Imam problem s nestajanjem ikona na desktopu,vidjela sam da je jedan korisnik imao slican problem pa se nadan da cete i meni pomoci.
ComboFix 08-05-21.3 - pc- 2008-05-24 18:27:10.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.198 [GMT 2:00]
Running from: D:\P r o g r a m i\Programi\programi 1\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\SuBKTvut.ini
C:\WINDOWS\system32\SuBKTvut.ini2
C:\WINDOWS\system32\tuvTKBuS.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.
2008-05-24 15:49 . 2008-05-24 15:57 250 --a------ C:\WINDOWS\gmer.ini
2008-05-24 01:25 . 2008-05-24 18:26 <DIR> d-------- C:\Program Files\Crawler
2008-05-24 00:25 . 2008-05-24 16:04 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-05-24 00:23 . 2008-05-24 16:04 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-05-24 00:23 . 2008-05-24 16:04 <DIR> d-------- C:\Documents and Settings\pc-\Application Data\Spyware Terminator
2008-05-24 00:23 . 2008-05-24 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-05-24 00:23 . 2008-05-24 00:23 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-24 00:03 . 2008-05-24 00:42 <DIR> d-------- C:\Program Files\StartupRun
2008-05-24 00:03 . 2008-05-24 00:03 39,424 --a------ C:\WINDOWS\zipinst.exe
2008-05-23 23:59 . 2008-05-23 23:59 <DIR> d-------- C:\Program Files\FileASSASSIN
2008-05-23 23:41 . 2008-05-23 23:41 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Std
2008-05-23 21:59 . 2008-05-23 21:59 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-05-23 21:59 . 2008-05-23 21:59 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-23 21:39 . 2008-05-23 22:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-23 19:17 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-05-23 19:17 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-05-23 19:17 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-05-22 23:38 . 2008-05-23 19:20 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-05-22 23:36 . 2008-05-23 00:24 <DIR> d-------- C:\Program Files\Symantec
2008-05-22 23:36 . 2006-09-03 00:21 108,728 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-22 23:36 . 2006-09-03 00:21 48,824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-22 22:39 . 2008-05-22 22:39 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-22 22:36 . 2008-05-22 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-22 22:26 . 2008-05-22 22:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-22 20:45 . 2008-05-22 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-22 16:56 . 2008-05-22 16:56 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-22 16:45 . 2008-05-22 18:03 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-22 01:30 . 2008-05-22 01:30 502 --a------ C:\WINDOWS\system32\EraserAHS.tlg
2008-05-22 01:18 . 2008-05-22 01:30 16 --a------ C:\WINDOWS\system32\coh.cache
2008-05-22 00:45 . 2008-05-24 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-21 22:22 . 2008-05-21 22:22 29,312 --------- C:\WINDOWS\system32\tuvUMffE.dll
2008-05-20 20:32 . 2008-05-20 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2008-05-14 00:58 . 2008-05-14 00:58 14,622 --a--c--- C:\WINDOWS\system32\muzika.xm
2008-05-07 01:01 . 2008-02-22 02:33 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl
2008-05-07 00:58 . 2008-05-07 01:01 <DIR> d-------- C:\Program Files\Java
2008-05-07 00:47 . 2008-05-07 00:47 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-30 19:55 . 2008-04-30 19:55 <DIR> d-------- C:\Program Files\Axis Communications
2008-04-28 22:47 . 2008-04-28 22:47 <DIR> d-------- C:\audiograbber
2008-04-28 22:36 . 2008-04-28 22:36 38 --a--c--- C:\WINDOWS\avisplitter.INI
2008-04-28 13:09 . 2008-05-20 21:26 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-04-28 13:09 . 2008-04-28 13:09 1,409 --a--c--- C:\WINDOWS\QTFont.for
2008-04-27 22:56 . 2008-04-27 22:56 <DIR> d-------- C:\Documents and Settings\pc-\Application Data\DivX
2008-04-26 01:18 . 2008-04-26 01:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-04-25 23:34 . 2008-04-25 23:34 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-04-25 23:34 . 2008-04-25 23:34 <DIR> d-------- C:\Program Files\ACD Systems
