Win32 TratBHO(trj) problem

2

Win32 TratBHO(trj) problem

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 18

Evo sad posle restarta nije hteo sam da se pokrene pa sam jos jednom resetovao i opet nista.Onda sam ga ja pokrenuo i skenirao nije pronasao ni jedan fajl (ni onaj dll koji je stalno nalazio i koji nije mogao da obrise) i zavrsio je skeniranje nije ni izbacio log fajl samo je napisao da nema inficirani fajlova.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Log se nalazi u fajlu C:\VundoFix.log
Otvori taj fajl u Notepadu i iskopiraj ovde sadrzaj.

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 18

VundoFix V6.7.7

Checking Java version...

Scan started at 21:15:10 2.2.2008

Listing files found while scanning....

C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\khfeedc.dll
C:\WINDOWS\system32\mljji.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\ijjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfeedc.dll
C:\WINDOWS\system32\khfeedc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\mljji.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\khfeedc.dll
C:\WINDOWS\system32\khfeedc.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Scan started at 21:42:16 2.2.2008

Listing files found while scanning....

C:\WINDOWS\system32\khfeedc.dll

VundoFix V6.7.7

Checking Java version...

Scan started at 0:04:10 3.2.2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

OK, neke stvari su sada jasnije.
E sada, treba mi svez ComboFix log.

Da ne obecam da cu ga pogledati veceras, posto cu uskoro krenuti na spavanjac, ali sutra uz prvu jutarnju kaficu sigurno hocu.

