Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

pomoc oko virusa

[es] :: Zaštita :: pomoc oko virusa

Strane: 1 2

[ Pregleda: 1168 | Odgovora: 34 ]

 Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

izida
stojanovic aleksandar
bgd

Član broj: 97823
Poruke: 1062
91.148.106.*

Sajt: youtube.com/watch?v=g2S34..


Profil

icon pomoc oko virusa14.02.2008. u 12:10

windows mi je izbacio nekakvu poruku oko generisanja win32,u tom prozoru sam imao onu opciju send,dont send.... kad sam kliknuo na neku od te dve stavke sledece sto se desava je da kaspersy izbacuje nekakav prozor u kojem se spominje svghost fajl,pokusao sam da slikam taj prozor ali se komp delimicno blokira,ustvari samo dole gde su tabovi tu je prazno tako da nista nisam mogao da otvorim... u tom prozoru je bila opcija da se klikne na nesto tipa intruder ili nesto slicno ali posto je bilo blokirano to mi nije polazilo za rukom,medjutim,posle cekanja od 10 minuta otisao je na ovaj sajt http://www.viruslist.com/en/viruses/encyclopedia/pdm/invader
skenirao sam 2 puta sa kaspersik i sa adaware(koji su redovno azurirani) i oni navodno nisu nista pronasli.
vidim da mi je komp blago poblesavio,kad gledam satelitsku tv preko ss2 kartice izbacuje mi neke poruke o grafovima i filterima.....
evo i log fajl pa ako je neko dobre volje nek pomogne

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:09 AM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\program files\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Girder\Girder.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elitesecurity.org/f101-PC-DVB-kartice
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Oobe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Oobe" (User 'NETWORK SERVICE')
O4 - Startup: Girder3.lnk = C:\Program Files\Girder\Girder.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1201238816359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co...t/muweb_site.cab?1201238684750
O17 - HKLM\System\CCS\Services\Tcpip\..\{845CED77-61D1-4902-A495-8C45643A4E76}: NameServer = 194.106.162.2,194.106.162.3
O18 - Protocol: bw+0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\program files\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe

--
End of file - 19794 bytes
srbija je vecna dok su joj deca verna
14.02.2008. u 12:10 

Binary Mind
11040

Član broj: 28245
Poruke: 3576
*.adsl-3.sezampro.yu.



Profil

icon Re: pomoc oko virusa14.02.2008. u 13:21
Skini Vundofix sa ovog linka:

http://www.atribune.org/content/view/24/2/

i koristi uputstva sa istog linka da izvrsis sken i posle postuj Vundo log (koliko se secam C:\report.txt) i HJT! log. Takodje skini Superantispyware update-uj ga i skeniraj.
Open-mindedness is considered a virtue, and true open-mindedness is, but don’t be so open minded that your brains fall out...

...It's not enough to simply not be so open minded that your brains fall out. It is equally important to have adequate bullshit deflectors in place so that the unscrupulous don't just fill your wide open mind with lies and nonsense.
14.02.2008. u 13:21 

drazapn
Vlasnik ZTR i Servisa
Pomoravlje

Član broj: 147838
Poruke: 129
79.101.205.*



Profil

icon Re: pomoc oko virusa14.02.2008. u 14:09
samo da pitam da li je Superantispyware bolji od ostalih programa te namene?
Positive Energy
14.02.2008. u 14:09 

izida
stojanovic aleksandar
bgd

Član broj: 97823
Poruke: 1062
91.148.106.*

Sajt: youtube.com/watch?v=g2S34..


Profil

icon Re: pomoc oko virusa14.02.2008. u 16:29
Citat:
Binary Mind: Skini Vundofix sa ovog linka:

http://www.atribune.org/content/view/24/2/

i koristi uputstva sa istog linka da izvrsis sken i posle postuj Vundo log (koliko se secam C:\report.txt) i HJT! log. Takodje skini Superantispyware update-uj ga i skeniraj.

vundofix nije nista pronasao log file nisam znao gde je,nije bila opcija za to....
Superantispyware je nasao 38 stvarcica koje sam obrisao tako da cu videti da li je problem resen
srbija je vecna dok su joj deca verna
14.02.2008. u 16:29 

Binary Mind
11040

Član broj: 28245
Poruke: 3576
*.adsl-1.sezampro.yu.



