Drugari pomagajte! (Virus/trojanac)

[dkdnt]

Uspeo sam da zarazim nekako komp. Dok sam mirno krstario netom odjednom je počelo da mi iskače iljadu upozorenja od nod32ojke da je neki trojanac nešto nešto, sa nekog sajta nešto nešto. Naravno, odmah sam gasio i brisao čuda, ugasio net. Restartovao komp, i pobrisao temp i temp internet foldere. žžskinuo sam combofix, i poterao ga, ostaviću log dole, a onda i malwarebytes, ali dok nisam pokrenuo combofix nisam uspeo da ga skinem, pošto mi se ff gasio svaki put kada bi to pokušao. Takodje, tada mi je nod32 na in depth analizama odbijao da skenira bilo koji fajl, uz obrazloženje da ne može da ga otvori. POosle combofixa je sve skenirao i našao je

Kryptik.GH trojan
Kryptik.FZ trojan


i to u folderu system restorea, koji mi je ugašen, ali ga je combofix uključio da napravi restore point. no to sam već obrisao.

malwarebytes sada skenira i nema ništa inficirano.

evo ga i log:

[dkdnt]

((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-15 02:57 . 2009-02-15 02:57 309,712 --a------ c:\windows\system32\hguest.exe
2009-02-15 02:57 . 2009-02-15 02:57 107,745 --a------ c:\windows\system32\hgcheck.exe
2009-02-15 02:57 . 2009-02-15 03:00 6,035 --a------ c:\windows\system32\work.ini
2009-02-15 02:57 . 2009-02-15 02:57 227 --a------ c:\windows\system32\hgset.ini
2009-02-15 02:54 . 2009-02-15 02:58 827,963 --a------ c:\documents and settings\Administrator\Application Data\svchost.exe
2009-02-13 20:57 . 2009-02-13 20:57 135 --a------ c:\windows\wcx_ftp.ini
2009-02-10 04:04 . 2009-02-10 04:04 534 --a------ c:\windows\eReg.dat
2009-02-09 17:21 . 2009-02-09 17:22 <DIR> d-------- c:\program files\Internet Download Manager
2009-02-09 17:21 . 2009-02-09 23:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IDM
2009-02-09 17:21 . 2009-02-15 03:28 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DMCache
2009-02-06 05:40 . 2009-02-06 05:40 <DIR> d--hs---- C:\Boot
2009-02-06 05:40 . 2008-12-13 08:03 377,151 -rahs---- C:\bootmgr
2009-02-06 05:40 . 2009-02-06 05:40 8,192 -rahs---- C:\BOOTSECT.BAK
2009-02-05 22:40 . 2009-02-09 20:20 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-02-05 16:17 . 2009-02-05 16:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite
2009-02-05 16:17 . 2009-02-05 16:38 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Nokia
2009-02-05 16:16 . 2009-02-05 16:16 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-02-05 16:16 . 2009-02-05 16:16 <DIR> d-------- c:\program files\Nokia
2009-02-05 16:16 . 2009-02-05 16:16 <DIR> d-------- c:\program files\DIFX
2009-02-05 16:16 . 2009-02-05 16:16 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-02-05 16:16 . 2009-02-05 16:16 <DIR> d-------- c:\documents and settings\Administrator\Application Data\PC Suite
2009-02-05 16:16 . 2007-02-22 10:15 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2009-02-04 01:17 . 2009-02-04 01:17 <DIR> d-------- c:\program files\RealWorld Icon Editor
2009-02-04 01:17 . 2009-02-04 01:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\RealWorld
2009-02-03 20:48 . 2009-02-05 14:54 <DIR> d-------- c:\documents and settings\precice programs
2009-02-03 20:42 . 2009-02-05 22:59 <DIR> d-------- c:\documents and settings\precice ihre
2009-02-03 20:36 . 2009-02-03 20:36 414 --a------ c:\windows\bkp.reg
2009-02-03 20:08 . 2009-02-03 20:08 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-03 03:34 . 2009-02-03 03:50 25,992 --a------ c:\windows\system32\pgdfgsvc.exe
2009-02-03 03:22 . 2009-01-15 08:19 206,793 --a------ c:\windows\system32\nvapps.nvb
2009-02-02 15:35 . 2009-02-02 15:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-01-27 17:21 . 2009-01-28 00:01 23 --a------ c:\windows\BlendSettings.ini
2009-01-26 23:04 . 2009-01-26 23:04 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-22 20:02 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-01-22 20:02 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-01-22 20:02 . 2007-12-01 00:22 6,144 --a------ c:\windows\system32\kbd106.dll
2009-01-22 20:02 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-01-22 20:02 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-01-22 20:02 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-01-22 19:49 . 2009-01-26 13:37 0 --a------ c:\windows\temp.rom
2009-01-22 19:47 . 2009-01-22 19:47 <DIR> d-------- c:\program files\GIGABYTE
2009-01-22 15:39 . 2009-01-22 15:49 206,256 --a------ c:\windows\system32\idmmbc.dll
2009-01-16 13:44 . 2009-01-21 19:54 5,632 --ahs---- c:\windows\Thumbs.db
2009-01-16 13:35 . 2009-01-16 13:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\MSNInstaller
2009-01-16 13:29 . 2009-01-16 13:40 <DIR> d-------- c:\program files\Stardock
2009-01-16 13:29 . 2009-02-03 20:41 <DIR> d--h----- c:\program files\Common Files\Stardock
2009-01-15 23:50 . 2009-01-15 23:50 <DIR> d-------- c:\program files\Auslogics
2009-01-15 23:50 . 2009-01-15 23:50 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Auslogics
2009-01-15 23:44 . 2009-01-16 13:44 <DIR> d-------- c:\program files\Mv2Player
2009-01-15 14:20 . 2009-01-15 14:20 248 --a------ c:\windows\RomeTW.ini
2009-01-15 08:19 . 2009-01-15 08:19 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax

