Umire mi komp..

1

Umire mi komp..

offline
  • Pridružio: 21 Feb 2006
  • Poruke: 408

Internet cas radi,cas ne radi,znaci nekad kliknem da mi otvori nesto sve bude ok,nekad nece ni da cuje... Ako idem na System Restore on radi neko vreme normalno,pa opet krene ista prica...
Hvala unapred na pomoci.

Evo loga:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:29:47, on 18.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\drivers\SbiCtr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dule\Desktop\he\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\SbiCtr.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SbiCtr.exe] C:\WINDOWS\system32\drivers\SbiCtr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Dule\Local Settings\Application Data\smss.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O24 - Desktop Component 0: (no name) - http://www.uzmime.com/banner728x90.gif

--
End of file - 8006 bytes

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pozdrav :


* Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin :
Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje).

* Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora;
* Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection.
* Na sledece pitanje klikni Yes.

Napomena: Ne zaboravi da ukljuciš ovu opciju po završetku cišcenja.



Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 21 Feb 2006
  • Poruke: 408

Evo loga:

ComboFix 09-01-17.03 - Dule 2009-01-18 1:07:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.336 [GMT 1:00]
Running from: c:\documents and settings\Dule\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 41


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Microsoft\backup.ftp

.
((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
.

2009-01-17 20:27 . 2009-01-18 00:14 34,861 --a------ C:\v2r6j2t8m8h7.exe
2009-01-17 20:26 . 2009-01-17 20:26 866,816 -r-hs---- c:\windows\system32\drivers\SbiCtr.exe
2009-01-15 21:52 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2009-01-14 17:33 . 2009-01-16 17:19 34,861 --a------ C:\x4j8n9a6p9t.exe
2009-01-14 15:08 . 2009-01-14 15:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2009-01-14 15:05 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2009-01-14 14:59 . 2009-01-14 14:59 <DIR> d--h----- c:\program files\Zero G Registry
2009-01-14 14:59 . 2009-01-14 14:59 <DIR> d-------- c:\program files\Sports Interactive
2009-01-14 14:58 . 2009-01-14 14:58 <DIR> d--h----- c:\documents and settings\Dule\InstallAnywhere
2009-01-14 14:52 . 2009-01-14 15:08 <DIR> d-------- c:\documents and settings\Dule\Application Data\Sports Interactive
2009-01-14 03:47 . 2009-01-11 00:04 657,408 -r-hs---- c:\windows\system32\drivers\alcomrg.exe
2009-01-13 14:43 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-12 13:49 . 2009-01-13 14:40 <DIR> d-------- c:\program files\BeoINFO
2009-01-12 13:49 . 2009-01-12 13:49 <DIR> d-------- c:\documents and settings\Dule\Application Data\FarStone
2009-01-12 13:44 . 2003-08-30 06:34 14,496 --a------ c:\windows\system32\VDI08X.dat
2009-01-12 13:43 . 2009-01-12 13:43 <DIR> d-------- c:\program files\FarStone
2009-01-09 14:56 . 2009-01-09 15:04 <DIR> d-------- c:\documents and settings\Dule\Application Data\BitTorrent
2009-01-09 14:55 . 2009-01-18 00:14 <DIR> d-------- c:\program files\DNA
2009-01-09 14:55 . 2009-01-09 14:55 <DIR> d-------- c:\program files\BitTorrent
2009-01-09 14:55 . 2009-01-09 14:55 <DIR> d-------- c:\program files\AskBarDis
2009-01-09 14:55 . 2009-01-18 01:04 <DIR> d-------- c:\documents and settings\Dule\Application Data\DNA
2009-01-09 12:44 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-09 12:42 . 2009-01-09 12:42 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-01-09 12:38 . 2009-01-09 12:38 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-08 22:30 . 2008-12-02 13:57 171,520 -r-hs---- c:\windows\system32\drivers\explore.exe
2009-01-07 23:37 . 2009-01-07 23:37 <DIR> d-------- c:\documents and settings\Dule\Application Data\CyberLink
2009-01-07 23:36 . 2009-01-07 23:36 <DIR> d-------- c:\program files\CyberLink
2009-01-07 23:36 . 2009-01-07 23:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-01-06 17:54 . 2009-01-06 17:54 <DIR> d-------- c:\program files\EA GAMES
