Molim za proveru loga...

Molim za proveru loga...

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 68

POzz,
Moj brat ima neki problem sa pokretanjem explorer.exe tokom podizanja sistema. Ima windows vistu. Nemoze da se podigne sistem, tj. automatski se ne podize sistem do kraja sam od sebe. Podigne se do login screena i kada se ulogujem pojavi se crna slika samo se vidi strelica. Pomocu task managera udjem u run i pokrenem: explorer.exe i onda nastavi da radi normalno. Sa NOD32 sam skenirao sve i pronaso mu 11 virusa. Imao je i neki virus explorasi.exe u Windows folderu. Mislim da je ceo ovaj problem zbog tog virusa. Ali taj virus je obrisan a exploer se i dalje ne pokrece sam vec mora manualno. Evo HiJackThis log file-a:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:25 PM, on 1/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\kex\Desktop\New Folder (2)\asdfjkl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....;pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.bearshare.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....;pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....;pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\Windows\eksplorasi.exe"
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE>
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0>
O1 - Hosts: <tr>
O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>
O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3>
O1 - Hosts: <tr>
O1 - Hosts: <td bgcolor=003399 colspan=2>
O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>
O1 - Hosts: </td>
O1 - Hosts: </tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1>
O1 - Hosts: <tr>
O1 - Hosts: <td valign=top width=229 bgcolor=ffffff>
O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>
O1 - Hosts: <tr bgcolor=white><td valign=top align=center>
O1 - Hosts: <form action="http://search.yahoo.com/search">
O1 - Hosts: <input size="14" name="p" value="">&nbsp;
O1 - Hosts: <input type="SUBMIT" value="Search">
O1 - Hosts: <font face=arial size=-2>•&nbsp;<a href="http://search.yahoo.com/search/options?p=">advanced search</a> •&nbsp;<a href="http://buzz.yahoo.com">most popular</a></font>
O1 - Hosts: </form></td></tr></table>
O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=ccccff><td>
O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font>
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td>
O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a>
O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.yahoo.com/ps/wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95.
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td align=right>
O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b>
O1 - Hosts: </td></tr>
O1 - Hosts: </table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: </td>
O1 - Hosts: <td width=1>&nbsp;</td>
O1 - Hosts: <td valign=top align=center width=445>
O1 - Hosts: <script language="JavaScript" type="text/javascript"
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr">
O1 - Hosts: </script>
O1 - Hosts: <noscript>
O1 - Hosts: <iframe
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff"
O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0
O1 - Hosts: vspace=0 frameborder=0 scrolling=no>
O1 - Hosts: </iframe>
O1 - Hosts: </noscript>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
O1 - Hosts: <font face=arial size=-2><A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
O1 - Hosts: </font></td></tr></table></td></tr></table>
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\Windows\ShellNew\sempalong.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Users\kex\AppData\Local\smss.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C11AE53-28A5-4AC7-BA9F-CD4109D7856C}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C11AE53-28A5-4AC7-BA9F-CD4109D7856C}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 16626 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Vidim u čemu je problem. Rešićemo... Smile


Privremeno isključi zaštitni softver pre pokretanja programa sa donjeg linka.



Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Nakon ovoga gore, potreban mi je i svež HijackThis logfile.

Takođe, aktiviraj prikaz skrivenih file-ova: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html

Klikni desnim tasterom na file C:\AUTOEXEC.BAT i izaberi opciju Edit.
File će se otvoriti u Notepad-u. Iskopiraj ovde njegov sadržaj.

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 68

EVo comboFix log filea:

ComboFix 09-01-05.02 - kex 2009-01-05 22:14:23.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1852 [GMT 1:00]
Running from: c:\users\kex\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.

