Mozda ima jos necega

Mozda ima jos necega

offline
  • Pridružio: 13 Jul 2007
  • Poruke: 363

Bio sam zarazen nekim trojancima, ne znam tacno kako se zovu, i bukvalno nisam mogao da pokrenem ni jedan program, nisam mogao da odem na internet i cak nisam mogao da iskljucim ili restartujem racunar (u task baru pokrene samo windowblinds a antivirus ne). Kada god sam hteo da pokrenem program izlazilo je upozorenje "(taj i taj program) is not valid Win32 application".
Otisao sam u safe mode i skenirao avastom koji je nasao trojance i obrisao ali opet nista nije radilo kada normalno pokrenem racunar. Potom sam u safe modu uradio oporavak sistema. Tada je radilo sve normalno, avastom sam opet skenirao i nasao je trojance koje sam stavio u karantin (mozda su isti kao iz predhodnog scana). 3xWin32:Delf-GVX i Win32:Trojan-gen{UPX}. E sad je problem u tome sto ja mislim da ima jos tu necega jer svaki put kada hocu da iskljucim racunar on pokazuje "End program-No Title".
Evp loga:

Logfile of HijackThis v1.99.1
Scan saved at 12:10:44, on 18.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\TIADSL~1\bin\win2k\tidslmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nemanja\Desktop\Nova fascikla\tr3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\TIADSL~1\bin\win2k\tidslmon.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=122407 serial=..... lang=EN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5C.....8215546181
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31163409-ADF7-46FC-A2F3-8A7BA4FDCCEC}: NameServer = 77.105.0.19 77.105.0.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{31163409-ADF7-46FC-A2F3-8A7BA4FDCCEC}: NameServer = 77.105.0.19 77.105.0.18
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll,wbsys.dll C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Skini ComboFix sa jedne od sledecih adresa:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

offline
  • Pridružio: 13 Jul 2007
  • Poruke: 363

Pozdrav i tebi.
Evo ComboFix loga:

ComboFix 07-12-19.2 - Nemanja 2007-12-18 23:29:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.544 [GMT 1:00]
Running from: C:\Documents and Settings\Nemanja\Desktop\ComboFix(2).exe
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\2.exe
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\drivers\sfsync02.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-17 18:25 . 2007-12-04 19:38 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-17 18:25 . 2007-12-04 19:38 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-17 18:25 . 2007-12-04 19:38 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-17 00:01 . 2007-12-17 00:01 268 --ah----- C:\sqmdata17.sqm
2007-12-17 00:01 . 2007-12-17 00:01 244 --ah----- C:\sqmnoopt17.sqm
2007-12-14 23:22 . 2007-12-14 23:24 <DIR> d-------- C:\Program Files\AoA Audio Extractor
2007-12-14 21:59 . 2007-12-14 21:59 <DIR> d-------- C:\Games
2007-12-14 19:18 . 2007-12-14 19:18 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2007-12-14 19:18 . 2007-12-14 19:18 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-12-14 19:18 . 2007-12-14 19:18 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-12-14 18:46 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-14 18:46 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-14 18:46 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-14 18:45 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-14 18:45 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-14 18:45 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-14 18:45 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-14 18:45 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:09 . 2007-12-11 22:09 <DIR> d-------- C:\Program Files\COMODO
2007-12-11 22:09 . 2007-12-11 22:09 <DIR> d-------- C:\Documents and Settings\Nemanja\Application Data\Comodo
2007-12-11 22:09 . 2007-12-14 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-12-09 11:12 . 2007-12-09 11:12 360,576 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-12-09 11:07 . 2007-12-09 11:07 <DIR> d-------- C:\WINDOWS\vbSkinner
2007-12-09 11:00 . 2007-12-09 13:06 <DIR> d-------- C:\Program Files\PFConfig
2007-12-04 23:45 . 2007-12-04 23:45 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2007-12-04 19:38 . 2007-12-04 19:38 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-04 19:38 . 2007-12-04 19:38 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-04 19:38 . 2007-12-04 19:38 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-04 19:35 . 2007-12-04 19:35 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-04 19:35 . 2007-12-04 19:35 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-04 15:20 . 2007-12-04 15:20 <DIR> d-------- C:\tmp99
2007-12-04 13:48 . 2007-12-04 13:48 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-04 13:36 . 2007-12-04 13:36 <DIR> d-------- C:\Documents and Settings\Nemanja\Application Data\JLC's Software
2007-12-04 13:25 . 2007-12-04 21:39 <DIR> d-------- C:\Program Files\Webteh
2007-12-04 13:25 . 2007-12-04 13:25 <DIR> d-------- C:\Documents and Settings\Nemanja\Application Data\BSplayer Pro
2007-12-04 13:25 . 2007-12-04 22:09 <DIR> d-------- C:\Documents and Settings\Nemanja\Application Data\BSplayer
2007-12-02 15:44 . 2007-12-02 15:44 268 --ah----- C:\sqmdata16.sqm
2007-12-02 15:44 . 2007-12-02 15:44 244 --ah----- C:\sqmnoopt16.sqm
2007-12-02 11:45 . 2007-12-02 11:45 268 --ah----- C:\sqmdata15.sqm
2007-12-02 11:45 . 2007-12-02 11:45 244 --ah----- C:\sqmnoopt15.sqm
2007-11-30 23:51 . 2007-11-30 23:51 <DIR> d-------- C:\Program Files\MSECache
2007-11-28 00:03 . 2007-12-03 13:46 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-26 00:08 . 2007-11-26 21:24 <DIR> d-------- C:\Program Files\KeyOPS
2007-11-24 18:33 . 2007-11-24 18:36 <DIR> d-------- C:\Program Files\BitLord
2007-11-21 19:37 . 2007-11-21 19:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-21 19:37 . 2007-11-21 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-21 12:20 . 2007-11-21 12:20 <DIR> d-------- C:\Program Files\Stardock
2007-11-19 17:54 . 2007-11-19 17:54 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-19 17:26 . 2007-11-19 17:53 <DIR> d-------- C:\Program Files\BMW M3 Challenge

