Problem eiTahy (winlogon.exe)

Problem eiTahy (winlogon.exe)

offline
  • Pridružio: 24 Maj 2010
  • Poruke: 51
  • Gde živiš: PS:CS3

Zdravo svima,imam problem,sumnjam da je ovo neki malwer ili virus,kada startujem kompijuter,pojavi mi se ovo,



DSS izbacuje ovo:



DDS (Ver_10-03-17.01) - NTFSx86
Run by MARKO at 16:31:04.68 on Sun 07/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.603 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MARKO\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant =
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ??????? ?? ???????????: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
TB: {4C350B19-6CA1-4569-B14C-296D8D6535B2} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [HKCU] c:\windows\system32\install\winlogon.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Vistadrv]
mRun: [VIPv3_Auto_Update]
mRun: [run32] c:\windows\system32\run32dll.exe
mRun: [HKLM] c:\windows\system32\install\winlogon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
uExplorerRun: [Policies] c:\windows\system32\install\winlogon.exe
mExplorerRun: [Policies] c:\windows\system32\install\winlogon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\viarai~1.lnk - c:\program files\via\raid\raid_tool.exe
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: NoSMHelp = 1 (0x1)
mPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Notify: WB - c:\program files\alienguise\fastload.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
mASetup: {66DQ533A-FA4I-6D68-TS6A-058F33VEIQ5X} - c:\windows\system32\install\winlogon.exe

============= SERVICES / DRIVERS ===============

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-12-12 77312]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-14 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-14 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-14 267432]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-14 60936]
S1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2010-07-15 20:36:39 0 d-----w- c:\docume~1\alluse~1\applic~1\ZA_PreservedFiles
2010-07-15 20:23:16 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-07-15 20:23:06 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-07-15 20:23:05 0 d-----w- c:\windows\system32\ZoneLabs
2010-07-15 20:21:57 0 d-----w- c:\windows\Internet Logs
2010-07-15 20:04:50 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-15 12:44:27 0 d-sh--w- c:\documents and settings\marko\IECompatCache
2010-07-15 12:44:03 0 d-sh--w- c:\documents and settings\marko\PrivacIE
2010-07-15 12:42:52 0 d-sh--w- c:\documents and settings\marko\IETldCache
2010-07-15 12:40:00 0 dc-h--w- c:\windows\ie8
2010-07-14 15:34:07 0 d-----w- c:\docume~1\marko\applic~1\Avira
2010-07-14 15:28:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-14 15:28:09 0 d-----w- c:\program files\Avira
2010-07-14 15:28:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-07-14 11:16:53 0 d-----w- c:\docume~1\marko\applic~1\LimeWire
2010-07-14 11:16:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-07-14 11:16:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-07-14 10:41:13 0 d-----w- c:\program files\sXe Injected
2010-07-13 11:39:15 0 d-----w- C:\SC3d
2010-07-13 11:39:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-07 11:05:19 0 d-----w- c:\program files\CCleaner
2010-07-06 15:21:59 0 d-----w- c:\docume~1\marko\applic~1\Search Settings
2010-07-06 12:28:27 0 d-----w- c:\documents and settings\marko\Parts
2010-07-06 12:27:38 0 d-----w- c:\program files\Sidebar
2010-07-06 12:19:47 0 d-----w- c:\docume~1\marko\applic~1\TeamViewer
2010-07-05 19:32:36 0 d-----w- c:\program files\AKSoftware
2010-07-05 13:07:53 0 d-----w- c:\program files\Shock Utility
2010-07-05 13:07:46 65536 ----a-w- c:\windows\IFinst27.exe
2010-07-05 09:01:35 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-07-05 09:01:34 0 d-----w- c:\program files\Custom-Strike
2010-07-01 22:29:41 38848 ----a-w- c:\windows\avastSS.scr
2010-06-25 14:03:58 0 d-----w- c:\docume~1\marko\applic~1\BitTorrent
2010-06-21 16:40:50 0 d-----w- c:\program files\Search Settings
2010-06-21 16:40:44 0 d-----w- c:\program files\Application Updater
2010-06-21 16:39:53 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2010-06-21 16:39:49 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2010-06-21 16:39:49 208500 ----a-w- c:\windows\system32\ReyXpBasics.tlb
2010-06-21 16:39:49 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-06-21 16:39:48 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2010-06-21 16:39:48 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2010-06-21 16:39:48 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-06-21 16:39:47 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-06-21 16:39:47 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2010-06-21 16:39:47 0 d-----w- c:\docume~1\marko\applic~1\FreeFLVConverter
2010-06-21 16:26:50 0 d-----w- c:\docume~1\marko\applic~1\Toolbar4
2010-06-21 16:26:44 0 d-----w- c:\program files\HyCam2
2010-06-21 16:11:20 0 d-----w- c:\program files\BitLord
2010-06-20 18:45:08 0 d-----w- c:\docume~1\marko\applic~1\You-Tube

