antivirus pokazuje trojanca

1

antivirus pokazuje trojanca

offline
  • Pridružio: 15 Sep 2008
  • Poruke: 74

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:29, on 15.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\sdphost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\BHROOT\BIN\NT611SVC.EXE
C:\Program Files\BHROOT\BIN\monitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BHROOT\BIN\PORTMAP.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Robi\Desktop\Nova mapa\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll (file missing)
O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Files Driver] sdphost.exe
O4 - HKLM\..\RunServices: [Files Driver] sdphost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\LaunchRegistryHelper.Exe" "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\LaunchDiskCleaner.Exe" "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot
O4 - HKCU\..\Run: [svchost] c:\windows\swchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYHR
O8 - Extra context menu item: Mail to a Friend... - client.alexa.com/holiday/script/actions/mailto.htm
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro......0.1.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: bh611 - Bell& Howell - C:\Program Files\BHROOT\BIN\NT611SVC.EXE
O23 - Service: Bell & Howell Monitor Service (BHMonitorService) - Bell & Howell - C:\Program Files\BHROOT\BIN\monitor.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Update Service (gupdate1c8fe527b2f7a97) (gupdate1c8fe527b2f7a97) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell - C:\Program Files\BHROOT\BIN\PORTMAP.EXE

--
End of file - 8040 bytes


evo napravio sam kako piše u uputama za postavlajnje teme ovdje.
Problem je da mi nod32 pokazuje da imam trojanca a kad ga hoću obrisat sa nod-om kaže da je zakljućana datoteka i da ju nemože
obrisat, kako da ga maknem? Molim vas pomozite mi!

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...



* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.



-------------------------------------------------------------------------------------



Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 15 Sep 2008
  • Poruke: 74

evo log od combofix-a

ComboFix 08-09-15.01 - Robi 2008-09-15 21:06:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.251 [GMT 2:00]
Running from: C:\Documents and Settings\Robi\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Robi\Application Data\inst.exe
C:\Documents and Settings\Robi\Cookies\robi@a.fish4.co[1].txt
C:\Documents and Settings\Robi\Cookies\robi@ad.yieldmanager[2].txt
C:\Documents and Settings\Robi\Cookies\robi@clicktorrent[1].txt
C:\Documents and Settings\Robi\Cookies\robi@mercedesklub[1].txt
C:\WINDOWS\system32\btfunc.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll
.
---- Previous Run -------
.
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 )))))))))))))))))))))))))))))))
.