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 18

Evo ga pa kad stignes pogledaj
ComboFix 08-02.03.1 - Stevica 2008-02-03 1:18:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.229 [GMT 1:00]
Running from: C:\Documents and Settings\Stevica\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-02-02 21:36 . 2008-01-10 15:57 2,421,312 --a------ C:\Documents and Settings\Administrator\Application Data.exe
2008-02-02 21:15 . 2008-02-02 22:32 <DIR> d-------- C:\VundoFix Backups
2008-02-02 20:26 . 2008-02-02 20:26 45 --a------ C:\WINDOWS\dll_execution.bak
2008-02-02 20:13 . 2008-02-02 20:14 41,644 --a------ C:\cc_20080202_2013.reg
2008-02-02 19:09 . 2008-02-02 19:09 327,680 --a------ C:\WINDOWS\system32\gebyw.dll.vir
2008-02-02 19:06 . 2008-02-02 19:07 <DIR> d-------- C:\Program Files\Trojan Remover
2008-02-02 19:06 . 2008-02-02 19:06 <DIR> d-------- C:\Documents and Settings\Stevica\Application Data\Simply Super Software
2008-02-02 19:06 . 2008-02-02 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-02-02 19:06 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-02-02 19:06 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-02-02 19:06 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-02-02 19:06 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-02-02 17:37 . 2008-02-02 19:10 217,858 --ahs---- C:\WINDOWS\system32\wybeg.ini2.vir
2008-02-02 17:37 . 2008-02-02 19:13 217,858 --ahs---- C:\WINDOWS\system32\wybeg.ini.vir
2008-02-02 17:33 . 2008-02-02 23:07 <DIR> d-------- C:\Program Files\Radmin
2008-02-02 15:50 . 2008-02-02 15:50 <DIR> d-------- C:\Documents and Settings\Stevica\Application Data\Mikrotik
2008-02-01 19:36 . 2008-02-01 20:14 17,269 --a------ C:\steva.map
2008-02-01 19:36 . 2008-02-01 20:14 863 --a------ C:\steva.obj
2008-02-01 19:36 . 2008-02-01 20:14 509 --a------ C:\steva.hex
2008-01-31 21:04 . 2008-02-01 20:14 1,269 --a------ C:\labels.tmp
2008-01-31 15:01 . 2008-01-31 15:01 191 --a------ C:\avrfreaks.aws
2008-01-31 14:57 . 2008-01-31 15:01 17,380 --a------ C:\avrfreaks.map
2008-01-31 14:57 . 2008-01-31 15:01 751 --a------ C:\avrfreaks.obj
2008-01-31 14:57 . 2008-01-31 15:01 431 --a------ C:\avrfreaks.hex
2008-01-31 14:56 . 2008-01-31 14:56 2,552 --a------ C:\avrfreaks.aps
2008-01-31 14:56 . 2008-01-31 15:01 2,143 --a------ C:\avrfreaks.asm
2008-01-30 19:27 . 2008-01-30 19:27 106 --a------ C:\josjedanpokusaj.aws
2008-01-30 19:23 . 2008-01-30 19:23 17,358 --a------ C:\josjedanpokusaj.map
2008-01-30 19:23 . 2008-01-30 19:23 1,197 --a------ C:\josjedanpokusaj.obj
2008-01-30 19:23 . 2008-01-30 19:23 705 --a------ C:\josjedanpokusaj.hex
2008-01-30 19:04 . 2008-01-30 19:23 4,523 --a------ C:\josjedanpokusaj.asm
2008-01-30 19:04 . 2008-01-30 19:27 2,628 --a------ C:\josjedanpokusaj.aps
2008-01-29 19:25 . 2008-01-29 19:27 <DIR> d-------- C:\Program Files\ELECTRONIC ASSEMBLY LCD Tools
2008-01-27 22:01 . 2008-01-27 22:01 0 --a------ C:\WINDOWS\CorelDrw.INI
2008-01-26 20:41 . 2008-01-26 20:41 <DIR> d-------- C:\Documents and Settings\Stevica\Application Data\Datarescue
2008-01-26 20:37 . 2008-01-26 20:39 <DIR> d-------- C:\Program Files\IDA
2008-01-26 19:53 . 2008-01-26 19:53 <DIR> d-------- C:\Documents and Settings\Stevica\Application Data\IDMComp
2008-01-26 19:51 . 2008-01-26 19:51 <DIR> d-------- C:\Program Files\IDM Computer Solutions
2008-01-26 19:31 . 2008-01-26 19:31 19 --a------ C:\WINDOWS\popcinfo.dat
2008-01-23 18:07 . 2008-02-01 21:18 203 --a------ C:\steva.aws
2008-01-23 17:13 . 2008-02-01 20:14 4,323 --a------ C:\steva.asm
2008-01-23 17:13 . 2008-02-01 17:47 2,834 --a------ C:\steva.aps
2008-01-23 17:13 . 2008-02-01 20:14 189 --a------ C:\AvrBuild.bat
2008-01-17 16:20 . 2008-01-17 16:20 <DIR> d-------- C:\Program Files\Resistor Color Coder
2008-01-16 16:08 . 2008-01-16 16:11 1,526 --a------ C:\WINDOWS\ECLCDE~1.INI
2008-01-14 23:36 . 2008-01-14 23:36 <DIR> d-------- C:\Program Files\Delay AVR
2008-01-14 23:36 . 2008-01-17 21:39 290,816 --------- C:\WINDOWS\Setup1.exe
2008-01-14 23:36 . 2008-01-17 21:39 74,240 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-13 21:55 . 2008-02-03 00:02 0 --a------ C:\WINDOWS\system32\execution.bak
2008-01-13 21:54 . 2006-03-08 10:23 282,624 --a------ C:\WINDOWS\UnInstall01.exe
2008-01-13 21:52 . 2008-01-29 09:18 <DIR> d-------- C:\Program Files\Word Translator Demo
2008-01-13 21:49 . 2008-01-13 21:54 <DIR> d-------- C:\Program Files\KnowledgeSearch
2008-01-13 21:47 . 2008-01-14 19:29 <DIR> d-------- C:\Program Files\HumanTran
2008-01-13 21:43 . 2008-01-13 21:54 <DIR> d-------- C:\Program Files\PocketTran Demo
2008-01-13 21:42 . 2008-01-13 21:54 <DIR> d-------- C:\Program Files\PalmTran Demo
2008-01-13 21:40 . 2008-01-13 21:54 <DIR> d-------- C:\Program Files\LetterTran Demo
2008-01-13 21:38 . 2008-02-03 01:17 <DIR> d-------- C:\Program Files\SearchTran Demo
2008-01-13 21:21 . 2008-01-13 22:34 <DIR> d-------- C:\Program Files\NeuroTran
2008-01-13 21:20 . 2008-01-13 21:55 <DIR> d-------- C:\temp
2008-01-11 17:04 . 2008-01-11 17:04 <DIR> d-------- C:\Appnotes
2008-01-10 23:58 . 2008-01-10 23:58 <DIR> d-------- C:\AX NF ZZ
2008-01-10 22:53 . 2002-11-19 15:39 67,221 --------- C:\WINDOWS\system32\VSNL2ADA.VXD
2008-01-10 22:52 . 2008-01-10 22:52 0 --a------ C:\WINDOWS\s7alibxx.INI
2008-01-10 22:42 . 2002-10-07 15:47 196,671 --a------ C:\WINDOWS\system32\gsdectrl.dll
2008-01-10 22:39 . 2002-08-28 12:26 495,669 --a------ C:\WINDOWS\system32\S7OINTFX.dll
2008-01-10 22:39 . 2002-08-28 12:20 110,645 --a------ C:\WINDOWS\system32\s7wcaotx.dll
2008-01-10 22:39 . 2002-08-28 12:22 69,685 --a------ C:\WINDOWS\system32\S7OTBLEX.dll
2008-01-10 22:39 . 2000-02-09 13:08 40,960 --a------ C:\WINDOWS\system32\MelbReg.dll
2008-01-10 22:39 . 1999-11-05 14:27 33,280 --a------ C:\WINDOWS\system32\s7erwlcx.dll
2008-01-10 22:28 . 2002-10-24 15:30 492,599 --a------ C:\WINDOWS\system32\drivers\s7otranx.sys
2008-01-10 21:28 . 2008-01-10 21:49 <DIR> d-------- C:\SEME
2008-01-10 21:02 . 2008-01-10 21:05 <DIR> d-------- C:\Program Files\WhereIsIt
2008-01-10 20:53 . 2008-01-10 22:27 <DIR> d-------- C:\STEP5
2008-01-10 20:53 . 2008-01-10 22:27 <DIR> d-------- C:\S5_INFO
2008-01-10 20:53 . 2001-11-21 07:20 894,464 --------- C:\WINDOWS\system32\MFC40D.DLL
2008-01-10 20:53 . 2001-11-21 07:20 444,928 --------- C:\WINDOWS\system32\MSVCR40D.DLL
2008-01-10 20:53 . 2002-05-08 09:20 188,416 --a------ C:\WINDOWS\system32\drivers\S5MCD.SYS
2008-01-10 20:53 . 2002-10-24 15:25 135,223 --a------ C:\WINDOWS\system32\S7onlinx.dll
2008-01-10 20:53 . 2002-05-08 09:20 77,312 --a------ C:\WINDOWS\system32\S5_VDD.DLL
2008-01-10 20:53 . 2002-05-08 09:20 15,360 --------- C:\WINDOWS\system32\drivers\S5AS511.SYS
2008-01-10 20:10 . 2008-01-10 20:10 <DIR> d-------- C:\Program Files\FasTrak SoftWorks, Inc
2008-01-10 20:09 . 2008-01-10 20:09 <DIR> d-------- C:\Program Files\Rainbow Technologies
2008-01-10 20:05 . 2008-01-10 20:07 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-01-09 20:48 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-09 20:48 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-09 20:48 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-09 20:48 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-09 20:48 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-09 20:48 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-09 16:55 . 1996-12-03 10:45 766 -ra------ C:\WINDOWS\S7BOOK.ICO
