Ne mogu da pronadjem virus

1

Ne mogu da pronadjem virus

offline
  • Pridružio: 26 Maj 2008
  • Poruke: 19
  • Gde živiš: Wien

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:32, on 12.08.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vVX6000.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\programme\slide\slide.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\User\Desktop\Neuer Ordner\Komplikovano.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = chello.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von chello broadband n.v.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = vie.surfer.at:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Gold.Manager - {67956585-9B5C-4E2B-ABE1-A01BF3046EE1} - C:\WINDOWS\system32\goldmng.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Programme\Zango\bin\10.3.70.0\HostIE.dll (file missing)
O3 - Toolbar: enlfxgw - {A61C6CD7-49E2-4A57-B1BB-6F23DA1DBDF0} - C:\WINDOWS\enlfxgw.dll (file missing)
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Programme\Zango\bin\10.3.70.0\HostIE.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ChelloDesktop] C:\Programme\chello\ChelloDesktop.exe
O4 - HKLM\..\Run: [ChelloBackground] C:\Programme\chello\ChelloMessenger.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ZangoSA] "C:\Programme\Zango\bin\10.3.70.0\ZangoSA.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programme\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [slide.exe] c:\programme\slide\slide.exe
O4 - HKCU\..\Run: [Voipwise] "C:\Programme\Voipwise.com\Voipwise\Voipwise.exe" -nosplash -minimized
O4 - HKCU\..\Run: [DLD.EXE] C:\Programme\Download Direct\DLD.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Meteo Fusion] "C:\Programme\Eggiz\Meteo Fusion\Meteo Fusion.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "G:\Razni programi\Interaktivni kurs Nemacki\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SkinClock] C:\Programme\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [PerfectClock2007] "C:\Programme\PerfectClock\perfectClock2007.exe"
O4 - HKCU\..\Run: [WeatherDPA] "C:\Programme\Zango\bin\10.3.70.0\Weather.exe" -auto
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Programme\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [SpyEmergency] G:\Spy Emergency 2008\SpyEmergency.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-PCTV.lnk = C:\Programme\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYAT
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RapidShare-Download - res://C:\DOKUME~1\User\LOKALE~1\Temp\ir_ext_temp_0\AutoPlay\Docs\more-rapid.exe/RsMenExt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing)
O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.deu.chello.at/ssi/welcome/welcome.php?url=home
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - appldnld.apple.com.edgesuite.net/content.in.....plugin.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro.....0.15-3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....4653317625
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - data.flatcast.com/data/objects/NpFv41629.dll
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Boonty Games - Unknown owner - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - G:\Razni programi\Interaktivni kurs Nemacki\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 11916 bytes


Pozdrav svima.
Potrebna mi je mala pomoc,inace sam potuno nestrucna oko ovoga.Naime stalno mi izbacuje prozorcic kako mi je C:/WINDOWS zarazen,i baca me na net kako bih skinula neki program,koji je naravno isto tako zarazen(to mi prijavljuje Kaspersky).Inace pokusala sam sa njim da pretrazim C:/Windows vec nekoliko puta ali ne prijavljuje nista.
Juce sam pronasla nekih 40 virusa,crvica i svacega u kompjuteru,ali Kaspersky ne prijavljuje vise nista,a stano mi izbacuje kako mi je comp zarazen.

Trazila sam svasta po netu,ali sve me zbunjuje,tako da zaista ne znam sta da radim.
Moze li mi neko pomoci?

Hvala unapred

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 26 Maj 2008
  • Poruke: 19
  • Gde živiš: Wien

Skinula sam program sa prvog linka, i Kaspersy mi je prijavio virus!!!
O cemu se radi?

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Kaspersky ti nije prijavio virus, vec ti je prijavio riskware tool, a razlika je ogromna.

Iskljuci Kaspersky, skini ComboFix i skeniraj kao sto sam ti napisao.

offline
  • Pridružio: 26 Maj 2008
  • Poruke: 19
  • Gde živiš: Wien

Izvini.Pogresno sam razumela.


