Trojanac ili sta vec

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Elem , problem je sledeci d pre nekoliko dan poceo je da mi se javlja Work Offline pop-up i da mi izlecu neki sajtovi sa (kao) antispywerima , antivirusima,itd. Spyware Terminator nista ne primecuje , Avast takodje, Ad Aware isto...e ali onda SuperAntiSpyware pronadje 10-tak problema od kojih je jedan , sta drugo , nego VUNDO trojanac . Upotrebim ja i Fixvundo i VirtumundoBegone i to donekle resi problem ali nisam nesto siguran da je u potpunosti resen. Evo Hijacka nakon borbe, na pregled:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:17:56, on 28.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Glass2k\Glass2k.exe
C:\Program Files\LClock\LClock.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\KWorld\PC-TV FM\RemoteCtl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Goran\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {c40d1771-a3a3-d769-6ff4-334f1ab9f484} - {484f9ba1-f433-4ff6-967d-3a3a1771d04c} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Glass2k] C:\Program Files\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PC-TV FM Remote Control.lnk = C:\Program Files\KWorld\PC-TV FM\RemoteCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

A,kad sam vec tu da upitam i ovo , SuperAntiSpywarovim Bootsafeom sam se prebacio u Safe mode ali obrnuto ne ide. Prebacih se nazad u normal preko msconfiga (F8 ne pomaze) ali sad mogu da bootujem ili Selective Startup bez cekiranog SafeBoot ili normal startup sa cekiranim SafeBoot (sto opet vodi u safe mod) . Normal startup bez cekiranog Safeboot jednostavno nece .

Eto , toliko od mene , pa ako moze pomoc , moze , ako ne...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

uradi scan sa verzijom hj koji se nalazi u ovoj temi
[Link mogu videti samo ulogovani korisnici]

i pre skeniranja promeni ime HiJackThis.exe u nesto sto ne podseca na hijackthis

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo...promenio u tr3.exe...i uradio...

Logfile of HijackThis v1.99.1
Scan saved at 23:03:41, on 28.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Glass2k\Glass2k.exe
C:\Program Files\LClock\LClock.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\KWorld\PC-TV FM\RemoteCtl.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Goran\Desktop\HP\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {c40d1771-a3a3-d769-6ff4-334f1ab9f484} - {484f9ba1-f433-4ff6-967d-3a3a1771d04c} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Glass2k] C:\Program Files\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PC-TV FM Remote Control.lnk = C:\Program Files\KWorld\PC-TV FM\RemoteCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

uradi i sledece:

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izbaci mi "ComboFix is not a valid Win32 Application"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skini ponovo Combofix. Nesto ti nije u redu sa fajlom koji si skinuo.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-03-01.3 - Goran 2008-03-02 12:53:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.523 [GMT 1:00]
Running from: C:\Documents and Settings\Goran\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dcgkrhhk.dll
C:\WINDOWS\system32\ewwgfxug.dll
C:\WINDOWS\system32\fvevuuvu.ini
C:\WINDOWS\system32\gdixcpho.dll
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\guxfgwwe.ini
C:\WINDOWS\system32\hwlmbcpu.dll
C:\WINDOWS\system32\jtjstftv.dll
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\lxrbwhew.dll
C:\WINDOWS\system32\nsprs.dll
C:\WINDOWS\system32\ohpcxidg.ini
C:\WINDOWS\system32\owpoyiqg.dll
C:\WINDOWS\system32\qkqeffnj.dll
C:\WINDOWS\system32\serauth1.dll
C:\WINDOWS\system32\serauth2.dll
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\uvuuvevf.dll
C:\WINDOWS\system32\vlwxsqqw.dll
C:\WINDOWS\system32\wehwbrxl.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))
.