[dkdnt]

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-10 19:33 --------- d-----w c:\program files\DivX
2009-02-09 19:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-09 16:21 --------- d-----w c:\program files\Eset
2009-02-03 19:44 --------- d-----w c:\program files\BabasChess
2009-02-03 02:23 --------- d--h--w c:\program files\Common Files\Wise Installation Wizard
2009-02-03 02:22 --------- d-----w c:\program files\AGEIA Technologies
2009-01-21 21:25 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-21 18:54 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-14 07:15 --------- d-----w c:\program files\PowerQuest
2009-01-13 20:13 --------- d-----w c:\documents and settings\Administrator\Application Data\Download Manager
2009-01-07 10:28 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-01-06 19:25 --------- d-----w c:\program files\CyberLink
2009-01-06 19:25 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-01-06 19:25 --------- d-----w c:\documents and settings\Administrator\Application Data\CyberLink
2009-01-06 19:24 --------- d--h--w c:\program files\Common Files\InstallShieldOLD
2009-01-04 10:42 300,048 ----a-w c:\windows\system32\drivers\amon.sys
2009-01-04 10:42 245,760 ----a-w c:\windows\system32\imon.dll
2009-01-04 10:42 114,688 ----a-w c:\windows\system32\nms32.dll
2009-01-04 05:36 218,624 ----a-w c:\windows\system32\uxtheme.dll
2009-01-04 05:36 --------- d-----w c:\program files\KM-Software
2009-01-03 22:58 --------- d-----w c:\documents and settings\Administrator\Application Data\OpenOffice.org
2009-01-01 23:46 19 ----a-w c:\documents and settings\Administrator\rekonekt.bat
2008-12-31 20:13 --------- d-----w c:\documents and settings\Administrator\Application Data\DivX
2008-12-31 15:15 --------- d-----w c:\documents and settings\Administrator\Application Data\vlc
2008-12-31 15:05 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-31 15:05 --------- d-----w c:\program files\Windows Live
2008-12-31 15:04 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-30 01:43 --------- d--h--w c:\program files\Microsoft.NET
2008-12-30 01:41 --------- d--h--w c:\program files\MSBuild
2008-12-30 01:38 --------- d-----w c:\program files\Reference Assemblies
2008-12-30 01:23 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-30 01:23 --------- d-----w c:\documents and settings\Administrator\Application Data\DAEMON Tools
2008-12-30 01:05 --------- d-----w c:\documents and settings\Administrator\Application Data\ACD Systems
2008-12-30 01:04 --------- d--h--w c:\program files\Common Files\ACD Systems
2008-12-30 01:04 --------- d-----w c:\program files\ACD Systems
2008-12-30 01:04 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2008-12-30 00:56 --------- d--h--w c:\program files\Common Files\Ahead
2008-12-30 00:56 --------- d-----w c:\program files\Ahead
2008-12-30 00:54 --------- d-----w c:\program files\OpenOffice.org 3
2008-12-30 00:54 --------- d-----w c:\program files\JRE
2008-12-30 00:54 --------- d-----w c:\program files\Foxit Software
2008-12-30 00:53 --------- d-----w c:\program files\Java
2008-12-30 00:43 --------- d-----w c:\program files\AIMP2
2008-12-30 00:41 --------- d-----w c:\program files\VideoLAN
2008-12-30 00:38 --------- d-----w c:\program files\Malicious Software Removal Tool
2008-12-30 00:37 --------- d--h--w c:\program files\Common Files\Java
2008-12-30 00:37 --------- d-----w c:\program files\Windows Journal Viewer
2008-12-30 00:37 --------- d-----w c:\program files\7-Zip
2008-12-30 00:36 --------- d-----w c:\program files\HighMAT CD Writing Wizard
2008-12-30 00:28 --------- d-----w c:\program files\Jin
2008-12-30 00:27 --------- d-----w c:\program files\AutoPatcher
2008-12-30 00:25 10,752 ----a-w c:\windows\system32\aamd532.dll
2008-12-29 23:57 --------- d--h--w c:\program files\microsoft frontpage
2008-12-29 23:41 --------- d-----w c:\program files\Conexant
2008-12-29 23:37 --------- d-----w c:\program files\honestech
2008-12-29 23:27 16,376 ----a-w c:\windows\gdrv.sys
2008-12-29 23:23 --------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield
2008-12-29 23:21 --------- d-----w c:\program files\Intel
2008-12-29 23:16 319,488 ----a-w c:\windows\HideWin.exe
2008-12-29 23:16 --------- d-----w c:\program files\Realtek
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-10 08:45 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-12-04 08:28 24,344 ----a-w c:\windows\system32\PhysXDevice.dll
2008-11-26 07:55 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-11-25 07:38 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe

[dkdnt]

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-12-01 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-01-04 847872]
"CnxDslTaskBar"="c:\program files\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2003-10-29 462848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"hgcheck"="c:\windows\system32\hgcheck.exe" [2009-02-15 107745]
"*svchostBoot"="c:\documents and settings\Administrator\Application Data\svchost.exe" [2009-02-15 827963]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScheduleTV.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-ra------ 2007-08-29 09:55 1966080 c:\windows\system32\xRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-ra------ 2007-03-20 07:36 36864 c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2009-01-15 08:19 13680640 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2009-01-15 08:19 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-06-20 01:20 57344 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2008-06-20 01:42 2808832 c:\windows\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2009-01-15 08:19 1657376 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-07-24 01:51 16804864 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-11-21 03:15 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2008-06-19 03:01 77824 c:\windows\SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"RichVideo"=2 (0x2)
"NVSvc"=2 (0x2)
"idsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Counter Strike\\hl.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 878TVCard;Bt878 TV Card - Video Capture;c:\windows\system32\drivers\Bt878.sys [2008-12-30 196736]
R2 878TVTuner;Bt878 TV Card - TV Tuner;c:\windows\system32\drivers\BtTuner.sys [2008-12-30 9216]
R2 878Xbar;Bt878 TV Card - Crossbar;c:\windows\system32\drivers\BtXbar.sys [2008-12-30 8448]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2008-12-30 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2008-12-30 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [2008-12-30 108675]
S3 GPCIDrv;GPCIDrv;c:\program files\GIGABYTE\atBIOS\GPCIDrv.sys [2008-07-15 14504]
.
.
------- Supplementary Scan -------
.
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: imon.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hfkkf52e.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 03:35:19
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\imon.dll
.
Completion time: 2009-02-15 3:35:56
ComboFix-quarantined-files.txt 2009-02-15 02:35:54

Pre-Run: 14,260,260,864 bytes free
Post-Run: 14,247,149,568 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[dkdnt]

ANyone??

[NIx Car]

A jel imas Hijackthis?????

[dkdnt]

ne. Šta treba da radim? ovo mi se prvi put dešava, pa neću da se zezenem sa nečim.

[Djordje Turjacanin]

Skineš taj program, ekstraktujep ga i promenš mu ime u blo šta i pkreneš i ideš nas can i tu ima negdje gjde piše da sačuva log, to čekiraš. kad zvrši scan onda log postvi ovde

[dkdnt]

Ok. To sam i uradio. evo rezultata, tj loga:

Citat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:04, on 2/16/2009
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\honestech\honestech TVR\honestechTV.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\TTCMD\TOTALCMD.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Trend Micro\OTIMACINAS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1230600085859
O17 - HKLM\System\CCS\Services\Tcpip\..\{250412FB-75C9-4BF3-A233-4B902A2F10F6}: NameServer = 194.106.162.10 194.106.162.3
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4267 bytes

[nighthawk]

Ovo je cisto, osim ovog:

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.2.cab


Ali ni to mi ne izgleda kao nesto opasno. Akamai.com ne bi trebalo da distribuira nikakav malware http://en.wikipedia.org/wiki/Akamai_Technologies.

[Basa Mrkalj]

Restartuj racunar, klikci na F8 i izaberi Safe Mode.
Pokreni HijackThis i cekiraj sledecu liniju

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.2.cab

Klikni na Fix Checked.
Zatim restartuj

[dkdnt]

Citat:

Basa Mrkalj kaže:

Restartuj racunar, klikci na F8 i izaberi Safe Mode.
Pokreni HijackThis i cekiraj sledecu liniju

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.2.cab

Klikni na Fix Checked.
Zatim restartuj

uh, je l` moze to bez safe mode_a? Imam i win7 instaliranu, pa na F8 se on startuje u safe modeu.

sad sam roknuo fix u normal modeu, pa ono, ????