instant acces

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Potrebna mi je pomoc
Koristim Nod 32 kao antivirus zastitu. Danas je prilikom ukljucivanja, prepoznao i stavio u karantin dva #virussa# ili sta li je vec.
Prilikom ukljucivanja racunara, prestalo je da se pojavljuje logo Nod/a, a na desktopu i kontrol panelu je bila ikonica sa slovom e i natpisom neogranicen pristup. U kontrol panelu sam pronaso neki Instant Access sa istim logom vel. 0,25 MB koji ne mogu nikako da obrisem.
U carantinu NOD a je sledece

Documents and settings /Korisnik/local settings Temporary internet files/content.IE5/UTK3)NGL/Dialpass Uninstall 1 exe 115107 a variant of Win 32/Dialer.instant Access application

kao i http//scripts dowloadv3.com/cleaner/DialpassUninstal.exe a variant of Win32/DialerInstantAccess application
Inace racunar za sada radi bez iakvih poteskoca.
Znate li o cemu se radi, da li je nesto ozbiljno i kako da ovo sklonim. Prilikom svakog pokusaja brisanja konektuje me na napred navedenu adresu gde nod priikom uninstalla registruje ovo sto sam napred naveo.
S postovanjem.
P.S. Oprostite ako nesto nisam objasnio kako treba.
Logfile of HijackThis v1.99.1
Scan saved at 17:02:31, on 2.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Media Key\MagicKey.exe
C:\Program Files\Media Key\OSD.EXE
C:\WINDOWS\system32\lnaccess.exe
C:\WINDOWS\system32\slrundll.exe
C:\Documents and Settings\Korisnik\Desktop\New Folder (2)\kompa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {239D453D-1D02-3FB4-C400-2A8E1A986F9A} - panel_its.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [dmujb.exe] C:\WINDOWS\System32\dmujb.exe
O4 - HKLM\..\Run: [Kargo] PasswdMon.exe
O4 - HKLM\..\Run: [zantu] porka_.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [dmlma.exe] C:\WINDOWS\System32\dmlma.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\Program Files\Real\RealJukebox\tsystray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [SAPSTR] 34763.exe
O4 - HKCU\..\Run: [NsCplTray] stuffmon.exe
O4 - HKCU\..\Run: [StatusCheck] forces_elite.exe
O4 - HKCU\..\Run: [AMP Agent] C:\Program Files\Common Files\ARS Company\Agent\Agent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\lnaccess.exe /res
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - scripts.dlv4.com/binaries/IA/svcia32_EN_XP.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - news.beograd.com/AxisCamControl.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{02D2FEA9-CF37-4554-8C77-A2D9C5790E10}: NameServer = 85.255.116.60,85.255.112.203
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5EB4EE7-EC66-4EC6-AE32-86944928C7ED}: NameServer = 85.255.116.60,85.255.112.203
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0AA6D8F-B5A3-412D-998F-DA16881FD145}: NameServer = 212.200.172.1 212.200.172.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.60 85.255.112.203
O17 - HKLM\System\CS1\Services\Tcpip\..\{02D2FEA9-CF37-4554-8C77-A2D9C5790E10}: NameServer = 85.255.116.60,85.255.112.203
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.60 85.255.112.203
O17 - HKLM\System\CS2\Services\Tcpip\..\{02D2FEA9-CF37-4554-8C77-A2D9C5790E10}: NameServer = 85.255.116.60,85.255.112.203
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.60 85.255.112.203
O17 - HKLM\System\CS3\Services\Tcpip\..\{02D2FEA9-CF37-4554-8C77-A2D9C5790E10}: NameServer = 85.255.116.60,85.255.112.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.60 85.255.112.203
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skinuti Navilog1 sa sledece adrese:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

Raspakovati i pokrenuti instalaciju. Nakon instalacije ce na Desktopu biti nova ikonica Navilog1.bat.
Pokrenuti Navilog1.bat i na prvom ekranu odabrati jezik (E za Engleski jezik).
Na sledeca tri ekrana je samo potrebno pritisnuti bilo koji taster da bi se preslo na naredni ekran.

