PDA

View Full Version : Kako da hitno počistim trojana WIN32/PSW.WOW.NIB?


Natch
25.02.2009., 18:11
Kao sto naslov kaze, moram hitno pocistiti to smece ih kompjutera. Pise da se nalazi u C:/WINDOWS/system32/ u 182540631.dll.

Sta da radim?:mad:

pada mi stalno internet, gasi mi se outlook i slicno.
napominjem da nisam surfala po pornjavi.

dobrota
25.02.2009., 18:13
postaj hijackthis log na forum, pa ćemo viditi :)

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Natch
25.02.2009., 18:14
postaj hijackthis log na forum, pa ćemo viditi :)

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

sta je to? vec imam nekoliko antivirusa instaliranih, preporucite mi najbolji!

Natch
25.02.2009., 18:18
evo ga:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:09, on 25.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\T-Com MAXadsl CD-ROM\T-Com MAXadsl Start\T-Com MAXadsl Start.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\forx482918.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tportal.hr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tportal.hr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MAXadsl Internet Explorer
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: T-Com MAXadsl Start.lnk = C:\Program Files\T-Com MAXadsl CD-ROM\T-Com MAXadsl Start\T-Com MAXadsl Start.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: T-Com - {29384EFD-1AE4-46E9-8272-069D5A5B0629} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tportal.hr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://ukdownload.toontown.com/sv1.0.15.38/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0530CE8C-0828-41B4-B714-77D29FB0EE0F}: NameServer = 195.29.149.197 195.29.166.117
O17 - HKLM\System\CS1\Services\Tcpip\..\{0530CE8C-0828-41B4-B714-77D29FB0EE0F}: NameServer = 195.29.149.197 195.29.166.117
O17 - HKLM\System\CS2\Services\Tcpip\..\{0530CE8C-0828-41B4-B714-77D29FB0EE0F}: NameServer = 195.29.149.197 195.29.166.117
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6216 bytes

dobrota
25.02.2009., 18:20
http://i39.tinypic.com/33b2wbc.png

kad instaliraš taj program,klik na označeno....kada završi scan, pojavit će se log file....taj file kopiraj i zalipi ode na forum...
a što se tiče preporuke za antivirus....ja koristim kaspersky i po meni je najbolji....odlična je i avira....
najprije postaj hijackthis

Aegon
25.02.2009., 18:23
jel imas malwarebytes' anti-malware? probaj sa njim skenirat ako nemas, mene nikad nije iznevjerio
http://www.malwarebytes.org/mbam.php
skini, updateaj, i skeniraj

Natch
25.02.2009., 18:23
pa skenirala sam s ovim gore, jel vidite log, sta vam to nije dosta??
aj brzo, sad ce mi se opet sve srusit.

tirox
25.02.2009., 18:25
Taj NOD makni s kompa deinstaliraj ga a stavi Aviru Free i mirna si kaj se tice antivirusa, a s Malwarebites napravis Full Scan pa maknes sve kaj nadje on bi trebao rijesit gamad ako je ima prvo skeniraj s Malwarebites!!!:kava::mig:
http://www.malwarebytes.org/
http://www.free-av.com/

Aegon
25.02.2009., 18:25
hijack this je samo diagnostic tool(doduse moze se i za popravljanje koristit, al nisam siguran kolko ucinkovito), a malwarebytes ti to mozda bude obrisal

kotulica
25.02.2009., 18:27
@natch, :rofl::rofl::rofl::rofl:

pričekaj, sad će ti dobrota reći kako ćeš raditi po redu. hahhh nešto ćeš fiksati, nešto deinstalirati, instalirati i tako. :rofl: budi strpljiva. i deinstaliraj nod a instaliraj KIS. tamo sam ti na kokošinjcu stavila link (pa iskoristi 30 dana besplatnog korištenja) a onda ću ti dati ključeve za dalje. :D

tirox
25.02.2009., 18:34
Natch pa ne pokupis gamad samo na pornjavi toga ima na sve strane di god ides naletis na svasta, nije gamad jedina koja ti moze tako blokirat komp to moze i napravit nered na kompu ima vise razloga za ovakvo stanje ali kod tebe je gamad u pitanju sigurno!!!:kava::mig:

dobrota
25.02.2009., 18:39
C:\WINDOWS\system32\forx482918.exe
O9 - Extra button: T-Com - {29384EFD-1AE4-46E9-8272-069D5A5B0629} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU

sada ponovo pokreni hijackthis, ove dvi stvari pronađi, i stavi kvačicu kraj njih...nakon toga klik na fix checked
http://i41.tinypic.com/33otruh.png
prije nego čekiraš, zatvori web preglednik

odi na ovu stranicu i skini dr.web cure it, i napravi full scan u safe mode
http://www.freedrweb.com/cureit/


edit: a bilo bi dobro, da poslušaš savjet od kotulice :)
http://www.kaspersky.com/internet_security_trial

evo link,skini kaspersky,napravi update, pa scan isto u safe mode

Natch
25.02.2009., 18:41
Natch pa ne pokupis gamad samo na pornjavi toga ima na sve strane di god ides naletis na svasta, nije gamad jedina koja ti moze tako blokirat komp to moze i napravit nered na kompu ima vise razloga za ovakvo stanje ali kod tebe je gamad u pitanju sigurno!!!:kava::mig:
dajte me nemojte zajebavati, nego mi pomognite da to rijesim!!

s cim da pocistim?

Aegon
25.02.2009., 18:45
dajte me nemojte zajebavati, nego mi pomognite da to rijesim!!

s cim da pocistim?

pa ja i tirox smo ti napisali sa malwarebytesom da skeniras, ja sam ti dao i link, a i dobrota je dao svoj savjet :kava:
i bilo bi dobro da stavis kis umjesto noda, al najbolje sad odma da skeniras sa malwarebytesom:kava:

MatejScorp13
25.02.2009., 19:01
Kao sto naslov kaze, moram hitno pocistiti to smece ih kompjutera. Pise da se nalazi u C:/WINDOWS/system32/ u 182540631.dll.

Sta da radim?:mad:

pada mi stalno internet, gasi mi se outlook i slicno.
napominjem da nisam surfala po pornjavi.

da li si možda surfala po facebook'u ... jer prijatelj kaže da mu je tamo se palio Nod32 stalno i danas pogledao kod njega a ono 20 komada ... i upravo tih Wow trojanaca ... obrisao ih sa Nod'om i mislim da se nisu pojavili onda

edit: nije Avast nego je Nod32 ... neznam tko me tjerao da to napišem ;)

tirox
25.02.2009., 19:05
Nitko te ne zeza Natch krivo si svatila to je bio komentar a ne zezancija, samo skeniraj s Malwarebites i Dr Web koji je preporucio dobrota i to iz Safe Moda sve u Full Scan s jednim i drugim obavi i onda javi kako bude a poslije biraj oces Aviru Free ili Kaspersky nema tu puno mudrovanja!!!!:kava::mig:

Natch
25.02.2009., 20:22
da li si možda surfala po facebook'u ... jer prijatelj kaže da mu je tamo se palio Nod32 stalno i danas pogledao kod njega a ono 20 komada ... i upravo tih Wow trojanaca ... obrisao ih sa Nod'om i mislim da se nisu pojavili onda

edit: nije Avast nego je Nod32 ... neznam tko me tjerao da to napišem ;)

nisam.
zapravo, mozda je moj necak, on se igra na mom fejsbuku.

Natch
25.02.2009., 20:34
ok, instalirala sam kasperskyja i sad mi skenira. pita me dal da brise trojane
trojan-gamethief.win32.wow.fgh. sta da sve brise, jel to opasno za komp?

dobrota
25.02.2009., 20:41
ok, instalirala sam kasperskyja i sad mi skenira. pita me dal da brise trojane
trojan-gamethief.win32.wow.fgh. sta da sve brise, jel to opasno za komp?

samo briši,slobodno sve briši...

da li scaniraš u safe mode ?

Natch
25.02.2009., 20:51
samo briši,slobodno sve briši...

da li scaniraš u safe mode ?
ne. da odem u safe mode?

btw, izgleda da je trojan usao preko online-igara mog necaka :rolleyes:

Tigrov friend
25.02.2009., 20:59
"disinfect, delete if can't disinfect" pa če sve sam riješiti, neče zapitkivati... Samo uvijek updateaj nove skripte, tj. to on sam radi u backgroundu, vidiš mali globus kod K simbola u trayu :cheers:

Edit: e da, neka nećak od sad posluša kaspersky, ako mu ovaj izbaci neku obavijest, neka ne dira, ne otvara i slično, npr. trojan taj i taj itd itd.

Natch
25.02.2009., 21:04
ovako: uglavnom se radi o dva tipa trojana:

25.2.2009 21:30:22 Detected: Trojan-GameThief.Win32.WOW.fqh C:\System Volume Information\_restore{31397A98-E48A-42D2-AC9E-81D586C4F65C}\RP959\A0849900.dll

25.2.2009 21:56:49 Detected: Trojan.Win32.Dialer.cj C:\Documents and Settings\Administrator\Local Settings\Temp\IH1732.tmp/PE-Crypt.XorPE/UPX

e sad, zanima me jel ovaj dialer opasan?

Tigrov friend
25.02.2009., 21:07
Samo ti to delete, ako on osobno nije opasan, može povući u komp brdo onih koji mogu biti opasni, nikakav trojan ti ne treba u kompu!

tirox
25.02.2009., 21:23
Kaj Kaspersky nađe to se brise bez puno razmisljanja nema tu milosti smakni tu gamad nesretnu i bit ce ok a nakon toliko ciscenja i pospremanja skini si ovaj registry cleaner pa s njim pocisti greske kojih sigurno ima i mirna si program je siguran i dobro radi svoj posao!!!:kava::mig:
http://www.glarysoft.com/rr.html

Natch
25.02.2009., 21:24
e, kako se ono ide u safe mode?

Tigrov friend
25.02.2009., 21:31
Prije pokretanja windowsa, dok je na bios ekranu stišči tipku f8

tirox
25.02.2009., 21:42
To je jedan dio odgovora a drugi je kad se pojavi onaj izbornik izaberes s strelicama na tipkovnici Safe Mode pa onda Enter i uđes i obavis kaj treba a kad izlazis kliknes na Start pa Shoutdown i stisnes restart i to je to vracas se u windowse normalno!!!:kava::mig:

Natch
25.02.2009., 21:48
a dal se vazi ako sam u obicnom modeu pocistila trojane (94 komada :eek:) il moram opet u safe modeu?

tirox
25.02.2009., 21:56
Treba napravit i Scan i u Safe Modu da bi bilo ocisceno kako spada pa i to obavi i onda nece biti problema s gamadi!!!:kava::mig:

božesačuvaj
25.02.2009., 22:05
Jeste li joj rekli da isključi system restore prije čišćenja?

jocker
25.02.2009., 22:11
Što se tiče skeniranja sa Malwarebytes' Antimalware: najefikasniji je u normal modu. U safe modu se s njime skenira jedino ako ne može drugačije.

Taj program je tako napravljen da je efikasan u čišćenju aktivne infekcije, a uspavanu neće očistiti kako treba, možda ju čak i ne prepozna.

vidra
25.02.2009., 22:21
pobriši odmah i sve system restore pointove i isključi ga dok se sustav ne počisti

tirox
25.02.2009., 22:23
U windowsima je skenirala s Kasperskim to je rekla i to Full Scan a Malwarebites je ponuđen da se i s njim skenira a nadam se da je i s njim skenirala isto, a sad skenira i u Safe Modu valjda s njima barem bi trebala to napravit a za System Restore cini mi se da to nismo spomenuli!!!:kava::mig:

Tigrov friend
26.02.2009., 01:41
94 trojana? Dali ja to dobro čitam? Wow! :applause:
Dobro u brzini sam zaboravio na system restore, ali se system ili user checkpointovi mogu srediti tako da nije problem!

kotulica
26.02.2009., 10:57
nije ni čudo da gnjavite i pravite konfuzije kad vas se pet-šest spusti na temu i svatko vrti svoje. mislim, zar nije normalnije da pustite onog tko se prvi uhvatio rješavanja problema (i koji zna što radi i govori) pa da ne dolazi do ovakvih propusta i maltretiranja korisnika s desecima skeniranja? :rolleyes:

dobrota
26.02.2009., 11:42
@natch
postaj log od kasperskog, što je pronaša....

opet postaj hijackthis log

tirox
26.02.2009., 12:47
Kaspersky i Malwarebites ce ocistit komp i bez tog iskljucivanja System Restore iako se to treba napravit da bi bilo kak spada, ova dva junaka su to radila vise put uspjesno te odlicno i bez toga pa nije neki veliki kiks ali se treba iskljucit taj System Restore kod ciscenja to da, svi smo joj preporucivali u biti samo Malwarebites i KIS te ja Aviru a kaj bi drugo:D, tako ti to je kotulica kad se cura javi u nevolji muski priskacu a ima tu i guranja i sudaranja takvi smo mi muski kad su u pitanju cure svi nude pomoc no sad je cura cista kaj se tice gamadi!!!:kava::D:mig:

laufer1971
26.02.2009., 12:51
Imam sličan slučaj sa trojancem win32/PSW.WOW... . Imam nod 32 koi ih pohvata i izbriše međutim čim windowse restartam eto ga opet. Nedozvoljava ni vraćanje sustava na neku prije točku. Izgleda da samo format tu pomaže. Ako neko zna nešto pametnije neka javi. :ne zna:

dobrota
26.02.2009., 12:56
postaj hijackthis log, pa ćemo vidit ...
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Natch
26.02.2009., 15:47
e sad imam mali problem: stavila sam kaspersky i tako mi je jaka zastita na outlooku da mi jedan mejl stize...da vidimo, vec 5 i pol sati :D

TAMI 80
26.02.2009., 15:52
a se može bit na forumu i raditi Full Scan u Kaspersky ?
je to ok ?

dobrota
26.02.2009., 15:59
ok je ....

