Virusi,pomoć molim!!!

Virusi,pomoć molim!!!

offline
  • Pridružio: 12 Mar 2008
  • Poruke: 31

Molim za pomoc i proveru loga.Kasperasky mi je registrovao nekoliko trojanaca,a i imam i upozorenje na desktopu Spyware detected on your computer i poplavio je.Dajem log na proveru,mada mi je prilikom pravljenja loga prijavljivao neke greske:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:59, on 24.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\korisnik\Desktop\aspirin\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{520BBADB-AE85-402F-ADA1-938F49D98AF4}: NameServer = 87.250.98.250 87.250.97.250
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5646 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


* Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection.
* U prozoru koji se otvori, izaberi By User Request.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.




Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 12 Mar 2008
  • Poruke: 31

Evo tu je ComboFix log:

ComboFix 08-08-23.03 - korisnik 2008-08-24 11:30:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.50 [GMT 2:00]
Running from: C:\Documents and Settings\korisnik\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.

2008-08-24 02:23 . 2008-08-24 02:23 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-24 02:22 . 2008-08-24 02:27 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-23 21:54 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-23 21:49 . 2008-05-01 16:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 10:35 . 2008-02-01 16:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2008-08-12 10:35 . 2008-02-01 16:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2008-08-12 10:33 . 2008-08-12 10:33 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-08-12 09:36 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-08-12 09:36 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-08-12 09:35 . 2008-08-12 10:35 <DIR> d-------- C:\Program Files\Nokia
2008-08-12 09:35 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-12 09:35 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-12 09:35 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-08-12 09:35 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-08-10 14:02 . 2008-08-10 20:14 <DIR> d-------- C:\Program Files\NSS
2008-08-03 12:22 . 2008-06-02 14:10 1,363,968 --a------ C:\WINDOWS\system32\HDX4H263Decoder.ax
2008-08-03 12:22 . 2008-06-02 14:10 167,936 --a------ C:\WINDOWS\system32\HDX4FlashDemuxer.ax
2008-07-26 19:21 . 2008-07-26 20:53 <DIR> d-------- C:\Program Files\Webteh
2008-07-26 19:21 . 2008-08-19 21:10 <DIR> d-------- C:\Documents and Settings\korisnik\Application Data\BSplayer Pro
2008-07-26 19:21 . 2008-07-26 19:29 <DIR> d-------- C:\Documents and Settings\korisnik\Application Data\BSplayer
2008-07-26 15:24 . 2008-07-26 15:25 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-07-26 15:24 . 2008-07-26 15:25 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-07-24 17:52 . 2008-08-06 19:25 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-24 17:52 . 2008-07-24 19:51 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-24 17:51 . 2008-08-24 11:22 1,304,608 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-24 17:51 . 2008-08-24 11:22 286,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-24 17:51 . 2008-08-24 11:22 11,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-24 17:51 . 2008-08-24 11:22 2,060 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 09:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-23 10:14 --------- d-----w C:\Documents and Settings\korisnik\Application Data\Skype
2008-08-23 09:40 --------- d-----w C:\Documents and Settings\korisnik\Application Data\skypePM
2008-08-13 09:24 744 ----a-w C:\Documents and Settings\korisnik\Application Data\filterclsid.dat
2008-08-10 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-08-10 11:51 --------- d-----w C:\Documents and Settings\korisnik\Application Data\PC Suite
2008-08-08 18:40 --------- d-----w C:\Program Files\JPEG Camera
2008-08-01 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-26 20:16 --------- d-----w C:\Documents and Settings\korisnik\Application Data\uTorrent
2008-07-26 13:21 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-24 17:30 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-24 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-24 16:17 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-16 11:22 --------- d-----w C:\Program Files\PhotoScape
2008-07-16 11:21 --------- d-----w C:\Program Files\Sun
2008-07-16 11:20 --------- d-----w C:\Program Files\Java
2008-07-09 08:22 --------- d-----w C:\Documents and Settings\korisnik\Application Data\Nokia
2008-07-09 08:02 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-09 08:02 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-09 08:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-07-08 23:54 --------- d-----w C:\Documents and Settings\korisnik\Application Data\Apple Computer
2008-07-08 11:23 --------- d-----w C:\Program Files\DIFX
2008-07-08 11:22 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-07-08 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2008-07-08 10:15 --------- d-----w C:\Program Files\MSXML 6.0
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-28 12:07 --------- d-----w C:\Program Files\Opera
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-02-23 00:20 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-11 01:03 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:35 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2004-12-16 18:49 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:35 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra------ 2003-03-20 08:21 1855488 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"srservice"=2 (0x2)
"Browser"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WebClient"=2 (0x2)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"SSDPSRV"=3 (0x3)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"NtLmSsp"=3 (0x3)
"mnmsrvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59777:TCP"= 59777:TCP:utorrent
"53013:TCP"= 53013:TCP:tcp53013
"53013:UDP"= 53013:UDP:udp53013
"57265:TCP"= 57265:TCP:tcp57265
"57265:UDP"= 57265:UDP:udp57265
"63353:TCP"= 63353:TCP:tcp63353
"63353:UDP"= 63353:UDP:udp63353
"41472:TCP"= 41472:TCP:tcp41472
"41172:UDP"= 41172:UDP:udp41172

