Potrebna pomoc!!!

Potrebna pomoc!!!

offline
  • Pridružio: 24 Apr 2007
  • Poruke: 31

Hvala unapred!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:26, on 30.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20544)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\fireserv\Apache\bin\Apache.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\fireserv\Apache\bin\Apache.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98Service.exe
c:\fireserv\mysql\bin\mysqld-nt.exe
C:\Windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Megatec\RUPS 2000\Rupsd.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\RTHDCPL.EXE
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Megatec\RUPS 2000\Rupsw32.EXE
C:\Program Files\BORGChat\BORGChat.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aleksandar\Desktop\Ambulanta\MarkoPolo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Windows\system32\dse235rgd0.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=110808 serial=DR12CRZ-5340246-NEM lang=EN
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Rapget] C:\Documents and Settings\Aleksandar\Desktop\rapget141\rapget.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [kxva] C:\Windows\system32\kxvo.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O4 - Global Startup: RUPS Daemon.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Fireserv - Apache Software Foundation - C:\fireserv\Apache\bin\Apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - CA - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: MySql - Unknown owner - c:\fireserv\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: PMounter - Unknown owner - C:\WINDOWS\system32\PMounter.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Rupsd - Mega System Technologies, Inc. - C:\Program Files\Megatec\RUPS 2000\Rupsd.exe

--
End of file - 10283 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...




Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 24 Apr 2007
  • Poruke: 31

ComboFix 08-10-30.09 - Aleksandar 2008-10-30 22:04:54.5 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1564 [GMT 1:00]
Running from: C:\Documents and Settings\Aleksandar\Desktop\Ambulanta\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Windows\system32\dse235rgd0.dll
C:\Windows\system32\kxvo.exe
C:\Windows\system32\mdm.exe
C:\Windows\system32\wedasgads0.dll
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
I:\Autorun.inf
J:\Autorun.inf
K:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.

