|
Poslao: 18 Dec 2007 12:14
|
offline
- GOKU91
- Ugledni građanin
- Pridružio: 13 Jul 2007
- Poruke: 363
|
Bio sam zarazen nekim trojancima, ne znam tacno kako se zovu, i bukvalno nisam mogao da pokrenem ni jedan program, nisam mogao da odem na internet i cak nisam mogao da iskljucim ili restartujem racunar (u task baru pokrene samo windowblinds a antivirus ne). Kada god sam hteo da pokrenem program izlazilo je upozorenje "(taj i taj program) is not valid Win32 application".
Otisao sam u safe mode i skenirao avastom koji je nasao trojance i obrisao ali opet nista nije radilo kada normalno pokrenem racunar. Potom sam u safe modu uradio oporavak sistema. Tada je radilo sve normalno, avastom sam opet skenirao i nasao je trojance koje sam stavio u karantin (mozda su isti kao iz predhodnog scana). 3xWin32:Delf-GVX i Win32:Trojan-gen{UPX}. E sad je problem u tome sto ja mislim da ima jos tu necega jer svaki put kada hocu da iskljucim racunar on pokazuje "End program-No Title".
Evp loga:
Logfile of HijackThis v1.99.1
Scan saved at 12:10:44, on 18.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\TIADSL~1\bin\win2k\tidslmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nemanja\Desktop\Nova fascikla\tr3.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\TIADSL~1\bin\win2k\tidslmon.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=122407 serial=..... lang=EN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5C.....8215546181
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31163409-ADF7-46FC-A2F3-8A7BA4FDCCEC}: NameServer = 77.105.0.19 77.105.0.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{31163409-ADF7-46FC-A2F3-8A7BA4FDCCEC}: NameServer = 77.105.0.19 77.105.0.18
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll,wbsys.dll C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
|
|
|
|
|
|
|
|
|
Poslao: 19 Dec 2007 00:53
|
offline
- GOKU91
- Ugledni građanin
- Pridružio: 13 Jul 2007
- Poruke: 363
|
Pozdrav i tebi.
Evo ComboFix loga:
ComboFix 07-12-19.2 - Nemanja 2007-12-18 23:29:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.544 [GMT 1:00]
Running from: C:\Documents and Settings\Nemanja\Desktop\ComboFix(2).exe
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\2.exe
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\drivers\sfsync02.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SFSYNC02
-------\sfsync02
((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.
2007-12-17 18:25 . 2007-12-04 19:38 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-17 18:25 . 2007-12-04 19:38 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-17 18:25 . 2007-12-04 19:38 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-17 00:01 . 2007-12-17 00:01 268 --ah----- C:\sqmdata17.sqm
2007-12-17 00:01 . 2007-12-17 00:01 244 --ah----- C:\sqmnoopt17.sqm
2007-12-14 23:22 . 2007-12-14 23:24 <DIR> d-------- C:\Program Files\AoA Audio Extractor
2007-12-14 21:59 . 2007-12-14 21:59 <DIR> d-------- C:\Games
2007-12-14 19:18 . 2007-12-14 19:18 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2007-12-14 19:18 . 2007-12-14 19:18 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-12-14 19:18 . 2007-12-14 19:18 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-12-14 18:46 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-14 18:46 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-14 18:46 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-14 18:45 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-14 18:45 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-14 18:45 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-14 18:45 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-14 18:45 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:09 . 2007-12-11 22:09 <DIR> d-------- C:\Program Files\COMODO
2007-12-11 22:09 . 2007-12-11 22:09 <DIR> d-------- C:\Documents and Settings\Nemanja\Application Data\Comodo
2007-12-11 22:09 . 2007-12-14 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-12-09 11:12 . 2007-12-09 11:12 360,576 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-12-09 11:07 . 2007-12-09 11:07 <DIR> d-------- C:\WINDOWS\vbSkinner
2007-12-09 11:00 . 2007-12-09 13:06 <DIR> d-------- C:\Program Files\PFConfig
