Skriveni ad-ware

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kao što sam i napisao u forumu sa kojeg su me uputili ovde AVG intermet security 8 mi je pronašao trojanca zapchast i još mnogo ad-warea koje nije mogao ukloniti.Kis 7,ad-aware 2007 i 2008 beta i AVG anti-spyware mi ništa nisu pronašli.internet explorer mi je od instalirnja sistema potpuno obrisan baš zbog ranjivosti, a nije mi svejedno da li je moj kompjuter čist ili pun megabajta štetnog smeća pa molim da mi pomognete!Evo i Hijack This loga

Logfile of HijackThis v1.99.1
Scan saved at 15:20:48, on 11.5.2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\Aco\Desktop\Nova fascikla\TQ3.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: (no name) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file)
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OP_CACHE.ATR
O4 - Startup: OP_CACHE.IDX
O4 - Global Startup: OP_CACHE.ATR
O4 - Global Startup: OP_CACHE.IDX
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DA9E7C1-18CB-4755-AE39-8E32D107FAC6}: NameServer = 91.150.77.5 91.150.77.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poz...




Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-05-09.1 - Aco 2008-05-11 19:17:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.168 [GMT 2:00]
Running from: C:\Documents and Settings\Aco\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Aco\ravmonlog
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\winitn.dll
C:\WINDOWS\system32\winsys.exe