2008-10-30 21:36 . 2005-10-05 16:44 170,220 -r-hs---- C:\dwg3gngs.exe
2008-10-28 13:52 . 2008-10-28 13:52 <DIR> d-------- C:\Program Files\Labcenter Electronics
2008-10-28 13:52 . 2008-10-28 13:52 <DIR> d-------- C:\Program Files\Common Files\Labcenter Electronics
2008-10-28 13:52 . 2005-10-18 16:36 1,048,576 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-10-25 15:36 . 2008-10-25 15:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-10-25 12:49 . 2008-10-25 12:49 <DIR> d-------- C:\Program Files\Spb Backup
2008-10-25 11:40 . 2006-12-08 11:23 90,112 --a------ C:\WINDOWS\RSetupCE.exe
2008-10-25 11:39 . 2008-10-25 11:39 <DIR> d-------- C:\Program Files\Resco
2008-10-24 15:01 . 2008-10-24 15:01 <DIR> d-------- C:\Documents and Settings\bubuleja\Application Data\Xfire
2008-10-24 10:31 . 2008-10-30 12:09 138,376 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-24 10:29 . 2008-10-30 12:09 182,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-10-24 10:28 . 2008-10-24 10:28 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-10-23 01:12 . 2008-10-23 01:12 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\Xfire
2008-10-20 09:25 . 2008-10-20 09:25 <DIR> d-------- C:\Documents and Settings\bubuleja\Application Data\DAEMON Tools
2008-10-20 08:32 . 2008-10-28 02:15 188 --a------ C:\WINDOWS\ERwin.INI
2008-10-19 19:18 . 2008-10-19 19:18 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-10-19 19:18 . 2008-10-19 19:18 262 --a------ C:\WINDOWS\game.ini
2008-10-16 01:53 . 2008-10-16 01:53 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\TuneUp Software
2008-10-16 01:52 . 2008-10-16 01:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-10-14 14:17 . 2008-10-14 14:17 <DIR> d-------- C:\Program Files\MSECache
2008-10-13 20:13 . 2007-08-14 20:57 5,632 --a------ C:\WINDOWS\system32\udcpm.dll
2008-10-13 20:12 . 2008-10-13 20:12 <DIR> dr------- C:\UDC Output Files
2008-10-13 20:12 . 2008-10-13 20:12 <DIR> d-------- C:\Program Files\Universal Document Converter
2008-10-12 14:12 . 2008-10-12 14:12 <DIR> d--hs---- C:\FOUND.008
2008-10-09 22:16 . 2008-10-09 22:16 <DIR> d--hs---- C:\FOUND.007
2008-10-09 14:02 . 2008-10-09 14:02 <DIR> d-------- C:\Program Files\Pcsx2
2008-10-09 10:17 . 2008-10-09 10:17 <DIR> d-------- C:\Program Files\EWB512
2008-10-09 02:47 . 2008-10-09 02:47 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-10-08 14:51 . 2008-10-08 14:51 <DIR> d-------- C:\Documents and Settings\bubuleja\Tracing
2008-10-05 22:39 . 2008-10-05 22:39 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\CA
2008-10-05 22:38 . 2008-10-05 22:38 <DIR> d-------- C:\Program Files\Common Files\CA
2008-10-05 22:38 . 2008-10-05 22:38 <DIR> d-------- C:\Program Files\CA
2008-10-01 22:33 . 2008-10-01 22:33 <DIR> d-------- C:\Documents and Settings\Aleksandar\Tracing
2008-10-01 22:15 . 2008-10-01 22:15 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-09-29 20:53 . 2008-09-29 20:53 <DIR> d-------- C:\Program Files\Lavalys
2008-09-28 17:12 . 2008-09-28 17:12 <DIR> d-------- C:\Program Files\BORGChat
2008-09-26 21:09 . 2008-09-26 21:09 <DIR> d-------- C:\Documents and Settings\Guest
2008-09-20 20:09 . 2008-09-21 16:41 75 --a------ C:\WINDOWS\Memory
2008-09-20 20:09 . 2008-09-21 16:37 74 --a------ C:\WINDOWS\Logic
2008-09-20 19:47 . 2008-09-21 16:30 76 --a------ C:\WINDOWS\Spatial
2008-09-20 19:43 . 2008-09-20 19:43 82 --a------ C:\WINDOWS\Getting Started.htm
