Worm.Win32.AutoRun.dui

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Detektuje, sve isto kao prije.

Na oba USB uredjaja opet imam i folder RECYCLE kao i fajl autorun.inf

Dopuna: 28 Dec 2008 11:50

Detektuje Worm pod istim imenom i ekstenzijom

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obrisao si foldere i file-ove? I obnovili su se?


Napiši tačan naziv file-a koji AV detektuje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jesam, obrisao sam i obnovili su se.

AV detektuje:

Worm.Win32.AutoRun.dui

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

To je naziv detekcije. Mene zanima koji file je detektovan.



Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

AV mi je pokazao samo detekciju,ne i fajl koji je detektovan.

Evo ih ova dva fajla:

mycity.rs/must-login.png

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ja ovde ne vidim ni traga od malware-a.

Restartuj kompjuter u Safe Mode po ovom uputstvu:
http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-uci-u-SAFE-MODE.html

U Safe Mode-u pokušaj da pokreneš ComboFix (a pre pokretanja priključi oba flash drive-a (ako si u mogućnosti)).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obavio sam scan u Safe Mode sa ComboFix-om i sa prikljucenim flash-drajvovima.

Ovo je log:


ComboFix 08-12-29.02 - Mirko 2008-12-30 16:02:52.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.818 [GMT 1:00]
Running from: c:\documents and settings\Mirko\Desktop\ComboFix.exe
AV: F-Secure Client Security 8.00 *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: F-Secure Client Security 8.00 *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
D:\Autorun.inf
F:\2u.com
F:\autorun.inf
G:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-30 13:30 . 2008-12-30 13:30 <DIR> d-------- c:\documents and settings\Mirko\Application Data\vlc
2008-12-28 16:31 . 2008-12-28 16:51 250 --a------ c:\windows\gmer.ini
2008-12-27 21:23 . 2008-12-27 21:24 <DIR> d-------- C:\rsit
2008-12-27 21:23 . 2008-12-27 21:24 <DIR> d-------- c:\program files\trend micro
2008-12-26 18:17 . 2008-12-27 18:59 <DIR> d-------- c:\program files\Sector 69
2008-12-25 16:54 . 2008-12-25 17:00 <DIR> d-------- c:\documents and settings\Mirko\Shared
2008-12-25 16:54 . 2008-12-25 17:00 <DIR> d-------- c:\documents and settings\Mirko\Incomplete
2008-12-25 16:51 . 2008-12-25 17:00 <DIR> d-------- c:\documents and settings\Mirko\Application Data\LimeWire
2008-12-25 16:50 . 2008-12-25 19:32 <DIR> d-------- c:\program files\LimeWire
2008-12-25 16:17 . 2008-12-25 16:18 <DIR> d-------- c:\documents and settings\Mirko\Contacts
2008-12-20 17:28 . 2008-12-20 17:28 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-12-20 01:21 . 2008-12-20 01:21 <DIR> d-------- c:\documents and settings\Mirko\Application Data\DivX
2008-12-14 20:58 . 2008-11-21 22:47 120,056 --------- c:\windows\system32\pxcpyi64.exe
2008-12-14 20:58 . 2008-11-21 22:47 118,520 --------- c:\windows\system32\pxinsi64.exe
2008-12-14 19:41 . 2008-12-14 19:41 <DIR> d-------- c:\program files\SopCast
2008-12-13 13:13 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2008-12-13 13:13 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\dllcache\sonypvu1.sys
2008-12-12 16:09 . 2008-12-12 16:09 <DIR> d-------- c:\windows\system32\scripting
2008-12-12 16:09 . 2008-12-12 16:09 <DIR> d-------- c:\windows\system32\en
2008-12-12 16:09 . 2008-12-12 16:09 <DIR> d-------- c:\windows\system32\bits
2008-12-10 19:27 . 2008-10-16 21:38 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2008-12-10 19:27 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-10 19:27 . 2007-03-08 06:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-10 19:27 . 2008-10-16 21:38 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2008-12-10 19:27 . 2008-10-16 21:38 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-10 19:27 . 2008-10-16 21:38 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2008-12-10 19:27 . 2008-10-16 21:38 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2008-12-10 19:27 . 2008-10-16 21:38 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-10 19:27 . 2008-10-16 14:11 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-10 19:13 . 2008-10-03 11:02 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2008-12-09 11:51 . 2008-04-13 22:53 404,990 --------- c:\windows\system32\drivers\slntamr.sys
2008-12-09 11:50 . 2008-04-14 04:42 4,274,816 --------- c:\windows\system32\nv4_disp.dll
2008-12-09 11:49 . 2008-04-14 04:41 397,312 --------- c:\windows\system32\mmcex.dll
2008-12-09 11:49 . 2008-04-14 04:41 184,320 --------- c:\windows\system32\microsoft.managementconsole.dll
2008-12-09 11:49 . 2008-04-14 04:41 106,496 --------- c:\windows\system32\mmcfxcommon.dll
2008-12-09 11:49 . 2008-04-14 04:41 61,440 --------- c:\windows\system32\kmsvc.dll
2008-12-09 11:49 . 2008-04-14 04:41 37,376 --------- c:\windows\system32\l2gpstore.dll
2008-12-09 11:49 . 2008-04-14 04:42 33,792 --------- c:\windows\system32\mmcperf.exe
2008-12-09 11:49 . 2008-04-14 04:39 6,144 --------- c:\windows\system32\kbdpash.dll
2008-12-09 11:49 . 2008-04-14 04:39 6,144 --------- c:\windows\system32\kbdnepr.dll
2008-12-09 11:49 . 2008-04-14 04:39 6,144 --------- c:\windows\system32\kbdiultn.dll
2008-12-09 11:49 . 2008-04-14 04:39 6,144 --------- c:\windows\system32\kbdbhc.dll
2008-12-09 11:47 . 2008-04-14 04:41 1,888,992 --------- c:\windows\system32\ati3duag.dll
2008-12-07 12:24 . 2008-06-13 12:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-12-07 12:24 . 2008-06-13 12:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2008-12-07 12:24 . 2008-08-14 11:04 138,496 --------- c:\windows\system32\dllcache\afd.sys