2008-09-15 21:09 . 2008-09-15 21:09 240,240 --a------ C:\WINDOWS\system32\wpcap.dll
2008-09-15 21:09 . 2008-09-15 21:09 88,704 --a------ C:\WINDOWS\system32\packet.dll
2008-09-15 14:30 . 2008-09-15 14:31 <DIR> d-------- C:\Program Files\Euro Truck Simulator
2008-09-15 14:27 . 1998-11-17 12:44 328,704 --a------ C:\WINDOWS\IsUn0407.exe
2008-09-15 14:10 . 2008-09-15 14:10 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\MozillaControl
2008-09-15 12:59 . 2008-09-15 12:59 <DIR> d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests
2008-09-15 12:59 . 2008-09-15 20:21 <DIR> d-------- C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-09-15 12:59 . 2008-09-15 20:21 <DIR> d-------- C:\aidualc3
2008-09-15 00:55 . 2008-09-15 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-09-14 02:04 . 2008-09-14 02:04 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-09-14 00:45 . 2008-08-30 01:53 151,552 --a------ C:\WINDOWS\system32\securenet.dll
2008-09-14 00:10 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-09-14 00:10 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys
2008-09-13 17:02 . 2008-09-13 17:02 32 --a------ C:\WINDOWS\tdlp32.ini
2008-09-13 16:54 . 2008-09-15 12:52 <DIR> d-------- C:\Program Files\Xara
2008-09-13 13:13 . 2008-09-13 13:13 236 --a------ C:\sqmdata01.sqm
2008-09-13 13:13 . 2008-09-13 13:13 200 --a------ C:\sqmnoopt01.sqm
2008-09-12 20:59 . 2008-09-12 20:59 <DIR> d-------- C:\Program Files\vso
2008-09-12 20:59 . 2008-09-12 21:22 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\Vso
2008-09-12 20:59 . 2008-09-12 20:59 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-12 20:59 . 2008-09-12 20:59 47,360 --a------ C:\Documents and Settings\Robi\Application Data\pcouffin.sys
2008-09-11 15:23 . 2008-09-11 15:23 248 --a------ C:\sqmdata00.sqm
2008-09-11 15:23 . 2008-09-11 15:23 200 --a------ C:\sqmnoopt00.sqm
2008-09-10 18:43 . 2008-09-10 18:43 <DIR> d-------- C:\Program Files\AVG
2008-09-09 00:16 . 2008-09-09 00:16 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-09-08 21:39 . 2008-09-08 21:38 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-09-08 21:39 . 2008-09-08 21:38 274,432 --a------ C:\WINDOWS\system32\imon.dll
2008-09-08 21:30 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-09-08 21:30 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-09-08 21:30 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-09-08 21:30 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-09-08 21:30 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-09-08 21:30 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-09-08 21:30 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-09-08 21:30 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-09-08 21:30 . 2008-09-08 21:30 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-09-08 21:30 . 2008-09-08 21:30 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-09-07 23:48 . 2008-09-07 23:48 <DIR> d-------- C:\Program Files\PowerISO
2008-09-07 20:34 . 2008-09-07 20:34 88 --a------ C:\WINDOWS\StyleBuilder.INI
2008-09-07 02:05 . 2008-09-07 02:05 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-09-07 00:43 . 2008-09-07 00:43 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\InstallShield
2008-09-06 22:34 . 2008-09-06 22:34 360,320 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-09-06 21:23 . 2008-09-06 21:23 <DIR> d-------- C:\Program Files\uTorrent
2008-09-06 21:23 . 2008-09-15 14:26 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\uTorrent
2008-09-06 17:58 . 2008-09-06 17:58 <DIR> d-------- C:\Program Files\VDOWNLOADER
2008-09-06 15:37 . 2008-09-06 15:37 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-09-06 15:34 . 2008-09-06 15:34 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-09-06 15:20 . 2008-09-10 21:50 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-09-06 15:09 . 2008-09-07 02:05 <DIR> d-------- C:\Program Files\Reganam
2008-09-06 15:09 . 2008-09-06 15:09 <DIR> d-------- C:\Program Files\Conduit
2008-09-06 15:09 . 2008-09-07 02:03 <DIR> d-------- C:\Program Files\3GP Player
2008-09-06 14:06 . 2008-09-15 21:09 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-04 23:38 . 2008-09-04 23:38 520 --a------ C:\WINDOWS\netdet.ini
2008-09-04 23:37 . 2000-12-06 01:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-09-04 23:37 . 2000-12-06 01:00 109,248 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2008-09-02 20:39 . 2008-09-02 20:39 <DIR> d-------- C:\Program Files\MyXOFT
2008-09-02 20:39 . 2006-12-01 22:03 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-09-02 20:39 . 2006-12-01 22:03 548,864 --a------ C:\WINDOWS\system32\msvcp80.dll
2008-09-02 20:39 . 2006-12-02 06:22 479,232 --a------ C:\WINDOWS\system32\msvcm80.dll
2008-09-02 20:39 . 2006-12-01 22:03 1,869 --a------ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2008-08-30 21:35 . 2008-08-30 21:36 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\ICQ
2008-08-30 21:35 . 2008-08-30 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ICQ
2008-08-30 21:34 . 2008-08-30 21:36 <DIR> d-------- C:\Program Files\ICQ6
2008-08-30 00:13 . 2008-09-14 21:06 <DIR> d-------- C:\Documents and Settings\Robi\Tracing
2008-08-30 00:13 . 2008-09-09 21:48 <DIR> d-------- C:\Documents and Settings\Robi\Contacts
2008-08-30 00:11 . 2008-09-08 21:36 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\MSN6
2008-08-30 00:11 . 2008-08-30 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-08-30 00:01 . 2008-08-30 00:01 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-08-29 23:56 . 2008-08-29 23:56 <DIR> d-------- C:\Program Files\Windows Live
2008-08-27 23:06 . 2008-08-27 23:06 <DIR> d-------- C:\Program Files\BitTorrent
2008-08-27 23:06 . 2008-09-09 15:17 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\BitTorrent
2008-08-26 09:10 . 2008-09-03 11:41 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-24 21:29 . 2008-08-24 21:29 <DIR> d-------- C:\Program Files\Far
2008-08-24 16:10 . 2008-08-24 16:10 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-24 16:10 . 2008-08-24 16:10 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-08-24 16:02 . 2008-08-24 16:02 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-24 16:02 . 2008-08-24 16:02 21,672 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2008-08-24 16:02 . 2008-08-24 16:02 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2008-08-24 16:00 . 2008-08-24 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-24 15:58 . 2008-08-24 22:16 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-08-23 20:15 . 2008-09-07 01:36 <DIR> d-------- C:\Program Files\IDoser v4
2008-08-21 22:56 . 2008-08-21 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Disk Cleaner
2008-08-21 22:55 . 2008-08-21 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Registry Helper
2008-08-16 19:01 . 2008-08-24 15:03 <DIR> d-------- C:\Program Files\Dachshund Software
2008-08-16 19:01 . 2008-08-24 15:00 221 --ah----- C:\WINDOWS\winshell.dat
2008-08-16 18:25 . 2008-08-16 18:25 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\Uniblue
2008-08-15 15:52 . 2008-08-16 19:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-15 15:52 . 2008-08-15 15:52 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 19:09 42,512 ----a-w C:\WINDOWS\system32\drivers\npf.sys
2008-09-15 14:27 --------- d-----w C:\Program Files\Google
2008-09-15 12:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-13 18:33 --------- d-----w C:\Documents and Settings\Robi\Application Data\TransRender
2008-09-13 14:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-12 16:54 --------- d-----w C:\Documents and Settings\Robi\Application Data\Temporary
2008-09-08 20:04 --------- d-----w C:\Program Files\Eset
2008-09-06 20:34 360,320 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-08-24 19:25 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-08-19 16:36 --------- d-----w C:\Program Files\IrfanView
2008-08-16 17:32 --------- d-----w C:\Program Files\Winamp
2008-08-16 17:21 --------- d-----w C:\Documents and Settings\Robi\Application Data\Smart PC Solutions
2008-08-16 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-16 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-13 11:25 --------- d-----w C:\Documents and Settings\Robi\Application Data\www.TheXSoft.com
2008-08-13 11:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\www.TheXSoft.com
2008-08-12 22:52 --------- d-----w C:\Program Files\DivX
2008-08-12 22:48 --------- d-----w C:\Program Files\DrWindows
2008-08-12 20:03 --------- d-----w C:\Program Files\Common Files\Vbox
2008-08-12 19:53 --------- d-----w C:\Program Files\PSP
2008-08-11 20:27 --------- d-----w C:\Documents and Settings\Robi\Application Data\zweitgeist
2008-08-08 16:05 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-08-08 15:45 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-08-07 22:13 --------- d-----w C:\Documents and Settings\Robi\Application Data\ICQ Toolbar
2008-08-07 18:16 --------- d-----w C:\Program Files\Marvell
2008-08-05 19:07 --------- d-----w C:\Documents and Settings\Robi\Application Data\DivX
2008-07-31 20:23 --------- d-----w C:\Program Files\Common Files\Autodata Limited Shared
2007-06-13 10:23 933,888 --sh--r C:\WINDOWS\system32\sdphost.exe
2008-05-21 18:59 116,512 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-21 18:10 1,824 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-09-06 22:34 360320 3adce4790f591bf160a94f6f08039577 C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-09-06 22:34 360320 3adce4790f591bf160a94f6f08039577 C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "C:\Program Files\Reganam\tbReg1.dll" [2008-09-06 1569304]

