Pomoc,problem sa trojancem

1

Pomoc,problem sa trojancem

offline
  • Pridružio: 03 Dec 2007
  • Poruke: 156
  • Gde živiš: Novi Sad

Logfile of HijackThis v1.99.1
Scan saved at 6:08:53 PM, on 22-Jan-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Fmctrl.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AIV Reminder\aivreminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\TVR\TVR\RecSche.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: (no name) - {43BF8E0C-886D-4103-8DDB-2DFE0E8A0168} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Video decompressor - {F38636ED-E66E-4A37-822E-0C01F64D6605} - C:\WINDOWS\pandsf.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AIV Reminder] C:\Program Files\AIV Reminder\aivreminder.exe
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\x\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: TVR Schedule.lnk = ?
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYYU
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro.....0.15-3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6A025F8C-3498-42D1-A3BA-31B8B7EAB387} (ButtonX Control) - miss.smscentar.com/ActiveX.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8-) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Odmah da kazem da nisam bas vican rukovanju sa kompom.Negde sam pokupio trojanca,skenirao sam i brisao sa NOD32,i cini mi se da nema virusa,ali mi se svaki put kad otvorim novu stranicu pojavi upozorenje: System Error!Your computer was infected by unknow trojan.It`s dangerous for your system(critical files can be lost)!Click OK to downloader the antispyour program to clean your system(recommender).Skinuo sam po uputstvu sa ambulante Hijack This,i kopirao ono sto je skenirao,iznad teksta.Sta sad?

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Pozdrav.

1) Preuzmi program SmitfraudFix sa ovog linka.

2.) Extract-uj program na desktop. (Takodje na ovaj način pripremi i program Hijack This koje će se kasnije koristiti)

3.) Restartuj računar i podigni sistem u Safe Mode-u. [ Safe Mode info link ]

4.) Pronadji na desktop-u folder gde si raspakovao SmitfraudFix program i dvoklikom pokreni fajl SmitfraudFix.cmd.
Kada se alat za uklanjanje prvi put startuje pokazaće ti se ekran za odobrenje. Jednostavno pritisni bilo koje dugme na tastaturi da bi prešao na sledeći nivo.

5.)



6.) Program će početi sa čišćenjem kompjutera. Posle završenog čišćenja SmitfraudFix-om
pokrenuće ti se Windows-ov program Disk Cleanup.



Nakon sto SmitFraudFix zavrsi svoj posao, postavi nam ovde log koji se nalazi na C:\rapport.txt i svez HJT log.

offline
  • Pridružio: 03 Dec 2007
  • Poruke: 156
  • Gde živiš: Novi Sad

Neverovatno,skinuo samSmitFraundFix,i skenirao ga sa NOD32,kad na njemu virus>D:|SmitfraundFix.exe>>RAR>>SmithfraundFix\Process.exe-Win32/Prcview application.NOD32 ga je izbrisao,jel to virus stvarno.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Nije virus, to je jedna losa definicija u NODu koju uporno ne zele da poprave vec vise od godinu dana...

Privremeno isključi IMON i AMON module (delovi NOD32) dečekiranjem sledećih opcija:
AMON - File system monitor (AMON) enabled
IMON - Internet monitor (IMON) enabled

Skini onda ponovo SmitFraudFix i isprati gornje uputstvo.

offline
  • Pridružio: 03 Dec 2007
  • Poruke: 156
  • Gde živiš: Novi Sad

Tako da ne mogu da extraktujem smithfraudFix na desktop jer nece da ga memorise windows

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Napisah ti gore kako da iskljucis NOD dok obavimo ovo. Posle mozes ponovo da ga ukljucis.

offline
  • Pridružio: 03 Dec 2007
  • Poruke: 156
  • Gde živiš: Novi Sad

Iskljucio sam te opcije,i kad sam ponovo skinuo smitfraund i skenirao ga sa NOD32,ponovo nije memorisan