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-03-29 16:33]
R3 G200;G200;C:\WINDOWS\system32\DRIVERS\G200m.sys [2001-08-17 14:49]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 16:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 16:17]
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS [2006-08-29 16:56]
S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 12:31]

*Newly Created Service* - CATCHME
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\korisnik\Application Data\Mozilla\Firefox\Profiles\hampyugj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/webhp?rls=ig
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-08-24 11:35:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-24 11:40:57
ComboFix-quarantined-files.txt 2008-08-24 09:40:47
ComboFix2.txt 2008-08-24 08:39:04

Pre-Run: 5,700,898,816 bytes free
Post-Run: 5,724,143,616 bytes free

186 --- E O F --- 2008-08-24 00:27:21

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Nažalost, pokrenuo si ComboFix dva puta, tako da ja samo mogu da nagađam šta se ovde događalo.


Neki konkretan problem?

offline
  • Pridružio: 12 Mar 2008
  • Poruke: 31

E pa da,restarovao sam racunar,to mi je bilo ponudjeno,a poslije restarta copija se izgubila od prvog loga.
Pa kao sto sam na pocetku teme rekao,plav mi je desktop,ali su ikonice na mestu,imao sam upozorenje tipa " Spyware detected on your computer",to se sada poslije Combofixa nestalo ali i dalje mi je plav desktop.
Naime,posetio sam neko sranje od sajta,i to se sve dogodilo,prvo mi je KIS 2009,registrovao trojance,poslije downloada vida,ali ih inije mogao desinfikovati,poslije je pobelio a zatim poplavio desktop sa upozorenjem kao sto sam napisao,skenirao sam racunar KIS,i to je to.Sad sam na netu,i ne primecujem neku razliku,izuzev sto je plav desktop.

Šta činit dalje doktore.Hvala na dosadašnjem trudu.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Jesi li pokušao da postaviš wallpaper?

Desni klik na Desktop, Properties. Na Desktop tabu izaberi wallpaper.

Da li je pomoglo?

offline
  • Pridružio: 12 Mar 2008
  • Poruke: 31

Pa postavio sam wallpaper bez problema sada.
Da li je potrebno jos nesto učiniti sada ili misliš da sada OK?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Logovi izgledaju ok. Odradi još i ovo:


Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore




Tema će ostati ovde još nekoliko dana pre arhiviranja - ukoliko se pojavi neki problem, slobodno se javi.

offline
  • Pridružio: 12 Mar 2008
  • Poruke: 31

Hvala ti puno,nadam se da će biti OK.

Pozdrav!!!

Ko je trenutno na forumu
 

Ukupno su 936 korisnika na forumu :: 4 registrovanih, 2 sakrivenih i 930 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Dorcolac, mnn2, pein