Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

dali moze da se popravi?

[es] :: Zaštita :: dali moze da se popravi?

Strane: 1 2

[ Pregleda: 2946 | Odgovora: 29 ]

 Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

NIKSICKO_PIVO

Član broj: 20194
Poruke: 278
195.66.191.*



Profil

icon dali moze da se popravi?21.01.2008. u 14:47

imam jedan problem izgleda da mi je uletio neki virus i sad ne mogu da instaliram ni jedan antivirusni program
imao sam zone alarm ali izgleda da nije funkcionisao! kad ocu da otvorim neku web stranicu iskoci mi u donjem desnom uglu kao obavestenje da ako otvorim stranicu moze da mi uleti virus i onda mi zakoci i ne mogu da udjem ni na jedan veb sajt
sta da radim
dali neko zna o cemu se radi i dali bih mogao rucno da maknem to i racunara bez antivirusa
da obrisem taj fajl koji je napao virus ako nije sistemski i dali bih mogao da instaliram antivirus u safe modu?
ne smijem da formatiram disk jer se radi o racunaru koji mi je na posao a na njega su neke kamere pa se bojim da ne sjeebem nesto
pomagajteeee
aj daj jos po jednu...
21.01.2008. u 14:47 

Binary Mind
11040

Član broj: 28245
Poruke: 6123
*.adsl-1.sezampro.yu.



Profil

icon Re: dali moze da se popravi?21.01.2008. u 17:39
Skini neki rootkit alat poput Rootkit Revealer-a i proskeniraj. Takodje okachi HiJackThis! log. Mislim da se radi o kombinaciji trojanaca i rootkit-ova.
Open-mindedness is considered a virtue, and true open-mindedness is, but don’t be so open minded that your brains fall out...

...It's not enough to simply not be so open minded that your brains fall out. It is equally important to have adequate bullshit deflectors in place so that the unscrupulous don't just fill your wide open mind with lies and nonsense.
21.01.2008. u 17:39 

NIKSICKO_PIVO

Član broj: 20194
Poruke: 278
195.66.191.*



Profil

icon Re: dali moze da se popravi?21.01.2008. u 18:08
sta znaci hijack ? jeli to isto neki program?
aj daj jos po jednu...
21.01.2008. u 18:08 

laki_srt
laki_srt

Član broj: 166987
Poruke: 183
*.tippnet.co.yu.



Profil

icon Re: dali moze da se popravi?21.01.2008. u 19:02
Da to je program koji ce da vidi procese na tvom racunaru,skeniras i posle toga save log file i onda ostavis taj log fajl na forumu. Da ne moras traziti evo ti prikacio sam uz poruku HijackThis 2.
Prikačeni fajlovi
HijackThis.zip HijackThis.zip - 362.07k
21.01.2008. u 19:02 

NIKSICKO_PIVO

Član broj: 20194
Poruke: 278
195.66.191.*



Profil

icon Re: dali moze da se popravi?22.01.2008. u 11:36
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:34:46 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\Program Files\Software Tools\DS-IRECClient\DS-IRECClient.exe
C:\WINDOWS\system32\wgp.exe
C:\Documents and Settings\ddd\Application Data\m\flec006.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ddd\My Documents\zmaj\My Pictures\slike\RootkitRevealer.exe
C:\DOCUME~1\ddd\LOCALS~1\Temp\QNGQNSW.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ddd\LOCALS~1\Temp\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 111.225.225.123
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3251FBC9-A99D-410F-8AB2-89F6DFD074EB} - C:\WINDOWS\system32\dfrgu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BSJYS - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ddd\LOCALS~1\Temp\BSJYS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: QNGQNSW - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ddd\LOCALS~1\Temp\QNGQNSW.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5124 bytes
aj daj jos po jednu...
22.01.2008. u 11:36 

Binary Mind
11040

Član broj: 28245
Poruke: 6123
*.adsl-1.sezampro.yu.



Profil

icon Re: dali moze da se popravi?22.01.2008. u 16:21
I ti si zakacio trojanace (Trojan.Lodeight.C. i Trojan-Spy.Win32.BZub.btx).

Skini ovo: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

i pokreni ga duplim klikom. Prati promptove i posle skeniranja log ce biti napravljen koji bi mogao da okacis zajedno sa novim HJT! logom pa cemo onda dalje da vidimo sta valja ciniti. Dok skenira Combofix ne pomeraj misa i ne radi nista sa racunarom.





Open-mindedness is considered a virtue, and true open-mindedness is, but don’t be so open minded that your brains fall out...

