|
Poslao: 09 Mar 2009 15:56
|
offline
- zarko123
- Ugledni građanin
- Pridružio: 02 Sep 2007
- Poruke: 390
- Gde živiš: Pljevlja
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33, on 2009-03-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Eset\nod32kui.exe
C:\Win\lsass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Desktop\ciscenje virusa NE DIRAJ\TR3.exe..exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [run32] C:\Win\lsass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ertyuop] C:\WINDOWS\system32\rttrwq.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8-) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 2970 bytes
Nadam se da sam dobro postavio LOG posto sam morao pomocu flesa prebacivati sa racunara za koji mislim da je zarazen na ovaj racunar na kome imam internet.
Problem je sledeci: Kada ubacim fles u racunar sa kog je ovaj LOG svi folderi na flesu mi postaju iste velicine od 538 KB i mijenjaju "izgled" (kad priblizim mis tim folderima na vrhu mi stoji nesta poput 0.00.0 ili nesta tako. (dakle ne stoji mi ono normalno da u bijelom polju pise koji se fajlovi nalaze unutra. Takođe kontekstni meni posle desnog klika na te foldere je dugaciji: Prvo je OPEN sto je i uobicajeno ali posle ide nesta ENABLE/DISABLE.
Takođe mi istovremeno za sve foldere promijeni da su kreirani bas tog dana kada sam fles ubacio u taj racunar.
Dakle probleme primjecujem samo na folderima na flesu.
|
|
|
|
|
|
|
|
|
Poslao: 09 Mar 2009 16:37
|
offline
- zarko123
- Ugledni građanin
- Pridružio: 02 Sep 2007
- Poruke: 390
- Gde živiš: Pljevlja
|
ComboFix 09-03-06.02 - admin 2009-03-09 16:26:56.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.161 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\3ds.cmd
C:\Autorun.inf
c:\windows\system32\mkfght0.dll
c:\windows\system32\rttrwq.exe
J:\3ds.cmd
J:\autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.
2009-03-02 09:39 . 2009-03-02 09:39 <DIR> dr-hs---- C:\Win
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 13:52 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-06 13:52 --------- d-----w c:\program files\Common Files\Adobe
2008-09-09 21:22 68,216 ----a-w c:\documents and settings\admin\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 14:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
+ 2006-12-01 21:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 21:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 21:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-04 344064]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-02-01 949376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"run32"="c:\win\lsass.exe" [2002-01-01 551669]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-29 113664]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 10872]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 01:50 33792 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-02-01 15424]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{820bb5de-eecf-11dc-a38b-0019db587c1f}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ertyuop - c:\windows\system32\rttrwq.exe
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-03-09 16:27:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(592)
c:\windows\system32\imon.dll
.
Completion time: 2009-03-09 16:28:40
ComboFix-quarantined-files.txt 2009-03-09 15:28:36
ComboFix2.txt 2009-01-29 14:31:13
Pre-Run: 144,641,929,216 bytes free
Post-Run: 144,632,262,656 bytes free
101 --- E O F --- 2009-01-14 22:43:50
|
|
|
|
|
|
|
|
|
Poslao: 10 Mar 2009 09:31
|
offline
- zarko123
- Ugledni građanin
- Pridružio: 02 Sep 2007
- Poruke: 390
- Gde živiš: Pljevlja
|
ComboFix 09-03-06.02 - admin 2009-03-10 9:16:38.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.157 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:\win\lsass.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\win\lsass.exe
.
((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
.
2009-03-02 09:39 . 2009-03-10 09:16 <DIR> dr-hs---- C:\Win
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 13:52 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-06 13:52 --------- d-----w c:\program files\Common Files\Adobe
2008-09-09 21:22 68,216 ----a-w c:\documents and settings\admin\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\win ----
2008-12-07 14:55 1 --a------ c:\win\names.txt
2002-01-01 00:20 551669 --a------ c:\win\lsass.exe
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 14:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
+ 2006-12-01 21:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 21:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 21:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-04 344064]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-02-01 949376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-29 113664]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 10872]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 01:50 33792 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-02-01 15424]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-03-10 09:17:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(588-)
c:\windows\system32\imon.dll
.
Completion time: 2009-03-10 9:18:20
ComboFix-quarantined-files.txt 2009-03-10 08:18:17
ComboFix2.txt 2009-03-09 15:28:42
ComboFix3.txt 2009-01-29 14:31:13
Pre-Run: 144,619,716,608 bytes free
Post-Run: 144,608,063,488 bytes free
97 --- E O F --- 2009-01-14 22:43:50
USBNoRisk 1.5 by bobby
Started at 3/10/2009 9:20:07 AM
Scanning for connected USB Mass storage...