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
2008-08-29 19:28 133616 --a----t- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]
2008-09-06 15:11 1569304 --------- C:\Program Files\Reganam\tbReg1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "C:\Program Files\Reganam\tbReg1.dll" [2008-09-06 1569304]

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DB9D7A78-A76C-4BF2-97C6-258925EE1542}"= "C:\Program Files\Reganam\tbReg1.dll" [2008-09-06 1569304]

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 35328]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-09-08 921600]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]
"Files Driver"="sdphost.exe" [2007-06-13 C:\WINDOWS\system32\sdphost.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Files Driver"="sdphost.exe" [2007-06-13 C:\WINDOWS\system32\sdphost.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"D:\\Program Files\\game.dat"=
"D:\\UT2004\\System\\UT2004.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 gupdate1c8fe527b2f7a97;Google Update Service (gupdate1c8fe527b2f7a97);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-29 133104]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-24 13352]
S3 NPF;Netgroup Packet Filter;C:\WINDOWS\system32\drivers\npf.sys [2008-09-15 42512]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-Registry Helper - C:\Program Files\Registry Helper\LaunchRegistryHelper.Exe
HKCU-Run-Disk Cleaner - C:\Program Files\Disk Cleaner\LaunchDiskCleaner.Exe
HKLM-Run-OpenDNS Update - C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.hr/
R0 -: HKCU-Main,SearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNxmk142YYHR&fl=0&ptb=rFSuPRdDEVSyAqSB4yXKBw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYHR
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-15 21:09:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\packet.dll 88704 bytes executable
C:\WINDOWS\system32\wpcap.dll 240240 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\BHROOT\BIN\NT611SVC.EXE
C:\Program Files\BHROOT\BIN\MONITOR.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\BHROOT\BIN\PORTMAP.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-15 21:11:45 - machine was rebooted [Robi]
ComboFix-quarantined-files.txt 2008-09-15 19:11:41

