Poludeo nasminkani XP

Poludeo nasminkani XP

offline
  • Pridružio: 28 Apr 2005
  • Poruke: 3686
  • Gde živiš: The Circle

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:27, on 13/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\WinFlip\WinFlip.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\Program Files\LClock\LClock.exe
D:\WINDOWS\tsnpstd3.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\EPoX\USDM\USDM.EXE
D:\WINDOWS\vsnpstd3.exe
D:\Program Files\HotKey\hotkey.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ViStart\ViStart.exe
D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\HooTech\NetMeter\HooNetMeter.exe
D:\Documents and Settings\AMDx64\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Adobe\Photoshop Elements 6ins\PhotoshopElementsFileAgent.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\WallCooler\WallCoolerService.exe
D:\PROGRA~1\HotKey\OSD.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\explorer.exe
J:\BEA\kolegicamasposlas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [WINFLIP] D:\Program Files\WinFlip\WinFlip.exe
O4 - HKLM\..\Run: [UnlockerAssistant] D:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [DriveSpace] D:\Program Files\Drive Space Indicator\DrvSpace.exe
O4 - HKLM\..\Run: [LClock] D:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [tsnpstd3] D:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [EPoXUSDM] "D:\Program Files\EPoX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [WallCooler] D:\Program Files\WallCooler\WallCoolerConsole.exe LOGIN
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Elements 6ins\apdproxy.exe"
O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [HotKey] D:\Program Files\HotKey\hotkey.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViStart] D:\Program Files\ViStart\ViStart
O4 - HKCU\..\Run: [VisualTaskTips] D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [VoipBuster] "D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NetMeter] D:\Program Files\HooTech\NetMeter\HooNetMeter.exe
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\AMDx64\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ViStart] D:\Program Files\ViStart\ViStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: BORGChat.lnk = D:\Program Files\BORGChat\BORGChat.exe
O4 - Startup: OpenOffice.org 2.4.lnk = D:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Psi.lnk = D:\Program Files\Psi\psi.exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{F321A863-657D-4907-8CD6-237599F3DB1C}: NameServer = 192.168.254.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 6ins\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Imapi Helper - Alex Feinman - D:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: lmab_device - Unknown owner - D:\WINDOWS\system32\LMabcoms.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WallCoolerService - Vedivi Ltd. - D:\Program Files\WallCooler\WallCoolerService.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,
65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,
6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

--
End of file - 11342 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


Tačno u čemu je problem?

offline
  • Pridružio: 28 Apr 2005
  • Poruke: 3686
  • Gde živiš: The Circle

Mnogo toga.... npr. iskljucuje se Quick launch toolbar, klik na bilo sta sa start menija ili q. launcha ne reaguje... IE se podize, ali ne otvara ni jedan sajt... i to samo hoce na start - run - iexplore... dok npr. MSN mesindzer nece ni tako... Confused
IE nece da se zatvori, mora da se ubija proces....

Opce rasulo.... zaglavi na minut-dva kada izadje poruka da je onaj nesretni Windows Sidebar\sidebar.exe puko' a to odmah prijavi po startu sistema...

Uradio sam i ComboFix, dugo je drndao i kao da sada normalnije radi sistem, ali nista nije obrisao pod 'other deletions' ...

Da kacim log?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Postavi log.

offline
  • Pridružio: 28 Apr 2005
  • Poruke: 3686
  • Gde živiš: The Circle

ComboFix 08-09-13.02 - AMDx64 2008-09-13 20:11:48.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.874.1.1033.18.583 [GMT 2:00]
Running from: D:\Documents and Settings\AMDx64\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-13 to 2008-09-13 )))))))))))))))))))))))))))))))
.