2007-12-04 23:45 . 2007-12-04 23:45 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2007-12-04 19:38 . 2007-12-04 19:38 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-04 19:38 . 2007-12-04 19:38 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-04 19:38 . 2007-12-04 19:38 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-04 19:35 . 2007-12-04 19:35 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-04 19:35 . 2007-12-04 19:35 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-04 15:20 . 2007-12-04 15:20 <DIR> d-------- C:\tmp99
2007-12-04 13:48 . 2007-12-04 13:48 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-04 13:36 . 2007-12-04 13:36 <DIR> d-------- C:\Documents and Settings\Nemanja\Application Data\JLC's Software
2007-12-04 13:25 . 2007-12-04 21:39 <DIR> d-------- C:\Program Files\Webteh
2007-12-04 13:25 . 2007-12-04 13:25 <DIR> d-------- C:\Documents and Settings\Nemanja\Application Data\BSplayer Pro
2007-12-04 13:25 . 2007-12-04 22:09 <DIR> d-------- C:\Documents and Settings\Nemanja\Application Data\BSplayer
2007-12-02 15:44 . 2007-12-02 15:44 268 --ah----- C:\sqmdata16.sqm
2007-12-02 15:44 . 2007-12-02 15:44 244 --ah----- C:\sqmnoopt16.sqm
2007-12-02 11:45 . 2007-12-02 11:45 268 --ah----- C:\sqmdata15.sqm
2007-12-02 11:45 . 2007-12-02 11:45 244 --ah----- C:\sqmnoopt15.sqm
2007-11-30 23:51 . 2007-11-30 23:51 <DIR> d-------- C:\Program Files\MSECache
2007-11-28 00:03 . 2007-12-03 13:46 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-26 00:08 . 2007-11-26 21:24 <DIR> d-------- C:\Program Files\KeyOPS
2007-11-24 18:33 . 2007-11-24 18:36 <DIR> d-------- C:\Program Files\BitLord
2007-11-21 19:37 . 2007-11-21 19:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-21 19:37 . 2007-11-21 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-21 12:20 . 2007-11-21 12:20 <DIR> d-------- C:\Program Files\Stardock
2007-11-19 17:54 . 2007-11-19 17:54 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-19 17:26 . 2007-11-19 17:53 <DIR> d-------- C:\Program Files\BMW M3 Challenge
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 10:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-17 20:55 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\BearShare
2007-12-17 17:35 --------- d-----w C:\Program Files\DivX
2007-12-14 22:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-14 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-14 12:00 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\uTorrent
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-10 22:39 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\LimeWire
2007-12-09 17:36 360,576 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-12-06 12:41 --------- d-----w C:\Program Files\Defcon
2007-12-04 13:38 --------- d-----w C:\Program Files\MSN Messenger
2007-12-04 12:48 --------- d-----w C:\Program Files\Common Files\Real
2007-12-03 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-02 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-29 17:22 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-22 21:59 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-19 20:57 --------- d-----w C:\Program Files\Starcraft
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 09:59 --------- d-----w C:\Program Files\a-squared Free
2007-11-12 21:03 --------- d-----w C:\Program Files\Google
2007-11-10 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-10 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 12:14 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Apple Computer
2007-11-09 11:35 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Teleca
2007-11-09 11:16 --------- d-----w C:\Program Files\Sony
2007-11-09 11:03 --------- d-----w C:\Program Files\QuickTime
2007-11-09 11:01 --------- d-----w C:\Program Files\Apple Software Update
2007-11-09 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-09 10:53 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-11-09 10:52 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-11-09 10:52 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Sony Ericsson
2007-11-09 10:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2007-11-09 10:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-11-09 10:51 --------- d-----w C:\Program Files\Sony Ericsson
2007-11-08 12:45 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Talkback
2007-11-08 12:44 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Thunderbird
2007-11-07 13:01 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\ESET
2007-11-07 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2007-11-06 14:05 --------- d-----w C:\Program Files\Image-Line
