Nestanak memorije

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

precesto mi nesto povuce memoriju, toliko da se komp zablesi totalno. Mozda gresim, ali mislim da jeste neki virus ili tako nesto:

Logfile of HijackThis v1.99.1
Scan saved at 17:37:47, on 17.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Pointstone\MemOptimizer 3\MemOptimizer.exe
C:\Documents and Settings\Sasa\Desktop\New Folder (4)\TR3.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96372AB6-15EB-4316-B497-71C741BC548C} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Preuzmi sa FlashGet-om - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Preuzmi sve sa FlashGet-om - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?ec247839e15a414e9c9ac19737d29461
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?ec247839e15a414e9c9ac19737d29461
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B30869A-750E-4573-A41E-B50E90FE3701}: NameServer = 82.208.201.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E1AAE77-8C12-4EE4-ABF8-9A2972377BB1}: NameServer = 212.200.34.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5EEEC31-A11F-4565-95B0-0CF3ABD7E98B}: NameServer = 82.208.201.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBE7F84A-BC76-4FF4-8ACB-4CAECAB8DCC1}: NameServer = 82.208.201.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows-CCHook-Service - Salfeld Computer - C:\WINDOWS\system32\cchservice.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

Dopuna: 17 Nov 2007 18:19

U medjuvremenu KIS mi je pronasao :

detected: Trojan program Trojan.Win32.Inject.jt File: C:\DOCUME~1\Sasa\LOCALS~1\Temp\wjeeeiprH6G334C.dll

kojeg ne moze da izbrise.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Probao si da restartujes komp nako sto ti je KIS otkrio tog trojanca?
Pokusace da ga obrise pri startovanju Windowsa ukoliko nije uspeo da ga obrise normalnim putem.

Ja sam pregledao log i nisam nasao nista neobicno. Probacemo jednu drugu alatku, da vidimo da li mozemo od nje dobiti neke druge informacije.

Skini ComboFix sa jedne od sledecih adresa:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kad sam pokrenuo skeniranje Combo fix-om kod stagee-a 3 i 4 mi se ponovo javio KIS sa gore navedenim problemom detected: Trojan program Trojan.Win32.Inject.jt File: C:\DOCUME~1\Sasa\LOCALS~1\Temp\wjeeeiprH6G334C.dll kojeg nije izbrisao iako sam pre toga restartovao komp, iskljucio sistem resto. Kod stage-a 8 i 36 ComboFix je poduo skenirao. Na kraju evo rezultata skeniranja:

ComboFix 07-11-08.1 - Sasa 2007-11-17 21:21:29.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.34 [GMT 1:00]
Running from: C:\Documents and Settings\Sasa\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-17 17:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 21:15 <DIR> d-------- C:\Program Files\Professional Registry Doctor
2007-11-13 10:27 <DIR> d--hs---- C:\Diskeeper
2007-11-13 09:19 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2007-11-13 09:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2007-11-09 22:21 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\CD Bank
2007-11-09 22:20 <DIR> d-------- C:\Program Files\CD Bank
2007-11-09 17:51 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\Intermedia Design
2007-11-09 17:49 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-11-08 09:42 <DIR> d-------- C:\Program Files\Uniblue
2007-11-07 08:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SolarWinds
2007-11-06 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DeskSoft
2007-11-06 09:45 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\DeskSoft
2007-11-05 13:39 <DIR> d-------- C:\Program Files\Dr.Hardware 2007 english
2007-11-03 23:34 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2007-11-03 23:15 <DIR> d-------- C:\Program Files\Error Repair Professional
2007-11-03 15:00 <DIR> d-------- C:\Program Files\Common Files\Bcgsoft
2007-11-03 09:36 <DIR> d-------- C:\Program Files\D-Link
2007-11-03 09:29 <DIR> d-------- C:\Program Files\WZCBDL Service
2007-11-03 09:29 <DIR> d-------- C:\Program Files\NIOC Service
2007-11-03 07:34 24,576 --a------ C:\WINDOWS\system32\vshook.dll
2007-11-02 16:54 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\Proxima Software
2007-11-02 10:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Genie-Soft
2007-11-02 10:30 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\Genie-Soft
2007-11-02 10:27 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys
2007-11-01 11:49 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\REALVIZ
2007-10-31 13:10 96,376 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-10-31 13:04 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\Pointstone
2007-10-30 10:45 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-28 17:50 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\ZC Dream Photo
2007-10-27 19:19 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-10-27 17:24 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-27 17:19 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-27 17:16 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-10-27 17:16 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-24 08:22 <DIR> d-------- C:\Program Files\Web Photo Album
2007-10-22 16:08 <DIR> d-------- C:\Program Files\PF3DEN
2007-10-21 09:47 <DIR> d-------- C:\Program Files\Mv2Player
2007-10-20 23:46 <DIR> d-------- C:\Program Files\Fast Photo Renamer
2007-10-20 10:09 679,936 --a------ C:\WINDOWS\system\xvidcore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-17 20:09 425,288 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-17 20:09 30,774,048 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-17 20:09 124,916 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-17 20:09 1,363,744 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-17 10:38 --------- d-----w C:\Program Files\Pointstone
2007-11-16 19:56 --------- d-----w C:\Program Files\FlashGet
2007-11-16 19:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-12 08:15 --------- d-----w C:\Program Files\Lexmark X1100 Series
2007-11-08 08:43 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Uniblue
2007-11-07 07:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-05 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups
2007-11-01 07:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-31 15:20 --------- d-----w C:\Program Files\Advanced JPEG Compressor
2007-10-25 20:50 --------- d-----w C:\Program Files\Google
2007-10-22 12:46 --------- d-----w C:\Program Files\SpywareBlaster
2007-10-17 22:21 --------- d-----w C:\Program Files\Winamp
2007-10-14 14:33 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Xilisoft Corporation
2007-10-13 07:52 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Kristanix Software
2007-10-12 18:48 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Abra Academy2
2007-10-10 19:40 213,504 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-10-10 17:43 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-10 17:43 282,624 ----a-r C:\WINDOWS\Setup1.exe
2007-10-10 07:01 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Carnival Software
2007-09-29 21:17 --------- d-----w C:\Documents and Settings\Sasa\Application Data\DivX
2007-09-29 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\BlazeVideo
2007-09-29 13:15 --------- d-----w C:\Program Files\Summitsoft
2007-09-29 10:12 47,360 ----a-w C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-09-26 06:21 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Thinstall
2007-09-24 21:53 --------- d-----w C:\Program Files\XviD
2007-09-23 12:58 21,504 ---ha-r C:\WINDOWS\system32\RegistrationLib193.dll
2007-09-22 14:41 102,400 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-17_18.15.45.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-30 09:46:20 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-11-17 20:01:27 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-10-30 09:46:20 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-11-17 20:01:27 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-10-30 09:46:20 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-11-17 20:01:28 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-10-30 09:46:20 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-11-17 20:01:26 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-10-30 09:46:20 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-11-17 20:01:28 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-10-30 09:46:21 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-11-17 20:01:28 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-10-30 09:46:21 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-11-17 20:01:28 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-10-30 09:46:21 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-11-17 20:01:28 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-10-30 09:46:20 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-11-17 20:01:27 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-30 09:46:20 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-11-17 20:01:27 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-10-30 09:46:21 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-11-17 20:01:29 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-10-30 09:46:20 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-11-17 20:01:26 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-10-30 09:46:20 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-11-17 20:01:26 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-12-19 21:52:18 8,453,632 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 10:26:53 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-11-17 20:11:44 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_7fc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-05-19 21:36]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-09-24 12:32]
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 18:13]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinters"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Net.Medic.lnk]
backup=C:\WINDOWS\pss\Net.Medic.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sasa^Start Menu^Programs^Startup^BWMeter.lnk]
backup=C:\WINDOWS\pss\BWMeter.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sasa^Start Menu^Programs^Startup^Xfire.lnk]
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sasa^Start Menu^Programs^Startup^YearPlanner.lnk]
backup=C:\WINDOWS\pss\YearPlanner.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMPro8Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Services]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnsyslog]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetMeter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
"C:\Program Files\RFA Platinum\rfagent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
D:\Sortirani softveri\Optimizeri\Uniblue\Registry_Booster_v2.0.1041.3208\registrybooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScannerPro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZortamMp3MediaStudio]

R2 NIOC;NIOC Service;\??\C:\WINDOWS\system32\NIOC.SYS
R2 Windows-CCHook-Service;Windows-CCHook-Service;C:\WINDOWS\system32\cchservice.exe
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;C:\WINDOWS\system32\DRIVERS\NETDLWL.SYS
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe"
S3 WimFltr;WimFltr;C:\WINDOWS\system32\DRIVERS\wimfltr.sys
Start Pending2 WZCBDLService;WZCBDL Service;"C:\Program Files\WZCBDL Service\WZCBDLS.exe"

.
Contents of the 'Scheduled Tasks' folder
"2007-11-17 20:11:21 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-08 08:43:52 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-08 08:43:49 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-17 14:16:01 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
"2007-05-19 20:42:11 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 21:32:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 21:35:53
.
--- E O F ---

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Posalji mi sledece fajlove na proveru:

C:\WINDOWS\system32\Chip.dll
C:\WINDOWS\system32\vshook.dll
C:\WINDOWS\system32\drivers\WimFltr.sys

Uploaduj mi ih preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Upakovao sam u .rar svakog ponaosob i poslao.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jesi li skinuo novi ComboFix ili koristis neki koji si skinuo ranije?

