explorer.exe i zarazen flesh

explorer.exe i zarazen flesh

offline
  • Pridružio: 17 Maj 2008
  • Poruke: 442
  • Gde živiš: Torak City

Napisano: 14 Apr 2009 22:23

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:43 PM, on 4/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\GIGABYTE\Common\GNConfig.exe
C:\Documents and Settings\Nesho&Nedja\Application Data\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\internet\TR#\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: windows.pif = ?
O4 - Global Startup: Empty.pif = ?
O4 - Global Startup: Gigabyte Wireless Utility.lnk = C:\Program Files\GIGABYTE\Common\GNConfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB7D265C-DCA8-4336-931A-CF831CF175E3}: NameServer = 10.24.4.1
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4664 bytes



Avira mi stalno javlja da ima virus na sledecoj putanji C:\Documents and Settings\Nesho&Nedja\Application Data\explorer.exe i javlja jos neke viruse.takodje mi pri svakom podizanju sistema otvara my documencts.imam i flesh koji msm da je zarazen jer svaki put kad ga ubacim pravi u sebi folder My documents iz kompa.

Dopuna: 14 Apr 2009 22:25

avira jos javlja i viruse u sledecim fajlovima Empty.pif i windows.pif

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Pozdrav...

Pre svega, da ti napomenem nikako ne priključuješ zaraženi flash dok ne završimo sa procesom čišćenja, jer može doći do povratka infekcije. Flash ćemo na kraju da očistimo...

1.
Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

2.
Skini ComboFix sa jedne od sledećih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojaviće se log (C:\ComboFix.txt) koji ćes nam ovde iskopirati.

