MyCity » Ambulanta -> Arhiva Ambulante » explorer.exe i zarazen flesh

explorer.exe i zarazen flesh

Napisano na dan: 14.4.2009

explorer.exe i zarazen flesh

Sledeća strana

Pagination

Odgovori

nesho_15 Poslao: 14 Apr 2009 22:25 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 14 Apr 2009 22:23 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:18:43 PM, on 4/14/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\LClock\LClock.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\GIGABYTE\Common\GNConfig.exe C:\Documents and Settings\Nesho&Nedja\Application Data\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\internet\TR#\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: windows.pif = ? O4 - Global Startup: Empty.pif = ? O4 - Global Startup: Gigabyte Wireless Utility.lnk = C:\Program Files\GIGABYTE\Common\GNConfig.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{FB7D265C-DCA8-4336-931A-CF831CF175E3}: NameServer = 10.24.4.1 O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4664 bytes Avira mi stalno javlja da ima virus na sledecoj putanji C:\Documents and Settings\Nesho&Nedja\Application Data\explorer.exe i javlja jos neke viruse.takodje mi pri svakom podizanju sistema otvara my documencts.imam i flesh koji msm da je zarazen jer svaki put kad ga ubacim pravi u sebi folder My documents iz kompa. Dopuna: 14 Apr 2009 22:25 avira jos javlja i viruse u sledecim fajlovima Empty.pif i windows.pif

Profil

Piksi Poslao: 15 Apr 2009 04:40 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Pre svega, da ti napomenem nikako ne priključuješ zaraženi flash dok ne završimo sa procesom čišćenja, jer može doći do povratka infekcije. Flash ćemo na kraju da očistimo... 1. Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. 2. Skini ComboFix sa jedne od sledećih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojaviće se log (C:\ComboFix.txt) koji ćes nam ovde iskopirati.