Natch
26.02.2009., 16:05
dobro, kako da sad skinem suvisnu zastitu s outlooka, kako bih napokon primila taj mejl koji curi vec 6 sati?

i drugo, sta ako trojani dolaze preko foruma?

tirox
26.02.2009., 16:08
Natch za taj puzevski mail ti nije kriv Kaspersky barem ne bi trebao to radit sigurno, TAMI 80 ak imas dovoljno jak komp mozes ti skenirat ali na slabom kompu bogami to ne bude bilo ugodno uopce bit ce usporavanja!!!:kava::mig:

dobrota
26.02.2009., 16:08
dobro, kako da sad skinem suvisnu zastitu s outlooka, kako bih napokon primila taj mejl koji curi vec 6 sati?

i drugo, sta ako trojani dolaze preko foruma?

koliko ti giga ima taj mail ?:D
trojani ne dolaze preko foruma,nego preko crackova i raznoraznih patcheva...porno stranica :D

dobrota
26.02.2009., 16:18
@natch
http://i39.tinypic.com/2ugmhaw.png
http://i41.tinypic.com/htvad1.png

tu možeš podesiti, kako da se skenira mail i šta da skenira ...
http://i44.tinypic.com/2w594dd.png

a možeš i izgasiti email and im protection, mada to ne preporučujem
http://i43.tinypic.com/2eeasm0.png

Natch
26.02.2009., 16:23
hvala, rijesila sam :top:

dobrota
26.02.2009., 16:26
ne daš ti novi hijackthis log :)
jeli sada sve u redu ?

TAMI 80
26.02.2009., 16:29
a mogu ja dati svoj hijackthis log ?

laufer1971
26.02.2009., 16:31
Šta sada sa ovim



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:37, on 26.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\mabidwe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Pomoc za prijavu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\msrstart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O17 - HKLM\System\CCS\Services\Tcpip\..\{51604568-18D1-44A0-A3E8-ADE9F02A466F}: NameServer = 212.39.98.162,212.39.98.161
O17 - HKLM\System\CS1\Services\Tcpip\..\{51604568-18D1-44A0-A3E8-ADE9F02A466F}: NameServer = 212.39.98.162,212.39.98.161
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate1c983c693dc427e) (gupdate1c983c693dc427e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reote 2009 (Remte_Server_2009) - Unknown owner - C:\Program Files\Reota\Reota.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe

--
End of file - 8632 bytes

dobrota
26.02.2009., 16:32
ajde, da vidimo...
jesi li napravija scan sa kasperskim ?

laufer1971
26.02.2009., 16:35
sa Trend Micro HijackThis

tirox
26.02.2009., 16:43
laufer1971 kao zastita kod tebe je NOD i Spyware Doctor pa skeniraj s Doktorom i to Full Scan pa on je poznat kao odlican cistac gamadi tu nema sumnje nikakve jedino ako imas specijanu verziju Doktora kojoj se ne da cistit gamad!!!:kava::D:cerek:

dobrota
26.02.2009., 16:44
sa Trend Micro HijackThis

C:\WINDOWS\system32\mabidwe.exe
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\msrstart.exe
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe
ponovo pokreni hijackthis..ovo pronađi i stavi kvačicu kraj toga...kad to zakačiš, klik na fix this...na prvoj stranici imaš slikovito

sada dobro slušaj....imaš nekoliko trojana, radi točno onako kako ti kažem

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

sa ove stranice skini combofix,
-combofix spremi na desktop
-antivirus i antispyware stavi na disable
-fitički se isključi sa interneta
-pokreni combofix
-dok traje scan ne diraj ništa(miš i tipkovnicu)
-combofix log upload na rapid share, pa link postaj na forum

Natch
26.02.2009., 16:45
ne daš ti novi hijackthis log :)
jeli sada sve u redu ?

pa ja mislim da je :ne zna:
evo ga:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:16, on 26.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\T-Com MAXadsl CD-ROM\T-Com MAXadsl Start\T-Com MAXadsl Start.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tportal.hr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tportal.hr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MAXadsl Internet Explorer
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: T-Com MAXadsl Start.lnk = C:\Program Files\T-Com MAXadsl CD-ROM\T-Com MAXadsl Start\T-Com MAXadsl Start.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: T-Com - {29384EFD-1AE4-46E9-8272-069D5A5B0629} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tportal.hr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://ukdownload.toontown.com/sv1.0.15.38/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0530CE8C-0828-41B4-B714-77D29FB0EE0F}: NameServer = 195.29.149.197 195.29.166.117
O17 - HKLM\System\CS1\Services\Tcpip\..\{0530CE8C-0828-41B4-B714-77D29FB0EE0F}: NameServer = 195.29.149.197 195.29.166.117
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPE R~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASP ER~1\kloehk.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 7107 bytes

TAMI 80
26.02.2009., 16:47
A evo i mog slučaja !
Što kažete ?

Radila sam scan sa KIS-om.
Je u redu sad ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:06, on 26.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Fast.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=022809 serial=dr12wex-1504397-kty lang=EN
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F49A921-D5E1-4D62-AA20-7A4B663F59FD}: NameServer = 195.29.149.197 195.29.149.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F49A921-D5E1-4D62-AA20-7A4B663F59FD}: NameServer = 195.29.149.197 195.29.149.196
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPE R~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASP ER~1\kloehk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7174 bytes

tirox
26.02.2009., 16:49
TAMI 80 ako ne koristis ASK toolbar mozes i ovo maknut stavi kvacicu na ta dva i Fix Checked ili ga deinstaliraj cemu toliki toolbari!!!:kava::mig:
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll

dobrota
26.02.2009., 16:53
@natch
log je čist
jesi li ti instalirala advanced registry optimizer ?
imaš i ask toolbar, tj. imaš puno toolbara....rješi se nepotrebnoga

ponovo pokreni hijackthis

O9 - Extra button: T-Com - {29384EFD-1AE4-46E9-8272-069D5A5B0629} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU)

i ovo fixaj

laufer1971
26.02.2009., 16:55
na ovo nemogu staviti kvakicu
C:\WINDOWS\system32\mabidwe.exe
nema ga na HijackThisu

dobrota
26.02.2009., 16:57
A evo i mog slučaja !
Što kažete ?

Radila sam scan sa KIS-om.
Je u redu sad ?

kog je čist, i ti imaš previše toolbara, ako se ne koristiš sa ask toolbarom...izbriši ga iz add/remove...

Natch
26.02.2009., 16:58
[QUOTE=dobrota;19068575]@natch
log je čist
jesi li ti instalirala advanced registry optimizer ?/QUOTE]
jesam, sad radi.

dobrota
26.02.2009., 17:00
na ovo nemogu staviti kvakicu
C:\WINDOWS\system32\mabidwe.exe
nema ga na HijackThisu

http://i44.tinypic.com/4kbb7p.png

u 17.30 je bija tu...nema veze....zakači šta ima i pokreni combofix...

dobrota
26.02.2009., 17:01
[QUOTE=dobrota;19068575]@natch
log je čist
jesi li ti instalirala advanced registry optimizer ?/QUOTE]
jesam, sad radi.

ok, onda...sve u redu :)

tirox
26.02.2009., 17:07
TAMI 80 skini si Glary Utilites pa kad ga instaliras i pokrenes onda, Optimize & Improve pa Startap Manager i makni ova dva programa s startapa tj makni kvacice s njih a s ovim programom uvijek makni kaj ne treba s startapa jer je ovo puno preglednije i jednostavnije napravit s ovim programom !!!:kava::mig:
O4 - HKCU\..\Run: C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
[U]http://www.download.com/Glary-Utilities/3000-2094_4-10824124.html
http://img19.picoodle.com/img/img19/3/2/26/f_bbbbbxm_0e8936f.jpg (http://www.picoodle.com/view.php?img=/3/2/26/f_bbbbbxm_0e8936f.jpg&srv=img19)

Natch
26.02.2009., 17:13
ok, onda...sve u redu :)
pa i nije bas, jer mi kaze da mi mora pocistit 282 fajla, a da ce mi to besplatno uciniti samo za 20 :D

laufer1971
26.02.2009., 17:14
To ima u izviješću ali nema ga u programu

dobrota
26.02.2009., 17:25
To ima u izviješću ali nema ga u programu

laufer,označi šta ima i pokreni combofix,pa da možemo dalje :)
neće bit samo combofix :)
ajde sinko, pokreni combofix:mig:

dobrota
26.02.2009., 17:27
pa i nije bas, jer mi kaze da mi mora pocistit 282 fajla, a da ce mi to besplatno uciniti samo za 20 :D

ajde lipo to izbriši iz add/remove...skini ovaj,ja ga osobno koristim...

http://www.registryfix.com/

na pp ću ti objasnit kako instalirati i koristiti taj programčić :D

TAMI 80
26.02.2009., 17:39
thanks Dobrota i i Tirox !:cerek:

Samo ne znam zašto trebam ovo napraviti

TAMI 80 skini si Glary Utilites pa kad ga instaliras i pokrenes onda, Optimize & Improve pa Startap Manager i makni ova dva programa s startapa tj makni kvacice s njih a s ovim programom uvijek makni kaj ne treba s startapa jer je ovo puno preglednije i jednostavnije napravit s ovim programom !!!
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

Volim znati što radim,a i ne znam što sad kad sam instalirala KIS,a morala sam deinstalirati AVG i Ppybot&distroy.
Što bi trebala što se tiče toga napraviti ?
Što bi bilo najbolje.
AVG mi nije bio prepoznao trojance,a KIS je !:ne zna:

TAMI 80
26.02.2009., 17:46
thanks Dobrota i i Tirox !:cerek:

Samo ne znam zašto trebam ovo napraviti

TAMI 80 skini si Glary Utilites pa kad ga instaliras i pokrenes onda, Optimize & Improve pa Startap Manager i makni ova dva programa s startapa tj makni kvacice s njih a s ovim programom uvijek makni kaj ne treba s startapa jer je ovo puno preglednije i jednostavnije napravit s ovim programom !!!
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

Volim znati što radim,a i ne znam što sad kad sam instalirala KIS,a morala sam deinstalirati AVG i Ppybot&distroy.
Što bi trebala što se tiče toga napraviti ?
Što bi bilo najbolje.
AVG mi nije bio prepoznao trojance,a KIS je !:ne zna:

dobrota
26.02.2009., 17:47
trebala bi još izbrisati ad-aware i staviti malwarebytes ili superantispyware umjesto njega
što bi bili najbolje?
KIS 2009....koristi trial od 30 dana, nakon triala,možeš kupiti ili nekako nabaviti kljuć

tirox ti želi reć, da ti se puno programa diže iz startup
start-run-msconfig-startup
odaberi startup i postaj sliku na forum,pa ćemo makniti nepotrebno...

edit:krivo vidija :)

laufer1971
26.02.2009., 17:48
nemogu sa copy poslati odgovor bit će da je velik

tirox
26.02.2009., 17:48
TAMI 80 ta dva programa ti ne trebaju na startapu sigurno pa ih makni slobodno, a KIS ti je dovoljan i sam i ne treba ti nista vise osim recimo Malwarerbytes !!!:kava::mig:

dobrota
26.02.2009., 17:50
nemogu sa copy poslati odgovor bit će da je velik

uploadaj taj log na rapidshare,pa link postaj ode na forum :)

laufer1971
26.02.2009., 17:56
uploadaj taj log na rapidshare,pa link postaj ode na forum :)

kako se to radi

Natch
26.02.2009., 17:59
ajde lipo to izbriši iz add/remove...skini ovaj,ja ga osobno koristim...

http://www.registryfix.com/

na pp ću ti objasnit kako instalirati i koristiti taj programčić :D

neces vjerovati, ali od jucer sam, po vasim savjetima, downloadala jedno 20-ak raznih antivirusa. pa zasto ne bih jos jedan :cerek:

dobrota
26.02.2009., 18:02
kako se to radi

odi na ovu stranicu http://rapidshare.com/
klik na browse-označi combofix log-ok
http://i39.tinypic.com/280uuk0.png

pojavit će se ovo...klik na upload
http://i40.tinypic.com/28vb0ub.png

kada upload bude gotov,dobit ćeš ovakav link...taj link kopiraj i zaljepi na forum

http://i43.tinypic.com/259g6rb.png

dobrota
26.02.2009., 18:05
neces vjerovati, ali od jucer sam, po vasim savjetima, downloadala jedno 20-ak raznih antivirusa. pa zasto ne bih jos jedan :cerek:

jesi li izbrisala onaj ?

ja i kotulica smo odabrali najbolje za tebe, zar ne ? :)

ajde samo skini taj koji sam ti napisa,pogledaj u pp,a onaj izbriši ,ne triba ti :D

laufer1971
26.02.2009., 18:06
Hvala ti evo ga http://rapidshare.com/files/202881152/log.txt.html

dobrota
26.02.2009., 18:32
otvori notepad...ovo sve kopiraj i spremi u notepad

File::

c:\windows\system32\wmpns.dll
c:\windows\system32\26EF86E126.sys
c:\windows\system32\ezsidmv.dat
c:\windows\system32\drivers\beep.sys
c:\documents and settings\All Users\Application Data\DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE

Registry::

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\a fisicx]
"ImagePath"="c:\windows\system32\afisicx.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\d efaultlib]
"ServiceDll"="c:\windows\system32\u232440644.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\m abidwe]
"ImagePath"="c:\windows\system32\mabidwe.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\n etmantow]
"ServiceDll"="c:\windows\system32\der2589457.dll
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\s oftyinforwow1]
"ServiceDll"="c:\windows\system32\20092740.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\s oxpeca]
"ImagePath"="c:\windows\system32\soxpeca.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\m chInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21E.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\e q2soft]
"ServiceDll"="c:\windows\system32\u232454642.dll"


spremi kao CFScript.txt

taj text file, sa mišem uvuci u combofix.exe
combofix će se opet pokreniti...antivirus na disable i sve isto kao na početku

kada završi combofix, napravi ovo
nod 32 obavezno izbriši i njegov fix...
skini kaspersky internet security 2009 trial http://www.kaspersky.com/trials
napravi update, pa scaniraj u safe mode
skini ako nemaš malwarebytes http://www.malwarebytes.org/ pa scan

umisto toga noda , preporučujem ti aviru free+superantispyware,...besplatno, a svoj posao rade odlično

eto,pa kad završe scanovi,opet postaj logove od kasperskog i malwarebytesa na forum

TAMI 80
27.02.2009., 09:42
E sad pitanje što mi sračka kad uključujem comp : You may be a victim of software counterfeiting i što je to
Windows Genuine Advantage ?

