Molba za pomoc

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Postovani,
Molim za pomoc u vezi sa virusom koji je sinoc zarazio moj racunar. Naime, moja mama je tokom krstarenja po web-u "zakacila nesto" sto je AVG 7.5 Free Edition prepoznao kao Trojan Downloader Obfuskated. Od tada mi je komp u haosu. Saljem Vam log u nadi da cete mi pomoci.

Logfile of HijackThis v1.99.1
Scan saved at 1:11:57 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Fast.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Media\Desktop\Popravka\TR3.exe.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\jkkJbaAT.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {803E93C8-A79D-42E7-BE52-20DE96B6744A} - C:\WINDOWS\system32\urqQkjhf.dll (file missing)
O2 - BHO: (no name) - {9220F99B-F81A-4B6B-901B-08A9FBFC0884} - C:\WINDOWS\system32\iifcCsTL.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkJbaAT - C:\WINDOWS\SYSTEM32\jkkJbaAT.dll
O20 - Winlogon Notify: winopn32 - winopn32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe


P. S. Konekcija: 512/256 flat

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zdravo Loth,

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala na zaista brzom razmatranju mog problema. Nakon startovanja ComboFix-a i skeniranja, dobila sam sledeci log:

ComboFix 08-04-18.3 - Media 2008-04-20 13:47:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.94 [GMT 2:00]
Running from: C:\Documents and Settings\Media\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\keygen.exe
C:\WINDOWS\system32\fhjkQqru.ini
C:\WINDOWS\system32\fhjkQqru.ini2
C:\WINDOWS\system32\iifcCsTL.dll
C:\WINDOWS\system32\jkkJbaAT.dll
C:\WINDOWS\system32\LTsCcfii.ini
C:\WINDOWS\system32\LTsCcfii.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.