Profil

icon Re: pomoc oko virusa14.02.2008. u 17:37
izida (Isis ) postavi novi HiJackThis! log. Superantispyware je dobar program, ali ne i najbolji. Najbolji program za takve stvari zapravo i ne postoji.
Open-mindedness is considered a virtue, and true open-mindedness is, but don’t be so open minded that your brains fall out...

...It's not enough to simply not be so open minded that your brains fall out. It is equally important to have adequate bullshit deflectors in place so that the unscrupulous don't just fill your wide open mind with lies and nonsense.
14.02.2008. u 17:37 

izida
stojanovic aleksandar
bgd

Član broj: 97823
Poruke: 1062
91.148.106.*

Sajt: youtube.com/watch?v=g2S34..


Profil

icon Re: pomoc oko virusa14.02.2008. u 18:11
opet se javlja isti problem,evo slike


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:58 AM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
D:\program files\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Girder\Girder.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elitesecurity.org/f101-PC-DVB-kartice
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Oobe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Oobe" (User 'NETWORK SERVICE')
O4 - Startup: Girder3.lnk = C:\Program Files\Girder\Girder.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1201238816359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co...t/muweb_site.cab?1201238684750
O17 - HKLM\System\CCS\Services\Tcpip\..\{845CED77-61D1-4902-A495-8C45643A4E76}: NameServer = 194.106.162.2,194.106.162.3
O18 - Protocol: bw+0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {04974B41-B135-42C6-BA68-3B2581B84DEF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\program files\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
srbija je vecna dok su joj deca verna
14.02.2008. u 18:11 

Binary Mind
11040

Član broj: 28245
Poruke: 3576
*.adsl-1.sezampro.yu.



Profil

icon Re: pomoc oko virusa14.02.2008. u 19:59
Deinstaliraj Logitec Desktop Messenger. Vidis koliko je registry vrednosti vezano za njega (O18). Posle toga okaci novi HJT! log i javi kako se racunar ponasa. Inace ono "Invader moze biti i false positive od strane programa koji to javlja... Ja ovde ne vidim nista sem svchosta koji baguje, a moze bagovati a da uopste nema virusa.

Da nije ovo neka n-lite-ovana verzija XP-a posto vidim registry vrednosti vezane za nlite.inf?
U slucaju da je nlite-vana verzija odmah mi reci koja je da vidim da li vredi uopste da se trudim dalje...

[Ovu poruku je menjao Binary Mind dana 14.02.2008. u 21:44 GMT+1]
Open-mindedness is considered a virtue, and true open-mindedness is, but don’t be so open minded that your brains fall out...

...It's not enough to simply not be so open minded that your brains fall out. It is equally important to have adequate bullshit deflectors in place so that the unscrupulous don't just fill your wide open mind with lies and nonsense.
14.02.2008. u 19:59 

izida
stojanovic aleksandar
bgd

Član broj: 97823
Poruke: 1062
91.148.106.*

Sajt: youtube.com/watch?v=g2S34..


Profil

icon Re: pomoc oko virusa14.02.2008. u 20:07
ja kad bi znao sta ti je to nlite-vana verzija odmah bi se ozenio,evo slike,inace ovaj sistem mi radi pola godine
srbija je vecna dok su joj deca verna
14.02.2008. u 20:07 

Binary Mind
11040

Član broj: 28245
Poruke: 3576
*.adsl-1.sezampro.yu.



