Provera sistem zbog virusa...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

* Pre 7-8 dana sam preko MSN-a prihvatio od prijatelja sliku, i nakon sto sam preuzeo sliku - komp je poludeo - !!! A slika nije se ni skinula!

* MSN ne moze da se instalira (sam od sebe se unistalirao)... baguje mozila.

to je to za sada

P.S. nisam uspeo slike da snimim, ali valjda ce jos koja da iskoci pa cu snimiti i poslati.

Hvala

************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:38 PM, on 2/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Windows Live Messenger Khalid Edition v5.1\msnmsgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Korisnik\Desktop\Ne diraj ME!\TR3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RGSC] C:\GAMES\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: cleantemp.bat
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Korisnik\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7809 bytes

************************************************************





mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.




Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png




ComboFix 09-02-19.01 - Korisnik 2009-02-21 22:59:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2834 [GMT 1:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Service_ISODrive


((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.

2009-02-21 16:34 . 2009-02-21 16:34 <DIR> d-------- c:\program files\Windows Live
2009-02-21 14:55 . 2009-02-21 14:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-21 14:54 . 2009-02-21 14:54 <DIR> d-------- c:\program files\Windows Live Messenger Khalid Edition v5.1
2009-02-20 16:32 . 2009-02-20 16:32 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Windows Search
2009-02-20 14:56 . 2009-02-20 14:56 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Search Settings
2009-02-18 00:27 . 2009-02-18 00:27 <DIR> d-------- c:\program files\Search Settings
2009-02-18 00:27 . 2009-02-18 00:27 <DIR> d-------- c:\program files\Dealio
2009-02-18 00:27 . 2009-02-18 00:27 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Dealio
2009-02-18 00:26 . 2005-02-24 12:10 2,084,864 --a------ c:\windows\system32\AudDesign.dll
2009-02-17 22:08 . 2009-02-17 22:21 <DIR> d-------- c:\program files\Rockstar Custom Tracks
2009-02-17 19:22 . 2009-02-17 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-14 20:36 . 2009-02-14 20:36 <DIR> d-------- c:\program files\FileZilla FTP Client
2009-02-14 20:36 . 2009-02-17 19:11 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\FileZilla
2009-02-14 20:26 . 2009-02-14 21:44 <DIR> d-------- c:\documents and settings\Korisnik\Contacts
2009-02-10 01:55 . 2009-02-10 01:55 <DIR> d-------- c:\windows\system32\xlive
2009-02-10 01:55 . 2009-02-20 16:03 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-02-10 00:19 . 2009-02-10 00:19 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2009-02-09 23:06 . 2009-02-09 23:06 <DIR> d-------- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2009-02-08 23:15 . 2009-02-19 20:44 49 --a------ c:\windows\NeroDigital.ini
2009-02-08 20:38 . 2008-04-14 00:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-02-08 20:31 . 2009-02-08 20:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\KONAMI
2009-02-08 19:07 . 2009-02-08 19:07 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Yahoo!
2009-02-08 19:07 . 2009-02-08 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-02-07 11:00 . 2009-02-07 11:00 <DIR> d-------- c:\program files\Yahoo!
2009-02-07 11:00 . 2009-02-07 11:00 <DIR> d-------- c:\program files\Common Files\Scanner
2009-02-07 11:00 . 2009-02-07 11:00 <DIR> d-------- c:\program files\Common Files\LogiShared
2009-02-07 11:00 . 2009-02-07 11:00 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Logitech
2009-02-07 11:00 . 2009-02-07 11:00 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-02-07 10:57 . 2009-02-07 11:00 <DIR> d-------- c:\program files\Logitech
2009-02-07 10:57 . 2009-02-07 10:57 <DIR> d-------- c:\program files\Common Files\Logitech
2009-02-07 10:57 . 2009-02-07 10:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2009-02-07 10:57 . 2007-04-11 15:33 1,419,024 --a------ c:\windows\system32\WdfCoInstaller01005.dll
2009-02-07 10:57 . 2007-04-23 04:00 163,840 --a------ c:\windows\system32\kemutb.dll
2009-02-07 10:57 . 2007-04-23 04:00 135,168 --a------ c:\windows\system32\KemUtil.dll
2009-02-07 10:57 . 2007-04-23 04:00 110,592 --a------ c:\windows\system32\KemWnd.dll
