Pomoć oko kompa

2

Pomoć oko kompa

offline
  • Pridružio: 30 Dec 2008
  • Poruke: 11

Evo log, a D: je particija na disku. EVo u poslednjih sat vremena par puta mi se desilo sledece, javi mi gresku nesto kao PAGE_FAULT_IN_NON_PAGED_AREA i javlja mi dole u dnu ekrana kao dumping physical memory i onda se restartuje sam. Da li je to do ovog virusa ili je nesto drugo?

ComboFix 08-12-29.02 - pc 2008-12-30 19:46:06.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.449 [GMT 1:00]
Running from: c:\documents and settings\pc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\pc\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
c:\windows\system32\Explorer.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-23 15:56 . 2008-12-23 15:56 244 --ah----- C:\sqmnoopt01.sqm
2008-12-23 15:56 . 2008-12-23 15:56 232 --ah----- C:\sqmdata01.sqm
2008-12-11 16:33 . 2008-12-11 16:32 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-11 16:33 . 2008-12-11 16:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-08 18:21 . 2008-12-08 18:23 1,004 --ahs---- c:\windows\system32\sys_drv.dat
2008-12-08 18:12 . 2008-12-08 18:12 180,064 --a------ c:\windows\system32\WinVd32.sys
2008-12-08 18:12 . 2008-12-08 18:12 16,384 --a------ c:\windows\system32\WinFl32.sys
2008-12-08 18:11 . 2008-12-08 18:12 <DIR> d-------- c:\program files\Folder Lock 6
2008-12-05 22:40 . 2008-12-05 22:40 <DIR> d-------- c:\documents and settings\pc\Application Data\CyberLink
2008-12-01 21:32 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-12-01 21:32 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-12-01 21:32 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-12-01 17:59 . 2008-12-01 17:59 <DIR> d-------- c:\documents and settings\pc\Bluetooth Software
2008-12-01 17:54 . 2008-12-01 17:54 <DIR> d-------- c:\program files\AirLive
2008-11-20 17:06 . 2008-11-20 17:06 98,304 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-20 16:52 . 2008-11-20 16:52 <DIR> d-------- c:\program files\Rockstar Games
2008-11-14 14:50 . 2008-11-14 14:50 <DIR> d-------- c:\documents and settings\pc\Application Data\AdobeUM
2008-11-10 18:05 . 2008-11-10 18:05 <DIR> d-------- c:\windows\Sun
2008-11-10 00:30 . 2008-11-10 00:31 <DIR> d-------- c:\program files\VirtualDJ
2008-11-09 16:36 . 2008-12-07 14:49 69 --a------ c:\windows\NeroDigital.ini
2008-11-08 17:52 . 2008-11-08 17:52 <DIR> d-------- C:\Downloads
2008-11-08 16:14 . 2008-11-08 16:52 <DIR> d-------- c:\program files\Winamp
2008-11-08 16:14 . 2008-11-08 16:38 <DIR> d-------- c:\documents and settings\pc\Application Data\Winamp
2008-11-06 15:39 . 2008-12-30 19:30 <DIR> d-------- c:\program files\DNA
2008-11-06 15:39 . 2008-11-06 15:39 <DIR> d-------- c:\program files\BitTorrent
2008-11-06 15:39 . 2008-12-30 19:40 <DIR> d-------- c:\documents and settings\pc\Application Data\DNA
2008-11-06 15:39 . 2008-12-12 19:17 <DIR> d-------- c:\documents and settings\pc\Application Data\BitTorrent
2008-11-06 15:38 . 2008-11-06 15:38 <DIR> d-------- c:\program files\AskSearch
2008-11-06 15:38 . 2008-11-13 10:42 <DIR> d-------- c:\program files\AskBarDis
2008-11-06 14:24 . 2008-11-06 14:24 0 --a------ c:\windows\nsreg.dat
2008-11-06 14:11 . 2008-12-30 19:38 <DIR> d-------- c:\documents and settings\pc\Contacts
2008-11-04 14:40 . 2008-12-30 19:30 177 --a------ C:\ASWL2K.ini
2008-11-04 14:38 . 2008-11-04 14:38 <DIR> d-------- c:\program files\ASUS
2008-11-04 14:38 . 2006-02-21 17:23 525,824 --a------ c:\windows\system32\ASWL2K.exe
2008-11-04 14:38 . 2004-05-06 12:21 496,640 --a------ c:\windows\system32\ASWLSVC.exe
2008-11-04 14:38 . 2004-05-07 18:57 159,827 --a------ c:\windows\system32\RemSvc.exe
2008-11-04 14:38 . 2003-10-09 19:38 141,824 --a------ c:\windows\system32\ClientCpl.cpl
2008-11-04 14:38 . 2002-09-09 21:01 61,440 --a------ c:\windows\system32\ASUSW32N50.dll
2008-11-04 14:38 . 2008-11-04 14:38 20,747 --a------ c:\windows\system32\drivers\AegisP.sys
2008-11-04 14:38 . 2002-09-09 19:54 16,269 --a------ c:\windows\system32\ASNDIS5.sys
2008-11-04 14:38 . 2001-04-16 05:48 15,577 --a------ c:\windows\system32\ASNDIS3.vxd
2008-11-04 14:36 . 2005-02-11 21:46 371,712 --a------ c:\windows\system32\drivers\BCMWL5.SYS
2008-11-04 14:29 . 2008-11-04 14:30 <DIR> d-------- c:\windows\Modio