Kada se stigne do ekrana na kojem je potrebno odabrati sta Navilog1 treba da uradi, odabrati opciju 1 - Search.

Po zavrsetku skeniranja Navilog1 ce otvoriti Notepad, i u Notepadu ce biti log koji je potrebno iskopirati u poruci na forumu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Search Navipromo version 3.3.4 began on ??? 02.11.2007 at 23:32:34,34

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Updated on 02.11.2007 at 12h00 by IL-MAFIOSO

Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 6.0.2900.2180

Done in normal mode

*** Searching for installed Software ***


Instant Access


*** Search folders in C:\WINDOWS ***



*** Search folders in C:\Program Files ***

C:\Program Files\Instant Access found !


*** Search folders in C:\Documents and Settings\All Users\Application Data ***




*** Search folders in C:\Documents and Settings\Korisnik\Application Data ***


*** Search folders in C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : gmer.net

Hidden file(s) :

C:\WINDOWS\system32\pfhlpxe.dat
C:\WINDOWS\system32\pfhlpxe.exe
C:\WINDOWS\system32\pfhlpxe_nav.dat
C:\WINDOWS\system32\pfhlpxe_navps.dat

Hidden Process(es) :

C:\WINDOWS\system32\pfhlpxe.exe


*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in C:\WINDOWS\system32 *

Suspicious Files :

C:\WINDOWS\system32\atinukifqm.exe found !

* Scan in C:\DOCUME~1\KORISNIK\LOCALS~1\APPLIC~1 *



*** Search files ***


C:\WINDOWS\system32\nvs2.inf found !


*** Search specific Registry keys ***


*** Complementary Search ***
(Search specific files)

1)Search known files:

2)Heuristic Search :

C:\WINDOWS\system32\pfhlpxe.dat found !
C:\WINDOWS\system32\lnaccess.exe found !


3)Certificates Search :

Egroup certificate found !


*** Search completed on ??? 02.11.2007 at 23:33:37,92 ***

Dopuna: 02 Nov 2007 23:54

Postovani bobby, uradio sam kako si mi rekao, pokrenuo program, i iskopirao u odgovoru koji sam poslao na forum.
Nakon toga sam ponovo pokrenuo isti program i odabrao funkciju clear.
Nakon skeniranja racunar se je sam restartovao, i posle ponovnog ukljucenja u control panelu nije bilo onog sto nisam mogao da obrisem, ( Instant access ). Nadam se da sam dobro uradio,
Prilikom ukljucivanja, se ne pojavljuje log NOD/a (ono zeleno oko), nadam se da to nije nista strasno, ostalo za sada radi sasvim normalno.
Ako je ovo sve sto treba da uradim hvala velika.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skini ComboFix sa jedne od sledecih adresa:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 07-11-01.1** - Korisnik 2007-11-03 12:38:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.276 [GMT 1:00]
Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe
* Created a new restore point
.
ADS - ntoskrnl.exe: deleted 68 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dialerexe.ini
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\drivers\sfsync03.sys
C:\WINDOWS\system32\kdiyw.exe
C:\WINDOWS\system32\winsys.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\LEGACY_SFSYNC03
-------\sfsync02
-------\sfsync03


((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
.