Evo skenirala sam.

Hvala

ComboFix 08-08-12.01 - User 2008-08-13 10:50:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.122 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\User\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZangoSA
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZangoSA\ZangoSA.dat
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZangoSA\ZangoSA_kyf_update.dat
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZangoSA\ZangoSAAbout.mht
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZangoSA\ZangoSAau.dat
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZangoSA\ZangoSAEula.mht
C:\Dokumente und Einstellungen\godest\Favoriten\Error Cleaner.url
C:\Dokumente und Einstellungen\godest\Favoriten\Privacy Protector.url
C:\Dokumente und Einstellungen\godest\Favoriten\Spyware&Malware Protection.url
C:\Dokumente und Einstellungen\User\Anwendungsdaten\FunWebProducts
C:\Dokumente und Einstellungen\User\Anwendungsdaten\inst.exe
C:\Dokumente und Einstellungen\User\Anwendungsdaten\WeatherDPA
C:\Dokumente und Einstellungen\User\Anwendungsdaten\WeatherDPA\Weather\WeatherStartup.xml
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Zango
C:\Programme\MyWebSearch
C:\Programme\MyWebSearch\bar\History\search2
C:\Programme\MyWebSearch\bar\Settings\s_pid.dat
C:\Programme\MyWebSearch\bar\Settings\setting2.htm
C:\Programme\MyWebSearch\bar\Settings\setting2.htm.bak
C:\Programme\MyWebSearch\bar\Settings\settings.dat
C:\Programme\MyWebSearch\bar\Settings\settings.dat.bak
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\bassmod.dll
C:\WINDOWS\system32\goldmng.dll

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((( Dateien erstellt von 2008-07-13 bis 2008-08-13 ))))))))))))))))))))))))))))))
.