2008-04-25 23:34 . 2008-04-25 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-04-25 23:33 . 2008-04-26 01:17 <DIR> d-------- C:\Program Files\Uniblue
2008-04-24 22:56 . 2008-04-24 22:56 11 --a--c--- C:\WINDOWS\sys3a.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 23:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-28 20:25 --------- d-----w C:\Documents and Settings\pc-\Application Data\Skype
2008-04-28 20:23 --------- d-----w C:\Documents and Settings\pc-\Application Data\skypePM
2008-04-25 23:17 --------- d-----w C:\Documents and Settings\pc-\Application Data\Uniblue
2008-04-23 19:52 --------- d-----w C:\Program Files\Disney
2008-04-21 20:36 --------- d-----w C:\Documents and Settings\pc-\Application Data\IObit
2008-04-21 20:23 --------- d-----w C:\Program Files\IObit
2008-04-21 15:52 --------- d-----w C:\Program Files\Apple Software Update
2008-04-21 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-20 21:47 --------- d-----w C:\Documents and Settings\pc-\Application Data\iolo
2008-04-20 21:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-04-20 21:46 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-04-20 21:44 74,703 -c--a-w C:\WINDOWS\system32\mfc45.dll
2008-04-20 21:19 --------- d-----w C:\Program Files\Infinite Madness
2008-03-27 08:12 151,583 -c--a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-22 19:21 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-12-23 22:15 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2001-11-23 04:08 712,704 -c--a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-05-24_ 1.53.10.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 23:48:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-24 16:30:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-24 13:49:04 819,200 ----a-w C:\WINDOWS\gmer.dll
+ 2008-03-03 18:29:06 761,856 ----a-w C:\WINDOWS\gmer.exe
+ 2008-05-24 13:49:04 86,097 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09A78B33-C7F6-465D-9CCA-98D5B98B78CB}]
2008-05-21 22:22 29312 --------- C:\WINDOWS\system32\tuvUMffE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 09:04 84640]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-06 03:22 26248]
"SpywareTerminator"="C:\PROGRA~1\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-24 00:23 1817600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{09A78B33-C7F6-465D-9CCA-98D5B98B78CB}"= C:\WINDOWS\system32\tuvUMffE.dll [2008-05-21 22:22 29312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvUMffE]
tuvUMffE.dll 2008-05-21 22:22 29312 C:\WINDOWS\system32\tuvUMffE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-24 00:23]
S3 IODrvService;IODrvService;C:\IOCard\IODrv\Release\IODrv.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-05-22 21:46:43 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - pc-.job"
- C:\PROGRA~1\Norton AntiVirus\Navw32.exe
"2008-05-15 22:05:47 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-25 21:34:08 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-25 23:26:09 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-05-24 18:32:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tuvUMffE.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
.
**************************************************************************
.
Completion time: 2008-05-24 18:35:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-24 16:34:54
ComboFix2.txt 2008-05-24 15:09:03
ComboFix3.txt 2008-05-24 13:43:52
ComboFix4.txt 2008-05-24 13:24:50
ComboFix5.txt 2008-05-24 06:49:03
Pre-Run: 24,671,514,624 bytes free
Post-Run: 24,668,672,000 bytes free
177 --- E O F --- 2008-05-24 00:29:26
Logfile of HijackThis v1.99.1
Scan saved at 6:45:05 PM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\pc-\Desktop\PROGRAMI 1\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09A78B33-C7F6-465D-9CCA-98D5B98B78CB} - C:\WINDOWS\system32\tuvUMffE.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: tuvUMffE - C:\WINDOWS\SYSTEM32\tuvUMffE.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
|