offline
  • Pridružio: 17 Maj 2008
  • Poruke: 442
  • Gde živiš: Torak City

Napisano: 15 Apr 2009 9:03

ComboFix 09-04-15.08 - Nesho&Nedja 04/15/2009 8:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1659 [GMT 2:00]
Running from: C:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
Error: Cfolders.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nesho&Nedja\Local Settings\Application Data\lsass.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-15 06:55 . 2009-04-15 06:55 3009908 ----a-r C:\ComboFix.exe
2009-04-14 20:01 . 2009-04-14 20:01 -------- d--h--w c:\windows\PIF
2009-04-14 18:20 . 2009-04-14 18:20 -------- d-----w c:\windows\system32\xircom
2009-04-14 16:54 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-14 16:54 . 2009-04-14 16:54 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-14 16:36 . 2009-04-14 21:45 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-14 16:36 . 2009-04-14 21:45 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-14 16:36 . 2009-04-14 21:45 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-14 16:36 . 2009-04-14 21:45 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-14 16:17 . 2006-04-24 09:30 59392 ----a-w c:\documents and settings\Nesho&Nedja\Application Data\explorer.exe
2009-04-12 12:05 . 2009-04-12 12:05 26 ----a-w c:\windows\neosetup.INI
2009-04-12 12:05 . 2007-02-05 11:11 139264 ----a-w c:\windows\NeoUninstall.exe
2009-04-09 13:48 . 2009-04-09 13:48 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\ImTOO Software Studio
2009-04-09 13:43 . 2009-04-09 13:47 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\GetRightToGo
2009-03-29 08:25 . 2009-03-29 08:25 523142 ----a-w c:\windows\system32\PerfStringBackup.TMP
2009-03-20 21:09 . 2009-03-20 21:10 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\mIRC
2009-03-18 19:46 . 2009-03-18 19:46 -------- d-----w c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 06:52 . 2009-02-14 11:14 -------- d-----w c:\program files\DNA
2009-04-15 06:52 . 2009-02-14 11:14 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\DNA
2009-04-14 18:20 . 2009-04-14 18:20 -------- d-----w c:\program files\microsoft frontpage
2009-04-14 16:54 . 2009-04-14 16:54 -------- d-----w c:\program files\Avira
2009-04-14 16:34 . 2009-02-14 09:38 -------- d-----w c:\program files\Unlocker
2009-04-14 16:26 . 2009-02-14 10:57 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-12 12:05 . 2009-04-12 12:05 -------- d-----w c:\program files\Neoact
2009-04-09 13:41 . 2009-04-09 13:40 -------- d-----w c:\program files\The KMPlayer
2009-04-08 11:55 . 2009-03-01 15:14 -------- d-----w c:\program files\Counter-Strike 1.6
2009-03-16 16:52 . 2009-02-14 10:09 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 16:45 . 2009-03-16 16:45 -------- d-----w c:\program files\Atari
2009-03-15 12:25 . 2009-03-15 12:25 268 ---ha-w C:\sqmdata03.sqm
2009-03-15 12:25 . 2009-03-15 12:25 244 ---ha-w C:\sqmnoopt04.sqm
2009-03-15 12:25 . 2009-03-15 12:25 244 ---ha-w C:\sqmnoopt03.sqm
2009-03-14 17:31 . 2009-03-01 12:43 -------- d-----w c:\program files\NitroFamily
2009-03-12 18:23 . 2009-03-12 18:23 268 ---ha-w C:\sqmdata02.sqm
2009-03-12 18:23 . 2009-03-12 18:23 244 ---ha-w C:\sqmnoopt02.sqm
2009-03-10 20:27 . 2009-03-10 20:27 268 ---ha-w C:\sqmdata01.sqm
2009-03-10 20:27 . 2009-03-10 20:27 244 ---ha-w C:\sqmnoopt01.sqm
2009-03-08 20:07 . 2009-02-14 14:24 -------- d-----w c:\program files\MSN Messenger
2009-03-08 16:01 . 2009-03-08 16:01 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-03-04 17:21 . 2009-03-04 17:18 -------- d-----w c:\program files\Cheatbook Database 2008
2009-03-02 22:35 . 2009-03-02 22:35 268 ---ha-w C:\sqmdata00.sqm
2009-03-02 22:35 . 2009-03-02 22:35 244 ---ha-w C:\sqmnoopt00.sqm
2009-02-28 13:55 . 2009-02-14 10:09 -------- d-----w c:\program files\Common Files\InstallShield
2009-02-27 21:21 . 2009-02-27 21:12 -------- d-----w c:\program files\SmileyPad
2009-02-27 21:12 . 2009-02-27 21:12 90624 ----a-w c:\windows\system32\ecFCI.dll
2009-02-27 21:12 . 2009-02-27 21:12 104448 ----a-w c:\windows\system32\ecFDI.dll
2009-02-27 20:42 . 2009-02-27 20:40 -------- d-----w c:\program files\Schmaili90
2009-02-26 21:37 . 2009-02-26 21:37 -------- d-----w c:\program files\Microsoft
2009-02-23 21:08 . 2009-02-23 21:08 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\SmartFTP
2009-02-23 16:58 . 2009-02-23 16:58 -------- d-----w c:\program files\Activision Value
2009-02-22 12:55 . 2009-02-22 11:49 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Web Page Maker
2009-02-22 11:49 . 2009-02-22 11:49 -------- d-----w c:\program files\Web Page Maker
2009-02-22 11:47 . 2009-02-22 10:20 -------- d-----w c:\program files\Trendy Site Builder
2009-02-21 15:26 . 2009-02-21 15:26 -------- d-----w c:\program files\phenomedia
2009-02-21 14:07 . 2009-02-14 10:00 -------- d-----w c:\program files\Windows Media Connect 2
2009-02-19 09:12 . 2009-02-14 11:16 -------- d-----w c:\program files\Mv2Player
2009-02-17 20:27 . 2009-02-17 20:27 -------- d-----w c:\program files\Common Files\Adobe
2009-02-16 13:18 . 2009-02-14 10:07 21096 ----a-w c:\documents and settings\Nesho&Nedja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-15 21:11 . 2009-02-14 11:33 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\BSplayer