Dopuna: 22 Jan 2008 20:06

SmitFraudFix v2.274

Scan done at 19:51:13.73, 22-Jan-2008
Run from D:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Video Add-on\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6EC1BDDF-63BE-499A-B053-74A3A1821FED}: DhcpNameServer=82.117.194.2 82.117.194.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6EC1BDDF-63BE-499A-B053-74A3A1821FED}: DhcpNameServer=82.117.194.2 82.117.194.3
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6EC1BDDF-63BE-499A-B053-74A3A1821FED}: DhcpNameServer=82.117.194.2 82.117.194.3
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.117.194.2 82.117.194.3
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.117.194.2 82.117.194.3
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.117.194.2 82.117.194.3


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning



Evo ga rapport,a sada cu postaviti i HJT,samo da ga snimim

Dopuna: 22 Jan 2008 20:10

Logfile of HijackThis v1.99.1
Scan saved at 8:06:49 PM, on 22-Jan-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Fmctrl.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AIV Reminder\aivreminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TVR\TVR\RecSche.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: (no name) - {43BF8E0C-886D-4103-8DDB-2DFE0E8A0168} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Video decompressor - {F38636ED-E66E-4A37-822E-0C01F64D6605} - C:\WINDOWS\pandsf.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AIV Reminder] C:\Program Files\AIV Reminder\aivreminder.exe
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\x\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: TVR Schedule.lnk = ?
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYYU
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro.....0.15-3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6A025F8C-3498-42D1-A3BA-31B8B7EAB387} (ButtonX Control) - miss.smscentar.com/ActiveX.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8-) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe



Evo ga i HJT,al se meni i dalje pojavljuje ono obavestenje

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Bas me ne pratis sta ti pisem.
Rekoh di da drzis NOD iskljucenog dok ne zavrsimo ciscenje.
Dozvolio si NODu da blokira SmitFraudFix...

Ajmo onda ovako:
Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

I drzi NOD iskljucenog dok skidas ovaj program i dok program skenira.

offline
  • Pridružio: 03 Dec 2007
  • Poruke: 156
  • Gde živiš: Novi Sad

ComboFix 08-01-23.1 - x 2008-01-22 20:48:50.1 - NTFSx86
Running from: D:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\x\Application Data\setup_en[1].exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\00E7C4EE.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\0113B90C.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\0113DECC.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\01C65167.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\0113DECC.jpg
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\01C65167.jpg
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
C:\Program Files\FunWebProducts\Shared\01154ED4.dat
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat

.
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-22 20:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 19:51 . 2008-01-22 19:51 1,468 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-22 19:50 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-22 19:50 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-22 19:50 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-22 19:50 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-22 19:50 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-22 19:50 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-22 01:19 . 2008-01-22 01:19 229,376 --a------ C:\WINDOWS\pandsf.dll
2008-01-22 01:19 . 2008-01-22 01:19 44 --a------ C:\tmp.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-14 00:18 --------- d-----w C:\Program Files\Common Files\NSV
2007-12-11 00:07 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-10 18:00 --------- d-----w C:\Program Files\directx
2007-12-10 14:32 --------- d-----w C:\Program Files\AIV Reminder
2007-12-09 23:15 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-09 22:50 --------- d-----w C:\Program Files\Windows Live
2007-12-07 23:23 --------- d-----w C:\Program Files\Multilizer2007TE
2007-12-03 16:59 --------- d-----w C:\Program Files\FDRLab
2007-11-26 18:24 1,434,582 ----a-w C:\Ipref271i_instalacija.exe
2007-11-20 11:03 1 -c--a-w C:\Program Files\Multilizer2007TEsetupkind.bin
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-31 12:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BF8E0C-886D-4103-8DDB-2DFE0E8A0168}]
C:\Program Files\Video Add-on\isfmdl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F38636ED-E66E-4A37-822E-0C01F64D6605}]
2008-01-22 01:19 229376 --a------ C:\WINDOWS\pandsf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}