2008-08-12 21:42 . 2008-05-01 16:34 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 21:41 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-10 17:23 . 2008-08-10 17:23 45,056 --a------ C:\WINDOWS\system32\goldManager.dll
2008-08-10 17:22 . 2008-08-10 17:22 45,056 --a------ C:\WINDOWS\system32\goldman.dll
2008-08-10 16:20 . 2008-08-10 16:49 <DIR> d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Internet Download Accelerator
2008-08-09 23:15 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-08-09 23:15 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-08-09 22:38 . <DIR> C:\Dokumente und Einstellungen\User\Anwendungsdaten\NeroDigitalT
2008-08-09 21:58 . 2008-08-09 21:58 <DIR> d-------- C:\Programme\NeroInstall.bak
2008-08-06 00:41 . 2008-08-12 15:19 <DIR> d-------- C:\Programme\Webteh
2008-08-06 00:41 . 2008-08-12 15:18 <DIR> d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BSplayer PRO
2008-07-14 16:34 . 2008-08-11 14:52 <DIR> d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\skypePM
2008-07-14 16:34 . 2008-07-14 16:34 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 09:03 44,359,200 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-13 08:59 601,388 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-13 08:59 168,164 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-13 08:59 1,738,272 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-13 08:40 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2008-08-12 13:21 --------- d-----w C:\Programme\Google
2008-08-11 16:01 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2008-08-10 21:12 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\DMCache
2008-08-09 21:17 --------- d-----w C:\Programme\Gemeinsame Dateien\Nero
2008-08-09 21:17 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2008-08-09 20:38 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\NeroDigital™
2008-08-09 16:24 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\Vso
2008-08-06 18:01 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-03 16:24 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-16 21:36 --------- d-----w C:\Programme\DivX
2008-07-12 21:35 --------- d-----w C:\Programme\RapidLeecher
2008-07-12 21:30 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-03 22:12 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 11:35 --------- d-----w C:\Dokumente und Einstellungen\godest\Anwendungsdaten\Ahead
2008-06-21 19:35 --------- d-----w C:\Programme\Sony
2008-06-21 19:20 --------- d-----w C:\Programme\Common Files
2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-15 21:09 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nokia Multimedia Player
2008-06-15 13:48 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nokia
2008-06-15 13:48 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
2008-06-15 13:11 --------- d-----w C:\Programme\Nokia
2008-06-15 13:11 --------- d-----w C:\Programme\Gemeinsame Dateien\PCSuite
2008-06-15 13:11 --------- d-----w C:\Programme\Gemeinsame Dateien\Nokia
2008-06-15 13:10 --------- d-----w C:\Programme\PC Connectivity Solution
2008-06-15 13:10 --------- d-----w C:\Programme\DIFX
2008-06-15 13:10 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\PC Suite
2008-06-15 13:08 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
2008-06-15 07:51 --------- d-----w C:\Dokumente und Einstellungen\User\Anwendungsdaten\PerfectClock2007
2008-06-14 18:00 --------- d-----w C:\Dokumente und Einstellungen\godest\Anwendungsdaten\Media Player Classic
2008-06-14 17:32 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-04-30 20:32 3,406,496 ----a-w C:\Programme\DivXCodec.exe
2008-03-13 20:49 47,360 ----a-w C:\Dokumente und Einstellungen\User\Anwendungsdaten\pcouffin.sys
2008-02-16 12:46 458 ----a-w C:\Dokumente und Einstellungen\User\Anwendungsdaten\wklnhst.dat
2007-12-02 13:25 186 ----a-w C:\Dokumente und Einstellungen\godest\Anwendungsdaten\wklnhst.dat
2007-11-13 21:26 5,704 ----a-w C:\Dokumente und Einstellungen\User\Anwendungsdaten\mdb.bin
2007-04-16 14:05 774,144 ----a-w C:\Programme\RngInterstitial.dll
2005-07-20 14:55 3,968,976 ----a-w C:\Dokumente und Einstellungen\User\MSASYNC_DE.EXE
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:22 15360]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-09 11:32 401491]
"slide.exe"="c:\programme\slide\slide.exe" [2007-06-08 12:47 37760]
"AdobeUpdater"="C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50 86016]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-10-13 17:04 994096]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"LifeCam"="C:\Programme\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-10-08 12:41 286720]
"RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"PCSuiteTrayApplication"="C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 14:12 222720]
"nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:23 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:22 15360]
"PcSync"="C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"VIDC.PIM1"= PCLEPIM1.dll
"vidc.xvid"= xvid.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Programme\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows-Peer-zu-Peer-Gruppierung
"3540:UDP"= 3540:UDP:Peer Name Resolution-Protokoll (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)

R2 MSCamSvc;MSCamSvc;C:\Programme\Microsoft LifeCam\MSCamS32.exe [2006-10-13 17:01]
R2 NwSapAgent;SAP-Agent;C:\WINDOWS\system32\svchost.exe [2008-04-14 04:23]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 20:52]
R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-10-13 17:04]
S3 Boonty Games;Boonty Games;C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe []
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 13:41]
S3 p2pgasvc;Peernetzwerk-Gruppenauthentifizierung;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:23]
S3 p2pimsvc;Peernetzwerkidentitäts-Manager;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:23]
S3 p2psvc;Peernetzwerk;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:23]
S3 PNRPSvc;Peer Name Resolution-Protokoll;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:23]
S3 REMOVE;REMOVE;C:\WINDOWS\system32\drivers\REMOVE.SYS []
S3 Wdm1;Vivanco USB Link Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2002-11-18 08:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Inhalt des "geplante Tasks" Ordners

2008-06-06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Programme\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - Entfernte verwaiste Registrierungseintr„ge - - - -

