msn salje sam poruke ?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

msn salje sam poruke i izbacuje sa mreze , dakle prosledjujem samo problem pa bih voleo da mi pomognete , npr. izbaci sa mreze i posalje kao korisnicima poruke

[mod by bobby: izbrisan link ka malicioznom sajtu]

itd , zahvalan sam na svakoj pomoci

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nisi od skora na forumu - procitaj teme izdvojene sa Vazno, tu ti pise sta nam ovde treba da bi smo mogli nesto da uradimo.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

znam znam,nije moj racunar ,a i problem mi se govori usmeno,ae probacu u svakom slucaju hvala

Dopuna: 17 Jun 2008 20:45

evo

Logfile of HijackThis v1.99.1
Scan saved at 8:40:51 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\livemsngs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Octoshape Streaming Services\jelena\OctoshapeClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\jelena\Desktop\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\vsdrv.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dog about manager team] C:\Documents and Settings\All Users\Application Data\Drv Audio Dog About\Bits bat.exe
O4 - HKLM\..\Run: [Windows MSN Live Messanger] livemsngs.exe
O4 - HKCU\..\Run: [npad_ql] C:\WINDOWS\system32\Npad.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ForKnob] C:\DOCUME~1\jelena\APPLIC~1\STOPAT~1\Move book.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\jelena\OctoshapeClient.exe" -inv:bootrun
O4 - Startup: CCC.lnk = ?
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\Utilities\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Lookup Meaning - res://C:\Program Files\Utilities\ieSpell\iespell.dll/LOOKUPMEANING.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\Utilities\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\Utilities\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\Utilities\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\Utilities\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\Utilities\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: UpdateCheck - {EBA17508-93AB-4318-AC3D-399E9C8F79B3} - C:\WINDOWS\system32\kbdcy.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Najmanje dve infekcije su prisutne.

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-06-16.5 - jelena 2008-06-17 21:17:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.72 [GMT 2:00]
Running from: C:\Documents and Settings\jelena\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Npad.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-17 18:52 . 2008-06-17 18:52 <DIR> d-------- C:\Program Files\Real
2008-06-16 21:46 . 2008-06-16 21:46 42,496 -r-hs---- C:\WINDOWS\livemsngs.exe
2008-06-12 23:43 . 2008-06-13 20:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-12 23:43 . 2008-06-12 23:43 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-11 14:59 . 2008-04-14 13:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:59 . 2008-04-14 13:01 272,128 --------- C:\WINDOWS\system32\DllCache\bthport.sys
2008-05-27 19:53 . 2008-05-27 19:53 <DIR> d-------- C:\Program Files\Stop Atom
2008-05-27 19:51 . 2008-05-27 19:55 <DIR> d-------- C:\Program Files\LimeWire
2008-05-27 19:51 . 2008-05-27 20:01 <DIR> d-------- C:\Documents and Settings\jelena\Application Data\LimeWire
2008-05-24 23:09 . 2008-05-24 23:09 <DIR> d-------- C:\Program Files\Octoshape Streaming Services
2008-05-20 23:48 . 2008-06-15 17:38 <DIR> d-------- C:\Documents and Settings\jelena\Application Data\BearShare
2008-05-20 23:48 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-05-20 23:47 . 2008-05-20 23:48 <DIR> d-------- C:\Program Files\BearShare Applications

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 17:07 --------- d-----w C:\Documents and Settings\jelena\Application Data\OpenOffice.org2
2008-06-17 17:01 --------- d-----w C:\Program Files\MSN Messenger
2008-06-17 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-10 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-02 16:01 --------- d-----w C:\Program Files\Java
2008-05-30 15:43 --------- d-----w C:\Documents and Settings\jelena\Application Data\Ahead
2008-05-27 18:00 --------- d-----w C:\Program Files\Internet Download Manager
2008-05-27 17:54 --------- d-----w C:\Documents and Settings\jelena\Application Data\Stop Atom
2008-05-27 17:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Drv Audio Dog About
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\DllCache\rmcast.sys
2008-05-07 21:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ------w C:\WINDOWS\system32\DllCache\quartz.dll
2008-05-05 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-17 10:46 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\DllCache\msjint40.dll
2008-03-19 09:40 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:40 1,845,888 ------w C:\WINDOWS\system32\DllCache\win32k.sys
2004-08-18 14:00 114,688 --sha-r C:\WINDOWS\system32\ajoy.dll
.

------- Sigcheck -------

2006-08-25 16:19 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"npad_ql"="C:\WINDOWS\system32\Npad.exe" [ ]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-02-25 14:07 243072]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
"ForKnob"="C:\DOCUME~1\jelena\APPLIC~1\STOPAT~1\Move book.exe" [2008-05-27 19:53 459264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56 15360]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\jelena\OctoshapeClient.exe" [2006-02-13 18:33 214648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-19 13:27 65536]
"Vistadrv"="C:\WINDOWS\system32\vsdrv.exe" [2006-07-30 04:37 121089]
"Device Detector"="DevDetect.exe" []
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 11:37 110592]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 13:49 16269312 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2006-03-21 16:54 544768]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 14:02 786521]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-10-04 16:14 455984]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"dog about manager team"="C:\Documents and Settings\All Users\Application Data\Drv Audio Dog About\Bits bat.exe" [2008-06-17 19:06 529408]
"Windows MSN Live Messanger"="livemsngs.exe" [2008-06-16 21:46 42496 C:\WINDOWS\livemsngs.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"npad_ql"="C:\WINDOWS\system32\Npad.exe" [ ]