...It's not enough to simply not be so open minded that your brains fall out. It is equally important to have adequate bullshit deflectors in place so that the unscrupulous don't just fill your wide open mind with lies and nonsense.
22.01.2008. u 16:21 

NIKSICKO_PIVO

Član broj: 20194
Poruke: 278
195.66.191.*



Profil

icon Re: dali moze da se popravi?23.01.2008. u 14:32
ComboFix 08-01-23.2 - ddd 2008-01-23 15:20:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.386.1033.18.164 [GMT 1:00]
Running from: C:\Documents and Settings\ddd\Desktop\ComboFix.exe
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dfrgu.dll
C:\WINDOWS\system32\drivers\jsflbcso.dat
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\LEGACY_TLRLKINA
-------\srosa
-------\tlrlkina


((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-23 15:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 09:00 . 2008-01-22 09:03 10,485,760 --a------ C:\WINDOWS\system32\cxl1705
2008-01-22 08:57 . 2008-01-22 12:27 <DIR> d-------- C:\Program Files\ElcomSoft
2008-01-22 08:57 . 2008-01-22 09:04 920 --a------ C:\WINDOWS\ARCHPR.INI
2008-01-21 22:54 . 2008-01-21 22:55 <DIR> d-------- C:\Program Files\Wormux 0.7
2008-01-21 22:50 . 2008-01-21 22:50 <DIR> d-------- C:\Programas
2008-01-21 21:08 . 2004-05-10 12:42 110,592 --a------ C:\WINDOWS\system32\suppdll.dll
2008-01-21 21:08 . 2008-01-21 21:08 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-01-21 19:01 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-21 15:55 . 2008-01-21 19:04 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 15:55 . 2008-01-21 15:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-21 15:55 . 2008-01-21 15:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-21 15:55 . 2008-01-21 15:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-20 14:55 . 2008-01-21 19:11 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-20 14:55 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-20 14:55 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-20 14:55 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-20 14:55 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-20 14:55 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2008-01-20 14:55 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-19 09:26 . 2008-01-22 10:58 70,660 --a------ C:\WINDOWS\system32\mdelk.exe
2008-01-19 07:26 . 2006-01-18 03:01 827,442 --------- C:\WINDOWS\system32\drivers\hldrrr.exe
2008-01-19 07:21 . 2008-01-22 11:04 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-01-19 07:13 . 2006-10-07 17:31 221,184 --a------ C:\WINDOWS\system32\rspencr330.ocx
2008-01-19 07:07 . 2008-01-23 15:27 448,032 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-19 07:07 . 2008-01-23 15:26 8,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-19 07:03 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-01-07 16:56 . 2008-01-07 17:35 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 20:10 --------- d-----w C:\Program Files\Folder Lock
2008-01-21 15:16 --------- d-----w C:\Program Files\MediaMonkey
2008-01-21 15:15 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-20 13:33 --------- d-----w C:\Program Files\Google
2008-01-19 07:28 --------- d-----w C:\Program Files\eMule
2007-12-20 12:02 --------- d-----w C:\Program Files\Apple Software Update
2007-12-20 12:01 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-01 16:45 --------- d-----w C:\Program Files\janusware
2007-11-30 19:57 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-30 19:57 --------- d-----w C:\Program Files\Nokia
2007-11-30 19:57 --------- d-----w C:\Program Files\DIFX
2007-11-30 19:57 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-11-30 19:57 --------- d-----w C:\Program Files\Common Files\Nokia
2007-11-26 18:37 --------- d-----w C:\Program Files\MP3Gain
2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-10-24 10:30 512 ----a-w C:\ScanSectorLog.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"german.exe"="C:\WINDOWS\system32\wintems.exe" [ ]
"mule_st_key"="C:\Documents and Settings\ddd\Application Data\m\flec006.exe" [2008-01-22 10:58 96260]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 20:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-10-31 21:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"C-Media Mixer"="Mixer.exe" [2001-10-22 10:24 1216512 C:\WINDOWS\mixer.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Network Chat AutoStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Network Chat AutoStart.lnk
backup=C:\WINDOWS\pss\Network Chat AutoStart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ddd^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\ddd\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-23 17:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]
--a------ 2004-08-04 00:56 208896 C:\WINDOWS\inf\unregmp2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-11-09 13:16 688128 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2006-01-18 03:01 827442 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 01:50 33792 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-01-23 15:20 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39]
S3 BSJYS;BSJYS;C:\DOCUME~1\ddd\LOCALS~1\Temp\BSJYS.exe [2008-01-21 19:06]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 20:58:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 15:27:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