2009-01-05 22:12 . 2009-01-05 22:12 <DIR> d-------- c:\users\kex\AppData\Roaming\GHISLER
2009-01-05 22:12 . 2009-01-05 22:12 <DIR> d-------- C:\totalcmd
2009-01-05 22:12 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2009-01-05 22:12 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2009-01-05 22:12 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2009-01-05 22:12 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2009-01-05 22:12 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2009-01-05 22:12 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2009-01-05 22:12 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2009-01-04 20:36 . 2009-01-04 20:36 <DIR> d-------- c:\users\All Users\ESET
2009-01-04 20:36 . 2009-01-04 20:36 <DIR> d-------- c:\programdata\ESET
2009-01-04 20:36 . 2009-01-04 20:36 <DIR> d-------- c:\program files\ESET
2009-01-04 18:58 . 2009-01-04 18:58 <DIR> d-------- c:\users\All Users\WindowsSearch
2009-01-04 18:58 . 2009-01-04 18:58 <DIR> d-------- c:\programdata\WindowsSearch
2009-01-04 18:03 . 2009-01-04 18:03 268 --ah----- C:\sqmdata02.sqm
2009-01-04 18:03 . 2009-01-04 18:03 244 --ah----- C:\sqmnoopt02.sqm
2009-01-04 18:00 . 2009-01-04 18:00 268 --ah----- C:\sqmdata01.sqm
2009-01-04 18:00 . 2009-01-04 18:00 244 --ah----- C:\sqmnoopt01.sqm
2009-01-04 17:55 . 2009-01-04 17:55 268 --ah----- C:\sqmdata00.sqm
2009-01-04 17:55 . 2009-01-04 17:55 244 --ah----- C:\sqmnoopt00.sqm
2008-12-23 12:13 . 2008-12-23 12:17 <DIR> d-------- c:\program files\BearShare
2008-12-23 12:13 . 2008-12-23 12:13 <DIR> d-------- C:\My Downloads
2008-12-21 21:57 . 2008-12-21 21:57 <DIR> d-------- c:\program files\Opera
2008-12-19 21:32 . 2008-12-19 21:32 <DIR> d-------- c:\program files\AnyClock
2008-12-19 21:31 . 1996-01-09 10:38 283,648 --a------ c:\windows\uninst.exe
2008-12-19 20:27 . 2008-12-19 20:27 <DIR> d-------- c:\users\kex\AppData\Roaming\Malwarebytes
2008-12-19 20:27 . 2008-12-19 20:27 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-19 20:27 . 2008-12-19 20:27 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-19 20:27 . 2009-01-04 18:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-19 20:27 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-19 20:27 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-19 18:39 . 2008-12-19 18:39 <DIR> d-------- c:\program files\MSN Messenger
2008-12-19 18:21 . 2008-12-19 18:23 131,072 --a------ c:\windows\System32\Ikeext.etl
2008-12-19 18:15 . 2008-12-19 18:16 169 --a------ c:\windows\adidsl.ini
2008-12-19 18:15 . 2008-12-19 18:15 21 --a------ c:\windows\Fast800.ini
2008-12-19 18:12 . 2008-12-19 18:12 <DIR> d-------- c:\users\kex\AppData\Roaming\InstallShield
2008-12-19 18:12 . 2008-12-19 18:12 <DIR> d-------- c:\program files\SAGEM
2008-12-15 10:00 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-15 10:00 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-15 10:00 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-15 10:00 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-15 10:00 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-15 10:00 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-15 10:00 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-15 10:00 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-15 10:00 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-12-11 22:59 . 2008-12-11 22:59 <DIR> d-------- c:\program files\Peer2Peer-EN
2008-12-11 22:59 . 2008-12-11 22:59 <DIR> d-------- c:\program files\Conduit
2008-12-11 22:41 . 2008-12-11 22:42 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-11 22:40 . 2008-12-11 22:40 <DIR> d-------- c:\program files\Windows Live
2008-12-11 22:39 . 2008-12-11 22:39 <DIR> d-------- c:\users\All Users\WLInstaller
2008-12-11 22:39 . 2008-12-11 22:39 <DIR> d-------- c:\programdata\WLInstaller
2008-12-11 22:11 . 2008-12-11 22:11 56 --ah----- c:\windows\System32\ezsidmv.dat
2008-12-11 19:29 . 2008-12-11 19:29 <DIR> d--hs---- c:\windows\ftpcache
2008-12-11 19:29 . 2008-12-11 19:29 287 --a------ c:\windows\game.ini
2008-12-11 19:20 . 2008-12-11 19:20 <DIR> d-------- c:\program files\Activision
2008-12-10 19:12 . 2008-12-10 19:12 <DIR> d-------- c:\program files\Sony Ericsson