==================== Find3M ====================

2010-07-18 14:16:59 648293 ---ha-w- c:\docume~1\marko\applic~1\logs.dat
2010-05-31 14:02:01 111197 ----a-w- c:\windows\ELITE GL 1.0.exe
2010-05-31 14:02:00 24341 ----a-w- c:\windows\wsc.tmp
2010-05-31 14:02:00 24341 ----a-w- c:\program files\wsock32.dll
2010-05-31 14:02:00 24341 ----a-w- c:\program files\common files\wsock32.dll
2010-05-31 14:02:00 24064 ----a-w- c:\windows\trdl.dll
2010-05-31 14:01:59 640 ----a-w- c:\docume~1\marko\applic~1\rcx.dat
2010-05-28 12:47:17 19100 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-28 12:19:18 39424 ----a-w- c:\windows\zipinst.exe
2010-05-01 08:18:27 218624 ----a-w- c:\windows\system32\uxtheme.dll
2010-04-30 07:08:07 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-30 07:08:07 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-04-29 14:42:55 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 16:31:22.96 ===============

Attach.txt Arrow
mycity.rs/must-login.png


GMER: Arrow
mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pozdrav.



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 24 Maj 2010
  • Poruke: 51
  • Gde živiš: PS:CS3

Evo:

ComboFix 10-07-16.02 - MARKO 07/18/2010 19:11:00.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.600 [GMT 2:00]
Running from: c:\documents and settings\MARKO\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Zwunzi
c:\documents and settings\MARKO\Application Data\logs.dat
c:\documents and settings\MARKO\Recent\Thumbs.db
c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
c:\program files\Messenger\wsock32.dll
c:\program files\QuickTime\Plugins\npqtplugin2.dll
c:\program files\QuickTime\Plugins\npqtplugin3.dll
c:\program files\QuickTime\Plugins\npqtplugin4.dll
c:\program files\QuickTime\Plugins\npqtplugin5.dll
c:\program files\QuickTime\Plugins\npqtplugin6.dll
c:\program files\QuickTime\Plugins\npqtplugin7.dll
c:\program files\Search Settings
c:\program files\Search Settings\SeARchsettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\program files\Zwunzi
c:\program files\Zwunzi\uninstall.exe
c:\program files\Zwunzi\zwunzi.exe
c:\windows\explorer.backup
c:\windows\notepad.tmp
c:\windows\system32\install\winlogon.exe
c:\windows\system32\msssc.dll
c:\windows\system32\notepad.tmp
c:\windows\system32\Winbooterr
D:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZWUNZI_SERVICE


((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 )))))))))))))))))))))))))))))))
.