2007-11-06 12:50 --------- d-----w C:\Program Files\VstPlugins
2007-11-06 09:49 --------- d-----w C:\Program Files\PROS
2007-11-05 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-04 12:22 --------- d-----w C:\Program Files\Tall Emu
2007-11-01 14:16 --------- d-----w C:\Program Files\EA GAMES
2007-11-01 12:50 --------- d-----w C:\Program Files\BearShare Applications
2007-10-31 10:25 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2007-10-31 07:13 --------- d-----w C:\Program Files\YouTube Downloader
2007-10-27 18:23 --------- d-----w C:\Documents and Settings\User1\Application Data\Microsoft Games
2007-10-27 18:23 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Microsoft Games
2007-10-26 17:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nero
2007-10-26 10:59 --------- d-----w C:\Program Files\Quick Screen Capture
2007-10-23 13:53 --------- d-----w C:\Program Files\Alwil Software
2007-10-23 13:20 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-10-23 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2007-10-23 13:02 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\BearShare(2)
2007-10-22 07:51 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-10-21 19:35 --------- d-----w C:\Documents and Settings\Jelena\Application Data\AVG7
2007-10-20 11:01 --------- d-----w C:\Program Files\LimeWire
2007-01-19 15:43 56 --sh--r C:\WINDOWS\system32\7A4EB6551E.sys
2007-07-25 15:15 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 10:11]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 10:11]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"TIxDSL"="C:\PROGRA~1\TIADSL~1\bin\win2k\tidslmon.exe" [2002-08-27 11:37]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 12:39]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]
"MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2005-09-12 14:20]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-04 13:47]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-12-14 19:18]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2007-01-08 12:11:08]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 10:10:02]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-21 12:22 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll,wbsys.dll C:\WINDOWS\system32\guard32.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2002-01-24 14:25]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-14 19:18]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-14 19:18]
R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys [2005-06-10 09:42]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 08:51]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs []
R3 TIAU5CO;Actiontec Home DSL Modem(WAN) Service;C:\WINDOWS\system32\DRIVERS\TIAU5CO.sys [2002-04-02 12:06]
S3 akshasp;Aladdin HASP Key;C:\WINDOWS\system32\DRIVERS\akshasp.sys [2005-07-20 18:08]
S3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 22:58]
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 22:58]
S3 pohci13F;pohci13F;C:\DOCUME~1\Nemanja\LOCALS~1\Temp\pohci13F.sys []
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 12:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 12:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]
S3 SmartCd;SmartCd;C:\WINDOWS\system32\Drivers\SmartCd.sys [2002-01-19 17:00]
S3 TIAu5Bt;Actiontec Home DSL Modem Boot Device Service;C:\WINDOWS\system32\Drivers\tiau5bt.sys [2002-04-02 12:05]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 11:54]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4eeb5e3-2163-11dc-8e47-000795db2512}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 16:21:59 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-09 11:01:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 00:38:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2007-12-20 0:45:54 - machine was rebooted
.
2007-12-16 19:23:33 --- E O F ---
|
|
|
|
|
|
|
|
|
Poslao: 19 Dec 2007 12:56
|
offline
- GOKU91
- Ugledni građanin
- Pridružio: 13 Jul 2007
- Poruke: 363
|
Evo uradio sam kako si mi rekao:
ComboFix 07-12-19.2 - Nemanja 2007-12-20 12:21:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.549 [GMT 1:00]
Running from: C:\Documents and Settings\Nemanja\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nemanja\Desktop\CFScript.txt
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll
((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))
.