Što kaže Dobrota i ekipa ?

dobrota
27.02.2009., 09:50
E sad pitanje što mi sračka kad uključujem comp : You may be a victim of software counterfeiting i što je to
Windows Genuine Advantage ?

Što kaže Dobrota i ekipa ?

skini remove wga i pokreni...ostatak stiže preko pp :D
http://www.softpedia.com/get/Tweak/Uninstallers/RemoveWGA.shtml

tirox
27.02.2009., 12:24
Nakon svega ovoga jos i WGA nikad kraja barikadama i problemcicima no sad bu valjda ok kad WGA dobi cipelu u straznjicu uskoro s kompa!!!:kava::bonk::D

TAMI 80
27.02.2009., 14:27
skini remove wga i pokreni...ostatak stiže preko pp :D
http://www.softpedia.com/get/Tweak/Uninstallers/RemoveWGA.shtml

A sad nema ništa,valjda sam ih potamanila.
E sad,a kakav ključ mi terba nakon 30 dana za KIS ?:confused:

TAMI 80
27.02.2009., 14:30
Nakon svega ovoga jos i WGA nikad kraja barikadama i problemcicima no sad bu valjda ok kad WGA dobi cipelu u straznjicu uskoro s kompa!!!:kava::bonk::D

A što napraviti s tim programima poslije?
Remove VG i geniune.rar?

tirox
27.02.2009., 14:32
KIS ti ima Trial period od 30 dana u kojem radi normalno a nakon toga nema vise Updates i tako dalje pa se to moze rijesit nije to problem ako nece biti susa kljućeva jasno, no uvijek je tu Avira Free koja je isto odlicno rjesenje za zamjenu!!!:kava::mig:

tirox
27.02.2009., 14:33
Ako je taj Remove WGA odradio svoje izbrisi ga s kompa jer ti ne treba vise!!!:kava::D

TAMI 80
27.02.2009., 16:27
A opet sam radila ful scan i javlja mi opet neke trojance Trojan-GameThief.Win32.OnlineGames.bkw

Od kud to sad?

Meni se čini kad KIS uključim,da mih on sam povlači?
Da nije on za privlačenje trojanaca ?:confused:

tirox
27.02.2009., 16:32
Samo ti ocisti kaj on nađe nemas tu brige, zato i je tu da te stiti i uhvati gamad!!!:kava::mig:

TAMI 80
27.02.2009., 16:37
Samo ti ocisti kaj on nađe nemas tu brige, zato i je tu da te stiti i uhvati gamad!!!:kava::mig:

Znači nemoram ići u safe mod i sl. ?
A što znači vulnerability kad mi detektira?
A kad sam napravila ful scan,onda mi je sam KIS delito trojance .Ne moram ništa sama delitat kao u AVG-u npr. ?:confused:

dobrota
27.02.2009., 16:50
A opet sam radila ful scan i javlja mi opet neke trojance Trojan-GameThief.Win32.OnlineGames.bkw

Od kud to sad?

Meni se čini kad KIS uključim,da mih on sam povlači?
Da nije on za privlačenje trojanaca ?:confused:

di ti je KIS pronašao trojance..?
da nije slučajno u c:/system volume information ....?

pošalji screenshoot

TAMI 80
27.02.2009., 17:03
di ti je KIS pronašao trojance..?
da nije slučajno u c:/system volume information ....?

pošalji screenshoot

E baš tu je pronađeno,a kak misliš screenshoot?:confused:

dobrota
27.02.2009., 17:09
E baš tu je pronađeno,a kak misliš screenshoot?:confused:

uslikaj ovo
http://i44.tinypic.com/17e3hi.png

taj vulnerabiliti nije virus,nego koristiš neki softver,koji nije nadograđen na noviju verziju...

to iz system restore, ćeš riješiti tako da isključiš system restore....napravi restart...pa ponovo uključi system restore

TAMI 80
27.02.2009., 17:16
uslikaj ovo
http://i44.tinypic.com/17e3hi.png

taj vulnerabiliti nije virus,nego koristiš neki softver,koji nije nadograđen na noviju verziju...

to iz system restore, ćeš riješiti tako da isključiš system restore....napravi restart...pa ponovo uključi system restore

a gdje to isključim system restore?:confused:

dobrota
27.02.2009., 17:22
start-my computer-properties
http://i43.tinypic.com/2uxyr.png

stavi kvačicu na isključi system restore-primjeni
http://i39.tinypic.com/30s994o.png

TAMI 80
27.02.2009., 17:40
start-my computer-properties
http://i43.tinypic.com/2uxyr.png

stavi kvačicu na isključi system restore-primjeni
http://i39.tinypic.com/30s994o.png

Sve sam to uradila i šta će se sad desiti ?
A kako preko KIS-a mogu prekontrolirati da li neki program koji instaliram ima u sebi trojanca?
Mogu napraviti scan samo za taj dio koji spremam?
I još jedno pitanjce; Kak da Lap-top skeniram sa KIS-om,ak mi nema direktnu vezu na internet?

dobrota
27.02.2009., 17:51
sada si izbrisala system restore i te trojane koji su bili tu...više tih trojana nema
KIS automatski sve pregledaje, a možeš pokrenuti i ručni scan...desni klik mišem na taj file i scan with kaspersky
http://i39.tinypic.com/v9emh.png

naravno da možeš i scanirat ako nema direktnu vezu, samo prije scana napravi update ....

jesi li ponovo uključila system restore ?
uključiš ga tako što makneš kvačicu ....i naravno potvrda primjeni :)

TAMI 80
27.02.2009., 17:58
sada si izbrisala system restore i te trojane koji su bili tu...više tih trojana nema
KIS automatski sve pregledaje, a možeš pokrenuti i ručni scan...desni klik mišem na taj file i scan with kaspersky
http://i39.tinypic.com/v9emh.png

naravno da možeš i scanirat ako nema direktnu vezu, samo prije scana napravi update ....

jesi li ponovo uključola system restore ?
uključiš ga tako što makneš kvačicu ....i naravno potvrda primjeni :)

Sve sam napravila,samo imam verziju na Engleskom pa me malo buni,ali mislim da je sve OK !
Thanks još jednom !:top:

dobrota
27.02.2009., 18:04
a kad ćeš mi poslat screenshoot, da vidim šta je kasperski pronaša ? :)

TAMI 80
27.02.2009., 18:25
a kad ćeš mi poslat screenshoot, da vidim šta je kasperski pronaša ? :)

A kak da kopiram taj screenshoot da ga mogu staviti na forum ?:confused:

dobrota
27.02.2009., 18:33
sliku spremi na desktop...odi na ovu stranicu http://tinypic.com/
klik na browse, pronađi sliku,označi je..klik u redu..
http://i44.tinypic.com/w7zmgk.jpg
http://i40.tinypic.com/245etg9.png
onda klik na upload
http://i44.tinypic.com/2wcm9v5.png
kopiraš drugi link i paste ga na forum
http://i43.tinypic.com/qsnpep.png

TAMI 80
28.02.2009., 08:51
uslikaj ovo
http://i44.tinypic.com/17e3hi.png

taj vulnerabiliti nije virus,nego koristiš neki softver,koji nije nadograđen na noviju verziju...

to iz system restore, ćeš riješiti tako da isključiš system restore....napravi restart...pa ponovo uključi system restore

E pazi sad kokoške!
A kak da fino skinem fotku kad klikam desnim klikom i nigdje nemrem naći save.
E kokoške!:confused:

jocker
28.02.2009., 10:16
Ne trebaš kliknuti desnim klikom. :)

Klikni lijevim, samo jednom, i link je kopiran.

Onda ovdje u post kliknš desnim, pa "paste"

TAMI 80
28.02.2009., 10:36
Ma kliknula sam,ali mi ne izbaci fotku !

Virus Scan: completed 28.2.2009 9:33:16 (events: 2, objects: 13, time: 00:00:00)
28.2.2009 9:33:16 Task started
28.2.2009 9:33:16 Task completed
Virus Scan: completed 28.2.2009 9:33:16 (events: 2, objects: 13, time: 00:00:00)
27.2.2009 16:10:50 Untreated: Trojan-Downloader.Win32.Murlo.acr File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP276\ A0042695.exe Postponed
27.2.2009 16:10:49 Untreated: Trojan.Win32.Agent.brue File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP276\ A0042694.dll Postponed
27.2.2009 16:10:45 Untreated: Trojan-GameThief.Win32.WOW.fqh File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP276\ A0042681.dll Postponed
27.2.2009 16:08:46 Untreated: Trojan-GameThief.Win32.OnLineGames.bkvu File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0041415.dll Postponed
27.2.2009 16:08:46 Untreated: Trojan-GameThief.Win32.OnLineGames.bkvv File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0041414.dll Postponed
27.2.2009 16:08:46 Untreated: Trojan-GameThief.Win32.WOW.fnw File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0040438.dll Postponed
27.2.2009 16:08:45 Untreated: Trojan-GameThief.Win32.OnLineGames.bkvu File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0040437.dll Postponed
27.2.2009 16:08:43 Untreated: Trojan-GameThief.Win32.OnLineGames.bkvv File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0040436.dll Postponed
27.2.2009 17:13:22 Task completed
27.2.2009 17:13:22 Deleted: Trojan-Downloader.Win32.Murlo.acr File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP276\ A0042695.exe
27.2.2009 17:13:22 Detected: Trojan-Downloader.Win32.Murlo.acr File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP276\ A0042695.exe
27.2.2009 17:13:22 Deleted: Trojan.Win32.Agent.brue File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP276\ A0042694.dll
27.2.2009 17:13:22 Detected: Trojan.Win32.Agent.brue File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP276\ A0042694.dll
27.2.2009 17:13:22 Deleted: Trojan-GameThief.Win32.WOW.fqh File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP276\ A0042681.dll
27.2.2009 17:13:22 Detected: Trojan-GameThief.Win32.WOW.fqh File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP276\ A0042681.dll
27.2.2009 17:13:22 Deleted: Trojan-GameThief.Win32.OnLineGames.bkvu File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0041415.dll
27.2.2009 17:13:22 Detected: Trojan-GameThief.Win32.OnLineGames.bkvu File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0041415.dll
27.2.2009 17:13:22 Deleted: Trojan-GameThief.Win32.OnLineGames.bkvv File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0041414.dll
27.2.2009 17:13:22 Detected: Trojan-GameThief.Win32.OnLineGames.bkvv File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0041414.dll
27.2.2009 17:13:22 Deleted: Trojan-GameThief.Win32.WOW.fnw File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0040438.dll
27.2.2009 17:13:22 Detected: Trojan-GameThief.Win32.WOW.fnw File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0040438.dll
27.2.2009 17:13:22 Deleted: Trojan-GameThief.Win32.OnLineGames.bkvu File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0040437.dll
27.2.2009 17:13:22 Detected: Trojan-GameThief.Win32.OnLineGames.bkvu File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0040437.dll
27.2.2009 17:13:22 Deleted: Trojan-GameThief.Win32.OnLineGames.bkvv File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0040436.dll
27.2.2009 17:13:18 Detected: Trojan-GameThief.Win32.OnLineGames.bkvv File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0040436.dll
27.2.2009 17:08:54 Detected: http://www.viruslist.com/en/advisories/28083 File c:\WINDOWS\system32\Macromed\Flash\ Flash9e.ocx
27.2.2009 16:50:13 Detected: http://www.viruslist.com/en/advisories/30761 File c:\program files\mozilla firefox\ firefox.exe
27.2.2009 16:49:34 Detected: http://www.viruslist.com/en/advisories/30975 File c:\program files\microsoft office\office11\ winword.exe
27.2.2009 16:49:19 Detected: http://www.viruslist.com/en/advisories/31453 File c:\program files\microsoft office\office11\ powerpnt.exe
27.2.2009 16:48:17 Detected: http://www.viruslist.com/en/advisories/29320 File c:\program files\microsoft office\office11\ outlook.exe
27.2.2009 16:48:14 Detected: http://www.viruslist.com/en/advisories/30150 File c:\program files\microsoft office\office11\ mspub.exe
27.2.2009 16:48:10 Detected: http://www.viruslist.com/en/advisories/31454 File c:\program files\microsoft office\office11\ excel.exe
27.2.2009 16:40:51 Detected: http://www.viruslist.com/en/advisories/29321 File c:\program files\Common Files\Microsoft Shared\OFFICE11\ MSO.DLL
27.2.2009 16:40:51 Detected: http://www.viruslist.com/en/advisories/29321 File c:\program files\Common Files\Microsoft Shared\Office10\ MSO.DLL
27.2.2009 16:32:04 Detected: http://www.viruslist.com/en/advisories/26201 File c:\program files\adobe\acrobat 6.0 ce\reader\ acrord32.exe
27.2.2009 16:23:24 Detected: http://www.viruslist.com/en/advisories/28083 File c:\Documents and Settings\Marin\Local Settings\Temp\mProjector957005698\ FlashPlayer.3.1.1e.ocx
27.2.2009 16:22:26 Detected: http://www.viruslist.com/en/advisories/29434 File c:\Documents and Settings\Marin\Local Settings\Temp\miaD.tmp\ mia.lib
27.2.2009 16:22:22 Detected: http://www.viruslist.com/en/advisories/29434 File c:\Documents and Settings\Marin\Local Settings\Temp\miaC.tmp\ mia.lib
27.2.2009 16:22:20 Detected: http://www.viruslist.com/en/advisories/29434 File c:\Documents and Settings\Marin\Local Settings\Temp\miaB.tmp\ mia.lib
27.2.2009 16:10:50 Detected: Trojan-Downloader.Win32.Murlo.acr File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP276\ A0042695.exe
27.2.2009 16:10:49 Detected: Trojan.Win32.Agent.brue File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP276\ A0042694.dll
27.2.2009 16:10:44 Detected: Trojan-GameThief.Win32.WOW.fqh File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP276\ A0042681.dll
27.2.2009 16:08:46 Detected: Trojan-GameThief.Win32.OnLineGames.bkvu File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0041415.dll
27.2.2009 16:08:46 Detected: Trojan-GameThief.Win32.OnLineGames.bkvv File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0041414.dll
27.2.2009 16:08:46 Detected: Trojan-GameThief.Win32.WOW.fnw File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0040438.dll
27.2.2009 16:08:45 Detected: Trojan-GameThief.Win32.OnLineGames.bkvu File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0040437.dll
27.2.2009 16:08:43 Detected: Trojan-GameThief.Win32.OnLineGames.bkvv File c:\System Volume Information\_restore{2D0F1193-047D-49E4-9450-51CAF29701EF}\RP273\ A0040436.dll
27.2.2009 16:07:20 Detected: http://www.viruslist.com/en/advisories/30150 File c:\program files\microsoft office\office11\ mspub.exe
27.2.2009 16:07:12 Detected: http://www.viruslist.com/en/advisories/30761 File c:\program files\mozilla firefox\ firefox.exe
27.2.2009 16:06:35 Detected: http://www.viruslist.com/en/advisories/30975 File c:\program files\microsoft office\office11\ winword.exe
27.2.2009 16:06:09 Detected: http://www.viruslist.com/en/advisories/31453 File c:\program files\microsoft office\office11\ powerpnt.exe
27.2.2009 16:05:55 Detected: http://www.viruslist.com/en/advisories/31454 File c:\program files\microsoft office\office11\ excel.exe
27.2.2009 16:05:48 Detected: http://www.viruslist.com/en/advisories/26201 File c:\program files\adobe\acrobat 6.0 ce\reader\ acrord32.exe
27.2.2009 16:05:48 Detected: http://www.viruslist.com/en/advisories/29320 File c:\program files\microsoft office\office11\ outlook.exe
27.2.2009 16:05:26 Task started
Virus Scan: completed 28.2.2009 9:33:16 (events: 2, objects: 13, time: 00:00:00)
27.2.2009 16:04:37 Task completed
27.2.2009 16:04:07 Task started
Virus Scan: completed 28.2.2009 9:33:16 (events: 2, objects: 13, time: 00:00:00)
27.2.2009 15:54:11 Task completed
27.2.2009 15:50:25 Task started