2008-02-27 21:07 . 2008-02-27 21:07 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-27 20:42 . 2008-02-27 20:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-27 20:38 . 2008-02-09 11:37 211 --ah----- C:\boot.ini.SAB
2008-02-27 19:26 . 2008-03-01 13:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-27 19:26 . 2008-02-27 19:26 <DIR> d-------- C:\Documents and Settings\Goran\Application Data\SUPERAntiSpyware.com
2008-02-27 19:26 . 2008-02-27 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-27 19:25 . 2008-02-27 19:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-26 20:10 . 2005-04-25 10:43 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2008-02-26 20:10 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2008-02-26 00:08 . 2008-02-27 20:37 22 --a------ C:\WINDOWS\pskt.ini
2008-02-22 19:27 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-02-22 19:27 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-22 19:27 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-20 20:24 . 2008-02-20 20:24 46,592 --a------ C:\WINDOWS\Blazing.scr
2008-02-20 20:17 . 2008-02-20 20:17 <DIR> d-------- C:\Program Files\Cities of Earth
2008-02-20 20:17 . 2007-09-23 23:08 2,789,376 --a------ C:\WINDOWS\system32\Cities.scr
2008-02-20 20:16 . 2008-02-20 20:16 561,152 --a------ C:\WINDOWS\AJScreensaver.scr
2008-02-20 20:14 . 2008-03-02 12:18 <DIR> d-------- C:\Program Files\3D LOTR Eye of Sauron
2008-02-20 20:14 . 2008-02-20 20:14 65,879 --a------ C:\WINDOWS\system32\3D LOTR EYE OF SAURON.scr
2008-02-16 16:13 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-16 15:47 . 2008-02-16 15:47 <DIR> d-------- C:\Program Files\MSBuild
2008-02-16 15:47 . 2008-02-16 15:47 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-16 15:45 . 2008-02-16 15:45 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-16 15:39 . 2008-02-16 15:39 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-16 15:37 . 2008-02-16 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-16 14:00 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-02-16 14:00 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-16 14:00 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-02-15 13:15 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-02-15 13:14 . 2008-02-15 13:18 <DIR> d-------- C:\Program Files\Qedoc
2008-02-15 13:14 . 2008-02-15 13:15 <DIR> d-------- C:\Program Files\Java
2008-02-15 13:14 . 2008-02-15 13:14 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-12 23:33 . 2008-02-12 23:33 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-12 23:00 . 2008-02-12 23:00 40,448 --a------ C:\WINDOWS\system32\wvuutrp.dll.vir
2008-02-12 22:23 . 2008-02-12 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-11 23:55 . 2008-02-11 23:55 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-11 20:18 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-02-11 20:08 . 2008-02-11 20:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-10 15:04 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-02-10 15:04 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-02-10 15:04 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-02-10 15:02 . 2008-02-10 15:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-10 15:01 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-02-10 14:16 . 2008-02-10 14:16 <DIR> d-------- C:\Program Files\Valvesoftware
2008-02-10 12:17 . 2006-05-10 12:15 1,929,216 --a------ C:\WINDOWS\system32\cdintf250.dll
2008-02-10 12:17 . 2008-02-10 12:17 1,024 --a------ C:\WINDOWS\system32\clauth2.dll
2008-02-10 12:17 . 2008-02-10 12:17 1,024 --a------ C:\WINDOWS\system32\clauth1.dll
2008-02-10 12:17 . 2008-03-01 12:57 14 --a------ C:\WINDOWS\system32\ssprs.tgz
2008-02-10 12:17 . 2008-02-10 12:17 0 --a------ C:\WINDOWS\system32\nsprs.tgz
2008-02-10 12:15 . 2008-03-01 12:57 <DIR> d-------- C:\Program Files\SPSS
2008-02-10 12:15 . 2008-02-10 12:15 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz
2008-02-10 12:15 . 2008-02-10 12:15 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-02-10 12:15 . 2008-03-01 12:57 219 --a------ C:\WINDOWS\system32\lsprst7.tgz
2008-02-10 12:15 . 2008-03-01 12:57 16 ---h----- C:\WINDOWS\system32\servdat.slm
2008-02-09 22:00 . 2008-02-09 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-09 17:19 . 2008-02-09 17:19 <DIR> d-------- C:\Program Files\Cyanide
2008-02-09 17:01 . 2008-02-09 17:01 319 --a------ C:\WINDOWS\game.ini
2008-02-09 16:47 . 2008-02-09 16:47 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-02-09 16:43 . 2008-02-09 16:43 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-02-09 16:22 . 2008-02-09 16:22 <DIR> d-------- C:\Documents and Settings\Goran\Application Data\DivX
2008-02-09 16:19 . 2008-02-09 16:19 <DIR> d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-02-09 16:19 . 2006-10-22 15:06 208,896 --a------ C:\WINDOWS\system32\nvuaudio.exe