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 19:00 --------- d-----w c:\users\kex\AppData\Roaming\LimeWire
2009-01-02 13:43 --------- d-----w c:\users\kex\AppData\Roaming\Skype
2009-01-02 13:36 --------- d-----w c:\users\kex\AppData\Roaming\U3
2009-01-02 12:33 --------- d-----w c:\users\kex\AppData\Roaming\skypePM
2008-12-19 20:06 --------- d-----w c:\programdata\Symantec
2008-12-19 20:06 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-19 17:36 --------- d-----w c:\users\kex\AppData\Roaming\MSNInstaller
2008-12-19 17:35 --------- d-----w c:\program files\Winamp
2008-12-19 17:15 32 ----a-w c:\windows\system32\drivers\adidsl.cfg
2008-12-19 17:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 14:46 --------- d-----w c:\programdata\WildTangent
2008-12-11 18:23 --------- d-----w c:\programdata\Google Updater
2008-11-21 16:15 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-21 15:59 --------- d-----w c:\users\kex\AppData\Roaming\Winamp
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-12-21 18:33 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-21 18:33 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-21 18:33 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-21 18:33 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-21 18:33 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-30 16:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-30 16:33 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-30 16:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPeer.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2008-09-15 06:47 1784856 --a------ c:\program files\Peer2Peer-EN\tbPeer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPeer.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPeer.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-20 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 129560]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-11 185896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"BearShare"="c:\program files\BearShare\BearShare.exe" [2006-07-26 3305472]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-09 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 12:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNav]
--a------ 2006-12-04 16:58 311296 c:\program files\Diamond Navigator\DNav.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-09 01:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2007-10-02 01:10 1783136 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-09-13 17:47 480560 c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
--a------ 2007-09-04 21:54 554320 c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-09-19 22:31 202032 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2007-12-20 03:27 468264 c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 20:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 20:54 21718312 c:\users\kex\Desktop\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 09:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2007-01-09 00:53 311296 c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 00:02 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FD70B73F-1FD2-4086-887E-17DB85C7E509}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{50E85B62-97D2-4CB1-89E3-E9E26263F4C2}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{750F4831-CFD0-48EB-966A-31F4D4A6793B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C43B89FB-672D-414B-AA5E-5A4CAB9028B5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CD52968A-5E2C-477F-9D1A-B0F2E2DF3423}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{BE633EB7-A30E-4995-9363-7D4D4E18BC94}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D5FBDF57-0801-4DB4-A9A7-89D36E454DC9}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A91C4F27-BD6C-4674-8847-A68274199BD1}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{979E409E-BDBF-4968-BBB6-C0E0E2C86B9A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{81D8D5B2-4F1A-43D0-8D06-27A98C00A3F5}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4D9BA8BA-CCA5-404E-AEA3-E31A8ECB2323}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EDA1AD85-CBEE-4E6E-90BC-AF66D2BADD2F}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{94CEE70B-0CAC-4C18-992F-0F451E16C6FF}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{3818592C-54BA-4FE7-9649-6AD0F873F0C0}c:\\kav\\kis\\setup.exe"= UDP:c:\kav\kis\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{A8F450F5-B032-440F-8A84-2FAF2DC9F2D2}c:\\kav\\kis\\setup.exe"= TCP:c:\kav\kis\setup.exe:Kaspersky Internet Security 7.0 Setup
"{7507DB90-1406-4927-B9E3-6C2B6545FC1F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{78D0BD0C-1D8A-4770-B608-5CE9BA52BA4E}"= UDP:c:\users\kex\Desktop\LimeWire\LimeWire.exe:LimeWire
"{9E427A1C-4D96-40ED-A628-3194167933E0}"= TCP:c:\users\kex\Desktop\LimeWire\LimeWire.exe:LimeWire
"{14D1B917-178C-4C66-8F6F-A1550F63ACD7}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{023EFA0E-4CF4-4B57-A020-ABEE2BB48FAB}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{301DC8B1-BB37-4E7D-88AF-F7B8F15FF0F7}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{25335228-E02A-4B93-9045-431F50C29E6F}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{A0ED4A6C-19A4-41CE-B0C8-5830C0EDF875}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{D87C6EF3-C8FE-468C-B2F5-0183DCD059B4}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{6FBCA691-9580-4AC7-AF86-3056FCBE2A8E}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{D7BBAE2D-904A-4CDF-BD44-73833926A92F}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{D94ABEA6-38B9-4494-BFBE-1B8B53F52F99}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5854D3BA-8803-43B7-B520-8D08CDF73421}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AB99A29F-1A50-4B0E-A108-7CBF8D577547}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{51558E51-5E59-42C0-A561-CDAE067FAA6D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{CBC2467F-F757-43B6-9EBA-EE2062A47BE4}c:\\program files\\winamp remote\\bin\\orbtray.exe"= UDP:c:\program files\winamp remote\bin\orbtray.exe:Orb
"UDP Query User{49CEED6D-852A-4C0D-B66B-2A47E4E1FA71}c:\\program files\\winamp remote\\bin\\orbtray.exe"= TCP:c:\program files\winamp remote\bin\orbtray.exe:Orb
"{588B7F15-8F3C-44C8-AC5B-785EB6A56181}"= UDP:c:\users\kex\Desktop\LimeWire\LimeWire.exe:LimeWire
"{B46C0BFB-874F-4EF3-9B98-C8A6B967590A}"= TCP:c:\users\kex\Desktop\LimeWire\LimeWire.exe:LimeWire
"{4B9932F7-B67F-47D4-87F0-17D9546A2F6F}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{3E8159D3-CD78-4CE8-821C-9AD73B41DEFD}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{825E1740-30CE-4769-A03F-B7E46CEB0D5F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{D5B69E26-B37C-41D6-8241-C921A21C92CD}c:\\users\\kex\\desktop\\skype.exe"= UDP:c:\users\kex\desktop\skype.exe:skype.exe
"UDP Query User{741D2CBB-8D61-45CC-9373-91C493A70C86}c:\\users\\kex\\desktop\\skype.exe"= TCP:c:\users\kex\desktop\skype.exe:skype.exe
"TCP Query User{746C3AF9-D2ED-41FC-A9B6-1988F4B10259}c:\\program files\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{924594B1-7577-47DA-8AA9-84AE1F2CE38C}c:\\program files\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare\bearshare.exe:BearShare