dobrota
28.02.2009., 12:44
@tami 80

-skini movu verziju flash player http://get.adobe.com/flashplayer/
-skini novu verziju mozille http://www.mozilla.com/en-US/firefox/
-adobe reader izbriši i stavi ovaj http://www.foxitsoftware.com/pdf/rd_intro.php
jednostavniji,isto radi , ako ne i bolje od adobe reader
-microsoft office napravi update
-ostalo je sve u redu

tirox
28.02.2009., 12:53
Foxit Reader je odlican brz te lagan i nije tezak a to se ne moze rec nikak za slonovski Adobe Reader.:flop: Foxit ima sve kaj ti treba i svakom normalnom korisniku je i vise nego dovoljan!!!:kava::mig:

TAMI 80
28.02.2009., 12:56
@tami 80

-skini movu verziju flash player http://get.adobe.com/flashplayer/
-skini novu verziju mozille http://www.mozilla.com/en-US/firefox/
-adobe reader izbriši i stavi ovaj http://www.foxitsoftware.com/pdf/rd_intro.php
jednostavniji,isto radi , ako ne i bolje od adobe reader
-microsoft office napravi update
-ostalo je sve u redu

Ma bitno da je OK !:)

Ali ne znam zašto nisam mogla fino skinut fotku kao ti sa podacima nego mi je izbacilo sve ovako nabrojeno .Probala sam napravit save,ali nije išlo. Tebi sve operacije fino prikaže kao na compu!

E sad još jedno pitanjce.
Zeza me veza sa lap topom,pa bi htjela skinuti novu verziju
sa compa i prebacit preko USB-a na lap top manuelno,a neznam kak se to radi može pomoć,pleez ?:s

TAMI 80
28.02.2009., 12:58
Ma naravno mislila sam na KIS !

dobrota
28.02.2009., 13:01
@tami
javim ti se kad završi ovo :)
http://www.youtube.com/watch?v=ncvx8OVWaqg

TAMI 80
28.02.2009., 13:14
A za fotke imam FastStone Image Viewer,ali ne znam kak to fino staviti da mi dobro skopira ?

dobrota
28.02.2009., 13:17
@tami

jesi li skinula onaj fast stone ?

možeš skinuti na usb, pa prebaciti na laptop..to nije problem...kako te zeza veza?..može li detaljnije
one tri stvari obavezno napravi..to su rupe u sistemu...

dobrota
28.02.2009., 13:32
A za fotke imam FastStone Image Viewer,ali ne znam kak to fino staviti da mi dobro skopira ?

fast stone capture 6.3 ..to ti treba...
označiš ono šta treba uslikat i spremiš na desktop...to stvarno nije teško :D

TAMI 80
28.02.2009., 13:33
@tami

jesi li skinula onaj fast stone ?

možeš skinuti na usb, pa prebaciti na laptop..to nije problem...kako te zeza veza?..može li detaljnije
one tri stvari obavezno napravi..to su rupe u sistemu...

Ma skinut ću,a što sa mojim starim FastStoneImage ?
E pa kako,lipo stavim kabel u lap top,pa spojim fino sa PC-om i onda se ništa ne događa,ne mogu prebacivati podatke u radni,a a snjega na lap top.Mislim da je do utičnice na lap topu,malo je stariji,pa valjda zbog toga se razmrdala.
Zato sam htjela vidjeti kak to ide sa prebacivanjem novog up-date ! Instalirala sam KIS na lap top preko USB i gledam lat update ,a ono 18.11.2008. zadnji.
A možeš onda mislit koliko mi znači skeniranje lap topa s tom verzijom !:eek:

dobrota
28.02.2009., 13:45
pa izbriši ga..šta će ti staro ? :D

nema to veze sa utičnicom...jeli ti local area conection omogučen ?.
ima li ikonica od veze u donjem desnom kantunu ?ako ima, šta piše, i bilo bi dobro da uslikaš :)
ovako KIS 2009 radi offline update, samo prati slike
http://blog.ashfame.com/2008/09/update-kaspersky-internet-security-2009-offline/

tirox
28.02.2009., 14:01
TAMI 80 ako ce bit problema s tom specijalnom:D verzijom Fastone Capture tu si mozes skinut ovu verziju koja je besplatna pa nema problema s tim, najdoljnji link ti je za download i to je to!!!:kava::top:
http://www.aplusfreeware.com/categories/mmedia/FastStoneCapture.html

TAMI 80
28.02.2009., 14:10
Thanks Dobrota i Tirox !
Ali za danas mi je dosta i compa i svega.
Idem van na zrak!
Ugodan vikend vama i škvadri koja uredno provodi "deritizaciju" i "dezinsekciju" !:cerek:

dobrota
28.02.2009., 14:19
ajde, lipo se odmori i uživaj u čistom zraku...
ugodan vikend također i tebi svi želimo :)

tirox
28.02.2009., 14:25
Imas pravo lijep je dan malo rekreacije i friskog zraka ne skodi kad bi stalno sjedio za kompom pa kam bi dosli, ionako je Kaspersky pojeo gamad pa mos bit mirna ostalo je samo usminkavanje i malo prckanja oko kompa!!!:kava::gitara::frajer:

TAMI 80
02.03.2009., 10:06
A dobar ti onaj FastStone Capture!
Sam moram malo proraditi na njemu.
A možeš mi onda objasnit kako da stavim zadnju verziju KIS-a na laptop preko USB-a?
Ne da mi se sad gledat gdje ne šljaka veza između lap topa i compa. To bi kasnije jer mi se čini da ima više posla !:)

dobrota
02.03.2009., 10:40
odeš na ovu stranicu http://www.kaspersky.com/trials

instalaciju spremiš na usb, usb ukopčaš u onaj kompjuter i instaliraš :)

a zadnje definicije, isto tako spremiš na usb ,ubaciš usb,za download odabereš lokaciju...
na ovoj stranici ti je sve lipo objašnjeno i slikovito...nemožeš falit ...samo prati upute
http://blog.ashfame.com/2008/09/update-kaspersky-internet-security-2009-offline/

TAMI 80
02.03.2009., 14:05
odeš na ovu stranicu http://www.kaspersky.com/trials

instalaciju spremiš na usb, usb ukopčaš u onaj kompjuter i instaliraš :)

a zadnje definicije, isto tako spremiš na usb ,ubaciš usb,za download odabereš lokaciju...
na ovoj stranici ti je sve lipo objašnjeno i slikovito...nemožeš falit ...samo prati upute
http://blog.ashfame.com/2008/09/update-kaspersky-internet-security-2009-offline/

Sve sam isprobala i sad ga fino skenira.
A zašto mu toliko terba da ga kopira na USB.
Javio mi nekih 3000 events-cca 60MB

Znači moram prvo označiti da kad mi radi update,da mi automatski kopira na USB.
Ne mogu to napraviti poslije,nego samo na način kako je prikazano?
I što tereba napraviti s opcijom copy nakon što mi skine na USB?

Da ju isključim i koristim samo kad mi kopira za lap top ?:)

TAMI 80
05.03.2009., 17:44
Pa di je taj Dobrota ?

dobrota
05.03.2009., 17:48
evo me :)

a di si ti ?.... nema te danima :)

TAMI 80
05.03.2009., 18:08
evo me :)

a di si ti ?.... nema te danima :)

A kako sve brzo vidiš?
E imaš oko stvarno! Ma gore sam ti postavila pitanje,pa mi nisi odgovorio.
Pa pitam. A istina imala sam dosta posla,a trojanci nestali.
Stislo ih malo pa se prepali!:cerek:

dobrota
05.03.2009., 18:19
ma mislija sam da ti nemoram odgovarat, jer je sve lipo i detaljno objašnjeno :)

1. da moraš označit da kopira na usb
2.to radiš samo na način kako je prikazano
3.nakon što se skine na usb, ubaciš usb u računalo koje nema vezu...otvoriš kaspeersky i za update odabereš usb,isto kako je tamo opisano
4.da
:)

dobrota
05.03.2009., 18:26
http://i41.tinypic.com/16i60bd.png

znači otvoriš kaspersky-update settings-aditional settings
staviš kvačicu na Copy Updates to folder
odaberešeš svoj usb

http://i41.tinypic.com/358593t.png

instaliranje updeta
kaspersky-update-settings-source
klik na add i odaberi usb ...

TAMI 80
06.03.2009., 09:27
:)http://i41.tinypic.com/16i60bd.png

znači otvoriš kaspersky-update settings-aditional settings
staviš kvačicu na Copy Updates to folder
odaberešeš svoj usb

http://i41.tinypic.com/358593t.png

instaliranje updeta
kaspersky-update-settings-source
klik na add i odaberi usb ...

Ma svaka čast.:top:
Puno ti hvala!:)
Ma otkud ti to sve znaš?
Poslat ću ti i fotku svog problema između lap topa i compa.

TAMI 80
06.03.2009., 18:20
Evo šaljem ti ovaj slučaj.
Spojim kabel sa PC-a na lap top i evo rezultat
http://img8.imageshack.us/img8/6451/20090306190934.jpg :ne zna:

dobrota
06.03.2009., 20:05
Evo šaljem ti ovaj slučaj.
Spojim kabel sa PC-a na lap top i evo rezultat
http://img8.imageshack.us/img8/6451/20090306190934.jpg :ne zna:

klik na properties-odaberi internet protocol (TCP/IP)-properties
pa pošalji sliku od toga

start-run-cmd

kada se otvori command prompt, upiši ovo -ipconfig /all
pa pošalji i od toga sliku

TAMI 80
07.03.2009., 14:04
klik na properties-odaberi internet protocol (TCP/IP)-properties
pa pošalji sliku od toga

start-run-cmd

kada se otvori command prompt, upiši ovo -ipconfig /all
pa pošalji i od toga sliku

Evo ja kopirala,a ti sad vidi:
http://img10.imageshack.us/img10/1267/20090307143715.jpg
Ovaj drugi dio baš ne kužim sa command prompt.
Ne znam da li mogu ići preko search,pa onda ukucati ?
A kad ukucam ipconfig/all, stisnem enter ili samo pofotkam ? :confused:

Natch
07.03.2009., 16:43
evo mene opet (dugo se nismo vidjeli) :D
stavila sam stick u kompjuter i kaspersky mi je odmah pokazao da je nasao worma win32 (na kljucicu).
sta da radim?

dobrota
08.03.2009., 15:19
Evo ja kopirala,a ti sad vidi:
http://img10.imageshack.us/img10/1267/20090307143715.jpg
Ovaj drugi dio baš ne kužim sa command prompt.
Ne znam da li mogu ići preko search,pa onda ukucati ?
A kad ukucam ipconfig/all, stisnem enter ili samo pofotkam ? :confused:

znači ideš start, pa run...u run ukucaš cmd-ok
otvorit će ti se crni ekran...u njega upiši ipconfig(razmak) /all ...klik na enter..i to šta dobiješ uslikaj...
kada se sa tim laptopom spojiš direktno na router,možeš li onda na internet?
jesi li napravila network setup wizard za oba računala?

dobrota
08.03.2009., 15:20
evo mene opet (dugo se nismo vidjeli) :D
stavila sam stick u kompjuter i kaspersky mi je odmah pokazao da je nasao worma win32 (na kljucicu).
sta da radim?

kako se zove worm ?

TAMI 80
09.03.2009., 17:52
znači ideš start, pa run...u run ukucaš cmd-ok
otvorit će ti se crni ekran...u njega upiši ipconfig(razmak) /all ...klik na enter..i to šta dobiješ uslikaj...
kada se sa tim laptopom spojiš direktno na router,možeš li onda na internet?
jesi li napravila network setup wizard za oba računala?

