web stranice se same otvaraju-molim log na provjeru

1

web stranice se same otvaraju-molim log na provjeru

offline
  • Pridružio: 12 Mar 2008
  • Poruke: 31

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:07, on 22.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8-) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6576 bytes



pojedine dosadne web stranice se same otvaraju,molim log na provjeru,
ADSL je konekcija.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,


Otvori AVG 8 Control Center (desni klik na AVG ikonicu ( ) u donjem, desnom uglu ekrana, stavka Open AVG User Interface).
* Kada se pokrene AVG Control Center, dvoklikni na Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Resident Shield active i klikni Save changes.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.
--------------------------


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 12 Mar 2008
  • Poruke: 31

evo tu je log



ComboFix 09-04-22.A23 - Administrator 22.04.2009 13:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2047.1600 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Internet Security 3-pack *On-access scanning disabled* (Updated)
FW: AVG Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.

2009-04-21 15:37 . 2009-04-21 15:37 -------- d--h--w c:\windows\$hf_mig$
2009-04-21 14:20 . 2009-04-21 14:20 -------- d--h--w C:\$AVG8.VAULT$
2009-04-21 14:06 . 2009-04-21 14:06 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-04-21 14:06 . 2009-04-21 14:06 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-21 14:06 . 2009-04-21 14:06 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-21 14:06 . 2009-04-21 14:06 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-21 14:06 . 2009-04-22 07:07 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-21 14:06 . 2009-04-21 15:14 -------- d-----w c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-04-21 14:06 . 2009-04-21 14:06 50968 ----a-w c:\windows\system32\avgfwdx.dll
2009-04-21 14:06 . 2009-04-21 14:06 29208 ----a-w c:\windows\system32\drivers\avgfwdx.sys
2009-04-21 14:05 . 2009-04-21 14:06 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-21 13:32 . 2009-04-21 13:32 -------- d-----w c:\documents and settings\Administrator\Application Data\AVG8
2009-04-09 23:13 . 2009-04-09 23:13 -------- d-----w c:\documents and settings\Administrator\Application Data\Internet Saving Optimizer
2009-04-09 23:13 . 2009-04-09 23:13 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup
2009-04-09 23:11 . 2009-04-09 23:11 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD
2009-04-09 20:09 . 2009-04-09 20:09 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-04-09 18:34 . 2009-04-19 17:37 -------- d-----w c:\documents and settings\Administrator\Tracing
2009-04-09 18:05 . 2009-04-21 15:53 -------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-04-09 18:05 . 2009-04-09 18:05 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-04-09 17:51 . 2009-04-09 17:51 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2009-04-09 17:51 . 2009-04-09 17:51 -------- d-----w c:\documents and settings\Administrator\Application Data\ESET
2009-04-09 17:49 . 2009-04-09 17:49 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-04-09 17:39 . 2009-04-09 17:39 0 ----a-w c:\windows\nsreg.dat
2009-04-09 17:39 . 2009-04-09 17:39 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-08 19:51 . 2009-04-08 19:51 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Help
2009-04-08 19:22 . 2009-04-08 19:22 -------- d-----w c:\windows\Sun
2009-04-08 09:22 . 2009-04-08 09:22 -------- d-s---w c:\documents and settings\Administrator\UserData
2009-04-03 18:23 . 2009-04-03 19:13 1472 ----a-w c:\windows\tlknw2.ini
2009-03-28 09:26 . 2009-03-28 09:26 72 --sh--w C:\desktop.ini
2009-03-27 17:57 . 2009-03-27 17:57 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-03-27 17:20 . 2009-03-27 17:20 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-03-27 17:20 . 2009-03-31 16:38 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 09:56 . 2009-04-22 09:56 -------- d-----w c:\program files\Trend Micro
2009-04-21 16:13 . 2009-04-09 19:46 -------- d-----w c:\program files\Unlocker
2009-04-21 14:06 . 2009-04-21 14:06 -------- d-----w c:\program files\AVG
2009-04-20 21:34 . 2009-03-24 14:42 196608 ----a-w c:\windows\system32\drivers\nStandard.bin
2009-04-11 08:53 . 2009-03-31 16:44 -------- d-----w c:\program files\Winamp
2009-04-09 23:13 . 2009-04-09 23:13 768 ----a-w C:\20090410-011329.750.log
2009-04-09 23:13 . 2009-04-09 23:13 -------- d-----w c:\program files\Media Access Startup
2009-04-09 23:13 . 2009-04-09 23:13 -------- d-----w c:\program files\Nice Prosper
2009-04-09 23:11 . 2009-04-09 23:11 -------- d-----w c:\program files\Internet Saving Optimizer
2009-04-09 23:11 . 2009-04-09 23:11 -------- d-----w c:\program files\System Search Dispatcher
2009-04-09 23:11 . 2009-04-09 23:11 -------- d-----w c:\program files\DoubleD
2009-04-09 19:48 . 2009-03-27 18:50 -------- d-----w c:\program files\Yahoo!
2009-04-09 19:43 . 2009-03-24 15:23 -------- d-----w c:\program files\Common Files\Adobe
2009-04-09 18:34 . 2009-03-24 23:17 44480 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-09 18:33 . 2009-04-09 18:33 -------- d-----w c:\program files\Windows Live
2009-04-09 18:33 . 2009-04-09 18:33 -------- d-----w c:\program files\Microsoft
2009-04-09 18:33 . 2009-04-09 18:33 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-09 18:17 . 2009-04-09 18:17 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-09 18:05 . 2009-04-09 18:05 -------- d-----r c:\program files\Skype