Pre-Run: 30,593,269,760 bytes free
Post-Run: 31,035,498,496 bytes free

276 --- E O F --- 2008-09-11 02:32:04

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:


File::
C:\WINDOWS\system32\sdphost.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Files Driver"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Files Driver"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 15 Sep 2008
  • Poruke: 74

evo napravio sam sve po uputama i evo log combofix-a:



ComboFix 08-09-15.01 - Robi 2008-09-15 21:47:21.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.236 [GMT 2:00]
Running from: C:\Documents and Settings\Robi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Robi\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\sdphost.exe
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 )))))))))))))))))))))))))))))))
.

2008-09-15 14:30 . 2008-09-15 14:31 <DIR> d-------- C:\Program Files\Euro Truck Simulator
2008-09-15 14:27 . 1998-11-17 12:44 328,704 --a------ C:\WINDOWS\IsUn0407.exe
2008-09-15 14:10 . 2008-09-15 14:10 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\MozillaControl
2008-09-15 12:59 . 2008-09-15 12:59 <DIR> d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests
2008-09-15 12:59 . 2008-09-15 20:21 <DIR> d-------- C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-09-15 12:59 . 2008-09-15 20:21 <DIR> d-------- C:\aidualc3
2008-09-15 00:55 . 2008-09-15 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-09-14 02:04 . 2008-09-14 02:04 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-09-14 00:45 . 2008-08-30 01:53 151,552 --a------ C:\WINDOWS\system32\securenet.dll
2008-09-14 00:10 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-09-14 00:10 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys
2008-09-13 17:02 . 2008-09-13 17:02 32 --a------ C:\WINDOWS\tdlp32.ini
2008-09-13 16:54 . 2008-09-15 12:52 <DIR> d-------- C:\Program Files\Xara
2008-09-13 13:13 . 2008-09-13 13:13 236 --a------ C:\sqmdata01.sqm
2008-09-13 13:13 . 2008-09-13 13:13 200 --a------ C:\sqmnoopt01.sqm
2008-09-12 20:59 . 2008-09-12 20:59 <DIR> d-------- C:\Program Files\vso
2008-09-12 20:59 . 2008-09-12 21:22 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\Vso
2008-09-12 20:59 . 2008-09-12 20:59 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-12 20:59 . 2008-09-12 20:59 47,360 --a------ C:\Documents and Settings\Robi\Application Data\pcouffin.sys
2008-09-11 15:23 . 2008-09-11 15:23 248 --a------ C:\sqmdata00.sqm
2008-09-11 15:23 . 2008-09-11 15:23 200 --a------ C:\sqmnoopt00.sqm
2008-09-10 18:43 . 2008-09-10 18:43 <DIR> d-------- C:\Program Files\AVG
2008-09-09 00:16 . 2008-09-09 00:16 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-09-08 21:39 . 2008-09-08 21:38 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-09-08 21:39 . 2008-09-08 21:38 274,432 --a------ C:\WINDOWS\system32\imon.dll
2008-09-08 21:30 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-09-08 21:30 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-09-08 21:30 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-09-08 21:30 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-09-08 21:30 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-09-08 21:30 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-09-08 21:30 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-09-08 21:30 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-09-08 21:30 . 2008-09-08 21:30 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-09-08 21:30 . 2008-09-08 21:30 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-09-07 23:48 . 2008-09-07 23:48 <DIR> d-------- C:\Program Files\PowerISO
2008-09-07 20:34 . 2008-09-07 20:34 88 --a------ C:\WINDOWS\StyleBuilder.INI
2008-09-07 02:05 . 2008-09-07 02:05 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-09-07 00:43 . 2008-09-07 00:43 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\InstallShield
2008-09-06 22:34 . 2008-09-06 22:34 360,320 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-09-06 21:23 . 2008-09-06 21:23 <DIR> d-------- C:\Program Files\uTorrent
2008-09-06 21:23 . 2008-09-15 14:26 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\uTorrent
2008-09-06 17:58 . 2008-09-06 17:58 <DIR> d-------- C:\Program Files\VDOWNLOADER
2008-09-06 15:37 . 2008-09-06 15:37 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-09-06 15:34 . 2008-09-06 15:34 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-09-06 15:20 . 2008-09-10 21:50 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-09-06 15:09 . 2008-09-07 02:05 <DIR> d-------- C:\Program Files\Reganam
2008-09-06 15:09 . 2008-09-06 15:09 <DIR> d-------- C:\Program Files\Conduit
2008-09-06 15:09 . 2008-09-07 02:03 <DIR> d-------- C:\Program Files\3GP Player
2008-09-06 14:06 . 2008-09-15 21:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-04 23:38 . 2008-09-04 23:38 520 --a------ C:\WINDOWS\netdet.ini
2008-09-04 23:37 . 2000-12-06 01:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-09-04 23:37 . 2000-12-06 01:00 109,248 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2008-09-02 20:39 . 2008-09-02 20:39 <DIR> d-------- C:\Program Files\MyXOFT