Profil

icon Re: pomoc oko virusa14.02.2008. u 20:41
Jeste n-lite verzija zvana 2Fast XP (verzija koju je neko pravio sa programom zvanim n-lite). Kad si instalirao Logitec Desktop Messenger? Obrishi ovo u HJT! (stikliraj vrednosti i nakon toga pritisni "fix checked"):

Code:

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Oobe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Oobe" (User 'NETWORK SERVICE')


i deinstaliraj Logitech Destop Messenger, okachi novi HJT! log i javi sta se desava...

[Ovu poruku je menjao Binary Mind dana 14.02.2008. u 21:51 GMT+1]
Open-mindedness is considered a virtue, and true open-mindedness is, but don’t be so open minded that your brains fall out...

...It's not enough to simply not be so open minded that your brains fall out. It is equally important to have adequate bullshit deflectors in place so that the unscrupulous don't just fill your wide open mind with lies and nonsense.
14.02.2008. u 20:41 

izida
stojanovic aleksandar
bgd

Član broj: 97823
Poruke: 1062
91.148.106.*

Sajt: youtube.com/watch?v=g2S34..


Profil

icon Re: pomoc oko virusa14.02.2008. u 23:20
insatalirao sam ga sa drivera od misa i tastature

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:46 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
D:\program files\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Girder\Girder.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elitesecurity.org/f101-PC-DVB-kartice
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'NETWORK SERVICE')
O4 - Startup: Girder3.lnk = C:\Program Files\Girder\Girder.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1201238816359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co...t/muweb_site.cab?1201238684750
O17 - HKLM\System\CCS\Services\Tcpip\..\{845CED77-61D1-4902-A495-8C45643A4E76}: NameServer = 194.106.162.2,194.106.162.3
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\program files\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 7270 bytes
srbija je vecna dok su joj deca verna
14.02.2008. u 23:20 

Binary Mind
11040

Član broj: 28245
Poruke: 3576
*.adsl-1.sezampro.yu.



Profil

icon Re: pomoc oko virusa14.02.2008. u 23:32
Ostalo je ovo:

Code:

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'NETWORK SERVICE')


Zaboravi na ovo. Ocigledno da su neki hackovi za taj Windows posto je nlite verzija. Kako sad radi?
Open-mindedness is considered a virtue, and true open-mindedness is, but don’t be so open minded that your brains fall out...

...It's not enough to simply not be so open minded that your brains fall out. It is equally important to have adequate bullshit deflectors in place so that the unscrupulous don't just fill your wide open mind with lies and nonsense.
14.02.2008. u 23:32 

izida
stojanovic aleksandar
bgd

Član broj: 97823
Poruke: 1062
91.148.106.*

Sajt: youtube.com/watch?v=g2S34..


Profil

icon Re: pomoc oko virusa14.02.2008. u 23:37
koliko vidim opet isto...
sad si me zbunio,jel ovo virus ili ne???
srbija je vecna dok su joj deca verna
14.02.2008. u 23:37 

Binary Mind
11040

Član broj: 28245
Poruke: 3576
*.adsl-1.sezampro.yu.



Profil

icon Re: pomoc oko virusa14.02.2008. u 23:56
Nije. Prvo sam mislio da jeste ali pogledavsi vrednosti malo bolje dosao sam do zakljucka da nisu virusi nego registy hackovi za tu n-lite verziju Windows-a. Sad ces otvoris HijackThis! i da odes na "config" (dugme je levo), pa na "backups" i da stikliras ono sto smo obrisali i kazes "restore" (dobra fora kod HJT-a ukoliko se napravi greska). Greska je nastala zbog nlite verzije Windows-a koja nije dobro odradjena. Ona radi ali nije to to...

Posle toga ces skinuti Combofix i uraditi sken njime. Ne verujem da ce ista da nadje, ali moze mi log posluziti da nadjem potencijalne napasti. Kad aktiviras Combofix, pratis upite, i dok skenira ne diras komp. Evo linka za Combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Posle skena okaci Combofix log... Inace mislim da si nesto zeznuo sa podesavanjem KIS-a i da ti zbog toga baguje svchost.