2009-02-15 18:32 . 2009-02-15 18:32 98304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-15 18:24 . 2009-02-15 18:24 -------- d-----w c:\program files\Rockstar Games
2009-02-15 17:24 . 2009-02-15 17:24 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Leadertech
2009-02-15 17:14 . 2009-02-15 17:14 -------- d-----w c:\program files\EA Sports
2009-02-15 15:15 . 2009-02-15 12:26 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\FrostWire
2009-02-15 12:26 . 2009-02-14 11:32 -------- d-----w c:\program files\FrostWire
2009-02-14 19:55 . 2009-02-14 19:55 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Media Player Classic
2009-02-14 16:00 . 2009-02-14 15:00 -------- d-----w c:\program files\Yahoo!
2009-02-14 15:08 . 2009-02-14 15:01 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-14 15:04 . 2009-02-14 15:04 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Yahoo!
2009-02-14 12:31 . 2009-02-14 11:34 -------- d-----w c:\program files\BS.Player ControlBar
2009-02-14 12:23 . 2009-02-14 12:23 -------- d-----w c:\program files\JAM Software
2009-02-14 11:33 . 2009-02-14 11:33 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\BSplayer Pro
2009-02-14 11:33 . 2009-02-14 11:33 -------- d-----w c:\program files\Webteh
2009-02-14 11:30 . 2009-02-14 11:30 -------- d-----w c:\program files\Microsoft ActiveSync
2009-02-14 11:30 . 2009-02-14 11:30 -------- d-----w c:\program files\Microsoft.NET
2009-02-14 11:26 . 2009-02-14 11:26 -------- d-----w c:\program files\Lavalys
2009-02-14 11:24 . 2009-02-14 11:24 -------- d-----w c:\program files\DAEMON Tools Lite
2009-02-14 11:20 . 2009-02-14 11:20 -------- d-----w c:\program files\Ahead
2009-02-14 11:20 . 2009-02-14 11:20 -------- d-----w c:\program files\Common Files\Ahead
2009-02-14 11:16 . 2009-02-14 11:16 717296 ---ha-w c:\windows\system32\drivers\sptd.sys
2009-02-14 11:16 . 2009-02-14 11:16 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\DAEMON Tools
2009-02-14 11:15 . 2009-02-14 11:14 -------- d-----w c:\program files\BitTorrent
2009-02-14 11:14 . 2008-01-29 17:29 33808 ---ha-w c:\windows\system32\drivers\klbg.sys
2009-02-14 11:14 . 2009-02-14 10:44 89601 ---ha-w c:\windows\system32\drivers\klick.dat
2009-02-14 11:14 . 2009-02-14 10:44 101287 ---ha-w c:\windows\system32\drivers\klin.dat
2009-02-14 11:14 . 2009-02-14 11:14 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Malwarebytes
2009-02-14 11:14 . 2009-02-14 11:13 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-14 11:13 . 2009-02-14 11:13 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-14 11:12 . 2009-02-14 11:10 -------- d-----w c:\program files\Winamp
2009-02-14 11:08 . 2009-02-14 11:08 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\ACD Systems
2009-02-14 11:07 . 2009-02-14 11:07 -------- d-----w c:\program files\Common Files\ACD Systems
2009-02-14 11:07 . 2009-02-14 11:07 -------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-14 11:07 . 2009-02-14 11:07 -------- d-----w c:\program files\ACD Systems
2009-02-14 11:06 . 2009-02-14 11:05 -------- d-----w c:\program files\totalcmd
2009-02-14 10:59 . 2009-02-14 09:42 -------- d-----w c:\program files\VistaExperience.org
2009-02-14 10:57 . 2009-02-14 10:57 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\URSoft
2009-02-14 10:57 . 2009-02-14 10:57 -------- d-----w c:\program files\Your Uninstaller 2008
2009-02-14 10:50 . 2009-02-14 10:50 -------- d-----w c:\program files\K-Lite Codec Pack
2009-02-14 10:42 . 2009-02-14 10:42 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-14 10:39 . 2009-02-14 10:39 -------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2009-02-14 10:38 . 2009-02-14 10:38 -------- d-----w c:\program files\IVT Corporation
2009-02-14 10:35 . 2009-02-14 10:35 -------- d-----w c:\program files\USB Vibration
2009-02-14 10:34 . 2009-02-14 10:34 -------- d-----w c:\program files\Vimicro Corporation
2009-02-14 10:33 . 2009-02-14 10:33 -------- d-----w c:\program files\Vimicro
2009-02-14 10:29 . 2009-02-14 10:29 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Talkback
2009-02-14 10:27 . 2009-02-14 10:27 21419 ---ha-w c:\windows\system32\drivers\AegisP.sys
2009-02-14 10:27 . 2009-02-14 10:27 -------- d-----w c:\program files\GIGABYTE
2009-02-14 10:27 . 2009-02-14 10:27 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\InstallShield
2009-02-14 10:24 . 2009-02-14 09:48 86327 ---ha-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-14 10:09 . 2009-02-14 10:09 -------- d-----w c:\program files\Realtek
2009-02-14 10:08 . 2009-02-14 10:08 -------- d-----w c:\program files\Intel
2009-02-14 10:06 . 2009-02-14 09:39 -------- d-----w c:\program files\Styler
2009-02-14 10:06 . 2009-02-14 10:06 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Styler
2009-02-14 10:02 . 2009-02-14 10:00 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2009-02-14 10:02 . 2009-02-14 10:00 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2009-02-14 10:02 . 2009-02-14 10:00 16384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2009-02-14 10:02 . 2009-02-14 10:02 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009021420090215\index.dat
2009-02-14 09:58 . 2009-02-14 09:40 -------- d-----w c:\program files\Windows Sidebar
.