2009-01-06 17:54 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-01-06 13:41 . 2009-01-06 13:41 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-01-04 16:04 . 2009-01-16 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-01-04 15:59 . 2009-01-04 16:04 <DIR> d-------- c:\program files\Google
2008-12-31 18:02 . 2008-12-31 18:02 <DIR> d-------- C:\Transporter 3
2008-12-30 11:14 . 2008-12-30 11:18 <DIR> d-------- c:\program files\Counter-Strike 1.6
2008-12-29 02:03 . 2008-12-29 02:02 737,280 --a------ c:\windows\iun6002.exe
2008-12-28 22:20 . 2008-12-28 22:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\engodsag.dk
2008-12-28 22:19 . 2008-12-28 23:08 <DIR> d-------- c:\program files\AidMaker
2008-12-28 22:19 . 2008-12-28 23:08 <DIR> d-------- c:\documents and settings\Dule\Application Data\AidMaker
2008-12-28 22:18 . 2008-12-28 23:08 <DIR> d-------- c:\program files\ChrisTV Lite(2)
2008-12-28 22:14 . 2008-12-28 23:08 <DIR> d-------- c:\program files\RelevantKnowledge
2008-12-28 18:31 . 2008-12-28 23:08 <DIR> d-------- c:\program files\Pinnacle
2008-12-28 18:30 . 2008-12-28 23:08 <DIR> d-------- c:\windows\Pinnacle PCTV Rave
2008-12-28 18:30 . 2008-12-29 02:03 <DIR> d-------- c:\program files\Codec Pack - All In 1
2008-12-27 04:05 . 2008-12-27 04:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2008-12-27 03:43 . 2009-01-14 13:19 <DIR> d-------- c:\documents and settings\Dule\Application Data\Red Alert 3
2008-12-27 03:39 . 2008-12-27 03:39 <DIR> dr-h----- c:\documents and settings\Dule\Application Data\SecuROM
2008-12-27 03:39 . 2008-12-27 03:39 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-27 03:15 . 2008-12-27 03:15 <DIR> d-------- c:\windows\Logs
2008-12-27 03:15 . 2008-12-27 03:15 <DIR> d-------- c:\program files\Electronic Arts
2008-12-27 03:15 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-12-27 03:15 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-12-27 03:15 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-12-27 03:15 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll
2008-12-27 03:15 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-12-27 03:15 . 2007-07-19 18:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll
2008-12-27 03:12 . 2008-12-27 03:12 <DIR> d-------- c:\documents and settings\Dule\Application Data\DAEMON Tools Pro
2008-12-27 03:12 . 2008-12-27 03:12 <DIR> d-------- c:\documents and settings\Dule\Application Data\DAEMON Tools
2008-12-27 03:10 . 2008-12-27 03:10 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-27 03:10 . 2008-12-27 03:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-27 03:08 . 2008-12-27 03:12 <DIR> d-------- c:\documents and settings\Dule\Application Data\DAEMON Tools Lite
2008-12-27 03:08 . 2008-12-27 03:08 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-26 23:34 . 2008-10-29 22:12 7,108,820,992 --a------ C:\rld-ra3.iso
2008-12-25 23:52 . 2008-12-25 23:52 <DIR> d-------- c:\windows\Sun
2008-12-25 21:17 . 2008-12-25 21:17 <DIR> d-------- c:\program files\PowerQuest
2008-12-25 21:16 . 2008-12-25 21:16 <DIR> d-------- C:\Biker BoyZ
2008-12-24 16:59 . 2008-12-29 19:54 <DIR> d-------- C:\counter strike
2008-12-22 23:02 . 2009-01-07 01:20 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-22 21:04 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-22 21:04 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-12-22 13:25 . 2008-12-22 13:25 <DIR> d-------- c:\documents and settings\Dule\Application Data\Windows Search
2008-12-22 12:28 . 2008-12-22 12:28 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-12-22 12:28 . 2008-12-28 00:05 <DIR> d-------- c:\program files\Windows Desktop Search
2008-12-22 11:23 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-12-22 03:40 . 2008-12-22 03:40 61,440 --a------ C:\poppy.exe
2008-12-21 23:19 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2008-12-21 23:18 . 2008-12-21 23:18 <DIR> d-------- c:\program files\%temp&
2008-12-21 23:05 . 2008-12-21 23:05 <DIR> d-------- c:\documents and settings\Dule\Application Data\ESET
2008-12-21 23:03 . 2008-12-21 23:03 <DIR> d-------- c:\program files\ESET
2008-12-21 22:57 . 2008-12-21 23:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-21 17:06 . 2009-01-18 00:14 <DIR> d-------- c:\documents and settings\Dule\Tracing
