2008-10-03 11:15 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2009-03-02 11:22 . 2009-03-02 11:22 <DIR> d-------- c:\program files\Trend Micro
2009-02-28 16:05 . 2009-03-03 17:00 <DIR> d-------- C:\USBNoRisk
2009-02-28 14:22 . 2009-02-28 14:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-28 14:22 . 2009-02-28 14:22 <DIR> d-------- c:\documents and settings\User\Application Data\Malwarebytes
2009-02-28 14:22 . 2009-02-28 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-28 14:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-28 14:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-27 07:11 . 2009-03-03 13:02 <DIR> d-------- c:\program files\Trojan Remover
2009-02-27 07:11 . 2009-02-27 07:11 <DIR> d-------- c:\documents and settings\User\Application Data\Simply Super Software
2009-02-27 07:11 . 2009-03-03 13:02 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-27 07:11 . 2009-02-27 07:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-02-27 07:11 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-02-27 07:11 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-02-27 07:11 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-02-27 07:11 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-02-27 07:11 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-02-26 08:23 . 2009-03-03 13:07 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-26 07:42 . 2009-03-04 12:21 <DIR> d-------- c:\program files\Mozilla Firefox 3.1 Beta 1
2009-02-26 07:42 . 2009-02-26 07:42 0 --a------ c:\windows\nsreg.dat
2009-02-26 07:39 . 2009-03-04 07:40 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-26 07:39 . 2009-02-26 07:51 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-26 07:39 . 2009-02-26 07:51 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-26 07:39 . 2009-02-26 07:51 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-26 07:38 . 2009-02-26 07:38 <DIR> d-------- c:\program files\AVG
2009-02-26 07:38 . 2009-02-26 07:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 20:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2004-06-09 14:03 832,728 ----a-w c:\program files\NPSWF32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2006-09-15 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-09-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-26 1601304]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-15 1214856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-26 07:51 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.divxa32"= msaud32_divx.acm
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-26 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-26 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-26 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-26 298264]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2007-03-12 19034]
S3 ulusbc;NEC 616 CONTROL Driver;c:\windows\system32\drivers\ulusbc.sys [2006-05-09 43264]
S3 ulusbe;NEC 616 ENUMERATION Driver;c:\windows\system32\drivers\ulusbe.sys [2006-05-09 12928]
S3 ulusbm;NEC 616 Modem Driver;c:\windows\system32\drivers\ulusbm.sys [2006-05-09 36352]
S3 ulusbo;NEC 616 OBEX Port Driver;c:\windows\system32\drivers\ulusbo.sys [2006-05-09 33920]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\o8r94e3e.default\
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-04 12:28:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
Completion time: 2009-03-04 12:29:32
ComboFix-quarantined-files.txt 2009-03-04 11:29:30
ComboFix2.txt 2009-03-02 12:03:32

Pre-Run: 57,667,395,584 bytes free
Post-Run: 57,676,087,296 bytes free

154 --- E O F --- 2009-03-04 11:25:55

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovaj izgleda OK.

Ostalo nam je da proverimo USB stick.
Obrisi stari USBNoRisko koji imas, pa onda idemo ponovo:

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

USBNoRisk 1.5 by bobby

Started at 04.03.2009 13:36:52

Scanning for connected USB Mass storage...
----------------------------------------
E: {257527c1-b32c-11da-9ef0-000ffe2ca386}
========================================

Scanning for other storage...
----------------------------------------
C: {c7c2a6b4-9de6-11da-9ec9-806d6172696f}
========================================

Scanning removable storage for autorun.inf and desktop.ini files...
----------------------------------------
Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 257527c1-b32c-11da-9ef0-000ffe2ca386
========================================

----------------------------------------

Desktop.ini on E: - None
----------------------------------------

----------------------------------------

========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for c7c2a6b4-9de6-11da-9ec9-806d6172696f
========================================

========================================
Removed E:
========================================


New device connected at 04.03.2009 13:37:24

Scanning for connected USB mass storage...
----------------------------------------
E: {e636ac38-219e-11dd-a222-000ffe2ca386}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for e636ac38-219e-11dd-a222-000ffe2ca386
========================================

----------------------------------------

Desktop.ini on E: - None
----------------------------------------

========================================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

I stick je cist.

Mozes da deinstaliras ComboFix na ovom racunaru i da obrises USBNoRisk, kao i folder C:\USBNoRisk u kojem je USBNoRisk snimio logove.

Ostaje nam onaj drugi racunar na kojem se uporno vracala infekcija.

Postoji li jos neki racunar pored ova dva?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ova dva su mi u mrezi. prebacio sam ostale racunare u drugu mrezu )nov operativni sistem stavljen) a ima jos jedan sumljiv i taj sam raskacio pa cemo njega za koji dan da pregledamo Hvala i pozz
ps sutra ti saljem log sa prvog da vidimo jel se vratila inf