----- BITS: Possible infected sites -----

[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
.
((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-11 19:17 . 2008-05-11 19:17 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-10 21:13 . 2008-05-10 21:13 <DIR> d-------- C:\Documents and Settings\Aco\Application Data\Grisoft
2008-05-10 21:13 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-10 19:18 . 2008-05-10 19:40 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-10 19:18 . 2008-05-10 19:40 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-10 19:07 . 2008-05-10 19:07 <DIR> d-------- C:\WINDOWS\system32\%DataFolder%
2008-05-10 18:29 . 2008-05-10 18:29 <DIR> d-------- C:\kav
2008-05-10 18:28 . 2008-05-10 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-10 17:43 . 2008-05-10 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-10 17:42 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-05-10 17:42 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-05-09 19:05 . 2008-05-09 19:05 38 --a------ C:\WINDOWS\avisplitter.INI
2008-05-09 15:55 . 2008-05-09 18:03 <DIR> d-------- C:\Documents and Settings\Aco\Application Data\BitTorrent
2008-05-09 15:54 . 2008-05-09 15:54 <DIR> d-------- C:\Program Files\BitTorrent
2008-05-09 15:54 . 2008-05-10 20:35 <DIR> d-------- C:\Documents and Settings\Aco\Application Data\DNA
2008-05-08 19:29 . 2008-05-08 19:29 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-05-08 17:47 . 2008-05-10 20:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-08 17:47 . 2008-05-08 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-08 17:21 . 2008-05-08 17:21 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-05 19:52 . 2007-08-18 09:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-05-05 19:51 . 2008-05-07 18:58 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-05-05 17:44 . 2008-05-05 17:44 <DIR> d-------- C:\Documents and Settings\Aco\Application Data\SUPERAntiSpyware.com
2008-05-05 17:43 . 2008-05-10 19:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 18:57 . 2007-04-16 07:00 55,296 --a------ C:\Documents and Settings\Aco\cnmss Canon iP3500 (Local).dll
2008-04-29 12:04 . 2008-04-29 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-04-29 12:00 . 2008-04-29 12:00 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-04-29 12:00 . 2008-04-29 12:00 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-29 12:00 . 2007-04-16 07:00 215,040 --a------ C:\WINDOWS\system32\CNMLM8V.DLL
2008-04-29 11:59 . 2008-04-29 11:59 <DIR> d--h----- C:\Program Files\CanonBJ
2008-04-25 13:15 . 2001-02-25 02:19 412,160 -ra------ C:\WINDOWS\system32\DivXc32.dll
2008-04-25 13:15 . 2001-02-25 03:57 294,912 -ra------ C:\WINDOWS\system32\iviaudio.ax
2008-04-25 13:15 . 2001-02-25 02:19 239,616 -ra------ C:\WINDOWS\system32\DivX_c32.ax
2008-04-25 13:15 . 2001-02-25 01:57 121,856 -ra------ C:\WINDOWS\system32\Mp3cnfg.cpl
2008-04-25 13:15 . 2001-02-25 03:57 34,816 -ra------ C:\WINDOWS\system32\mpgaudio.ax
2008-04-25 13:15 . 2001-02-25 01:57 18,944 -ra------ C:\WINDOWS\system32\Mp3cnfg.exe
2008-04-20 14:52 . 2008-04-20 14:52 113 --a------ C:\WINDOWS\system32\NemuAudio08.ini
2008-04-19 19:50 . 2008-04-19 19:50 <DIR> d-------- C:\Documents and Settings\Aco\Application Data\Microsoft FxCop
2008-04-19 18:13 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-19 18:13 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-19 18:13 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-19 17:48 . 2008-04-19 17:48 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-19 17:47 . 2008-04-19 17:52 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-19 17:28 . 2008-04-19 17:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-04-19 17:25 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-19 17:21 . 2008-04-19 17:53 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-19 16:46 . 2008-04-19 16:46 <DIR> d-------- C:\Program Files\PowerISO
2008-04-18 15:18 . 2008-04-18 15:19 <DIR> d-------- C:\WINDOWS\system32\js
2008-04-18 15:18 . 2008-04-18 15:18 <DIR> d-------- C:\WINDOWS\system32\images
2008-04-18 15:18 . 2008-04-18 15:19 <DIR> d-------- C:\WINDOWS\system32\html
2008-04-18 15:18 . 2008-04-18 15:19 <DIR> d-------- C:\WINDOWS\system32\css
2008-04-18 15:10 . 2008-04-18 15:10 <DIR> d-------- C:\Program Files\Microsoft Device Emulator
2008-04-18 15:07 . 2008-04-18 15:07 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-04-18 14:54 . 2008-04-18 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-04-18 14:41 . 2008-04-18 14:41 <DIR> d-------- C:\WINDOWS\symbols
2008-04-18 14:36 . 2008-04-18 15:18 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-18 14:36 . 2008-04-18 14:36 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-04-18 14:36 . 2008-04-18 14:44 <DIR> d-------- C:\Program Files\HTML Help Workshop
2008-04-18 14:36 . 2008-04-18 14:54 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-04-18 14:22 . 2008-04-18 14:23 <DIR> d-------- C:\Program Files\Microsoft Web Designer Tools
2008-04-18 14:20 . 2008-04-20 09:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-17 15:16 . 2002-11-10 11:20 564,224 --a------ C:\WINDOWS\system32\HEViewer.exe
2008-04-17 15:09 . 2008-04-17 15:09 720,896 --a------ C:\WINDOWS\iun6002.exe
2008-04-15 14:50 . 2008-04-15 14:50 <DIR> d-------- C:\Program Files\MSECache
2008-04-15 14:50 . 2008-04-19 17:53 <DIR> d-------- C:\Program Files\MSBuild
2008-04-15 14:50 . 2008-04-15 14:50 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-15 14:50 . 2008-04-15 14:50 <DIR> d-------- C:\Program Files\Malicious Software Removal Tool
2008-04-13 18:54 . 2008-04-17 15:16 <DIR> d-------- C:\Program Files\Common Files\HTML Executable Viewer
2008-04-13 11:08 . 2008-05-07 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-13 08:51 . 2008-04-13 08:51 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-13 08:19 . 2008-04-13 08:19 <DIR> d-------- C:\Documents and Settings\Aco\Application Data\IObit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 17:45 190,752 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-11 16:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-11 13:43 3,567,904 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-11 11:22 45,800 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-11 11:22 2,708 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-10 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-09 10:31 --------- d-----w C:\Documents and Settings\Aco\Application Data\Canon
2008-05-07 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-05 15:42 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-30 16:57 --------- d-----w C:\Program Files\Canon
2008-04-25 07:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-18 13:05 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-16 14:17 --------- d-----w C:\Documents and Settings\Aco\Application Data\Winamp
2008-04-13 16:36 --------- d-----w C:\Program Files\Magic Video Converter
2008-04-13 13:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 13:39 --------- d-----w C:\Program Files\EA GAMES
2008-04-13 06:23 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-04-06 14:20 --------- d-----w C:\Program Files\Dir2File
2008-04-06 14:19 --------- d-----w C:\Program Files\Microsoft CopyProfile
2008-04-04 15:22 --------- d-----w C:\Program Files\Logitech
2008-04-04 15:00 --------- d-----w C:\Program Files\Common Files\BinarySense
2008-04-04 15:00 --------- d-----w C:\Program Files\BinarySense
2008-04-02 15:17 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-04-02 15:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-04-02 15:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-04-02 15:07 --------- d-----w C:\Documents and Settings\Aco\Application Data\BinarySense
2008-04-01 14:02 --------- d-----w C:\Program Files\DAP
2008-03-31 18:22 --------- d-----w C:\Documents and Settings\Aco\Application Data\WeatherWatcher
2008-03-31 16:33 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-03-29 15:44 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-29 09:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-02-09 16:56 81,920 ----a-w C:\Documents and Settings\Aco\Application Data\ezpinst.exe
2008-02-09 16:56 47,360 ----a-w C:\Documents and Settings\Aco\Application Data\pcouffin.sys
.