2008-11-04 14:17 . 2008-11-04 14:17 <DIR> d-------- c:\program files\C-Media 3D Audio
2008-11-04 14:17 . 2003-12-11 15:44 2,453,504 --a------ c:\windows\system\cmicnfg.cpl
2008-11-04 14:16 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-11-04 14:02 . 2008-11-04 14:02 <DIR> d-------- c:\program files\VIA
2008-11-04 13:53 . 2008-11-04 13:53 <DIR> d-------- c:\program files\ATI Technologies
2008-11-04 13:53 . 2006-02-21 21:05 520,192 --a------ c:\windows\system32\ati2sgag.exe
2008-11-04 13:53 . 2008-11-04 13:53 982 --a------ c:\windows\ATICIM.INI
2008-11-04 13:52 . 2008-11-04 13:52 <DIR> d-------- C:\Service
2008-11-04 12:19 . 2001-08-23 12:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2008-11-04 12:17 . 2001-08-23 12:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-11-04 12:16 . 2004-08-03 23:56 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2008-11-04 12:15 . 2004-08-03 23:56 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\WindowsShell.Manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-11-04 12:10 . 2006-02-22 05:30 2,636,672 --a--c--- c:\windows\system32\dllcache\ati3duag.dll
2008-11-04 12:10 . 2006-02-22 05:30 2,636,672 --a------ c:\windows\system32\ati3duag.dll
2008-11-04 12:10 . 2006-02-22 05:46 1,505,792 --a------ c:\windows\system32\drivers\ati2mtag.sys
2008-11-04 12:10 . 2006-02-22 05:46 1,505,792 --a--c--- c:\windows\system32\dllcache\ati2mtag.sys
2008-11-04 12:10 . 2004-08-04 00:56 870,784 --a------ c:\windows\system32\ati3d1ag.dll
2008-11-04 12:10 . 2006-02-22 05:24 860,480 --a--c--- c:\windows\system32\dllcache\ativvaxx.dll
2008-11-04 12:10 . 2006-02-22 05:24 860,480 --a------ c:\windows\system32\ativvaxx.dll
2008-11-04 12:10 . 2006-02-22 05:04 258,048 --a------ c:\windows\system32\ati2cqag.dll
2008-11-04 12:10 . 2006-02-22 05:46 256,512 --a------ c:\windows\system32\ati2dvag.dll
2008-11-04 12:10 . 2001-08-17 12:13 27,165 --a------ c:\windows\system32\drivers\fetnd5.sys
2008-11-04 12:06 . 2004-08-04 00:58 2,012,670 --a--c--- c:\windows\system32\dllcache\NT5.CAT
2008-11-04 12:06 . 2004-08-04 00:57 1,086,058 --a--c--- c:\windows\system32\dllcache\NTPRINT.CAT
2008-11-04 12:06 . 2004-08-04 00:57 1,086,058 -ra------ c:\windows\SET2E.tmp
2008-11-04 12:06 . 2004-08-04 01:03 1,042,903 --a--c--- c:\windows\system32\dllcache\SP2.CAT
2008-11-04 12:06 . 2004-08-04 01:03 1,042,903 -ra------ c:\windows\SET2B.tmp
2008-11-04 12:06 . 2001-08-23 12:00 797,189 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT
2008-11-04 12:06 . 2004-08-04 00:58 502,724 --a--c--- c:\windows\system32\dllcache\NT5INF.CAT
2008-11-04 12:06 . 2001-08-23 12:00 399,645 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT
2008-11-04 12:06 . 2004-08-04 00:58 13,753 -ra------ c:\windows\SET3A.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 15:32 --------- d-----w c:\program files\Java
2008-12-08 22:51 --------- d-----w c:\program files\ESET
2008-11-20 16:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 13:37 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-12 09:09 299,392 ----a-w c:\windows\system32\imon.dll
2008-09-11 18:49 155,995 ----a-w c:\windows\java\Packages\VHFJDRPJ.ZIP
2002-01-25 14:57 3,544,576 ----a-w c:\program files\LIPSETUP.MSI
2001-11-23 11:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-12-30_17.48.31.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-30 18:30:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_110.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-06 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-09-12 950664]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 1667584]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"Cmaudio"="cmicnfg.cpl" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\AirLive\Bluetooth Software\BTTray.exe [2005-12-02 618557]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-09-12 15424]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-11-04 16269]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\MSN Messenger\usnsvc.exe" [2007-01-19 97136]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.a2articles.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\imon.dll
TCP: {F026372C-58E5-43BC-9767-3F9F7FFA3CE2} = 87.250.98.250 208.67.222.222