HKCU-Run-MsnMsgr - C:\Programme\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-eMuleAutoStart - C:\Programme\eMule\emule.exe
HKCU-Run-Voipwise - C:\Programme\Voipwise.com\Voipwise\Voipwise.exe
HKCU-Run-DLD.EXE - C:\Programme\Download Direct\DLD.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-Meteo Fusion - C:\Programme\Eggiz\Meteo Fusion\Meteo Fusion.exe
HKCU-Run-AlcoholAutomount - G:\Razni programi\Interaktivni kurs Nemacki\Alcohol 120\axcmd.exe
HKCU-Run-SkinClock - C:\Programme\Clock Tray Skins\ClockTraySkins.exe
HKCU-Run-PerfectClock2007 - C:\Programme\PerfectClock\perfectClock2007.exe
HKCU-Run-Internet Download Accelerator - C:\Programme\IDA\ida.exe
HKCU-Run-SpyEmergency - G:\Spy Emergency 2008\SpyEmergency.exe
HKLM-Run-ISUSPM Startup - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-ISUSScheduler - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
HKLM-Run-ChelloDesktop - C:\Programme\chello\ChelloDesktop.exe
HKLM-Run-ChelloBackground - C:\Programme\chello\ChelloMessenger.exe
HKLM-Run-NBKeyScan - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Zus„tzlicher Scan -------
.
FireFox -: Profile - C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\nxjjgdn0.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.at
FF -: plugin - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - C:\Programme\Real\RealArcade\Plugins\Mozilla\npracplug.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-08-13 11:01:22
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Weitere, laufende Prozesse ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-08-13 11:08:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2008-08-13 09:07:47

Pre-Run: 12 Verzeichnis(se), 10,643,001,344 Bytes frei
Post-Run: 15 Verzeichnis(se), 15,910,477,824 Bytes frei

226 --- E O F --- 2008-08-12 20:07:04

Dopuna: 13 Avg 2008 12:30

E nema vise onog dosadnog prozorcica koji prijavljuje da mi je comp inficiran.
Sinoc kasno sam defragmentizovala diskove,e evo malo pre pokusala da udjem u disk C i ne prijavljuje uopste onaj prozorcic.

Sad mi bas nista nije jasno.
Kako je to nestalo,a nista nisam brisala iz compa?

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ovaj program, ComboFix, on je obrisao gomilu toga.
Javaljam se kasnije. Moram da proverim log i da vidim ima li jos cega loseg u njemu.

Dopuna: 13 Avg 2008 20:12

1) Preuzmi program SmitFraudFix sa ovog linka.

2.) Restartuj računar i podigni sistem u Safe Mode-u. [ Safe Mode info link ]

3.) Pronađi i dvoklikom pokreni fajl Smitfraudfix.exe.
Kada se alat za uklanjanje prvi put startuje pokazaće ti se ekran za odobrenje. Jednostavno pritisni bilo koje dugme na tastaturi za prelazak na sledeći korak.

4.)



5.) Program će početi sa čišćenjem kompjutera. Posle završenog čišćenja SmitfraudFix-om
pokrenuće ti se Windows-ov program Disk Cleanup.



6.) Biće ti postavljeno pitanje: "Registry cleaning - Do you want to clean the registry ?" odgovori "Yes" kucajući Y (i potvrdi sa Enter)

7.) Program će takođe proveriti da li je wininet.dll inficiran. Ukoliko jeste, bićeš upitan(a) oko zamene wininet.dll. Odgovori "Yes" na pitanje "Replace infected file ?" kucajući Y (i potvrdi sa Enter)


Nakon što SmitFraudFix završi svoj posao, postavi nam ovde log koji se nalazi na C:\rapport.txt i svež HJT log.

offline
  • Pridružio: 26 Maj 2008
  • Poruke: 19
  • Gde živiš: Wien

Evo napravila sam sve kako si rekao.
Nadam se da je dobro.
I htela bih da napomenem,da mi je comp pre nekoliko sati ponovo poludeo.
Instalirala sam neke programe ne compu i posle toga je poceo da ludi (ne znam da li je zbog tih programa,antivirus nije prijavljivao nista).
Restartovao se sam nekoliko puta i pokusajem da udjem u disk C: i G: (Za G: je prijavljivao da je ostecen i da se ne moze otvoriti)zakoci ceo comp.Onda sam ga ugasila i ostavila nekih pola sata,i kada sam ga ponovo upalila sve je u redu.Bar za sada.Ne znam ima li ovo nekog znacaja,ali cisto da napomenem.


