Problem sa virusom i msn-om

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:11 PM, on 1/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Professional §©®ÎÞt v.4 Black\mirc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\service.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
H:\WinXP\MaestrO\TR3.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [Windows Service] service.exe
O4 - HKLM\..\RunOnce: [Windows Service] service.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{465DEED7-8CBB-45D7-824F-5BD7B36EEC05}: NameServer = 10.5.0.100,10.5.0.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C696091-1C0A-4050-AB89-762BD310FF01}: NameServer = 10.5.0.100,10.5.0.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC3C6CFD-15B1-45CE-804E-6E46FB95401B}: NameServer = 192.168.0.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4155 bytes

na msn-u sam poceo slati ljudima neki link bla, bla..... to sam sam pokupio od drugarice, da li ima nesto u log-u?
i na fleshu sam nabaci neki virus autorun.inf.
nmod mi pokazuje svaki minut da je nasao zarazen fajla na flesu i kao da je fajl quarantinied.... ali opet izbacuje ludilo
upomoc F1, f1f1

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da li si na nekom sajtu unosio svoju MSN lozinku, a da to naravno nije sajt MSN-a?

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


-----------------------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ne to sa nodom sam radio alo gasim protekciju. nisam nigde unosio pass od msn-a.
isvadim fles pa ne javlja za virus

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Gasi ti nod i uradi kako se gore kaze.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-01-13.04 - Aleksandar 2009-01-15 21:23:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.583 [GMT 1:00]
Running from: c:\documents and settings\Aleksandar\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
c:\windows\admintxt.txt
c:\windows\service.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.

