MyCity » Ambulanta -> Arhiva Ambulante » [bobby]IE problem

[bobby]IE problem

Napisano na dan: 16.11.2008
1

[bobby]IE problem
Sledeća strana Pagination

Idi na vrh

Poslao: 16 Nov 2008 12:28
Idi na vrh
offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

Stalno mi tokom rada izlazi IE sa temom za skidanje anti-virus programa. Šta učiniti da to stane ili kako isključiti IE? Verovatno je neki virus jer pokazuje da je u pitanju trojan. A skeniranjem sa AVG-om i pokušajem da obrišem ne uspevam.-Kako ?



Poslao: 16 Nov 2008 12:36
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Uputstvo za otvaranje teme u Ambulanti:
[Link mogu videti samo ulogovani korisnici]



Poslao: 16 Nov 2008 16:29
Idi na vrh
offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

Logfile of HijackThis v1.99.1
Scan saved at 1:13:56 PM, on 11/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\WebMediaViewer\qttask.exe
C:\Program Files\WebMediaViewer\hpmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\WebMediaViewer\qttaskm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\WebMediaViewer\hpmom.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\dk\calling.com
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\uTorrent\utorrent.exe
C:\Documents and Settings\MAHA\Desktop\KMP\KMPlayer.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\MAHA\Desktop\MM\TR3.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [WinReg] C:\WINDOWS\system32\dk\calling.com
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [msennger] C:\WINDOWS\system32\dk\calling.com
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [hohohhaha] C:\WINDOWS\system32\dk\calling.com
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Search - [Link mogu videti samo ulogovani korisnici]
O8 - Extra context menu item: Download all with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - [Link mogu videti samo ulogovani korisnici] (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - [Link mogu videti samo ulogovani korisnici] (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0853F4A1-01CD-443B-91E6-79813E291B8F}: NameServer = 10.0.0.138
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8-) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Dopuna: 16 Nov 2008 13:24

konekcija je ADSL 1.5

Dopuna: 16 Nov 2008 16:29

Hoće li ovaj sken uopšte biti pregledan?

Poslao: 16 Nov 2008 17:49
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Pregledan je Wink

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 16 Nov 2008 18:19
Idi na vrh
offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

Na svim adresama javlja Problem Loading Page.

Poslao: 16 Nov 2008 18:57
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Probaj onda nasu lokalnu kopiju:
[Link mogu videti samo ulogovani korisnici]

Poslao: 16 Nov 2008 21:27
Idi na vrh
offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