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\f7ug7hxp.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-30 19:47:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808-)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\imon.dll
.
Completion time: 2008-12-30 19:48:34
ComboFix-quarantined-files.txt 2008-12-30 18:48:14
ComboFix2.txt 2008-12-30 18:26:46
ComboFix3.txt 2008-12-30 17:51:46
ComboFix4.txt 2008-12-30 17:35:58
ComboFix5.txt 2008-12-30 18:45:29

Pre-Run: 32.138.080.256 bytes free
Post-Run: 32,127,815,680 bytes free

203

Evo i log od gmer.exe:

GMER 1.0.14.14536 - gmer.net
Rootkit scan 2008-12-30 20:05:51
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\system32\WinFl32.sys ZwCreateFile [0xF77D74B0]
SSDT \??\C:\WINDOWS\system32\WinFl32.sys ZwOpenFile [0xF77D7784]
SSDT \??\C:\WINDOWS\system32\WinFl32.sys ZwQueryDirectoryFile [0xF77D7A4A]

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

---- Files - GMER 1.0.14 ----

File C:\Documents and Settings\All Users\Start Menu\Folder Lock 6.lnk 770 bytes

---- EOF - GMER 1.0.14 ----

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Pokreni ponovo HijackThis i klikni na Do a system scan only
Stikliraj polje ispred sledece linije:
O17 - HKLM\System\CCS\Services\Tcpip\..\{F026372C-58E5-43BC-9767-3F9F7FFA3CE2}: NameServer = 87.250.98.250 208.67.222.222
Nakon toga klikni na Fix Checked

Idi na dugme Start (ono Windowsovo), pa na RUN.
Otvorice se dijalog u kojem ces ukucati CMD i kliknuti na Enter.
Otvorice se konzola.
U konzoli kucaj ipconfig /flushdns pa stisni Enter na tastaturi.