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 10:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-17 20:55 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\BearShare
2007-12-17 17:35 --------- d-----w C:\Program Files\DivX
2007-12-14 22:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-14 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-14 12:00 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\uTorrent
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-10 22:39 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\LimeWire
2007-12-09 17:36 360,576 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-12-06 12:41 --------- d-----w C:\Program Files\Defcon
2007-12-04 13:38 --------- d-----w C:\Program Files\MSN Messenger
2007-12-04 12:48 --------- d-----w C:\Program Files\Common Files\Real
2007-12-03 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-02 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-29 17:22 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-22 21:59 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-19 20:57 --------- d-----w C:\Program Files\Starcraft
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 09:59 --------- d-----w C:\Program Files\a-squared Free
2007-11-12 21:03 --------- d-----w C:\Program Files\Google
2007-11-10 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-10 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 12:14 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Apple Computer
2007-11-09 11:35 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Teleca
2007-11-09 11:16 --------- d-----w C:\Program Files\Sony
2007-11-09 11:03 --------- d-----w C:\Program Files\QuickTime
2007-11-09 11:01 --------- d-----w C:\Program Files\Apple Software Update
2007-11-09 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-09 10:53 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-11-09 10:52 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-11-09 10:52 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Sony Ericsson
2007-11-09 10:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2007-11-09 10:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-11-09 10:51 --------- d-----w C:\Program Files\Sony Ericsson
2007-11-08 12:45 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Talkback
2007-11-08 12:44 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Thunderbird
2007-11-07 13:01 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\ESET
2007-11-07 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2007-11-06 14:05 --------- d-----w C:\Program Files\Image-Line
2007-11-06 12:50 --------- d-----w C:\Program Files\VstPlugins
2007-11-06 09:49 --------- d-----w C:\Program Files\PROS
2007-11-05 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-04 12:22 --------- d-----w C:\Program Files\Tall Emu
2007-11-01 14:16 --------- d-----w C:\Program Files\EA GAMES
2007-11-01 12:50 --------- d-----w C:\Program Files\BearShare Applications
2007-10-31 10:25 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2007-10-31 07:13 --------- d-----w C:\Program Files\YouTube Downloader
2007-10-27 18:23 --------- d-----w C:\Documents and Settings\User1\Application Data\Microsoft Games
2007-10-27 18:23 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Microsoft Games
2007-10-26 17:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nero
2007-10-26 10:59 --------- d-----w C:\Program Files\Quick Screen Capture
2007-10-23 13:53 --------- d-----w C:\Program Files\Alwil Software
2007-10-23 13:20 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-10-23 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2007-10-23 13:02 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\BearShare(2)
2007-10-22 07:51 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-10-21 19:35 --------- d-----w C:\Documents and Settings\Jelena\Application Data\AVG7
2007-10-20 11:01 --------- d-----w C:\Program Files\LimeWire
2007-01-19 15:43 56 --sh--r C:\WINDOWS\system32\7A4EB6551E.sys
2007-07-25 15:15 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 10:11]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 10:11]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"TIxDSL"="C:\PROGRA~1\TIADSL~1\bin\win2k\tidslmon.exe" [2002-08-27 11:37]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 12:39]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]
"MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2005-09-12 14:20]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-04 13:47]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-12-14 19:18]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2007-01-08 12:11:08]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 10:10:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-21 12:22 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll,wbsys.dll C:\WINDOWS\system32\guard32.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2002-01-24 14:25]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-14 19:18]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-14 19:18]
R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys [2005-06-10 09:42]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 08:51]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs []
R3 TIAU5CO;Actiontec Home DSL Modem(WAN) Service;C:\WINDOWS\system32\DRIVERS\TIAU5CO.sys [2002-04-02 12:06]
S3 akshasp;Aladdin HASP Key;C:\WINDOWS\system32\DRIVERS\akshasp.sys [2005-07-20 18:08]
S3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 22:58]
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 22:58]
S3 pohci13F;pohci13F;C:\DOCUME~1\Nemanja\LOCALS~1\Temp\pohci13F.sys []
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 12:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 12:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]
S3 SmartCd;SmartCd;C:\WINDOWS\system32\Drivers\SmartCd.sys [2002-01-19 17:00]
S3 TIAu5Bt;Actiontec Home DSL Modem Boot Device Service;C:\WINDOWS\system32\Drivers\tiau5bt.sys [2002-04-02 12:05]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 11:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4eeb5e3-2163-11dc-8e47-000795db2512}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 16:21:59 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-09 11:01:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 00:38:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2007-12-20 0:45:54 - machine was rebooted
.
2007-12-16 19:23:33 --- E O F ---