[HKEY_CLASSES_ROOT\clsid\{6ca49fdd-4aeb-4f08-a394-c0a1f82caa16}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{6ca49fdd-4aeb-4f08-a394-c0a1f82caa16}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\x\OctoshapeClient.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [2002-08-30 15:00 3072 C:\WINDOWS\system32\systray.exe]
"FmctrlTray"="Fmctrl.EXE" [2001-08-20 21:47 270336 C:\WINDOWS\system32\fmctrl.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-22 11:43 949376]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"C-Media Mixer"="Mixer.exe" [2002-09-17 16:55 1622016 C:\WINDOWS\mixer.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-22 16:02 185632]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-06-29 06:24 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AIV Reminder"="C:\Program Files\AIV Reminder\aivreminder.exe" [2007-08-15 11:47 12980224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"LvHidSvc"="C:\WINDOWS\system32\lvhidsvc.exe" [2004-10-10 18:17 33280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TVR Schedule.lnk - C:\WINDOWS\Installer\{E4C3B10E-E277-4458-8440-DAE332D50BF3}\_4ae13d6c.exe [2007-12-10 18:57:20 1078]

R3 3dfxvs;3dfxvs;C:\WINDOWS\system32\DRIVERS\3dfxvsm.sys [2001-08-17 13:48]
R3 gameport;FM801 PCI Joystick;C:\WINDOWS\system32\DRIVERS\fmjoy.sys [2001-11-02 10:49]
R3 wdm_fm801;FM801 PCI Audio (WDM);C:\WINDOWS\system32\drivers\fm801.sys [2001-11-02 14:33]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-21 06:16:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-01-23 20:52:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-01-23 20:56:14
ComboFix-quarantined-files.txt 2008-01-23 19:55:14
.
2008-01-13 18:10:26 --- E O F ---

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

1. Pitanja u vezi hardvera - da li to stvarno imas Voodoo graficku i FM801 muzicku? Mislim, da li je ovo neki noviji komp, ili neki od prilike 10 godina star komp?

2. Skeniraj ponovo HijackThisom i stikliraj polja ispred sledecih linija:

O2 - BHO: (no name) - {43BF8E0C-886D-4103-8DDB-2DFE0E8A0168} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O2 - BHO: Video decompressor - {F38636ED-E66E-4A37-822E-0C01F64D6605} - C:\WINDOWS\pandsf.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYYU
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebpro.....0.15-3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6A025F8C-3498-42D1-A3BA-31B8B7EAB387} (ButtonX Control) - http://miss.smscentar.com/ActiveX.ocx

Klikni Fix Checked

Nakon toga restartuj komp.

3. Nakon restarta obrisi sledece:
Folder C:\Program Files\Video Add-on\
Fajl C:\WINDOWS\pandsf.dll

4. Napravi novi hijackThis log koji ces postaviti u poruku na forumu.

Ko je trenutno na forumu
 

Ukupno su 1379 korisnika na forumu :: 50 registrovanih, 5 sakrivenih i 1324 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., aleksmajstor, amaterSRB, Atomski čoban, Brana01, Bubili, bufanje, Dimitrije Paunovic, Dimitrise93, draganca, Griffon vulture, havoc995, Ilija Cvorovic, Istman, JOntra, Još malo pa deda, krkalon, ladro, Leonov, loon123, Lucije Kvint, mikrimaus, milanovic, milenko crazy north, MILO-VAN, milutin134, misa1xx, Mixelotti, mnn2, nemkea71, nick79, NoOneEver Dreams, ostoja, pacika, panonski mornar, Rakenica, Sir Budimir, Sirius, slonic_tonic, solic, suton, Tragač, tubular, vathra, Vlad000, VP6919, wolf1, yrraf, zzapNDjuric99