----------------------------------------
========================================
Scanning for other storage...
----------------------------------------
C: {0c9af17c-9298-11dc-a2a3-806d6172696f}
========================================
Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------
Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for 0c9af17c-9298-11dc-a2a3-806d6172696f
========================================
autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\autorun.inf.vir
----------------------------------------
[AutoRun]
;
open=3ds.cmd
;K2Kwk0djwAk24ZsL
shell\open\Command=3ds.cmd
----------------------------------------
New device connected at 3/10/2009 9:20:41 AM
Scanning for connected USB mass storage...
----------------------------------------
J: {8a396e1e-a3d3-11dc-a2a8-0019db587c1f}
Added J:
========================================
Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on J: - None
----------------------------------------
Sanitizing Shell Menu...
----------------------------------------
No key found for 8a396e1e-a3d3-11dc-a2a8-0019db587c1f
========================================
----------------------------------------
Desktop.ini on J: - None
----------------------------------------
========================================
|
|
|
|
|
|
|
|
|
Poslao: 11 Mar 2009 09:59
|
offline
- zarko123
- Ugledni građanin
- Pridružio: 02 Sep 2007
- Poruke: 390
- Gde živiš: Pljevlja
|
ComboFix 09-03-06.02 - admin 2009-03-11 9:35:57.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.149 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Win
c:\win\names.txt
.
((((((((((((((((((((((((( Files Created from 2009-02-11 to 2009-03-11 )))))))))))))))))))))))))))))))
.
2009-03-10 09:21 . 2009-03-10 09:21 <DIR> d-------- C:\USBNoRisk
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 13:52 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-06 13:52 --------- d-----w c:\program files\Common Files\Adobe
2008-09-09 21:22 68,216 ----a-w c:\documents and settings\admin\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 14:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
+ 2006-12-01 21:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 21:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 21:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-04 344064]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-02-01 949376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-29 113664]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 10872]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 01:50 33792 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-02-01 15424]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-03-11 09:36:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(588-)
c:\windows\system32\imon.dll
.
Completion time: 2009-03-11 9:37:39
ComboFix-quarantined-files.txt 2009-03-11 08:37:36
ComboFix2.txt 2009-03-10 08:18:21
ComboFix3.txt 2009-03-09 15:28:42
ComboFix4.txt 2009-01-29 14:31:13
Pre-Run: 144,640,561,152 bytes free
Post-Run: 144,629,166,080 bytes free
92 --- E O F --- 2009-01-14 22:43:50
USBNoRisk 1.5 by bobby
Started at 3/11/2009 9:46:54 AM
Scanning for connected USB Mass storage...
----------------------------------------
========================================
Scanning for other storage...
----------------------------------------
C: {0c9af17c-9298-11dc-a2a3-806d6172696f}
========================================
Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------
Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for 0c9af17c-9298-11dc-a2a3-806d6172696f
========================================
autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\autorun.inf.vir
----------------------------------------
[AutoRun]
;
open=3ds.cmd
;K2Kwk0djwAk24ZsL
shell\open\Command=3ds.cmd
----------------------------------------
New device connected at 3/11/2009 9:47:25 AM
Scanning for connected USB mass storage...
----------------------------------------
J: {8a396e1e-a3d3-11dc-a2a8-0019db587c1f}
Added J:
========================================
Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on J: - None
----------------------------------------
Sanitizing Shell Menu...
----------------------------------------
No key found for 8a396e1e-a3d3-11dc-a2a8-0019db587c1f
========================================
----------------------------------------
Desktop.ini on J: - None
----------------------------------------
========================================
|
|
|
|
|
|
|
Poslao: 11 Mar 2009 13:33
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Jesi li sigurno uneo skript za USBNoRisk koji sam ti dao?
Log ne pokazuje da si uneo skript.
|
|
|
|
|
|
|
Poslao: 11 Mar 2009 14:05
|
offline
- zarko123
- Ugledni građanin
- Pridružio: 02 Sep 2007
- Poruke: 390
- Gde živiš: Pljevlja
|
Bilo mi je malo nejasno, ali rekoh sebi hajde da stalno ne zapitkujem, pa sam zato i pogrijesio. Greska je bila u tome sto se nisam prebacio na karticu Script na USBNoRisk-u vec sam presao na onaj prvi skript za Combo i na njega dodao ovaj skript za USB.
Mislim da sam ovaj put sve dobro odradio i evo loga.