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
pohci13F

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4eeb5e3-2163-11dc-8e47-000795db2512}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 13 Jul 2007
  • Poruke: 363

Evo uradio sam kako si mi rekao:

ComboFix 07-12-19.2 - Nemanja 2007-12-20 12:21:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.549 [GMT 1:00]
Running from: C:\Documents and Settings\Nemanja\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nemanja\Desktop\CFScript.txt
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll


((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))
.

2007-12-17 18:25 . 2007-12-04 19:38 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-17 18:25 . 2007-12-04 19:38 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-17 18:25 . 2007-12-04 19:38 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-17 00:01 . 2007-12-17 00:01 268 --ah----- C:\sqmdata17.sqm
2007-12-17 00:01 . 2007-12-17 00:01 244 --ah----- C:\sqmnoopt17.sqm
2007-12-14 23:22 . 2007-12-14 23:24 <DIR> d-------- C:\Program Files\AoA Audio Extractor
2007-12-14 21:59 . 2007-12-14 21:59 <DIR> d-------- C:\Games
2007-12-14 19:18 . 2007-12-14 19:18 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2007-12-14 19:18 . 2007-12-14 19:18 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-12-14 19:18 . 2007-12-14 19:18 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-12-14 18:46 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-14 18:46 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-14 18:46 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-14 18:45 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-14 18:45 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-14 18:45 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-14 18:45 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-14 18:45 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:09 . 2007-12-11 22:09 <DIR> d-------- C:\Program Files\COMODO
2007-12-11 22:09 . 2007-12-11 22:09 <DIR> d-------- C:\Documents and Settings\Nemanja\Application Data\Comodo
2007-12-11 22:09 . 2007-12-14 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-12-09 11:12 . 2007-12-09 11:12 360,576 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-12-09 11:07 . 2007-12-09 11:07 <DIR> d-------- C:\WINDOWS\vbSkinner
2007-12-09 11:00 . 2007-12-09 13:06 <DIR> d-------- C:\Program Files\PFConfig
2007-12-04 23:45 . 2007-12-04 23:45 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2007-12-04 19:38 . 2007-12-04 19:38 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-04 19:38 . 2007-12-04 19:38 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-04 19:38 . 2007-12-04 19:38 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-04 19:35 . 2007-12-04 19:35 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-04 19:35 . 2007-12-04 19:35 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-04 15:20 . 2007-12-04 15:20 <DIR> d-------- C:\tmp99
2007-12-04 13:48 . 2007-12-04 13:48 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-04 13:36 . 2007-12-04 13:36 <DIR> d-------- C:\Documents and Settings\Nemanja\Application Data\JLC's Software
2007-12-04 13:25 . 2007-12-04 21:39 <DIR> d-------- C:\Program Files\Webteh
2007-12-04 13:25 . 2007-12-04 13:25 <DIR> d-------- C:\Documents and Settings\Nemanja\Application Data\BSplayer Pro
2007-12-04 13:25 . 2007-12-04 22:09 <DIR> d-------- C:\Documents and Settings\Nemanja\Application Data\BSplayer
2007-12-02 15:44 . 2007-12-02 15:44 268 --ah----- C:\sqmdata16.sqm
2007-12-02 15:44 . 2007-12-02 15:44 244 --ah----- C:\sqmnoopt16.sqm
2007-12-02 11:45 . 2007-12-02 11:45 268 --ah----- C:\sqmdata15.sqm
2007-12-02 11:45 . 2007-12-02 11:45 244 --ah----- C:\sqmnoopt15.sqm
2007-11-30 23:51 . 2007-11-30 23:51 <DIR> d-------- C:\Program Files\MSECache
2007-11-28 00:03 . 2007-12-03 13:46 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-26 00:08 . 2007-11-26 21:24 <DIR> d-------- C:\Program Files\KeyOPS
2007-11-24 18:33 . 2007-11-24 18:36 <DIR> d-------- C:\Program Files\BitLord
2007-11-21 19:37 . 2007-11-21 19:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-21 19:37 . 2007-11-21 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-21 12:20 . 2007-11-21 12:20 <DIR> d-------- C:\Program Files\Stardock

