[bobby]Security alerti...Log za proveru

1

[bobby]Security alerti...Log za proveru

offline
  • Pridružio: 20 Avg 2008
  • Poruke: 16

Da li biste mogi da proverite ovaj log?...Nisam sigurna da li je virus ili sta je, posto kada ja skeniram kompjuter ne pronalazim nista. Imam ADSL, i non stop mi iskacu alerti Security Centra da imam secutity problem. kada klikem na njega automatski mi nudi da instaliram neki antivirus 2009, i na internet scan-u mi pronalazi viruse. Pored toga, iskace i potpuno beo prozor, koji posle nekog vremena pocinje scan za malware.

Hvala unapred
Pozdrav

Evo Hj loga:

Logfile of HijackThis v1.99.1
Scan saved at 19:32:45, on 8.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\DOCUME~1\Gordana\LOCALS~1\Temp\a.exe
C:\DOCUME~1\Gordana\LOCALS~1\Temp\c.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navw32.exe
D:\bla,bla,bla\sql i svasta ponesto\Programiranje i informatika\ANTICHRIST\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Gordana\LOCALS~1\Temp\a.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 20 Avg 2008
  • Poruke: 16

Evo saljem log:

ComboFix 08-10-07.06 - Gordana 2008-10-08 20:25:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1483 [GMT 2:00]
Running from: C:\Documents and Settings\Gordana\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\msxml71.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.