**************************************************************************
.
aj daj jos po jednu...
23.01.2008. u 14:32 

NIKSICKO_PIVO

Član broj: 20194
Poruke: 278
195.66.191.*



Profil

icon Re: dali moze da se popravi?23.01.2008. u 14:40
HKU\.DEFAULT\Control Panel\international_combofixbackup 2008-01-23 15:17 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\international_combofixbackup\Geo 2008-01-23 15:17 0 bytes Security mismatch.
HKU\S-1-5-21-1292428093-113007714-1417001333-1003\Control Panel\international_combofixbackup 2008-01-23 15:17 0 bytes Security mismatch.
HKU\S-1-5-21-1292428093-113007714-1417001333-1003\Control Panel\international_combofixbackup\Geo 2008-01-23 15:17 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\international_combofixbackup 2008-01-23 15:17 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\international_combofixbackup\Geo 2008-01-23 15:17 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 2007-06-27 20:31 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 2007-06-27 20:31 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 2008-01-23 15:32 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful 2008-01-23 15:32 4 bytes Data mismatch between Windows API and raw hive data.
C: 1601-01-01 01:00 0 bytes Error mounting volume
aj daj jos po jednu...
23.01.2008. u 14:40 

NIKSICKO_PIVO

Član broj: 20194
Poruke: 278
195.66.191.*



Profil

icon Re: dali moze da se popravi?23.01.2008. u 14:41
eto izbacio sam prvi log iz combofixa a drugi je rotkit

kako ti se cini_?
aj daj jos po jednu...
23.01.2008. u 14:41 

NIKSICKO_PIVO

Član broj: 20194
Poruke: 278
195.66.191.*



Profil

icon Re: dali moze da se popravi?23.01.2008. u 15:54
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:54, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\Mixer.exe
C:\Documents and Settings\ddd\Application Data\m\flec006.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\DOCUME~1\ddd\LOCALS~1\Temp\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 111.225.225.123
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\ddd\Application Data\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BSJYS - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ddd\LOCALS~1\Temp\BSJYS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4757 bytes
aj daj jos po jednu...
23.01.2008. u 15:54 

Binary Mind
11040

Član broj: 28245
Poruke: 6123
*.adsl-3.sezampro.yu.



Profil

icon Re: dali moze da se popravi?23.01.2008. u 18:31
Combofix je odradio svoje i vidim jos trojanaca Nema rootkitova. E sad ovo treba rucno da odstranis (probaj da ubijes proces u Task Manager-u i potom da rucno odstanis fajl a mozda i ceo folder):

Code:

C:\Documents and Settings\ddd\Application Data\m\flec006.exe


A ovo treba da stikliras i obrises pomocu HiJackThis!-a (Fix Checked):

Code:

O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\ddd\Application Data\m\flec006.exe


Takodje povedi racuna o putanji:

Code:

C:\WINDOWS\system32\wintems.exe


Mislim da je taj fajl trebao da obrise combofix ali ako nije trebas taj fajl rucno obrisati...

Ako bude jos problema vici.


Open-mindedness is considered a virtue, and true open-mindedness is, but don’t be so open minded that your brains fall out...

...It's not enough to simply not be so open minded that your brains fall out. It is equally important to have adequate bullshit deflectors in place so that the unscrupulous don't just fill your wide open mind with lies and nonsense.
23.01.2008. u 18:31 

Binary Mind
11040

Član broj: 28245
Poruke: 6123
*.adsl-3.sezampro.yu.



Profil

icon Re: dali moze da se popravi?23.01.2008. u 19:16
... kada sve odradis ili probas da odradis kako sam napisao ponovo proskeniraj combofixom, okachi novi log. Isto uradi i sa HiJackThis-om.
Open-mindedness is considered a virtue, and true open-mindedness is, but don’t be so open minded that your brains fall out...

...It's not enough to simply not be so open minded that your brains fall out. It is equally important to have adequate bullshit deflectors in place so that the unscrupulous don't just fill your wide open mind with lies and nonsense.
23.01.2008. u 19:16 

NIKSICKO_PIVO

Član broj: 20194
Poruke: 278
195.66.191.*



Profil

icon Re: dali moze da se popravi?23.01.2008. u 20:00
ComboFix 08-01-23.2 - ddd 2008-01-23 20:54:42.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.386.1033.18.164 [GMT 1:00]
Running from: C:\Documents and Settings\ddd\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\dfrgu.dll
C:\WINDOWS\system32\drivers\jsflbcso.dat
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\LEGACY_TLRLKINA
-------\srosa
-------\tlrlkina