Profil

nesho_15 Poslao: 15 Apr 2009 16:24 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 15 Apr 2009 9:03 ComboFix 09-04-15.08 - Nesho&Nedja 04/15/2009 8:57.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1659 [GMT 2:00] Running from: C:\ComboFix.exe AV: AntiVir Desktop On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . Error: Cfolders.dat ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Nesho&Nedja\Local Settings\Application Data\lsass.exe . ((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 ))))))))))))))))))))))))))))))) . 2009-04-15 06:55 . 2009-04-15 06:55 3009908 ----a-r C:\ComboFix.exe 2009-04-14 20:01 . 2009-04-14 20:01 -------- d--h--w c:\windows\PIF 2009-04-14 18:20 . 2009-04-14 18:20 -------- d-----w c:\windows\system32\xircom 2009-04-14 16:54 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-14 16:54 . 2009-04-14 16:54 -------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-04-14 16:36 . 2009-04-14 21:45 32 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-04-14 16:36 . 2009-04-14 21:45 32 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-04-14 16:36 . 2009-04-14 21:45 32 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-04-14 16:36 . 2009-04-14 21:45 32 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-14 16:17 . 2006-04-24 09:30 59392 ----a-w c:\documents and settings\Nesho&Nedja\Application Data\explorer.exe 2009-04-12 12:05 . 2009-04-12 12:05 26 ----a-w c:\windows\neosetup.INI 2009-04-12 12:05 . 2007-02-05 11:11 139264 ----a-w c:\windows\NeoUninstall.exe 2009-04-09 13:48 . 2009-04-09 13:48 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\ImTOO Software Studio 2009-04-09 13:43 . 2009-04-09 13:47 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\GetRightToGo 2009-03-29 08:25 . 2009-03-29 08:25 523142 ----a-w c:\windows\system32\PerfStringBackup.TMP 2009-03-20 21:09 . 2009-03-20 21:10 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\mIRC 2009-03-18 19:46 . 2009-03-18 19:46 -------- d-----w c:\windows\Sun . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-15 06:52 . 2009-02-14 11:14 -------- d-----w c:\program files\DNA 2009-04-15 06:52 . 2009-02-14 11:14 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\DNA 2009-04-14 18:20 . 2009-04-14 18:20 -------- d-----w c:\program files\microsoft frontpage 2009-04-14 16:54 . 2009-04-14 16:54 -------- d-----w c:\program files\Avira 2009-04-14 16:34 . 2009-02-14 09:38 -------- d-----w c:\program files\Unlocker 2009-04-14 16:26 . 2009-02-14 10:57 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-12 12:05 . 2009-04-12 12:05 -------- d-----w c:\program files\Neoact 2009-04-09 13:41 . 2009-04-09 13:40 -------- d-----w c:\program files\The KMPlayer 2009-04-08 11:55 . 2009-03-01 15:14 -------- d-----w c:\program files\Counter-Strike 1.6 2009-03-16 16:52 . 2009-02-14 10:09 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-16 16:45 . 2009-03-16 16:45 -------- d-----w c:\program files\Atari 2009-03-15 12:25 . 2009-03-15 12:25 268 ---ha-w C:\sqmdata03.sqm 2009-03-15 12:25 . 2009-03-15 12:25 244 ---ha-w C:\sqmnoopt04.sqm 2009-03-15 12:25 . 2009-03-15 12:25 244 ---ha-w C:\sqmnoopt03.sqm 2009-03-14 17:31 . 2009-03-01 12:43 -------- d-----w c:\program files\NitroFamily 2009-03-12 18:23 . 2009-03-12 18:23 268 ---ha-w C:\sqmdata02.sqm 2009-03-12 18:23 . 2009-03-12 18:23 244 ---ha-w C:\sqmnoopt02.sqm 2009-03-10 20:27 . 2009-03-10 20:27 268 ---ha-w C:\sqmdata01.sqm 2009-03-10 20:27 . 2009-03-10 20:27 244 ---ha-w C:\sqmnoopt01.sqm 2009-03-08 20:07 . 2009-02-14 14:24 -------- d-----w c:\program files\MSN Messenger 2009-03-08 16:01 . 2009-03-08 16:01 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles 2009-03-04 17:21 . 2009-03-04 17:18 -------- d-----w c:\program files\Cheatbook Database 2008 2009-03-02 22:35 . 2009-03-02 22:35 268 ---ha-w C:\sqmdata00.sqm 2009-03-02 22:35 . 2009-03-02 22:35 244 ---ha-w C:\sqmnoopt00.sqm 2009-02-28 13:55 . 2009-02-14 10:09 -------- d-----w c:\program files\Common Files\InstallShield 2009-02-27 21:21 . 2009-02-27 21:12 -------- d-----w c:\program files\SmileyPad 2009-02-27 21:12 . 2009-02-27 21:12 90624 ----a-w c:\windows\system32\ecFCI.dll 2009-02-27 21:12 . 2009-02-27 21:12 104448 ----a-w c:\windows\system32\ecFDI.dll 2009-02-27 20:42 . 2009-02-27 20:40 -------- d-----w c:\program files\Schmaili90 2009-02-26 21:37 . 2009-02-26 21:37 -------- d-----w c:\program files\Microsoft 2009-02-23 21:08 . 2009-02-23 21:08 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\SmartFTP 2009-02-23 16:58 . 2009-02-23 16:58 -------- d-----w c:\program files\Activision Value 2009-02-22 12:55 . 2009-02-22 11:49 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Web Page Maker 2009-02-22 11:49 . 