USBNoRisk 1.5 by bobby
Started at 3/11/2009 1:52:57 PM
Scanning for connected USB Mass storage...
----------------------------------------
========================================
Scanning for other storage...
----------------------------------------
C: {0c9af17c-9298-11dc-a2a3-806d6172696f}
========================================
Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------
Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for 0c9af17c-9298-11dc-a2a3-806d6172696f
========================================
autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\autorun.inf.vir
----------------------------------------
[AutoRun]
;
open=3ds.cmd
;K2Kwk0djwAk24ZsL
shell\open\Command=3ds.cmd
----------------------------------------
New device connected at 3/11/2009 1:53:33 PM
Scanning for connected USB mass storage...
----------------------------------------
J: {8a396e1e-a3d3-11dc-a2a8-0019db587c1f}
Added J:
========================================
Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on J: - None
----------------------------------------
Sanitizing Shell Menu...
----------------------------------------
No key found for 8a396e1e-a3d3-11dc-a2a8-0019db587c1f
========================================
----------------------------------------
Desktop.ini on J: - None
----------------------------------------
========================================
Processing script
----------------------------------------
Drive letter for GUID: J:\
8a396e1e-a3d3-11dc-a2a8-0019db587c1f
SectionStart = 1
SectionEnd = 2
----------------------------------------
Folder list for J:\:
----------------------------------------
J:\drzavni.doc
J:\merlin
J:\merlin\Supermen.mp3
J:\merlin\Dino Merlin & Osman H_
J:\merlin\Dino Merlin & Osman H_\Unknown Album
J:\merlin\Dino Merlin & Osman H_\Unknown Album\Pustite Me.mp3
J:\merlin\Dino Merlin
J:\merlin\Dino Merlin\Unknown Album
J:\merlin\Dino Merlin\Unknown Album\Ako Me Ikada Sretnes.mp3
J:\merlin\Dino Merlin\Unknown Album\Bosnom Behar Probeharao (Uzivo).mp3
J:\merlin\Dino Merlin\Unknown Album\Bozic Je.mp3
J:\merlin\Dino Merlin\Unknown Album\Da Ti Kazem Sta Mi Je (Uzivo).mp3
J:\merlin\Dino Merlin\Unknown Album\Fotografija.mp3
J:\merlin\Dino Merlin\Unknown Album\Godinama.mp3
J:\merlin\Dino Merlin\Unknown Album\Ja Potpuno Trijezan Umirem (Uzivo).mp3
J:\merlin\Dino Merlin\Unknown Album\Jel Sarajevo Gdje Je Nekad Bilo.mp3
J:\merlin\Dino Merlin\Unknown Album\Kad Ti Dodjem Nesreco.mp3
J:\merlin\Dino Merlin\Unknown Album\Lazu, Lazu Me.mp3
J:\merlin\Dino Merlin\Unknown Album\Lejlo.mp3
J:\merlin\Dino Merlin\Unknown Album\Mjesecina (Uzivo).mp3
J:\merlin\Dino Merlin\Unknown Album\Moj Je Zivot Svicarska.mp3
J:\merlin\Dino Merlin\Unknown Album\Ne Zovi Me Na Grijeh.mp3
J:\merlin\Dino Merlin\Unknown Album\Nesto Lijepo Treba Da Se Desi (Uzivo.mp3
J:\merlin\Dino Merlin\Unknown Album\Nocas Mi Srce Pati.mp3
J:\merlin\Dino Merlin\Unknown Album\Pala Magla.mp3
J:\merlin\Dino Merlin\Unknown Album\Prokletog Me Bog Stvorio.mp3
J:\merlin\Dino Merlin\Unknown Album\Sibirska.mp3
J:\merlin\Dino Merlin\Unknown Album\Sve Je Laz.mp3
J:\merlin\Dino Merlin\Unknown Album\Umri Prije Smrti.mp3
J:\merlin\Dino Merlin\Unknown Album\Zar Je To Sve Sto Je Ostalo (Uzivo).mp3
J:\New Folder
J:\merlin.exe
J:\New Folder.exe
J:\HiJackThis.exe
J:\ComboFix.exe
J:\Qoobox
J:\Qoobox\Quarantine
J:\Qoobox\Quarantine\J