------- Sigcheck -------

[-] 2008-04-23 14:32 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-23 05:34 2350208 AF263738FAD02E11D21F2C8F18054C80 c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= "c:\windows\system32\ieframe.dll" [2008-04-23 6067200]

[HKEY_CLASSES_ROOT\clsid\{cfbfae00-17a6-11d0-99cb-00c04fd64497}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D2F8F919-690B-4EA2-9FA7-A203D1E04F75}"= "c:\program files\Styler\TB\StylerTB.dll" [2006-05-02 102400]

[HKEY_CLASSES_ROOT\clsid\{d2f8f919-690b-4ea2-9fa7-a203d1e04f75}]
[HKEY_CLASSES_ROOT\StylerTB.StylerToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89B73048-4968-42EC-9841-D790BD239380}]
[HKEY_CLASSES_ROOT\StylerTB.StylerToolBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-14 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-03-23 14202368]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-23 124928]

c:\documents and settings\Nesho&Nedja\Start Menu\Programs\Startup\
windows.pif [2006-4-24 59392]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Empty.pif [2006-4-24 59392]
Gigabyte Wireless Utility.lnk - c:\program files\GIGABYTE\Common\GNConfig.exe [2009-2-14 741376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2007-12-07 233472]
"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Nesho&Nedja^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Nesho&Nedja\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-03-22 21:18 1271808 ----a-w c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 16:19 15872 ----a-w c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]
2007-04-13 17:08 114688 ----a-w c:\program files\Vimicro\Vimicro UVC USB2.0 PC Camera\x86\VMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=

R3 FXDRV;FXDRV; [x]
R3 PciCon;PciCon; [x]
S0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2006-02-26 26112]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-14 33808]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2007-09-05 248448]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2007-06-13 476032]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{360f1f10-fba1-11dd-9c77-0011676bf47f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.sweetim.com
mStart Page = hxxp://home.sweetim.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
TCP: {FB7D265C-DCA8-4336-931A-CF831CF175E3} = 10.24.4.1
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
FF - ProfilePath - c:\documents and settings\Nesho&Nedja\Application Data\Mozilla\Firefox\Profiles\bnel1vba.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 08:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028-)
c:\windows\system32\klogon.dll
.
Completion time: 2009-04-15 9:00
ComboFix-quarantined-files.txt 2009-04-15 07:00

Pre-Run: 12,503,928,832 bytes free
Post-Run: 12,494,589,952 bytes free

260

primetio sam da dok je radio combofix komp se nije restartovao ko sto je ranije radio kad sam radio sa njim

Dopuna: 15 Apr 2009 16:24

.......................................................................

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Ne brini zbog toga što ComboFix nije restartovao računar. Često nema potrebe za restartom...