2008-01-09 16:01 . 2008-01-10 22:50 <DIR> d-------- C:\WINDOWS\Setup
2008-01-09 16:01 . 2008-01-10 22:35 <DIR> d-------- C:\Program Files\SIEMENS
2008-01-09 16:01 . 2008-01-09 16:01 <DIR> d-------- C:\Program Files\Notes
2008-01-09 16:01 . 2001-08-10 09:05 217,088 --a------ C:\WINDOWS\system32\s7esetdx.dll
2008-01-09 16:01 . 2008-01-10 22:53 4,520 --a------ C:\WINDOWS\Citamis.str
2008-01-06 14:37 . 2008-01-06 14:38 <DIR> d-------- C:\igrice
2008-01-05 22:23 . 2007-07-16 17:32 39,424 --a------ C:\WINDOWS\system32\drivers\USB18PRG.sys
2008-01-05 22:22 . 2008-01-05 22:23 <DIR> d-------- C:\Program Files\Mikroelektronika
2008-01-05 21:28 . 2008-01-05 21:28 <DIR> d-------- C:\Program Files\Algorithm Builder
2008-01-04 20:10 . 2008-01-04 20:10 <DIR> d-------- C:\Program Files\LizardTech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 20:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-02 14:28 --------- d-----w C:\Documents and Settings\Stevica\Application Data\Skype
2008-01-27 21:00 4,182 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-27 20:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 18:55 --------- d-----w C:\Documents and Settings\Stevica\Application Data\AdobeUM
2008-01-17 21:31 --------- d-----w C:\Program Files\Unit Conversion Tool
2008-01-10 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-09 17:47 --------- d-----w C:\Documents and Settings\Stevica\Application Data\Lavasoft
2008-01-06 13:45 --------- d-----w C:\Program Files\GameHouse
2008-01-04 18:57 --------- d---a-w C:\Program Files\SymptomCure
2007-12-27 18:40 --------- d-----w C:\Program Files\bin
2007-12-27 18:39 8,416 ----a-w C:\Program Files\irunin.lng
2007-12-27 18:39 62,221 ----a-w C:\Program Files\irunin.dat
2007-12-27 18:39 286,720 ----a-w C:\WINDOWS\iun506.exe
2007-12-27 18:39 2,926 ----a-w C:\Program Files\irunin.ini
2007-12-27 18:39 --------- d-----w C:\Program Files\libsrc.avr
2007-12-27 18:39 --------- d-----w C:\Program Files\lib
2007-12-27 18:39 --------- d-----w C:\Program Files\include
2007-12-27 18:39 --------- d-----w C:\Program Files\Help
2007-12-27 18:39 --------- d-----w C:\Program Files\examples.avr
2007-12-27 18:39 --------- d-----w C:\Program Files\drivers
2007-12-20 12:17 27,500 ----a-w C:\Program Files\readmeAVR.txt
2007-12-18 15:28 --------- d-----w C:\Program Files\Winamp
2007-12-16 20:08 --------- d-----w C:\Program Files\LittleEdit
2007-12-10 22:39 --------- d-----w C:\Program Files\vPlug Files Center
2007-12-07 18:42 --------- d-----w C:\Program Files\ImenikZR
2007-12-05 04:11 --------- d-----w C:\Program Files\Atmel
2007-12-05 04:11 --------- d-----w C:\Documents and Settings\Stevica\Application Data\InstallShield
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-22 20:41 283,120 ----a-w C:\Kenwood otkljucaj.zip
2007-11-22 20:16 283,120 ----a-w C:\Kenwood.zip
2007-11-09 02:16 154,884 ----a-w C:\Program Files\latest_mfsavr.7z
2007-10-17 21:15 1,149 ----a-w C:\Program Files\MapFileSummy.readme.txt
2006-02-09 11:49 29,696 ----a-w C:\Program Files\readme_avrkit.doc
2006-02-08 04:12 30,720 ----a-w C:\Program Files\iccnetwork.doc
2005-06-22 16:50 20,311 ----a-w C:\Program Files\nv4_disp.cat
2005-06-15 15:20 878 ----a-w C:\Program Files\setup.ini
2005-06-15 15:20 861,999 ----a-w C:\Program Files\nvwdmcpl.dl_
2005-06-15 15:20 86,193 ----a-w C:\Program Files\NvColor.ex_
2005-06-15 15:20 80,680 ----a-w C:\Program Files\NVEPClnt.ex_
2005-06-15 15:20 8,428 ----a-w C:\Program Files\NvwsApps.xm_
2005-06-15 15:20 79,536 ----a-w C:\Program Files\modes.txt
2005-06-15 15:20 74,770 ----a-w C:\Program Files\nvsvc32.ex_
2005-06-15 15:20 68,593 ----a-w C:\Program Files\setup.skin
2005-06-15 15:20 649,192 ----a-w C:\Program Files\nview.dl_
2005-06-15 15:20 643,489 ----a-w C:\Program Files\nwiz.ex_
2005-06-15 15:20 6,170 ----a-w C:\Program Files\NvApps.xm_
2005-06-15 15:20 6,144 ----a-w C:\Program Files\Finance.tv_
2005-06-15 15:20 6,101 ----a-w C:\Program Files\Advanced.tv_
2005-06-15 15:20 512 ----a-w C:\Program Files\data2.cab
2005-06-15 15:20 510 ----a-w C:\Program Files\layout.bin
2005-06-15 15:20 5,857 ----a-w C:\Program Files\DCC.tv_
2005-06-15 15:20 5,661 ----a-w C:\Program Files\CAD.tv_
2005-06-15 15:20 48,454 ----a-w C:\Program Files\nvwddi.dl_
2005-06-15 15:20 468,522 ----a-w C:\Program Files\nvdspsch.ex_
2005-06-15 15:20 459,544 ----a-w C:\Program Files\engine32.cab
2005-06-15 15:20 44,069 ----a-w C:\Program Files\NvMCTray.dl_
2005-06-15 15:20 435,969 ----a-w C:\Program Files\setup.ibt
2005-06-15 15:20 431 ----a-w C:\Program Files\setup.iss
2005-06-15 15:20 40,473 ----a-w C:\Program Files\nv4_disp.inf
2005-06-15 15:20 4,981 ----a-w C:\Program Files\Readme.txt
2005-06-15 15:20 4,821,705 ----a-w C:\Program Files\data1.cab
2005-06-15 15:20 4,516,220 ----a-w C:\Program Files\NvCpl.dl_
2005-06-15 15:20 37,359 ----a-w C:\Program Files\nvwcplen.hl_
2005-06-15 15:20 35,238 ----a-w C:\Program Files\nvtuicpl.cp_
2005-06-15 15:20 336,369 ----a-w C:\Program Files\nvwimg.dl_
2005-06-15 15:20 29,096 ----a-w C:\Program Files\data1.hdr
2005-06-15 15:20 27,629 ----a-w C:\Program Files\HPQVDISP.dl_
2005-06-15 15:20 25,848 ----a-w C:\Program Files\nvsysrot.dl_
2005-06-15 15:20 23,918 ----a-w C:\Program Files\nviewx.dl_
2005-06-15 15:20 225,747 ----a-w C:\Program Files\setup.inx
2005-06-15 15:20 21,819 ----a-w C:\Program Files\nvcod.dl_
2005-06-15 15:20 204,576 ----a-w C:\Program Files\nvappbar.ex_
2005-06-15 15:20 2,625,781 ----a-w C:\Program Files\nvoglnt.dl_
2005-06-15 15:20 2,260 ----a-w C:\Program Files\TOSGFX.dl_
2005-06-15 15:20 2,224 ----a-w C:\Program Files\NVGFX.dl_
2005-06-15 15:20 2,131,593 ----a-w C:\Program Files\nv4_disp.dl_
2005-06-15 15:20 199,840 ----a-w C:\Program Files\nvshell.dl_
2005-06-15 15:20 198,757 ----a-w C:\Program Files\keystone.ex_
2005-06-15 15:20 176,760 ----a-w C:\Program Files\setup.bmp
2005-06-15 15:20 176,128 ----a-w C:\Program Files\nvudisp.exe
2005-06-15 15:20 155,657 ----a-w C:\Program Files\nvnt4cpl.dl_
2005-06-15 15:20 146,450 ----a-w C:\Program Files\NVCPL.HL_
2005-06-15 15:20 14,757 ----a-w C:\Program Files\NVDisp.nvu
2005-06-15 15:20 134,516 ----a-w C:\Program Files\nvhwvid.dl_
2005-06-15 15:20 116,880 ----a-w C:\Program Files\setup.exe
2005-06-15 15:20 10,796 ----a-w C:\Program Files\tablet.tv_
2005-06-15 15:20 10,222 ----a-w C:\Program Files\default.tv_
2005-06-15 15:20 1,717,469 ----a-w C:\Program Files\nv4_mini.sy_
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-10-15 20:03 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-10-15 20:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-10-15 20:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007101520071016\index.dat
2007-10-15 20:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D413E9-DA2A-457B-B815-27232695EBFF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AA57522-2ECD-47DF-BD38-20E7E577A464}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A6061D-1CF6-488a-86C9-B89423F1E64B}]
2008-01-13 22:33 720896 --a------ C:\Program Files\SearchTran Demo\SearchTran_IE_bar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C3A6061D-1CF6-488A-86C9-B89423F1E64B}