2009-02-22 11:49 -------- d-----w c:\program files\Web Page Maker 2009-02-22 11:47 . 2009-02-22 10:20 -------- d-----w c:\program files\Trendy Site Builder 2009-02-21 15:26 . 2009-02-21 15:26 -------- d-----w c:\program files\phenomedia 2009-02-21 14:07 . 2009-02-14 10:00 -------- d-----w c:\program files\Windows Media Connect 2 2009-02-19 09:12 . 2009-02-14 11:16 -------- d-----w c:\program files\Mv2Player 2009-02-17 20:27 . 2009-02-17 20:27 -------- d-----w c:\program files\Common Files\Adobe 2009-02-16 13:18 . 2009-02-14 10:07 21096 ----a-w c:\documents and settings\Nesho&Nedja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-02-15 21:11 . 2009-02-14 11:33 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\BSplayer 2009-02-15 18:32 . 2009-02-15 18:32 98304 ----a-w c:\windows\system32\CmdLineExt.dll 2009-02-15 18:24 . 2009-02-15 18:24 -------- d-----w c:\program files\Rockstar Games 2009-02-15 17:24 . 2009-02-15 17:24 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Leadertech 2009-02-15 17:14 . 2009-02-15 17:14 -------- d-----w c:\program files\EA Sports 2009-02-15 15:15 . 2009-02-15 12:26 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\FrostWire 2009-02-15 12:26 . 2009-02-14 11:32 -------- d-----w c:\program files\FrostWire 2009-02-14 19:55 . 2009-02-14 19:55 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Media Player Classic 2009-02-14 16:00 . 2009-02-14 15:00 -------- d-----w c:\program files\Yahoo! 2009-02-14 15:08 . 2009-02-14 15:01 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2009-02-14 15:04 . 2009-02-14 15:04 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Yahoo! 2009-02-14 12:31 . 2009-02-14 11:34 -------- d-----w c:\program files\BS.Player ControlBar 2009-02-14 12:23 . 2009-02-14 12:23 -------- d-----w c:\program files\JAM Software 2009-02-14 11:33 . 2009-02-14 11:33 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\BSplayer Pro 2009-02-14 11:33 . 2009-02-14 11:33 -------- d-----w c:\program files\Webteh 2009-02-14 11:30 . 2009-02-14 11:30 -------- d-----w c:\program files\Microsoft ActiveSync 2009-02-14 11:30 . 2009-02-14 11:30 -------- d-----w c:\program files\Microsoft.NET 2009-02-14 11:26 . 2009-02-14 11:26 -------- d-----w c:\program files\Lavalys 2009-02-14 11:24 . 2009-02-14 11:24 -------- d-----w c:\program files\DAEMON Tools Lite 2009-02-14 11:20 . 2009-02-14 11:20 -------- d-----w c:\program files\Ahead 2009-02-14 11:20 . 2009-02-14 11:20 -------- d-----w c:\program files\Common Files\Ahead 2009-02-14 11:16 . 2009-02-14 11:16 717296 ---ha-w c:\windows\system32\drivers\sptd.sys 2009-02-14 11:16 . 2009-02-14 11:16 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\DAEMON Tools 2009-02-14 11:15 . 2009-02-14 11:14 -------- d-----w c:\program files\BitTorrent 2009-02-14 11:14 . 2008-01-29 17:29 33808 ---ha-w c:\windows\system32\drivers\klbg.sys 2009-02-14 11:14 . 2009-02-14 10:44 89601 ---ha-w c:\windows\system32\drivers\klick.dat 2009-02-14 11:14 . 2009-02-14 10:44 101287 ---ha-w c:\windows\system32\drivers\klin.dat 2009-02-14 11:14 . 2009-02-14 11:14 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Malwarebytes 2009-02-14 11:14 . 2009-02-14 11:13 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-14 11:13 . 2009-02-14 11:13 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-14 11:12 . 2009-02-14 11:10 -------- d-----w c:\program files\Winamp 2009-02-14 11:08 . 2009-02-14 11:08 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\ACD Systems 2009-02-14 11:07 . 2009-02-14 11:07 -------- d-----w c:\program files\Common Files\ACD Systems 2009-02-14 11:07 . 2009-02-14 11:07 -------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2009-02-14 11:07 . 2009-02-14 11:07 -------- d-----w c:\program files\ACD Systems 2009-02-14 11:06 . 2009-02-14 11:05 -------- d-----w c:\program files\totalcmd 2009-02-14 10:59 . 2009-02-14 09:42 -------- d-----w c:\program files\VistaExperience.org 2009-02-14 10:57 . 2009-02-14 10:57 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\URSoft 2009-02-14 10:57 . 2009-02-14 10:57 -------- d-----w c:\program files\Your Uninstaller 2008 2009-02-14 10:50 . 2009-02-14 10:50 -------- d-----w c:\program files\K-Lite Codec Pack 2009-02-14 10:42 . 2009-02-14 10:42 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-14 10:39 . 2009-02-14 10:39 -------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth 2009-02-14 10:38 . 2009-02-14 10:38 -------- d-----w c:\program files\IVT Corporation 2009-02-14 10:35 . 2009-02-14 10:35 -------- d-----w c:\program files\USB Vibration 2009-02-14 10:34 . 2009-02-14 10:34 -------- d-----w c:\program files\Vimicro Corporation 2009-02-14 10:33 . 