Da li sam se zarazila?!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo prtscr iz kisa

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Dr.Web CureIt (~12 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)

Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu

Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Konacno... posle 5 sati skeniranja....

I opet mi se pri paljenju kompa pojavilo kao u prosloj slici.... Mada vise nema onog system alerta


[Link mogu videti samo ulogovani korisnici]

Dopuna: 15 Mar 2009 20:04

Evo sad je izbacio onaj system alert.... kuku....

P.S. Sad sam skontala da mi se pri restartovanju wina ispisalo da li hocu da se logujem na recovery win ili da idem na normalno win xp

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

SAnja ::
P.S. Sad sam skontala da mi se pri restartovanju wina ispisalo da li hocu da se logujem na recovery win ili da idem na normalno win xp

Mora da si prilikom skeniranja ComboFixom kliktala OK, a da nisi procitala sta te pita?

Hajde probaj sad opet da skeniras ComboFixom, da vidimo da li se nesto promenilo.

Mozda ces morati ponovo da skines ComboFix.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix me je samo pitao svaki put da li se slazem da ga koristim blabla i bilo je yes ili no nije me nista drugo pitao.

Evo logfile-a

ComboFix 09-03-14.02 - Sandra 2009-03-15 20:16:53.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2363 [GMT 1:00]
Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\13.scr

.
((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-15 16:58 . 2009-03-15 17:10 <DIR> d-------- c:\documents and settings\Sandra\DoctorWeb
2009-03-06 21:10 . 2009-03-06 21:10 <DIR> d-------- c:\windows\system32\NtmsData
2009-03-06 16:25 . 2008-04-14 00:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-03-06 16:25 . 2008-04-14 00:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-03-04 22:54 . 2009-03-04 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Phenomedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 19:18 18,816,032 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-15 19:18 1,023,776 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-15 18:51 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-15 16:01 --------- d-----w c:\program files\WordWeb
2009-03-15 15:57 97,736 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-15 15:57 254,276 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-06 20:25 --------- d-----w c:\documents and settings\Sandra\Application Data\POP Peeper
2009-02-16 09:28 --------- d-----w c:\program files\POP Peeper
2009-02-03 22:49 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 22:49 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-02 22:36 --------- d-----w c:\documents and settings\Sandra\Application Data\ACD Systems
2009-02-02 22:35 9,856 ----a-w c:\windows\system32\drivers\pfc.sys
2009-02-02 22:35 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-02 22:35 --------- d-----w c:\program files\ACD Systems
2009-02-02 22:35 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-23 10:28 --------- d-----w c:\program files\UltraSnap
2008-12-15 00:45 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-14 22:57 1,851,544 ----a-w c:\program files\install_flash_player.exe
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-15 10:09:16 58,998 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-15 19:03:42 58,998 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-15 10:09:16 392,864 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-15 19:03:42 392,864 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-15 18:51:32 16,384 ----atw c:\windows\temp\Perflib_Perfdata_374.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2008-03-12 1429504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-10-20 166456]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13545472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-07-21 450649]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-18 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-09-19 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [4/14/2008 2:03:54 PM 596584]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\progra~1\ASUS\ATKHOT~1\ASNDIS5.SYS [5/27/2004 6:13:04 PM 16269]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [12/13/2007 1:28:40 PM 24592]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/14/2008 12:18:09 AM 41376]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [12/14/2008 12:34:03 AM 57408]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [10/18/2007 11:31:54 AM 98328]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\9bo71q6s.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-03-15 20:18:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(312)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(368-)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
.
Completion time: 2009-03-15 20:20:14
ComboFix-quarantined-files.txt 2009-03-15 19:20:11
ComboFix2.txt 2009-03-15 12:53:09
ComboFix3.txt 2009-03-15 12:19:25
ComboFix4.txt 2009-03-15 11:46:43
ComboFix5.txt 2009-03-15 13:15:21

Pre-Run: 13,259,276,288 bytes free
Post-Run: 13,248,004,096 bytes free

152

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Trebalo je jedno Yes, drugo No.

Prvo je upozoravalo da je opasan alat, a drugo, da treba Recovery konzola, ako se nesto sje*e.

Izgleda da smo ocistili te fajlove.

E, sad ti errori...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nije bilo drugog prozora, samo da je opasan alat i da ga koristim na sopstvenu adgovornost il kako vec pise

Sta cemo sa errorima?!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Iskljuci proactive defense u KAV-u, pa vidi da li se problem javlja?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Iskljucila sam defence u kavu....
Inace mi nikakvu gresku nije prijavljivao niti nista slicno ali mi je kav izbacio da imam nekog trojanca... evo prnscr iz kava....




Dopuna: 16 Mar 2009 22:35

E dok sam kucala prethodnu poruku izbaci mi opet onaj aplication error....aaaaaaaaaaaa

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sta kazes da odradis ono sto je bobby rekao:

Start > Run > kucas CMD i kilknes OK

U konzoli kucas:
sfc.exe /scannow

Ako ti postupak zatrazi CD od windowsa, daj mu ga.