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-10-24 34824]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-24 468224]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\System32\drivers\e4usbaw.sys [2008-12-19 104344]
S4 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\System32\drivers\e4ldr.sys [2008-12-19 69656]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bd84b8c-8d87-11dd-ad38-001e687c9150}]
\shell\AutoRun\command - F:\wjlfhtfm.cmd
\shell\explore\Command - F:\wjlfhtfm.cmd
\shell\open\Command - F:\wjlfhtfm.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3efd9312-7c34-11dd-a231-001e687c9150}]
\shell\AutoRun\command - F:\SCVHSOT.exe
\shell\Open\command - F:\SCVHSOT.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62c9d984-8960-11dd-992d-001e687c9150}]
\shell\AutoRun\command - H:\wjlfhtfm.cmd
\shell\explore\Command - H:\wjlfhtfm.cmd
\shell\open\Command - H:\wjlfhtfm.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62c9d989-8960-11dd-992d-001e687c9150}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd7b4d1c-7a0e-11dd-8b1e-001e687c9150}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-01-05 c:\windows\Tasks\At1.job
- c:\users\kex\AppData\Roaming\Microsoft\Windows\Templates\Brengkolang.com []

2008-12-19 c:\windows\Tasks\HPCeeScheduleForkex.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-09-28 20:58]

2009-01-05 c:\windows\Tasks\User_Feed_Synchronization-{BE4E1E7C-606A-45BD-8265-1A36FAD112A8}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-kamsoft - c:\windows\system32\ckvo.exe
MSConfigStartUp-Orb - c:\program files\Winamp Remote\bin\OrbTray.exe
MSConfigStartUp-osCheck - c:\program files\Norton 360\osCheck.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/intl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {1C11AE53-28A5-4AC7-BA9F-CD4109D7856C} = 192.168.0.1
FF - ProfilePath -