2008-04-20 12:30 . 2008-04-20 12:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-20 11:50 . 2008-04-20 11:50 110,592 --a------ C:\WINDOWS\system32\adsjgpaj.exe
2008-04-20 08:56 . 2008-04-20 08:56 <DIR> d-------- C:\!KillBox
2008-04-20 01:26 . 2008-04-20 01:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\edqpitmf
2008-04-18 21:44 . 2008-04-18 21:41 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-18 21:44 . 2008-04-18 21:44 2,541 --a------ C:\WINDOWS\unins000.dat
2008-04-14 23:00 . 2005-01-07 11:39 57,344 --a------ C:\WINDOWS\system32\Big Kahuna Reef.scr
2008-04-13 21:36 . 2008-04-13 21:36 <DIR> d-------- C:\Program Files\MITCalc
2008-04-11 17:12 . 2008-04-14 11:37 <DIR> d-------- C:\Program Files\Beltcomp
2008-04-11 17:12 . 2008-04-15 13:24 82 --a------ C:\WINDOWS\netdet.ini
2008-04-11 17:06 . 2008-04-11 17:06 <DIR> d-------- C:\Program Files\Engineering Power Tools - v1.9.8
2008-04-11 17:06 . 2002-08-26 16:04 53,248 --a------ C:\WINDOWS\system32\GraphLite2.ocx
2008-04-11 17:05 . 2008-04-14 11:46 <DIR> d-------- C:\Program Files\mConveyor3
2008-04-11 17:05 . 2002-01-10 14:46 425,984 --a------ C:\WINDOWS\system32\vsflex7l.ocx
2008-04-05 20:31 . 2008-04-05 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Friday's games
2008-04-04 12:27 . 2008-04-04 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiComponents
2008-04-04 12:10 . 2008-04-04 12:11 <DIR> d-------- C:\DVDVideoSoft
2008-04-04 12:09 . 2008-04-04 12:09 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-04-04 12:09 . 2008-04-04 12:09 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-04-03 17:19 . 2008-04-03 17:19 <DIR> d-------- C:\Program Files\BestGameEver
2008-04-02 09:13 . 2008-04-02 10:03 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-03-31 16:00 . 2008-04-18 16:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-31 16:00 . 2008-03-31 16:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-26 14:22 . 2008-03-26 14:22 <DIR> d-------- C:\Documents and Settings\Media\Application Data\GetRightToGo
2008-03-25 22:14 . 2008-03-25 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 10:42 --------- d-----w C:\Documents and Settings\Media\Application Data\uTorrent
2008-04-20 08:12 --------- d-----w C:\Documents and Settings\Media\Application Data\AVG7
2008-04-20 06:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 09:32 --------- d-----w C:\Documents and Settings\Media\Application Data\Skype
2008-04-18 20:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-18 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-18 17:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 10:46 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-06 13:47 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-02 07:26 --------- d-----w C:\Documents and Settings\Media\Application Data\Orbit
2008-03-27 08:09 --------- d-----w C:\Program Files\Ricochet Infinity
2008-03-13 20:35 --------- d-----w C:\Documents and Settings\Media\Application Data\Reallusion
2008-03-13 10:05 --------- d-----w C:\Program Files\LimeWire
2008-03-09 13:23 --------- d-----w C:\Program Files\GameHouse
2008-03-05 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-03-05 16:41 --------- d-----w C:\Documents and Settings\Media\Application Data\GRETECH
2008-03-05 16:39 --------- d-----w C:\Program Files\GRETECH
2008-03-04 21:00 --------- d-----w C:\Program Files\BitComet
2008-03-04 20:44 --------- d-----w C:\Program Files\Collectorz.com
2008-03-04 20:37 --------- d-----w C:\Program Files\uTorrent
2008-03-04 20:23 --------- d-----w C:\Program Files\EvilLyrics
2008-03-04 20:17 --------- d-----w C:\Program Files\Mv2Player
2008-03-04 15:13 --------- d-----w C:\Documents and Settings\Media\Application Data\Dev-Cpp
2008-03-03 14:36 --------- d-----w C:\Program Files\SecondLife
2008-03-03 11:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-03 11:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-03 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-24 20:37 --------- d-----w C:\Documents and Settings\Media\Application Data\SolidDocuments
2008-02-24 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\SolidDocuments
2008-02-24 00:38 --------- d-----w C:\Program Files\Sony
2008-02-23 18:50 --------- d-----w C:\Program Files\Google
2008-02-23 01:04 --------- d-----w C:\Documents and Settings\Media\Application Data\SecondLife
2008-02-20 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-02-20 13:57 --------- d-----w C:\Program Files\ATI Technologies
2008-01-29 17:03 17,408 ----a-w C:\psapi.dll
2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-01-22 20:04 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-01-22 20:01 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-01-22 19:59 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-01-22 19:58 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-01-22 19:57 163,840 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-01-22 19:53 503,808 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-01-22 13:42 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2007-07-19 16:57 336 ----a-w C:\Documents and Settings\Media\ie_update3r.exe
2007-01-23 11:46 312 ----a-w C:\Documents and Settings\Media\Application Data\bbbconfig.dat
2006-12-12 18:02 56 --sh--r C:\WINDOWS\system32\B34B4B08A4.sys
2007-02-25 15:48 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{803E93C8-A79D-42E7-BE52-20DE96B6744A}]
C:\WINDOWS\system32\urqQkjhf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30 249856]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-10-04 12:38 163840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:51 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-03 13:33 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkJbaAT]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32]
winopn32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinNC - Launch WinNC - multiplelicense (external programming station).lnk]
backup=C:\WINDOWS\pss\WinNC - Launch WinNC - multiplelicense (external programming station).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^3DO Registration.lnk]
backup=C:\WINDOWS\pss\3DO Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^H3 The Shadow of Death(TM).lnk]
backup=C:\WINDOWS\pss\H3 The Shadow of Death(TM).lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^MostFun.lnk]
backup=C:\WINDOWS\pss\MostFun.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2003-09-23 11:06 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 09:27 153136 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-09-29 22:58 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 13:20 227328 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-03-18 04:24 184320 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 23:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2006-05-18 08:27 16207872 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system32WXBP Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LIVESRV"=2 (0x2)
"VSSERV"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10317:TCP"= 10317:TCP:BitComet 10317 TCP
"10317:UDP"= 10317:UDP:BitComet 10317 UDP