2009-02-14 10:33 -------- d-----w c:\program files\Vimicro 2009-02-14 10:29 . 2009-02-14 10:29 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Talkback 2009-02-14 10:27 . 2009-02-14 10:27 21419 ---ha-w c:\windows\system32\drivers\AegisP.sys 2009-02-14 10:27 . 2009-02-14 10:27 -------- d-----w c:\program files\GIGABYTE 2009-02-14 10:27 . 2009-02-14 10:27 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\InstallShield 2009-02-14 10:24 . 2009-02-14 09:48 86327 ---ha-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-02-14 10:09 . 2009-02-14 10:09 -------- d-----w c:\program files\Realtek 2009-02-14 10:08 . 2009-02-14 10:08 -------- d-----w c:\program files\Intel 2009-02-14 10:06 . 2009-02-14 09:39 -------- d-----w c:\program files\Styler 2009-02-14 10:06 . 2009-02-14 10:06 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Styler 2009-02-14 10:02 . 2009-02-14 10:00 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat 2009-02-14 10:02 . 2009-02-14 10:00 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2009-02-14 10:02 . 2009-02-14 10:00 16384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2009-02-14 10:02 . 2009-02-14 10:02 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009021420090215\index.dat 2009-02-14 09:58 . 2009-02-14 09:40 -------- d-----w c:\program files\Windows Sidebar . ------- Sigcheck ------- [-] 2008-04-23 14:32 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\system32\drivers\tcpip.sys [-] 2008-04-23 05:34 2350208 AF263738FAD02E11D21F2C8F18054C80 c:\windows\system32\ntoskrnl.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= "c:\windows\system32\ieframe.dll" [2008-04-23 6067200] [HKEY_CLASSES_ROOT\clsid\{cfbfae00-17a6-11d0-99cb-00c04fd64497}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D2F8F919-690B-4EA2-9FA7-A203D1E04F75}"= "c:\program files\Styler\TB\StylerTB.dll" [2006-05-02 102400] [HKEY_CLASSES_ROOT\clsid\{d2f8f919-690b-4ea2-9fa7-a203d1e04f75}] [HKEY_CLASSES_ROOT\StylerTB.StylerToolBar.1] [HKEY_CLASSES_ROOT\TypeLib\{89B73048-4968-42EC-9841-D790BD239380}] [HKEY_CLASSES_ROOT\StylerTB.StylerToolBar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-14 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-03-23 14202368] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-23 124928] c:\documents and settings\Nesho&Nedja\Start Menu\Programs\Startup\ windows.pif [2006-4-24 59392] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Empty.pif [2006-4-24 59392] Gigabyte Wireless Utility.lnk - c:\program files\GIGABYTE\Common\GNConfig.exe [2009-2-14 741376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2007-12-07 233472] "WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKLM\~\startupfolder\C:^Documents and Settings^Nesho&Nedja^Start Menu^Programs^Startup^Styler.lnk] path=c:\documents and settings\Nesho&Nedja\Start Menu\Programs\Startup\Styler.lnk backup=c:\windows\pss\Styler.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2008-03-22 21:18 1271808 ----a-w c:\program files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2006-09-07 16:19 15872 ----a-w c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC] 2007-04-13 17:08 114688 ----a-w c:\program files\Vimicro\Vimicro UVC USB2.0 PC Camera\x86\VMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= R3 FXDRV;FXDRV; [x] R3 PciCon;PciCon; [x] S0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2006-02-26 26112] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-14 33808] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289] S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2007-09-05 248448] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2007-06-13 476032] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{360f1f10-fba1-11dd-9c77-0011676bf47f}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://home.sweetim.com mStart Page = hxxp://home.sweetim.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe TCP: {FB7D265C-DCA8-4336-931A-CF831CF175E3} = 10.24.4.1 Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll FF - ProfilePath - c:\documents and settings\Nesho&Nedja\Application Data\Mozilla\Firefox\Profiles\bnel1vba.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-15 08:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1028-) c:\windows\system32\klogon.dll . Completion time: 2009-04-15 9:00 ComboFix-quarantined-files.txt 2009-04-15 07:00 Pre-Run: 12,503,928,832 bytes free Post-Run: 12,494,589,952 bytes free 260 primetio sam da dok je radio combofix komp se nije restartovao ko sto je ranije radio kad sam radio sa njim Dopuna: 15 Apr 2009 16:24 .......................................................................