[HKEY_CLASSES_ROOT\clsid\{c3a6061d-1cf6-488a-86c9-b89423f1e64b}]
[HKEY_CLASSES_ROOT\TranExp.TranExpBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{37686C62-D497-42E3-BAAB-78D89A74E151}]
[HKEY_CLASSES_ROOT\TranExp.TranExpBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46 1460560]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-06-14 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 16:20 6803456]
"nwiz"="nwiz.exe" [2005-06-15 16:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 16:20 86016]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 10:00 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"DTVRemote"="C:\Program Files\VOX-II\RemoteControl.exe" [2006-04-04 10:09 65536]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2005-06-14 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-10-04 11:38 163840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45 135214]
"RealTray"="C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe" [2007-08-17 13:44 675328]
"S7UB Start"="C:\Program Files\Siemens\Common\S7ubtoox\s7ubtstx.exe" [2002-11-18 20:01 110645]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-06-14 13:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

R2 Dpmtrcdd;Dpmtrcdd;C:\WINDOWS\system32\DRIVERS\dpmtrcdd.sys [2002-09-30 11:45]
R2 s7osmcax;s7osmcax;C:\WINDOWS\system32\Drivers\s7osmcax.sys [2002-10-24 15:29]
R2 s7otranx;s7otranx;C:\WINDOWS\system32\Drivers\s7otranx.sys [2002-10-24 15:30]
R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2002-12-27 19:14]
R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2002-12-27 19:14]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 10:38]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2007-10-01 19:54]
S3 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS [2006-02-09 12:46]
S3 S5AS511;S5AS511;C:\WINDOWS\system32\drivers\S5AS511.sys [2002-05-08 09:20]
S3 S5MCD;S5MCD;C:\WINDOWS\system32\drivers\S5MCD.sys [2002-05-08 09:20]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;C:\WINDOWS\system32\drivers\s7oefs_x.sys [2002-10-18 01:34]
S3 SkyNetBDA;TechniSat DVB-PC TV Star PCI (BDA);C:\WINDOWS\system32\DRIVERS\SkyNetBDA.sys [2007-10-01 19:55]
S3 TridDev;Trident Device;C:\WINDOWS\system32\DRIVERS\Triddev.sys [2005-04-26 08:01]
S3 TridVid;Trident Analog plus Digital Video;C:\WINDOWS\system32\DRIVERS\TridVid.sys [2007-10-19 21:27]
S3 USB18PRG;mikroElektronika USB18F Device (x86 Platform);C:\WINDOWS\system32\Drivers\USB18PRG.sys [2007-07-16 17:32]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-03 01:22:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-03 1:23:19
ComboFix-quarantined-files.txt 2008-02-03 00:23:02
ComboFix2.txt 2008-02-02 21:39:58
.
2007-10-22 17:52:21 --- E O F ---

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\Documents and Settings\Administrator\Application Data.exe
C:\WINDOWS\system32\gebyw.dll.vir
C:\WINDOWS\system32\wybeg.ini2.vir
C:\WINDOWS\system32\wybeg.ini.vir


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
Postavi i novi HijackThis log.

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 18

ComboFix 08-02.03.1 - Stevica 2008-02-03 12:05:16.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.206 [GMT 1:00]
Running from: C:\Documents and Settings\Stevica\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stevica\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Documents and Settings\Administrator\Application Data.exe
C:\WINDOWS\system32\gebyw.dll.vir
C:\WINDOWS\system32\wybeg.ini.vir
C:\WINDOWS\system32\wybeg.ini2.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data.exe
C:\WINDOWS\system32\gebyw.dll.vir
C:\WINDOWS\system32\wybeg.ini.vir
C:\WINDOWS\system32\wybeg.ini2.vir