2009-04-01 19:06 . 2009-03-24 15:16 11724112 ----a-w c:\windows\TEMP#01.EXE
2009-03-31 17:27 . 2009-03-24 14:38 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-31 17:13 . 2009-03-24 15:31 -------- d-----w c:\program files\Webteh
2009-03-31 17:13 . 2009-03-24 15:31 -------- d-----w c:\documents and settings\Administrator\Application Data\BSplayer PRO
2009-03-27 19:09 . 2009-03-24 23:07 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-27 18:51 . 2009-03-27 18:50 -------- d-----w c:\program files\CCleaner
2009-03-27 17:20 . 2009-03-24 15:40 -------- d-----w c:\program files\Google
2009-03-27 09:08 . 2009-03-24 16:11 -------- d-----w c:\documents and settings\Administrator\Application Data\Autodesk
2009-03-24 23:07 . 2009-03-24 23:07 -------- d-----w c:\program files\microsoft frontpage
2009-03-24 23:05 . 2009-03-24 23:05 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-24 23:02 . 2009-03-24 20:10 -------- d-----w c:\program files\Mv2Player
2009-03-24 16:51 . 2009-03-24 16:51 -------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-03-24 16:49 . 2009-03-24 16:49 -------- d-----w c:\documents and settings\Administrator\Application Data\MathWorks
2009-03-24 16:35 . 2009-03-24 16:35 -------- d-----w c:\program files\MATLAB
2009-03-24 16:27 . 2009-03-24 16:27 -------- d-----w c:\documents and settings\Administrator\Application Data\Mathsoft
2009-03-24 16:25 . 2009-03-24 16:25 -------- d-----w c:\program files\Mathcad
2009-03-24 16:17 . 2009-03-24 16:11 -------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-03-24 16:16 . 2009-03-24 16:10 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-03-24 16:16 . 2009-03-24 16:11 -------- d-----w c:\program files\AutoCAD 2008
2009-03-24 16:10 . 2009-03-24 16:10 -------- d-----w c:\program files\Autodesk
2009-03-24 15:58 . 2009-03-24 15:58 -------- d-----w c:\program files\PDFCreator
2009-03-24 15:58 . 2009-03-24 15:58 253116 ----a-w c:\windows\PDFCreator_Toolbar_Uninstaller_7328.exe
2009-03-24 15:58 . 2009-03-24 15:58 14290 ----a-w c:\program files\settings.dat
2009-03-24 15:58 . 2009-03-24 15:58 -------- d-----w c:\program files\PDFCreator Toolbar
2009-03-24 15:54 . 2009-03-24 15:36 -------- d-----w c:\program files\DAEMON Tools Lite
2009-03-24 15:52 . 2009-03-24 15:52 -------- d-----w c:\documents and settings\Administrator\Application Data\Nero
2009-03-24 15:51 . 2009-03-24 15:51 -------- d-----w c:\program files\Common Files\Nero
2009-03-24 15:51 . 2009-03-24 15:51 -------- d-----w c:\program files\Nero
2009-03-24 15:51 . 2009-03-24 15:51 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-03-24 15:43 . 2009-03-24 15:43 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-24 15:42 . 2009-03-24 15:42 -------- d-----w c:\program files\Java
2009-03-24 15:42 . 2009-03-24 15:42 -------- d-----w c:\program files\Common Files\Java
2009-03-24 15:41 . 2009-03-24 15:40 -------- d-----w c:\program files\Picasa2
2009-03-24 15:36 . 2009-03-24 15:36 -------- d-----w c:\documents and settings\Administrator\Application Data\DAEMON Tools
2009-03-24 15:34 . 2009-03-24 15:27 716272 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-24 15:28 . 2009-03-24 15:28 -------- d-----w c:\program files\Alcohol Soft
2009-03-24 15:21 . 2009-03-24 15:21 -------- d-----w c:\documents and settings\Administrator\Application Data\ACD Systems
2009-03-24 15:20 . 2009-03-24 15:20 -------- d-----w c:\program files\Common Files\ACD Systems
2009-03-24 15:20 . 2009-03-24 15:20 -------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-03-24 15:20 . 2009-03-24 15:20 -------- d-----w c:\program files\ACD Systems
2009-03-24 15:06 . 2009-03-24 14:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-24 15:03 . 2009-03-24 15:03 -------- d-----w c:\program files\Realtek
2009-03-24 15:03 . 2009-03-24 15:03 315392 ----a-w c:\windows\HideWin.exe
2009-03-24 15:01 . 2009-03-24 15:01 -------- d-----w c:\program files\Intel
2009-03-24 14:43 . 2009-03-24 14:43 -------- d-----w c:\program files\My Company Name
2009-03-24 14:42 . 2009-03-24 14:42 -------- d-----w c:\program files\ASUS
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 221568]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-14 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-21 1932568]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-09-16 1626112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-21 14:06 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2009-04-21 29208]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-21 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-21 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-21 108552]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-21 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-21 298264]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-04-21 1356616]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l151x86.sys [2007-11-01 36864]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2009-04-21 29208]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ts1lenqu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\components\NPFFAddOn.dll
FF - component: c:\program files\Media Access Startup\1.0.0.610\FF\components\HPFFAddOn.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-22 13:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(300)
c:\windows\system32\msi.dll
.
Completion time: 2009-04-22 13:30
ComboFix-quarantined-files.txt 2009-04-22 11:30
ComboFix2.txt 2009-04-21 16:34