2009-02-07 10:57 . 2007-04-23 04:00 69,632 --a------ c:\windows\system32\KemXML.dll
2009-02-07 10:57 . 2007-04-11 15:32 56,080 --a------ c:\windows\KHALMNPR.Exe
2009-02-07 10:57 . 2007-04-11 15:32 36,112 --a------ c:\windows\system32\drivers\LMouFilt.Sys
2009-02-07 10:57 . 2007-04-11 15:32 34,832 --a------ c:\windows\system32\drivers\LHidFilt.Sys
2009-02-07 10:57 . 2007-04-11 15:32 20,496 --a------ c:\windows\system32\drivers\L8042Kbd.sys
2009-02-07 10:57 . 2009-02-07 10:57 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-07 10:57 . 2009-02-07 10:57 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-02-07 10:56 . 2009-02-07 10:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2009-02-06 23:07 . 2009-02-06 23:07 <DIR> d-------- c:\windows\system32\LogFiles
2009-02-06 23:07 . 2009-02-21 01:13 183,112 --a------ c:\windows\system32\PnkBstrB.exe
2009-02-06 23:07 . 2009-02-21 01:13 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-02-06 23:07 . 2009-02-06 23:07 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-02-06 22:47 . 2009-02-06 22:47 <DIR> d--hs---- c:\windows\ftpcache
2009-02-06 22:25 . 2009-02-10 00:03 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-02-06 22:24 . 2009-02-06 22:25 <DIR> d--h----- c:\windows\Icons
2009-02-06 22:22 . 2009-02-06 22:22 2,285,056 --a------ c:\windows\system32\TUKernel.exe
2009-02-06 22:12 . 2009-02-06 22:12 <DIR> d-------- c:\program files\OpenAL
2009-02-06 20:45 . 2008-04-22 14:09 32,384 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-02-06 20:45 . 2008-04-22 14:09 32,384 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-02-06 20:45 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-02-06 20:45 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-02-06 20:45 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-02-06 20:45 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-02-06 19:37 . 2009-02-06 19:37 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Disney Interactive Studios
2009-02-06 19:35 . 2009-02-10 14:22 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-02-06 19:35 . 2009-02-06 19:35 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Leadertech
2009-02-06 19:28 . 2009-02-06 19:28 <DIR> d-------- c:\windows\Logs
2009-02-06 19:28 . 2009-02-06 19:28 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\InstallShield
2009-02-06 19:28 . 2009-02-06 19:37 908 --a------ c:\windows\disney.ini
2009-02-06 19:18 . 2009-02-21 15:55 <DIR> d-------- C:\GAMES
2009-02-06 14:06 . 2009-02-06 14:06 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-06 14:06 . 2009-02-07 00:07 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Skype
2009-02-06 14:05 . 2009-02-06 14:06 <DIR> dr------- c:\program files\Skype
2009-02-06 14:05 . 2009-02-06 14:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-02-06 13:58 . 2009-02-20 17:51 <DIR> d-------- c:\documents and settings\Korisnik\Tracing
2009-02-06 13:42 . 2009-02-10 00:47 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\uTorrent
2009-02-06 13:30 . 2009-02-06 13:30 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-06 11:41 . 2009-02-06 11:41 <DIR> d-------- c:\program files\MSECache
2009-02-06 11:41 . 2009-02-06 13:55 <DIR> d-------- c:\program files\Microsoft
2009-02-06 11:41 . 2009-02-06 11:41 <DIR> d-------- c:\program files\Acro Software
2009-02-06 11:41 . 2007-07-12 22:33 87,552 --a------ c:\windows\system32\cpwmon2k.dll
2009-02-06 11:40 . 2009-02-06 11:40 <DIR> d-------- c:\program files\GPLGS
2009-02-06 11:34 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll
2009-02-06 11:34 . 2009-02-06 11:35 376 --a------ c:\windows\ODBC.INI
2009-02-06 11:33 . 2009-02-06 11:33 <DIR> d-------- c:\windows\SHELLNEW
2009-02-06 11:33 . 2009-02-06 11:33 <DIR> d-------- c:\program files\Microsoft.NET
2009-02-06 11:33 . 2009-02-06 11:40 <DIR> d-------- c:\program files\Microsoft Works
2009-02-06 11:33 . 2009-02-06 11:33 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-02-06 11:33 . 2009-02-06 11:33 <DIR> d-------- c:\program files\Common Files\L&H
2009-02-06 11:29 . 2009-02-06 11:44 <DIR> d-------- c:\program files\Unlocker
2009-02-06 11:29 . 2009-02-06 11:29 <DIR> d-------- c:\program files\FDRLab
2009-02-06 11:29 . 2009-02-06 14:36 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Desktopicon
2009-02-06 11:28 . 2009-02-17 19:13 <DIR> d-------- c:\program files\SpeedFan
2009-02-06 11:28 . 2009-02-06 11:28 <DIR> d-------- c:\program files\SIW