2008-12-07 12:23 . 2008-09-15 13:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-12-07 12:23 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-12-07 12:20 . 2008-08-14 11:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-07 12:20 . 2008-08-14 11:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-07 12:20 . 2008-08-14 10:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-07 12:20 . 2008-08-14 10:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-07 12:12 . 2008-06-11 02:58 2,330,624 --------- c:\windows\system32\dllcache\WMVCore.dll
2008-12-07 12:12 . 2008-04-11 20:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2008-12-07 12:12 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-07 12:12 . 2008-05-01 15:33 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2008-12-07 12:12 . 2008-05-08 15:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2008-12-07 12:10 . 2008-10-15 17:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-12-07 12:09 . 2008-09-04 18:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-12-04 20:19 . 2008-12-19 16:02 <DIR> d-------- c:\documents and settings\Mirko\Application Data\skypePM
2008-12-04 20:19 . 2008-12-04 20:19 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-04 20:13 . 2008-12-19 19:18 <DIR> d-------- c:\documents and settings\Mirko\Application Data\Skype
2008-12-04 15:23 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-12-04 15:22 . 2008-12-04 15:22 <DIR> d-------- c:\program files\Common Files\L&H
2008-12-02 11:03 . 2008-12-02 11:03 <DIR> d-------- c:\documents and settings\Mirko\Application Data\GRETECH
2008-12-02 11:02 . 2008-11-21 22:47 129,784 --------- c:\windows\system32\pxafs.dll
2008-12-02 11:02 . 2007-03-08 00:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-12-02 11:02 . 2007-03-08 00:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-12-01 00:50 . 2008-12-01 00:50 <DIR> d-------- c:\documents and settings\Mirko\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-12-01 00:48 . 2008-12-01 00:48 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-01 00:03 . 2008-12-01 00:03 <DIR> d-------- c:\documents and settings\Mirko\Application Data\AdobeUM
2008-12-01 00:00 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-30 23:39 . 2008-04-13 23:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-30 23:39 . 2008-04-14 04:41 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-30 22:21 . 2008-11-30 22:21 30,856 --a------ c:\windows\system32\drivers\fsbts.sys
2008-11-30 22:20 . 2008-11-30 22:20 <DIR> d-------- c:\documents and settings\Mirko\Application Data\F-Secure
2008-11-30 22:16 . 2008-10-09 11:18 79,872 --a------ c:\windows\system32\drivers\fsdfw.sys
2008-11-30 21:44 . 2008-12-26 14:24 <DIR> d-------- c:\documents and settings\Mirko\Application Data\OpenOffice.org2
2008-11-30 19:21 . 2008-12-30 16:05 <DIR> d--hs---- c:\documents and settings\Mirko\Temporary Internet Files
2008-11-30 19:21 . 2008-11-30 19:21 <DIR> d--hs---- c:\documents and settings\Mirko\History
2008-11-30 19:20 . 2008-11-30 19:20 1,718 -rahs---- c:\windows\system32\drivers\103C_HP_NTBK_Presario C300 (RT150EA#ABU)_YN_0Pres_QCND6441Z70_E433921031_46_I30C6_SHP_V78.08_BF.05_T060814_WXP2_L409_M1015_J80_7Intel_8T1300_91.66_#081130_N10EC8139_(RT150EA#ABU)_XMOBILE_CN10_Z_2F.05_G808627A2.MRK
2008-11-30 19:18 . 2008-12-30 12:30 <DIR> d-------- c:\documents and settings\Mirko
2008-11-30 19:07 . 2006-03-16 04:00 185,344 --a------ c:\windows\system32\Thawbrkr.dll
2008-11-30 19:07 . 2006-03-16 04:00 66,594 --a------ c:\windows\system32\c_864.nls
2008-11-30 19:07 . 2006-03-16 04:00 66,594 --a------ c:\windows\system32\c_862.nls
2008-11-30 19:07 . 2006-03-16 04:00 66,594 --a------ c:\windows\system32\c_720.nls
2008-11-30 19:07 . 2006-03-16 04:00 66,082 --a------ c:\windows\system32\c_708.nls
2008-11-30 19:07 . 2006-03-16 04:00 66,082 --a------ c:\windows\system32\C_28596.NLS
2008-11-30 19:07 . 2006-03-16 04:00 66,082 --a------ c:\windows\system32\c_10021.nls
2008-11-30 19:07 . 2006-03-16 04:00 66,082 --a------ c:\windows\system32\c_10005.nls
2008-11-30 19:07 . 2006-03-16 04:00 66,082 --a------ c:\windows\system32\c_10004.nls
2008-11-30 19:07 . 2006-03-16 04:00 10,752 --a------ c:\windows\system32\c_iscii.dll
2008-11-30 19:07 . 2006-03-16 04:00 6,144 --a------ c:\windows\system32\ftlx041e.dll
2008-11-30 19:07 . 2006-03-16 04:00 5,632 --a------ c:\windows\system32\kbdusa.dll
2008-11-30 19:06 . 2001-08-17 14:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-30 19:06 . 2008-04-13 23:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-11-30 18:25 . 2008-11-30 18:25 <DIR> d-------- C:\Quarantine
2008-11-30 18:24 . 2008-11-30 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-27 10:16 . 2008-11-30 18:24 <DIR> d-------- c:\program files\iTunes
2008-11-27 10:16 . 2008-11-30 18:24 <DIR> d-------- c:\program files\iPod
2008-11-27 10:12 . 2008-11-30 18:24 <DIR> d-------- c:\program files\QuickTime
2008-11-27 09:54 . 2008-11-30 18:23 <DIR> d-------- c:\program files\Bonjour
2008-11-21 22:47 . 2008-11-21 22:47 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-11-21 22:47 . 2008-11-21 22:47 524,288 --a------ c:\windows\system32\DivXsm.exe
2008-11-21 22:47 . 2008-11-21 22:47 4,816 --a------ c:\windows\system32\divxsm.tlb
2008-11-21 22:46 . 2008-11-21 22:46 1,044,480 --a------ c:\windows\system32\libdivx.dll
2008-11-21 22:46 . 2008-11-21 22:46 200,704 --a------ c:\windows\system32\ssldivx.dll
2008-11-21 22:44 . 2008-11-21 22:44 161,096 --a------ c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 22:44 . 2008-11-21 22:44 12,288 --a------ c:\windows\system32\DivXWMPExtType.dll
2008-11-18 16:39 . 2008-11-26 12:49 <DIR> d-------- c:\documents and settings\HP\Application Data\OpenOffice.org2
2008-11-18 16:31 . 2008-12-03 12:23 <DIR> d-------- c:\program files\OpenOffice.org 2.4
2008-11-03 23:25 . 2008-11-03 23:25 <DIR> d-------- c:\program files\Real Alternative