2009-01-14 21:16 . 2009-01-14 21:16 <DIR> d-------- C:\New Folder
2009-01-14 16:37 . 2009-01-14 16:37 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-14 16:31 . 2009-01-14 16:52 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-01-14 16:31 . 2008-07-28 12:29 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys
2009-01-14 16:31 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-01-14 16:31 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-01-14 16:31 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-01-14 16:31 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-01-14 16:30 . 2009-01-15 19:29 <DIR> d-------- c:\program files\Spyware Doctor
2009-01-14 16:30 . 2009-01-14 16:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-01-14 16:30 . 2009-01-14 16:30 <DIR> d-------- c:\documents and settings\Aleksandar\Application Data\PC Tools
2009-01-14 04:32 . 2009-01-14 04:32 <DIR> d-------- c:\documents and settings\Aleksandar\Application Data\URSoft
2009-01-14 04:31 . 2009-01-14 04:37 <DIR> d-------- c:\program files\Your Uninstaller 2008
2009-01-12 21:14 . 2009-01-12 21:14 <DIR> d-------- c:\windows\system32\scripting
2009-01-12 21:13 . 2009-01-12 21:13 <DIR> d-------- c:\windows\system32\bits
2009-01-12 21:05 . 2009-01-12 21:15 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-12 21:03 . 2008-04-14 05:42 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2009-01-12 20:53 . 2006-12-29 00:31 19,569 --a------ c:\windows\002876_.tmp
2009-01-12 20:52 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2009-01-12 02:56 . 2009-01-12 02:56 <DIR> d-------- c:\program files\Common Files\NSV
2009-01-11 22:20 . 2009-01-11 22:20 <DIR> d-------- c:\program files\TeamViewer
2009-01-11 22:20 . 2009-01-12 04:27 <DIR> d-------- c:\documents and settings\Aleksandar\Application Data\TeamViewer
2009-01-11 22:19 . 2009-01-11 22:19 <DIR> d-------- c:\documents and settings\Aleksandar\temp
2009-01-11 03:56 . 2009-01-15 20:32 <DIR> d-------- C:\Downloads
2009-01-11 03:51 . 2009-01-15 20:57 <DIR> d-------- c:\program files\FlashGet
2009-01-11 03:51 . 2004-08-04 13:00 359,040 --a------ c:\windows\system32\drivers\tcpip.sys.flg
2009-01-10 23:11 . 2009-01-12 23:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-01-10 22:38 . 2006-05-03 11:57 520,192 --------- c:\windows\system32\ati2sgag.exe
2009-01-10 22:37 . 2009-01-10 22:37 <DIR> d-------- c:\program files\ATI Technologies
2009-01-10 22:37 . 2009-01-10 22:37 <DIR> d-------- C:\ATI
2009-01-10 21:55 . 2009-01-10 21:55 <DIR> d-------- c:\program files\Windows Live
2009-01-10 21:55 . 2009-01-10 21:55 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-01-10 15:26 . 2009-01-10 15:26 <DIR> d-------- c:\program files\EA GAMES
2009-01-10 15:22 . 2009-01-10 15:22 <DIR> d-------- c:\program files\Lavalys
2009-01-07 23:58 . 2009-01-11 03:45 <DIR> d-------- c:\documents and settings\Aleksandar\Contacts
2009-01-07 23:35 . 2009-01-15 14:55 <DIR> d-------- c:\program files\Professional §©®ÎÞt v.4 Black
2009-01-07 23:30 . 2005-10-27 15:06 356,096 --a------ c:\windows\system32\drivers\rt61.sys
2009-01-07 23:30 . 2005-05-17 16:24 311,296 --a------ c:\windows\system32\AegisI5.exe
2009-01-07 23:30 . 2005-08-25 11:15 81,920 --a------ c:\windows\system32\Install6x.dll
2009-01-07 23:30 . 2005-08-26 23:38 8,192 --a------ c:\windows\system32\drivers\RT2661.bin
2009-01-07 23:30 . 2005-08-26 23:38 8,192 --a------ c:\windows\system32\drivers\RT2561s.bin
2009-01-07 23:30 . 2005-08-26 23:38 8,192 --a------ c:\windows\system32\drivers\RT2561.bin
2009-01-07 23:30 . 2005-06-16 00:30 162 --a------ c:\windows\filespec6x
2009-01-07 23:29 . 2009-01-07 23:29 <DIR> d-------- c:\program files\Gigabyte
2009-01-07 23:29 . 2009-01-07 23:29 20,747 --a------ c:\windows\system32\drivers\AegisP.sys
2009-01-07 20:39 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll
2009-01-07 20:39 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-07 20:39 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-01-05 20:11 . 2009-01-15 19:29 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-04 17:14 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-01-04 16:13 . 2009-01-04 16:13 <DIR> d-------- c:\program files\D-Tools
2009-01-04 16:13 . 2004-08-22 16:31 155,136 --a------ c:\windows\system32\drivers\d347bus.sys
2009-01-04 16:13 . 2004-08-22 16:31 5,248 --a------ c:\windows\system32\drivers\d347prt.sys
2009-01-04 16:12 . 2009-01-04 16:12 <DIR> d-------- c:\windows\Downloaded Installations
2009-01-03 00:27 . 2009-01-03 00:27 <DIR> d-------- C:\S3Graphics
2009-01-02 23:59 . 2009-01-07 20:43 <DIR> d-------- C:\simsons
2009-01-02 19:56 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-12-31 16:21 . 2008-12-31 16:21 268 --ah----- C:\sqmdata01.sqm
2008-12-31 16:21 . 2008-12-31 16:21 244 --ah----- C:\sqmnoopt01.sqm
2008-12-29 16:49 . 2008-12-29 16:49 0 --a------ c:\windows\nsreg.dat
2008-12-28 14:38 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2008-12-28 14:37 . 2008-12-28 14:37 <DIR> d-------- c:\documents and settings\Aleksandar\Application Data\ESET
2008-12-28 14:36 . 2008-12-28 14:36 <DIR> d-------- c:\program files\ESET
2008-12-28 14:36 . 2008-12-28 14:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-28 14:35 . 2008-12-28 14:35 268 --ah----- C:\sqmdata00.sqm
2008-12-28 14:35 . 2008-12-28 14:35 244 --ah----- C:\sqmnoopt00.sqm
2008-12-28 14:34 . 2008-12-28 14:34 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-12-28 14:34 . 2009-01-14 16:38 <DIR> d-------- c:\program files\MSN Messenger
2008-12-28 14:32 . 2008-12-28 14:32 <DIR> d-------- c:\program files\Winamp
2008-12-28 14:32 . 2008-12-28 14:36 <DIR> d-------- c:\documents and settings\Aleksandar\Application Data\Winamp
2008-12-28 14:31 . 2002-01-01 03:22 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-12-28 14:31 . 2004-10-14 08:33 2,024,448 --a------ c:\windows\system32\divx.dll
2008-12-27 22:36 . 2008-12-27 22:36 <DIR> d-------- c:\program files\AvRack
2008-12-27 22:36 . 2002-11-27 06:59 1,577,984 --a------ c:\windows\system32\ALSNDMGR.CPL
2008-12-27 22:36 . 2001-09-19 14:47 765,952 --a------ c:\windows\system\crlds3d.dll
2008-12-27 22:36 . 2002-11-27 07:46 730,700 --a------ c:\windows\system32\drivers\ALCXWDM.SYS
2008-12-27 22:36 . 2001-09-19 14:32 720,896 --a--c--- c:\windows\system32\dllcache\a3d.dll
2008-12-27 22:36 . 2001-09-19 14:47 720,896 --a------ c:\windows\system32\Audio3d.dll
2008-12-27 22:36 . 2001-09-19 14:32 720,896 --a------ c:\windows\system32\a3d.dll
2008-12-27 22:36 . 2002-10-21 06:33 208,896 --a------ c:\windows\alcupd.exe
2008-12-27 22:36 . 2002-02-05 06:54 141,016 --a------ c:\windows\system32\ALSNDMGR.WAV
2008-12-27 22:36 . 2002-10-17 05:54 131,072 --a------ c:\windows\alcrmv.exe
2008-12-27 22:36 . 2002-11-19 14:01 46,592 --a------ c:\windows\SOUNDMAN.EXE
2008-12-27 22:36 . 2001-07-05 17:19 164 --a------ c:\windows\avrack.ini
2008-12-27 22:34 . 2002-01-01 00:43 44 --a------ c:\windows\system32\msssc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 00:26 --------- d-----w c:\program files\Valve
2009-01-10 21:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-27 21:36 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-27 20:20 --------- d-----w c:\program files\S3
2008-12-27 19:41 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 05:42 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-11-19 14:01 46592 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTPreset]
--a------ 2004-02-24 20:17 45056 c:\windows\system32\VTPreset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Program Files\\Professional §©®ÎÞt v.4 Black\\mirc.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-01-14 160792]
R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-14 356920]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Supplementary Scan -------
.
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
TCP: {465DEED7-8CBB-45D7-824F-5BD7B36EEC05} = 10.5.0.100,10.5.0.200
TCP: {7C696091-1C0A-4050-AB89-762BD310FF01} = 10.5.0.100,10.5.0.200
TCP: {EC3C6CFD-15B1-45CE-804E-6E46FB95401B} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Aleksandar\Application Data\Mozilla\Firefox\Profiles\bxxmtu1l.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-01-15 21:25:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(856)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
Completion time: 2009-01-15 21:27:21
ComboFix-quarantined-files.txt 2009-01-15 20:27:18