2008-10-08 20:14 . 2008-10-08 20:14 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-10-08 20:14 . 2008-10-08 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-06 18:30 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-10-05 21:08 . 2008-10-05 21:08 <DIR> d-------- C:\Program Files\Google
2008-10-04 19:30 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-10-02 15:44 . 2008-10-02 15:44 <DIR> d-------- C:\Documents and Settings\Gordana\Application Data\ldoce4
2008-10-02 15:43 . 2008-10-02 15:43 <DIR> d-------- C:\Program Files\TEXTware
2008-10-02 15:43 . 2008-10-02 15:43 <DIR> d-------- C:\Program Files\IDM
2008-10-02 15:43 . 2008-10-02 15:43 <DIR> d-------- C:\Documents and Settings\Gordana\Application Data\SecuROM
2008-10-02 15:43 . 1998-10-22 05:01 1,888,744 --a------ C:\WINDOWS\system32\VCL40.BPL
2008-10-02 15:43 . 2003-04-29 19:09 205,312 --a------ C:\WINDOWS\system32\Illprs.dll
2008-10-02 15:43 . 2002-08-01 16:44 160,768 --a------ C:\WINDOWS\system32\ILLKRN.DLL
2008-10-02 15:43 . 2008-10-02 15:43 126,976 --a------ C:\WINDOWS\system32\UAService7.exe
2008-10-02 15:43 . 2008-10-02 15:43 90,112 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-02 15:43 . 2004-06-10 11:29 48,128 --a------ C:\WINDOWS\system32\QFClient.ILX
2008-10-02 15:42 . 2008-10-02 15:42 <DIR> d-------- C:\Program Files\QuickTime
2008-10-02 15:42 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-10-02 15:42 . 2008-10-08 16:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-02 15:42 . 2008-10-02 15:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-02 15:41 . 2008-10-02 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-10-02 15:38 . 2008-10-02 15:38 <DIR> d-------- C:\Program Files\Longman
2008-10-01 20:52 . 2008-10-01 20:52 <DIR> d-------- C:\WINDOWS\Sun
2008-10-01 14:35 . 2008-10-01 14:35 <DIR> d---s---- C:\Documents and Settings\Gordana\UserData
2008-09-30 19:03 . 2008-09-30 19:03 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-30 18:20 . 2008-09-30 19:02 16 --a------ C:\WINDOWS\system32\coh.cache
2008-09-30 16:59 . 2008-09-30 17:01 <DIR> d-------- C:\Program Files\Winamp
2008-09-30 16:59 . 2004-12-20 20:37 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-09-30 16:59 . 2008-09-30 17:01 192 --a------ C:\WINDOWS\winamp.ini
2008-09-30 16:37 . 2008-09-30 16:37 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-09-30 16:37 . 2008-09-30 16:37 <DIR> d-------- C:\Program Files\Ahead
2008-09-30 16:37 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-09-30 16:37 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-30 16:37 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-30 16:37 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-09-30 16:37 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-09-30 16:37 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-09-30 16:37 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-09-30 16:37 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-09-30 16:36 . 2008-09-30 16:36 <DIR> d-------- C:\Program Files\Webteh
2008-09-30 16:35 . 2008-09-30 17:48 <DIR> d-------- C:\Program Files\Macromedia
2008-09-30 16:35 . 2008-09-30 16:35 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-09-30 16:34 . 2008-09-30 16:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-09-30 16:31 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-09-30 16:31 . 2008-09-30 16:31 376 --a------ C:\WINDOWS\ODBC.INI
2008-09-30 16:30 . 2008-09-30 16:30 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-30 16:30 . 2008-09-30 16:30 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-30 16:30 . 2008-09-30 16:30 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-09-30 16:21 . 2008-10-08 20:23 558 --a------ C:\WINDOWS\DFC.INI
2008-09-30 16:20 . 2008-09-30 16:20 <DIR> d-------- C:\WINDOWS\nview
2008-09-30 16:20 . 2007-09-16 19:07 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-09-30 16:20 . 2008-09-30 17:19 138,893 --a------ C:\WINDOWS\system32\nvapps.xml
2008-09-30 16:20 . 2007-09-16 19:07 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-09-30 16:18 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-09-30 16:16 . 2008-09-30 16:16 <DIR> d-------- C:\Program Files\VDOTool
2008-09-30 16:16 . 2007-03-16 10:11 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys
2008-09-30 16:14 . 2008-09-30 16:14 <DIR> d-------- C:\RaidTool
2008-09-30 16:14 . 2007-03-21 18:23 1,953,792 -r------- C:\WINDOWS\system32\xRaidSetup.exe
2008-09-30 16:14 . 2007-03-20 23:15 143,360 -r------- C:\WINDOWS\system32\xRaidAPI.dll
2008-09-30 16:14 . 2007-03-24 13:20 46,208 -ra------ C:\WINDOWS\system32\drivers\jraid.sys
2008-09-30 16:14 . 2006-02-07 21:52 6,912 -ra------ C:\WINDOWS\system32\drivers\JGOGO.sys
2008-09-30 16:13 . 2008-09-30 16:13 <DIR> d-------- C:\WINDOWS\system32\Attansic
2008-09-30 16:13 . 2008-09-30 16:14 <DIR> d-------- C:\WINDOWS\RaidTool
2008-09-30 16:13 . 2008-09-30 16:13 <DIR> d-------- C:\Program Files\Attansic
2008-09-30 16:13 . 2007-03-15 16:12 38,656 -ra------ C:\WINDOWS\system32\drivers\atl01_xp.sys
2008-09-30 16:12 . 2008-09-30 16:12 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-09-30 16:12 . 2008-09-30 16:12 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-09-30 16:12 . 2008-09-30 16:12 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-09-30 16:10 . 2008-09-30 16:10 <DIR> d-------- C:\Program Files\Realtek
2008-09-30 16:10 . 2008-10-02 15:43 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-09-30 16:09 . 2008-10-02 15:43 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-09-30 16:08 . 2008-09-30 16:08 <DIR> d-------- C:\WINDOWS\ASUSInstAll
2008-09-30 16:03 . 2008-09-30 16:03 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-30 16:03 . 2008-09-30 16:03 <DIR> d-------- C:\WINDOWS\system32\drivers\system32
2008-09-30 16:03 . 2008-09-30 16:03 <DIR> d-------- C:\WINDOWS\system32\drivers\INF
2008-09-30 16:03 . 2008-09-30 16:03 <DIR> d-------- C:\Program Files\Intel
2008-09-30 16:02 . 2008-09-30 16:02 <DIR> d-------- C:\Intel
2008-09-30 16:01 . 2008-09-30 16:14 15,446 --a------ C:\WINDOWS\Ascd_log.ini
2008-09-30 16:01 . 2006-10-11 13:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-09-30 16:01 . 2004-08-13 20:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 18:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-08 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-04 11:46 --------- d-----w C:\Program Files\Sun
2008-10-04 11:45 --------- d-----w C:\Program Files\Java
2008-09-30 17:31 --------- d-----w C:\Program Files\Norton Internet Security
2008-09-30 17:28 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-30 17:28 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-30 17:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-30 17:28 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-30 17:28 --------- d-----w C:\Program Files\Symantec
2008-09-30 15:50 --------- d-----w C:\Program Files\Advanced System Optimizer
2008-09-30 15:50 --------- d-----w C:\Documents and Settings\Gordana\Application Data\Systweak
2008-09-30 15:43 --------- d-----w C:\Program Files\Common Files\Java
2008-09-30 15:42 --------- d-----w C:\Program Files\Real
2008-09-30 15:42 --------- d-----w C:\Program Files\MSN Messenger
2008-09-30 15:25 --------- d-----w C:\Program Files\Lavasoft
2008-09-30 15:25 --------- d-----w C:\Documents and Settings\Gordana\Application Data\Lavasoft
2008-09-30 15:18 --------- d-----w C:\Program Files\Planplus
2008-09-30 15:16 --------- d-----w C:\Documents and Settings\Gordana\Application Data\ACD Systems
2008-09-30 15:15 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-30 15:15 --------- d-----w C:\Program Files\ACD Systems
2008-09-30 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-30 14:10 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-30 13:54 --------- d-----w C:\Program Files\microsoft frontpage
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 1953792]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-01 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 33792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-10-02 98304]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-09-16 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-09-30 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-06 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Gordana.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 03:09]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Device Detector - DevDetect.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Gordana\Application Data\Mozilla\Firefox\Profiles\wfii38qj.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-08 20:27:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-08 20:27:48
ComboFix-quarantined-files.txt 2008-10-08 18:27:46