E sad,nađem ikonu start u lijevom čošku PC-a i stisnem.
A di dođe run? :confused:
TZrebam li to napraviti i sa lap-topom i pc-iem ili ?

A network setup wizard za oba računala,možda jesam,a možda nisam.
Znam samo da imam ikonu Local Area Connetion na oba računala. Pa ti sad reci kako dalje ?:ne zna:
Unaprijed zahvaljujem !:cerek:

dobrota
09.03.2009., 18:08
http://i41.tinypic.com/x4p0s2.jpg
ideš na start-run ili pokreni...tu upiši cmd
otvorit će ti se ovo
http://i40.tinypic.com/2pqvpyx.png

tu upiši ipconfig /all (treba bit razmak između g i /)

samo sa laptopom

dobrota
09.03.2009., 18:17
@tami

http://www.forum.hr/showthread.php?t=77354

Cisco12
09.03.2009., 18:20
Pozdrav Petre :rofl:

TAMI 80
10.03.2009., 17:44
http://i41.tinypic.com/x4p0s2.jpg
ideš na start-run ili pokreni...tu upiši cmd
otvorit će ti se ovo
http://i40.tinypic.com/2pqvpyx.png

tu upiši ipconfig /all (treba bit razmak između g i /)

samo sa laptopom

Ja sam ti poslala na pm jer vidim da se Cisco malo voli više šaliti.:azdaja:

DIO$
10.03.2009., 17:54
Evo ja isto imam taj vrag win32,evo javi mi ovo kad ocu uci u D i u G...u C mi normalno ulazi....Zna mozda neko kako to srediti??

http://www.imagesforme.com/show.php/393041_untitled.JPG

dobrota
10.03.2009., 18:01
postaj hijackthis log, pa ćemo vidit
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

DIO$
10.03.2009., 18:12
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:12, on 10.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\StrongDC++\StrongDC.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2077543
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: FreeRapid 0.71.lnk = D:\Programi\FreeRapid-0.71\frd.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6619 bytes

dobrota
10.03.2009., 18:51
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT2077543

ako ask toolbar nisi sam instalira, izbriši ga iza add/remove i fixaj ovo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...8&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...8&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
skini combofix,spremi na desktop
-antivirus stavi na disable
-fizički se isključi sa interneta
-dok traje scan, ne diraj miš ni tipkovnicu
-combofix log upload na rapidshare, pa link postaj na forum

početna stranica ti je conduit...to si sam namistija tako ?

DIO$
10.03.2009., 18:54
Nisam,pocetna mi je net.hr

dobrota
10.03.2009., 18:57
ok...zatvori internet explorer, ponovo pokreni hijackthis, označi ono gori i klik na fixthis

nakon toga combofix, pa log postaj na forum...

od kad nemožeš otvorit D: ?

DIO$
10.03.2009., 19:06
Pa ima vec dosta,nekih dva mjeseca...Nemogu se iskjuciti s neta,jer smo spojeni preko mreze...

dobrota
10.03.2009., 19:45
kako nemožeš ?..nemožeš se diskonektirat ?
jeli i kod ostalih računala isti problem ?

Natch
27.03.2009., 08:47
dobar dan, evo mene opet :) danas mi istice kaspersky, kako da ga obnovim (a ne platim)?

Flipi
28.03.2009., 14:18
Počistio sam trojana ali i dalje ne mogu otvorit internet explorer ,my computer,dokumente

jocker
28.03.2009., 14:37
Jel možeš otvoriti regedit?

Start > run > regedit > enter


I koji je to trojan bio? Zašto si siguran da si ga očistio? :)

Flipi
28.03.2009., 15:47
Jel možeš otvoriti regedit?

Start > run > regedit > enter


I koji je to trojan bio? Zašto si siguran da si ga očistio? :)


Neznam točno i nisam siguran

jocker
28.03.2009., 17:10
Napravi točno kako piše:

Na desktopu napravi novu mapu i nazovi ju 123. Skini ovo i smjesti u tu mapu.
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Preimenuj Hijackthis.exe u 123.exe. (obavezno ga preimenuj)

Pokreni i klikni "Do a system scan and save a log file". Kad ti se otvori log u Notepadu, kopiraj ga u poruku ovdje.


PS. ako ne možeš otvarati ni foldere, stavi Hijackthis direktno na Desktop (ali ga svakako preimenuj)

Flipi
28.03.2009., 21:55
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:22, on 28.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Name Name\Desktop\123\123.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235684467861
O17 - HKLM\System\CCS\Services\Tcpip\..\{34A6BD14-FD9A-4D77-A3CA-78C763613688}: NameServer = 195.29.149.196 195.29.166.116
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 4823 bytes

jocker
28.03.2009., 23:33
Ne vidim u ovom logu nešto opasno. Napravi ovo:

Skini Combofix sa jedne od ovih adresa na Desktop: (obavezno na desktop)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Isključi antivirus i sve ostale programe sa real-time zaštitom.

-------------------------------------------------------------------------------

1. Spybot SD:

Pokreni Spybot S&D
Klikni Mode stavku u meniju
Odaberi Advanced Mode
Na traci lijevo klikni na Tools
Klikni na Resident
Makni kvačicu sa Resident Tea-Timer
Zatvori Spybot S&D
Restartaj kompjuter.


2. Nod32:
Desni klik na ikonicu - disable Antivirus and antispyware protection (znači, prvo isključi Tea timer u spybotu, restartaj, pa tek onda isključi Nod ) Tek nakon toga pokreni combofix.

------------------------------------------------------------------------------------------------



Pokreni Combofix i prati upute na ekranu. Kad počne skeniranje, ne diraj miš i tipkovnicu. Nestat će ti ikone sa desktopa, ne brini, vratit će se. Combofix će restartati kompjuter, ti samo ništa ne diraj. Na kraju ćeš dobiti log, koji trebaš ovdje kopirati. Ako je prevelik, uploadaj ga na www.rapidshare.com i stavi link ovdje.

Flipi
29.03.2009., 11:18
dobio sam log koji sam zaboravio kopirat.
Internet Explorer mi je proradio, samo mi se stvorio kad se starta komp neki kod je os a nije

jocker
29.03.2009., 11:52
dobio sam log koji sam zaboravio kopirat.
Internet Explorer mi je proradio, samo mi se stvorio kad se starta komp neki kod je os a nije


Log se nalazi na C:/Combofix.txt
Kopiraj ga i daj da pregledam.

Combofix nije nikakav čarobni štapić koji sve riješava samim tim što si ga pokrenuo. Potrebno je pregledati log, pa napisati skriptu kojom će se dovršiti čišćenje.

bistric
29.03.2009., 13:30
Napravi točno kako piše:

Na desktopu napravi novu mapu i nazovi ju 123. Skini ovo i smjesti u tu mapu.
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Preimenuj Hijackthis.exe u 123.exe. (obavezno ga preimenuj)

Pokreni i klikni "Do a system scan and save a log file". Kad ti se otvori log u Notepadu, kopiraj ga u poruku ovdje.


PS. ako ne možeš otvarati ni foldere, stavi Hijackthis direktno na Desktop (ali ga svakako preimenuj)

pozdrav svima,
zao mi je sto ovako upadam, ali me u zadnjih dva dana virusi jako izluđuju...

napravila sam ovo sto je Joker napisao, stoga bih ga (ili bilo koga drugoga tko se u to razumije) zamolila da vidi ovaj log i predlozi sto dalje

_____________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:26:58, on 29.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elantech\ktp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\fxsteller.exe
C:\Documents and Settings\Korisnik.DOMINIK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HotKey_Driver\HotKeyDriver.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Korisnik.DOMINIK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik.DOMINIK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik.DOMINIK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik.DOMINIK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Documents and Settings\Korisnik.DOMINIK\Desktop\123\123.exe
c:\program files\common files\mozilla shared\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66010
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66010
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66010
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66010
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.yieldmanager.com/imp?z=0&Z=0x0&s=336433&y=23&w=800&h=600&t=3
O2 - BHO: (no name) - {0152B1EF-0E03-4608-B79F-C8B83338F010} - C:\WINDOWS\system32\cuankygj.dll
O2 - BHO: (no name) - {01AF20DD-3FED-4D5A-8031-100412A07500} - C:\WINDOWS\system32\cuankygj.dll
O2 - BHO: (no name) - {029B8678-B6AA-437F-BDF3-540B3D05A1F9} - C:\WINDOWS\system32\cuankygj.dll
O2 - BHO: (no name) - {02A563DF-0E03-4608-B79F-C8B83338F010} - C:\WINDOWS\system32\cuankygj.dll
O2 - BHO: (no name) - {05370CF1-B6AA-437F-BDF3-540B3D05A1F9} - C:\WINDOWS\system32\cuankygj.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5DDF9771-0FF2-404D-8573-CB98B3944C73} - c:\windows\system32\hbbxpgx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Pomoc za prijavu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Wallpaper] C:\Documents and Settings\Korisnik\Wallpaper.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Drive Store.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows UDP Control Center] fxsteller.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Korisnik.DOMINIK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: HotKeyDriver.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Stavi na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Stavi na blog u Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193146906625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193146891171
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-0e82aff54f3f05f5.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABC2D5F2-D872-4357-959E-663A02D87DDF}: NameServer = 85.114.32.7,85.114.32.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\dx7vb32.dll,,C:\WINDOWS\System 32\divx32.dll
O20 - Winlogon Notify: 18dd9f6e530 - C:\WINDOWS\System32\dx7vb32.dll (file missing)
O20 - Winlogon Notify: 18dd9f6e548 - C:\WINDOWS\System32\divx32.dll (file missing)
O20 - Winlogon Notify: ebimxpew - C:\WINDOWS\SYSTEM32\hbbxpgx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12345 bytes

dobrota
29.03.2009., 13:53
C:\WINDOWS\fxsteller.exe
O2 - BHO: (no name) - {0152B1EF-0E03-4608-B79F-C8B83338F010} - C:\WINDOWS\system32\cuankygj.dll
O2 - BHO: (no name) - {01AF20DD-3FED-4D5A-8031-100412A07500} - C:\WINDOWS\system32\cuankygj.dll
O2 - BHO: (no name) - {029B8678-B6AA-437F-BDF3-540B3D05A1F9} - C:\WINDOWS\system32\cuankygj.dll
O2 - BHO: (no name) - {02A563DF-0E03-4608-B79F-C8B83338F010} - C:\WINDOWS\system32\cuankygj.dll
O2 - BHO: (no name) - {05370CF1-B6AA-437F-BDF3-540B3D05A1F9} - C:\WINDOWS\system32\cuankygj.dll
O2 - BHO: (no name) - {5DDF9771-0FF2-404D-8573-CB98B3944C73} - c:\windows\system32\hbbxpgx.dll
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [Windows UDP Control Center] fxsteller.exe
O20 - AppInit_DLLs: C:\WINDOWS\System32\dx7vb32.dll,,C:\WINDOWS\System 32\divx32.dll
O20 - Winlogon Notify: 18dd9f6e530 - C:\WINDOWS\System32\dx7vb32.dll (file missing)
O20 - Winlogon Notify: 18dd9f6e548 - C:\WINDOWS\System32\divx32.dll (file missing)
O20 - Winlogon Notify: ebimxpew - C:\WINDOWS\SYSTEM32\hbbxpgx.dll


zatvori web preglednik, ponovo pokreni hijackthis...pronađi ovo gore i klik na fixthis

sa ove stranice skini combofix, već preimenovan
http://rapidshare.com/files/214920556/bistric.rar.html
-combofix spremi na desktop
-antivirus stavi na disable
-fizički se isključi sa interneta
-zatvori sve otvorene prozore
-pokreni combofix...dok traje scan, ne diraj miš ni tipkovnicu
-kada combofix završi,izbacit će combofix. log...taj log upload na rapidshare, pa link postaj ode na forum

bistric
29.03.2009., 14:11
isla sam s hitjackthis i fixala ono sto si mi naveo/la...ali ovo čudo: C:\WINDOWS\fxsteller.exe ne mogu naći tamo na tom popisu, nego samo u onom što mi izbaci u notepadu. To tako treba bili ili ja nešto krivo radim? :confused:

dobrota
29.03.2009., 14:23
ok...nemoj se puno zamarat sa tim...sada skini ako nisi do sad onaj combofix, obavezno ga spremi na desktop...i pokreni scan
kada završi scan...combolog postaj na forum, pa ćemo dalje :)

Flipi
29.03.2009., 14:32
Log se nalazi na C:/Combofix.txt
Kopiraj ga i daj da pregledam.

Combofix nije nikakav čarobni štapić koji sve riješava samim tim što si ga pokrenuo. Potrebno je pregledati log, pa napisati skriptu kojom će se dovršiti čišćenje.