2008-09-02 20:39 . 2006-12-01 22:03 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-09-02 20:39 . 2006-12-01 22:03 548,864 --a------ C:\WINDOWS\system32\msvcp80.dll
2008-09-02 20:39 . 2006-12-02 06:22 479,232 --a------ C:\WINDOWS\system32\msvcm80.dll
2008-09-02 20:39 . 2006-12-01 22:03 1,869 --a------ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2008-08-30 21:35 . 2008-08-30 21:36 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\ICQ
2008-08-30 21:35 . 2008-08-30 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ICQ
2008-08-30 21:34 . 2008-08-30 21:36 <DIR> d-------- C:\Program Files\ICQ6
2008-08-30 00:13 . 2008-09-14 21:06 <DIR> d-------- C:\Documents and Settings\Robi\Tracing
2008-08-30 00:13 . 2008-09-09 21:48 <DIR> d-------- C:\Documents and Settings\Robi\Contacts
2008-08-30 00:11 . 2008-09-08 21:36 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\MSN6
2008-08-30 00:11 . 2008-08-30 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-08-30 00:01 . 2008-08-30 00:01 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-08-29 23:56 . 2008-08-29 23:56 <DIR> d-------- C:\Program Files\Windows Live
2008-08-27 23:06 . 2008-08-27 23:06 <DIR> d-------- C:\Program Files\BitTorrent
2008-08-27 23:06 . 2008-09-09 15:17 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\BitTorrent
2008-08-26 09:10 . 2008-09-03 11:41 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-24 21:29 . 2008-08-24 21:29 <DIR> d-------- C:\Program Files\Far
2008-08-24 16:10 . 2008-08-24 16:10 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-24 16:10 . 2008-08-24 16:10 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-08-24 16:02 . 2008-08-24 16:02 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-24 16:02 . 2008-08-24 16:02 21,672 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2008-08-24 16:02 . 2008-08-24 16:02 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2008-08-24 16:00 . 2008-08-24 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-24 15:58 . 2008-08-24 22:16 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-08-23 20:15 . 2008-09-07 01:36 <DIR> d-------- C:\Program Files\IDoser v4
2008-08-21 22:56 . 2008-08-21 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Disk Cleaner
2008-08-21 22:55 . 2008-08-21 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Registry Helper
2008-08-16 19:01 . 2008-08-24 15:03 <DIR> d-------- C:\Program Files\Dachshund Software
2008-08-16 19:01 . 2008-08-24 15:00 221 --ah----- C:\WINDOWS\winshell.dat
2008-08-16 18:25 . 2008-08-16 18:25 <DIR> d-------- C:\Documents and Settings\Robi\Application Data\Uniblue
2008-08-15 15:52 . 2008-08-16 19:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-15 15:52 . 2008-08-15 15:52 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 14:27 --------- d-----w C:\Program Files\Google
2008-09-15 12:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-13 18:33 --------- d-----w C:\Documents and Settings\Robi\Application Data\TransRender
2008-09-13 14:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-12 16:54 --------- d-----w C:\Documents and Settings\Robi\Application Data\Temporary
2008-09-08 20:04 --------- d-----w C:\Program Files\Eset
2008-09-06 20:34 360,320 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-08-24 19:25 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-08-19 16:36 --------- d-----w C:\Program Files\IrfanView
2008-08-16 17:32 --------- d-----w C:\Program Files\Winamp
2008-08-16 17:21 --------- d-----w C:\Documents and Settings\Robi\Application Data\Smart PC Solutions
2008-08-16 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-16 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-13 11:25 --------- d-----w C:\Documents and Settings\Robi\Application Data\www.TheXSoft.com
2008-08-13 11:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\www.TheXSoft.com
2008-08-12 22:52 --------- d-----w C:\Program Files\DivX
2008-08-12 22:48 --------- d-----w C:\Program Files\DrWindows
2008-08-12 20:03 --------- d-----w C:\Program Files\Common Files\Vbox
2008-08-12 19:53 --------- d-----w C:\Program Files\PSP
2008-08-11 20:27 --------- d-----w C:\Documents and Settings\Robi\Application Data\zweitgeist
2008-08-08 16:05 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-08-08 15:45 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-08-07 22:13 --------- d-----w C:\Documents and Settings\Robi\Application Data\ICQ Toolbar
2008-08-07 18:16 --------- d-----w C:\Program Files\Marvell
2008-08-05 19:07 --------- d-----w C:\Documents and Settings\Robi\Application Data\DivX
2008-07-31 20:23 --------- d-----w C:\Program Files\Common Files\Autodata Limited Shared
2008-05-21 18:59 116,512 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-21 18:10 1,824 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-09-06 22:34 360320 3adce4790f591bf160a94f6f08039577 C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-09-06 22:34 360320 3adce4790f591bf160a94f6f08039577 C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "C:\Program Files\Reganam\tbReg1.dll" [2008-09-06 1569304]