C:\Documents and Settings\jelena\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"UpdateCheck"= {EBA17508-93AB-4318-AC3D-399E9C8F79B3} - C:\WINDOWS\system32\kbdcy.dll [2003-06-20 14:00 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 21:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"VIDC.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Octoshape Streaming Services\\jelena\\OctoshapeClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-03-09 22:47]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-03-09 22:47]
R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-08-14 05:40]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 01:07]
R3 SynMini;USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-08-09 08:15]
R3 SynScan;USB2.0 1.3M WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-08-09 08:15]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 16:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 16:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 16:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c512e6e-f4d6-11dc-a9f4-001d6015f2c4}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\\cneucfg.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa644d00-19e7-11dd-aa4f-001d6015f2c4}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\\msordl32.dll,InstallM

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-06-17 19:00:00 C:\WINDOWS\Tasks\B569308F906AA06F.job"
- c:\docume~1\jelena\applic~1\stopat~1\Browse Internet Flaw.exe
"2008-06-17 19:00:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 21:21:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-17 21:23:14
ComboFix-quarantined-files.txt 2008-06-17 19:23:10

Pre-Run: 19,327,598,592 bytes free
Post-Run: 20,090,036,224 bytes free

159 --- E O F --- 2008-06-12 20:46:43

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Deljob.
Dvoklikom pokreni deljob.exe
Logfile logit.txt će se otvoriti u Notepad-u (file će se nalaziti u folderu u kojem je i deljob.exe)
Iskopiraj sadržaj tog loga u temu na forumu

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

--------------------------------------------------------
Backups created in C:\deljob

B569308F906AA06F.job
--------------------------------------------------------
Files in Windows Tasks folder

Check Updates for Windows Live Toolbar.job
--------------------------------------------------------
Export App Data folders
--------------------------------------------------------
Volume in drive C has no label.
Volume Serial Number is 64EC-0416

Directory of C:\Documents and Settings\jelena\Application Data

05/27/2008 07:51 PM <DIR> .
05/27/2008 07:51 PM <DIR> ..
03/02/2008 01:19 AM <DIR> ACDSYS~1 ACD Systems
03/07/2008 11:45 PM <DIR> Adobe
05/30/2008 05:43 PM <DIR> Ahead
03/01/2008 08:40 PM <DIR> ATI
06/15/2008 05:38 PM <DIR> BEARSH~1 BearShare
03/01/2008 08:19 PM <DIR> BSPLAY~1 BSplayer Pro
03/05/2008 08:59 PM <DIR> cald2
03/01/2008 08:21 PM <DIR> IDENTI~1 Identities
03/01/2008 08:19 PM <DIR> IDM
04/06/2008 12:33 PM <DIR> Kodak
05/27/2008 08:01 PM <DIR> LimeWire
03/03/2008 07:34 PM <DIR> MACROM~1 Macromedia
06/06/2008 05:43 PM <DIR> MICROS~1 Microsoft
05/24/2008 11:10 PM <DIR> Mozilla
06/17/2008 09:41 PM <DIR> OPENOF~1.ORG OpenOffice.org2
03/01/2008 08:13 PM <DIR> Real
03/05/2008 08:50 PM <DIR> SecuROM
05/27/2008 07:54 PM <DIR> STOPAT~1 Stop Atom
03/13/2008 11:49 PM <DIR> Sun
04/06/2008 12:35 PM <DIR> ULEADS~1 Ulead Systems
0 File(s) 0 bytes
22 Dir(s) 20,106,096,640 bytes free
Volume in drive C has no label.
Volume Serial Number is 64EC-0416

Directory of C:\Documents and Settings\All Users\Application Data

05/05/2008 03:20 PM <DIR> .
05/05/2008 03:20 PM <DIR> ..
03/01/2008 08:20 PM <DIR> ACDSYS~1 ACD Systems
03/01/2008 08:13 PM <DIR> APPLEC~1 Apple Computer
05/05/2008 03:43 PM <DIR> BLUETO~1 Bluetooth
05/27/2008 07:54 PM <DIR> DRVAUD~1 Drv Audio Dog About
03/03/2008 07:32 PM <DIR> IM
03/03/2008 07:32 PM <DIR> INCRED~1 IncrediMail
04/13/2008 08:04 PM <DIR> MESSEN~1 Messenger Plus!
03/01/2008 08:06 PM <DIR> MICROS~1 Microsoft
06/10/2008 10:31 PM <DIR> MICROS~2 Microsoft Help
03/01/2008 08:13 PM <DIR> Real
03/01/2008 10:10 PM <DIR> sentinel
04/06/2008 12:38 PM <DIR> ULEADS~1 Ulead Systems
03/02/2008 04:28 PM <DIR> WINDOW~1 Windows Live Toolbar
06/17/2008 07:00 PM <DIR> WLINST~1 WLInstaller
0 File(s) 0 bytes
16 Dir(s) 20,106,096,640 bytes free
--------------------------------------------------------
All User Accounts
--------------------------------------------------------
All Users
jelena
--------------------------------------------------------

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\livemsngs.exe
C:\WINDOWS\system32\kbdcy.dll

Folder::
C:\Documents and Settings\All Users\Application Data\Drv Audio Dog About
C:\Documents and Settings\jelena\Application Data\Stop Atom

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"UpdateCheck"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"npad_ql"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c512e6e-f4d6-11dc-a9f4-001d6015f2c4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa644d00-19e7-11dd-aa4f-001d6015f2c4}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

zapravo moj je problem, i nemam opciju u notepad-u da sacuvam u formatu "FCScript"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ides na Save As, pa dole u polju Filename ukucas CFScript
Nemoj da gresis u kucanju imena, bitno je da bude tacno.