2008-12-21 17:03 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-21 16:31 . 2008-09-04 22:03 56,344 --a------ c:\windows\system32\drivers\fssfltr.sys
2008-12-21 16:27 . 2008-12-21 16:27 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-12-21 16:26 . 2008-12-21 16:26 <DIR> d-------- c:\program files\Microsoft
2008-12-21 16:20 . 2008-12-22 19:14 <DIR> d-------- c:\documents and settings\Dule\Application Data\123 Free Solitaire
2008-12-21 16:13 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-21 16:12 . 2008-12-21 16:12 <DIR> d-------- c:\program files\MSBuild
2008-12-21 16:12 . 2008-12-21 16:12 <DIR> d-------- c:\program files\Microsoft Works
2008-12-21 16:11 . 2008-12-21 16:11 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-12-21 16:05 . 2009-01-07 12:02 <DIR> d-------- c:\windows\SHELLNEW
2008-12-21 16:05 . 2008-12-22 23:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-21 16:04 . 2008-12-21 16:04 <DIR> dr-h----- C:\MSOCache
2008-12-21 15:17 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-21 15:17 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-21 15:17 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-21 15:07 . 2008-12-21 15:07 <DIR> d-------- c:\program files\Java
2008-12-21 15:07 . 2009-01-12 17:28 <DIR> d-------- c:\documents and settings\Dule\Application Data\LimeWire
2008-12-21 15:07 . 2008-12-21 15:07 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-21 15:07 . 2008-12-21 15:07 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-21 15:04 . 2008-12-21 15:04 <DIR> d-------- c:\program files\LimeWire
2008-12-21 14:58 . 2008-12-21 14:58 <DIR> d-------- c:\documents and settings\Dule\Contacts
2008-12-21 14:14 . 2008-12-21 14:14 260 --a------ C:\sqmdata01.sqm
2008-12-21 14:14 . 2008-12-21 14:14 212 --a------ C:\sqmnoopt03.sqm
2008-12-21 14:11 . 2008-12-21 14:11 236 --a------ C:\sqmnoopt01.sqm
2008-12-21 14:11 . 2008-12-21 14:11 200 --a------ C:\sqmnoopt02.sqm
2008-12-21 14:10 . 2008-12-21 14:10 224 --a------ C:\sqmnoopt00.sqm
2008-12-21 14:10 . 2008-12-21 14:11 212 --a------ C:\sqmdata00.sqm
2008-12-21 13:55 . 2008-12-21 13:55 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-21 13:29 . 2008-12-21 14:56 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-21 13:29 . 2008-12-21 14:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-21 12:29 . 2009-01-09 12:43 <DIR> d-------- c:\program files\Windows Live
2008-12-21 12:18 . 2008-12-21 12:18 <DIR> d-------- c:\program files\uTorrent
2008-12-21 12:18 . 2009-01-13 14:40 <DIR> d-------- c:\documents and settings\Dule\Application Data\uTorrent
2008-12-21 11:54 . 2008-10-16 21:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-21 11:54 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-21 11:54 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-21 11:54 . 2008-10-16 21:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-21 11:54 . 2008-10-16 21:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-21 11:54 . 2008-10-16 21:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-21 11:54 . 2008-10-16 21:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-21 11:54 . 2008-10-16 21:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-21 11:54 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-21 11:34 . 2008-12-21 11:34 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-21 11:33 . 2008-12-21 11:34 <DIR> d-------- c:\windows\system32\drivers\umdf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 16:32 42,496 ----a-w c:\windows\system32\ftp.exe
2009-01-12 12:49 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 21:30 359,040 ------w c:\windows\system32\drivers\tcpip.sys
2008-12-25 20:17 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-20 18:08 --------- d-----w c:\program files\Realtek Sound Manager
2008-12-20 18:08 --------- d-----w c:\program files\Realtek AC97
2008-12-20 18:08 --------- d-----w c:\program files\GIGABYTE
2008-12-20 18:08 --------- d-----w c:\program files\AvRack
2008-12-20 18:06 --------- d-----w c:\program files\Intel
2008-12-20 17:51 --------- d-----w c:\program files\microsoft frontpage
2008-12-04 21:55 307,560 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
.