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\documents and settings\Nesho&Nedja\Application Data\explorer.exe
c:\documents and settings\Nesho&Nedja\Start Menu\Programs\Startup\windows.pif
c:\documents and settings\All Users\Start Menu\Programs\Startup\Empty.pif

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{360f1f10-fba1-11dd-9c77-0011676bf47f}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 17 Maj 2008
  • Poruke: 442
  • Gde živiš: Torak City

ComboFix 09-04-16.02 - Nesho&Nedja 04/16/2009 12:20.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1566 [GMT 2:00]
Running from: C:\ComboFix.exe
Command switches used :: c:\documents and settings\Nesho&Nedja\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\documents and settings\All Users\Start Menu\Programs\Startup\Empty.pif
c:\documents and settings\Nesho&Nedja\Application Data\explorer.exe
c:\documents and settings\Nesho&Nedja\Start Menu\Programs\Startup\windows.pif
.
Error: Cfolders.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Empty.pif
c:\documents and settings\Nesho&Nedja\Application Data\explorer.exe
c:\documents and settings\Nesho&Nedja\Local Settings\Application Data\lsass.exe
c:\documents and settings\Nesho&Nedja\Start Menu\Programs\Startup\windows.pif

.
((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.

2009-04-14 16:54 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-14 16:54 . 2009-04-14 16:54 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-14 16:36 . 2009-04-16 10:23 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-14 16:36 . 2009-04-16 10:23 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-14 16:36 . 2009-04-16 10:23 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-14 16:36 . 2009-04-16 10:23 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-12 12:05 . 2009-04-12 12:05 26 ----a-w c:\windows\neosetup.INI
2009-04-12 12:05 . 2007-02-05 11:11 139264 ----a-w c:\windows\NeoUninstall.exe
2009-04-09 13:48 . 2009-04-09 13:48 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\ImTOO Software Studio
2009-04-09 13:43 . 2009-04-09 13:47 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\GetRightToGo
2009-03-29 08:25 . 2009-03-29 08:25 523142 ----a-w c:\windows\system32\PerfStringBackup.TMP
2009-03-20 21:09 . 2009-03-20 21:10 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\mIRC
2009-03-18 19:46 . 2009-03-18 19:46 -------- d-----w c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 10:25 . 2009-02-14 11:14 -------- d-----w c:\program files\DNA
2009-04-16 10:25 . 2009-02-14 11:14 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\DNA
2009-04-16 10:19 . 2009-04-15 06:55 3015820 ----a-r C:\ComboFix.exe
2009-04-15 20:08 . 2009-02-14 10:09 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-15 20:08 . 2009-02-14 10:57 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 18:20 . 2009-04-14 18:20 -------- d-----w c:\program files\microsoft frontpage
2009-04-14 16:54 . 2009-04-14 16:54 -------- d-----w c:\program files\Avira
2009-04-14 16:34 . 2009-02-14 09:38 -------- d-----w c:\program files\Unlocker
2009-04-12 12:05 . 2009-04-12 12:05 -------- d-----w c:\program files\Neoact
2009-04-09 13:41 . 2009-04-09 13:40 -------- d-----w c:\program files\The KMPlayer
2009-04-08 11:55 . 2009-03-01 15:14 -------- d-----w c:\program files\Counter-Strike 1.6
2009-03-16 16:45 . 2009-03-16 16:45 -------- d-----w c:\program files\Atari
2009-03-15 12:25 . 2009-03-15 12:25 268 ---ha-w C:\sqmdata03.sqm
2009-03-15 12:25 . 2009-03-15 12:25 244 ---ha-w C:\sqmnoopt04.sqm
2009-03-15 12:25 . 2009-03-15 12:25 244 ---ha-w C:\sqmnoopt03.sqm
2009-03-14 17:31 . 2009-03-01 12:43 -------- d-----w c:\program files\NitroFamily
2009-03-12 18:23 . 2009-03-12 18:23 268 ---ha-w C:\sqmdata02.sqm
2009-03-12 18:23 . 2009-03-12 18:23 244 ---ha-w C:\sqmnoopt02.sqm
2009-03-10 20:27 . 2009-03-10 20:27 268 ---ha-w C:\sqmdata01.sqm
2009-03-10 20:27 . 2009-03-10 20:27 244 ---ha-w C:\sqmnoopt01.sqm
2009-03-08 20:07 . 2009-02-14 14:24 -------- d-----w c:\program files\MSN Messenger