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-05 22:16:18
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-05 22:17:36
ComboFix-quarantined-files.txt 2009-01-05 21:17:34

Pre-Run: 151,005,208,576 bytes free
Post-Run: 150,987,808,768 bytes free

287 --- E O F --- 2008-12-19 17:43:53



Evo svezeg HiJackThis log-a:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:04 PM, on 1/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Users\kex\Desktop\New Folder (2)\asdfjkl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.bearshare.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....;pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE>
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0>
O1 - Hosts: <tr>
O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>
O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3>
O1 - Hosts: <tr>
O1 - Hosts: <td bgcolor=003399 colspan=2>
O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>
O1 - Hosts: </td>
O1 - Hosts: </tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1>
O1 - Hosts: <tr>
O1 - Hosts: <td valign=top width=229 bgcolor=ffffff>
O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>
O1 - Hosts: <tr bgcolor=white><td valign=top align=center>
O1 - Hosts: <form action="http://search.yahoo.com/search">
O1 - Hosts: <input size="14" name="p" value="">&nbsp;
O1 - Hosts: <input type="SUBMIT" value="Search">
O1 - Hosts: <font face=arial size=-2>•&nbsp;<a href="http://search.yahoo.com/search/options?p=">advanced search</a> •&nbsp;<a href="http://buzz.yahoo.com">most popular</a></font>
O1 - Hosts: </form></td></tr></table>
O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=ccccff><td>
O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font>
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td>
O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a>
O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.yahoo.com/ps/wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95.
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td align=right>
O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b>
O1 - Hosts: </td></tr>
O1 - Hosts: </table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: </td>
O1 - Hosts: <td width=1>&nbsp;</td>
O1 - Hosts: <td valign=top align=center width=445>
O1 - Hosts: <script language="JavaScript" type="text/javascript"
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr">
O1 - Hosts: </script>
O1 - Hosts: <noscript>
O1 - Hosts: <iframe
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff"
O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0
O1 - Hosts: vspace=0 frameborder=0 scrolling=no>
O1 - Hosts: </iframe>
O1 - Hosts: </noscript>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
O1 - Hosts: <font face=arial size=-2><A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
O1 - Hosts: </font></td></tr></table></td></tr></table>
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C11AE53-28A5-4AC7-BA9F-CD4109D7856C}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C11AE53-28A5-4AC7-BA9F-CD4109D7856C}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 15476 bytes


I evo autoexe.bat:

pause



Smile samo pause pise u autoexe.bat
To bi bilo to za sad...

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Preuzmi HostsXpert - Hosts File Manager.
Raspakuj HostsXpert.zip
Dvoklikom pokreni HostsXpert.exe
Ukoliko je dostupan, klikni na taster Make Writable? u gornjem levom uglu
Klikni na taster Restore MS Hosts File a zatim na taster OK
Zatvori program klikom na X
Napomena: Ukoliko koristiš modifikovani Hosts file, moraćeš željene stavke ponovo uneti




-------------------------------------------------------------------------------------



Arrow Ponovo otvori file autoexec.bat i obriši to što stoji u njemu.

Znači, treba da bude potpuno prazan. Snimi taj file (File > Save).



-------------------------------------------------------------------------------------



Arrow Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\Tasks\At1.job

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bd84b8c-8d87-11dd-ad38-001e687c9150}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3efd9312-7c34-11dd-a231-001e687c9150}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62c9d984-8960-11dd-992d-001e687c9150}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 68

ComboFix 09-01-05.02 - kex 2009-01-05 23:11:19.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1801 [GMT 1:00]
Running from: c:\users\kex\Desktop\ComboFix.exe
Command switches used :: c:\users\kex\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\Tasks\At1.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\At1.job

.
((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.