Profil

Piksi Poslao: 15 Apr 2009 19:31 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne brini zbog toga što ComboFix nije restartovao računar. Često nema potrebe za restartom... Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\documents and settings\Nesho&Nedja\Application Data\explorer.exe c:\documents and settings\Nesho&Nedja\Start Menu\Programs\Startup\windows.pif c:\documents and settings\All Users\Start Menu\Programs\Startup\Empty.pif Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{360f1f10-fba1-11dd-9c77-0011676bf47f}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

nesho_15 Poslao: 16 Apr 2009 12:32 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-04-16.02 - Nesho&Nedja 04/16/2009 12:20.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1566 [GMT 2:00] Running from: C:\ComboFix.exe Command switches used :: c:\documents and settings\Nesho&Nedja\Desktop\CFScript.txt AV: AntiVir Desktop On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\documents and settings\All Users\Start Menu\Programs\Startup\Empty.pif c:\documents and settings\Nesho&Nedja\Application Data\explorer.exe c:\documents and settings\Nesho&Nedja\Start Menu\Programs\Startup\windows.pif . Error: Cfolders.dat ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Start Menu\Programs\Startup\Empty.pif c:\documents and settings\Nesho&Nedja\Application Data\explorer.exe c:\documents and settings\Nesho&Nedja\Local Settings\Application Data\lsass.exe c:\documents and settings\Nesho&Nedja\Start Menu\Programs\Startup\windows.pif . ((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 ))))))))))))))))))))))))))))))) . 2009-04-14 16:54 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-14 16:54 . 2009-04-14 16:54 -------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-04-14 16:36 . 2009-04-16 10:23 32 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-04-14 16:36 . 2009-04-16 10:23 32 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-04-14 16:36 . 2009-04-16 10:23 32 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-04-14 16:36 . 2009-04-16 10:23 32 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-12 12:05 . 2009-04-12 12:05 26 ----a-w c:\windows\neosetup.INI 2009-04-12 12:05 . 2007-02-05 11:11 139264 ----a-w c:\windows\NeoUninstall.exe 2009-04-09 13:48 . 2009-04-09 13:48 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\ImTOO Software Studio 2009-04-09 13:43 . 2009-04-09 13:47 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\GetRightToGo 2009-03-29 08:25 . 2009-03-29 08:25 523142 ----a-w c:\windows\system32\PerfStringBackup.TMP 2009-03-20 21:09 . 2009-03-20 21:10 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\mIRC 2009-03-18 19:46 . 2009-03-18 19:46 -------- d-----w c:\windows\Sun . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-16 10:25 . 2009-02-14 11:14 -------- d-----w c:\program files\DNA 2009-04-16 10:25 . 2009-02-14 11:14 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\DNA 2009-04-16 10:19 . 2009-04-15 06:55 3015820 ----a-r C:\ComboFix.exe 2009-04-15 20:08 . 2009-02-14 10:09 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-15 20:08 . 2009-02-14 10:57 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-14 18:20 . 2009-04-14 18:20 -------- d-----w c:\program files\microsoft frontpage 2009-04-14 16:54 . 2009-04-14 16:54 -------- d-----w c:\program files\Avira 2009-04-14 16:34 . 2009-02-14 09:38 -------- d-----w c:\program files\Unlocker 2009-04-12 12:05 . 2009-04-12 12:05 -------- d-----w c:\program files\Neoact 2009-04-09 13:41 . 2009-04-09 13:40 -------- d-----w c:\program files\The KMPlayer 2009-04-08 11:55 . 2009-03-01 15:14 -------- d-----w c:\program files\Counter-Strike 1.6 2009-03-16 16:45 . 2009-03-16 16:45 -------- d-----w c:\program files\Atari 2009-03-15 12:25 . 2009-03-15 12:25 268 ---ha-w C:\sqmdata03.sqm 2009-03-15 12:25 . 2009-03-15 12:25 244 ---ha-w C:\sqmnoopt04.sqm 2009-03-15 12:25 . 2009-03-15 12:25 244 ---ha-w C:\sqmnoopt03.sqm 2009-03-14 17:31 . 2009-03-01 12:43 -------- d-----w c:\program files\NitroFamily 2009-03-12 18:23 . 2009-03-12 18:23 268 ---ha-w C:\sqmdata02.sqm 2009-03-12 18:23 . 2009-03-12 18:23 244 ---ha-w C:\sqmnoopt02.sqm 2009-03-10 20:27 . 2009-03-10 20:27 268 ---ha-w C:\sqmdata01.sqm 2009-03-10 20:27 . 2009-03-10 20:27 244 ---ha-w C:\sqmnoopt01.sqm 2009-03-08 20:07 . 2009-02-14 14:24 -------- d-----w c:\program files\MSN Messenger 2009-03-08 16:01 . 2009-03-08 16:01 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles 2009-03-04 17:21 . 2009-03-04 17:18 -------- d-----w c:\program files\Cheatbook Database 2008 2009-03-02 22:35 . 2009-03-02 22:35 268 ---ha-w C:\sqmdata00.sqm 2009-03-02 22:35 . 2009-03-02 22:35 244 ---ha-w C:\sqmnoopt00.sqm 2009-02-28 13:55 . 2009-02-14 10:09 -------- d-----w c:\program files\Common Files\InstallShield 2009-02-27 21:21 . 2009-02-27 21:12 -------- d-----w c:\program files\SmileyPad 2009-02-27 21:12 . 2009-02-27 21:12 90624 ----a-w c:\windows\system32\ecFCI.dll 2009-02-27 21:12 . 2009-02-27 21:12 104448 ----a-w c:\windows\system32\ecFDI.dll 2009-02-27 20:42 . 2009-02-27 20:40 -------- d-----w c:\program files\Schmaili90 2009-02-26 21:37 . 2009-02-26 21:37 -------- d-----w c:\program files\Microsoft 2009-02-23 21:08 . 