2008-09-20 19:43 . 2008-09-21 16:29 78 --a------ C:\WINDOWS\Numerical
2008-09-20 19:43 . 2008-09-21 16:28 75 --a------ C:\WINDOWS\Verbal
2008-09-20 19:42 . 2008-09-21 16:28 454 --a------ C:\WINDOWS\0
2008-09-20 19:42 . 2008-09-21 16:28 73 --a------ C:\WINDOWS\Times New Roman
2008-09-16 21:37 . 2008-09-16 21:37 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-09-13 16:03 . 2008-09-13 16:03 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\Touchstone
2008-09-13 15:51 . 2008-09-13 15:51 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\Leadertech
2008-09-13 15:10 . 2008-09-18 18:32 120 --a------ C:\WINDOWS\disney.ini
2008-09-13 11:27 . 2008-09-13 11:27 <DIR> d-------- C:\Program Files\Atomic Alarm Clock
2008-09-11 19:30 . 2001-04-18 11:32 205,848 --a------ C:\WINDOWS\system32\Threed32.ocx
2008-09-11 07:25 . 2008-09-11 07:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-11 07:24 . 2008-09-11 07:24 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-09 21:15 . 2008-09-09 21:15 <DIR> d-------- C:\Program Files\OpenAL
2008-09-09 21:15 . 2008-01-29 12:53 782,336 -ra------ C:\WINDOWS\system32\tmp8D.tmp
2008-09-09 21:15 . 2008-01-29 12:53 782,336 -ra------ C:\WINDOWS\system32\tmp8C.tmp
2008-09-09 21:15 . 2008-09-09 21:15 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-09-09 21:15 . 2008-09-09 21:15 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-09-09 21:10 . 2008-09-09 21:10 <DIR> d--hs---- C:\FOUND.006
2008-09-09 21:05 . 2008-01-29 12:53 782,336 -ra------ C:\WINDOWS\system32\tmp9A8B.tmp
2008-09-09 18:13 . 2008-09-09 18:13 <DIR> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
2008-09-05 20:49 . 2008-09-05 20:49 <DIR> d-------- C:\Program Files\VDJ5
2008-09-05 15:29 . 2008-09-05 15:29 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-09-03 17:10 . 2008-09-03 17:10 42,805 --a------ C:\WINDOWS\FontData.fdb
2008-09-02 16:04 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-09-02 16:04 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-09-02 16:04 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-09-02 16:04 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-09-02 16:04 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-09-02 16:04 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-09-02 16:04 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-09-02 16:03 . 2008-09-02 16:03 <DIR> d-------- C:\WINDOWS\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 13:34 483,426 ----a-w C:\Windows\system32\glut32.dll
2008-07-05 10:17 155,648 ----a-w C:\Windows\system32\libssl32.dll
2008-03-18 22:03 47,360 ----a-w C:\Documents and Settings\Aleksandar\Application Data\pcouffin.sys
2008-01-12 17:41 22,328 ----a-w C:\Documents and Settings\Aleksandar\Application Data\PnkBstrK.sys
2008-01-11 19:18 32,768 --sha-w C:\Windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-01-11 19:18 32,768 --sha-w C:\Windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008011120080112\index.dat
2008-01-11 19:18 32,768 --sha-w C:\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2008-01-11 19:18 16,384 --sha-w C:\Windows\system32\config\systemprofile\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-09-11 1739264]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128]
"ctfmon.exe"="C:\Windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 1469952]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-11 155648]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