((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-23 18:45 . 2008-01-23 18:45 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-01-23 15:58 . 2008-01-23 17:53 <DIR> d-------- C:\Program Files\ALNET SYSTEMS
2008-01-23 15:54 . 2008-01-23 15:57 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-23 15:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 09:00 . 2008-01-22 09:03 10,485,760 --a------ C:\WINDOWS\system32\cxl1705
2008-01-22 08:57 . 2008-01-22 12:27 <DIR> d-------- C:\Program Files\ElcomSoft
2008-01-22 08:57 . 2008-01-22 09:04 920 --a------ C:\WINDOWS\ARCHPR.INI
2008-01-21 22:54 . 2008-01-21 22:55 <DIR> d-------- C:\Program Files\Wormux 0.7
2008-01-21 22:50 . 2008-01-21 22:50 <DIR> d-------- C:\Programas
2008-01-21 21:08 . 2004-05-10 12:42 110,592 --a------ C:\WINDOWS\system32\suppdll.dll
2008-01-21 21:08 . 2008-01-21 21:08 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-01-21 19:01 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-21 15:55 . 2008-01-21 19:04 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 15:55 . 2008-01-21 15:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-21 15:55 . 2008-01-21 15:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-21 15:55 . 2008-01-21 15:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-20 14:55 . 2008-01-21 19:11 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-20 14:55 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-20 14:55 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-20 14:55 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-20 14:55 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-20 14:55 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2008-01-20 14:55 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-19 09:26 . 2008-01-22 10:58 70,660 --a------ C:\WINDOWS\system32\mdelk.exe
2008-01-19 07:26 . 2006-01-18 03:01 827,442 --------- C:\WINDOWS\system32\drivers\hldrrr.exe
2008-01-19 07:21 . 2008-01-22 11:04 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-01-19 07:13 . 2006-10-07 17:31 221,184 --a------ C:\WINDOWS\system32\rspencr330.ocx
2008-01-19 07:07 . 2008-01-23 20:55 578,848 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-19 07:07 . 2008-01-23 15:26 8,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-19 07:03 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-01-07 16:56 . 2008-01-07 17:35 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 14:37 --------- d-----w C:\Program Files\Folder Lock
2008-01-21 15:16 --------- d-----w C:\Program Files\MediaMonkey
2008-01-21 15:15 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-20 13:33 --------- d-----w C:\Program Files\Google
2008-01-19 07:28 --------- d-----w C:\Program Files\eMule
2007-12-20 12:02 --------- d-----w C:\Program Files\Apple Software Update
2007-12-20 12:01 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-01 16:45 --------- d-----w C:\Program Files\janusware
2007-11-30 19:57 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-30 19:57 --------- d-----w C:\Program Files\Nokia
2007-11-30 19:57 --------- d-----w C:\Program Files\DIFX
2007-11-30 19:57 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-11-30 19:57 --------- d-----w C:\Program Files\Common Files\Nokia
2007-11-26 18:37 --------- d-----w C:\Program Files\MP3Gain
2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-10-24 10:30 512 ----a-w C:\ScanSectorLog.dat
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_15.28.09.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-21 07:19:54 39,944 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\eamon.sys
+ 2007-12-21 07:20:14 30,216 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\easdrv.sys
+ 2007-12-21 07:21:56 33,800 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\epfwtdir.sys
+ 2006-12-01 23:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 23:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 23:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 23:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 23:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 23:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 23:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 23:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 23:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 23:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 20:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-10-31 21:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"C-Media Mixer"="Mixer.exe" [2001-10-22 10:24 1216512 C:\WINDOWS\mixer.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Network Chat AutoStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Network Chat AutoStart.lnk
backup=C:\WINDOWS\pss\Network Chat AutoStart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ddd^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\ddd\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-23 17:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]
--a------ 2004-08-04 00:56 208896 C:\WINDOWS\inf\unregmp2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-11-09 13:16 688128 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2006-01-18 03:01 827442 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 01:50 33792 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-01-23 15:20 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39]
R4 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys []
S3 BSJYS;BSJYS;C:\DOCUME~1\ddd\LOCALS~1\Temp\BSJYS.exe [2008-01-21 19:06]

*Newly Created Service* - EASDRV
.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 20:58:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 20:56:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\Program Files\MediaMonkey\MMHelper.dll
.
aj daj jos po jednu...
23.01.2008. u 20:00 

NIKSICKO_PIVO

Član broj: 20194
Poruke: 278
195.66.191.*



Profil

icon Re: dali moze da se popravi?23.01.2008. u 20:01
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:01, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\ddd\LOCALS~1\Temp\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 111.225.225.123
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BSJYS - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ddd\LOCALS~1\Temp\BSJYS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4623 bytes
aj daj jos po jednu...
23.01.2008. u 20:01 

Binary Mind
11040

Član broj: 28245
Poruke: 6123
*.adsl-3.sezampro.yu.