2009-02-23 21:08 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\SmartFTP 2009-02-23 16:58 . 2009-02-23 16:58 -------- d-----w c:\program files\Activision Value 2009-02-22 12:55 . 2009-02-22 11:49 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Web Page Maker 2009-02-22 11:49 . 2009-02-22 11:49 -------- d-----w c:\program files\Web Page Maker 2009-02-22 11:47 . 2009-02-22 10:20 -------- d-----w c:\program files\Trendy Site Builder 2009-02-21 15:26 . 2009-02-21 15:26 -------- d-----w c:\program files\phenomedia 2009-02-21 14:07 . 2009-02-14 10:00 -------- d-----w c:\program files\Windows Media Connect 2 2009-02-19 09:12 . 2009-02-14 11:16 -------- d-----w c:\program files\Mv2Player 2009-02-17 20:27 . 2009-02-17 20:27 -------- d-----w c:\program files\Common Files\Adobe 2009-02-16 13:18 . 2009-02-14 10:07 21096 ----a-w c:\documents and settings\Nesho&Nedja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-02-15 21:11 . 2009-02-14 11:33 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\BSplayer 2009-02-15 18:32 . 2009-02-15 18:32 98304 ----a-w c:\windows\system32\CmdLineExt.dll 2009-02-15 18:24 . 2009-02-15 18:24 -------- d-----w c:\program files\Rockstar Games 2009-02-15 17:24 . 2009-02-15 17:24 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\Leadertech 2009-02-15 17:14 . 2009-02-15 17:14 -------- d-----w c:\program files\EA Sports 2009-02-15 15:15 . 2009-02-15 12:26 -------- d-----w c:\documents and settings\Nesho&Nedja\Application Data\FrostWire 2009-02-15 12:26 . 2009-02-14 11:32 -------- d-----w c:\program files\FrostWire 2009-02-14 10:24 . 2009-02-14 09:48 86327 ---ha-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-02-14 10:02 . 2009-02-14 10:00 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat 2009-02-14 10:02 . 2009-02-14 10:00 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2009-02-14 10:02 . 2009-02-14 10:00 16384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2009-02-14 10:02 . 2009-02-14 10:02 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009021420090215\index.dat 2009-02-14 09:53 . 2009-02-14 09:53 68936 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-02-14 09:46 . 2009-02-14 09:46 21640 ---ha-w c:\windows\system32\emptyregdb.dat . ------- Sigcheck ------- [-] 2008-04-23 14:32 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\system32\drivers\tcpip.sys [-] 2008-04-23 05:34 2350208 AF263738FAD02E11D21F2C8F18054C80 c:\windows\system32\ntoskrnl.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-14 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-03-23 14202368] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-23 124928] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Gigabyte Wireless Utility.lnk - c:\program files\GIGABYTE\Common\GNConfig.exe [2009-2-14 741376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKLM\~\startupfolder\C:^Documents and Settings^Nesho&Nedja^Start Menu^Programs^Startup^Styler.lnk] path=c:\documents and settings\Nesho&Nedja\Start Menu\Programs\Startup\Styler.lnk backup=c:\windows\pss\Styler.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2008-03-22 21:18 1271808 ----a-w c:\program files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2006-09-07 16:19 15872 ----a-w c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC] 2007-04-13 17:08 114688 ----a-w c:\program files\Vimicro\Vimicro UVC USB2.0 PC Camera\x86\VMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= R3 FXDRV;FXDRV; [x] R3 PciCon;PciCon; [x] S0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2006-02-26 26112] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-14 33808] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289] S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2007-09-05 248448] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2007-06-13 476032] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register . . ------- Supplementary Scan ------- . uStart Page = hxxp://home.sweetim.com mStart Page = hxxp://home.sweetim.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {FB7D265C-DCA8-4336-931A-CF831CF175E3} = 10.24.4.1 FF - ProfilePath - c:\documents and settings\Nesho&Nedja\Application Data\Mozilla\Firefox\Profiles\bnel1vba.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll . ************************************************************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-16 12:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1032) c:\windows\system32\klogon.dll - - - - - - - > 'explorer.exe'(1988-) c:\windows\system32\msi.dll c:\windows\system32\wpdshext.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\program files\LClock\LC.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\rundll32.exe . ************************************************************************ . Completion time: 2009-04-16 12:28 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-16 10:28 ComboFix2.txt 2009-04-15 07:01 Pre-Run: 12,384,813,056 bytes free Post-Run: 12,374,417,408 bytes free 209 evo combofix loga,avira vise ne javlja nista i my documents se vise ne otvaraju pri svakom podizanju windowsa.hvala puno na pomoci jos samo flesh da ocistimo i to bi bilo to