Pre-Run: 3,865,313,280 bytes free
Post-Run: 3,887,116,288 bytes free

192

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Iskljuci Nod i Spyware Doctor i uradi sledece:

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

USBNoRisk by bobby

Started at 1/15/2009 10:09:26 PM

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
C: {6c9e7d84-d450-11dd-841e-806d6172696f}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for 6c9e7d84-d450-11dd-841e-806d6172696f
========================================

========================================



New device connected at 1/15/2009 10:09:37 PM

Scanning for connected USB mass storage...
----------------------------------------
H: {a91d4628-d453-11dd-8d59-0010dc71772e}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on H: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for a91d4628-d453-11dd-8d59-0010dc71772e
========================================

----------------------------------------

desktop.ini found on H:
----------------------------------------

Content of H:\Muzika\Laurent_Wolf_-_Come_on__Incl_David_Vendetta_Remix-Retail_Vinyl-2007\desktop.ini
----------------------------------------
[.ShellClassInfo]
FolderType=MusicAlbum
MusicBuyUrl=http://redir.metaservices.microsoft.com/redir/buynow/?providerName=AMG&albumID=311ADB5B-2476-49ED-9D6E-17F45AD29FB6&a_id=R%20%201384624&album=Wash%20My%20World&artistID=94DD00C3-24D9-4AC5-8978-A2A665F09DF4&p_id=P%20%20%20496435&artist=Laurent%20Wolf&locale=409&geoid=f4&version=11.0.6000.6344&userlocale=409
----------------------------------------

Files referenced from H:\Muzika\Laurent_Wolf_-_Come_on__Incl_David_Vendetta_Remix-Retail_Vinyl-2007\desktop.ini
----------------------------------------
None
----------------------------------------

========================================

========================================
Removed H:
========================================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sad stanje?

Trebalo bi da je OK.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

cini mi se da je ok.
Hvala na svemu.
ma ok je sada radi dobro.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradi jos ovo:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


I, mozda bi bilo dobro da promenis MSN lozinku.

Poz