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 10:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-17 20:55 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\BearShare
2007-12-17 17:35 --------- d-----w C:\Program Files\DivX
2007-12-14 22:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-14 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-14 12:00 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\uTorrent
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-10 22:39 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\LimeWire
2007-12-09 17:36 360,576 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-12-06 12:41 --------- d-----w C:\Program Files\Defcon
2007-12-04 13:38 --------- d-----w C:\Program Files\MSN Messenger
2007-12-04 12:48 --------- d-----w C:\Program Files\Common Files\Real
2007-12-03 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-02 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-29 17:22 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-22 21:59 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-19 20:57 --------- d-----w C:\Program Files\Starcraft
2007-11-19 16:53 --------- d-----w C:\Program Files\BMW M3 Challenge
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 09:59 --------- d-----w C:\Program Files\a-squared Free
2007-11-12 21:03 --------- d-----w C:\Program Files\Google
2007-11-10 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-10 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 12:14 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Apple Computer
2007-11-09 11:35 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Teleca
2007-11-09 11:16 --------- d-----w C:\Program Files\Sony
2007-11-09 11:03 --------- d-----w C:\Program Files\QuickTime
2007-11-09 11:01 --------- d-----w C:\Program Files\Apple Software Update
2007-11-09 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-09 10:53 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-11-09 10:52 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-11-09 10:52 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Sony Ericsson
2007-11-09 10:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2007-11-09 10:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-11-09 10:51 --------- d-----w C:\Program Files\Sony Ericsson
2007-11-08 12:45 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Talkback
2007-11-08 12:44 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Thunderbird
2007-11-07 13:01 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\ESET
2007-11-07 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2007-11-06 14:05 --------- d-----w C:\Program Files\Image-Line
2007-11-06 12:50 --------- d-----w C:\Program Files\VstPlugins
2007-11-06 09:49 --------- d-----w C:\Program Files\PROS
2007-11-05 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-04 12:22 --------- d-----w C:\Program Files\Tall Emu
2007-11-01 14:16 --------- d-----w C:\Program Files\EA GAMES
2007-11-01 12:50 --------- d-----w C:\Program Files\BearShare Applications
2007-10-31 10:25 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2007-10-31 07:13 --------- d-----w C:\Program Files\YouTube Downloader
2007-10-27 18:23 --------- d-----w C:\Documents and Settings\User1\Application Data\Microsoft Games
2007-10-27 18:23 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\Microsoft Games
2007-10-26 17:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nero
2007-10-26 10:59 --------- d-----w C:\Program Files\Quick Screen Capture
2007-10-23 13:53 --------- d-----w C:\Program Files\Alwil Software
2007-10-23 13:20 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-10-23 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2007-10-23 13:02 --------- d-----w C:\Documents and Settings\Nemanja\Application Data\BearShare(2)
2007-10-22 07:51 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-10-21 19:35 --------- d-----w C:\Documents and Settings\Jelena\Application Data\AVG7
2007-10-20 11:01 --------- d-----w C:\Program Files\LimeWire
2007-01-19 15:43 56 --sh--r C:\WINDOWS\system32\7A4EB6551E.sys