.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-02-02 21:15 . 2008-02-02 22:32 <DIR> d-------- C:\VundoFix Backups
2008-02-02 20:26 . 2008-02-02 20:26 45 --a------ C:\WINDOWS\dll_execution.bak
2008-02-02 20:13 . 2008-02-02 20:14 41,644 --a------ C:\cc_20080202_2013.reg
2008-02-02 19:06 . 2008-02-02 19:07 <DIR> d-------- C:\Program Files\Trojan Remover
2008-02-02 19:06 . 2008-02-02 19:06 <DIR> d-------- C:\Documents and Settings\Stevica\Application Data\Simply Super Software
2008-02-02 19:06 . 2008-02-02 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-02-02 19:06 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-02-02 19:06 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-02-02 19:06 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-02-02 19:06 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-02-02 17:33 . 2008-02-02 23:07 <DIR> d-------- C:\Program Files\Radmin
2008-02-02 15:50 . 2008-02-02 15:50 <DIR> d-------- C:\Documents and Settings\Stevica\Application Data\Mikrotik
2008-02-01 19:36 . 2008-02-01 20:14 17,269 --a------ C:\steva.map
2008-02-01 19:36 . 2008-02-01 20:14 863 --a------ C:\steva.obj
2008-02-01 19:36 . 2008-02-01 20:14 509 --a------ C:\steva.hex
2008-01-31 21:04 . 2008-02-01 20:14 1,269 --a------ C:\labels.tmp
2008-01-31 15:01 . 2008-01-31 15:01 191 --a------ C:\avrfreaks.aws
2008-01-31 14:57 . 2008-01-31 15:01 17,380 --a------ C:\avrfreaks.map
2008-01-31 14:57 . 2008-01-31 15:01 751 --a------ C:\avrfreaks.obj
2008-01-31 14:57 . 2008-01-31 15:01 431 --a------ C:\avrfreaks.hex
2008-01-31 14:56 . 2008-01-31 14:56 2,552 --a------ C:\avrfreaks.aps
2008-01-31 14:56 . 2008-01-31 15:01 2,143 --a------ C:\avrfreaks.asm
2008-01-30 19:27 . 2008-01-30 19:27 106 --a------ C:\josjedanpokusaj.aws
2008-01-30 19:23 . 2008-01-30 19:23 17,358 --a------ C:\josjedanpokusaj.map
2008-01-30 19:23 . 2008-01-30 19:23 1,197 --a------ C:\josjedanpokusaj.obj
2008-01-30 19:23 . 2008-01-30 19:23 705 --a------ C:\josjedanpokusaj.hex
2008-01-30 19:04 . 2008-01-30 19:23 4,523 --a------ C:\josjedanpokusaj.asm
2008-01-30 19:04 . 2008-01-30 19:27 2,628 --a------ C:\josjedanpokusaj.aps
2008-01-29 19:25 . 2008-01-29 19:27 <DIR> d-------- C:\Program Files\ELECTRONIC ASSEMBLY LCD Tools
2008-01-27 22:01 . 2008-01-27 22:01 0 --a------ C:\WINDOWS\CorelDrw.INI
2008-01-26 20:41 . 2008-01-26 20:41 <DIR> d-------- C:\Documents and Settings\Stevica\Application Data\Datarescue
2008-01-26 20:37 . 2008-01-26 20:39 <DIR> d-------- C:\Program Files\IDA
2008-01-26 19:53 . 2008-01-26 19:53 <DIR> d-------- C:\Documents and Settings\Stevica\Application Data\IDMComp
2008-01-26 19:51 . 2008-01-26 19:51 <DIR> d-------- C:\Program Files\IDM Computer Solutions
2008-01-26 19:31 . 2008-01-26 19:31 19 --a------ C:\WINDOWS\popcinfo.dat
2008-01-23 18:07 . 2008-02-01 21:18 203 --a------ C:\steva.aws
2008-01-23 17:13 . 2008-02-01 20:14 4,323 --a------ C:\steva.asm
2008-01-23 17:13 . 2008-02-01 17:47 2,834 --a------ C:\steva.aps
2008-01-23 17:13 . 2008-02-01 20:14 189 --a------ C:\AvrBuild.bat
2008-01-17 16:20 . 2008-01-17 16:20 <DIR> d-------- C:\Program Files\Resistor Color Coder
2008-01-16 16:08 . 2008-01-16 16:11 1,526 --a------ C:\WINDOWS\ECLCDE~1.INI
2008-01-14 23:36 . 2008-01-14 23:36 <DIR> d-------- C:\Program Files\Delay AVR
2008-01-14 23:36 . 2008-01-17 21:39 290,816 --------- C:\WINDOWS\Setup1.exe
2008-01-14 23:36 . 2008-01-17 21:39 74,240 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-13 21:55 . 2008-02-03 01:27 0 --a------ C:\WINDOWS\system32\execution.bak
2008-01-13 21:54 . 2006-03-08 10:23 282,624 --a------ C:\WINDOWS\UnInstall01.exe
2008-01-13 21:52 . 2008-01-29 09:18 <DIR> d-------- C:\Program Files\Word Translator Demo
2008-01-13 21:49 . 2008-01-13 21:54 <DIR> d-------- C:\Program Files\KnowledgeSearch
2008-01-13 21:47 . 2008-01-14 19:29 <DIR> d-------- C:\Program Files\HumanTran
2008-01-13 21:43 . 2008-01-13 21:54 <DIR> d-------- C:\Program Files\PocketTran Demo
2008-01-13 21:42 . 2008-01-13 21:54 <DIR> d-------- C:\Program Files\PalmTran Demo
2008-01-13 21:40 . 2008-01-13 21:54 <DIR> d-------- C:\Program Files\LetterTran Demo
2008-01-13 21:38 . 2008-02-03 09:07 <DIR> d-------- C:\Program Files\SearchTran Demo
2008-01-13 21:21 . 2008-01-13 22:34 <DIR> d-------- C:\Program Files\NeuroTran
2008-01-13 21:20 . 2008-01-13 21:55 <DIR> d-------- C:\temp
2008-01-11 17:04 . 2008-01-11 17:04 <DIR> d-------- C:\Appnotes
2008-01-10 23:58 . 2008-01-10 23:58 <DIR> d-------- C:\AX NF ZZ
2008-01-10 22:53 . 2002-11-19 15:39 67,221 --------- C:\WINDOWS\system32\VSNL2ADA.VXD
2008-01-10 22:52 . 2008-01-10 22:52 0 --a------ C:\WINDOWS\s7alibxx.INI
2008-01-10 22:42 . 2002-10-07 15:47 196,671 --a------ C:\WINDOWS\system32\gsdectrl.dll
2008-01-10 22:39 . 2002-08-28 12:26 495,669 --a------ C:\WINDOWS\system32\S7OINTFX.dll
2008-01-10 22:39 . 2002-08-28 12:20 110,645 --a------ C:\WINDOWS\system32\s7wcaotx.dll
2008-01-10 22:39 . 2002-08-28 12:22 69,685 --a------ C:\WINDOWS\system32\S7OTBLEX.dll
2008-01-10 22:39 . 2000-02-09 13:08 40,960 --a------ C:\WINDOWS\system32\MelbReg.dll
2008-01-10 22:39 . 1999-11-05 14:27 33,280 --a------ C:\WINDOWS\system32\s7erwlcx.dll
2008-01-10 22:28 . 2002-10-24 15:30 492,599 --a------ C:\WINDOWS\system32\drivers\s7otranx.sys
2008-01-10 21:28 . 2008-01-10 21:49 <DIR> d-------- C:\SEME
2008-01-10 21:02 . 2008-01-10 21:05 <DIR> d-------- C:\Program Files\WhereIsIt
2008-01-10 20:53 . 2008-01-10 22:27 <DIR> d-------- C:\STEP5
2008-01-10 20:53 . 2008-01-10 22:27 <DIR> d-------- C:\S5_INFO
2008-01-10 20:53 . 2001-11-21 07:20 894,464 --------- C:\WINDOWS\system32\MFC40D.DLL
2008-01-10 20:53 . 2001-11-21 07:20 444,928 --------- C:\WINDOWS\system32\MSVCR40D.DLL
2008-01-10 20:53 . 2002-05-08 09:20 188,416 --a------ C:\WINDOWS\system32\drivers\S5MCD.SYS
2008-01-10 20:53 . 2002-10-24 15:25 135,223 --a------ C:\WINDOWS\system32\S7onlinx.dll
2008-01-10 20:53 . 2002-05-08 09:20 77,312 --a------ C:\WINDOWS\system32\S5_VDD.DLL
2008-01-10 20:53 . 2002-05-08 09:20 15,360 --------- C:\WINDOWS\system32\drivers\S5AS511.SYS
2008-01-10 20:10 . 2008-01-10 20:10 <DIR> d-------- C:\Program Files\FasTrak SoftWorks, Inc
2008-01-10 20:09 . 2008-01-10 20:09 <DIR> d-------- C:\Program Files\Rainbow Technologies
2008-01-10 20:05 . 2008-01-10 20:07 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-01-09 20:48 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-09 20:48 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-09 20:48 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-09 20:48 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-09 20:48 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-09 20:48 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-09 16:55 . 1996-12-03 10:45 766 -ra------ C:\WINDOWS\S7BOOK.ICO
2008-01-09 16:01 . 2008-01-10 22:50 <DIR> d-------- C:\WINDOWS\Setup
2008-01-09 16:01 . 2008-01-10 22:35 <DIR> d-------- C:\Program Files\SIEMENS
2008-01-09 16:01 . 2008-01-09 16:01 <DIR> d-------- C:\Program Files\Notes