------- Sigcheck -------

2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\system32\dllcache\tcpip.sys
2009-01-08 22:30 359040 3bb4b08619c111c7be8bda07aa0de6a2 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-09 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 1410304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"SbiCtr.exe"="c:\windows\system32\drivers\SbiCtr.exe" [2009-01-17 866816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dule^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Dule\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-21 15:07 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 09:06 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-12-14 18:06 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\counter strike\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-10-25 30728]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-10-25 455936]
R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-09 55136]
R4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dc71666-dc1f-11dd-a8df-0016e6303ed4}]
\Shell\AutoRun\command - h:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
\Shell\open\command - h:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dule\Application Data\Mozilla\Firefox\Profiles\1pt8l5yt.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101764&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 01:10:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1229272821-1220945662-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:93,3d,5a,99,bf,81,5c,86,07,42,ed,ff,d7,0e,4a,04,04,90,d2,b3,d5,
32,51,34,f0,c0,9b,fd,f8,4c,bd,43,03,d9,35,0e,05,d9,1c,1b,71,ab,44,ed,79,51,\
"rkeysecu"=hex:97,6c,f1,8c,ad,22,27,17,bb,23,e1,f6,3a,99,ec,ce
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-18 1:11:35
ComboFix-quarantined-files.txt 2009-01-18 00:11:28

Pre-Run: 12.424.912.896 bytes free
Post-Run: 13,411,524,608 bytes free

282 --- E O F --- 2008-12-23 23:11:57

Dopuna: 18 Jan 2009 1:24

E da,nista se nije promenilo...

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Vidim da se nista nije promenilo... Treba sad da se analizira log pa kad pobrisemo djubrad promenice se stanje Smile

Ocekuj sutra posle 16h (nazalost, ne mogu pre) moj odgovor...

offline
  • Pridružio: 21 Feb 2006
  • Poruke: 408

Da covek poludi vise,kako god da se stitis zarazis se kad tad... Nema frke,ocekujem sutra posle 16h! Hvala!

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\v2r6j2t8m8h7.exe
c:\windows\system32\drivers\SbiCtr.exe
C:\x4j8n9a6p9t.exe
c:\windows\system32\drivers\alcomrg.exe
c:\windows\system32\drivers\explore.exe
C:\poppy.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SbiCtr.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dc71666-dc1f-11dd-a8df-0016e6303ed4}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 21 Feb 2006
  • Poruke: 408

Da napomenem da pre nego sto sam uradio ovo internet je normalno radio... Iako me je ceo dan zezao.

Evo novog loga:

ComboFix 09-01-17.03 - Dule 2009-01-18 16:08:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.337 [GMT 1:00]
Running from: c:\documents and settings\Dule\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dule\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\poppy.exe
C:\v2r6j2t8m8h7.exe
c:\windows\system32\drivers\alcomrg.exe
c:\windows\system32\drivers\explore.exe
c:\windows\system32\drivers\SbiCtr.exe
C:\x4j8n9a6p9t.exe
.
/wow section - STAGE 41


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\poppy.exe
C:\v2r6j2t8m8h7.exe
c:\windows\system32\drivers\alcomrg.exe
c:\windows\system32\drivers\explore.exe
c:\windows\system32\drivers\SbiCtr.exe
C:\x4j8n9a6p9t.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
.

