Pomoc, Virus ili ..... ?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:55, on 9.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.sbb.rs:8080
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: windowsupdate.microsoft.com
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - catalog.update.microsoft.com/v7/site/Client.....4065947234
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....4046064433
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....4055139656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6464 bytes

Dopuna: 09 Feb 2009 18:37

Pre par dana sve ja radilo normalno, a sada Internet nece da otvara pojedine sajtove, a pojedine otvara polovicno. Windows Automatic Updates takodje ne radi, ni cak kada odem na njihov update sajt stalno prijavljuje neku gresku, takodje Windows messeger stalno puca...skenirao sam za viruse ali nista nije pronasao, plasim se da se neki nije zavukao u sistemske fajlove i pravi ove probleme.....

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.



Takođe isključi i WinPatrol.




Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-02-08.02 - Milos 2009-02-09 19:07:47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.176 [GMT 1:00]
Running from: c:\documents and settings\Milos\Desktop\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning disabled* (Updated)
FW: Kerio Personal Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-01-09 to 2009-02-09 )))))))))))))))))))))))))))))))
.

2009-02-09 04:42 . 2009-02-09 04:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-09 04:42 . 2009-02-09 04:42 <DIR> d-------- c:\documents and settings\Administrator
2009-02-09 04:42 . 2009-02-09 04:42 163 --a------ c:\windows\system32\drivers\fwdrv.err
2009-02-09 04:35 . 2009-02-09 04:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-09 04:35 . 2009-02-09 04:35 <DIR> d-------- c:\documents and settings\Milos\Application Data\Malwarebytes
2009-02-09 04:35 . 2009-02-09 04:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-09 04:35 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-09 04:35 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 03:39 . 2009-02-09 03:39 <DIR> d-------- c:\program files\Trend Micro
2009-02-09 00:36 . 2009-02-09 00:36 <DIR> d-------- c:\program files\Ask.com
2009-02-09 00:30 . 2009-02-09 00:55 <DIR> d-------- c:\program files\Trillian
2009-02-08 23:26 . 2009-02-08 23:26 <DIR> d-------- c:\program files\MSN Messenger
2009-02-08 23:17 . 2009-02-08 23:17 <DIR> d-------- c:\documents and settings\Milos\Application Data\CyberLink
2009-02-08 23:14 . 2009-02-09 00:06 69 --a------ c:\windows\NeroDigital.ini
2009-02-08 22:34 . 2009-02-08 22:37 <DIR> d-------- c:\program files\Omega Informatix
2009-02-08 22:31 . 2004-08-04 00:56 90,624 --a------ c:\windows\system32\kswdmcap.ax
2009-02-08 22:27 . 2009-02-08 22:27 <DIR> d-------- c:\program files\Logitech
2009-02-08 22:26 . 2004-05-21 20:11 106,496 --a------ c:\windows\system32\lvcoinst.dll
2009-02-08 22:26 . 2004-05-21 20:05 53,248 -ra------ c:\windows\system32\InstMed.exe
2009-02-08 22:26 . 2004-05-27 16:47 19,968 --a------ c:\windows\system32\drivers\LVUSBSta.sys
2009-02-08 22:26 . 2004-05-21 19:12 5,993 --a------ c:\windows\system32\lvcoinst.ini
2009-02-08 22:25 . 2009-02-08 22:25 <DIR> d-------- c:\program files\Common Files\Logitech
2009-02-08 22:25 . 2004-05-21 20:16 471,232 --a------ c:\windows\system32\drivers\lvcm.sys
2009-02-08 22:25 . 2004-05-27 16:49 372,736 --a------ c:\windows\system32\LVUI2RC.dll
2009-02-08 22:25 . 2004-05-27 16:44 208,896 --a------ c:\windows\system32\LVCodec2.dll
2009-02-08 22:25 . 2004-05-27 16:46 204,800 --a------ c:\windows\system32\LVUI2.dll
2009-02-08 22:25 . 2009-02-08 22:25 260 --a------ c:\windows\_delis32.ini