2008-09-05 20:24 . 2008-09-05 20:24 <DIR> d-------- D:\Program Files\Bonjour
2008-09-03 03:32 . 2008-09-03 03:32 <DIR> d-------- D:\Program Files\HooTech
2008-09-03 03:32 . 2008-09-03 03:32 <DIR> d-------- D:\Documents and Settings\AMDx64\Application Data\HTNetMeter
2008-09-02 15:27 . 2008-09-02 15:27 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\espionServerData
2008-08-31 00:22 . 2008-08-31 00:22 55,904 --a------ D:\WINDOWS\FontData.fdb
2008-08-31 00:19 . 2008-08-31 00:21 3,140 --ahs---- D:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-08-31 00:19 . 2008-08-31 00:19 8 -r-hs---- D:\Documents and Settings\All Users\Application Data\A9B75ECCB9.sys
2008-08-31 00:18 . 2008-08-31 00:19 <DIR> d-------- D:\Documents and Settings\AMDx64\Application Data\Corel
2008-08-31 00:15 . 2008-08-31 00:15 <DIR> d-------- D:\Program Files\Common Files\Protexis
2008-08-31 00:15 . 2008-08-31 00:15 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Corel
2008-08-31 00:13 . 2008-08-31 00:13 <DIR> d-------- D:\Program Files\Common Files\Corel
2008-08-28 14:53 . 2008-09-10 07:45 <DIR> d-------- D:\Documents and Settings\AMDx64\Application Data\gtk-2.0
2008-08-28 14:53 . 2008-08-28 14:53 <DIR> d-------- D:\Documents and Settings\AMDx64\.thumbnails
2008-08-28 14:48 . 2008-09-10 08:49 <DIR> d-------- D:\Documents and Settings\AMDx64\.gimp-2.4
2008-08-28 14:47 . 2008-08-28 14:48 <DIR> d-------- D:\Program Files\GIMP-2.0
2008-08-26 22:49 . 2008-09-11 03:07 <DIR> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-08-26 12:06 . 2008-08-26 12:06 <DIR> d-------- D:\Documents and Settings\AMDx64\Application Data\VoipBuster
2008-08-26 12:05 . 2008-08-26 12:05 <DIR> d-------- D:\Program Files\VoipBuster.com
2008-08-24 23:20 . 2008-06-24 18:43 74,240 --------- D:\WINDOWS\system32\dllcache\mscms.dll
2008-08-24 23:19 . 2008-07-07 22:26 253,952 --------- D:\WINDOWS\system32\dllcache\es.dll
2008-08-24 23:16 . 2008-05-01 16:33 331,776 --------- D:\WINDOWS\system32\dllcache\msadce.dll
2008-08-24 23:15 . 2008-04-11 21:04 691,712 --------- D:\WINDOWS\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 17:12 --------- d-----w D:\Program Files\WinFlip
2008-09-13 17:12 --------- d-----w D:\Program Files\ViStart
2008-09-13 17:12 --------- d-----w D:\Program Files\Drive Space Indicator
2008-09-12 17:20 --------- d-----w D:\Program Files\WallCooler
2008-09-11 18:29 --------- d-----w D:\Program Files\Ahead
2008-09-11 17:38 --------- d-----w D:\Documents and Settings\AMDx64\Application Data\OpenOffice.org2
2008-09-10 03:48 --------- d-----w D:\Documents and Settings\AMDx64\Application Data\Skype
2008-09-10 03:36 --------- d-----w D:\Documents and Settings\AMDx64\Application Data\skypePM
2008-09-10 01:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-07 15:02 --------- d-----w D:\Program Files\Java
2008-09-05 18:24 --------- d-----w D:\Program Files\Common Files\Adobe
2008-09-04 02:00 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-09-03 15:52 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-24 21:57 --------- d-----w D:\Program Files\Microsoft Silverlight
2008-08-10 03:43 --------- d-----w D:\Program Files\Webserver Stress Tool 7
2008-08-06 22:08 --------- d-----w D:\Program Files\Lexmark_HostCD
2008-08-06 22:08 --------- d-----w D:\Program Files\Lexmark
2008-07-29 05:01 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-07-29 05:01 --------- d-----w D:\Program Files\hotkey
2008-07-29 05:01 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-07-27 01:15 --------- d-----w D:\Documents and Settings\AMDx64\Application Data\.purple
2008-07-26 02:17 --------- d-----w D:\Program Files\Mozilla Thunderbird
2008-07-26 01:48 --------- d-----w D:\Documents and Settings\All Users\Application Data\pdf995
2008-07-18 20:10 94,920 ----a-w D:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w D:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w D:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w D:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w D:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w D:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w D:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w D:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w D:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w D:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w D:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w D:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w D:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w D:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w D:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w D:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w D:\WINDOWS\system32\muweb.dll
2008-07-17 02:02 --------- d-----w D:\Documents and Settings\AMDx64\Application Data\TeamViewer
2008-07-16 19:46 --------- d-----w D:\Program Files\Pidgin
2008-07-16 04:57 9,464 ------w D:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-16 04:57 9,336 ------w D:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-16 04:57 43,528 ------w D:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-16 04:57 129,784 ------w D:\WINDOWS\system32\pxafs.dll
2008-07-16 04:57 118,520 ------w D:\WINDOWS\system32\pxinsi64.exe
2008-07-16 04:57 116,472 ------w D:\WINDOWS\system32\pxcpyi64.exe
2008-07-15 21:37 --------- d-----w D:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-15 21:11 --------- d-----w D:\Program Files\MUP RS