2008-02-09 16:19 . 2005-06-03 17:01 4,624 --a------ C:\WINDOWS\system32\nvaudio.nvu
2008-02-09 16:18 . 2008-02-11 20:17 <DIR> d-------- C:\NVIDIA
2008-02-09 16:18 . 2006-04-14 20:08 101,888 --a------ C:\WINDOWS\system32\nvtcp.sys
2008-02-09 15:40 . 2008-02-09 15:40 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-09 15:40 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-09 15:40 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-09 15:40 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-09 15:40 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-09 15:40 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-09 15:40 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-09 15:40 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-09 15:40 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-09 15:22 . 2008-02-09 15:22 53 --a------ C:\WINDOWS\system\WinSec78159.dll
2008-02-09 15:08 . 2008-02-09 15:08 <DIR> d-------- C:\Program Files\LClock
2008-02-09 15:08 . 2008-02-09 15:08 <DIR> d-------- C:\Program Files\Glass2k
2008-02-09 15:06 . 2008-02-09 15:08 <DIR> d-------- C:\VTPFiles
2008-02-09 15:06 . 2004-12-19 23:00 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-02-09 15:06 . 2005-05-18 11:43 81,920 --a------ C:\WINDOWS\system32\closeapp.exe
2008-02-09 15:06 . 2006-02-26 20:43 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-02-09 14:44 . 2004-09-03 23:43 199 --a------ C:\WINDOWS\system32\paypal.url
2008-02-09 14:44 . 2006-05-26 22:54 83 --a------ C:\WINDOWS\system32\winx.url
2008-02-09 14:28 . 2008-02-09 14:48 <DIR> d-------- C:\Program Files\Styler
2008-02-09 14:06 . 2008-02-09 14:06 <DIR> d-------- C:\Documents and Settings\Goran\Application Data\ViStart
2008-02-09 14:04 . 2008-02-09 14:48 <DIR> d-------- C:\Program Files\WinFlip
2008-02-09 14:04 . 2008-02-09 14:48 <DIR> d-------- C:\Program Files\TrueTransparency
2008-02-09 14:02 . 2008-02-09 15:08 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-02-09 13:48 . 2008-02-10 15:03 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-02-09 13:47 . 2008-02-10 15:02 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-09 13:41 . 2008-02-09 13:41 <DIR> d-------- C:\Program Files\Free MP3 Converter
2008-02-09 13:21 . 2008-02-09 13:21 <DIR> d-------- C:\WINDOWS\speech
2008-02-09 13:21 . 2008-02-09 13:24 <DIR> d-------- C:\Program Files\Microsoft Encarta
2008-02-09 13:19 . 2008-02-09 13:20 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-02-09 13:15 . 2008-02-09 16:28 <DIR> d-------- C:\Documents and Settings\Goran\Phone Browser
2008-02-09 13:11 . 2008-02-09 13:11 <DIR> d-------- C:\Program Files\Free CD Ripper
2008-02-09 13:10 . 2008-02-09 13:10 <DIR> d-------- C:\Nokia
2008-02-09 13:10 . 2008-02-09 13:10 <DIR> d-------- C:\Documents and Settings\Goran\.Nokia
2008-02-09 13:09 . 2008-02-09 13:10 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-02-09 13:09 . 2008-02-24 17:22 <DIR> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 18:29 --------- d-----w C:\Program Files\Winamp
2008-02-12 22:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 13:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 15:19 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-02-09 11:58 --------- d-----w C:\Program Files\WinRAR v2.9
2008-02-09 11:50 --------- d-----w C:\Program Files\Codec
2008-02-09 11:47 --------- d-----w C:\Documents and Settings\Goran\Application Data\ACD Systems
2008-02-09 11:46 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-02-09 11:46 --------- d-----w C:\Program Files\ACD Systems
2008-02-09 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-02-09 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-09 11:33 --------- d-----w C:\Program Files\KWorld
2008-02-09 11:24 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-09 11:24 --------- d-----w C:\Program Files\ASUSTeK
2008-02-09 11:23 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-09 11:20 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-09 11:20 --------- d-----w C:\Program Files\Ahead
2008-02-09 11:13 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-02-09 11:12 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-09 11:11 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-02-09 11:08 --------- d-----w C:\Program Files\CONEXANT
2008-02-09 11:02 --------- d-----w C:\Program Files\ASUS
2008-02-09 10:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-09 10:55 --------- d-----w C:\Program Files\AMD
2008-02-09 10:54 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-02-09 10:54 --------- d-----w C:\Program Files\Realtek AC97
2008-02-09 10:54 --------- d-----w C:\Program Files\AvRack
2008-02-09 10:44 --------- d-----w C:\Program Files\microsoft frontpage
.