2007-11-03 12:37 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-02 23:40 4,461 --a------ C:\WINDOWS\system32\gnc.exe
2007-11-02 23:38 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-02 23:31 <DIR> d-------- C:\Program Files\Navilog1
2007-11-02 14:19 27,533 --a------ C:\WINDOWS\system32\atinukifqm.exe
2007-10-27 19:17 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-27 19:09 <DIR> d-------- C:\Valve
2007-10-23 17:59 <DIR> d-------- C:\Program Files\3DO
2007-10-22 17:14 <DIR> d-------- C:\Program Files\Alcohol Toolbar
2007-10-22 17:14 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-10-22 17:14 249,390 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_7484.exe
2007-10-22 12:36 <DIR> d-------- C:\(zabranjeno)ed
2007-10-20 19:48 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-10-13 15:33 <DIR> d-------- C:\Program Files\WinAce
2007-10-13 15:27 <DIR> d-------- C:\Program Files\aod
2007-10-07 21:41 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2007-10-05 11:39 <DIR> d-------- C:\Program Files\Ubisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-02 23:47 --------- d-----w C:\Program Files\mIRC
2007-11-02 22:23 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Wildfire
2007-10-22 11:34 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-20 00:04 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Azureus
2007-10-17 17:27 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-15 22:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 14:35 --------- d-----w C:\Program Files\Opera
2007-10-13 14:33 --------- d-----w C:\Program Files\Real
2007-10-13 14:33 --------- d-----w C:\Program Files\Common Files\Real
2007-10-13 14:32 --------- d-----w C:\Program Files\Spinner Plus
2007-09-29 17:21 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2007-09-20 11:42 --------- d-----w C:\Program Files\ACD Systems
2007-09-20 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2005-12-12 23:34 5,632 --sha-w C:\Program Files\Thumbs.db
2005-11-04 18:10 75,176 ----a-w C:\Program Files\c4plyr.sav
2005-11-04 18:10 2,792 ----a-w C:\Program Files\ghw.txt
2005-11-04 18:10 2,721 ----a-w C:\Program Files\c4.cfg
2005-09-18 08:17 4 ----a-w C:\Program Files\C4.CD
2005-09-18 08:17 10 ----a-w C:\Program Files\cc.bin
2004-12-26 18:35 627 ----a-w C:\Program Files\Uninstall.lst
2004-12-26 18:34 121,344 ----a-w C:\Program Files\RarExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClientGW"="" []
"RFX_auto_upgrade"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys
R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 FreshIO;FreshIO;\??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-11-03 12:47:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-03 12:48:13 - machine was rebooted
.
--- E O F ---

Nista nisam dirao, kao sto si mi kazao, samo sam iskopirao log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uploaduj mi sledeci fajl na proveru:
C:\WINDOWS\system32\atinukifqm.exe

Koristi sledecu formu da bi mi uploadovao taj fajl:
http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

bobby, postupio sam po onome sto si nalozio, mislim da sam uplodoao trazeni fail. Komp mi inace radi za sada doduse kako treba, s tim sto i dalje ne prikazuje log NOD/32 prilikom startovanja.
Prilikom uplouda mi je prikazano da je uradjeno uspesno.

Dopuna: 03 Nov 2007 20:25

Bobby, mozda te smaram ovim, ali mislim da treba da ti kazem da je log nod/a poceo da se pojavljuje normalno kao i pre prilikom ukljucivanja racunara.
Jedino sto sam uradio osim onoga sto si mi ti rekao je da sam nakon toga nodom skenirao komp.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Fajl koji si mi poslao izgleda kao da je ostecen/nepotpun.
To nije posledica uploada na forum, vec je takav bio.
Videcu sa nekim prijateljima da ga prouce i kazu mi da li je to neka infekcija pokusala neuspesno da ubaci ovaj fajl kod tebe na komp ili je nesto drugo u pitanju.
To moze da potraje par dana.
Ti za tih par dana vidi kako ti se ponasa komp, i javljaj ukoliko primetis nesto sumnjivo.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Racunar mi se za sada ponasa sasvim normalno, ozbiljnijim razgovorom sa klincem sam i pronasao sta je radio:), priznao je da je cackao po xxx sajtovima.
Sta drugo da ti kazem do hvala velika sto si mo pomogao i za ovo do sada.
Pozdrav.