Ukoliko je neki od ranije, onda obrisi ceo folder c:\qoobox, kao i taj stariji ComboFix, pa skini novi i njime napravi log.

U onim fajlovima nisam nasao nista, mada mi nije bas sve jasno.
WimFltr.sys - ovo je drajver za Vistu, za mountovanje imagea u WIM formatu. To si ti instalirao ili nemas ideju odakle je?

Onaj Chip.dll ima nesto veze sa pustanjem muzike.

vshook.dll ima veze sa VitalSigns kompanijom, imas li neki program od njih?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

bobby ::Jesi li skinuo novi ComboFix ili koristis neki koji si skinuo ranije?

Ukoliko je neki od ranije, onda obrisi ceo folder c:\qoobox, kao i taj stariji ComboFix, pa skini novi i njime napravi log.

U onim fajlovima nisam nasao nista, mada mi nije bas sve jasno.
WimFltr.sys - ovo je drajver za Vistu, za mountovanje imagea u WIM formatu. To si ti instalirao ili nemas ideju odakle je?

Onaj Chip.dll ima nesto veze sa pustanjem muzike.

vshook.dll ima veze sa VitalSigns kompanijom, imas li neki program od njih?

Nisam bas siguran za Combo, evo sad sam skinuo sa prvog linka kog si mi dao pa ti kacim log.

Evo opet ista prica , pri skeniranju Combom kod 3 Stage-a mi KIS nalazi Trojan.Win32.Inject.jt. kog nema u virus listi na VirusList.com-u. Zanimljivo je da ga na toj lokaciji gde ga KIS pronalazi jednostavno nema.

To a Vistom nemam predstave otkud mi, pogotovo sto moj komp nema teorije za Vistu zbog svojih 256 Mb rama.

Sto se tice Chip.dll pa moguce je da je nesto zaostalo od muzickih softvera koje sam deinstalirao, ili je mozda nesto vezano da DFX ili novi Winamp, ali stvarno nemam pojma otkud mi.

vshook.dll mi jeste nesto poznato ali verovatno sam to odavno deinstalirao.

Dopuna: 18 Nov 2007 1:17

Mali problem:

Curent date is 2007-11-18 This copy of ComboFix has expiried.
Pleace download an updated copy.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nisam pametan kako da pomognem.

Hajde da probamo BitDefender online scan. Pokreni Internet Explorer (ne moze FireFox) i idi na adresu http://www.bitdefender.com/scan8/ie.html. Prati uputstva, (ako te bude pitao da li da instalira ActiveX - odobri), preskeniraj kompletan računar. Kada zavrski skeniranje imaces mogucnost snimanja loga. Snimi log i iskopiraj ga u poruku. Ukoliko je suvise veliki da bi stao u poruku, onda prikaci fajl uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Boby, BitDefender je nasao cak pet trojanaca i 8 inficiranih fajlova, koje je izbrisao onako kako ih je pronalazio. Za cudo, jednog trojanca je prepoznao cak i u CCleaner-u u Program Files. Na zalost, na samom kraju skeniranja IE je pukao, tako da nisam sacuvao logove. Koliko se secam 3 trojanca su bila generic, a 2 Win. Od svega , zanimljivo je da sam KIS-om na najjacoj zastiti isskenirao sve , ama bas sve i nista nije nasao. Kasnije cu ukljuciti ponovo BitDefender da jos jednom pregleda komp. U svakom slucaju, HVALA na predlogu, koji se pokazao sasvim ispravan.

Dopuna: 18 Nov 2007 17:52

goust ::Boby, BitDefender je nasao cak pet trojanaca i 8 inficiranih fajlova, koje je izbrisao onako kako ih je pronalazio. Za cudo, jednog trojanca je prepoznao cak i u CCleaner-u u Program Files. Na zalost, na samom kraju skeniranja IE je pukao, tako da nisam sacuvao logove. Koliko se secam 3 trojanca su bila TrojaGeneric sa nekim cifranma u nazivu, a 2 Win. Od svega , zanimljivo je da sam KIS-om na najjacoj zastiti isskenirao sve , ama bas sve i nista nije nasao. Kasnije cu ukljuciti ponovo BitDefender da jos jednom pregleda komp. U svakom slucaju, HVALA na predlogu, koji se pokazao sasvim ispravan.

Dopuna: 18 Nov 2007 17:54

hm, ne mogu da ispravim sopstvenu gresku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kliknuo si Citiraj umesto Izmeni.

Moze biti da je BitDefender imao pogresnu detekciju oko CCleanera.
Javi obavezno sta je ucinio kod drugog skeniranja.