Poslao: 22 Apr 2008 11:18
- doida
- Novi MyCity građanin
- Pridružio: 22 Apr 2008
- Poruke: 15
Logfile of HijackThis v1.99.1
Scan saved at 14:22:44, on 21.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MSEB\smss.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\ljiljar\Desktop\Terminator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R3 - URLSearchHook: SrchspHook Class - {22F86F33-9CBB-49a8-BB12-CDBE51B4C294} - C:\PROGRA~1\OCINS\srchsp.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush1.dll (file missing)
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Invoke Class - {42A3A616-FF3C-4713-A5C2-4F1B566CEF51} - C:\WINDOWS\system32\9fb1.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Browser Security Objects - {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\mcmRsJOnmJ.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PictureShow] "C:\Program Files\PictureShow\poco_tools.exe" -p PictureShow
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ò×Ȥ¹ºÎï - C:\Program Files\AD4All\link1\eachlink.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: N»CdR´NôRÖÉçÇr - {7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} - http://www.yiqilai.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: N×C¤asÎd - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=824 (file missing)
O9 - Extra 'Tools' menuitem: N×C¤asÎd - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=824 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A53B441B-F17B-44B8-B8B3-B59503493DB5}: NameServer =,,
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: 597EB - Unknown owner - C:\WINDOWS\system32\597EB.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ms_2fax - Unknown owner - C:\WINDOWS\system32\fb481.exe (file missing)
O23 - Service: Windows Management PrintSystem (spoo1sv) - Unknown owner - spoo1sv.exe (file missing)
O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing)
O23 - Service: N»CdR´NôRÖÖúEÖ (Yiqilai) - Unknown owner - C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe (file missing)
Molim za pomoć u vezi loga koji vam šaljem. Problem je preusmeravanje na www.7322.com adresu.
Poslao: 22 Apr 2008 15:05
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
Boga mi si se dobro zarazila.
Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.
Poslao: 22 Apr 2008 15:38
- doida
- Novi MyCity građanin
- Pridružio: 22 Apr 2008
- Poruke: 15
Nadam se da ćemo nešto uraditi.
ComboFix 08-04-20.5 - ljiljar 2008-04-22 15:21:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.164 [GMT 2:00]
Running from: C:\Documents and Settings\ljiljar\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\All Users\Application Data\microsoft\office\system
C:\Documents and Settings\All Users\Application Data\microsoft\office\system\finder.dll
C:\Documents and Settings\All Users\Application Data\microsoft\office\system\ntptdb.sys
C:\Documents and Settings\All Users\Application Data\microsoft\office\userdata
C:\Documents and Settings\All Users\Application Data\microsoft\office\userdata\ lottery.sina lottery
C:\Documents and Settings\All Users\Application Data\microsoft\office\userdata\_keepfile
C:\Documents and Settings\All Users\Application Data\microsoft\office\userdata\øÖ· sina
C:\Documents and Settings\All Users\Application Data\microsoft\office\userdata\eyword