------- Sigcheck -------

2007-10-11 01:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 04:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\ie7\wininet.dll
2006-11-07 22:03 920064 76042b62efe8e0ccb7845ae3955ec0bc C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-01 01:26 666112 e7f441cde6e418bb68fc700872c004a0 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2006-11-07 22:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\SoftwareDistribution\Download\aa0fc43be131db3326789ca1c86ad994\backup\sp2gdr\wininet.dll
2006-11-07 22:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\SoftwareDistribution\Download\aa0fc43be131db3326789ca1c86ad994\backup\sp2qfe\wininet.dll
2007-12-07 04:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\system32\wininet.dll
2007-12-07 04:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-05-08 19:29 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-01 01:26 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 01:43 8466432]
"NvMediaCenter"="NvMCTray.dll" [2007-06-29 01:43 81920 C:\WINDOWS\system32\nvmctray.dll]
"NVCLOCK"="nvclock.dll" [2003-04-14 03:59 81920 C:\WINDOWS\system32\nvclock.dll]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-03-14 11:18 88584]
"nwiz"="nwiz.exe" [2007-06-29 01:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-01 01:26 15360]

C:\Documents and Settings\Aco\Start Menu\Programs\Startup\
OP_CACHE.ATR [2008-02-09 12:18:04 96]
OP_CACHE.IDX [2008-02-09 12:18:04 48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
OP_CACHE.ATR [2008-02-09 12:18:03 24]
OP_CACHE.IDX [2008-02-09 12:18:03 12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV3"= DivXc32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=
"C:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18532:TCP"= 18532:TCP:NortonAV

R2 HDDlife HDD Access service;HDDlife HDD Access service;"C:\Program Files\Common Files\BinarySense\hldasvc.exe" [2008-02-15 14:17]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 17:49]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 VGAUTI;VGAUTI;C:\WINDOWS\system32\DRIVERS\VGAUTI.sys [2004-09-24 04:00]
S2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" []
S3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys []
S3 PCI_Ctrl;PCI_Ctrl;C:\WINDOWS\system32\drivers\PCI_Ctrl.sys []
S3 TESTCAP;Mobicam, Video Capture Device;C:\WINDOWS\system32\DRIVERS\mobicam.sys [2007-06-28 22:19]
S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [2007-09-04 16:53]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 17:39:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-05-11 19:46:31
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NVCLOCK = rundll32 nvclock.dll,fnNvclock????????????????????????????????????????b?T???????????????????4.34.20.

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-11 19:52:50
ComboFix-quarantined-files.txt 2008-05-11 17:52:44

Pre-Run: 12,225,392,640 bytes free
Post-Run: 12,305,625,088 bytes free

242 --- E O F --- 2008-04-20 07:06:23

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

AVG je pronašao 23567 zaraza(da,dobro si pročitao) dok je kaspersky našao samo Virusa pod nazivom Heur koji se hteo ubaciti u mozillu firefox.Još par puta ću preći kasperskym da bi video da li je nešto ostalo u system restore.AVG je našao:preko 20000 adwarea cool web search,virtuamonde.Trojan agent, Adware titan shiled anti spyware itd.
HVALA NA POMOĆI!!!!!!!!!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

System Restore ne treba da te brine - to lako rešimo.