Nakon toga restartuj racunar.
Nakon restarta skeniraj ponovo HijackThisom kao kada si otvarao temu ovde, i postavi mi taj log.



Sto se tice blokiranja racunara, bojim se da su ti ti problemi hardverske prirode.
ComboFix prilicno opterecuje racunar, sto dovodi do prilicnog grejanja procesora i hard diska.
Ukoliko ti je napajanje na kompu lose, ili zrelo za penziju, onda se pod opterecenjem desava upravo to - restartovanje.

offline
  • Pridružio: 30 Dec 2008
  • Poruke: 11

Evo ponovo HijackThis log fajl:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:22:40, on 30.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AirLive\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\AirLive\Bluetooth Software\BTTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\pc\Desktop\New Folder\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = a2articles.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\AirLive\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\AirLive\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F026372C-58E5-43BC-9767-3F9F7FFA3CE2}: NameServer = 87.250.98.250 208.67.222.222
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\AirLive\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 5907 bytes

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Uradio si sve onako kako sam ti napisao?
Znaci, fiksnuo si onu liniju, odradio Flush iz konzole (i nije ti prijavljena nikakva greska) i onda si restartovao racunar i tek nakon toga napravio ovaj log?

Ako je tako, onda imamo problem za koji moram tek da smislim resenje.

offline
  • Pridružio: 30 Dec 2008
  • Poruke: 11

Da sve je odradjeno, bez ikakve greske, mislim nije nista prijavio.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

E, izvini, moja je greska. Sve je u redu.

Proverio sam podatke jos jednom, ali u drugoj bazi, i ustanovio da ti je DNS legitiman.

Kazi mi da li ima jos nekih simptoma zaraze?


Zamolio bih te za jednu uslugu, posto kod je kod tebe imala jedna nova zaraza na kompu, da nam posaljes uzorke.
Treba spakovati u jedan ZIP ili RAR sledeci folder:
c:\qoobox\quarantine
Taj ZIP (ili RAR) da uploadujes preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

Kazi kada to odradis (ukoliko si raspolozen da nam to uploadujes), pa da dovrsimo ciscenje.

offline
  • Pridružio: 30 Dec 2008
  • Poruke: 11

Evo stavio sam da se uploaduje, medjutim prilikom zipovanja mi je javilo sledecu gresku:
! Quarantine.rar: Cannot open C:\Qoobox\Quarantine\C\WINDOWS\system32\urqNHYRl.dll.vir
! Access is denied.

Onda sam samo kliknuo na close i zavrseno je zipovanje.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Najverovatnije ti je ukljucen antivirus, pa zato nije hteo da spakuje (antivirus je prepoznao malware i blokirao je fajl).

offline
  • Pridružio: 30 Dec 2008
  • Poruke: 11

Evo sad cu ga iskljuciti pa ponovo.

Dopuna: 30 Dec 2008 21:08

Eto uploadovao sam,je li sve OK?

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Hvala ti puno.

Hajmo da deinstaliramo ComboFix (ovo obavezno uradi, posto ce tek tada dovrsiti ciscenje):

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


HijackThis potrazi u Add/Remove programs i deinstaliraj ga odatle.
Ukoliko ga tamo nema onda jednostavno samo obrisi fajl HijackThis.exe

Ko je trenutno na forumu
 

Ukupno su 996 korisnika na forumu :: 38 registrovanih, 9 sakrivenih i 949 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, _Sale, babaroga, bojank, bokisha253, Brana01, danilopu, doktor1964, drimer, Duh sa sekirom, dule10savic, elenemste, Excalibur13, FOX, galijot, Georgius, goxin, Ivica1102, Kubovac, Luka Blažević, Magistar78, mercedesamg, milos.cbr, Motocar, nemkea71, nextyamb, pacika, pein, procesor, royst33, sevenino, slonic_tonic, Steeeefan, trajkoni018, vlada035, Yugol33, YugoSlav, zdrebac