2008-01-09 16:01 . 2001-08-10 09:05 217,088 --a------ C:\WINDOWS\system32\s7esetdx.dll
2008-01-09 16:01 . 2008-01-10 22:53 4,520 --a------ C:\WINDOWS\Citamis.str
2008-01-06 14:37 . 2008-01-06 14:38 <DIR> d-------- C:\igrice
2008-01-05 22:23 . 2007-07-16 17:32 39,424 --a------ C:\WINDOWS\system32\drivers\USB18PRG.sys
2008-01-05 22:22 . 2008-01-05 22:23 <DIR> d-------- C:\Program Files\Mikroelektronika
2008-01-05 21:28 . 2008-01-05 21:28 <DIR> d-------- C:\Program Files\Algorithm Builder
2008-01-04 20:10 . 2008-01-04 20:10 <DIR> d-------- C:\Program Files\LizardTech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 20:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-02 14:28 --------- d-----w C:\Documents and Settings\Stevica\Application Data\Skype
2008-01-27 21:00 4,182 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-27 20:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 18:55 --------- d-----w C:\Documents and Settings\Stevica\Application Data\AdobeUM
2008-01-17 21:31 --------- d-----w C:\Program Files\Unit Conversion Tool
2008-01-10 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-09 17:47 --------- d-----w C:\Documents and Settings\Stevica\Application Data\Lavasoft
2008-01-06 13:45 --------- d-----w C:\Program Files\GameHouse
2008-01-04 18:57 --------- d---a-w C:\Program Files\SymptomCure
2007-12-27 18:40 --------- d-----w C:\Program Files\bin
2007-12-27 18:39 8,416 ----a-w C:\Program Files\irunin.lng
2007-12-27 18:39 62,221 ----a-w C:\Program Files\irunin.dat
2007-12-27 18:39 286,720 ----a-w C:\WINDOWS\iun506.exe
2007-12-27 18:39 2,926 ----a-w C:\Program Files\irunin.ini
2007-12-27 18:39 --------- d-----w C:\Program Files\libsrc.avr
2007-12-27 18:39 --------- d-----w C:\Program Files\lib
2007-12-27 18:39 --------- d-----w C:\Program Files\include
2007-12-27 18:39 --------- d-----w C:\Program Files\Help
2007-12-27 18:39 --------- d-----w C:\Program Files\examples.avr
2007-12-27 18:39 --------- d-----w C:\Program Files\drivers
2007-12-20 12:17 27,500 ----a-w C:\Program Files\readmeAVR.txt
2007-12-18 15:28 --------- d-----w C:\Program Files\Winamp
2007-12-16 20:08 --------- d-----w C:\Program Files\LittleEdit
2007-12-10 22:39 --------- d-----w C:\Program Files\vPlug Files Center
2007-12-07 18:42 --------- d-----w C:\Program Files\ImenikZR
2007-12-05 04:11 --------- d-----w C:\Program Files\Atmel
2007-12-05 04:11 --------- d-----w C:\Documents and Settings\Stevica\Application Data\InstallShield
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-22 20:41 283,120 ----a-w C:\Kenwood otkljucaj.zip
2007-11-22 20:16 283,120 ----a-w C:\Kenwood.zip
2007-11-09 02:16 154,884 ----a-w C:\Program Files\latest_mfsavr.7z
2007-10-17 21:15 1,149 ----a-w C:\Program Files\MapFileSummy.readme.txt
2006-02-09 11:49 29,696 ----a-w C:\Program Files\readme_avrkit.doc
2006-02-08 04:12 30,720 ----a-w C:\Program Files\iccnetwork.doc
2005-06-22 16:50 20,311 ----a-w C:\Program Files\nv4_disp.cat
2005-06-15 15:20 878 ----a-w C:\Program Files\setup.ini
2005-06-15 15:20 861,999 ----a-w C:\Program Files\nvwdmcpl.dl_
2005-06-15 15:20 86,193 ----a-w C:\Program Files\NvColor.ex_
2005-06-15 15:20 80,680 ----a-w C:\Program Files\NVEPClnt.ex_
2005-06-15 15:20 8,428 ----a-w C:\Program Files\NvwsApps.xm_
2005-06-15 15:20 79,536 ----a-w C:\Program Files\modes.txt
2005-06-15 15:20 74,770 ----a-w C:\Program Files\nvsvc32.ex_
2005-06-15 15:20 68,593 ----a-w C:\Program Files\setup.skin
2005-06-15 15:20 649,192 ----a-w C:\Program Files\nview.dl_
2005-06-15 15:20 643,489 ----a-w C:\Program Files\nwiz.ex_
2005-06-15 15:20 6,170 ----a-w C:\Program Files\NvApps.xm_
2005-06-15 15:20 6,144 ----a-w C:\Program Files\Finance.tv_
2005-06-15 15:20 6,101 ----a-w C:\Program Files\Advanced.tv_
2005-06-15 15:20 512 ----a-w C:\Program Files\data2.cab
2005-06-15 15:20 510 ----a-w C:\Program Files\layout.bin
2005-06-15 15:20 5,857 ----a-w C:\Program Files\DCC.tv_
2005-06-15 15:20 5,661 ----a-w C:\Program Files\CAD.tv_
2005-06-15 15:20 48,454 ----a-w C:\Program Files\nvwddi.dl_
2005-06-15 15:20 468,522 ----a-w C:\Program Files\nvdspsch.ex_
2005-06-15 15:20 459,544 ----a-w C:\Program Files\engine32.cab
2005-06-15 15:20 44,069 ----a-w C:\Program Files\NvMCTray.dl_
2005-06-15 15:20 435,969 ----a-w C:\Program Files\setup.ibt
2005-06-15 15:20 431 ----a-w C:\Program Files\setup.iss
2005-06-15 15:20 40,473 ----a-w C:\Program Files\nv4_disp.inf
2005-06-15 15:20 4,981 ----a-w C:\Program Files\Readme.txt
2005-06-15 15:20 4,821,705 ----a-w C:\Program Files\data1.cab
2005-06-15 15:20 4,516,220 ----a-w C:\Program Files\NvCpl.dl_
2005-06-15 15:20 37,359 ----a-w C:\Program Files\nvwcplen.hl_
2005-06-15 15:20 35,238 ----a-w C:\Program Files\nvtuicpl.cp_
2005-06-15 15:20 336,369 ----a-w C:\Program Files\nvwimg.dl_
2005-06-15 15:20 29,096 ----a-w C:\Program Files\data1.hdr
2005-06-15 15:20 27,629 ----a-w C:\Program Files\HPQVDISP.dl_
2005-06-15 15:20 25,848 ----a-w C:\Program Files\nvsysrot.dl_
2005-06-15 15:20 23,918 ----a-w C:\Program Files\nviewx.dl_
2005-06-15 15:20 225,747 ----a-w C:\Program Files\setup.inx
2005-06-15 15:20 21,819 ----a-w C:\Program Files\nvcod.dl_
2005-06-15 15:20 204,576 ----a-w C:\Program Files\nvappbar.ex_
2005-06-15 15:20 2,625,781 ----a-w C:\Program Files\nvoglnt.dl_
2005-06-15 15:20 2,260 ----a-w C:\Program Files\TOSGFX.dl_
2005-06-15 15:20 2,224 ----a-w C:\Program Files\NVGFX.dl_
2005-06-15 15:20 2,131,593 ----a-w C:\Program Files\nv4_disp.dl_
2005-06-15 15:20 199,840 ----a-w C:\Program Files\nvshell.dl_
2005-06-15 15:20 198,757 ----a-w C:\Program Files\keystone.ex_
2005-06-15 15:20 176,760 ----a-w C:\Program Files\setup.bmp
2005-06-15 15:20 176,128 ----a-w C:\Program Files\nvudisp.exe
2005-06-15 15:20 155,657 ----a-w C:\Program Files\nvnt4cpl.dl_
2005-06-15 15:20 146,450 ----a-w C:\Program Files\NVCPL.HL_
2005-06-15 15:20 14,757 ----a-w C:\Program Files\NVDisp.nvu
2005-06-15 15:20 134,516 ----a-w C:\Program Files\nvhwvid.dl_
2005-06-15 15:20 116,880 ----a-w C:\Program Files\setup.exe
2005-06-15 15:20 10,796 ----a-w C:\Program Files\tablet.tv_
2005-06-15 15:20 10,222 ----a-w C:\Program Files\default.tv_
2005-06-15 15:20 1,717,469 ----a-w C:\Program Files\nv4_mini.sy_
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-10-15 20:03 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-10-15 20:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-10-15 20:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007101520071016\index.dat
2007-10-15 20:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D413E9-DA2A-457B-B815-27232695EBFF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AA57522-2ECD-47DF-BD38-20E7E577A464}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A6061D-1CF6-488a-86C9-B89423F1E64B}]
2008-01-13 22:33 720896 --a------ C:\Program Files\SearchTran Demo\SearchTran_IE_bar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C3A6061D-1CF6-488A-86C9-B89423F1E64B}