ComboFix 08-11-14.01 - MAHA 2008-11-16 21:17:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1664 [GMT 1:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MAHA\Application Data\inst.exe
c:\documents and settings\MAHA\Favorites\Download programs.url
c:\documents and settings\MAHA\Favorites\Games.url
c:\documents and settings\MAHA\Favorites\Translator.url
c:\documents and settings\MAHA\Favorites\Videos.url
c:\documents and settings\MAHA\My Documents\My Documents.url
c:\documents and settings\MAHA\My Documents\My Music\My Music.url
c:\documents and settings\MAHA\My Documents\My Pictures\My Pictures.url
c:\documents and settings\MAHA\My Documents\My Videos\My Video.url
c:\documents and settings\MAHA\Start Menu\Programs\Download programs.url
c:\documents and settings\MAHA\Start Menu\Programs\Games.url
c:\documents and settings\MAHA\Start Menu\Programs\Translator.url
c:\documents and settings\MAHA\Start Menu\Programs\Videos.url
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\0DB5CF0C.dat
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\05096B10
c:\program files\MyWebSearch\bar\Cache\0DAFEC65.bin
c:\program files\MyWebSearch\bar\Cache\0DB004BF.bin
c:\program files\MyWebSearch\bar\Cache\0DB008D6.bin
c:\program files\MyWebSearch\bar\Cache\0DB00D5A.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\system32\drivers\TDSSljtu.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\MSINET.oca
c:\windows\system32\TDSSdreq.dll
c:\windows\system32\TDSSelvi.dll
c:\windows\system32\TDSShbhi.dll
c:\windows\system32\TDSSnhoe.log
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSqtov.log
c:\windows\system32\TDSStihc.dll
c:\windows\system32\TDSStqek.dll
c:\windows\system32\TDSSwiwt.dat
c:\windows\system32\TDSSwwna.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-16 08:55 . 2008-11-16 08:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Digsby
2008-11-16 08:52 . 2008-11-16 08:54 <DIR> d-------- c:\program files\Digsby
2008-11-16 08:52 . 2008-11-16 08:55 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Digsby
2008-11-15 21:45 . 2008-11-15 21:45 165 --a------ c:\documents and settings\All Users\Application Data\service.dat
2008-11-15 21:44 . 2008-11-15 21:47 <DIR> d-------- c:\documents and settings\MAHA\Application Data\VirusRemover2008
2008-11-15 17:40 . 2008-11-15 18:05 <DIR> d-------- c:\program files\WebMediaViewer
2008-11-15 12:55 . 2008-11-15 12:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-14 13:28 . 2008-11-14 13:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-11-14 13:25 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll
2008-11-14 13:24 . 2008-11-14 13:25 <DIR> d-------- c:\program files\Common Files\Logishrd
2008-11-14 13:24 . 2008-11-14 13:24 <DIR> d-------- c:\documents and settings\MAHA\Application Data\InstallShield
2008-11-14 12:42 . 2008-11-14 12:42 <DIR> d-------- c:\program files\MyRealGames.com
2008-11-14 08:11 . 2008-11-14 08:11 <DIR> d-------- C:\Games
2008-11-14 08:01 . 2008-11-14 08:01 <DIR> d-------- c:\program files\FormatFactory
2008-11-14 07:36 . 2008-11-14 07:36 <DIR> d-------- c:\program files\Universal Extractor
2008-11-13 21:04 . 2008-11-13 21:04 <DIR> d-------- c:\program files\Stereoscopic Player
2008-11-13 21:04 . 2008-11-13 21:04 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Stereoscopic Player
2008-11-10 07:29 . 2008-11-10 07:29 <DIR> d-------- c:\documents and settings\MAHA\Application Data\Ashampoo
2008-11-10 07:28 . 2008-11-10 07:28 <DIR> d-------- c:\program files\Ashampoo
2008-11-10 07:28 . 2008-11-10 07:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2008-10-27 21:14 . 2008-10-27 21:15 <DIR> d-------- c:\program files\CCleaner
2008-10-27 20:50 . 2008-11-11 13:51 <DIR> d-------- c:\program files\Readon Technology

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 20:15 --------- d-----w c:\documents and settings\MAHA\Application Data\uTorrent
2008-11-16 20:15 --------- d-----w c:\documents and settings\MAHA\Application Data\Free Download Manager
2008-11-15 18:00 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-11-15 12:06 --------- d-----w c:\program files\AskTBar
2008-11-14 12:25 --------- d-----w c:\program files\Common Files\Logitech
2008-11-14 12:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-14 11:29 --------- d-----w c:\program files\FreeGamePick.com
2008-11-14 06:42 --------- d-----w c:\program files\Google
2008-10-27 20:15 --------- d-----w c:\program files\Yahoo!
2008-03-24 06:14 3,140 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-03-24 06:10 88 --sh--r c:\documents and settings\All Users\Application Data\45B6F09A85.sys
2008-01-18 21:18 47,360 ----a-w c:\documents and settings\MAHA\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-01-29 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]
2008-11-15 23:23 31522 --a------ c:\program files\WebMediaViewer\hpmun.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"= "c:\program files\WebMediaViewer\browseul.dll" [2008-11-15 39490]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"= "c:\program files\WebMediaViewer\browseul.dll" [2008-11-15 39490]