C:\Documents and Settings\Aleksandar\Start Menu\Programs\Startup\
BORGChat.lnk - C:\Program Files\BORGChat\BORGChat.exe [2005-08-21 933888]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RUPS Daemon.lnk - C:\Program Files\Megatec\RUPS 2000\Rupsw32.EXE [2008-07-17 32768]
Adobe Acrobat Speed Launcher.lnk - C:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-10-13 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Aleksandar^Start Menu^Programs^Startup^Pravoslavac 2008.lnk]
path=C:\Documents and Settings\Aleksandar\Start Menu\Programs\Startup\Pravoslavac 2008.lnk
backup=C:\windows\pss\Pravoslavac 2008.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2007-12-20 22:49 3116768 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 15:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 17:51 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-11 21:17 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>­Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Fireserv\\mysql\\bin\\mysql.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:mysql

R0 ViBus;ViBus;C:\Windows\system32\DRIVERS\ViBus.sys [2007-03-26 16896]
R0 videX32;videX32;C:\Windows\system32\DRIVERS\videX32.sys [2007-03-29 9216]
R0 ViPrt;VIA SATA IDE Device Driver;C:\Windows\system32\DRIVERS\ViPrt.sys [2007-03-26 52224]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R2 Fireserv;Fireserv;C:\fireserv\Apache\bin\Apache.exe [2002-05-06 20480]
R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2007-12-15 75016]
R2 UPS2501;UPS2501;C:\windows\system32\Drivers\ups2501.sys [2001-01-02 9351]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-02-27 42496]
R3 SNCP106;PC Camera (6009 CIF);C:\Windows\system32\DRIVERS\sncp106.sys [2002-12-27 243712]
S2 ups2501_xp;ups2501_xp;C:\windows\system32\Drivers\ups2501_XP.sys [2001-10-05 5344]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26652d66-9eea-11dd-8f66-0019664e5da7}]
\Shell\AutoRun\command - K:\dwg3gngs.exe
\Shell\explore\Command - K:\dwg3gngs.exe
\Shell\open\Command - K:\dwg3gngs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ea46176-1c54-11dd-8ecf-0019664e5da7}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc56d988-83fb-11dd-8f57-0019664e5da7}]
\Shell\AutoRun\command - K:\
\Shell\open\Command - rundll32.exe .\\domsrpcn.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcfaf7a2-c07d-11dc-8e5c-0019664e5da7}]
\Shell\AutoRun\command - M:\dwg3gngs.exe
\Shell\explore\Command - M:\dwg3gngs.exe
\Shell\open\Command - M:\dwg3gngs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d23e7bbf-a3c0-11dd-8f6a-0019664e5da7}]
\Shell\AutoRun\command - K:\dwg3gngs.exe
\Shell\explore\Command - K:\dwg3gngs.exe
\Shell\open\Command - K:\dwg3gngs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc8e218f-7dd7-11dd-8f53-0019664e5da7}]
\Shell\AutoRun\command - K:\hni.cmd
\Shell\explore\Command - K:\hni.cmd
\Shell\open\Command - K:\hni.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4c3d6d3-030b-11dd-8ebb-0019664e5da7}]
\Shell\AutoRun\command - K:\dwg3gngs.exe
\Shell\explore\Command - K:\dwg3gngs.exe
\Shell\open\Command - K:\dwg3gngs.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-24 C:\Windows\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Rapget - C:\Documents and Settings\Aleksandar\Desktop\rapget141\rapget.exe
HKLM-Run-UDC Integration - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Aleksandar\Application Data\Mozilla\Firefox\Profiles\zwomb72y.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ba/
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-30 22:32:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\explorer.exe
-> C:\Program Files\Atomic Alarm Clock\Clock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98Service.exe
C:\fireserv\mysql\bin\mysqld-nt.exe
C:\Windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Megatec\RUPS 2000\Rupsd.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Windows\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-10-30 22:34:40 - machine was rebooted
ComboFix2.txt 2008-04-16 18:24:30
ComboFix-quarantined-files.txt 2008-10-30 21:34:34

Pre-Run: 2.601.222.144 bytes free
Post-Run: 3,684,712,448 bytes free

273

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\dwg3gngs.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26652d66-9eea-11dd-8f66-0019664e5da7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc56d988-83fb-11dd-8f57-0019664e5da7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d23e7bbf-a3c0-11dd-8f6a-0019664e5da7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc8e218f-7dd7-11dd-8f53-0019664e5da7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4c3d6d3-030b-11dd-8ebb-0019664e5da7}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 24 Apr 2007
  • Poruke: 31

ComboFix 08-10-30.09 - Aleksandar 2008-10-30 22:50:27.6 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1446 [GMT 1:00]
Running from: C:\Documents and Settings\Aleksandar\Desktop\Ambulanta\ComboFix.exe
Command switches used :: C:\Documents and Settings\Aleksandar\Desktop\Ambulanta\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\dwg3gngs.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\dwg3gngs.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.