Profil

icon Re: dali moze da se popravi?23.01.2008. u 20:43
Kako se sad racunar ponasa? Po logovima bi trebalo da je sve uredu.
Open-mindedness is considered a virtue, and true open-mindedness is, but don’t be so open minded that your brains fall out...

...It's not enough to simply not be so open minded that your brains fall out. It is equally important to have adequate bullshit deflectors in place so that the unscrupulous don't just fill your wide open mind with lies and nonsense.
23.01.2008. u 20:43 

NIKSICKO_PIVO

Član broj: 20194
Poruke: 278
*.crnagora.net.



Profil

icon Re: dali moze da se popravi?23.01.2008. u 22:53
ponasa se super normalno se kaci na net i otvara sve super uspio sam da instaliram neke programe koje nisam mogao ali ne mogu da instaliram nod antivirus iskoci mi poruka da neki servis nece da se starrtuje
posle svega ovoga sto si mi ti rekao da uradim instalirao sam spywaredoctor i nasao mi je neke viruse i jednog trojanca koji se zove email
kako da instaliram nod?
hvala ti puno sto si mi pomogao spasio si me brate :)
aj daj jos po jednu...
23.01.2008. u 22:53 

Binary Mind
11040

Član broj: 28245
Poruke: 6123
*.adsl-1.sezampro.yu.



Profil

icon Re: dali moze da se popravi?23.01.2008. u 23:04
Ja sam gledao aktivnu gamad. Ovi ostali programi su nasli gamad koja cuci u potaji

Moras mi reci tacnu gresku koju NOD javlaja. Da li si probao da instaliras neki drugi antivirusni program poput Avasta, Kasperskog, AVG itd.?

Open-mindedness is considered a virtue, and true open-mindedness is, but don’t be so open minded that your brains fall out...

...It's not enough to simply not be so open minded that your brains fall out. It is equally important to have adequate bullshit deflectors in place so that the unscrupulous don't just fill your wide open mind with lies and nonsense.
23.01.2008. u 23:04 

NIKSICKO_PIVO

Član broj: 20194
Poruke: 278
85.94.112.*



Profil

icon Re: dali moze da se popravi?24.01.2008. u 15:22
pisalo mi je kao servis (eknr) no star instalation filed tako nesto
__???
aj daj jos po jednu...
24.01.2008. u 15:22 

Binary Mind
11040

Član broj: 28245
Poruke: 6123
*.adsl-4.sezampro.yu.



Profil

icon Re: dali moze da se popravi?24.01.2008. u 16:55
Hajde vidi da li su slucajno sledeci fajlovi ostali u C:\Windows\system32 i C:\Windows\system32\drivers:

Code:

C:\WINDOWS\system32\dfrgu.dll
C:\WINDOWS\system32\drivers\jsflbcso.dat
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe


ako jesu makni ih rucno i onda probaj da instaliras NOD... Ova 4 fajla su inace ostaci 2 trojanca koje si imao a bilo ih je i vise nego ona 2 koje sam naveo na pocetku.


Takodje obrishi sledece u registry ako postoji:

Code:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 
"drvsyskit" = "%System%\drivers\hidr.exe"


Jedan od ovih trojanace je, kako sam rekao, kombinacija trojanca i rootkita i zato imas problem pri instalaciji antivirusnih programa.

[Ovu poruku je menjao Binary Mind dana 24.01.2008. u 18:34 GMT+1]
Open-mindedness is considered a virtue, and true open-mindedness is, but don’t be so open minded that your brains fall out...

...It's not enough to simply not be so open minded that your brains fall out. It is equally important to have adequate bullshit deflectors in place so that the unscrupulous don't just fill your wide open mind with lies and nonsense.
24.01.2008. u 16:55 

NIKSICKO_PIVO

Član broj: 20194
Poruke: 278
195.66.191.*



Profil

icon Re: dali moze da se popravi?26.01.2008. u 19:13
brate sve sam napravio hvala ti puno
aj daj jos po jednu...
26.01.2008. u 19:13 

[es] :: Zaštita :: dali moze da se popravi?

Strane: 1 2

[ Pregleda: 2946 | Odgovora: 29 ]

 Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.