2009-01-05 22:12 . 2009-01-05 22:12 <DIR> d-------- c:\users\kex\AppData\Roaming\GHISLER
2009-01-05 22:12 . 2009-01-05 22:12 <DIR> d-------- C:\totalcmd
2009-01-05 22:12 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2009-01-05 22:12 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2009-01-05 22:12 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2009-01-05 22:12 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2009-01-05 22:12 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2009-01-05 22:12 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2009-01-05 22:12 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2009-01-04 20:36 . 2009-01-04 20:36 <DIR> d-------- c:\users\All Users\ESET
2009-01-04 20:36 . 2009-01-04 20:36 <DIR> d-------- c:\programdata\ESET
2009-01-04 20:36 . 2009-01-04 20:36 <DIR> d-------- c:\program files\ESET
2009-01-04 18:58 . 2009-01-04 18:58 <DIR> d-------- c:\users\All Users\WindowsSearch
2009-01-04 18:58 . 2009-01-04 18:58 <DIR> d-------- c:\programdata\WindowsSearch
2009-01-04 18:03 . 2009-01-04 18:03 268 --ah----- C:\sqmdata02.sqm
2009-01-04 18:03 . 2009-01-04 18:03 244 --ah----- C:\sqmnoopt02.sqm
2009-01-04 18:00 . 2009-01-04 18:00 268 --ah----- C:\sqmdata01.sqm
2009-01-04 18:00 . 2009-01-04 18:00 244 --ah----- C:\sqmnoopt01.sqm
2009-01-04 17:55 . 2009-01-04 17:55 268 --ah----- C:\sqmdata00.sqm
2009-01-04 17:55 . 2009-01-04 17:55 244 --ah----- C:\sqmnoopt00.sqm
2008-12-23 12:13 . 2008-12-23 12:17 <DIR> d-------- c:\program files\BearShare
2008-12-23 12:13 . 2008-12-23 12:13 <DIR> d-------- C:\My Downloads
2008-12-21 21:57 . 2008-12-21 21:57 <DIR> d-------- c:\program files\Opera
2008-12-19 21:32 . 2008-12-19 21:32 <DIR> d-------- c:\program files\AnyClock
2008-12-19 21:31 . 1996-01-09 10:38 283,648 --a------ c:\windows\uninst.exe
2008-12-19 20:27 . 2008-12-19 20:27 <DIR> d-------- c:\users\kex\AppData\Roaming\Malwarebytes
2008-12-19 20:27 . 2008-12-19 20:27 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-19 20:27 . 2008-12-19 20:27 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-19 20:27 . 2009-01-04 18:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-19 20:27 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-19 20:27 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-19 18:39 . 2008-12-19 18:39 <DIR> d-------- c:\program files\MSN Messenger
2008-12-19 18:21 . 2008-12-19 18:23 131,072 --a------ c:\windows\System32\Ikeext.etl
2008-12-19 18:15 . 2008-12-19 18:16 169 --a------ c:\windows\adidsl.ini
2008-12-19 18:15 . 2008-12-19 18:15 21 --a------ c:\windows\Fast800.ini
2008-12-19 18:12 . 2008-12-19 18:12 <DIR> d-------- c:\users\kex\AppData\Roaming\InstallShield
2008-12-19 18:12 . 2008-12-19 18:12 <DIR> d-------- c:\program files\SAGEM
2008-12-15 10:00 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-15 10:00 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-15 10:00 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-15 10:00 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-15 10:00 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-15 10:00 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-15 10:00 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-15 10:00 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-15 10:00 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-12-11 22:59 . 2008-12-11 22:59 <DIR> d-------- c:\program files\Peer2Peer-EN
2008-12-11 22:59 . 2008-12-11 22:59 <DIR> d-------- c:\program files\Conduit
2008-12-11 22:41 . 2008-12-11 22:42 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-11 22:40 . 2008-12-11 22:40 <DIR> d-------- c:\program files\Windows Live
2008-12-11 22:39 . 2008-12-11 22:39 <DIR> d-------- c:\users\All Users\WLInstaller
2008-12-11 22:39 . 2008-12-11 22:39 <DIR> d-------- c:\programdata\WLInstaller
2008-12-11 22:11 . 2008-12-11 22:11 56 --ah----- c:\windows\System32\ezsidmv.dat
2008-12-11 19:29 . 2008-12-11 19:29 <DIR> d--hs---- c:\windows\ftpcache
2008-12-11 19:29 . 2008-12-11 19:29 287 --a------ c:\windows\game.ini
2008-12-11 19:20 . 2008-12-11 19:20 <DIR> d-------- c:\program files\Activision
2008-12-10 19:12 . 2008-12-10 19:12 <DIR> d-------- c:\program files\Sony Ericsson