2009-02-08 22:20 . 2009-02-08 22:20 <DIR> d-------- c:\program files\e-Life Pal
2009-02-08 22:20 . 2009-02-08 22:20 492 --a------ c:\windows\MAXLINK.INI
2009-02-08 22:19 . 2009-02-08 22:20 <DIR> d-------- c:\program files\ABBYY FineReader 4.0 Sprint
2009-02-08 22:17 . 2009-02-08 22:17 <DIR> d-------- c:\program files\Temp
2009-02-08 22:17 . 2009-02-08 22:18 <DIR> d-------- c:\program files\BearPaw 1200CU Plus
2009-02-08 22:17 . 2003-01-24 07:02 388,608 --------- c:\windows\system\ltkrn12n.dll
2009-02-08 22:15 . 2009-02-08 23:29 0 --a------ c:\windows\system32\Sweeper.cfg
2009-02-08 22:08 . 2009-02-08 22:08 316 --ah----- C:\sqmdata04.sqm
2009-02-08 22:08 . 2009-02-08 22:08 244 --ah----- C:\sqmnoopt04.sqm
2009-02-08 21:42 . 2009-02-08 21:42 <DIR> d-------- c:\program files\Opera
2009-02-08 21:35 . 2009-02-08 22:22 491 --a------ c:\windows\win.tmp
2009-02-08 21:35 . 2009-02-08 22:22 277 --a------ c:\windows\system.tmp
2009-02-08 21:20 . 2005-07-06 18:13 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-02-08 21:13 . 2009-02-08 21:13 <DIR> d-------- c:\program files\Kerio
2009-02-08 21:04 . 2009-02-08 21:04 <DIR> d-------- c:\windows\Sun
2009-02-08 19:34 . 2009-02-08 19:34 268 --ah----- C:\sqmdata03.sqm
2009-02-08 19:34 . 2009-02-08 19:34 244 --ah----- C:\sqmnoopt03.sqm
2009-02-08 19:30 . 2009-02-08 19:30 268 --ah----- C:\sqmdata02.sqm
2009-02-08 19:30 . 2009-02-08 19:30 244 --ah----- C:\sqmnoopt02.sqm
2009-02-08 19:27 . 2009-02-08 19:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-08 19:25 . 2009-02-08 19:25 268 --ah----- C:\sqmdata01.sqm
2009-02-08 19:25 . 2009-02-08 19:25 244 --ah----- C:\sqmnoopt01.sqm
2009-02-08 19:22 . 2009-02-08 19:22 268 --ah----- C:\sqmdata00.sqm
2009-02-08 19:22 . 2009-02-08 19:22 244 --ah----- C:\sqmnoopt00.sqm
2009-02-08 19:09 . 2009-02-08 19:09 3,001 ---hs---- c:\documents and settings\Milos\ppUser.dat
2009-02-08 19:08 . 2009-02-08 19:08 <DIR> d-------- c:\documents and settings\Milos\Application Data\Contrast
2009-02-08 19:06 . 2009-02-08 19:06 <DIR> d-------- c:\program files\Contrast
2009-02-08 19:06 . 2009-02-08 19:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Contrast
2009-02-08 19:00 . 2009-02-08 19:00 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-02-08 19:00 . 2009-02-08 19:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-02-08 18:52 . 2009-02-08 18:52 <DIR> d-------- c:\program files\CyberLink
2009-02-08 18:52 . 2009-02-08 18:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-02-08 18:29 . 2009-02-08 18:29 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-08 18:13 . 2009-02-08 18:14 <DIR> d-------- c:\program files\Yahoo!
2009-02-08 18:13 . 2009-02-08 18:13 <DIR> d-------- c:\documents and settings\Milos\Application Data\ACD Systems
2009-02-08 18:12 . 2009-02-08 18:12 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-02-08 18:12 . 2009-02-08 18:12 <DIR> d-------- c:\program files\ACD Systems
2009-02-08 18:12 . 2009-02-08 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-08 18:06 . 2009-02-08 18:06 <DIR> d-------- c:\program files\Common Files\Ahead
2009-02-08 18:06 . 2009-02-08 18:06 <DIR> d-------- c:\program files\Ahead
2009-02-08 18:06 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-02-08 18:06 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-02-08 18:06 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-02-08 18:06 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-02-08 18:06 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-02-08 18:06 . 2004-03-02 17:37 125,184 --------- c:\windows\system32\drivers\imagesrv.sys
2009-02-08 18:06 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2009-02-08 18:06 . 2004-03-02 17:37 5,504 --------- c:\windows\system32\drivers\imagedrv.sys