A evo i izvestaja:


SmitFraudFix v2.336

Scan done at 22:48:22,71, 13.08.2008
Run from C:\Dokumente und Einstellungen\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139-Familie-PCI-Fast Ethernet-NIC - Paketplaner-Miniport
DNS Server Search Order: 195.34.133.21
DNS Server Search Order: 195.34.133.22

HKLM\SYSTEM\CCS\Services\Tcpip\..\{77909780-8663-4259-9CE4-4FA5B0BAF8AB}: DhcpNameServer=195.34.133.21 195.34.133.22
HKLM\SYSTEM\CS1\Services\Tcpip\..\{77909780-8663-4259-9CE4-4FA5B0BAF8AB}: DhcpNameServer=195.34.133.21 195.34.133.22
HKLM\SYSTEM\CS2\Services\Tcpip\..\{77909780-8663-4259-9CE4-4FA5B0BAF8AB}: DhcpNameServer=195.34.133.21 195.34.133.22
HKLM\SYSTEM\CS3\Services\Tcpip\..\{77909780-8663-4259-9CE4-4FA5B0BAF8AB}: DhcpNameServer=195.34.133.21 195.34.133.22
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.34.133.21 195.34.133.22
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.34.133.21 195.34.133.22
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.34.133.21 195.34.133.22


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:24:14, on 13.08.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vVX6000.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\programme\slide\slide.exe
C:\Programme\Internet Download Manager\IDMan.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\User\Desktop\Neuer Ordner\Komplikovano.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = chello.at/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = vie.surfer.at:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programme\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [slide.exe] c:\programme\slide\slide.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [IDMan] C:\Programme\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-PCTV.lnk = C:\Programme\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYAT
O8 - Extra context menu item: Download aller Links mit IDM - C:\Programme\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV Video Inhalt mit IDM - C:\Programme\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download mit IDM - C:\Programme\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RapidShare-Download - res://C:\DOKUME~1\User\LOKALE~1\Temp\ir_ext_temp_0\AutoPlay\Docs\more-rapid.exe/RsMenExt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing)
O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.deu.chello.at/ssi/welcome/welcome.php?url=home
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - appldnld.apple.com.edgesuite.net/content.in.....plugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....4653317625
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - data.flatcast.com/data/objects/NpFv41629.dll
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Boonty Games - Unknown owner - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - G:\Razni programi\Interaktivni kurs Nemacki\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 9734 bytes



P.S.Jedno veliko HVALA na trudu.

Dopuna: 15 Avg 2008 12:50

Jel ovo ne javljanje znaci da je sve u redu sa compom,ili samo nemate vremena???

Ja nemam vise nikakvih problema,ali htela sam samo i vase misljenje da cujem.

Hvala unapred.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Izvinjavam se, zaboravio sam da nisam odgovorio u temi... Sad

Moracu da te zamolim da napravis jos jedan ComboFix log i da ga okacis ovde.

Mislim da komp jeste cist. Ostalo je bilo par fajlova koje je SmitFraudFix trebao da pocisti (ostaci nekih infekcija, neaktivni), ali se u logu ne vidi da li je odradio posao, zato te molim za jos jedan ComboFix log.

offline
  • Pridružio: 26 Maj 2008
  • Poruke: 19
  • Gde živiš: Wien

Evo jos jedan ComboFix log.
Nije bitno sto si zaboravio.HVALA sto si mi pomogao.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

A gde je log? Smile

Ko je trenutno na forumu
 

Ukupno su 997 korisnika na forumu :: 38 registrovanih, 9 sakrivenih i 950 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, _Sale, babaroga, bojank, bokisha253, Brana01, danilopu, doktor1964, drimer, Duh sa sekirom, dule10savic, elenemste, Excalibur13, FOX, galijot, Georgius, goxin, Ivica1102, Kubovac, Luka Blažević, Magistar78, mercedesamg, milos.cbr, Motocar, nemkea71, nextyamb, pacika, pein, procesor, royst33, sevenino, slonic_tonic, Steeeefan, trajkoni018, vlada035, Yugol33, YugoSlav, zdrebac