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
2008-08-29 19:28 133616 --a----t- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]
2008-09-06 15:11 1569304 --------- C:\Program Files\Reganam\tbReg1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "C:\Program Files\Reganam\tbReg1.dll" [2008-09-06 1569304]

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DB9D7A78-A76C-4BF2-97C6-258925EE1542}"= "C:\Program Files\Reganam\tbReg1.dll" [2008-09-06 1569304]

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 35328]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-09-08 921600]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"D:\\Program Files\\game.dat"=
"D:\\UT2004\\System\\UT2004.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 gupdate1c8fe527b2f7a97;Google Update Service (gupdate1c8fe527b2f7a97);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-29 133104]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-24 13352]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-15 21:50:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\BHROOT\BIN\NT611SVC.EXE
C:\Program Files\BHROOT\BIN\MONITOR.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\BHROOT\BIN\PORTMAP.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-15 21:52:03 - machine was rebooted [Robi]
ComboFix-quarantined-files.txt 2008-09-15 19:51:59
ComboFix2.txt 2008-09-15 19:11:46

Pre-Run: 30,982,746,112 bytes free
Post-Run: 30,990,143,488 bytes free

245 --- E O F --- 2008-09-11 02:32:04

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Da li NOD sada nešto detektuje?

offline
  • Pridružio: 15 Sep 2008
  • Poruke: 74

ne, eh da još sam zaboravio, pojavila se crvena ikonica neki dan dolje kod sata i u njoj je x i dok držim miš na njoj piše sigurnosna upozorenja windowsa, a dok ju kliknem dvaput otvori se centar za sigurnost i vatrozid je uključen ali automatsko ažuriranje nije i ne mogu ga uključit

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Prijavi li Windows neku grešku pri pokušaju aktiviranja Automatic Updates-a?


Da probamo ovako...


Skini: http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip

Raspakuj arhivu i pokreni Dial-a-Fix.exe.

Čekiraj opciju Fix Windows update i klikni Go.


Restartuj PC i proveri kakvo je stanje.

offline
  • Pridružio: 15 Sep 2008
  • Poruke: 74

sad je sve ok, hvala ti puno Ziveli Ziveli Ziveli Ziveli Ziveli

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Odlično. Uradi sledeće:


Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore



To je sve.

Ko je trenutno na forumu
 

Ukupno su 795 korisnika na forumu :: 23 registrovanih, 6 sakrivenih i 766 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aramis s, BRATORIII, Despot1, dragoljub11987, Dusan Medojevic, ekser222, flash12, hooraay, HrcAk47, hyla, Joja, kovinacc, LUDI, Markoni29, Misirac, pavle_pzs, RJ, ruma, shone34, VJ, Vlada1389, willie