C:\Documents and Settings\All Users\Application Data\microsoft\office\userdata\mcmRsJOnmJ.dll
C:\Documents and Settings\All Users\Application Data\microsoft\pctools
C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll
C:\Documents and Settings\All Users\Application Data\t
C:\Documents and Settings\All Users\Application Data\t\a2001.dat
C:\Documents and Settings\All Users\Application Data\t\b2001.dat
C:\Documents and Settings\All Users\Application Data\t\k2001.dat
C:\Documents and Settings\All Users\Application Data\t\p2001.dat
C:\Documents and Settings\All Users\Application Data\t\r2001.dat
C:\Documents and Settings\All Users\Application Data\td
C:\Documents and Settings\All Users\Application Data\td\a1003.dat
C:\Documents and Settings\All Users\Application Data\td\b1003.dat
C:\Documents and Settings\All Users\Application Data\td\k1003.dat
C:\Documents and Settings\All Users\Application Data\td\p1003.dat
C:\Documents and Settings\All Users\Application Data\td\r1003.dat
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\_inifid
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\_inimac
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\_loaderfiletime2
C:\Documents and Settings\ljiljar\Favorites\Ò»ÆðÀ´ÒôÀÖÉçÇø.url
C:\Documents and Settings\ljiljar\Favorites\4bb6~1.lnk
C:\Documents and Settings\ljiljar\icsetup.exe
C:\Documents and Settings\ljiljar\Local Settings\Temporary Internet Files\__utipkdzbjipgk
C:\Documents and Settings\ljiljar\Local Settings\Temporary Internet Files\_inifid
C:\Documents and Settings\ljiljar\Local Settings\Temporary Internet Files\_inifiletime3
C:\Documents and Settings\ljiljar\Local Settings\Temporary Internet Files\_inimac
C:\Documents and Settings\ljiljar\Local Settings\Temporary Internet Files\_loaderfiletime2
C:\Documents and Settings\ljiljar\Local Settings\Temporary Internet Files\_rtiwcitljgh3
C:\Documents and Settings\ljiljar\ravmonlog
C:\Program Files\ad4all
C:\Program Files\ad4all\Install.exe
C:\Program Files\ad4all\install.ini
C:\Program Files\ad4all\link1\eachlink.htm
C:\Program Files\ad4all\link1\eachlink.ico
C:\Program Files\ad4all\link1\ebaylink.ico
C:\Program Files\ad4all\link1\install.ini
C:\Program Files\ad4all\link1\Thumbs.db
C:\Program Files\Common Files\cpush
C:\Program Files\Common Files\cpush\Uninst.exe
C:\Program Files\OCINS
C:\Program Files\OCINS\ocinfo.dat
C:\Program Files\OCINS\srchsp.dll
C:\Program Files\Yiqilai
C:\Program Files\Yiqilai\html\default.html
C:\Program Files\Yiqilai\html\default.jpg
C:\Program Files\Yiqilai\html\mini.html
C:\Program Files\Yiqilai\wmp\_inifid
C:\Program Files\Yiqilai\wmp\_inimac
C:\Program Files\Yiqilai\wmp\_keepfile
C:\Program Files\Yiqilai\wmp\icon2.ico
C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\kav
2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-16 10:49 . 2008-04-22 15:25 2,048,288 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-16 10:49 . 2008-04-22 15:24 28,484 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-16 10:49 . 2008-04-22 15:25 20,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-16 10:49 . 2008-04-22 15:24 2,876 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-04-22 13:24 3,145,728 ---ha-w C:\Documents and Settings\ljiljar\NTUSER.DAT
2008-03-19 08:49 --------- d--h--w C:\Program Files\Zenographics
2008-03-19 08:49 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-05 11:00 --------- d-----w C:\Documents and Settings\ljiljar\Application Data\Wildfire