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 15:17 --------- d-----w c:\program files\F-Secure
2008-12-25 15:15 --------- d-----w c:\program files\MSN Messenger
2008-12-14 19:59 --------- d-----w c:\program files\DivX
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-04 19:12 --------- d-----w c:\program files\Skype
2008-12-03 11:23 --------- d-----w c:\program files\Java
2008-12-02 10:03 --------- d-----w c:\program files\Winamp
2008-12-01 01:45 --------- d-----w c:\program files\RGB
2008-12-01 01:44 --------- d-----w c:\program files\NetWaiting
2008-12-01 01:44 --------- d-----w c:\program files\Microsoft Works
2008-12-01 01:42 --------- d-----w c:\program files\GemMaster
2008-12-01 01:41 --------- d-----w c:\program files\ESPNMotion
2008-12-01 01:41 --------- d-----w c:\program files\EnglishOtto
2008-12-01 01:41 --------- d-----w c:\program files\DIGStream
2008-12-01 01:41 --------- d-----w c:\program files\CONEXANT
2008-12-01 01:41 --------- d-----w c:\program files\Common Files\SureThing Shared
2008-12-01 01:41 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-12-01 01:34 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2008-11-30 23:47 --------- d-----w c:\program files\Common Files\Adobe
2008-11-30 22:01 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-30 22:01 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-30 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\F-Secure
2008-11-30 21:09 --------- d-----w c:\program files\Symantec
2008-11-30 20:57 --------- d-----w c:\documents and settings\All Users\Application Data\fssg
2008-11-30 18:26 --------- d-----w c:\program files\Hewlett-Packard
2008-11-29 13:51 --------- d-----w c:\documents and settings\HP\Application Data\Skype
2008-11-29 09:49 --------- d-----w c:\documents and settings\HP\Application Data\skypePM
2008-11-27 09:16 --------- d-----w c:\program files\Common Files\Apple
2008-11-18 12:21 --------- d-----w c:\documents and settings\HP\Application Data\LimeWire
2008-11-11 12:16 --------- d-----w c:\documents and settings\HP\Application Data\uTorrent
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-07-18 12:21 251 ----a-w c:\program files\wt3d.ini
2007-12-04 21:42 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-10-02 19:02 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-10-09 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-10-09 1182304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mirko^Start Menu^Programs^StartUp^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Mirko\Start Menu\Programs\StartUp\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 12:56 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2006-05-04 13:58 458752 c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-06-02 15:21 135168 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2006-06-23 14:43 102400 c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 14:54 21718312 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25389:TCP"= 25389:TCP:BitComet 25389 TCP
"25389:UDP"= 25389:UDP:BitComet 25389 UDP