ComboFix 09-03-28.06 - Name Name 2009-03-29 11:25:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.69 [GMT 2:00]
Running from: C:\Documents and Settings\Name Name\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\IE4 Error Log.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DEFAULTLIB
-------\Legacy_NETMANTOW
-------\Legacy_SOFTYINFORWOW1
-------\Service_defaultlib
-------\Service_netmantow
-------\Service_softyinforwow1


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-27 23:27 . 2009-03-27 23:27 <DIR> d-------- C:\Program Files\ESET
2009-03-27 22:49 . 2009-03-27 22:49 <DIR> d-------- C:\Documents and Settings\Name Name\Application Data\Ashampoo
2009-03-26 21:24 . 2009-03-26 21:24 <DIR> d-------- C:\Documents and Settings\Administrator.NAME-5C7093EBB5\Application Data\Ashampoo
2009-03-26 21:24 . 2009-03-26 21:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2009-03-26 21:22 . 2009-03-26 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2009-03-26 21:19 . 2009-03-26 21:19 <DIR> d-------- C:\Program Files\Trend Micro
2009-03-26 21:16 . 2009-03-26 21:17 <DIR> d-------- C:\Program Files\Error Repair Professional
2009-03-26 11:34 . 2009-03-26 11:35 <DIR> d-------- C:\Program Files\Opera
2009-03-26 11:34 . 2009-03-26 11:34 <DIR> d-------- C:\Program Files\Common Files\Java
2009-03-26 11:00 . 2009-03-26 11:00 <DIR> d-------- C:\Documents and Settings\Administrator.NAME-5C7093EBB5
2009-03-26 00:34 . 2009-03-26 00:34 <DIR> d-------- C:\Documents and Settings\Administrator
2009-03-08 12:11 . 2009-03-29 11:01 <DIR> d-------- C:\Documents and Settings\Name Name\Application Data\skypePM
2009-03-08 12:11 . 2009-03-08 12:11 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2009-03-08 12:10 . 2009-03-29 11:31 <DIR> d-------- C:\Documents and Settings\Name Name\Application Data\Skype
2009-03-08 12:09 . 2009-03-08 12:09 <DIR> d-------- C:\Program Files\Skype
2009-03-08 12:09 . 2009-03-08 12:09 <DIR> d-------- C:\Program Files\Common Files\Skype
2009-03-08 12:09 . 2009-03-08 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-29 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2009-03-29 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-26 19:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-26 18:59 --------- d-----w C:\Documents and Settings\Name Name\Application Data\BitTorrent
2009-03-26 09:35 --------- d-----w C:\Program Files\Java
2009-03-17 14:15 --------- d-----w C:\Documents and Settings\Name Name\Application Data\LimeWire
2009-03-14 15:20 --------- d-----w C:\Program Files\Common Files\Adobe
2009-02-23 23:43 --------- d-----w C:\Program Files\Common Files\L&H
2009-02-23 23:42 --------- d-----w C:\Program Files\Microsoft.NET
2009-02-23 23:42 --------- d-----w C:\Program Files\Microsoft ActiveSync
2009-02-23 23:41 --------- d-----w C:\Program Files\Microsoft Works
2009-02-16 20:38 410,984 ----a-w C:\WINDOWS\system32\deploytk.dll
2009-02-15 13:27 --------- d-----w C:\Program Files\DivX
2009-02-09 11:13 1,846,784 ----a-w C:\WINDOWS\system32\win32k.sys
2009-02-08 20:31 --------- d-----w C:\Documents and Settings\Name Name\Application Data\Sony Corporation
2009-02-08 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-02-08 20:27 --------- d-----w C:\Program Files\Sony Corporation
2009-02-08 20:27 --------- d-----w C:\Program Files\Sony
2009-02-08 20:27 --------- d-----w C:\Program Files\Common Files\Sony Shared
2009-02-08 20:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2009-02-08 20:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2009-02-08 10:28 --------- d-----w C:\Program Files\LimeWire
2009-02-06 13:24 93,336 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2009-02-06 13:23 106,208 ----a-w C:\WINDOWS\system32\drivers\ehdrv.sys
2009-02-06 13:19 113,448 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2009-02-01 00:43 --------- d-----w C:\Documents and Settings\Name Name\Application Data\DNA
2009-01-31 21:55 --------- d-----w C:\Program Files\DNA
2009-01-31 21:55 --------- d-----w C:\Program Files\BitTorrent
2009-01-31 19:55 --------- d-----w C:\Program Files\Realtek AC97
2009-01-31 13:42 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-01-31 13:42 --------- d-----w C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-01-31 13:42 --------- d-----w C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-31 13:42 --------- d-----w C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-01-29 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2009-01-29 20:14 --------- d-----w C:\Program Files\microsoft frontpage
2002-11-19 15:01 28,672 ----a-w C:\Program Files\opera\program\plugins\PlugDef.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 02:12 1695232]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-11-18 17:31 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 03:36 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-02-16 22:38 148888]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 18:10 35696]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 15:23 2021400]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 16:08 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [2009-02-06 15:23:18 106208]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfw tdir.sys [2009-02-06 15:24:24 93336]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 15:23:36 727720]
R3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\drivers\NtApm.sys [2009-01-29 23:02:00 9344]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
eq2soft
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RegistryMechanic - C:\Program Files\Registry Mechanic\RegMech.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {34A6BD14-FD9A-4D77-A3CA-78C763613688} = 195.29.149.197 195.29.166.117
.

bistric
29.03.2009., 14:48
ok...nemoj se puno zamarat sa tim...sada skini ako nisi do sad onaj combofix, obavezno ga spremi na desktop...i pokreni scan
kada završi scan...combolog postaj na forum, pa ćemo dalje :)

log sam uploadala na rapidshare: http://rapidshare.com/files/214941957/ComboFix.txt.html

jocker
29.03.2009., 14:48
ComboFix 09-03-28.06 - Name Name 2009-03-29 11:25:57.1 - NTFSx86
.

@Flipi...

Log nije kompletan. Potreban mi je cijeli log.

Kopiraj cijeli log, od prvog do zadnjeg slova.

Ako u logu imaš samo ovo što si kopirao (a trebalo bi biti još toga) onda ponovi skeniranje pa mi daj novi log.

dobrota
29.03.2009., 15:27
log sam uploadala na rapidshare: http://rapidshare.com/files/214941957/ComboFix.txt.html

otvori notepad, ovo kopiraj u notepad

File::

c:\windows\system32\cuankygj.dll
c:\windows\system32\hbbxpgx.dll
c:\windows\fxsteller.exe
c:\windows\system32\deploytk.dll
c:\windows\system32\NetworkService32
c:\windows\system32\97.tmp
c:\windows\system32\92.tmp
c:\windows\system32\90.tmp
c:\windows\WLXPGSS.SCR
c:\program files\captcha.dll
c:\windows\wmev.exe
c:\documents and settings\zoran\Application Data\ticqpnko
c:\windows\QTFont.qfn
c:\windows\QTFont.for
c:\documents and settings\NetworkService\Application Data\ticqpnko
c:\documents and settings\Korisnik.DOMINIK\Application Data\ticqpnko


Folder::

C:\32788R22FWJFW

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DDF9771-0FF2-404D-8573-CB98B3944C73}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Captcha]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Captcha5]


spremi kao CFScript.txt
ovu skriptu uvuci sa mišem u combofix.exe
http://i42.tinypic.com/k9ytyg.jpg

prije nego uvučeš skriptu, opet antivirus na disable, i sve isto kao na početku...
kada završi combolog opet postaj..

nakon toga skini ATF cleaner http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25

sve označi i klik na clean

skini malwarebytes http://malwarebytes.org/

napravi update, pa full scan...kada završi , postaj malwarebytes log na forum

bistric
29.03.2009., 15:54
ComboFix 09-03-28.06 - Korisnik 2009-03-29 16:35:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.502.184 [GMT 2:00]
Running from: c:\documents and settings\Korisnik.DOMINIK\Desktop\bistric.exe
Command switches used :: c:\documents and settings\Korisnik.DOMINIK\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\documents and settings\Korisnik.DOMINIK\Application Data\ticqpnko
c:\documents and settings\NetworkService\Application Data\ticqpnko
c:\documents and settings\zoran\Application Data\ticqpnko
c:\program files\captcha.dll
c:\windows\fxsteller.exe
c:\windows\QTFont.for
c:\windows\QTFont.qfn
c:\windows\system32\90.tmp
c:\windows\system32\92.tmp
c:\windows\system32\97.tmp
c:\windows\system32\cuankygj.dll
c:\windows\system32\deploytk.dll
c:\windows\system32\hbbxpgx.dll
c:\windows\system32\NetworkService32
c:\windows\WLXPGSS.SCR
c:\windows\wmev.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\captcha.dll
c:\windows\fxsteller.exe
c:\windows\QTFont.for
c:\windows\QTFont.qfn
c:\windows\system32\90.tmp
c:\windows\system32\92.tmp
c:\windows\system32\97.tmp
c:\windows\system32\deploytk.dll
c:\windows\WLXPGSS.SCR
c:\windows\wmev.exe
c:\windows\system32\cuankygj.dll . . . . failed to delete
c:\windows\system32\hbbxpgx.dll . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-29 14:28 . 2009-03-29 14:28 <DIR> d-------- c:\documents and settings\Korisnik.DOMINIK\Application Data\ticqpnko
2009-03-29 14:21 . 2009-03-29 14:21 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\ticqpnko
2009-03-27 20:47 . 2009-03-27 20:49 <DIR> d-------- c:\program files\HISC
2009-03-27 20:47 . 2009-03-27 20:47 <DIR> d-------- c:\documents and settings\KORISN~1~DOM\LOCALS~1
2009-03-27 20:47 . 2009-03-27 20:47 <DIR> d-------- c:\documents and settings\KORISN~1~DOM
2009-03-24 15:29 . 2009-03-24 15:30 <DIR> d-------- c:\documents and settings\Korisnik.DOMINIK\Application Data\Media Player Classic
2009-03-22 11:59 . 2009-03-29 00:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-03-22 11:59 . 2009-03-29 00:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-03-22 11:58 . 2009-03-22 11:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-03-21 15:42 . 2009-03-21 15:43 <DIR> d--hs---- c:\windows\system32\NetworkService32
2009-03-21 00:25 . 2009-03-21 00:25 41,808 --a------ c:\windows\system32\xfcodec.dll
2009-03-13 23:05 . 2009-03-13 23:05 <DIR> d-------- c:\documents and settings\Korisnik.DOMINIK\Application Data\CyberLink
2009-03-09 23:42 . 2009-03-09 23:42 <DIR> d-------- c:\program files\Lame for Audacity
2009-03-09 02:59 . 2009-03-09 02:59 <DIR> d-------- c:\documents and settings\zoran\Application Data\ticqpnko
2009-03-06 10:43 . 2009-03-06 10:43 <DIR> d-------- c:\documents and settings\Korisnik.DOMINIK\Phone Browser
2009-03-06 01:52 . 2009-03-06 10:44 <DIR> d-------- c:\documents and settings\Korisnik.DOMINIK\Application Data\Nokia
2009-03-06 01:11 . 2009-03-06 01:38 <DIR> d-------- c:\program files\Soulseek
2009-03-06 00:57 . 2009-03-06 01:10 <DIR> d-------- c:\program files\SoulseekNS
2009-03-06 00:57 . 2009-03-06 00:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Soulseek
2009-03-05 22:34 . 2009-03-05 22:34 <DIR> d--h----- c:\documents and settings\Korisnik.DOMINIK\InstallAnywhere
2009-03-05 10:23 . 2009-03-05 10:23 397,924 --a------ c:\documents and settings\Korisnik.DOMINIK\dat
2009-03-01 22:11 . 2009-03-27 11:19 <DIR> d-------- c:\documents and settings\Korisnik.DOMINIK\Application Data\MiniLyrics
2009-03-01 21:26 . 2009-03-29 16:44 <DIR> d-------- c:\documents and settings\Korisnik.DOMINIK\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-29 14:44 --------- d-----w c:\documents and settings\Korisnik.DOMINIK\Application Data\Hamachi
2009-03-29 13:39 --------- d-----w c:\documents and settings\Korisnik.DOMINIK\Application Data\Xfire
2009-03-27 08:44 --------- d-----w c:\program files\Xfire
2009-03-25 21:18 --------- d-----w c:\program files\Java
2009-03-24 09:51 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-22 12:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-22 12:07 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-22 11:31 --------- d-----w c:\documents and settings\All Users\Application Data\Roam Program Comp About
2009-03-22 11:30 --------- d-----w c:\documents and settings\All Users\Application Data\Defy User Funk Acid
2009-03-22 09:57 --------- d-----w c:\program files\Crawler
2009-03-09 00:45 --------- d-----w c:\documents and settings\zoran\Application Data\Hamachi
2009-03-07 11:18 --------- d-----w c:\documents and settings\Korisnik.DOMINIK\Application Data\AdobeUM
2009-03-06 18:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-02 21:35 --------- d-----w c:\documents and settings\zoran\Application Data\MiniLyrics
2009-02-28 08:29 --------- d-----w c:\documents and settings\Korisnik.DOMINIK\Application Data\Dvd Heart Bend
2009-02-28 08:23 --------- d-----w c:\documents and settings\Korisnik.DOMINIK\Application Data\PC Suite
2009-02-27 19:25 --------- d-----w c:\documents and settings\Korisnik\Application Data\Xfire
2009-02-27 19:24 --------- d-----w c:\documents and settings\Korisnik\Application Data\Hamachi
2009-02-27 15:26 --------- d-----w c:\program files\Guitar Pro 5
2009-02-27 07:41 --------- d-----w c:\documents and settings\Korisnik\Application Data\ticqpnko
2009-02-21 08:17 --------- d-----w c:\program files\Windows Live
2009-02-18 11:21 --------- d-----w c:\documents and settings\Korisnik\Application Data\uTorrent
2009-02-17 15:43 --------- d-----w c:\documents and settings\Korisnik\Application Data\LimeWire
2009-02-17 14:31 --------- d-----w c:\documents and settings\Korisnik\Application Data\AdobeUM
2009-02-17 14:06 --------- d-----w c:\documents and settings\Korisnik\Application Data\MiniLyrics
2009-02-13 22:35 --------- d-----w c:\documents and settings\NetworkService\Application Data\Xfire
2009-02-09 18:01 --------- d-----w c:\program files\Hamachi
2009-02-09 18:00 10,578 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-02-07 20:36 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-02-07 11:32 --------- d-----w c:\program files\Audacity
2009-02-06 17:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-06 16:58 --------- d-----w c:\documents and settings\Korisnik\Application Data\Dvd Heart Bend
2009-02-06 16:56 --------- d-----w c:\program files\Dvd Heart Bend
2009-02-06 16:55 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-06 13:32 --------- d-----w c:\program files\AP Tuner
2008-08-10 08:57 15,452,536 -c--a-w c:\program files\IE7-WindowsXP-x86-enu.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-03-29_15.41.48.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-29 11:16:57 63,700 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-29 13:39:24 63,700 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-29 11:16:57 404,480 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-29 13:39:24 404,480 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DDF9771-0FF2-404D-8573-CB98B3944C73}]
2009-03-29 15:34 105472 --a------ c:\windows\system32\hbbxpgx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\Korisnik.DOMINIK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-28 133104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"KTPWare"="c:\program files\Elantech\ktp.exe" [2005-10-27 512000]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb1 0.exe" [2005-07-23 172032]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Comp about extra bin"="c:\documents and settings\All Users\Application Data\Roam Program Comp About\Drive Store.exe" [2009-03-29 804864]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 148888]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 c:\windows\RTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\Korisnik\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-03-21 3025232]

c:\documents and settings\Korisnik.DOMINIK\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-09-18 147456]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-03-21 3025232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-02-09 511488]
HotKeyDriver.lnk - c:\program files\HotKey_Driver\HotKeyDriver.exe [2007-10-15 4239360]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]
--a------ 2006-04-25 11:59 73728 c:\windows\BisonCam\BisonHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonTrayIcon]
--a------ 2005-09-05 16:51 45056 c:\windows\BisonCam\BisonTrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 hjqlayeg;hjqlayeg;c:\windows\system32\drivers\hjql ayeg.sys [2001-08-23 23424]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [2009-01-08 55152]
R2 fsssvc;Windows Live Obiteljska sigurnost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 Ktp;Elantech Touchpad;c:\windows\system32\drivers\Ktp.sys [2007-10-15 27520]