R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2007-03-18 22:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b32cd1fa-0480-11dc-b332-001485dee0db}]
\Shell\Auto\command - H:\setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-04-20 13:53:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-04-20 13:57:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-20 11:56:58

Pre-Run: 4,845,453,312 bytes free
Post-Run: 4,704,907,264 bytes free

244

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok. Nešto je obrisano ali ne ne sve. Javim ti se malo kasnije sa ostatkom uputstva za brisanje kada budem zavrsio analizu loga.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala puno!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Prvo ćeš deaktivirati Spybot S&D's Teatimer po ovom uputstvu dole.

---------

Pokrenite Spybot S&D
Kliknite Mode stavku u meniju
Odaberite Advance Mode
Na traci levo kliknite na Tools
Kliknite na Resident
Destiklirajte Resident Tea-Timer
Zatvorite Spybot S&D
Restartujte kompjuter.
Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.
-------------


Kada ponovo podigneš sistem ispratićeš ovo uputstvo ispod.
-----------

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\adsjgpaj.exe
C:\WINDOWS\netdet.ini
C:\Documents and Settings\Media\ie_update3r.exe
C:\WINDOWS\system32\B34B4B08A4.sys

Folder::
C:\Documents and Settings\All Users\Application Data\edqpitmf

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{803E93C8-A79D-42E7-BE52-20DE96B6744A}]aaY]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkJbaAT]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b32cd1fa-0480-11dc-b332-001485dee0db}]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-04-18.3 - Media 2008-04-20 15:38:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.71 [GMT 2:00]
Running from: C:\Documents and Settings\Media\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Media\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Media\ie_update3r.exe
C:\WINDOWS\netdet.ini
C:\WINDOWS\system32\adsjgpaj.exe
C:\WINDOWS\system32\B34B4B08A4.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\edqpitmf
C:\Documents and Settings\All Users\Application Data\edqpitmf\algxurkl.exe
C:\Documents and Settings\Media\ie_update3r.exe
C:\WINDOWS\netdet.ini
C:\WINDOWS\system32\adsjgpaj.exe
C:\WINDOWS\system32\B34B4B08A4.sys

.
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.