2007-11-09 11:15 212,291 ----a-w C:\Documents and Settings\ljiljar\sdd.exe
2007-09-14 15:27 188,416 ----a-w C:\Documents and Settings\ljiljar\tsp.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42A3A616-FF3C-4713-A5C2-4F1B566CEF51}]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"PictureShow"="C:\Program Files\PictureShow\poco_tools.exe" [2007-11-01 13:38 97616]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-04 22:05 344064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09 139367]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-05-30 15:38:51 118784]
"srhg"= rundll32 "C:\WINDOWS\Downlo~1\srhg.dll",Run
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"EnableFirewall"= 0 (0x0)
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\PictureShow\\poco_tools.exe"=
"C:\\Program Files\\PictureShow\\update.exe"=
"C:\\Program Files\\PictureShow\\PictureShow.exe"=
"17150:TCP"= 17150:TCP:NortonAV
"17938:TCP"= 17938:TCP:NortonAV
"15839:TCP"= 15839:TCP:NortonAV
"15416:TCP"= 15416:TCP:NortonAV
"16957:TCP"= 16957:TCP:NortonAV
"14103:TCP"= 14103:TCP:NortonAV
"18883:TCP"= 18883:TCP:NortonAV
"18284:TCP"= 18284:TCP:NortonAV
"12677:TCP"= 12677:TCP:NortonAV
"13044:TCP"= 13044:TCP:NortonAV
"16042:TCP"= 16042:TCP:NortonAV
"15202:TCP"= 15202:TCP:NortonAV
"18497:TCP"= 18497:TCP:NortonAV
"12454:TCP"= 12454:TCP:NortonAV
"14164:TCP"= 14164:TCP:NortonAV
"15087:TCP"= 15087:TCP:NortonAV
"15495:TCP"= 15495:TCP:NortonAV
"16515:TCP"= 16515:TCP:NortonAV
"18960:TCP"= 18960:TCP:NortonAV
"13052:TCP"= 13052:TCP:NortonAV
"12118:TCP"= 12118:TCP:NortonAV
"14698:TCP"= 14698:TCP:NortonAV
"16633:TCP"= 16633:TCP:NortonAV
S2 597EB;597EB;C:\WINDOWS\system32\597EB.exe [2008-02-21 12:01]
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-04-22 15:26:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
------------------------ Other Running Processes ------------------------
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Completion time: 2008-04-22 15:27:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 13:27:25
Pre-Run: 68,023,140,352 bytes free
Post-Run: 68,451,627,008 bytes free
199 --- E O F --- 2007-11-14 14:58:20
Poslao: 22 Apr 2008 17:33
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
Uploaduj sledece fajlove:
C:\Documents and Settings\ljiljar\sdd.exe
C:\Documents and Settings\ljiljar\tsp.exe
preko ovog linka:
[Link mogu videti samo ulogovani korisnici]
Poslao: 23 Apr 2008 09:06
- doida
- Novi MyCity građanin
- Pridružio: 22 Apr 2008
- Poruke: 15
Hvala na pomoći. I to sam završila. Izvinjavam se zbog kašnjenja, reč je o računaru na poslu pa me nema posle 16h.
Poslao: 23 Apr 2008 17:27
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
Otvoriti Notepad i iskopirati sledeci tekst:
C:\Documents and Settings\ljiljar\sdd.exe
C:\Documents and Settings\ljiljar\tsp.exe
C:\Program Files\PictureShow
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42A3A616-FF3C-4713-A5C2-4F1B566CEF51}]
"C:\\Program Files\\PictureShow\\poco_tools.exe"=-
"C:\\Program Files\\PictureShow\\update.exe"=-
"C:\\Program Files\\PictureShow\\PictureShow.exe"=-
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
Poslao: 24 Apr 2008 10:09
- doida
- Novi MyCity građanin
- Pridružio: 22 Apr 2008
- Poruke: 15
Evo, stiže novi log. Preusmeravanje je i dalje prisutno. Hvala na pomoći.