J:\Qoobox\Quarantine\J\autorun.inf.vir
J:\Qoobox.exe
J:\usbnorisk.exe
J:\Posebni dio za pozar 10[1].03..doc
J:\CFScript.txt
J:\log 11.03..txt
J:\11.03.2009.doc
J:\UsbNoRisk log 11.03.txt
----------------------------------------
========================================
Processing script
----------------------------------------
Drive letter for GUID: J:\
8a396e1e-a3d3-11dc-a2a8-0019db587c1f
SectionStart = 1
SectionEnd = 2
----------------------------------------
Folder list for J:\:
----------------------------------------
J:\drzavni.doc
J:\merlin
J:\merlin\Supermen.mp3
J:\merlin\Dino Merlin & Osman H_
J:\merlin\Dino Merlin & Osman H_\Unknown Album
J:\merlin\Dino Merlin & Osman H_\Unknown Album\Pustite Me.mp3
J:\merlin\Dino Merlin
J:\merlin\Dino Merlin\Unknown Album
J:\merlin\Dino Merlin\Unknown Album\Ako Me Ikada Sretnes.mp3
J:\merlin\Dino Merlin\Unknown Album\Bosnom Behar Probeharao (Uzivo).mp3
J:\merlin\Dino Merlin\Unknown Album\Bozic Je.mp3
J:\merlin\Dino Merlin\Unknown Album\Da Ti Kazem Sta Mi Je (Uzivo).mp3
J:\merlin\Dino Merlin\Unknown Album\Fotografija.mp3
J:\merlin\Dino Merlin\Unknown Album\Godinama.mp3
J:\merlin\Dino Merlin\Unknown Album\Ja Potpuno Trijezan Umirem (Uzivo).mp3
J:\merlin\Dino Merlin\Unknown Album\Jel Sarajevo Gdje Je Nekad Bilo.mp3
J:\merlin\Dino Merlin\Unknown Album\Kad Ti Dodjem Nesreco.mp3
J:\merlin\Dino Merlin\Unknown Album\Lazu, Lazu Me.mp3
J:\merlin\Dino Merlin\Unknown Album\Lejlo.mp3
J:\merlin\Dino Merlin\Unknown Album\Mjesecina (Uzivo).mp3
J:\merlin\Dino Merlin\Unknown Album\Moj Je Zivot Svicarska.mp3
J:\merlin\Dino Merlin\Unknown Album\Ne Zovi Me Na Grijeh.mp3
J:\merlin\Dino Merlin\Unknown Album\Nesto Lijepo Treba Da Se Desi (Uzivo.mp3
J:\merlin\Dino Merlin\Unknown Album\Nocas Mi Srce Pati.mp3
J:\merlin\Dino Merlin\Unknown Album\Pala Magla.mp3
J:\merlin\Dino Merlin\Unknown Album\Prokletog Me Bog Stvorio.mp3
J:\merlin\Dino Merlin\Unknown Album\Sibirska.mp3
J:\merlin\Dino Merlin\Unknown Album\Sve Je Laz.mp3
J:\merlin\Dino Merlin\Unknown Album\Umri Prije Smrti.mp3
J:\merlin\Dino Merlin\Unknown Album\Zar Je To Sve Sto Je Ostalo (Uzivo).mp3
J:\New Folder
J:\merlin.exe
J:\New Folder.exe
J:\HiJackThis.exe
J:\ComboFix.exe
J:\Qoobox
J:\Qoobox\Quarantine
J:\Qoobox\Quarantine\J
J:\Qoobox\Quarantine\J\autorun.inf.vir
J:\Qoobox.exe
J:\usbnorisk.exe
J:\Posebni dio za pozar 10[1].03..doc
J:\CFScript.txt
J:\log 11.03..txt
J:\11.03.2009.doc
J:\UsbNoRisk log 11.03.txt
----------------------------------------
Drive letter for GUID: C:\
No script to process for C:\
----------------------------------------
|
|
|
|
|
|
|
Poslao: 11 Mar 2009 15:18
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Novi skript za USBNoRisk:
{8a396e1e-a3d3-11dc-a2a8-0019db587c1f}
f_delete %DRIVE%Qoobox.exe
f_delete %DRIVE%merilin.exe
f_delete %DRIVE%New Folder.exe
Procedura pustanja skripta ti je sada vec poznata.
Postavi mi log kada zavrsi.
Nakon toga ces skinuti sledeci program:
[Link mogu videti samo ulogovani korisnici]
Klikni gore na Scan i sacekaj dok skenira. Potrajace poprilicno, zavisno od toga koliko ti je veliki HD. Neka ti je stick uboden u komp kada skeniras ovim programom.
Kada zavrsi skeniranje (pise u logu Finished) iskopiraj mi ovde log (imas na desni klik standardan Copy/Paste menij).
Zelim da proverim da ti nije i HD zarazen ovim crvom.
|
|
|
|
|
|
) u donjem desnom uglu ekrana).