2008-04-20 12:30 . 2008-04-20 12:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-20 08:56 . 2008-04-20 08:56 <DIR> d-------- C:\!KillBox
2008-04-18 21:44 . 2008-04-18 21:41 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-18 21:44 . 2008-04-18 21:44 2,541 --a------ C:\WINDOWS\unins000.dat
2008-04-14 23:00 . 2005-01-07 11:39 57,344 --a------ C:\WINDOWS\system32\Big Kahuna Reef.scr
2008-04-13 21:36 . 2008-04-13 21:36 <DIR> d-------- C:\Program Files\MITCalc
2008-04-11 17:12 . 2008-04-14 11:37 <DIR> d-------- C:\Program Files\Beltcomp
2008-04-11 17:06 . 2008-04-11 17:06 <DIR> d-------- C:\Program Files\Engineering Power Tools - v1.9.8
2008-04-11 17:06 . 2002-08-26 16:04 53,248 --a------ C:\WINDOWS\system32\GraphLite2.ocx
2008-04-11 17:05 . 2008-04-14 11:46 <DIR> d-------- C:\Program Files\mConveyor3
2008-04-11 17:05 . 2002-01-10 14:46 425,984 --a------ C:\WINDOWS\system32\vsflex7l.ocx
2008-04-05 20:31 . 2008-04-05 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Friday's games
2008-04-04 12:27 . 2008-04-04 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiComponents
2008-04-04 12:10 . 2008-04-04 12:11 <DIR> d-------- C:\DVDVideoSoft
2008-04-04 12:09 . 2008-04-04 12:09 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-04-04 12:09 . 2008-04-04 12:09 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-04-03 17:19 . 2008-04-03 17:19 <DIR> d-------- C:\Program Files\BestGameEver
2008-04-02 09:13 . 2008-04-02 10:03 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-03-31 16:00 . 2008-04-18 16:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-31 16:00 . 2008-03-31 16:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-26 14:22 . 2008-03-26 14:22 <DIR> d-------- C:\Documents and Settings\Media\Application Data\GetRightToGo
2008-03-25 22:14 . 2008-03-25 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 10:42 --------- d-----w C:\Documents and Settings\Media\Application Data\uTorrent
2008-04-20 08:12 --------- d-----w C:\Documents and Settings\Media\Application Data\AVG7
2008-04-20 06:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 09:32 --------- d-----w C:\Documents and Settings\Media\Application Data\Skype
2008-04-18 20:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-18 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-18 17:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 10:46 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-06 13:47 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-02 07:26 --------- d-----w C:\Documents and Settings\Media\Application Data\Orbit
2008-03-27 08:09 --------- d-----w C:\Program Files\Ricochet Infinity
2008-03-13 20:35 --------- d-----w C:\Documents and Settings\Media\Application Data\Reallusion
2008-03-13 10:05 --------- d-----w C:\Program Files\LimeWire
2008-03-09 13:23 --------- d-----w C:\Program Files\GameHouse
2008-03-05 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-03-05 16:41 --------- d-----w C:\Documents and Settings\Media\Application Data\GRETECH
2008-03-05 16:39 --------- d-----w C:\Program Files\GRETECH
2008-03-04 21:00 --------- d-----w C:\Program Files\BitComet
2008-03-04 20:44 --------- d-----w C:\Program Files\Collectorz.com
2008-03-04 20:37 --------- d-----w C:\Program Files\uTorrent
2008-03-04 20:23 --------- d-----w C:\Program Files\EvilLyrics
2008-03-04 20:17 --------- d-----w C:\Program Files\Mv2Player
2008-03-04 15:13 --------- d-----w C:\Documents and Settings\Media\Application Data\Dev-Cpp
2008-03-03 14:36 --------- d-----w C:\Program Files\SecondLife
2008-03-03 11:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-03 11:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-03 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-24 20:37 --------- d-----w C:\Documents and Settings\Media\Application Data\SolidDocuments
2008-02-24 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\SolidDocuments
2008-02-24 00:38 --------- d-----w C:\Program Files\Sony
2008-02-23 18:50 --------- d-----w C:\Program Files\Google
2008-02-23 01:04 --------- d-----w C:\Documents and Settings\Media\Application Data\SecondLife
2008-02-20 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-02-20 13:57 --------- d-----w C:\Program Files\ATI Technologies
2008-01-29 17:03 17,408 ----a-w C:\psapi.dll
2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-01-22 20:04 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-01-22 20:01 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-01-22 19:59 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-01-22 19:58 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-01-22 19:57 163,840 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-01-22 19:53 503,808 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-01-22 13:42 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2007-01-23 11:46 312 ----a-w C:\Documents and Settings\Media\Application Data\bbbconfig.dat
2007-02-25 15:48 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{803E93C8-A79D-42E7-BE52-20DE96B6744A}]
C:\WINDOWS\system32\urqQkjhf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30 249856]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-10-04 12:38 163840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:51 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-03 13:33 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinNC - Launch WinNC - multiplelicense (external programming station).lnk]
backup=C:\WINDOWS\pss\WinNC - Launch WinNC - multiplelicense (external programming station).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^3DO Registration.lnk]
backup=C:\WINDOWS\pss\3DO Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^H3 The Shadow of Death(TM).lnk]
backup=C:\WINDOWS\pss\H3 The Shadow of Death(TM).lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^MostFun.lnk]
backup=C:\WINDOWS\pss\MostFun.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2003-09-23 11:06 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 09:27 153136 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-09-29 22:58 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 13:20 227328 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-03-18 04:24 184320 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 23:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2006-05-18 08:27 16207872 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system32WXBP Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LIVESRV"=2 (0x2)
"VSSERV"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10317:TCP"= 10317:TCP:BitComet 10317 TCP
"10317:UDP"= 10317:UDP:BitComet 10317 UDP

