MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusima

Problem sa virusima

Napisano na dan: 17.8.2008

Problem sa virusima

Sledeća strana

Pagination

Odgovori

Source Poslao: 17 Avg 2008 18:05 Idi na vrh
offline Source Legendarni građanin Pridružio: 10 Jan 2005 Poruke: 3319 Gde živiš: Stara Pazova	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Drugarica mi ima problema sa nekim "antivirus" programom zvanim Antivirus 2008. Ubio sam mu proces, tako da mozda ne bude na logu... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:01:43, on 17.8.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup1018.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\WISPTIS.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\Administrator\Desktop\New Folder (2)\TR3.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup1018.exe O4 - HKCU\..\Run: [Antivirus2008y] C:\Program Files\Antivirus2008y\antvrs.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D7762E8A-797E-40CB-BE49-AF21F39F494D}: NameServer = 192.168.143.254 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.143.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.143.254 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 6661 bytes

Profil

bobby Poslao: 17 Avg 2008 18:15 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Source Poslao: 17 Avg 2008 18:32 Idi na vrh
offline Source Legendarni građanin Pridružio: 10 Jan 2005 Poruke: 3319 Gde živiš: Stara Pazova	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ga... ComboFix 08-08-16.01 - Administrator 2008-08-17 18:21:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.194 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Application Data\Antivirus2008y C:\Documents and Settings\Administrator\Cookies\administrator@youtube[2].txt C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My C:\Program Files\Antivirus2008y C:\Program Files\Antivirus2008y\antvrs.exe C:\WINDOWS\system32\drivers\msliksurserv.sys C:\WINDOWS\system32\msliksurcredo.dll C:\WINDOWS\system32\msliksurdns.dll . ((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))) . 2008-08-15 22:14 . 2008-04-14 05:41 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-08-15 22:14 . 2008-04-14 05:41 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-08-15 22:13 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-08-15 22:13 . 2008-04-14 00:15 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-08-15 22:13 . 2008-04-14 00:09 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-08-15 22:13 . 2008-04-14 00:09 14,592 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-08-15 22:13 . 2008-04-14 00:15 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-08-15 22:13 . 2008-04-14 00:15 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-08-15 12:22 . 2008-08-15 12:28 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-08-15 03:35 . 2008-08-15 03:35 <DIR> d-------- C:\Valve 2008-08-14 22:08 . 2008-08-14 22:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Propellerhead Software 2008-08-14 00:01 . 2008-08-14 00:01 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-08-13 23:59 . 2008-08-13 23:59 <DIR> d-------- C:\Program Files\Opera 2008-08-12 19:39 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-12 19:34 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-12 14:46 . 2008-08-12 14:46 <DIR> d-------- C:\Program Files\Acez Mp3 Wav Converter 2008-08-12 14:31 . 2008-08-13 12:26 <DIR> d-------- C:\Program Files\ABC Amber Audio Converter 2008-08-12 12:26 . 2008-08-13 14:10 <DIR> d-------- C:\Program Files\Valve 2008-08-12 00:35 . 2008-08-14 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software 2008-08-12 00:31 . 2008-08-15 12:27 <DIR> d-------- C:\Program Files\Propellerhead 2008-08-11 10:04 . 2008-08-11 10:04 <DIR> d-------- C:\Program Files\Native Instruments 2008-08-11 09:13 . 2008-08-11 09:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Anvil Studio 2008-08-11 09:12 . 2008-08-11 09:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar 2008-08-11 09:06 . 2008-08-11 09:20 <DIR> d-------- C:\Program Files\ICQ6 2008-08-11 09:04 . 2008-08-11 09:12 <DIR> d-------- C:\Program Files\ICQToolbar 2008-08-11 09:03 . 2008-08-11 09:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield 2008-08-11 09:03 . 2008-08-11 09:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ICQ 2008-08-11 00:46 . 2008-08-14 14:44 <DIR> d--h----- C:\WINDOWS\$hf_mig$ . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-17 16:11 --------- d-----w C:\Program Files\AIMP2 2008-08-17 16:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-08-15 20:03 524,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-08-15 20:03 4,968 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-08-15 20:03 21,404 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-15 20:03 2,333,216 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-15 12:39 --------- d-----w C:\Program Files\Omerta Script 2008-08-12 10:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-10 17:53 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-08-10 17:53 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-07-05 16:44 --------- d-----w C:\Program Files\vanBasco's Karaoke Player 2008-07-05 16:33 --------- d-----w C:\Program Files\PC Camer@ 2008-07-05 16:33 --------- d-----w C:\Program Files\Common Files\PCCamera 2008-07-05 16:32 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-05 16:27 --------- d-----w C:\Program Files\Mv2Player 2008-07-04 16:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Publish Providers 2008-07-04 16:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sony 2008-07-04 16:35 --------- d-----w C:\Program Files\Sony 2008-07-04 16:34 --------- d-----w C:\Program Files\Vstplugins 2008-07-04 16:33 --------- d-----w C:\Program Files\Sony Setup 2008-07-04 15:51 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-07-04 15:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic 2008-07-04 15:48 --------- d-----w C:\Program Files\MSXML 4.0 2008-07-04 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-04 15:38 --------- d-----w C:\Program Files\Microsoft.NET 2008-07-04 15:38 --------- d-----w C:\Program Files\Microsoft Works 2008-07-04 14:51 --------- d-----w C:\Program Files\NVIDIA 2008-07-04 14:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nero 2008-07-04 14:30 --------- d-----w C:\Program Files\Common Files\Nero 2008-07-04 14:26 --------- d-----w C:\Program Files\Nero 2008-07-04 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-07-04 14:05 --------- d-----w C:\Program Files\Kaspersky Lab 2008-07-04 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-07-04 13:53 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-07-04 13:51 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-07-04 13:50 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-04 13:49 --------- d-----w C:\Program Files\Total Commander 2008-07-04 13:48 --------- d-----w C:\Program Files\UltraISO 2008-07-04 13:48 --------- d-----w C:\Program Files\Common Files\EZB Systems 2008-07-04 13:47 --------- d-----w C:\Program Files\Winamp 2008-07-04 13:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp 2008-07-04 13:45 --------- d-----w C:\Program Files\Windows Live 2008-07-04 13:44 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-07-04 12:57 --------- d-----w C:\Program Files\MSBuild 2008-07-04 12:54 --------- d-----w C:\Program Files\Reference Assemblies 2008-07-04 12:07 --------- d-----w C:\Program Files\microsoft frontpage 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 15:34 3739672] "ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-10-31 14:37 181496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992] "nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-11-07 15:34 3739672 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\ICQ6\\ICQ.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29] R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07] R3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 15:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Antivirus2008y - C:\Program Files\Antivirus2008y\antvrs.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://google.com/ O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O17 -: HKLM\CCS\Interface\{3436BAE7-39DB-4FB3-95DE-301A959CA1E0}: NameServer = 85.255.116.67,85.255.112.145 O17 -: HKLM\CCS\Interface\{D7762E8A-797E-40CB-BE49-AF21F39F494D}: NameServer = 85.255.116.67,85.255.112.145 ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-17 18:25:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PAStiSvc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe . ************************************************************************ . Completion time: 2008-08-17 18:28:30 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-17 16:28:27 Pre-Run: 10,159,792,128 bytes free Post-Run: 11,035,545,600 bytes free 180 --- E O F --- 2008-08-15 01:00:44