------- Sigcheck -------

5f46d7fe2fe7966c5d21672161be98a3 C:\WINDOWS\explorer.exe
----a-w 1,245,184 2004-08-04 01:07:00 C:\WINDOWS\explorer.exe
-c--a-w 1,245,184 2004-08-04 01:07:00 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2006-02-21 22:23 1073152]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 07:45 90112 C:\WINDOWS\soundman.exe]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 12:06 532480]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-09-06 14:45 820736]
"Glass2k"="C:\Program Files\Glass2k\Glass2k.exe" [2003-12-12 23:43 56325]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PC-TV FM Remote Control.lnk - C:\Program Files\KWorld\PC-TV FM\RemoteCtl.exe [2008-02-09 12:33:34 143360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\Program Files\\Cyanide\\Loki\\Loki.exe"=
"C:\\Program Files\\Cyanide\\Loki\\Autorun\\AutoRun.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 BT848;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2001-11-06 07:20]
R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2001-03-07 11:30]
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [1999-07-21 10:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84b37d45-d704-11dc-be22-000ea13308b2}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-03-02 12:57:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\Program Files\LClock\LC.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
.
**************************************************************************
.
Completion time: 2008-03-02 12:58:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-02 11:58:54

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Mozes li sada uci u normalan rezim rada Windowsa?

Imas instalirane neke screen savere o kojima ja nemam nikakvih podataka:
C:\WINDOWS\Blazing.scr
C:\WINDOWS\system32\Cities.scr
C:\WINDOWS\AJScreensaver.scr
C:\WINDOWS\system32\3D LOTR EYE OF SAURON.scr

Jesi li ti instalirao sve ove gore navedene ili ne?


Sledece fajlove ces mi poslati na proveru:
C:\WINDOWS\system32\clauth2.dll
C:\WINDOWS\system32\clauth1.dll
C:\WINDOWS\system32\ssprs.tgz
C:\WINDOWS\system32\nsprs.tgz
C:\WINDOWS\system32\sysprs7.tgz
C:\WINDOWS\system32\sysprs7.dll
C:\WINDOWS\system32\lsprst7.tgz

Spakuj ih u jedan ZIP i uploaduj ih preko sledece forme:
[Link mogu videti samo ulogovani korisnici]


Sledeci fajl obrisi rucno:
C:\WINDOWS\system32\wvuutrp.dll.vir

Neki AV program je zaboravio da ga obrise i ako ga je vec deaktivirao.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

screen saveri su Ok , to sam ja instalirao , i obrisao sam wvuutrp.dll.vir
uploadujem fajlove za proveru...inace, evo otkad sam prijavio problem , dosad mi sve OK funkcionise , tako da mozda je stvarno sve "cisto"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Samo da javim da u onim fajlovima nije nista nadjeno.