2009-03-08 16:01 . 2009-03-08 16:01 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-03-04 17:21 . 2009-03-04 17:18 -------- d-----w c:\program files\Cheatbook Database 2008
2009-03-02 22:35 . 2009-03-02 22:35 268 ---ha-w C:\sqmdata00.sqm
2009-03-02 22:35 . 2009-03-02 22:35 244 ---ha-w C:\sqmnoopt00.sqm
2009-02-28 13:55 . 2009-02-14 10:09 -------- d-----w c:\program files\Common Files\InstallShield
2009-02-27 21:21 . 2009-02-27 21:12 -------- d-----w c:\program files\SmileyPad
2009-02-27 21:12 . 2009-02-27 21:12 90624 ----a-w c:\windows\system32\ecFCI.dll
2009-02-27 21:12 . 2009-02-27 21:12 104448 ----a-w c:\windows\system32\ecFDI.dll
2009-02-27 20:42 . 2009-02-27 20:40 -------- d-----w c:\program files\Schmaili90
2009-02-26 21:37 . 2009-02-26 21:37 -------- d-----w c:\program files\Microsoft
2009-02-23 21:08 . 2009-02-23 21:08 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\SmartFTP
2009-02-23 16:58 . 2009-02-23 16:58 -------- d-----w c:\program files\Activision Value
2009-02-22 12:55 . 2009-02-22 11:49 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Web Page Maker
2009-02-22 11:49 . 2009-02-22 11:49 -------- d-----w c:\program files\Web Page Maker
2009-02-22 11:47 . 2009-02-22 10:20 -------- d-----w c:\program files\Trendy Site Builder
2009-02-21 15:26 . 2009-02-21 15:26 -------- d-----w c:\program files\phenomedia
2009-02-21 14:07 . 2009-02-14 10:00 -------- d-----w c:\program files\Windows Media Connect 2
2009-02-19 09:12 . 2009-02-14 11:16 -------- d-----w c:\program files\Mv2Player
2009-02-17 20:27 . 2009-02-17 20:27 -------- d-----w c:\program files\Common Files\Adobe
2009-02-16 13:18 . 2009-02-14 10:07 21096 ----a-w c:\documents and settings\Nesho&Nedja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-15 21:11 . 2009-02-14 11:33 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\BSplayer
2009-02-15 18:32 . 2009-02-15 18:32 98304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-15 18:24 . 2009-02-15 18:24 -------- d-----w c:\program files\Rockstar Games
2009-02-15 17:24 . 2009-02-15 17:24 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Leadertech
2009-02-15 17:14 . 2009-02-15 17:14 -------- d-----w c:\program files\EA Sports
2009-02-15 15:15 . 2009-02-15 12:26 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\FrostWire
2009-02-15 12:26 . 2009-02-14 11:32 -------- d-----w c:\program files\FrostWire
2009-02-14 10:24 . 2009-02-14 09:48 86327 ---ha-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-14 10:02 . 2009-02-14 10:00 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2009-02-14 10:02 . 2009-02-14 10:00 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2009-02-14 10:02 . 2009-02-14 10:00 16384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2009-02-14 10:02 . 2009-02-14 10:02 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009021420090215\index.dat
2009-02-14 09:53 . 2009-02-14 09:53 68936 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-02-14 09:46 . 2009-02-14 09:46 21640 ---ha-w c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2008-04-23 14:32 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-23 05:34 2350208 AF263738FAD02E11D21F2C8F18054C80 c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-14 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-03-23 14202368]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-23 124928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Gigabyte Wireless Utility.lnk - c:\program files\GIGABYTE\Common\GNConfig.exe [2009-2-14 741376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Nesho&Nedja^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Nesho&Nedja\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-03-22 21:18 1271808 ----a-w c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 16:19 15872 ----a-w c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]
2007-04-13 17:08 114688 ----a-w c:\program files\Vimicro\Vimicro UVC USB2.0 PC Camera\x86\VMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=