Profil

bobby Poslao: 17 Avg 2008 18:37 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moraces nesto i rucno da odradis. Citat:O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup1018.exe Ubij prvo proces, pa onda rucno obrisi fajl. Puna putanja bi trebala da bude: C:\Documents and Settings\Administrator\Local Settings\Temp\setup1018.exe Moze biti da ti je Local Settings nevidljiv ukoliko u Exploreru ne ukljucis prikaz skrivenih fajlova i foldera. Nakon toga startuj HijackThis, skeniraj ponovo, pa stikliraj polje ispred linije koju sam ti gore napisao, pa klikni Fix Checked Restartuj komp, pa mi postavi sveze HijackThis i ComboFix logove.

Profil

Source Poslao: 17 Avg 2008 18:43 Idi na vrh
offline Source Legendarni građanin Pridružio: 10 Jan 2005 Poruke: 3319 Gde živiš: Stara Pazova	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nije bilo tog fajla ni te linije u HijackThis, evo ih logovi... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:38:38, on 17.8.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Documents and Settings\Administrator\Desktop\New Folder (2)\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3436BAE7-39DB-4FB3-95DE-301A959CA1E0}: NameServer = 85.255.116.67,85.255.112.145 O17 - HKLM\System\CCS\Services\Tcpip\..\{D7762E8A-797E-40CB-BE49-AF21F39F494D}: NameServer = 85.255.116.67,85.255.112.145 O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 6292 bytes

Profil

bobby Poslao: 17 Avg 2008 18:47 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uh, bice ovde zezanja, DNS serveri su neki iz Ukrajine, sto bi se reklo - preusmereni su. Trebace mi malo vremena da nadjem resenje.