ComboFix 08-04-20.5 - ljiljar 2008-04-24 9:45:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.160 [GMT 2:00]
Running from: C:\Documents and Settings\ljiljar\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ljiljar\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
C:\Documents and Settings\ljiljar\sdd.exe
C:\Documents and Settings\ljiljar\tsp.exe
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\ljiljar\sdd.exe
C:\Documents and Settings\ljiljar\tsp.exe
C:\Program Files\PictureShow
C:\Program Files\PictureShow\config.ini
C:\Program Files\PictureShow\FileExt.inf
C:\Program Files\PictureShow\PictureShow.exe
C:\Program Files\PictureShow\poco_tools.exe
C:\Program Files\PictureShow\temp\script.ini
C:\Program Files\PictureShow\Uninstall.exe
C:\Program Files\PictureShow\update.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\kav
2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-16 10:49 . 2008-04-24 09:49 2,281,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-16 10:49 . 2008-04-24 09:47 31,604 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-16 10:49 . 2008-04-24 09:48 25,888 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-16 10:49 . 2008-04-24 09:47 3,452 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-04-24 07:47 3,145,728 ---ha-w C:\Documents and Settings\ljiljar\NTUSER.DAT
2008-03-19 08:49 --------- d--h--w C:\Program Files\Zenographics
2008-03-19 08:49 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-05 11:00 --------- d-----w C:\Documents and Settings\ljiljar\Application Data\Wildfire
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
- 2008-04-22 13:25:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-24 07:48:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-22 13:25:47 94,208 ---h--w C:\WINDOWS\system32\A7008.exe
+ 2008-04-24 06:15:35 94,208 ---h--w C:\WINDOWS\system32\A7008.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-04 22:05 344064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09 139367]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-05-30 15:38:51 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"EnableFirewall"= 0 (0x0)
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"17150:TCP"= 17150:TCP:NortonAV
"17938:TCP"= 17938:TCP:NortonAV
"15839:TCP"= 15839:TCP:NortonAV
"15416:TCP"= 15416:TCP:NortonAV
"16957:TCP"= 16957:TCP:NortonAV
"14103:TCP"= 14103:TCP:NortonAV
"18883:TCP"= 18883:TCP:NortonAV
"18284:TCP"= 18284:TCP:NortonAV
"12677:TCP"= 12677:TCP:NortonAV
"13044:TCP"= 13044:TCP:NortonAV
"16042:TCP"= 16042:TCP:NortonAV
"15202:TCP"= 15202:TCP:NortonAV
"18497:TCP"= 18497:TCP:NortonAV
"12454:TCP"= 12454:TCP:NortonAV
"14164:TCP"= 14164:TCP:NortonAV
"15087:TCP"= 15087:TCP:NortonAV
"15495:TCP"= 15495:TCP:NortonAV
"16515:TCP"= 16515:TCP:NortonAV
"18960:TCP"= 18960:TCP:NortonAV
"13052:TCP"= 13052:TCP:NortonAV
"12118:TCP"= 12118:TCP:NortonAV
"14698:TCP"= 14698:TCP:NortonAV
"16633:TCP"= 16633:TCP:NortonAV
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-04-24 09:49:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
------------------------ Other Running Processes ------------------------
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Completion time: 2008-04-24 9:50:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 07:50:23
ComboFix2.txt 2008-04-22 13:27:30
Pre-Run: 68,801,781,760 bytes free
Post-Run: 68,794,372,096 bytes free
131 --- E O F --- 2007-11-14 14:58:20
Poslao: 25 Apr 2008 17:20
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
Mozes li da das link na koji te preusmeri? Ili jos bolje, da postavis screenshot sajta na koji te prusmeri.
Poslao: 05 Maj 2008 15:23
- doida
- Novi MyCity građanin
- Pridružio: 22 Apr 2008
- Poruke: 15
[Link mogu videti samo ulogovani korisnici]
Izvinjavam se što se ranije nisam javljala, malo smo praznovali
Link je [Link mogu videti samo ulogovani korisnici] a lika ekrana se nalazi u prikačenom fajlu.
Hvala i pozdrav.
Poslao: 05 Maj 2008 22:04
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
Evo daljih uputstva:
Klikni Start dole levo.
Izaberi My Computer
Selektuj Tools meni i klikni na Folder Options.
Selektuj View na vrhu, unutar Hidden files and folders grupe selektuj Show hidden files and folders.
Skini kvacicu sa Hide protected operating system files (recommended)
Klikni YES
Klikni OK
Kad to uradis uploaduj mi sledeci fajl na proveru:
preko sledeceg linka:
[Link mogu videti samo ulogovani korisnici]
Kad i to zavrsis onda uradi ovo:
Skeniraj komp sa GMER-om i postavi log da proverimo da nema nekih rootkitova...
Uradi sledeće:
Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.
Dupli klik na gmer.exe za početak:
Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
Otvori Notepad, desni klik i Paste, sacuvaj log na Desktop i prikaci ga uz poruku na forum(opcija: prikaci fajl).