[HKEY_CLASSES_ROOT\clsid\{c3a6061d-1cf6-488a-86c9-b89423f1e64b}]
[HKEY_CLASSES_ROOT\TranExp.TranExpBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{37686C62-D497-42E3-BAAB-78D89A74E151}]
[HKEY_CLASSES_ROOT\TranExp.TranExpBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46 1460560]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-06-14 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 16:20 6803456]
"nwiz"="nwiz.exe" [2005-06-15 16:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 16:20 86016]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 10:00 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"DTVRemote"="C:\Program Files\VOX-II\RemoteControl.exe" [2006-04-04 10:09 65536]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2005-06-14 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-10-04 11:38 163840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45 135214]
"RealTray"="C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe" [2007-08-17 13:44 675328]
"S7UB Start"="C:\Program Files\Siemens\Common\S7ubtoox\s7ubtstx.exe" [2002-11-18 20:01 110645]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-06-14 13:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

R2 Dpmtrcdd;Dpmtrcdd;C:\WINDOWS\system32\DRIVERS\dpmtrcdd.sys [2002-09-30 11:45]
R2 s7osmcax;s7osmcax;C:\WINDOWS\system32\Drivers\s7osmcax.sys [2002-10-24 15:29]
R2 s7otranx;s7otranx;C:\WINDOWS\system32\Drivers\s7otranx.sys [2002-10-24 15:30]
R2 SearchTran;SearchTran Translation System;C:\Program Files\SearchTran Demo\SearchTran.exe [2004-07-15 11:32]
R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2002-12-27 19:14]
R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2002-12-27 19:14]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 10:38]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2007-10-01 19:54]
S3 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS [2006-02-09 12:46]
S3 S5AS511;S5AS511;C:\WINDOWS\system32\drivers\S5AS511.sys [2002-05-08 09:20]
S3 S5MCD;S5MCD;C:\WINDOWS\system32\drivers\S5MCD.sys [2002-05-08 09:20]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;C:\WINDOWS\system32\drivers\s7oefs_x.sys [2002-10-18 01:34]
S3 SkyNetBDA;TechniSat DVB-PC TV Star PCI (BDA);C:\WINDOWS\system32\DRIVERS\SkyNetBDA.sys [2007-10-01 19:55]
S3 TridDev;Trident Device;C:\WINDOWS\system32\DRIVERS\Triddev.sys [2005-04-26 08:01]
S3 TridVid;Trident Analog plus Digital Video;C:\WINDOWS\system32\DRIVERS\TridVid.sys [2007-10-19 21:27]
S3 USB18PRG;mikroElektronika USB18F Device (x86 Platform);C:\WINDOWS\system32\Drivers\USB18PRG.sys [2007-07-16 17:32]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-03 12:08:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-03 12:09:30
ComboFix-quarantined-files.txt 2008-02-03 11:09:14
ComboFix2.txt 2008-02-03 00:23:20
ComboFix3.txt 2008-02-02 21:39:58
.
2007-10-22 17:52:21 --- E O F ---