2010-07-15 20:36 . 2010-07-15 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles
2010-07-15 20:23 . 2010-07-15 20:23 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-07-15 20:23 . 2010-06-23 11:51 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-07-15 20:23 . 2010-06-23 11:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-07-15 20:23 . 2010-06-23 11:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-07-15 20:23 . 2010-07-15 20:36 -------- d-----w- c:\windows\system32\ZoneLabs
2010-07-15 20:21 . 2010-07-15 20:36 -------- d-----w- c:\windows\Internet Logs
2010-07-15 20:04 . 2010-07-15 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-15 12:44 . 2010-07-15 12:44 -------- d-sh--w- c:\documents and settings\MARKO\IECompatCache
2010-07-15 12:44 . 2010-07-15 12:44 -------- d-sh--w- c:\documents and settings\MARKO\PrivacIE
2010-07-15 12:42 . 2010-07-15 12:42 -------- d-sh--w- c:\documents and settings\MARKO\IETldCache
2010-07-15 12:40 . 2010-07-15 12:40 -------- dc-h--w- c:\windows\ie8
2010-07-14 15:34 . 2010-07-14 15:34 -------- d-----w- c:\documents and settings\MARKO\Application Data\Avira
2010-07-14 15:28 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-14 15:28 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-14 15:28 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-14 15:28 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-14 15:28 . 2010-07-14 15:28 -------- d-----w- c:\program files\Avira
2010-07-14 15:28 . 2010-07-14 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-14 11:16 . 2010-07-15 09:19 -------- d-----w- c:\documents and settings\MARKO\Application Data\LimeWire
2010-07-14 11:16 . 2010-07-14 11:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-07-14 11:15 . 2010-07-14 11:15 -------- d-----w- c:\program files\Java
2010-07-14 11:15 . 2010-07-14 11:15 152576 ----a-w- c:\documents and settings\MARKO\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-07-14 10:41 . 2010-07-14 10:41 -------- d-----w- c:\program files\sXe Injected
2010-07-13 11:39 . 2010-07-13 11:39 -------- d-----w- C:\SC3d
2010-07-13 11:39 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-07 11:05 . 2010-07-07 11:05 -------- d-----w- c:\program files\CCleaner
2010-07-06 15:21 . 2010-07-06 15:21 -------- d-----w- c:\documents and settings\MARKO\Application Data\Search Settings
2010-07-06 12:28 . 2010-07-06 12:28 -------- d-----w- c:\documents and settings\MARKO\Parts
2010-07-06 12:27 . 2010-07-06 12:28 -------- d-----w- c:\program files\Sidebar
2010-07-06 12:19 . 2010-07-06 12:19 -------- d-----w- c:\documents and settings\MARKO\Application Data\TeamViewer
2010-07-05 19:32 . 2010-07-05 19:32 -------- d-----w- c:\documents and settings\MARKO\Local Settings\Application Data\AKSoftware
2010-07-05 19:32 . 2010-07-05 19:32 -------- d-----w- c:\program files\AKSoftware
2010-07-05 13:07 . 2010-07-05 13:07 -------- d-----w- c:\program files\Shock Utility
2010-07-05 13:07 . 2010-07-05 13:07 65536 ----a-w- c:\windows\IFinst27.exe
2010-07-05 09:01 . 1998-06-17 22:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-07-05 09:01 . 2010-07-05 09:01 -------- d-----w- c:\program files\Custom-Strike
2010-07-01 22:29 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-25 14:03 . 2010-07-07 18:02 -------- d-----w- c:\documents and settings\MARKO\Application Data\BitTorrent
2010-06-24 11:30 . 2010-06-24 11:30 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-21 18:08 . 2010-07-09 11:22 -------- d-----w- c:\documents and settings\MARKO\Local Settings\Application Data\WMTools Downloaded Files
2010-06-21 16:40 . 2010-06-21 16:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-06-21 16:40 . 2010-06-21 16:40 -------- d-----w- c:\program files\Application Updater
2010-06-21 16:39 . 2010-06-01 16:39 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2010-06-21 16:39 . 2009-06-19 17:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-06-21 16:39 . 2009-06-19 17:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2010-06-21 16:39 . 2009-06-19 17:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-06-21 16:39 . 2010-06-21 16:40 -------- d-----w- c:\documents and settings\MARKO\Application Data\FreeFLVConverter
2010-06-21 16:39 . 2009-06-19 17:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-06-21 16:26 . 2010-07-07 10:57 -------- d-----w- c:\documents and settings\MARKO\Application Data\Toolbar4
2010-06-21 16:26 . 2010-06-21 16:26 -------- d-----w- c:\program files\HyCam2
2010-06-21 16:11 . 2010-07-07 11:00 -------- d-----w- c:\program files\BitLord
2010-06-20 18:45 . 2010-06-20 18:45 -------- d-----w- c:\documents and settings\MARKO\Application Data\You-Tube