2009-02-06 11:28 . 2009-02-06 11:28 <DIR> d-------- c:\program files\Everest Ultimate Edition v.4.60.1509
2009-02-06 11:28 . 2009-02-06 11:28 45 --a------ c:\windows\system32\initdebug.nfo
2009-02-06 11:27 . 2009-02-06 11:27 <DIR> d-------- c:\program files\GPU-Z 0.3.1
2009-02-06 11:27 . 2009-02-06 11:27 <DIR> d-------- c:\program files\CPU-Z 1.49
2009-02-06 11:25 . 2009-02-06 11:25 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-02-06 11:25 . 2009-02-06 11:25 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\TuneUp Software
2009-02-06 11:25 . 2009-02-06 11:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-06 11:25 . 2009-02-06 11:25 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-02-06 11:25 . 2009-02-06 11:25 362,240 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-02-06 11:25 . 2008-11-12 16:44 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-02-06 11:24 . 2009-02-06 11:24 <DIR> d-------- c:\program files\Recuva
2009-02-06 11:24 . 2009-02-06 11:24 <DIR> d-------- c:\program files\CCleaner
2009-02-06 11:24 . 2009-02-14 02:09 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-06 11:24 . 2009-02-06 11:24 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-06 11:23 . 2009-02-06 11:24 <DIR> d-------- c:\program files\Winamp
2009-02-06 11:23 . 2009-02-06 11:23 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\ACD Systems
2009-02-06 11:22 . 2009-02-06 11:22 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-02-06 11:22 . 2009-02-06 11:22 <DIR> d-------- c:\program files\ACD Systems
2009-02-06 11:22 . 2009-02-06 11:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-06 11:21 . 2009-02-06 11:21 <DIR> d-------- c:\program files\CyberLink
2009-02-06 11:21 . 2009-02-06 11:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-02-06 11:21 . 2002-02-21 18:56 24,576 --a------ c:\windows\system32\msxml3a.dll
2009-02-06 11:20 . 2009-02-06 11:21 <DIR> d-------- c:\program files\The KMPlayer
2009-02-06 11:20 . 2009-02-17 22:11 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Ahead
2009-02-06 11:19 . 2009-02-06 11:19 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-02-06 11:16 . 2009-02-06 11:16 <DIR> d-------- c:\program files\Nero
2009-02-06 11:16 . 2009-02-06 11:16 <DIR> d-------- c:\program files\Common Files\Ahead
2009-02-06 11:16 . 2009-02-06 11:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-02-06 11:13 . 2009-02-06 11:13 <DIR> d-------- c:\program files\DAMN NFO Viewer
2009-02-06 11:13 . 2009-02-06 11:13 <DIR> d-------- c:\program files\CDBurnerXP
2009-02-06 11:13 . 2009-02-06 11:13 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\Canneverbe_Limited
2009-02-06 11:12 . 2009-02-06 11:12 <DIR> d-------- c:\program files\Process Explorer 11.32
2009-02-06 11:12 . 2009-02-06 11:12 <DIR> d-------- c:\program files\Defraggler
2009-02-06 11:11 . 2009-02-06 11:11 <DIR> d-------- c:\windows\system32\Adobe
2009-02-06 11:11 . 2009-02-06 11:11 <DIR> d-------- c:\program files\Java
2009-02-06 11:11 . 2009-02-06 11:11 73,728 --a------ c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 22:06 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-06 09:59 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-06 09:57 --------- d-----w c:\program files\Common Files\Adobe
2009-02-06 09:56 --------- d-----w c:\program files\VS Revo Group
2009-02-06 09:48 --------- d-----w c:\program files\AGEIA Technologies
2009-02-06 09:36 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-06 09:36 --------- d-----w c:\program files\ASUS
2009-02-06 09:34 --------- d-----w c:\program files\Marvell
2009-02-06 09:31 315,392 ----a-w c:\windows\HideWin.exe
2009-02-06 09:31 --------- d-----w c:\program files\Realtek
2009-02-06 09:17 --------- d-----w c:\program files\Intel
2009-02-06 09:13 --------- d-----w c:\documents and settings\Korisnik\Application Data\Windows Desktop Search
2009-02-06 09:08 --------- d-----w c:\program files\microsoft frontpage
2009-02-06 09:05 --------- d-----w c:\program files\Reference Assemblies
2009-02-06 09:05 --------- d-----w c:\program files\MSBuild
2009-02-06 09:02 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-06 09:00 --------- d-----w c:\program files\Windows Desktop Search
2009-02-06 08:59 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-29 18:27 151,592 ----a-w c:\windows\system32\drivers\mv61xx.sys
2009-01-15 07:19 6,301,248 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2006-06-24 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.