2009-01-15 21:52 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2009-01-14 15:08 . 2009-01-14 15:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2009-01-14 15:05 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2009-01-14 14:59 . 2009-01-14 14:59 <DIR> d--h----- c:\program files\Zero G Registry
2009-01-14 14:59 . 2009-01-14 14:59 <DIR> d-------- c:\program files\Sports Interactive
2009-01-14 14:58 . 2009-01-14 14:58 <DIR> d--h----- c:\documents and settings\Dule\InstallAnywhere
2009-01-14 14:52 . 2009-01-14 15:08 <DIR> d-------- c:\documents and settings\Dule\Application Data\Sports Interactive
2009-01-13 14:43 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-12 13:49 . 2009-01-13 14:40 <DIR> d-------- c:\program files\BeoINFO
2009-01-12 13:49 . 2009-01-12 13:49 <DIR> d-------- c:\documents and settings\Dule\Application Data\FarStone
2009-01-12 13:44 . 2003-08-30 06:34 14,496 --a------ c:\windows\system32\VDI08X.dat
2009-01-12 13:43 . 2009-01-12 13:43 <DIR> d-------- c:\program files\FarStone
2009-01-09 14:56 . 2009-01-09 15:04 <DIR> d-------- c:\documents and settings\Dule\Application Data\BitTorrent
2009-01-09 14:55 . 2009-01-18 11:25 <DIR> d-------- c:\program files\DNA
2009-01-09 14:55 . 2009-01-09 14:55 <DIR> d-------- c:\program files\BitTorrent
2009-01-09 14:55 . 2009-01-09 14:55 <DIR> d-------- c:\program files\AskBarDis
2009-01-09 14:55 . 2009-01-18 16:05 <DIR> d-------- c:\documents and settings\Dule\Application Data\DNA
2009-01-09 12:44 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-09 12:42 . 2009-01-09 12:42 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-01-09 12:38 . 2009-01-09 12:38 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-07 23:37 . 2009-01-07 23:37 <DIR> d-------- c:\documents and settings\Dule\Application Data\CyberLink
2009-01-07 23:36 . 2009-01-07 23:36 <DIR> d-------- c:\program files\CyberLink
2009-01-07 23:36 . 2009-01-07 23:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-01-06 17:54 . 2009-01-06 17:54 <DIR> d-------- c:\program files\EA GAMES
2009-01-06 17:54 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-01-06 13:41 . 2009-01-06 13:41 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-01-04 16:04 . 2009-01-16 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-01-04 15:59 . 2009-01-04 16:04 <DIR> d-------- c:\program files\Google
2008-12-31 18:02 . 2008-12-31 18:02 <DIR> d-------- C:\Transporter 3
2008-12-30 11:14 . 2008-12-30 11:18 <DIR> d-------- c:\program files\Counter-Strike 1.6
2008-12-29 02:03 . 2008-12-29 02:02 737,280 --a------ c:\windows\iun6002.exe
2008-12-28 22:20 . 2008-12-28 22:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\engodsag.dk
2008-12-28 22:19 . 2008-12-28 23:08 <DIR> d-------- c:\program files\AidMaker
2008-12-28 22:19 . 2008-12-28 23:08 <DIR> d-------- c:\documents and settings\Dule\Application Data\AidMaker
2008-12-28 22:18 . 2008-12-28 23:08 <DIR> d-------- c:\program files\ChrisTV Lite(2)
2008-12-28 22:14 . 2008-12-28 23:08 <DIR> d-------- c:\program files\RelevantKnowledge
2008-12-28 18:31 . 2008-12-28 23:08 <DIR> d-------- c:\program files\Pinnacle
2008-12-28 18:30 . 2008-12-28 23:08 <DIR> d-------- c:\windows\Pinnacle PCTV Rave
2008-12-28 18:30 . 2008-12-29 02:03 <DIR> d-------- c:\program files\Codec Pack - All In 1
2008-12-27 04:05 . 2008-12-27 04:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2008-12-27 03:43 . 2009-01-14 13:19 <DIR> d-------- c:\documents and settings\Dule\Application Data\Red Alert 3
2008-12-27 03:39 . 2008-12-27 03:39 <DIR> dr-h----- c:\documents and settings\Dule\Application Data\SecuROM
2008-12-27 03:39 . 2008-12-27 03:39 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-27 03:15 . 2008-12-27 03:15 <DIR> d-------- c:\windows\Logs
2008-12-27 03:15 . 2008-12-27 03:15 <DIR> d-------- c:\program files\Electronic Arts
2008-12-27 03:15 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-12-27 03:15 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-12-27 03:15 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-12-27 03:15 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll
2008-12-27 03:15 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-12-27 03:15 . 2007-07-19 18:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll
2008-12-27 03:12 . 2008-12-27 03:12 <DIR> d-------- c:\documents and settings\Dule\Application Data\DAEMON Tools Pro
2008-12-27 03:12 . 2008-12-27 03:12 <DIR> d-------- c:\documents and settings\Dule\Application Data\DAEMON Tools
2008-12-27 03:10 . 2008-12-27 03:10 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-27 03:10 . 2008-12-27 03:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-27 03:08 . 2008-12-27 03:12 <DIR> d-------- c:\documents and settings\Dule\Application Data\DAEMON Tools Lite
2008-12-27 03:08 . 2008-12-27 03:08 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-26 23:34 . 2008-10-29 22:12 7,108,820,992 --a------ C:\rld-ra3.iso
2008-12-25 23:52 . 2008-12-25 23:52 <DIR> d-------- c:\windows\Sun
2008-12-25 21:17 . 2008-12-25 21:17 <DIR> d-------- c:\program files\PowerQuest
2008-12-25 21:16 . 2008-12-25 21:16 <DIR> d-------- C:\Biker BoyZ
2008-12-24 16:59 . 2008-12-29 19:54 <DIR> d-------- C:\counter strike
2008-12-22 23:02 . 2009-01-07 01:20 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-22 21:04 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-22 21:04 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-12-22 13:25 . 2008-12-22 13:25 <DIR> d-------- c:\documents and settings\Dule\Application Data\Windows Search