Dopuna: 03 Feb 2008 12:24

Logfile of HijackThis v1.99.1
Scan saved at 12:21:54, on 3.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SearchTran Demo\SearchTran.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\SearchTran Demo\SearchTran.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\VOX-II\RemoteControl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Siemens\Common\S7ubtoox\s7ubtstx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\BORGChat\BORGChat.exe
C:\Program Files\Siemens\Common\Sqlany\dbsrv7.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\!!!!!!hijacksssssssssssssss\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {65D413E9-DA2A-457B-B815-27232695EBFF} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9AA57522-2ECD-47DF-BD38-20E7E577A464} - (no file)
O2 - BHO: SearchTran - {C3A6061D-1CF6-488a-86C9-B89423F1E64B} - C:\Program Files\SearchTran Demo\SearchTran_IE_bar.dll
O3 - Toolbar: SearchTran - {C3A6061D-1CF6-488a-86C9-B89423F1E64B} - C:\Program Files\SearchTran Demo\SearchTran_IE_bar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\VOX-II\RemoteControl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://bla/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....2481796000
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - wwx.euras.com/euras/EIS/plugin/euras.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SearchTran Translation System (SearchTran) - Unknown owner - C:\Program Files\SearchTran Demo\SearchTran.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Treba prvo iskljuciti TeaTimer da bi smo mogli dalje da cistimo.


Pokrenite Spybot S&D
Kliknite Mode stavku u meniju
Odaberite Advance Mode
Na traci levo kliknite na Tools
Kliknite na Resident
Destiklirajte Resident Tea-Timer
Zatvorite Spybot S&D
Restartujte kompjuter.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.

Kada to odradis, onda skeniraj ponovo HijackThisom i stikliraj polja ispred sledecih linija:

O2 - BHO: (no name) - {65D413E9-DA2A-457B-B815-27232695EBFF} - (no file)
O2 - BHO: (no name) - {9AA57522-2ECD-47DF-BD38-20E7E577A464} - (no file)

Klikni Fix Checked

Restartuj komp, pa nakon restarta napravi novi HijackThis log i proveri da li su te dve linije obrisane, ili su se pojavile ponovo.

Ukoliko se ne pojave ponovo, onda mislim da smo stvar priveli kraju.
Javi mi da li jos ima simptoma na koje si se zalio na pocetku.

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 18

Evo obrisao sam ta dva fajla i cini mi se da racunar radi normalno evo ga log
Logfile of HijackThis v1.99.1
Scan saved at 13:50:49, on 3.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SearchTran Demo\SearchTran.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\SearchTran Demo\SearchTran.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\VOX-II\RemoteControl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Siemens\Common\S7ubtoox\s7ubtstx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\BORGChat\BORGChat.exe
C:\Program Files\Siemens\Common\Sqlany\dbsrv7.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\!!!!!!hijacksssssssssssssss\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SearchTran - {C3A6061D-1CF6-488a-86C9-B89423F1E64B} - C:\Program Files\SearchTran Demo\SearchTran_IE_bar.dll
O3 - Toolbar: SearchTran - {C3A6061D-1CF6-488a-86C9-B89423F1E64B} - C:\Program Files\SearchTran Demo\SearchTran_IE_bar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\VOX-II\RemoteControl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://bla/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....2481796000
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - wwx.euras.com/euras/EIS/plugin/euras.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SearchTran Translation System (SearchTran) - Unknown owner - C:\Program Files\SearchTran Demo\SearchTran.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

OK. Temu ostavljam otvorenom jos nekoliko dana, za slucaj da primetis nesto neobicno.
Ja u logovima ne vidim vise nista sporno.

Ko je trenutno na forumu
 

Ukupno su 751 korisnika na forumu :: 30 registrovanih, 4 sakrivenih i 717 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: AleksSE, babaroga, Bane san, BlekMen, celik, Djokislav, goxin, helen1, HrcAk47, Jovan Nenad, KUZMAR, Lucije Kvint, mikrimaus, Mixelotti, nenad81, oddsock, pacika, pein, pera bager, prekodrinski, ruseskij, S.Palestinac, Snorks, sovanova95, StefanNBG90, stug, virked, Vlada1389, Čivi, 223223