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 19:00 --------- d-----w c:\users\kex\AppData\Roaming\LimeWire
2009-01-02 13:43 --------- d-----w c:\users\kex\AppData\Roaming\Skype
2009-01-02 13:36 --------- d-----w c:\users\kex\AppData\Roaming\U3
2009-01-02 12:33 --------- d-----w c:\users\kex\AppData\Roaming\skypePM
2008-12-19 20:06 --------- d-----w c:\programdata\Symantec
2008-12-19 20:06 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-19 17:36 --------- d-----w c:\users\kex\AppData\Roaming\MSNInstaller
2008-12-19 17:35 --------- d-----w c:\program files\Winamp
2008-12-19 17:15 32 ----a-w c:\windows\system32\drivers\adidsl.cfg
2008-12-19 17:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 14:46 --------- d-----w c:\programdata\WildTangent
2008-12-11 18:23 --------- d-----w c:\programdata\Google Updater
2008-11-21 16:15 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-21 15:59 --------- d-----w c:\users\kex\AppData\Roaming\Winamp
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-12-21 18:33 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-21 18:33 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-21 18:33 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-21 18:33 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-21 18:33 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-30 16:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-30 16:33 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-30 16:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_22.16.37.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-05 12:53:41 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-05 21:16:30 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-01-05 12:54:06 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-05 21:16:23 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPeer.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2008-09-15 06:47 1784856 --a------ c:\program files\Peer2Peer-EN\tbPeer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPeer.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPeer.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-20 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 129560]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-11 185896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"BearShare"="c:\program files\BearShare\BearShare.exe" [2006-07-26 3305472]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-09 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 12:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNav]
--a------ 2006-12-04 16:58 311296 c:\program files\Diamond Navigator\DNav.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-09 01:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2007-10-02 01:10 1783136 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-09-13 17:47 480560 c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
--a------ 2007-09-04 21:54 554320 c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-09-19 22:31 202032 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2007-12-20 03:27 468264 c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 20:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 20:54 21718312 c:\users\kex\Desktop\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 09:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2007-01-09 00:53 311296 c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 00:02 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FD70B73F-1FD2-4086-887E-17DB85C7E509}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{50E85B62-97D2-4CB1-89E3-E9E26263F4C2}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{750F4831-CFD0-48EB-966A-31F4D4A6793B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C43B89FB-672D-414B-AA5E-5A4CAB9028B5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CD52968A-5E2C-477F-9D1A-B0F2E2DF3423}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{BE633EB7-A30E-4995-9363-7D4D4E18BC94}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D5FBDF57-0801-4DB4-A9A7-89D36E454DC9}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A91C4F27-BD6C-4674-8847-A68274199BD1}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{979E409E-BDBF-4968-BBB6-C0E0E2C86B9A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{81D8D5B2-4F1A-43D0-8D06-27A98C00A3F5}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4D9BA8BA-CCA5-404E-AEA3-E31A8ECB2323}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EDA1AD85-CBEE-4E6E-90BC-AF66D2BADD2F}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{94CEE70B-0CAC-4C18-992F-0F451E16C6FF}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{3818592C-54BA-4FE7-9649-6AD0F873F0C0}c:\\kav\\kis\\setup.exe"= UDP:c:\kav\kis\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{A8F450F5-B032-440F-8A84-2FAF2DC9F2D2}c:\\kav\\kis\\setup.exe"= TCP:c:\kav\kis\setup.exe:Kaspersky Internet Security 7.0 Setup
"{7507DB90-1406-4927-B9E3-6C2B6545FC1F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{78D0BD0C-1D8A-4770-B608-5CE9BA52BA4E}"= UDP:c:\users\kex\Desktop\LimeWire\LimeWire.exe:LimeWire
"{9E427A1C-4D96-40ED-A628-3194167933E0}"= TCP:c:\users\kex\Desktop\LimeWire\LimeWire.exe:LimeWire
"{14D1B917-178C-4C66-8F6F-A1550F63ACD7}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{023EFA0E-4CF4-4B57-A020-ABEE2BB48FAB}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{301DC8B1-BB37-4E7D-88AF-F7B8F15FF0F7}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{25335228-E02A-4B93-9045-431F50C29E6F}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{A0ED4A6C-19A4-41CE-B0C8-5830C0EDF875}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{D87C6EF3-C8FE-468C-B2F5-0183DCD059B4}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{6FBCA691-9580-4AC7-AF86-3056FCBE2A8E}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{D7BBAE2D-904A-4CDF-BD44-73833926A92F}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{D94ABEA6-38B9-4494-BFBE-1B8B53F52F99}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5854D3BA-8803-43B7-B520-8D08CDF73421}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AB99A29F-1A50-4B0E-A108-7CBF8D577547}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{51558E51-5E59-42C0-A561-CDAE067FAA6D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{CBC2467F-F757-43B6-9EBA-EE2062A47BE4}c:\\program files\\winamp remote\\bin\\orbtray.exe"= UDP:c:\program files\winamp remote\bin\orbtray.exe:Orb
"UDP Query User{49CEED6D-852A-4C0D-B66B-2A47E4E1FA71}c:\\program files\\winamp remote\\bin\\orbtray.exe"= TCP:c:\program files\winamp remote\bin\orbtray.exe:Orb
"{588B7F15-8F3C-44C8-AC5B-785EB6A56181}"= UDP:c:\users\kex\Desktop\LimeWire\LimeWire.exe:LimeWire
"{B46C0BFB-874F-4EF3-9B98-C8A6B967590A}"= TCP:c:\users\kex\Desktop\LimeWire\LimeWire.exe:LimeWire
"{4B9932F7-B67F-47D4-87F0-17D9546A2F6F}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{3E8159D3-CD78-4CE8-821C-9AD73B41DEFD}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{825E1740-30CE-4769-A03F-B7E46CEB0D5F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{D5B69E26-B37C-41D6-8241-C921A21C92CD}c:\\users\\kex\\desktop\\skype.exe"= UDP:c:\users\kex\desktop\skype.exe:skype.exe
"UDP Query User{741D2CBB-8D61-45CC-9373-91C493A70C86}c:\\users\\kex\\desktop\\skype.exe"= TCP:c:\users\kex\desktop\skype.exe:skype.exe
"TCP Query User{746C3AF9-D2ED-41FC-A9B6-1988F4B10259}c:\\program files\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{924594B1-7577-47DA-8AA9-84AE1F2CE38C}c:\\program files\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare\bearshare.exe:BearShare