2008-07-15 02:46 --------- d-----w D:\Program Files\Common Files\Macrovision Shared
2008-07-07 20:26 253,952 ----a-w D:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w D:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ----a-w D:\WINDOWS\system32\wmpeffects.dll
2008-06-24 08:57 3,592,192 ------w D:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ------w D:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w D:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w D:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w D:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 245,248 ----a-w D:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w D:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w D:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w D:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w D:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w D:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w D:\WINDOWS\system32\dllcache\bthport.sys
2008-02-27 10:42 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-05-24 02:15 32,768 --sha-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052420080525\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViStart"="D:\Program Files\ViStart\ViStart" [X]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"VisualTaskTips"="D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2007-08-15 36352]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Sidebar"="D:\Program Files\Windows Sidebar\sidebar.exe" [2007-08-29 1232384]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"VoipBuster"="D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2008-01-17 8811824]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NetMeter"="D:\Program Files\HooTech\NetMeter\HooNetMeter.exe" [2008-06-17 569344]
"Google Update"="D:\Documents and Settings\AMDx64\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINFLIP"="D:\Program Files\WinFlip\WinFlip.exe" [2007-11-02 462848]
"UnlockerAssistant"="D:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"DriveSpace"="D:\Program Files\Drive Space Indicator\DrvSpace.exe" [2007-11-10 247949]
"LClock"="D:\Program Files\LClock\LClock.exe" [2004-09-19 65536]
"tsnpstd3"="D:\WINDOWS\tsnpstd3.exe" [2007-03-30 262144]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"UpdReg"="D:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"EPoXUSDM"="D:\Program Files\EPoX\USDM\USDM.EXE" [2004-01-05 1016320]
"WallCooler"="D:\Program Files\WallCooler\WallCoolerConsole.exe" [2008-06-20 328192]
"Adobe Photo Downloader"="D:\Program Files\Adobe\Photoshop Elements 6ins\apdproxy.exe" [2007-09-11 67488]
"snpstd3"="D:\WINDOWS\vsnpstd3.exe" [2006-09-18 843776]
"HotKey"="D:\Program Files\HotKey\hotkey.exe" [2006-11-03 81920]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 D:\WINDOWS\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ViStart"="D:\Program Files\ViStart\ViStart" [X]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"Sidebar"="D:\Program Files\Windows Sidebar\sidebar.exe" [2007-08-29 1232384]
"VisualTaskTips"="D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2007-08-15 36352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-06-23 D:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Psi\\psi.exe"=
"D:\\Program Files\\BORGChat\\BORGChat.exe"=
"D:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\map&guide\\map&guide base\\bin\\MGBase.exe"=
"D:\\Program Files\\WallCooler\\WallCoolerService.exe"=
"D:\\Program Files\\WallCooler\\WallCoolerConsole.exe"=
"D:\\Documents and Settings\\AMDx64\\temp\\TeamViewer3\\TeamViewer.exe"=
"J:\\BEA\\jrockit_150_11\\bin\\javaw.exe"=
"J:\\BEA\\jdk150_11\\jre\\bin\\javaw.exe"=
"J:\\BEA\\jrockit_150_11\\bin\\java.exe"=
"D:\\WINDOWS\\system32\\LMabcoms.exe"=
"J:\\server\\xampplite\\apache\\bin\\apache.exe"=
"J:\\server\\xampplite\\mysql\\bin\\mysqld.exe"=
"D:\\Documents and Settings\\AMDx64\\Desktop\\UsbWebserver_en\\UsbWebserver\\Apache\\bin\\httpd_usb.exe"=
"D:\\Documents and Settings\\AMDx64\\Desktop\\UsbWebserver_en\\UsbWebserver\\Mysql\\bin\\mysqld-nt_usb.exe"=
"D:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"D:\\Documents and Settings\\AMDx64\\Desktop\\Thunder\\FlashFXP.v3.6.0.1240.(zabranjeno)ed-NoPE\\FlashFXP.v3.6.0.1240.(zabranjeno)ed-NoPE\\NoPE\\FlashFXP.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\WINDOWS\\system32\\ftp.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;D:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2006-02-26 16640]
R1 VBoxDrv;VirtualBox Service;D:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-04-30 55424]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;D:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-04-30 42048]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;D:\Program Files\Adobe\Photoshop Elements 6ins\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 PSI_SVC_2;Protexis Licensing V2;D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 WallCoolerService;WallCoolerService;D:\Program Files\WallCooler\WallCoolerService.exe [2008-06-20 187904]
R3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2007-06-29 42512]
S2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [ ]
S3 2WIREPCP;2Wire USB;D:\WINDOWS\system32\DRIVERS\2WirePCP.sys [2002-09-23 68672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