Pre-Run: 29.330.497.536 bytes free
Post-Run: 29.319.438.336 bytes free

197

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Mozes li da malo pojasnis kako se same otvaraju, i koje stranice?

offline
  • Pridružio: 12 Mar 2008
  • Poruke: 31

Napisano: 22 Apr 2009 14:01

rya.rockyou.com/ams/ad.php?placeguid=7F5B124747&type=Leaderboard,
ovo npr jedna od tih dosadnih,
zatim otvaraju se i neke hotelske ponude,igrice itd sve to dok imam otvorenu neku normalnu web stranu.

Dopuna: 22 Apr 2009 14:08

hotelworlddirectory.com/featured-hotel.html

ovo jedna od vrlo cesti koja se sama ovori

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Nazalost to je sasvim normalno da se te reklame same otvaraju.

Sto se tice ostatka kompa, cist je.

Deinstalacija ComboFix-a:
Klikni START a zatim RUN.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.

offline
  • Pridružio: 12 Mar 2008
  • Poruke: 31

Napisano: 22 Apr 2009 15:18

deinstaliracu combofix,ili me niste dobro razumijeli,ali u pitanju nije reklama,nezeljene stranice se otvaraju kada otvorim bilo koju normalnu stranicu,otvara mi se nova stranica u novom prozoru sadrzaja koji sam ranije naveo.

Dopuna: 22 Apr 2009 15:21

npr. dok sam pisao ovu poruku vec mi se u novom prozoru otvorila sledeca stranica koju sam i ranije prilozio,
rya.rockyou.com/ams/ad.php?placeguid=7F5B124747&type=Leaderboard

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Aha, mislim da vidim problem.

Javljam se kasnije....

offline
  • Pridružio: 12 Mar 2008
  • Poruke: 31

ok,dobro je da smo se sporazumijeli

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Ugasi NOD.

Ako si uninstalirao ComboFix, skini ga ponovo.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\20090410-011329.750.log

Folder::
c:\program files\Media Access Startup
c:\program files\Nice Prosper
c:\program files\Internet Saving Optimizer
c:\program files\System Search Dispatcher
c:\program files\DoubleD
c:\documents and settings\Administrator\Application Data\Internet Saving Optimizer
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 1225 korisnika na forumu :: 36 registrovanih, 2 sakrivenih i 1187 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Areal84, Asparagus, bigfoot, Bobrock1, Boris BM, Centauro, Dorcolac, FOX, GandorCC, ILGromovnik, Karla, Kriglord, Kubovac, Lieutenant, lord sir giga, Lucije Kvint, marsovac 2, MIg, minmatar34957, miodrag, mkukoleca, nedeljkovici, nenad81, nick79, Papadubi, procesor, royst33, saputnik plavetnila, Stanlio, stegonosa, vandrej, Vlad000, wolf1, Zimbabwe, zziko