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 15:34 . 2010-05-27 13:22 -------- d-----w- c:\program files\Text to Speech Maker
2010-07-14 15:15 . 2010-04-30 10:04 -------- d-----w- c:\program files\Alwil Software
2010-07-10 21:19 . 2010-04-29 15:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-08 09:26 . 2010-04-30 09:29 -------- d-----w- c:\program files\Google
2010-07-07 18:08 . 2010-04-29 15:42 -------- d-----w- c:\documents and settings\MARKO\Application Data\Ahead
2010-07-07 11:12 . 2010-05-26 13:06 -------- d-----w- c:\documents and settings\MARKO\Application Data\Media Player Classic
2010-07-07 11:07 . 2010-04-30 07:06 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-07-07 11:07 . 2010-04-30 07:06 -------- d-----w- c:\program files\ACD Systems
2010-07-07 11:05 . 2010-04-29 15:06 19408 ----a-w- c:\documents and settings\MARKO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-07 11:02 . 2010-05-02 18:03 -------- d-----r- c:\program files\Skype
2010-07-07 11:02 . 2010-05-02 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-07 11:02 . 2010-04-29 14:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-07 11:02 . 2010-04-30 07:08 -------- d-----w- c:\program files\CyberLink
2010-07-07 11:01 . 2010-04-30 07:08 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-07-07 11:00 . 2010-06-18 11:31 -------- d-----w- c:\program files\Cs 1.6 Color Scheme Editor v3.0 Final
2010-07-07 10:58 . 2010-04-30 14:41 -------- d-----w- c:\program files\Windows sidebar
2010-07-07 10:58 . 2010-06-08 19:36 -------- d-----w- c:\program files\ViSplore
2010-07-07 10:58 . 2010-06-08 19:38 -------- d-----w- c:\program files\ViGlance
2010-07-07 10:57 . 2010-05-23 16:57 -------- d-----w- c:\documents and settings\MARKO\Application Data\THQ
2010-07-07 10:55 . 2010-05-28 12:19 -------- d-----w- c:\program files\Finderbar 1.5
2010-07-07 10:55 . 2010-04-30 07:10 -------- d-----w- c:\program files\AIMP2
2010-07-07 10:54 . 2010-05-23 15:50 -------- d-----w- c:\program files\7-Zip
2010-07-06 19:23 . 2010-05-02 13:18 -------- d-----w- c:\documents and settings\MARKO\Application Data\AIMP
2010-07-05 12:53 . 2010-05-30 13:12 -------- d-----w- c:\program files\(zabranjeno)ed Steam
2010-06-21 20:03 . 2010-05-23 08:45 -------- d-----w- c:\documents and settings\MARKO\Application Data\ViStart
2010-06-19 19:48 . 2010-05-02 18:04 -------- d-----w- c:\documents and settings\MARKO\Application Data\Skype
2010-06-19 19:33 . 2010-05-02 18:07 -------- d-----w- c:\documents and settings\MARKO\Application Data\skypePM
2010-06-18 11:58 . 2010-06-18 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-06-14 18:57 . 2010-06-14 18:56 -------- d-----w- c:\program files\Windows Live
2010-06-14 18:56 . 2010-06-14 18:56 -------- d-----w- c:\program files\Microsoft
2010-06-13 11:08 . 2010-06-13 11:08 -------- d-----w- c:\program files\Stardock
2010-06-06 20:35 . 2010-05-12 21:32 16 ----a-w- c:\windows\popcinfo.dat
2010-06-02 15:52 . 2010-06-02 15:42 -------- d-----w- c:\program files\Styler
2010-06-02 15:43 . 2010-06-02 15:43 -------- d-----w- c:\documents and settings\MARKO\Application Data\Styler
2010-05-31 14:01 . 2010-05-31 14:01 640 ----a-w- c:\windows\rcx.dat
2010-05-31 14:01 . 2010-05-31 14:01 640 ----a-w- c:\documents and settings\MARKO\Application Data\rcx.dat
2010-05-28 12:47 . 2010-05-28 12:47 19100 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-28 12:47 . 2010-05-26 19:26 -------- d-----w- c:\documents and settings\MARKO\Application Data\Apple Computer
2010-05-28 12:46 . 2010-05-28 12:46 -------- d-----w- c:\program files\Common Files\Apple
2010-05-28 12:46 . 2010-05-28 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-05-28 12:19 . 2010-05-28 12:19 39424 ----a-w- c:\windows\zipinst.exe
2010-05-28 12:14 . 2010-05-28 12:14 -------- d-----w- c:\documents and settings\MARKO\Application Data\IconTweaker
2010-05-28 12:14 . 2010-05-28 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\IconTweaker
2010-05-26 12:38 . 2010-05-26 12:38 -------- d-----w- c:\documents and settings\MARKO\Application Data\AnvSoft
2010-05-23 16:58 . 2010-05-23 16:58 -------- d-----w- c:\program files\Common Files\DirectX
2010-05-05 21:19 . 2010-05-05 21:19 499712 ----a-w- c:\documents and settings\MARKO\Application Data\MessengerDiscovery 2\Plugins\CommandCollection.dll
2010-05-05 21:17 . 2010-05-05 21:17 13312 ----a-w- c:\documents and settings\MARKO\Application Data\MessengerDiscovery 2\Plugins\HackMdBar.dll
2010-05-02 18:07 . 2010-05-02 18:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-01 08:18 . 2008-04-14 04:42 218624 ----a-w- c:\windows\system32\uxtheme.dll
2010-04-30 09:32 . 2010-04-30 09:32 0 ----a-w- c:\windows\nsreg.dat
2010-04-30 08:58 . 2010-04-30 08:58 1956808 ----a-w- c:\documents and settings\MARKO\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-04-30 07:08 . 2010-04-30 07:08 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-30 07:08 . 2010-04-30 07:08 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-04-29 14:45 . 2010-04-29 14:45 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-29 14:42 . 2010-04-29 14:42 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-17 13529088]
"nwiz"="nwiz.exe" [2008-05-17 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-17 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2010-4-29 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKLM\~\startupfolder\C:^Documents and Settings^MARKO^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\MARKO\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-15 20:34 136176 ----atw- c:\documents and settings\MARKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-07-14 11:15 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
2010-04-30 14:39 167936 ----a-w- c:\program files\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\csuljka\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\bit torent skidac\\BitTorrent\\bittorrent.exe"=
"d:\\cs 1.6 obican\\CS 1.6 v42 FULL\\hl.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12/12/2003 5:49 PM 77312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/14/2010 5:28 PM 135336]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 12:51 AM 380928]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2010 11:29 AM 136176]
.
Contents of the 'Scheduled Tasks' folder