Notify-WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\AMDx64\Application Data\Mozilla\Firefox\Profiles\ok6pvv0v.default\
FF -: plugin - D:\Documents and Settings\AMDx64\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 20:14:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
.
Completion time: 2008-09-13 20:15:32
ComboFix-quarantined-files.txt 2008-09-13 18:15:25
ComboFix2.txt 2008-06-30 23:47:31

Pre-Run: 372,666,368 bytes free
Post-Run: 655,183,872 bytes free

238 --- E O F --- 2008-09-12 01:01:10

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ništa problematično ovde nema, tj. ništa maliciozno.

Problematično možda i ima - čini se kao da neki sistemski file-ovi ne postoje (obrisani su ili oštećeni).

Probaj da pokreneš System File Checker (Start> Run> sfc /scannow) ili odradi Repair Windowsa (ne mogu garantovati da će to da reši bilo koji od pomenutih problema).

offline
  • Pridružio: 28 Apr 2005
  • Poruke: 3686
  • Gde živiš: The Circle

Hvala Boro na odgovorima.


Sistem je svakako zreo za ubijanje, pa ce to da mu izleci sve muke Smile Ali posto je pocelo pucanje odjednom, kao kula od karata poceli da se baguju prozori, procesi... pomislio sam na nesto maliciozno.


Hvala jos jednom,

Pozdrav.

][V][

Ko je trenutno na forumu
 

Ukupno su 785 korisnika na forumu :: 31 registrovanih, 3 sakrivenih i 751 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aramis s, cemix, draganca, dragoljub11987, flash12, HrcAk47, ILGromovnik, Ilija Cvorovic, Insan, krkalon, krlebgd77, LUDI, Marko Marković, Milan A. Nikolic, milos.cbr, Misirac, mushroom, nikoladim, novator, Pavac, Polemarchoi, RJ, shone34, Steeeefan, Tenk, VJ, Vl veliki, Warhawk, wexy, Yellow Pinky