2007-07-25 15:15 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-12-20_ 0.42.40.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-19 23:41:54 72,386 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-20 11:47:22 72,386 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-19 23:41:54 442,760 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-20 11:47:22 442,760 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-20 11:42:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_56c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 10:11]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 10:11]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"TIxDSL"="C:\PROGRA~1\TIADSL~1\bin\win2k\tidslmon.exe" [2002-08-27 11:37]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 12:39]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]
"MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2005-09-12 14:20]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-04 13:47]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-12-14 19:18]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 00:56]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2007-01-08 12:11:08]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 10:10:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-21 12:22 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll,wbsys.dll C:\WINDOWS\system32\guard32.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2002-01-24 14:25]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-14 19:18]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-14 19:18]
R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys [2005-06-10 09:42]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 08:51]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs []
R3 TIAU5CO;Actiontec Home DSL Modem(WAN) Service;C:\WINDOWS\system32\DRIVERS\TIAU5CO.sys [2002-04-02 12:06]
S3 akshasp;Aladdin HASP Key;C:\WINDOWS\system32\DRIVERS\akshasp.sys [2005-07-20 18:08]
S3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 22:58]
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 22:58]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 12:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 12:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]
S3 SmartCd;SmartCd;C:\WINDOWS\system32\Drivers\SmartCd.sys [2002-01-19 17:00]
S3 TIAu5Bt;Actiontec Home DSL Modem Boot Device Service;C:\WINDOWS\system32\Drivers\tiau5bt.sys [2002-04-02 12:05]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 11:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 16:21:59 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-09 11:01:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 12:44:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2007-12-20 12:49:53 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-20 00:45
.
2007-12-16 19:23:33 --- E O F ---

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

OK... Ovde više nema vidljivih tragova malware-a.

Da li sada primećuješ neke probleme?


Iskljucivanje System Restore-a

Na Desktopu, desni klik na My Computer.
Odaberite Properties.
Odaberite System Restore tab.
Stiklirajte Turn off System Restore.
Kliknite na dugme Apply.
Kliknite na dugme OK.



Restartuj kompjuter.


Ukljucivanje System Restore-a

Na Desktopu, desni klik na My Computer.
Odaberite Properties.
Odaberite System Restore tab.
Destiklirajte Turn off System Restore.
Kliknite na dugme Apply.
Kliknite na dugme OK.

offline
  • Pridružio: 13 Jul 2007
  • Poruke: 363

Nema vise nista neobicno. Samo da iskljucim i ukljucim System Restore.
U svakom slucaju jedno veliko HVALA!!! Nema sta, kvalitet i pouzdanost. Svaka cast.

Ko je trenutno na forumu
 

Ukupno su 811 korisnika na forumu :: 47 registrovanih, 5 sakrivenih i 759 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Alibaba1981, Arsenije, babaroga, bbogdan, Bobrock1, botta, branko7, Bubimir, bufanje, burevesnik, celik, Dorcolac, Fog of War, goxin, Griffon vulture, hyla, indja, janbo, Komentator, ladro, laurusri, Litostroton, MaksicZoran, Marko Marković, Mendonca, Milan A. Nikolic, nikoladim, Outis, Panter, pera bager, proleter373, raptorsi, rikirubio, Rocker, Stuka76, suton, theNedjeljko, Trpe Grozni, Van, Vlad000, Vlada1389, vladetije, vladom6, Voja1978, zlaya011, Zmaj Ognjeni Vuk