Profil

Source Poslao: 17 Avg 2008 18:53 Idi na vrh
offline Source Legendarni građanin Pridružio: 10 Jan 2005 Poruke: 3319 Gde živiš: Stara Pazova	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ga i ComboFix. Ona koristi Wireless koliko mi se cini. ComboFix 08-08-16.01 - Administrator 2008-08-17 18:41:29.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.180 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))) . 2008-08-15 22:14 . 2008-04-14 05:41 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-08-15 22:14 . 2008-04-14 05:41 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-08-15 22:13 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-08-15 22:13 . 2008-04-14 00:15 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-08-15 22:13 . 2008-04-14 00:09 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-08-15 22:13 . 2008-04-14 00:09 14,592 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-08-15 22:13 . 2008-04-14 00:15 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-08-15 22:13 . 2008-04-14 00:15 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-08-15 12:22 . 2008-08-15 12:28 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-08-15 03:35 . 2008-08-15 03:35 <DIR> d-------- C:\Valve 2008-08-14 22:08 . 2008-08-14 22:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Propellerhead Software 2008-08-14 00:01 . 2008-08-14 00:01 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-08-13 23:59 . 2008-08-13 23:59 <DIR> d-------- C:\Program Files\Opera 2008-08-12 19:39 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-12 19:34 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-12 14:46 . 2008-08-12 14:46 <DIR> d-------- C:\Program Files\Acez Mp3 Wav Converter 2008-08-12 14:31 . 2008-08-13 12:26 <DIR> d-------- C:\Program Files\ABC Amber Audio Converter 2008-08-12 12:26 . 2008-08-13 14:10 <DIR> d-------- C:\Program Files\Valve 2008-08-12 00:35 . 2008-08-14 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software 2008-08-12 00:31 . 2008-08-15 12:27 <DIR> d-------- C:\Program Files\Propellerhead 2008-08-11 10:04 . 2008-08-11 10:04 <DIR> d-------- C:\Program Files\Native Instruments 2008-08-11 09:13 . 2008-08-11 09:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Anvil Studio 2008-08-11 09:12 . 2008-08-11 09:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar 2008-08-11 09:06 . 2008-08-11 09:20 <DIR> d-------- C:\Program Files\ICQ6 2008-08-11 09:04 . 2008-08-17 18:29 <DIR> d-------- C:\Program Files\ICQToolbar 2008-08-11 09:03 . 2008-08-11 09:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield 2008-08-11 09:03 . 2008-08-11 09:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ICQ 2008-08-11 00:46 . 2008-08-14 14:44 <DIR> d--h----- C:\WINDOWS\$hf_mig$ . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-17 16:43 524,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-08-17 16:43 4,968 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-08-17 16:43 21,488 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-17 16:43 2,343,968 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-17 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-08-17 16:11 --------- d-----w C:\Program Files\AIMP2 2008-08-15 12:39 --------- d-----w C:\Program Files\Omerta Script 2008-08-12 10:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-10 17:53 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-08-10 17:53 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-07-05 16:44 --------- d-----w C:\Program Files\vanBasco's Karaoke Player 2008-07-05 16:33 --------- d-----w C:\Program Files\PC Camer@ 2008-07-05 16:33 --------- d-----w C:\Program Files\Common Files\PCCamera 2008-07-05 16:32 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-05 16:27 --------- d-----w C:\Program Files\Mv2Player 2008-07-04 16:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Publish Providers 2008-07-04 16:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sony 2008-07-04 16:35 --------- d-----w C:\Program Files\Sony 2008-07-04 16:34 --------- d-----w C:\Program Files\Vstplugins 2008-07-04 16:33 --------- d-----w C:\Program Files\Sony Setup 2008-07-04 15:51 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-07-04 15:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic 2008-07-04 15:48 --------- d-----w C:\Program Files\MSXML 4.0 2008-07-04 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-04 15:38 --------- d-----w C:\Program Files\Microsoft.NET 2008-07-04 15:38 --------- d-----w C:\Program Files\Microsoft Works 2008-07-04 14:51 --------- d-----w C:\Program Files\NVIDIA 2008-07-04 14:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nero 2008-07-04 14:30 --------- d-----w C:\Program Files\Common Files\Nero 2008-07-04 14:26 --------- d-----w C:\Program Files\Nero 2008-07-04 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-07-04 14:05 --------- d-----w C:\Program Files\Kaspersky Lab 2008-07-04 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-07-04 13:53 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-07-04 13:51 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-07-04 13:50 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-04 13:49 --------- d-----w C:\Program Files\Total Commander 2008-07-04 13:48 --------- d-----w C:\Program Files\UltraISO 2008-07-04 13:48 --------- d-----w C:\Program Files\Common Files\EZB Systems 2008-07-04 13:47 --------- d-----w C:\Program Files\Winamp 2008-07-04 13:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp 2008-07-04 13:45 --------- d-----w C:\Program Files\Windows Live 2008-07-04 13:44 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-07-04 12:57 --------- d-----w C:\Program Files\MSBuild 2008-07-04 12:54 --------- d-----w C:\Program Files\Reference Assemblies 2008-07-04 12:07 --------- d-----w C:\Program Files\microsoft frontpage 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 15:34 3739672] "ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-10-31 14:37 181496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992] "nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-11-07 15:34 3739672 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\ICQ6\\ICQ.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29] R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07] R3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 15:34] . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://google.com/ O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O17 -: HKLM\CCS\Interface\{3436BAE7-39DB-4FB3-95DE-301A959CA1E0}: NameServer = 85.255.116.67,85.255.112.145 O17 -: HKLM\CCS\Interface\{D7762E8A-797E-40CB-BE49-AF21F39F494D}: NameServer = 85.255.116.67,85.255.112.145 ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-17 18:44:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PAStiSvc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe . ************************************************************************ . Completion time: 2008-08-17 18:48:23 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-17 16:48:19 ComboFix2.txt 2008-08-17 16:28:31 Pre-Run: 11,041,533,952 bytes free Post-Run: 11,031,085,056 bytes free 167 --- E O F --- 2008-08-15 01:00:44