R3 FXDRV;FXDRV; [x]
R3 PciCon;PciCon; [x]
S0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2006-02-26 26112]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-14 33808]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2007-09-05 248448]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2007-06-13 476032]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.sweetim.com
mStart Page = hxxp://home.sweetim.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {FB7D265C-DCA8-4336-931A-CF831CF175E3} = 10.24.4.1
FF - ProfilePath - c:\documents and settings\Nesho&Nedja\Application Data\Mozilla\Firefox\Profiles\bnel1vba.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 12:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(1988-)
c:\windows\system32\msi.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\program files\LClock\LC.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-04-16 12:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-16 10:28
ComboFix2.txt 2009-04-15 07:01

Pre-Run: 12,384,813,056 bytes free
Post-Run: 12,374,417,408 bytes free

209


evo combofix loga,avira vise ne javlja nista i my documents se vise ne otvaraju pri svakom podizanju windowsa.hvala puno na pomoci

jos samo flesh da ocistimo i to bi bilo to Very Happy

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Vidim da imaš i ostatke Kasperskog na sistemu, preporučljivo je da se uklone potpuno.
Ali to ćemo na kraju, ako budeš bio raspoložen...

Sada da pređemo na dezinfekciju flash-a ->

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 17 Maj 2008
  • Poruke: 442
  • Gde živiš: Torak City

USBNoRisk 1.6 by bobby

Started at 4/16/2009 11:09:29 PM

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
D: {1e3bb4df-fa81-11dd-b91c-806d6172696f}
C: {1e3bb4e1-fa81-11dd-b91c-806d6172696f}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for 1e3bb4e1-fa81-11dd-b91c-806d6172696f
========================================

Autorun.inf on D: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for D:
No key found for 1e3bb4df-fa81-11dd-b91c-806d6172696f
========================================



New device connected at 4/16/2009 11:10:42 PM

Scanning for connected USB mass storage...
----------------------------------------
H: {360f1f10-fba1-11dd-9c77-0011676bf47f}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on H: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 360f1f10-fba1-11dd-9c77-0011676bf47f
========================================

----------------------------------------

Desktop.ini on H: - None
----------------------------------------

========================================

evo taj zadnji je flesh taj H ovo ostalo nzm sta je,a za kaspersky naravno da sam raspolozen

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Flash za koji si postavio log nije inficiran, a bio je. Možda si ga u međuvremenu formatirao, ili šta već?

Što se tiče uklanjanja ostataka Kasperskog, imaš sve u ovoj temi.

Na kraju, postavi mi i svež HijackThis log, kako bih bio siguran da se infekcija nije vratila.

offline
  • Pridružio: 17 Maj 2008
  • Poruke: 442
  • Gde živiš: Torak City

flash nisam formatirao,skinuo sam kav remover ali je pisalo kaspersky anti virus not detected

evo i HTJ log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:31 AM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\GIGABYTE\Common\GNConfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\internet\TR#\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Gigabyte Wireless Utility.lnk = C:\Program Files\GIGABYTE\Common\GNConfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB7D265C-DCA8-4336-931A-CF831CF175E3}: NameServer = 10.24.4.1
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4402 bytes

Ko je trenutno na forumu
 

Ukupno su 1048 korisnika na forumu :: 36 registrovanih, 9 sakrivenih i 1003 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, AF-1, airsuba, amaterSRB, bojank, Chainsaw, comi_pfc, Dimitrise93, Dorcolac, draganca, HogarStrashni, hooraay, Karla, Krvava Devetka, Kvazar, ladro, Luka Blažević, Milometer, milos.cbr, Milos82, MilosKop, mocnijogurt, nemkea71, novator, Panter, Parker, pein, procesor, Shinobi, Sirius, Smd, Srle993, stegonosa, vathra, VP6919, |_MeD_|