R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2007-03-18 22:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-04-20 15:39:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-20 15:42:22
ComboFix-quarantined-files.txt 2008-04-20 13:42:06
ComboFix2.txt 2008-04-20 11:57:05

Pre-Run: 4,680,204,288 bytes free
Post-Run: 4,668,071,936 bytes free

223

Dopuna: 20 Apr 2008 15:51

Napravila sam strasnu gresku. Nisam deaktivirala Spybot S&D's Teatimer, posto nisam videla gornji deo posta. Zaista se izvinjavam. Da li moguce ispraviti gresku?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Vidim i ja to sada. Deaktiviraj ga. On brani brisanje registry fajlova. Zato se deo malware-a koji sam jednom brisao ponovo stvara po svakom novom podizanju sistema, samo sa drugačijim imenom.

Znači isključi to što sam ti rekao pa pusti ovu skriptu u ComboFix na gore opisan način i daj svež log koji bude napravio.
--------
File::
C:\WINDOWS\system32\urqQkjhf.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{803E93C8-A79D-42E7-BE52-20DE96B6744A}]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-04-18.3 - Media 2008-04-20 16:10:29.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.180 [GMT 2:00]
Running from: C:\Documents and Settings\Media\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Media\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\urqQkjhf.dll
.

((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.

2008-04-20 12:30 . 2008-04-20 12:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-20 08:56 . 2008-04-20 08:56 <DIR> d-------- C:\!KillBox
2008-04-18 21:44 . 2008-04-18 21:41 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-18 21:44 . 2008-04-18 21:44 2,541 --a------ C:\WINDOWS\unins000.dat
2008-04-14 23:00 . 2005-01-07 11:39 57,344 --a------ C:\WINDOWS\system32\Big Kahuna Reef.scr
2008-04-13 21:36 . 2008-04-13 21:36 <DIR> d-------- C:\Program Files\MITCalc
2008-04-11 17:12 . 2008-04-14 11:37 <DIR> d-------- C:\Program Files\Beltcomp
2008-04-11 17:06 . 2008-04-11 17:06 <DIR> d-------- C:\Program Files\Engineering Power Tools - v1.9.8
2008-04-11 17:06 . 2002-08-26 16:04 53,248 --a------ C:\WINDOWS\system32\GraphLite2.ocx
2008-04-11 17:05 . 2008-04-14 11:46 <DIR> d-------- C:\Program Files\mConveyor3
2008-04-11 17:05 . 2002-01-10 14:46 425,984 --a------ C:\WINDOWS\system32\vsflex7l.ocx
2008-04-05 20:31 . 2008-04-05 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Friday's games
2008-04-04 12:27 . 2008-04-04 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiComponents
2008-04-04 12:10 . 2008-04-04 12:11 <DIR> d-------- C:\DVDVideoSoft
2008-04-04 12:09 . 2008-04-04 12:09 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-04-04 12:09 . 2008-04-04 12:09 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-04-03 17:19 . 2008-04-03 17:19 <DIR> d-------- C:\Program Files\BestGameEver
2008-04-02 09:13 . 2008-04-02 10:03 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-03-31 16:00 . 2008-04-18 16:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-31 16:00 . 2008-03-31 16:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-26 14:22 . 2008-03-26 14:22 <DIR> d-------- C:\Documents and Settings\Media\Application Data\GetRightToGo
2008-03-25 22:14 . 2008-03-25 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 10:42 --------- d-----w C:\Documents and Settings\Media\Application Data\uTorrent
2008-04-20 08:12 --------- d-----w C:\Documents and Settings\Media\Application Data\AVG7
2008-04-20 06:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 09:32 --------- d-----w C:\Documents and Settings\Media\Application Data\Skype
2008-04-18 20:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-18 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-18 17:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 10:46 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-06 13:47 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-02 07:26 --------- d-----w C:\Documents and Settings\Media\Application Data\Orbit
2008-03-27 08:09 --------- d-----w C:\Program Files\Ricochet Infinity
2008-03-13 20:35 --------- d-----w C:\Documents and Settings\Media\Application Data\Reallusion
2008-03-13 10:05 --------- d-----w C:\Program Files\LimeWire
2008-03-09 13:23 --------- d-----w C:\Program Files\GameHouse
2008-03-05 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-03-05 16:41 --------- d-----w C:\Documents and Settings\Media\Application Data\GRETECH