2008-10-28 13:52 . 2008-10-28 13:52 <DIR> d-------- C:\Program Files\Labcenter Electronics
2008-10-28 13:52 . 2008-10-28 13:52 <DIR> d-------- C:\Program Files\Common Files\Labcenter Electronics
2008-10-28 13:52 . 2005-10-18 16:36 1,048,576 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-10-25 15:36 . 2008-10-25 15:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-10-25 12:49 . 2008-10-25 12:49 <DIR> d-------- C:\Program Files\Spb Backup
2008-10-25 11:40 . 2006-12-08 11:23 90,112 --a------ C:\WINDOWS\RSetupCE.exe
2008-10-25 11:39 . 2008-10-25 11:39 <DIR> d-------- C:\Program Files\Resco
2008-10-24 15:01 . 2008-10-24 15:01 <DIR> d-------- C:\Documents and Settings\bubuleja\Application Data\Xfire
2008-10-24 10:31 . 2008-10-30 12:09 138,376 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-24 10:29 . 2008-10-30 12:09 182,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-10-24 10:28 . 2008-10-24 10:28 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-10-23 01:12 . 2008-10-23 01:12 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\Xfire
2008-10-20 09:25 . 2008-10-20 09:25 <DIR> d-------- C:\Documents and Settings\bubuleja\Application Data\DAEMON Tools
2008-10-20 08:32 . 2008-10-28 02:15 188 --a------ C:\WINDOWS\ERwin.INI
2008-10-19 19:18 . 2008-10-19 19:18 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-10-19 19:18 . 2008-10-19 19:18 262 --a------ C:\WINDOWS\game.ini
2008-10-16 01:53 . 2008-10-16 01:53 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\TuneUp Software
2008-10-16 01:52 . 2008-10-16 01:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-10-14 14:17 . 2008-10-14 14:17 <DIR> d-------- C:\Program Files\MSECache
2008-10-13 20:13 . 2007-08-14 20:57 5,632 --a------ C:\WINDOWS\system32\udcpm.dll
2008-10-13 20:12 . 2008-10-13 20:12 <DIR> dr------- C:\UDC Output Files
2008-10-13 20:12 . 2008-10-13 20:12 <DIR> d-------- C:\Program Files\Universal Document Converter
2008-10-12 14:12 . 2008-10-12 14:12 <DIR> d--hs---- C:\FOUND.008
2008-10-09 22:16 . 2008-10-09 22:16 <DIR> d--hs---- C:\FOUND.007
2008-10-09 14:02 . 2008-10-09 14:02 <DIR> d-------- C:\Program Files\Pcsx2
2008-10-09 10:17 . 2008-10-09 10:17 <DIR> d-------- C:\Program Files\EWB512
2008-10-09 02:47 . 2008-10-09 02:47 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-10-08 14:51 . 2008-10-08 14:51 <DIR> d-------- C:\Documents and Settings\bubuleja\Tracing
2008-10-05 22:39 . 2008-10-05 22:39 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\CA
2008-10-05 22:38 . 2008-10-05 22:38 <DIR> d-------- C:\Program Files\Common Files\CA
2008-10-05 22:38 . 2008-10-05 22:38 <DIR> d-------- C:\Program Files\CA
2008-10-01 22:33 . 2008-10-01 22:33 <DIR> d-------- C:\Documents and Settings\Aleksandar\Tracing
2008-10-01 22:15 . 2008-10-01 22:15 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-09-29 20:53 . 2008-09-29 20:53 <DIR> d-------- C:\Program Files\Lavalys
2008-09-28 17:12 . 2008-09-28 17:12 <DIR> d-------- C:\Program Files\BORGChat
2008-09-26 21:09 . 2008-09-26 21:09 <DIR> d-------- C:\Documents and Settings\Guest
2008-09-20 20:09 . 2008-09-21 16:41 75 --a------ C:\WINDOWS\Memory
2008-09-20 20:09 . 2008-09-21 16:37 74 --a------ C:\WINDOWS\Logic
2008-09-20 19:47 . 2008-09-21 16:30 76 --a------ C:\WINDOWS\Spatial
2008-09-20 19:43 . 2008-09-20 19:43 82 --a------ C:\WINDOWS\Getting Started.htm
2008-09-20 19:43 . 2008-09-21 16:29 78 --a------ C:\WINDOWS\Numerical