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-10-24 34824]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-24 468224]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\System32\drivers\e4usbaw.sys [2008-12-19 104344]
S4 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\System32\drivers\e4ldr.sys [2008-12-19 69656]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62c9d989-8960-11dd-992d-001e687c9150}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd7b4d1c-7a0e-11dd-8b1e-001e687c9150}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-19 c:\windows\Tasks\HPCeeScheduleForkex.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-09-28 20:58]

2009-01-05 c:\windows\Tasks\User_Feed_Synchronization-{BE4E1E7C-606A-45BD-8265-1A36FAD112A8}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/intl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {1C11AE53-28A5-4AC7-BA9F-CD4109D7856C} = 192.168.0.1
FF - ProfilePath -

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-05 23:12:25
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-05 23:13:43
ComboFix-quarantined-files.txt 2009-01-05 22:13:41
ComboFix2.txt 2009-01-05 21:17:37

Pre-Run: 150,326,566,912 bytes free
Post-Run: 150,213,828,608 bytes free

280 --- E O F --- 2008-12-19 17:43:53

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

I, kakvo je sada stanje?

Startuje li Windows normalno?

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 68

Sad sve radi lepo. HVALA PUNO!!!

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Uradi sledeće:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore




To je sve.

Ko je trenutno na forumu
 

Ukupno su 767 korisnika na forumu :: 25 registrovanih, 7 sakrivenih i 735 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., AC-DC, alexmiki, arsa, Bane san, branko7, cenejac111, Cobi026, dragon986, Duh sa sekirom, hyla, janezek67, JOntra, kaisarevic1, Lieutenant, Marko Marković, Misirac, mnn2, raso76, srecko81, stegonosa, TITAN DUDIN JARAN, trajkoni018, Vlad000, vlvl