To što je AVG detektovao... Da li su u pitanju bile sve iste detekcije?
Da li je uklonjeno sve što je detektovano?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne.Bilo je tu adwarea,spywarea, trojanaca...Evo upravo dok pišem ovo kaspersky detektije virusa Heur u Combo fixu i odmah ga briše priložiću log.
Najverovatnije se radi backdooru delf(bog zna koja verzija).Ajde pomozi mi da ne bi rušio sistem.

Protection : running
--------------------
Total scanned: 5901
Detected: 7
Untreated: 0
Attacks blocked: 0
Start time: 12.5.2008 16:57:24

Duration: 00:36:56


Detected
--------
Status Object
------ ------
detected: riskware Private data and passwords access Running process: C:\Program Files\CCleaner\CCleaner.exe
deleted: virus Heur.Invader (modification) File: C:\Documents and Settings\Aco\Local Settings\Application Data\Mozilla\Firefox\Profiles\xesnw5xw.default\Cache\FA4CCC3Fd01//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe
detected: riskware Invader (loader) Running process: C:\WINDOWS\system32\rundll32.exe
detected: riskware Invader Running process: C:\Program Files\ThreatFire\TFService.exe
detected: riskware Hidden data sending Running process: C:\Program Files\ThreatFire\TFGui.exe
detected: riskware Invader Running process: C:\Documents and Settings\Aco\Desktop\McafeeRootkitDetective\Rootkit_Detective.exe
deleted: virus Heur.Invader (modification) File: C:\Documents and Settings\Aco\Desktop\ComboFix.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe


POMOĆ!!!!!!!!!!!!!!!!!!!!!!!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sve to gore je legitimno.

Pri korišćenju ComboFix-a i ostalih programa na koje te ovde uputimo, treba isključiti antivirus.

U vezi tih riskware invader detekcija... U pitanju je KAV-ov Proactive defense.

Ja bih ti preporučio da isključiš Proactive Defense.


Postoji li još nešto problematično?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

DA, našao je dva zaražena file u safe modu nepoznatim virusom.Oni su imali naziv thumbs i našao sam ih po celom kompu i to još skriveni i bilo ih je skoro nemoguće obrisati.Zar to nije sumnjivo.Čitao sam u arhivi ambulante o virusu heur i kažu da je potpuno uništio HD.Zar to nije sumljivo?
Primetio sam da ti uopšte nisi shvatio suštinu postavljanja loga.U logu je lepo napisano da je izbrisan virus, a ne ono što je detektovala Proaktive defense.Virus je otkrio file anti virus.
Sada sam ponovo zbunjen kao i na početku!!!!!!!!
Ajde objasni to malo opširnije.Nisam imao često problema sa tako ozbiljnim zarazama tako da nisam upućen u njihovo uklanjanje!

Dopuna: 12 Maj 2008 20:42

Evo i loga, gledaj dva poslednja:

Protection : running
--------------------
Total scanned: 2302
Detected: 9
Untreated: 0
Attacks blocked: 0
Start time: 12.5.2008 20:22:06
Duration: 00:18:09


Detected
--------
Status Object
------ ------
detected: riskware Private data and passwords access Running process: C:\Program Files\CCleaner\CCleaner.exe
deleted: virus Heur.Invader (modification) File: C:\Documents and Settings\Aco\Local Settings\Application Data\Mozilla\Firefox\Profiles\xesnw5xw.default\Cache\FA4CCC3Fd01//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe
detected: riskware Invader (loader) Running process: C:\WINDOWS\system32\rundll32.exe
detected: riskware Invader Running process: C:\Program Files\ThreatFire\TFService.exe
detected: riskware Hidden data sending Running process: C:\Program Files\ThreatFire\TFGui.exe
detected: riskware Invader Running process: C:\Documents and Settings\Aco\Desktop\McafeeRootkitDetective\Rootkit_Detective.exe
deleted: virus Heur.Invader (modification) File: C:\Documents and Settings\Aco\Desktop\ComboFix.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe
not found: new threat Hidden.Object (modification) File: C:\Documents and Settings\Aco\Desktop\Thumbs.db:encryptable
not found: new threat Hidden.Object (modification) File: C:\Documents and Settings\Aco\My Documents\Film Toco D\Thumbs.db:encryptable