Msn se zaljubio, hehe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Morala sam ispocetka jer sam snimljeni fajl prevukla preko HijackThis, a ne preko ComboFix

ComboFix 08-10-15.01 - Agrobacka 2008-10-15 19:33:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.117 [GMT 2:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\Tasks\A62E31C49185AABC.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\third lies itch ford
C:\Documents and Settings\All Users\Application Data\third lies itch ford\DALE OWNS.exe
C:\Documents and Settings\User\Application Data\LONG MIX SIZE
C:\Documents and Settings\User\Application Data\LONG MIX SIZE\0
C:\Documents and Settings\User\Application Data\LONG MIX SIZE\film once.exe
C:\Documents and Settings\User\Application Data\LONG MIX SIZE\meta balm ace.exe
C:\Documents and Settings\User\Application Data\LONG MIX SIZE\pizaebql.exe
C:\Program Files\LONG MIX SIZE
C:\WINDOWS\Tasks\A62E31C49185AABC.job

.
((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 )))))))))))))))))))))))))))))))
.

2008-10-15 13:00 . 2008-10-15 13:00 38 --a------ C:\WINDOWS\avisplitter.INI
2008-09-29 09:14 . 2008-10-01 07:19 <DIR> d-------- C:\Program Files\IncrediMail

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 17:33 --------- d-----w C:\Documents and Settings\User\Application Data\BitTorrent
2008-10-15 12:59 --------- d-----w C:\Documents and Settings\User\Application Data\Skype
2008-10-15 07:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-08 10:16 --------- d-----w C:\Documents and Settings\User\Application Data\Image Zone Express
2008-09-01 12:49 --------- d-----w C:\Documents and Settings\User\Application Data\DNA
2008-09-01 04:55 --------- d-----w C:\Program Files\DNA
2008-08-29 06:03 --------- d-----w C:\Documents and Settings\User\Application Data\HP
2008-07-14 12:09 0 ----a-w C:\Program Files\temp01
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2008-04-08 587568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-15 949376]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SiSPower"="SiSPower.dll" [2007-04-13 C:\WINDOWS\system32\SiSPower.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-12-11 262144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^UltimateZip Quick Start.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\UltimateZip Quick Start.lnk
backup=C:\WINDOWS\pss\UltimateZip Quick Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-02-25 08:56 3335944 C:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e64e4e3-41b5-11dd-a589-0019d1de0a9c}]
\Shell\Auto\command - F:\Autorun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-10-15 19:35:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-15 19:37:26
ComboFix-quarantined-files.txt 2008-10-15 17:36:58
ComboFix2.txt 2008-10-15 05:48:35

Pre-Run: 32,314,068,992 bytes free
Post-Run: 32,302,313,472 bytes free

103

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok, ovo sada izgleda čisto.

Preostaje da uradiš sledeće:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

-------------------------------------------------------------------------------------



Sada možeš postaviti onaj log sa kućnog kompjutera (C:\ComboFix.txt).

Podseti me samo i koji su problemi na tom kompjuteru...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala ti evo sad je sve ok
ti nama i pomagao još sto godina

Dopuna: 16 Okt 2008 16:17

dr_Bora ::Podseti me samo i koji su problemi na tom kompjuteru...

Na ovom računaru sam isto dobila na msn -u link koji sam takođe kliknula, tako da bih volela da i ovaj logfile prekontrolišete. Unapred se zahvaljujem


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:14, on 16.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Ovislink\Common\TurboG-UI.exe
C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Documents and Settings\Manta\Desktop\New Folder\TR3.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AirLive Turbo-G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\TurboG-UI.exe
O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B984A5D-109D-40FB-8F82-9BE76E35AB7C}: NameServer = 195.252.122.154
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4099 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovde ne vidim bilo šta problematično.

Postoji li neki konkretan problem?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne, nemam problema, nego sam i na tom računaru kliknula na sličan link na ms -u, pa sam milslila da je možda i on zahvatio virus. U svakom slučaju hvala vam