2009-02-08 18:02 . 2009-02-08 18:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead
2009-02-08 17:58 . 2009-02-08 17:58 <DIR> d-------- c:\program files\Winamp
2009-02-08 17:58 . 2009-02-08 18:01 <DIR> d-------- c:\documents and settings\Milos\Application Data\Winamp
2009-02-08 17:34 . 2009-02-08 17:34 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-08 17:24 . 2009-02-08 17:24 <DIR> d-------- c:\program files\QuickTime Alternative
2009-02-08 17:24 . 2009-02-08 17:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-08 17:24 . 2005-10-17 20:58 65,536 --a------ c:\windows\system32\QuickTimeVR.qtx
2009-02-08 17:24 . 2005-10-17 20:57 49,152 --a------ c:\windows\system32\QuickTime.qts
2009-02-08 17:23 . 2009-02-08 17:23 <DIR> d-------- c:\documents and settings\Milos\Application Data\Media Player Classic
2009-02-08 17:22 . 2009-02-08 17:22 <DIR> d-------- c:\program files\Real Alternative
2009-02-08 17:22 . 2009-02-08 17:22 <DIR> d-------- c:\program files\Media Player Classic
2009-02-08 17:20 . 2009-02-09 00:10 <DIR> d-------- c:\program files\Mv2Player
2009-02-08 17:20 . 2009-02-08 17:20 <DIR> d-------- c:\program files\ffdshow
2009-02-08 17:19 . 2009-02-08 17:19 <DIR> d-------- c:\program files\AC3Filter
2009-02-08 17:18 . 2003-03-15 22:15 90,112 --a------ c:\windows\unvise32.exe
2009-02-08 17:17 . 2009-02-08 17:17 <DIR> d-------- c:\program files\DivX
2009-02-08 16:56 . 2006-06-14 09:47 172,416 -----c--- c:\windows\system32\dllcache\kmixer.sys
2009-02-08 16:56 . 2006-06-14 10:00 82,944 -----c--- c:\windows\system32\dllcache\wdmaud.sys
2009-02-08 16:56 . 2006-06-14 09:47 6,400 -----c--- c:\windows\system32\dllcache\splitter.sys
2009-02-08 16:31 . 2009-02-08 16:31 <DIR> d-------- c:\program files\Microsoft Works
2009-02-08 16:28 . 2009-02-08 16:28 <DIR> d-------- c:\windows\SHELLNEW
2009-02-08 16:27 . 2009-02-08 16:27 <DIR> dr-h----- C:\MSOCache
2009-02-08 16:09 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-02-08 16:03 . 2009-02-08 16:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-08 16:01 . 2009-02-08 16:02 <DIR> d-------- c:\documents and settings\Milos\Application Data\OpenOffice.org2
2009-02-08 15:57 . 2009-02-08 15:57 <DIR> d-------- c:\program files\OpenOffice.org 2.0
2009-02-08 05:10 . 2008-10-16 21:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-02-08 05:10 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-08 05:10 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-08 05:10 . 2008-10-16 21:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-02-08 05:10 . 2008-10-16 21:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-08 05:10 . 2008-10-16 21:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-02-08 05:10 . 2008-10-16 21:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-02-08 05:10 . 2008-10-16 21:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-08 05:10 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-02-08 04:29 . 2009-02-08 04:29 <DIR> d-------- c:\program files\Microsoft VM
2009-02-08 04:00 . 2009-02-08 04:00 <DIR> d-------- c:\documents and settings\Milos\Application Data\WinPatrol
2009-02-08 03:59 . 2009-02-08 03:59 <DIR> d-------- c:\program files\BillP Studios
2009-02-08 03:34 . 2009-02-08 03:33 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-08 03:33 . 2009-02-08 03:33 <DIR> d-------- c:\program files\Java
2009-02-08 03:33 . 2009-02-08 03:33 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-08 01:56 . 2009-02-08 16:56 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-08 01:54 . 2009-02-08 01:54 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-02-08 01:52 . 2009-02-08 01:52 <DIR> d-------- c:\windows\system32\LogFiles
2009-02-08 01:52 . 2009-02-08 01:53 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-08 01:52 . 2006-09-25 17:58 23,856 --a------ c:\windows\system32\spupdsvc.exe