2007-12-17 18:25 . 2007-12-04 19:38 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-17 18:25 . 2007-12-04 19:38 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-17 18:25 . 2007-12-04 19:38 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-17 00:01 . 2007-12-17 00:01 268 --ah----- C:\sqmdata17.sqm
2007-12-17 00:01 . 2007-12-17 00:01 244 --ah----- C:\sqmnoopt17.sqm
2007-12-14 23:22 . 2007-12-14 23:24 <DIR> d-------- C:\Program Files\AoA Audio Extractor
2007-12-14 21:59 . 2007-12-14 21:59 <DIR> d-------- C:\Games
2007-12-14 19:18 . 2007-12-14 19:18 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2007-12-14 19:18 . 2007-12-14 19:18 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-12-14 19:18 . 2007-12-14 19:18 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-12-14 18:46 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-14 18:46 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-14 18:46 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-14 18:45 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-14 18:45 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-14 18:45 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-14 18:45 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-14 18:45 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:09 . 2007-12-11 22:09 <DIR> d-------- C:\Program Files\COMODO
2007-12-11 22:09 . 2007-12-11 22:09 <DIR> d-------- C:\Documents and Settings\Nemanja\Application Data\Comodo
2007-12-11 22:09 . 2007-12-14 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-12-09 11:12 . 2007-12-09 11:12 360,576 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-12-09 11:07 . 2007-12-09 11:07 <DIR> d-------- C:\WINDOWS\vbSkinner
2007-12-09 11:00 . 2007-12-09 13:06 <DIR> d-------- C:\Program Files\PFConfig
2007-12-04 23:45 . 2007-12-04 23:45 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2007-12-04 19:38 . 2007-12-04 19:38 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-04 19:38 . 2007-12-04 19:38 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-04 19:38 . 2007-12-04 19:38 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-04 19:35 . 2007-12-04 19:35 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-04 19:35 . 2007-12-04 19:35 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-04 15:20 . 2007-12-04 15:20 <DIR> d-------- C:\tmp99
2007-12-04 13:48 . 2007-12-04 13:48 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-04 13:36 . 2007-12-04 13:36 <DIR> d-------- C:\Documents and Settings\Nemanja\Application Data\JLC's Software
2007-12-04 13:25 . 2007-12-04 21:39 <DIR> d-------- C:\Program Files\Webteh
2007-12-04 13:25 . 2007-12-04 13:25 <DIR> d-------- C:\Documents and Settings\Nemanja\Application Data\BSplayer Pro
2007-12-04 13:25 . 2007-12-04 22:09 <DIR> d-------- C:\Documents and Settings\Nemanja\Application Data\BSplayer
2007-12-02 15:44 . 2007-12-02 15:44 268 --ah----- C:\sqmdata16.sqm
2007-12-02 15:44 . 2007-12-02 15:44 244 --ah----- C:\sqmnoopt16.sqm
2007-12-02 11:45 . 2007-12-02 11:45 268 --ah----- C:\sqmdata15.sqm
2007-12-02 11:45 . 2007-12-02 11:45 244 --ah----- C:\sqmnoopt15.sqm
2007-11-30 23:51 . 2007-11-30 23:51 <DIR> d-------- C:\Program Files\MSECache
2007-11-28 00:03 . 2007-12-03 13:46 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-26 00:08 . 2007-11-26 21:24 <DIR> d-------- C:\Program Files\KeyOPS
2007-11-24 18:33 . 2007-11-24 18:36 <DIR> d-------- C:\Program Files\BitLord
2007-11-21 19:37 . 2007-11-21 19:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-21 19:37 . 2007-11-21 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-21 12:20 . 2007-11-21 12:20 <DIR> d-------- C:\Program Files\Stardock
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 10:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-17 20:55 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\BearShare
2007-12-17 17:35 --------- d-----w C:\Program Files\DivX
2007-12-14 22:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-14 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-14 12:00 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\uTorrent
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-10 22:39 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\LimeWire
2007-12-09 17:36 360,576 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-12-06 12:41 --------- d-----w C:\Program Files\Defcon
2007-12-04 13:38 --------- d-----w C:\Program Files\MSN Messenger
2007-12-04 12:48 --------- d-----w C:\Program Files\Common Files\Real
2007-12-03 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-02 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-29 17:22 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-22 21:59 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-19 20:57 --------- d-----w C:\Program Files\Starcraft
2007-11-19 16:53 --------- d-----w C:\Program Files\BMW M3 Challenge
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 09:59 --------- d-----w C:\Program Files\a-squared Free
2007-11-12 21:03 --------- d-----w C:\Program Files\Google
2007-11-10 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-10 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 12:14 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Apple Computer
2007-11-09 11:35 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Teleca
2007-11-09 11:16 --------- d-----w C:\Program Files\Sony
2007-11-09 11:03 --------- d-----w C:\Program Files\QuickTime
2007-11-09 11:01 --------- d-----w C:\Program Files\Apple Software Update
2007-11-09 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-09 10:53 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-11-09 10:52 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-11-09 10:52 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Sony Ericsson