--- Other Services/Drivers In Memory ---

*Deregistered* - PnkBstrA
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasAuto
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - SeaPort
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - ServiceLayer
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - upnphost
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-03-29 c:\windows\Tasks\A54814FD919391F5.job
- c:\docume~1\korisnik\applic~1\dvdhea~1\Corn Poll The.exe [2009-02-06 18:58]

2009-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-682003330-1801674531-1003.job
- c:\documents and settings\Korisnik.DOMINIK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-28 17:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Connection Wizard,ShellNext = hxxp://ad.yieldmanager.com/imp?z=0&Z=0x0&s=336433&y=23&w=800&h=600&t=3
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {ABC2D5F2-D872-4357-959E-663A02D87DDF} = 85.114.32.7,85.114.32.8
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Korisnik.DOMINIK\Application Data\Mozilla\Firefox\Profiles\ndeop3te.default\
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 16:41:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\QTFont.for 1409 bytes
c:\windows\QTFont.qfn 54156 bytes

scan completed successfully
hidden files: 2

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c cEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S AVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S NDSrvc]
"ImagePath"="-"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\rundll32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\hpcoretech\comp\hpdarc.exe
.
************************************************** ************************
.
Completion time: 2009-03-29 16:51:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-29 14:51:26
ComboFix2.txt 2009-03-29 13:43:23

Pre-Run: 4.856.651.776 bytes free
Post-Run: 4,829,925,376 bytes free

279 --- E O F --- 2008-11-08 09:12:46


_____________________________________

sad idem skinuti ATF

bistric
29.03.2009., 16:01
skinula sam ATF, ali mi ne mogu naći gumb Clean.... mislis mozda na ono Empty Selected?

dobrota
29.03.2009., 16:02
skinula sam ATF, ali mi ne mogu naći gumb Clean.... mislis mozda na ono Empty Selected?

da,nakon toga malwarebytes pokreni

Flipi
29.03.2009., 16:20
ComboFix 09-03-28.06 - Name Name 2009-03-29 17:12:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.130 [GMT 2:00]
Running from: c:\documents and settings\Name Name\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
.
---- Previous Run -------
.
c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DEFAULTLIB
-------\Legacy_NETMANTOW
-------\Legacy_SOFTYINFORWOW1
-------\Service_defaultlib
-------\Service_netmantow
-------\Service_softyinforwow1


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-29 17:10 . 2009-03-29 17:11 <DIR> d-------- C:\32788R22FWJFW
2009-03-27 23:27 . 2009-03-27 23:27 <DIR> d-------- c:\program files\ESET
2009-03-27 22:49 . 2009-03-27 22:49 <DIR> d-------- c:\documents and settings\Name Name\Application Data\Ashampoo
2009-03-26 21:24 . 2009-03-26 21:24 <DIR> d-------- c:\documents and settings\Administrator.NAME-5C7093EBB5\Application Data\Ashampoo
2009-03-26 21:24 . 2009-03-26 21:24 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-26 21:22 . 2009-03-26 21:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2009-03-26 21:19 . 2009-03-26 21:19 <DIR> d-------- c:\program files\Trend Micro
2009-03-26 21:16 . 2009-03-26 21:17 <DIR> d-------- c:\program files\Error Repair Professional
2009-03-26 11:34 . 2009-03-26 11:35 <DIR> d-------- c:\program files\Opera
2009-03-26 11:34 . 2009-03-26 11:34 <DIR> d-------- c:\program files\Common Files\Java
2009-03-26 11:00 . 2009-03-26 11:00 <DIR> d-------- c:\documents and settings\Administrator.NAME-5C7093EBB5
2009-03-26 00:34 . 2009-03-26 00:34 <DIR> d-------- c:\documents and settings\Administrator
2009-03-08 12:11 . 2009-03-29 11:01 <DIR> d-------- c:\documents and settings\Name Name\Application Data\skypePM
2009-03-08 12:11 . 2009-03-08 12:11 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-08 12:10 . 2009-03-29 11:31 <DIR> d-------- c:\documents and settings\Name Name\Application Data\Skype
2009-03-08 12:09 . 2009-03-08 12:09 <DIR> d-------- c:\program files\Skype
2009-03-08 12:09 . 2009-03-08 12:09 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-08 12:09 . 2009-03-08 12:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-29 09:13 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 09:13 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-26 19:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-26 18:59 --------- d-----w c:\documents and settings\Name Name\Application Data\BitTorrent
2009-03-26 09:35 --------- d-----w c:\program files\Java
2009-03-17 14:15 --------- d-----w c:\documents and settings\Name Name\Application Data\LimeWire
2009-03-14 15:20 --------- d-----w c:\program files\Common Files\Adobe
2009-02-23 23:43 --------- d-----w c:\program files\Common Files\L&H
2009-02-23 23:42 --------- d-----w c:\program files\Microsoft.NET
2009-02-23 23:42 --------- d-----w c:\program files\Microsoft ActiveSync
2009-02-23 23:41 --------- d-----w c:\program files\Microsoft Works
2009-02-16 20:38 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-15 13:27 --------- d-----w c:\program files\DivX
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 20:31 --------- d-----w c:\documents and settings\Name Name\Application Data\Sony Corporation
2009-02-08 20:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 20:27 --------- d-----w c:\program files\Sony Corporation
2009-02-08 20:27 --------- d-----w c:\program files\Sony
2009-02-08 20:27 --------- d-----w c:\program files\Common Files\Sony Shared
2009-02-08 20:26 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-02-08 20:25 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-08 10:28 --------- d-----w c:\program files\LimeWire
2009-02-06 13:24 93,336 ----a-w c:\windows\system32\drivers\epfwtdir.sys
2009-02-06 13:23 106,208 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-02-06 13:19 113,448 ----a-w c:\windows\system32\drivers\eamon.sys
2009-02-01 00:43 --------- d-----w c:\documents and settings\Name Name\Application Data\DNA
2009-01-31 21:55 --------- d-----w c:\program files\DNA
2009-01-31 21:55 --------- d-----w c:\program files\BitTorrent
2009-01-31 19:55 --------- d-----w c:\program files\Realtek AC97
2009-01-31 13:42 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-31 13:42 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-31 13:42 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-31 13:42 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-29 20:35 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-01-29 20:14 --------- d-----w c:\program files\microsoft frontpage
2002-11-19 15:01 28,672 ----a-w c:\program files\opera\program\plugins\PlugDef.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [BU]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-16 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [2009-02-06 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2009-01-29 9344]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
eq2soft
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {34A6BD14-FD9A-4D77-A3CA-78C763613688} = 195.29.149.196 195.29.166.116
.
.
------- File Associations -------
.
txtfile="c:\windows\system32\notepad.exe" "%1"
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 17:14:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2009-03-29 17:16:18
ComboFix-quarantined-files.txt 2009-03-29 15:16:06

Pre-Run: 22,170,902,528 bytes free
Post-Run: 22,295,314,432 bytes free

141 --- E O F --- 2009-03-28 15:59:09

bistric
29.03.2009., 17:21
evo napokon ga je skenirao....čini mi se da nije dobro :ne zna:

Malwarebytes' Anti-Malware 1.35
Database version: 1915
Windows 5.1.2600 Service Pack 2

29.3.2009 18:20:43
mbam-log-2009-03-29 (18-20-32).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 176553
Time elapsed: 1 hour(s), 4 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5ddf9771-0ff2-404d-8573-cb98b3944c73} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5ddf9771-0ff2-404d-8573-cb98b3944c73} (Trojan.BHO.H) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\WINDOWS\system32\813686 (Trojan.BHO) -> No action taken.

Files Infected:
c:\WINDOWS\system32\hbbxpgx.dll (Trojan.BHO.H) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll.vir (Adware.Zango) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\90.tmp.vir (Worm.P2P) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\92.tmp.vir (Worm.P2P) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\97.tmp.vir (Worm.P2P) -> No action taken.
C:\Documents and Settings\Korisnik\Application Data\Sun\Java\Deployment\cache\6.0\9\36e2bac9-6dd584a5 (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Metallica 4 ever\Desktop\Setup.exe (Adware.Zango) -> No action taken.
C:\WINDOWS\system32\install_flash_player.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\813686\813686.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\t55ft7466f44.dat (Trojan.KoobFace) -> No action taken.
C:\WINDOWS\system32\NetworkService32\67.crack.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\67.crack.zip. kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\68.keygen.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\68.keygen.zip .kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\69.serial.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\69.serial.zip .kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\70.setup.zip (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\70.setup.zip. kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\72.music.mp3 (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\72.music.mp3. kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\73.music.snd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\73.music.snd. kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\74.music.au (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\74.music.au.k wd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\75.music.wav (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\NetworkService32\75.music.wav. kwd (Worm.Archive) -> No action taken.

dobrota
29.03.2009., 17:33
jesi li obrisala odabrano ?

skini ovo http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

manual cure...u prazno polje kopiraj ovo, mora bit i točka kopirana

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);

QuarantineFile('c:\windows\system32\cuankygj.dll ', '');
QuarantineFile('c:\windows\QTFont.for ', '');
QuarantineFile('c:\windows\QTFont.qfn ', '');

QuarantineFile('c:\windows\system32\hbbxpgx.dll', '');
QuarantineFile('c:\documents and settings\KORISN~1~DOM\LOCALS~1
' ,'');
QuarantineFile('c:\documents and settings\KORISN~1~DOM
',' ');
QuarantineFolder('c:\documents and settings\Korisnik.DOMINIK\Application Data\ticqpnko
','');
QuarantineFolder('c:\documents and settings\NetworkService\Application Data\ticqpnko
' ,'');
QuarantineFolder('c:\documents and settings\zoran\Application Data\ticqpnko
','');
DeleteFile('c:\documents and settings\KORISN~1~DOM');
DeleteFile('c:\windows\system32\cuankygj.dll');
DeleteFile('c:\windows\QTFont.for');
DeleteFile('c:\windows\QTFont.qfn ');
DeleteFile('c:\windows\system32\hbbxpgx.dll');
DeleteFile('c:\documents and settings\KORISN~1~DOM\LOCALS~1');
DeleteFolder('c:\documents and settings\Korisnik.DOMINIK\Application Data\ticqpnko
','');
DeleteFolder('c:\documents and settings\NetworkService\Application Data\ticqpnko
' ,'');
DeleteFolder('c:\documents and settings\zoran\Application Data\ticqpnko
','');
DeleteFileMask('c:\Windows\Tasks\','At*.job',false );
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(1);
ExecuteRepair(6);
EcecuteRepair(7);
RebootWindows(true);
end.

http://i39.tinypic.com/347e0s2.jpg

kada kopiraš, klik na execute

-antivirus na disable, isključi se sa interneta...komp će napravit restart( to je normalno)
-kada se windowsi opet pokrenu....pokreni scan sa avp

jocker
29.03.2009., 17:36
ComboFix 09-03-28.06 - Name Name 2009-03-29 17:12:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.130 [GMT 2:00]
Running from: c:\documents and settings\Name Name\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)
.


@Flipi


1. Nemoj opet ostaviti uključen antivirus. Znači, prije nego što ovo ispod počneš, isključi Spybot Tea Timer i Nod32.


-------------------------------------------------------------------


Otvori Notepad i iskopiraj sav tekst unutar k0od polja: (mora biti Notepad, ne Wordpad)


Driver::
eq2soft

NetSvc::
eq2soft

Ova skripta je namijenjena samo za ovaj slučaj. Ne koristiti ju ni u jednom drugom slučaju!