2008-09-20 19:43 . 2008-09-21 16:28 75 --a------ C:\WINDOWS\Verbal
2008-09-20 19:42 . 2008-09-21 16:28 454 --a------ C:\WINDOWS\0
2008-09-20 19:42 . 2008-09-21 16:28 73 --a------ C:\WINDOWS\Times New Roman
2008-09-16 21:37 . 2008-09-16 21:37 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-09-13 16:03 . 2008-09-13 16:03 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\Touchstone
2008-09-13 15:51 . 2008-09-13 15:51 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\Leadertech
2008-09-13 15:10 . 2008-09-18 18:32 120 --a------ C:\WINDOWS\disney.ini
2008-09-13 11:27 . 2008-09-13 11:27 <DIR> d-------- C:\Program Files\Atomic Alarm Clock
2008-09-11 19:30 . 2001-04-18 11:32 205,848 --a------ C:\WINDOWS\system32\Threed32.ocx
2008-09-11 07:25 . 2008-09-11 07:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-11 07:24 . 2008-09-11 07:24 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-09 21:15 . 2008-09-09 21:15 <DIR> d-------- C:\Program Files\OpenAL
2008-09-09 21:15 . 2008-01-29 12:53 782,336 -ra------ C:\WINDOWS\system32\tmp8D.tmp
2008-09-09 21:15 . 2008-01-29 12:53 782,336 -ra------ C:\WINDOWS\system32\tmp8C.tmp
2008-09-09 21:15 . 2008-09-09 21:15 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-09-09 21:15 . 2008-09-09 21:15 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-09-09 21:10 . 2008-09-09 21:10 <DIR> d--hs---- C:\FOUND.006
2008-09-09 21:05 . 2008-01-29 12:53 782,336 -ra------ C:\WINDOWS\system32\tmp9A8B.tmp
2008-09-09 18:13 . 2008-09-09 18:13 <DIR> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
2008-09-05 20:49 . 2008-09-05 20:49 <DIR> d-------- C:\Program Files\VDJ5
2008-09-05 15:29 . 2008-09-05 15:29 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-09-03 17:10 . 2008-09-03 17:10 42,805 --a------ C:\WINDOWS\FontData.fdb
2008-09-02 16:04 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-09-02 16:04 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-09-02 16:04 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-09-02 16:04 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-09-02 16:04 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-09-02 16:04 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-09-02 16:04 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-09-02 16:03 . 2008-09-02 16:03 <DIR> d-------- C:\WINDOWS\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 13:34 483,426 ----a-w C:\Windows\system32\glut32.dll
2008-07-05 10:17 155,648 ----a-w C:\Windows\system32\libssl32.dll
2008-03-18 22:03 47,360 ----a-w C:\Documents and Settings\Aleksandar\Application Data\pcouffin.sys
2008-01-12 17:41 22,328 ----a-w C:\Documents and Settings\Aleksandar\Application Data\PnkBstrK.sys
2008-01-11 19:18 32,768 --sha-w C:\Windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-01-11 19:18 32,768 --sha-w C:\Windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008011120080112\index.dat
2008-01-11 19:18 32,768 --sha-w C:\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2008-01-11 19:18 16,384 --sha-w C:\Windows\system32\config\systemprofile\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-09-11 1739264]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128]
"ctfmon.exe"="C:\Windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 1469952]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-11 155648]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