2007-11-09 10:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2007-11-09 10:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-11-09 10:51 --------- d-----w C:\Program Files\Sony Ericsson
2007-11-08 12:45 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Talkback
2007-11-08 12:44 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Thunderbird
2007-11-07 13:01 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\ESET
2007-11-07 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2007-11-06 14:05 --------- d-----w C:\Program Files\Image-Line
2007-11-06 12:50 --------- d-----w C:\Program Files\VstPlugins
2007-11-06 09:49 --------- d-----w C:\Program Files\PROS
2007-11-05 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-04 12:22 --------- d-----w C:\Program Files\Tall Emu
2007-11-01 14:16 --------- d-----w C:\Program Files\EA GAMES
2007-11-01 12:50 --------- d-----w C:\Program Files\BearShare Applications
2007-10-31 10:25 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2007-10-31 07:13 --------- d-----w C:\Program Files\YouTube Downloader
2007-10-27 18:23 --------- d-----w C:\Documents and Settings\User1\Application Data\Microsoft Games
2007-10-27 18:23 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Microsoft Games
2007-10-26 17:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nero
2007-10-26 10:59 --------- d-----w C:\Program Files\Quick Screen Capture
2007-10-23 13:53 --------- d-----w C:\Program Files\Alwil Software
2007-10-23 13:20 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-10-23 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2007-10-23 13:02 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\BearShare(2)
2007-10-22 07:51 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-10-21 19:35 --------- d-----w C:\Documents and Settings\Jelena\Application Data\AVG7
2007-10-20 11:01 --------- d-----w C:\Program Files\LimeWire
2007-01-19 15:43 56 --sh--r C:\WINDOWS\system32\7A4EB6551E.sys
2007-07-25 15:15 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2007-12-20_ 0.42.40.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-19 23:41:54 72,386 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-20 11:47:22 72,386 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-19 23:41:54 442,760 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-20 11:47:22 442,760 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-20 11:42:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_56c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 10:11]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 10:11]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"TIxDSL"="C:\PROGRA~1\TIADSL~1\bin\win2k\tidslmon.exe" [2002-08-27 11:37]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 12:39]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]
"MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2005-09-12 14:20]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-04 13:47]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-12-14 19:18]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 00:56]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2007-01-08 12:11:08]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 10:10:02]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-21 12:22 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll,wbsys.dll C:\WINDOWS\system32\guard32.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2002-01-24 14:25]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-14 19:18]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-14 19:18]
R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys [2005-06-10 09:42]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 08:51]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs []
R3 TIAU5CO;Actiontec Home DSL Modem(WAN) Service;C:\WINDOWS\system32\DRIVERS\TIAU5CO.sys [2002-04-02 12:06]
S3 akshasp;Aladdin HASP Key;C:\WINDOWS\system32\DRIVERS\akshasp.sys [2005-07-20 18:08]
S3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 22:58]
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 22:58]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 12:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 12:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]
S3 SmartCd;SmartCd;C:\WINDOWS\system32\Drivers\SmartCd.sys [2002-01-19 17:00]
S3 TIAu5Bt;Actiontec Home DSL Modem Boot Device Service;C:\WINDOWS\system32\Drivers\tiau5bt.sys [2002-04-02 12:05]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 11:54]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 16:21:59 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-09 11:01:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 12:44:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2007-12-20 12:49:53 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-20 00:45
.
2007-12-16 19:23:33 --- E O F ---
|
|
|
|
|
|
|
Poslao: 19 Dec 2007 13:41
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
OK... Ovde više nema vidljivih tragova malware-a.
Da li sada primećuješ neke probleme?
Iskljucivanje System Restore-a
Na Desktopu, desni klik na My Computer.
Odaberite Properties.
Odaberite System Restore tab.
Stiklirajte Turn off System Restore.
Kliknite na dugme Apply.
Kliknite na dugme OK.
Restartuj kompjuter.
Ukljucivanje System Restore-a
Na Desktopu, desni klik na My Computer.
Odaberite Properties.
Odaberite System Restore tab.
Destiklirajte Turn off System Restore.
Kliknite na dugme Apply.
Kliknite na dugme OK.
|
|
|
|
|
|
|
Poslao: 19 Dec 2007 13:46
|
offline
- GOKU91
- Ugledni građanin
- Pridružio: 13 Jul 2007
- Poruke: 363
|
Nema vise nista neobicno. Samo da iskljucim i ukljucim System Restore.
U svakom slucaju jedno veliko HVALA!!! Nema sta, kvalitet i pouzdanost. Svaka cast.
|
|
|
|
|
|