[HKEY_CLASSES_ROOT\clsid\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2007-10-08 2445359]
"Free Upload Manager"="c:\program files\Free Download Manager\fum\fum.exe" [2007-07-30 253952]
"Free Uploader Oe Integration"="c:\program files\Free Download Manager\FUM\fumoei.exe" [2007-06-11 40960]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-01-22 4608]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"hohohhaha"="c:\windows\system32\dk\calling.com" [2006-05-13 696320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-08 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-08 54832]
"Gainward"="c:\windows\TBPanel.exe" [2007-06-26 2173480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-15 1071472]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-25 1234712]
"msennger"="c:\windows\system32\dk\calling.com" [2006-05-13 696320]
"nwiz"="nwiz.exe" [2007-05-10 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"CTHelper"="CTHELPER.EXE" [2006-08-17 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"QuickTime Task"="c:\program files\WebMediaViewer\qttask.exe" [2008-11-15 56073]
"VMware hptray"="c:\program files\WebMediaViewer\hpmon.exe" [2008-11-15 74186]

c:\documents and settings\MAHA\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2008-10-10 137728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-27 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-14 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\system32\\dk\\calling.com"=

R0 MPRIFL;MPRIFL;c:\windows\system32\DRIVERS\MPRIFL.SYS [2008-01-27 17264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-11 97928]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-03 01:51:58 13560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-11 231704]
R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2006-08-17 1110528]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;c:\windows\system32\DRIVERS\yk51lagg.sys []
S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;c:\windows\system32\DRIVERS\skvlan.sys [2006-05-17 19328]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaeb9a61-2b25-11dd-a48b-000129a2b205}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe

*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\MAHA\Application Data\Mozilla\Firefox\Profiles\mvgsurop.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - [Link mogu videti samo ulogovani korisnici]
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-11-16 21:19:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSljtu.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-11-16 21:20:13
ComboFix-quarantined-files.txt 2008-11-16 20:20:10

Pre-Run: 96,782,655,488 bytes free
Post-Run: 96,991,092,736 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

266

Poslao: 16 Nov 2008 21:46
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\dk\calling.com

Folder::
c:\documents and settings\MAHA\Application Data\VirusRemover2008
c:\program files\WebMediaViewer

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaeb9a61-2b25-11dd-a48b-000129a2b205}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 16 Nov 2008 21:46
Idi na vrh
offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

Valjda je ovo Ok!

Poslao: 16 Nov 2008 21:47
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Vidim da imas instaliran i Digsby. Zar ni si procitao na forumu da ubacuje adware?
Postupi kao sto sam ti napisao u prethodnoj poruci.

MyCity » Ambulanta -> Arhiva Ambulante » [bobby]IE problem

Ko je trenutno na forumu
 

Ukupno su 1397 korisnika na forumu :: 92 registrovanih, 7 sakrivenih i 1298 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., avijacija, Bbbggg1979, Bobrock1, boromir, BORUTUS, Bosnjo, Bubimir, Cicumile, Colt D, curiosity, DeerHunter, Df410, Dimitrise93, djordje92sm, Dragacevac, Draganeli, elias, Erast Petrovic, FOX, Futurama, Georgius, gobrad, Goran_, goxin, goxsys, grenadir, halkin gol, Hitri, Homislav, istina, Istman, JohnDoe, Jozo74, kalens021, Kole1975, komsija1, Koridor, kovinacc, Kubovac, Kupresko polje, kybonacci, Litostroton, lord sir giga, Maschinekalibar, medaTT, mercedesamg, mikrimaus, milenko crazy north, Miler88, Milometer, Milos1389, Mis uz pusku, mist-mist, Mldo, Naj-Turs, nelezele, Nikoletina Bursac, nixos, Orc, orfanel, Pekman, PITT, PlayerOne, Povratak1912, Robin, S-lash, sajorg, Sharpshooter, Sićko, Stanlio, StefanNS, stingD, suton, synergia, t84dar, theNedjeljko, Tomo988, travisrise, US_Rank_0, User04, veljko82, vidra boy, vidra1, Weah88, wulfy, x9, xAlex2, YugoSlav, Zastava, zombicar153, Zoran1959