Profil

Piksi Poslao: 16 Apr 2009 15:20 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vidim da imaš i ostatke Kasperskog na sistemu, preporučljivo je da se uklone potpuno. Ali to ćemo na kraju, ako budeš bio raspoložen... Sada da pređemo na dezinfekciju flash-a -> - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

nesho_15 Poslao: 16 Apr 2009 23:14 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBNoRisk 1.6 by bobby Started at 4/16/2009 11:09:29 PM Scanning for connected USB Mass storage... ---------------------------------------- ======================================== Scanning for other storage... ---------------------------------------- D: {1e3bb4df-fa81-11dd-b91c-806d6172696f} C: {1e3bb4e1-fa81-11dd-b91c-806d6172696f} ======================================== Scanning fixed storage for autorun.inf files... ---------------------------------------- Autorun.inf on C: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for C: No key found for 1e3bb4e1-fa81-11dd-b91c-806d6172696f ======================================== Autorun.inf on D: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for D: No key found for 1e3bb4df-fa81-11dd-b91c-806d6172696f ======================================== New device connected at 4/16/2009 11:10:42 PM Scanning for connected USB mass storage... ---------------------------------------- H: {360f1f10-fba1-11dd-9c77-0011676bf47f} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on H: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 360f1f10-fba1-11dd-9c77-0011676bf47f ======================================== ---------------------------------------- Desktop.ini on H: - None ---------------------------------------- ======================================== evo taj zadnji je flesh taj H ovo ostalo nzm sta je,a za kaspersky naravno da sam raspolozen

Profil

Piksi Poslao: 18 Apr 2009 00:13 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Flash za koji si postavio log nije inficiran, a bio je. Možda si ga u međuvremenu formatirao, ili šta već? Što se tiče uklanjanja ostataka Kasperskog, imaš sve u ovoj temi. Na kraju, postavi mi i svež HijackThis log, kako bih bio siguran da se infekcija nije vratila.

Profil

nesho_15 Poslao: 18 Apr 2009 10:13 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! flash nisam formatirao,skinuo sam kav remover ali je pisalo kaspersky anti virus not detected evo i HTJ log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:11:31 AM, on 4/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\LClock\LClock.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\GIGABYTE\Common\GNConfig.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\internet\TR#\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Gigabyte Wireless Utility.lnk = C:\Program Files\GIGABYTE\Common\GNConfig.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{FB7D265C-DCA8-4336-931A-CF831CF175E3}: NameServer = 10.24.4.1 O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4402 bytes

Profil

MyCity » Ambulanta -> Arhiva Ambulante » explorer.exe i zarazen flesh

Ko je trenutno na forumu

Ukupno su 831 korisnika na forumu :: 9 registrovanih, 1 sakriven i 821 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 100ka, cikadeda, Dzondzula, Koridor, milenko crazy north, nextyamb, Nikolaa11, VJ, WerWolf14

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by