2008-03-05 16:39 --------- d-----w C:\Program Files\GRETECH
2008-03-04 21:00 --------- d-----w C:\Program Files\BitComet
2008-03-04 20:44 --------- d-----w C:\Program Files\Collectorz.com
2008-03-04 20:37 --------- d-----w C:\Program Files\uTorrent
2008-03-04 20:23 --------- d-----w C:\Program Files\EvilLyrics
2008-03-04 20:17 --------- d-----w C:\Program Files\Mv2Player
2008-03-04 15:13 --------- d-----w C:\Documents and Settings\Media\Application Data\Dev-Cpp
2008-03-03 14:36 --------- d-----w C:\Program Files\SecondLife
2008-03-03 11:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-03 11:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-03 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-24 20:37 --------- d-----w C:\Documents and Settings\Media\Application Data\SolidDocuments
2008-02-24 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\SolidDocuments
2008-02-24 00:38 --------- d-----w C:\Program Files\Sony
2008-02-23 18:50 --------- d-----w C:\Program Files\Google
2008-02-23 01:04 --------- d-----w C:\Documents and Settings\Media\Application Data\SecondLife
2008-02-20 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-02-20 13:57 --------- d-----w C:\Program Files\ATI Technologies
2008-01-29 17:03 17,408 ----a-w C:\psapi.dll
2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-01-22 20:04 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-01-22 20:01 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-01-22 19:59 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-01-22 19:58 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-01-22 19:57 163,840 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-01-22 19:53 503,808 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-01-22 13:42 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2007-01-23 11:46 312 ----a-w C:\Documents and Settings\Media\Application Data\bbbconfig.dat
2007-02-25 15:48 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-20_13.56.45.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-20 11:52:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-20 14:06:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-20 14:06:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30 249856]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-10-04 12:38 163840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:51 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-03 13:33 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinNC - Launch WinNC - multiplelicense (external programming station).lnk]
backup=C:\WINDOWS\pss\WinNC - Launch WinNC - multiplelicense (external programming station).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^3DO Registration.lnk]
backup=C:\WINDOWS\pss\3DO Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^H3 The Shadow of Death(TM).lnk]
backup=C:\WINDOWS\pss\H3 The Shadow of Death(TM).lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^MostFun.lnk]
backup=C:\WINDOWS\pss\MostFun.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2003-09-23 11:06 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 09:27 153136 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-09-29 22:58 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 13:20 227328 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-03-18 04:24 184320 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 23:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2006-05-18 08:27 16207872 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system32WXBP Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LIVESRV"=2 (0x2)
"VSSERV"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10317:TCP"= 10317:TCP:BitComet 10317 TCP
"10317:UDP"= 10317:UDP:BitComet 10317 UDP

R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2007-03-18 22:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-04-20 16:11:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-20 16:13:04
ComboFix-quarantined-files.txt 2008-04-20 14:12:26
ComboFix2.txt 2008-04-20 13:42:23
ComboFix3.txt 2008-04-20 11:57:05

Pre-Run: 4,649,091,072 bytes free
Post-Run: 4,636,364,800 bytes free

217

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hajde idemo opet samo sada sa ovim skriptom. Pusti novi log. Mislim da ne bi trebalo više da se pojavljuje ništa novo a maliciozno.

File::
C:\WINDOWS\SYSTEM32\winopn32.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32]