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-11-30 79872]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2008-11-30 30856]
S1 F-Secure HIPS;F-Secure HIPS Driver;\??\c:\program files\F-Secure\HIPS\drivers\fshs.sys [2008-11-30 66720]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-12-01 76896]
S3 FSORSPClient;F-Secure ORSP Client;"c:\program files\F-Secure\ORSP Client\fsorsp.exe" [2008-11-30 55904]
S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-12-01 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-12-01 25184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.t-com.me/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop
IE: &D&ownload &with BitComet - c:\documents and settings\HP\My Documents\Downloads\P2P\Bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\documents and settings\HP\My Documents\Downloads\P2P\Bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\documents and settings\HP\My Documents\Downloads\P2P\Bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-30 16:05:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????]??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-30 16:06:24
ComboFix-quarantined-files.txt 2008-12-30 15:05:54

Pre-Run: 35,880,423,424 bytes free
Post-Run: 37,035,982,848 bytes free

299 --- E O F --- 2008-12-18 12:11:00

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok. Hajde sada priključi flash drive-ove i sa njih obriši folder recycler.

Isključi drive-ove, restartuj PC i opet ih priključi.

Ima li sada kakve detektcije? Da li je rekreiran file autorun.inf?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sve je sad ok!

Nije se obnovio autorun.inf. Nema detekcije.

Hvala i veliki pozdrav!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Još samo ovo:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


I to je sve.