C:\Documents and Settings\Aleksandar\Start Menu\Programs\Startup\
BORGChat.lnk - C:\Program Files\BORGChat\BORGChat.exe [2005-08-21 933888]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RUPS Daemon.lnk - C:\Program Files\Megatec\RUPS 2000\Rupsw32.EXE [2008-07-17 32768]
Adobe Acrobat Speed Launcher.lnk - C:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-10-13 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Aleksandar^Start Menu^Programs^Startup^Pravoslavac 2008.lnk]
path=C:\Documents and Settings\Aleksandar\Start Menu\Programs\Startup\Pravoslavac 2008.lnk
backup=C:\windows\pss\Pravoslavac 2008.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2007-12-20 22:49 3116768 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 15:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 17:51 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-11 21:17 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>­Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Fireserv\\mysql\\bin\\mysql.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:mysql

R0 ViBus;ViBus;C:\Windows\system32\DRIVERS\ViBus.sys [2007-03-26 16896]
R0 videX32;videX32;C:\Windows\system32\DRIVERS\videX32.sys [2007-03-29 9216]
R0 ViPrt;VIA SATA IDE Device Driver;C:\Windows\system32\DRIVERS\ViPrt.sys [2007-03-26 52224]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R2 Fireserv;Fireserv;C:\fireserv\Apache\bin\Apache.exe [2002-05-06 20480]
R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2007-12-15 75016]
R2 UPS2501;UPS2501;C:\windows\system32\Drivers\ups2501.sys [2001-01-02 9351]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-02-27 42496]
R3 SNCP106;PC Camera (6009 CIF);C:\Windows\system32\DRIVERS\sncp106.sys [2002-12-27 243712]
S2 ups2501_xp;ups2501_xp;C:\windows\system32\Drivers\ups2501_XP.sys [2001-10-05 5344]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ea46176-1c54-11dd-8ecf-0019664e5da7}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcfaf7a2-c07d-11dc-8e5c-0019664e5da7}]
\Shell\AutoRun\command - M:\dwg3gngs.exe
\Shell\explore\Command - M:\dwg3gngs.exe
\Shell\open\Command - M:\dwg3gngs.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-24 C:\Windows\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-30 22:52:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-30 22:53:04
ComboFix3.txt 2008-04-16 18:24:30
ComboFix-quarantined-files.txt 2008-10-30 21:53:02
ComboFix2.txt 2008-10-30 21:34:44

Pre-Run: 3.637.395.456 bytes free
Post-Run: 3,621,797,888 bytes free

215

Dopuna: 30 Okt 2008 22:57

btw, imam jos malih problema sa NTLDR eror-om, kada restatrujem komp mi se dva puta desilo ali uz pomoc help-a sa neta i usb-a sam uspeo da udjem ponovo u windows. Da li ce mi se to stalno desavati?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Zamolio bih te da zipuješ (ili raruješ) kompletan folder: C:\Qoobox\Quarantine

i uploaduješ preko ovog linka: http://www.mycity.rs/ambulanta-upload.php


Citat:btw, imam jos malih problema sa NTLDR eror-om, kada restatrujem komp mi se dva puta desilo ali uz pomoc help-a sa neta i usb-a sam uspeo da udjem ponovo u windows. Da li ce mi se to stalno desavati?

Preciznije malo... Kada se to desilo? Sada u toku ovog postupka ili ranije?

Kakva greška je u pitanju? NTRDL is missing / corrupt ili nešto drugo?

offline
  • Pridružio: 24 Apr 2007
  • Poruke: 31

zipovao sam i poslao fajl Qoobox.rar



----------------

bilo je "NTRDL is missing"

i desilo se prije nego sto sam odlucio da potrazim vasu pomoc
i ovo je prvi put da mi se to desava, kada sam restartovao posle prvog postanja svog log file od:
"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:26, on 30.10.2008
"
ponovo mi se desilo da mi javlja da "NTRDL is missing"

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Skini ovaj file na Desktop: https://www.mycity.rs/must-login.png

Dvoklikni na njega i kada se pojavi upit, klikni Yes.


Što se tiče NTLDR-a... To se događa kada file bude obrisan/oštećen.

Zašto se to događa, teško je reći.

Ono što je vidljivo u logu jeste da su postojali određeni problemi sa diskom, tj. file sistem-om (oštećeni sektori, npr.) - to bi mogao da bude uzrok pomenutih problema.

Preporučio bih da odradiš proveru diska:

My Computer, desni klik na C disk, Properties: na Tools tabu, Check Now; u prozoru koji se otvori čekiraj obe opcije i klikni Start (biće potreban restart kompjutera kako bi se izvršio taj postupak).



Anyway... Ovo bi sada trebao biti čist kompjuter. Kako se tebi čini? Postoji li neki problem (sem ovoga gore koji nema veze sa malware-om)?

Ako misliš da je ok, uradi i sledeće:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

offline
  • Pridružio: 24 Apr 2007
  • Poruke: 31

Hvala puno na pomoci, za sada je OK. ne javlja mi vise NDRDL eror

Ko je trenutno na forumu
 

Ukupno su 632 korisnika na forumu :: 5 registrovanih, 2 sakrivenih i 625 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: cikadeda, havoc995, opt1, Srki94, vathra