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 09:29]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 09:29]

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1757981266-1177238915-1003Core.job
- c:\documents and settings\MARKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-22 20:34]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1757981266-1177238915-1003UA.job
- c:\documents and settings\MARKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-22 20:34]

2010-07-18 c:\windows\Tasks\User_Feed_Synchronization-{9DA92150-382F-43E3-BEBD-663791F12270}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4C350B19-6CA1-4569-B14C-296D8D6535B2} - (no file)
HKLM-Run-Vistadrv - (no file)
HKLM-Run-VIPv3_Auto_Update - (no file)
HKLM-Run-run32 - c:\windows\system32\run32dll.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-RemoteControl9 - c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-TrueTransparency - c:\documents and settings\MARKO\Desktop\TrueTransparency\TrueTransparency.exe
MSConfigStartUp-ZoneAlarm Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
ActiveSetup-{66DQ533A-FA4I-6D68-TS6A-058F33VEIQ5X} - c:\windows\system32\install\winlogon.exe
AddRemove-Steam App 240 - c:\program files\(zabranjeno)ed Steam\steam.exe
AddRemove-Zwunzi - c:\program files\Zwunzi\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-07-18 19:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-1757981266-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'explorer.exe'(3456)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WgaTray.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2010-07-18 19:23:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-18 17:23

Pre-Run: 14,129,721,344 bytes free
Post-Run: 14,322,376,704 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - AA06061DE8E2EBEFF59275620C350FE7

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Otvoriti Notepad i iskopirati sledeci tekst:

DeQuarantine::
C:\Qoobox\Quarantine\C\program files\Internet Explorer\Plugins\npqtplugin2.dll.vir
C:\Qoobox\Quarantine\C\program files\Internet Explorer\Plugins\npqtplugin3.dll.vir
C:\Qoobox\Quarantine\C\program files\Internet Explorer\Plugins\npqtplugin4.dll.vir
C:\Qoobox\Quarantine\C\program files\Internet Explorer\Plugins\npqtplugin5.dll.vir
C:\Qoobox\Quarantine\C\program files\Internet Explorer\Plugins\npqtplugin6.dll.vir
C:\Qoobox\Quarantine\C\program files\Internet Explorer\Plugins\npqtplugin7.dll.vir
C:\Qoobox\Quarantine\C\program files\QuickTime\Plugins\npqtplugin2.dll.vir
C:\Qoobox\Quarantine\C\program files\QuickTime\Plugins\npqtplugin3.dll.vir
C:\Qoobox\Quarantine\C\program files\QuickTime\Plugins\npqtplugin4.dll.vir
C:\Qoobox\Quarantine\C\program files\QuickTime\Plugins\npqtplugin5.dll.vir
C:\Qoobox\Quarantine\C\program files\QuickTime\Plugins\npqtplugin6.dll.vir
C:\Qoobox\Quarantine\C\program files\QuickTime\Plugins\npqtplugin7.dll.vir
Quit::


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Kad odradiš po uputstvu napiši mi kakvo je stanje.

Ko je trenutno na forumu
 

Ukupno su 1385 korisnika na forumu :: 30 registrovanih, 7 sakrivenih i 1348 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Ageofloneliness, Asparagus, babaroga, Brana01, CikaKURE, comi_pfc, Dorcolac, Dukelander, FileFinder, Georgius, kolle.the.kid, ljuba, Lošmi, marsovac 2, Mi lao shu, Milos ZA, Mixelotti, Motocar, NoOneEver Dreams, oganj123, RJ, rodoljub, Skywhaler, Trpe Grozni, uruk, vathra, Vatreni Zmaj, Vlad000, yrraf, zlaya011