Profil

bobby Poslao: 17 Avg 2008 19:04 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hajmo da probamo ovako: Preuzmi FixWareOut. Dvoklikom pokreni Fixwareout.exe U prozoru koji se otvori, klikni Next >, a nakon toga Install Kada instalacija bude gotova, klikni Finish Otvoriće se prozor - pritisni bilo koji taster za nastavak Kada se pojavi upit o restartovanju kompjutera, klikni OK Kompjuter će se restartovati, nakon čega će biti nastavljen proces čišćenja Kada se pojavi obaveštenje o započinjanju čišćenja, klikni OK Kada proces bude završen, pojaviće se obaveštenje koje treba zatvoriti klikom na OK i otvoriće se logfile u Notepad-u (C:\fixwareout\report.txt) koji je potrebno iskopirati u temu na forumu. Dalje, idi na Start > Run, pa tu kucaj CMD i klikni OK. Otvorice se konzola. U konzoli kucaj: ipconfig /flushdns Nakon toga restartuj racunar (obavezno). Nakon restarta mi postavi novi HijackThis log. Ako ni tada DNS serveri ne budu u redu, onda cemo tek morati da razbijamo glavu.

Profil

Source Poslao: 17 Avg 2008 19:46 Idi na vrh
offline Source Legendarni građanin Pridružio: 10 Jan 2005 Poruke: 3319 Gde živiš: Stara Pazova	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nisam trenutno kod njenog kompa, pa se javljam kad budem u mogucnosti da odradim to, hvala bobby .

Profil

bobby Poslao: 17 Avg 2008 19:50 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK. Citat:O17 - HKLM\System\CCS\Services\Tcpip\..\{3436BAE7-39DB-4FB3-95DE-301A959CA1E0}: NameServer = 85.255.116.67,85.255.112.145 O17 - HKLM\System\CCS\Services\Tcpip\..\{D7762E8A-797E-40CB-BE49-AF21F39F494D}: NameServer = 85.255.116.67,85.255.112.145 Znaces da je reseno ukoliko nestanu te IP adrese iz HijackThis loga.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusima

Ko je trenutno na forumu

Ukupno su 858 korisnika na forumu :: 27 registrovanih, 6 sakrivenih i 825 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Boris90, cavatina, darkojbn, Denaya, Dimitrise93, gasha, ikan, Leonov, Lieutenant, Lubica, LUDI, mercedesamg, Metanoja, Milos ZA, mkukoleca, mnn2, nemkea71, ostoja, ozzy, Petarvu, RJ, rodoljub, sevenino, stalja, VJ, vlajkox, wizzardone

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by