Sutra cemo nastaviti posto jos malo idem da lalam...
Open-mindedness is considered a virtue, and true open-mindedness is, but don’t be so open minded that your brains fall out...

...It's not enough to simply not be so open minded that your brains fall out. It is equally important to have adequate bullshit deflectors in place so that the unscrupulous don't just fill your wide open mind with lies and nonsense.
14.02.2008. u 23:56 

izida
stojanovic aleksandar
bgd

Član broj: 97823
Poruke: 1062
91.148.106.*

Sajt: youtube.com/watch?v=g2S34..


Profil

icon Re: pomoc oko virusa15.02.2008. u 00:25
ComboFix 08-02-15.1 - Administrator 2008-02-14 13:06:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.550 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-14 07:58 . 2008-02-14 07:58 <DIR> d-------- C:\Program Files\Defraggler
2008-02-14 04:51 . 2008-02-14 04:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-14 04:50 . 2008-02-14 04:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-14 04:50 . 2008-02-14 04:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-14 04:43 . 2008-02-14 04:43 <DIR> d-------- C:\VundoFix Backups
2008-02-13 12:22 . 2008-02-13 12:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-11 06:35 . 2008-02-11 06:35 <DIR> d-------- C:\Program Files\DivX
2008-02-09 11:01 . 2008-02-14 07:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-09 11:01 . 2008-02-15 13:16 2,076,960 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-09 11:01 . 2008-02-09 11:07 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-09 11:01 . 2008-02-09 11:01 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-09 11:01 . 2008-02-15 13:15 34,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-09 11:01 . 2008-02-14 07:28 29,252 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-09 11:01 . 2008-02-14 07:28 4,784 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-07 09:17 . 2008-02-09 11:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-07 09:16 . 2008-02-09 11:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-06 09:38 . 2008-02-06 09:38 <DIR> d-------- C:\Program Files\FireTrust
2008-02-06 09:38 . 2008-02-10 06:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MailWasherPro
2008-02-02 08:40 . 2002-12-11 17:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-31 08:19 . 2008-01-31 08:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-01-31 08:18 . 2008-01-31 08:18 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-01-31 08:18 . 2008-01-31 08:18 <DIR> d-------- C:\Program Files\ACD Systems
2008-01-31 08:18 . 2008-01-31 08:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-01-31 07:06 . 2008-01-31 07:06 <DIR> d-------- C:\Program Files\CCleaner
2008-01-31 06:45 . 2008-01-31 06:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-01-31 05:51 . 2008-02-14 07:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-31 05:51 . 2008-01-31 05:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-30 07:45 . 2008-01-30 07:45 <DIR> d-------- C:\Program Files\directx
2008-01-30 07:45 . 2008-01-30 07:51 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-30 07:42 . 2008-01-30 07:42 <DIR> d-------- C:\Program Files\KONAMI
2008-01-30 05:06 . 2008-01-30 05:06 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-30 05:06 . 2008-01-30 05:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-30 05:06 . 2008-01-30 05:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-01-30 05:04 . 2008-01-30 05:04 <DIR> d-------- C:\WINDOWS\cache
2008-01-30 02:53 . 2008-01-30 02:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Logitech
2008-01-29 22:58 . 2008-01-29 22:58 118,784 --------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2008-01-29 22:56 . 2005-05-25 02:40 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-29 22:56 . 2005-05-25 02:40 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-01-29 22:56 . 2005-05-25 02:40 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-01-29 22:56 . 2005-05-25 02:40 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-01-29 22:56 . 2005-05-20 15:01 68,352 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-01-29 22:56 . 2005-05-20 15:00 54,528 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2008-01-29 22:56 . 2005-05-20 15:00 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-01-29 21:48 . 2008-01-29 21:48 <DIR> d-------- C:\Program Files\uTorrent