2008-12-22 12:28 . 2008-12-22 12:28 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-12-22 12:28 . 2008-12-28 00:05 <DIR> d-------- c:\program files\Windows Desktop Search
2008-12-22 11:23 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-12-21 23:19 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2008-12-21 23:18 . 2008-12-21 23:18 <DIR> d-------- c:\program files\%temp&
2008-12-21 23:05 . 2008-12-21 23:05 <DIR> d-------- c:\documents and settings\Dule\Application Data\ESET
2008-12-21 23:03 . 2008-12-21 23:03 <DIR> d-------- c:\program files\ESET
2008-12-21 22:57 . 2008-12-21 23:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-21 17:06 . 2009-01-18 11:25 <DIR> d-------- c:\documents and settings\Dule\Tracing
2008-12-21 17:03 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-21 16:31 . 2008-09-04 22:03 56,344 --a------ c:\windows\system32\drivers\fssfltr.sys
2008-12-21 16:27 . 2008-12-21 16:27 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-12-21 16:26 . 2008-12-21 16:26 <DIR> d-------- c:\program files\Microsoft
2008-12-21 16:20 . 2008-12-22 19:14 <DIR> d-------- c:\documents and settings\Dule\Application Data\123 Free Solitaire
2008-12-21 16:13 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-21 16:12 . 2008-12-21 16:12 <DIR> d-------- c:\program files\MSBuild
2008-12-21 16:12 . 2008-12-21 16:12 <DIR> d-------- c:\program files\Microsoft Works
2008-12-21 16:11 . 2008-12-21 16:11 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-12-21 16:05 . 2009-01-07 12:02 <DIR> d-------- c:\windows\SHELLNEW
2008-12-21 16:05 . 2008-12-22 23:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-21 16:04 . 2008-12-21 16:04 <DIR> dr-h----- C:\MSOCache
2008-12-21 15:17 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-21 15:17 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-21 15:17 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-21 15:07 . 2008-12-21 15:07 <DIR> d-------- c:\program files\Java
2008-12-21 15:07 . 2009-01-12 17:28 <DIR> d-------- c:\documents and settings\Dule\Application Data\LimeWire
2008-12-21 15:07 . 2008-12-21 15:07 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-21 15:07 . 2008-12-21 15:07 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-21 15:04 . 2008-12-21 15:04 <DIR> d-------- c:\program files\LimeWire
2008-12-21 14:58 . 2008-12-21 14:58 <DIR> d-------- c:\documents and settings\Dule\Contacts
2008-12-21 14:14 . 2008-12-21 14:14 260 --a------ C:\sqmdata01.sqm
2008-12-21 14:14 . 2008-12-21 14:14 212 --a------ C:\sqmnoopt03.sqm
2008-12-21 14:11 . 2008-12-21 14:11 236 --a------ C:\sqmnoopt01.sqm
2008-12-21 14:11 . 2008-12-21 14:11 200 --a------ C:\sqmnoopt02.sqm
2008-12-21 14:10 . 2008-12-21 14:10 224 --a------ C:\sqmnoopt00.sqm
2008-12-21 14:10 . 2008-12-21 14:11 212 --a------ C:\sqmdata00.sqm
2008-12-21 13:55 . 2008-12-21 13:55 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-21 13:29 . 2008-12-21 14:56 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-21 13:29 . 2008-12-21 14:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-21 12:29 . 2009-01-09 12:43 <DIR> d-------- c:\program files\Windows Live
2008-12-21 12:18 . 2008-12-21 12:18 <DIR> d-------- c:\program files\uTorrent
2008-12-21 12:18 . 2009-01-13 14:40 <DIR> d-------- c:\documents and settings\Dule\Application Data\uTorrent
2008-12-21 11:54 . 2008-10-16 21:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-21 11:54 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-21 11:54 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-21 11:54 . 2008-10-16 21:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-21 11:54 . 2008-10-16 21:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-21 11:54 . 2008-10-16 21:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-21 11:54 . 2008-10-16 21:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-21 11:54 . 2008-10-16 21:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-21 11:54 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-21 11:34 . 2008-12-21 11:34 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-21 11:33 . 2008-12-21 11:34 <DIR> d-------- c:\windows\system32\drivers\umdf
2008-12-21 11:32 . 2008-12-21 11:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-12-21 11:15 . 2008-12-21 11:15 10 --a------ c:\windows\WININIT.INI
2008-12-21 11:07 . 2009-01-15 18:16 <DIR> d-------- C:\unzipped
2008-12-21 01:13 . 2008-12-21 01:13 <DIR> d-------- C:\ATI
2008-12-21 00:53 . 2008-12-22 12:13 <DIR> d-------- c:\documents and settings\Dule\Application Data\Apple Computer
2008-12-21 00:52 . 2008-12-21 00:52 <DIR> d-------- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 16:32 42,496 ----a-w c:\windows\system32\ftp.exe
2009-01-12 12:49 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 21:30 359,040 ------w c:\windows\system32\drivers\tcpip.sys
2008-12-25 20:17 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-20 18:08 --------- d-----w c:\program files\Realtek Sound Manager
2008-12-20 18:08 --------- d-----w c:\program files\Realtek AC97
2008-12-20 18:08 --------- d-----w c:\program files\GIGABYTE
2008-12-20 18:08 --------- d-----w c:\program files\AvRack
2008-12-20 18:06 --------- d-----w c:\program files\Intel
2008-12-20 17:51 --------- d-----w c:\program files\microsoft frontpage
2008-12-04 21:55 307,560 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
.