2009-02-08 01:48 . 2009-02-08 01:48 0 --a------ c:\windows\nsreg.dat
2009-02-08 00:48 . 2009-02-08 19:02 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-08 00:01 . 2009-02-08 17:36 <DIR> d-------- c:\documents and settings\Milos\Contacts
2009-02-08 00:00 . 2009-02-08 00:00 <DIR> d----c--- c:\windows\system32\DRVSTORE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 03:05 --------- d-----w c:\program files\ESET
2009-02-08 17:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 03:29 155,995 ----a-w c:\windows\java\Packages\EIEMZR7J.ZIP
2009-02-07 22:16 502,368 ----a-w c:\windows\system32\drivers\amon.sys
2009-02-07 22:16 274,432 ----a-w c:\windows\system32\imon.dll
2009-02-07 22:13 --------- d-----w c:\program files\CONEXANT
2009-02-07 22:10 --------- d-----w c:\program files\ASUS
2009-02-07 22:08 7,296 --s---w c:\windows\system32\drivers\EIO.SYS
2009-02-07 22:07 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-07 21:56 --------- d-----w c:\program files\AMD
2009-02-07 21:38 --------- d-----w c:\program files\microsoft frontpage
2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-01 4112384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-01 81920]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-02-07 921600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2005-12-12 222784]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"nwiz"="nwiz.exe" [2004-07-01 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.enc"= ITIG726.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Milos^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Milos\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Tutorial_SW.lnk]
path=c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\Tutorial_SW.lnk
backup=c:\windows\pss\Tutorial_SW.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2004-08-18 15:08 970752 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-15 23:54 37376 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-14 11:36 77824 c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2005-09-26 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2005-09-26 81920]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00826dc3-f566-11dd-bf4e-806d6172696f}]
\Shell\AutoRun\command - F:\ASUSACPI.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\Supertoolbar\UpdateTask.exe [2008-10-21 12:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uInternet Settings,ProxyServer = proxy.sbb.rs:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Trusted Zone: live.com\login
Trusted Zone: microsoft.com\www.update
Trusted Zone: microsoft.com \windowsupdate
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Milos\Application Data\Mozilla\Firefox\Profiles\b3u668do.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-09 19:13:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\imon.dll
.
Completion time: 2009-02-09 19:16:51
ComboFix-quarantined-files.txt 2009-02-09 18:16:46

Pre-Run: 34.259.795.968 bytes free
Post-Run: 34,248,724,480 bytes free

251

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pa, ovde malware-a nema.


Prikači ovaj file uz poruku: C:\WINDOWS\System32\drivers\etc\hosts

Ukoliko ga ne vidiš: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Dopuna: 09 Feb 2009 19:48

sta bi to moglo da pravi takve probleme....

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip

Skini, raspakuj i pokreni dial-a-fix.exe.

Čekiraj Fix Windows Update i klikni Go.


Obriši cache (privremene file-ove)u IE-u.


Ako ovo gore ne pomogne, dalje savete možeš potražiti u odgovarajućim potforumima.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

nije pomoglo, ali u svakom slucaju hvala na vremenu