2008-01-29 21:48 . 2008-02-15 13:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-01-29 21:20 . 2008-01-29 21:20 <DIR> d-------- C:\Program Files\Webteh
2008-01-29 21:20 . 2008-01-29 21:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BSplayer Pro
2008-01-29 21:20 . 2008-01-29 21:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BSplayer
2008-01-27 22:52 . 2008-01-27 22:52 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-01-27 16:13 . 2008-01-27 16:14 <DIR> d-------- C:\Program Files\Live Poker
2008-01-25 19:52 . 2008-01-25 19:52 <DIR> d-------- C:\Program Files\Dream Match Tennis
2008-01-25 19:52 . 2005-10-17 04:05 200,192 --------- C:\WINDOWS\eiunin21.exe
2008-01-25 19:27 . 2008-01-25 19:27 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-25 19:27 . 1997-11-11 22:33 317,440 --a------ C:\WINDOWS\IsUninst.exe
2008-01-25 09:25 . 2008-01-25 09:26 <DIR> d-------- C:\Program Files\Girder
2008-01-24 21:55 . 2008-01-24 21:55 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-01-24 21:52 . 2008-01-24 21:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-24 21:35 . 2008-01-24 21:52 <DIR> d-------- C:\Program Files\Windows Live
2008-01-24 21:35 . 2008-01-24 21:52 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-24 21:35 . 2008-01-24 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-24 21:34 . 2008-01-24 21:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-24 21:33 . 2008-01-24 21:33 <DIR> d-------- C:\Program Files\QuickTime
2008-01-24 21:33 . 2008-01-24 21:33 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-24 21:33 . 2008-01-24 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-24 21:33 . 2008-01-24 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-24 21:30 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-24 21:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-24 21:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-24 21:30 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-24 21:13 . 2008-01-24 21:13 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-24 21:13 . 2008-01-29 22:55 50 --a------ C:\WINDOWS\cdplayer.ini
2008-01-24 21:12 . 2008-01-24 21:13 <DIR> d-------- C:\Program Files\Real
2008-01-24 21:12 . 2008-01-24 21:12 <DIR> d-------- C:\Program Files\Common Files\Real
2008-01-24 21:12 . 2008-01-24 21:12 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-24 21:12 . 2008-01-24 21:12 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-24 20:49 . 2008-01-24 20:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-24 20:49 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-24 20:03 . 2008-02-14 04:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 20:02 . 2008-01-24 20:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ESET
2008-01-24 20:01 . 2008-01-24 20:01 <DIR> d-------- C:\Program Files\ESET
2008-01-24 20:01 . 2008-01-24 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-24 19:59 . 2008-01-24 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-24 17:06 . 2008-01-29 21:26 <DIR> d-------- C:\Program Files\Total Video Player
2008-01-23 20:14 . 2008-01-23 20:14 <DIR> d--hs---- C:\Documents and Settings\Administrator\UserData
2008-01-23 17:50 . 2006-07-17 01:40 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-23 17:50 . 2006-07-17 01:40 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-23 17:48 . 2008-02-14 09:01 <DIR> d-------- C:\Program Files\Logitech
2008-01-23 17:48 . 2008-01-29 22:56 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-01-23 17:48 . 2004-04-14 10:54 163,840 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2008-01-23 17:48 . 2004-04-14 11:08 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-01-23 17:48 . 2004-04-14 11:08 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-01-23 17:48 . 2004-04-14 11:08 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-01-23 17:48 . 2004-04-14 11:08 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-01-23 17:38 . 2008-01-23 17:38 <DIR> d-------- C:\Program Files\EA SPORTS
2008-01-23 09:37 . 2008-01-23 09:37 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-01-23 09:36 . 2008-01-23 09:36 <DIR> d-------- C:\Program Files\ATI Technologies
2008-01-23 09:36 . 2007-12-20 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-01-23 09:34 . 2008-01-23 09:34 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-01-23 09:34 . 2008-01-23 09:34 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-23 09:34 . 2008-01-23 09:34 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-21 03:53 2,843,136 --