- uvjeri se da ispred "File::" u kopiranom tekstu nema prazno mjesto
- klikni File > Save > Spremi u > Desktop
- pod naziv datoteke upiši CFScript.txt
- pod File type All files(*.*)


http://i43.tinypic.com/2i7bih2.gif


Prevuci spremljeni skript - tekst na ComboFix ikonicu kao na slici. To će ga automatski pokrenuti, ništa ne diraj.
Postavi u slijedećoj poruci log koji bude bio napravljen na kraju čišćenja - skeniranja.

bistric
29.03.2009., 18:18
@dobrota

dakle odem na manual pa na collect system information - i sto onda s tim prozorom? Da odem na actions, reports..nesto trece? :confused:

dobrota
29.03.2009., 18:28
@bistric

odi na manual cure....kopiraj ovo zadnje što sam napisa u prazan prostor...antivirus stavi na disable...nakon toga klik na execute

taj colect system info ćemo kasnije..to sam slika jednom drugom forumašu :D

ovo kopiraj...uvjeri se da je i točka kopirana....pa ćemo dalje...:)

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);

QuarantineFile('c:\windows\system32\cuankygj.dll ', '');
QuarantineFile('c:\windows\QTFont.for ', '');
QuarantineFile('c:\windows\QTFont.qfn ', '');

QuarantineFile('c:\windows\system32\hbbxpgx.dll', '');
QuarantineFile('c:\documents and settings\KORISN~1~DOM\LOCALS~1
' ,'');
QuarantineFile('c:\documents and settings\KORISN~1~DOM
',' ');
QuarantineFolder('c:\documents and settings\Korisnik.DOMINIK\Application Data\ticqpnko
','');
QuarantineFolder('c:\documents and settings\NetworkService\Application Data\ticqpnko
' ,'');
QuarantineFolder('c:\documents and settings\zoran\Application Data\ticqpnko
','');
DeleteFile('c:\documents and settings\KORISN~1~DOM');
DeleteFile('c:\windows\system32\cuankygj.dll');
DeleteFile('c:\windows\QTFont.for');
DeleteFile('c:\windows\QTFont.qfn ');
DeleteFile('c:\windows\system32\hbbxpgx.dll');
DeleteFile('c:\documents and settings\KORISN~1~DOM\LOCALS~1');
DeleteFolder('c:\documents and settings\Korisnik.DOMINIK\Application Data\ticqpnko
','');
DeleteFolder('c:\documents and settings\NetworkService\Application Data\ticqpnko
' ,'');
DeleteFolder('c:\documents and settings\zoran\Application Data\ticqpnko
','');
DeleteFileMask('c:\Windows\Tasks\','At*.job',false );
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(1);
ExecuteRepair(6);
EcecuteRepair(7);
RebootWindows(true);
end.


nisi mi rekla,jesi li izbrisala ono što je malwarebytes pronašao ?

bistric
29.03.2009., 18:36
jesam...

ali mi sada kad kliknem execute--> <AVZ scan> failed? :confused:

ima tocku na kraju, jedno 4x puta sam probala i neće

dobrota
29.03.2009., 18:42
ok..sada pokreni tu scriptu klikom na execute,...nakon toga napravi scan sa avptool...

mora bit kopirano od begin do točke .

pa ćemo dalje,

nebi bilo loše da sve te crackove i keygene izbrišeš, a čini mi se i glazbu...sve je to zaraženo...
na pp mi napiši šta ti triba, pa i ćemo to riješit :)

ajde sad prvo tu scriptu, pa onda scan sa avp...dok budeš scanirala sa avp, antivirus stavi na disable

bistric
29.03.2009., 18:46
ok..sada pokreni tu scriptu klikom na execute,...nakon toga napravi scan sa avptool...

mora bit kopirano od begin do točke .



neće...opet javlja da je scan failed (s tim execute se radi skripta?:D)

dobrota
29.03.2009., 18:47
jesam...

ali mi sada kad kliknem execute--> <AVZ scan> failed? :confused:

ima tocku na kraju, jedno 4x puta sam probala i neće

opet probaj...mora ić..ako ne bude išlo probaj iz safe moda...

ili instaliraj team viewer da se spojim na tvoj komp...http://www.teamviewer.com/index.aspx

user i pass mi pošalji na pp...

dobrota
29.03.2009., 18:54
@bistric

pogledaj pp

posla sam ti svoj id i pass

Flipi
29.03.2009., 20:40
ComboFix 09-03-28.06 - Name Name 2009-03-29 21:26:29.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.146 [GMT 2:00]
Running from: c:\documents and settings\Name Name\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-27 23:27 . 2009-03-27 23:27 <DIR> d-------- c:\program files\ESET
2009-03-27 22:49 . 2009-03-27 22:49 <DIR> d-------- c:\documents and settings\Name Name\Application Data\Ashampoo
2009-03-26 21:24 . 2009-03-26 21:24 <DIR> d-------- c:\documents and settings\Administrator.NAME-5C7093EBB5\Application Data\Ashampoo
2009-03-26 21:24 . 2009-03-26 21:24 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-26 21:22 . 2009-03-26 21:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2009-03-26 21:19 . 2009-03-26 21:19 <DIR> d-------- c:\program files\Trend Micro
2009-03-26 21:16 . 2009-03-26 21:17 <DIR> d-------- c:\program files\Error Repair Professional
2009-03-26 11:34 . 2009-03-26 11:35 <DIR> d-------- c:\program files\Opera
2009-03-26 11:34 . 2009-03-26 11:34 <DIR> d-------- c:\program files\Common Files\Java
2009-03-26 11:00 . 2009-03-26 11:00 <DIR> d-------- c:\documents and settings\Administrator.NAME-5C7093EBB5
2009-03-26 00:34 . 2009-03-26 00:34 <DIR> d-------- c:\documents and settings\Administrator
2009-03-08 12:11 . 2009-03-29 11:01 <DIR> d-------- c:\documents and settings\Name Name\Application Data\skypePM
2009-03-08 12:11 . 2009-03-08 12:11 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-08 12:10 . 2009-03-29 11:31 <DIR> d-------- c:\documents and settings\Name Name\Application Data\Skype
2009-03-08 12:09 . 2009-03-08 12:09 <DIR> d-------- c:\program files\Skype
2009-03-08 12:09 . 2009-03-08 12:09 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-08 12:09 . 2009-03-08 12:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-29 09:13 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 09:13 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-26 19:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-26 18:59 --------- d-----w c:\documents and settings\Name Name\Application Data\BitTorrent
2009-03-26 09:35 --------- d-----w c:\program files\Java
2009-03-17 14:15 --------- d-----w c:\documents and settings\Name Name\Application Data\LimeWire
2009-03-14 15:20 --------- d-----w c:\program files\Common Files\Adobe
2009-02-23 23:43 --------- d-----w c:\program files\Common Files\L&H
2009-02-23 23:42 --------- d-----w c:\program files\Microsoft.NET
2009-02-23 23:42 --------- d-----w c:\program files\Microsoft ActiveSync
2009-02-23 23:41 --------- d-----w c:\program files\Microsoft Works
2009-02-16 20:38 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-15 13:27 --------- d-----w c:\program files\DivX
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 20:31 --------- d-----w c:\documents and settings\Name Name\Application Data\Sony Corporation
2009-02-08 20:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 20:27 --------- d-----w c:\program files\Sony Corporation
2009-02-08 20:27 --------- d-----w c:\program files\Sony
2009-02-08 20:27 --------- d-----w c:\program files\Common Files\Sony Shared
2009-02-08 20:26 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-02-08 20:25 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-08 10:28 --------- d-----w c:\program files\LimeWire
2009-02-06 13:24 93,336 ----a-w c:\windows\system32\drivers\epfwtdir.sys
2009-02-06 13:23 106,208 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-02-06 13:19 113,448 ----a-w c:\windows\system32\drivers\eamon.sys
2009-02-01 00:43 --------- d-----w c:\documents and settings\Name Name\Application Data\DNA
2009-01-31 21:55 --------- d-----w c:\program files\DNA
2009-01-31 21:55 --------- d-----w c:\program files\BitTorrent
2009-01-31 19:55 --------- d-----w c:\program files\Realtek AC97
2009-01-31 13:42 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-31 13:42 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-31 13:42 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-31 13:42 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-29 20:35 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-01-29 20:14 --------- d-----w c:\program files\microsoft frontpage
2002-11-19 15:01 28,672 ----a-w c:\program files\opera\program\plugins\PlugDef.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [BU]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-16 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [2009-02-06 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2009-01-29 9344]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
eq2soft
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {34A6BD14-FD9A-4D77-A3CA-78C763613688} = 195.29.149.197 195.29.166.117
.
.
------- File Associations -------
.
txtfile="c:\windows\system32\notepad.exe" "%1"
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 21:28:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2009-03-29 21:29:50
ComboFix-quarantined-files.txt 2009-03-29 19:29:43
ComboFix2.txt 2009-03-29 15:16:20

Pre-Run: 22.250.565.632 bytes free
Post-Run: 22,291,197,952 bytes free

125 --- E O F --- 2009-03-28 15:59:09

jocker
29.03.2009., 20:52
http://i39.tinypic.com/24xj85u.gif http://i39.tinypic.com/24xj85u.gif

Zašto ne radiš točno kako ti napišem. :rofl:

Nisi napravio skriptu kako je napisano. Kao da ga uopće nisi ni pokrenuo, isto je.

Evo ti gotova skripta
http://rapidshare.com/files/215066256/CFScript.txt.html

Skini ju na desktop, pa ju samo povuci mišem u Combofix ikonicu i ništa ne klikaj! Combofix će se sam pokrenuti. I daj novi log kad završi.

Flipi
29.03.2009., 22:07
ComboFix 09-03-28.06 - Name Name 2009-03-29 22:17:20.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.112 [GMT 2:00]
Running from: c:\documents and settings\Name Name\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Name Name\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EQ2SOFT
-------\Service_eq2soft


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-27 23:27 . 2009-03-27 23:27 <DIR> d-------- c:\program files\ESET
2009-03-27 22:49 . 2009-03-27 22:49 <DIR> d-------- c:\documents and settings\Name Name\Application Data\Ashampoo
2009-03-26 21:24 . 2009-03-26 21:24 <DIR> d-------- c:\documents and settings\Administrator.NAME-5C7093EBB5\Application Data\Ashampoo
2009-03-26 21:24 . 2009-03-26 21:24 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-26 21:22 . 2009-03-26 21:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2009-03-26 21:19 . 2009-03-26 21:19 <DIR> d-------- c:\program files\Trend Micro
2009-03-26 21:16 . 2009-03-26 21:17 <DIR> d-------- c:\program files\Error Repair Professional
2009-03-26 11:34 . 2009-03-26 11:35 <DIR> d-------- c:\program files\Opera
2009-03-26 11:34 . 2009-03-26 11:34 <DIR> d-------- c:\program files\Common Files\Java
2009-03-26 11:00 . 2009-03-26 11:00 <DIR> d-------- c:\documents and settings\Administrator.NAME-5C7093EBB5
2009-03-26 00:34 . 2009-03-26 00:34 <DIR> d-------- c:\documents and settings\Administrator
2009-03-08 12:11 . 2009-03-29 22:21 <DIR> d-------- c:\documents and settings\Name Name\Application Data\skypePM
2009-03-08 12:11 . 2009-03-08 12:11 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-08 12:10 . 2009-03-29 11:31 <DIR> d-------- c:\documents and settings\Name Name\Application Data\Skype
2009-03-08 12:09 . 2009-03-08 12:09 <DIR> d-------- c:\program files\Skype
2009-03-08 12:09 . 2009-03-08 12:09 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-08 12:09 . 2009-03-08 12:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-29 09:13 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 09:13 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-26 19:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-26 18:59 --------- d-----w c:\documents and settings\Name Name\Application Data\BitTorrent
2009-03-26 09:35 --------- d-----w c:\program files\Java
2009-03-17 14:15 --------- d-----w c:\documents and settings\Name Name\Application Data\LimeWire
2009-03-14 15:20 --------- d-----w c:\program files\Common Files\Adobe
2009-02-23 23:43 --------- d-----w c:\program files\Common Files\L&H
2009-02-23 23:42 --------- d-----w c:\program files\Microsoft.NET
2009-02-23 23:42 --------- d-----w c:\program files\Microsoft ActiveSync
2009-02-23 23:41 --------- d-----w c:\program files\Microsoft Works
2009-02-16 20:38 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-15 13:27 --------- d-----w c:\program files\DivX
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 20:31 --------- d-----w c:\documents and settings\Name Name\Application Data\Sony Corporation
2009-02-08 20:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 20:27 --------- d-----w c:\program files\Sony Corporation
2009-02-08 20:27 --------- d-----w c:\program files\Sony
2009-02-08 20:27 --------- d-----w c:\program files\Common Files\Sony Shared
2009-02-08 20:26 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-02-08 20:25 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-08 10:28 --------- d-----w c:\program files\LimeWire
2009-02-06 13:24 93,336 ----a-w c:\windows\system32\drivers\epfwtdir.sys
2009-02-06 13:23 106,208 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-02-06 13:19 113,448 ----a-w c:\windows\system32\drivers\eamon.sys
2009-02-01 00:43 --------- d-----w c:\documents and settings\Name Name\Application Data\DNA
2009-01-31 21:55 --------- d-----w c:\program files\DNA
2009-01-31 21:55 --------- d-----w c:\program files\BitTorrent
2009-01-31 19:55 --------- d-----w c:\program files\Realtek AC97
2009-01-31 13:42 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-31 13:42 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-31 13:42 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-31 13:42 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-29 20:35 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-01-29 20:14 --------- d-----w c:\program files\microsoft frontpage
2002-11-19 15:01 28,672 ----a-w c:\program files\opera\program\plugins\PlugDef.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-29_11.32.03.70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-29 20:21:57 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [BU]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-16 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [2009-02-06 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2009-01-29 9344]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 22:25:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-03-29 22:30:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-29 20:30:02
ComboFix2.txt 2009-03-29 19:29:51
ComboFix3.txt 2009-03-29 15:16:20

Pre-Run: 22.269.317.120 bytes free
Post-Run: 22,521,200,640 bytes free

139 --- E O F --- 2009-03-28 15:59:09

jocker
29.03.2009., 23:21
Koliko ja vidim, ovo bi trebalo biti sad čisto.

Napravi ovo:

Deinstalacija Combofixa


Start > Run > ComboFix /u > OK (između Combofix i /u je razmak, mora biti tako)

http://i43.tinypic.com/xp3b6o.jpg

Sačekaj da se postupak završi.

Ovaj postupak će deinstalirati ComboFix i obrisati njegove foldere (tek će sad biti završeno čišćenje)

Flipi
29.03.2009., 23:31
Koliko ja vidim, ovo bi trebalo biti sad čisto.

Napravi ovo:

Deinstalacija Combofixa


Start > Run > ComboFix /u > OK (između Combofix i /u je razmak, mora biti tako)

http://i43.tinypic.com/xp3b6o.jpg

Sačekaj da se postupak završi.

Ovaj postupak će deinstalirati ComboFix i obrisati njegove foldere (tek će sad biti završeno čišćenje)

Deinstalirao sam ga i sad ćemo vidjet

bistric
30.03.2009., 18:43
dakle, uz dobrotinu ogromnu pomoć riješili smo moj(e) problem(e)! :):):):cerek:

@dobrota
hvala jos jednom :)