------- Sigcheck -------

2008-07-28 12:53 361600 038ca45522fe9b756efb90dbfa9141ea c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"RGSC"="c:\games\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe" [2009-02-10 306088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-08-04 226816]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-02-06 949376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 c:\windows\RTHDCPL.exe]

c:\documents and settings\Korisnik\Start Menu\Programs\Startup\
cleantemp.bat [2006-11-05 26]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"speedfan"=c:\program files\SpeedFan\speedfan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"d:\\=[NE DIRAJ ME]=\\uTorrent\\uTorrent.exe"=
"d:\\=[NE DIRAJ ME]=\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\GAMES\\Counter Strike 1.6\\hl.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\GAMES\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\GAMES\\Grand Theft Auto IV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\GAMES\\Grand Theft Auto IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\GAMES\\Grand Theft Auto IV\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Windows Live Messenger Khalid Edition v5.1\\msnmsgr.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2009-01-29 151592]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-02-06 15424]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-08-01 143467]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-02-06 603904]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2009-02-06 36864]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Compare Prices with &Dealio - c:\documents and settings\Korisnik\Application Data\Dealio\kb127\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
LSP: c:\windows\system32\imon.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\5si5j5gl.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-21 23:02:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1164)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\searchindexer.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2009-02-21 23:03:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-21 22:03:41

Pre-Run: 119,870,623,744 bytes free
Post-Run: 119,773,069,312 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=NSQOB0

287

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pa, ovo je čist kompjuter. Jedino što je diskutabilno su programi Dealio i Search Settings (koje možeš ukloniti iz Add/Remove programs, što je i preporučljivo sem u slučaju da si ih namerno instalirao).


Sem problema oko instalacije MSN Messenger-a, postoji li još neki problem?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Dealio i Search Settings nisam ja instalirao... obrisao cu ih
Za sada nema... u svakom slucaju hvala na pomoci i brzom pregledu.
Hvala jos jednom