------- Sigcheck -------

2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\system32\dllcache\tcpip.sys
2009-01-08 22:30 359040 3bb4b08619c111c7be8bda07aa0de6a2 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2009-01-18_ 1.10.43,70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-18 10:25:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_234.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-09 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 1410304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dule^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Dule\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-21 15:07 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 09:06 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-12-14 18:06 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\counter strike\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-10-25 30728]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-10-25 455936]
R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-09 55136]
R4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
.
Contents of the 'Scheduled Tasks' folder

2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dule\Application Data\Mozilla\Firefox\Profiles\1pt8l5yt.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101764&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 16:10:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1229272821-1220945662-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:93,3d,5a,99,bf,81,5c,86,07,42,ed,ff,d7,0e,4a,04,04,90,d2,b3,d5,
32,51,34,f0,c0,9b,fd,f8,4c,bd,43,03,d9,35,0e,05,d9,1c,1b,71,ab,44,ed,79,51,\
"rkeysecu"=hex:97,6c,f1,8c,ad,22,27,17,bb,23,e1,f6,3a,99,ec,ce
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-18 16:12:07
ComboFix-quarantined-files.txt 2009-01-18 15:12:03
ComboFix2.txt 2009-01-18 00:11:36

Pre-Run: 13.450.829.824 bytes free
Post-Run: 13,448,728,576 bytes free

294 --- E O F --- 2008-12-23 23:11:57

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Javi za dva tri sata dal je stanje sa netom ok? Vazi?

offline
  • Pridružio: 21 Feb 2006
  • Poruke: 408

Javicu,ali nesto i nisam ubedjen.. I dalje ne radi ok,mada bolje radi...

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

POstavi mi svez HijackThis log.

Ko je trenutno na forumu
 

Ukupno su 1360 korisnika na forumu :: 42 registrovanih, 8 sakrivenih i 1310 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Alibaba1981, antonije64, bagor10, Battlehammer, Bubili, cikadeda, darionis, darkangel, Dimitrise93, Dorcolac, DPera, draganl, Faki-Valjevo, FileFinder, GandorCC, hooraay, hyla, ikan, Istman, janbo, Karla, kihot, kolle.the.kid, krkalon, kybonacci, Mcdado, mercedesamg, MilosKop, milutin134, Mixelotti, mocnijogurt, nemkea71, nick79, Parker, prashinar, royst33, S-lash, Stoilkovic, Toper, vathra, wolf431