Pre-Run: 7.435.091.968 bytes free
Post-Run: 7,557,521,408 bytes free

193

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili

offline
  • Pridružio: 20 Avg 2008
  • Poruke: 16

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Kazi mi da li ti se te poruke jos uvek pojavljuju?

Da objasnim jos nesto. Ovakvi pop-upovi se pojavljuju na nekim sajtovima, i ti sajtovi su placeni da ti izbacuju takve reklame na koje ne treba ni po koju cenu nasedati.

Mene sada interesuje da li ti se te poruke pojavljuju uvek na istim sajtovima, ili ti se pojavljuju i kada ti je u browseru otvoren samo sajt koji je zasigurno cist, recimo nas forum?

offline
  • Pridružio: 20 Avg 2008
  • Poruke: 16

Ne pojavljuju se vise.
Poruke su se pojavljivale nezavisno od toga koji sajt je otvoren. Cak ne mora ni jedan sajt da bude otvoren. ... Mozda nisam dobro objasnila, tj sigurno nisam...
na taskbaru stajala je jos jedna ikonica Security Centra, koja je neprestano izbacivala te alerte. E kad kliknem na to, onda se otvarao sajt sa scan-om i av 2009.. Takodje, nezavisno od svega, iskakao je onaj novi beli prozor o kom sam pisala....
Nadam se da sam odgovorila na pitanje Smile
Sada je sve prestalo..

A mislim da sam ga zakacila dok sam skidala muziku i neke textove...

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skeniraj ponovo HijackThisom i stikliraj polje ispred sledece linije:
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Gordana\LOCALS~1\Temp\a.exe
Klikni FixChecked

Preuzmi program ATF Cleaner i sačuvaj ga na Desktop.

Štikliraj Select All i nakon toga klikni na Empty Selected.
Kada se pojavi poruka Done Cleaning, zatvori program.


Nakon sledeceg restarta kompjutera napravi novi HijackThis log koji ces mi ovde postaviti. Zelim da se uverim da je sve OK.

offline
  • Pridružio: 20 Avg 2008
  • Poruke: 16

Ja nisam uspela da pronadjem ovu liniju: O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Gordana\LOCALS~1\Temp\a.exe

Evo HJ log. Da li je potrebno da pokrecem ATFcleanera?


Logfile of HijackThis v1.99.1
Scan saved at 21:25:02, on 8.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\bla,bla,bla\sql i svasta ponesto\Programiranje i informatika\ANTICHRIST\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

OK. Izgleda da je ComboFix sredio to umesto tebe.
Pusti obavezno ATF Cleaner. On ne pravi nikakav log, samo ce da ti pocisti temp fajlove sa kompa. Nakon njegove upotrebe ce samo neke internet stranice sporije da ti se otvaraju, ali to ce tako biti samo prvi put kada ih otvoris. Vec drugi put ce da se otvore normalnom brzinom.

Ko je trenutno na forumu
 

Ukupno su 569 korisnika na forumu :: 18 registrovanih, 3 sakrivenih i 548 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Apok, Areal84, Cufo, dragon986, Drug pukovnik, Duh sa sekirom, ikan, ivan1973, liman, milanmicovic123, miodrag, pera bager, Pohovani_00, Snorks, stegonosa, vlvl, Warhawk, Wisdomseeker