[bobby] Problem! ceo komp mi baguje

1

[bobby] Problem! ceo komp mi baguje

offline
  • Pridružio: 10 Dec 2007
  • Poruke: 40

Imam sledecih problema: svaka igra mi baguje secka i sl., mish mi se povremeno sam ukljucuje, iskljucuje, sve mi otvara sporije, net mi cesto zabada itd...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:34 AM, on 2/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system\wmismgr.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Bandoo\BndCore.exe
C:\Documents and Settings\ILIJA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ILIJA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ILIJA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\ILIJA\Desktop\New Folder (2)\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.atcomet.com/b/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Microsoft IO-Plugin Service] miops.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1715567821-838170752-682003330-1004\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'VELJKOVIC')
O4 - HKUS\S-1-5-21-1715567821-838170752-682003330-1004\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'VELJKOVIC')
O4 - HKUS\S-1-5-21-1715567821-838170752-682003330-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'VELJKOVIC')
O4 - HKUS\S-1-5-21-1715567821-838170752-682003330-1004\..\Run: [12CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe (User 'VELJKOVIC')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: ????????P c:\progra~1\bandoo\bndhook.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows Sync Manager (WMISMG) - Unknown owner - C:\WINDOWS\system\wmismgr.exe

--
End of file - 6014 bytes

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 10 Dec 2007
  • Poruke: 40

au jbt, pa nece da mi otvori combo fix, bas baguje ne znam ni sta da radim? Probacu ponovo, skidao sam ga 20 puta, ako vi imate neku ideju....

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Probaj nasu lokalnu kopiju odavde:
http://amf.mycity.rs/programs/mirrored/C-F.exe

offline
  • Pridružio: 10 Dec 2007
  • Poruke: 40

E ok sad hoce.

ComboFix 09-02-08.01 - ILIJA 2009-02-08 12:33:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.199 [GMT -8:00]
Running from: c:\documents and settings\ILIJA\Desktop\C-F.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\olb1iimw.bat
C:\qwultj1.bat
c:\recycler\ADAPT_Installer.exe
C:\t0k3c.cmd
D:\Autorun.inf
D:\olb1iimw.bat
D:\qwultj1.bat
D:\s.bat
D:\t0k3c.cmd
E:\olb1iimw.bat
E:\qwultj1.bat
E:\s.bat
E:\t0k3c.cmd

.
((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 )))))))))))))))))))))))))))))))
.

2009-02-07 12:34 . 2009-02-07 12:34 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-07 12:34 . 2009-02-07 12:34 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-04 07:47 . 2009-02-04 07:47 <DIR> d-------- c:\program files\Monster Trucks Nitro Demo
2009-02-02 12:05 . 2009-02-02 12:05 315 --a------ C:\test.exe
2009-01-31 01:21 . 2009-01-31 01:21 66,048 -r-hs---- c:\windows\system\wmismgr.exe
2009-01-27 13:25 . 2009-01-27 13:26 262,878 --a------ c:\windows\IPUI_DivXG400.exe
2009-01-27 13:25 . 2009-01-27 13:26 245,760 --a------ c:\windows\system32\DivXG400.ax
2009-01-27 13:25 . 2009-01-27 13:26 21,869 --a------ c:\windows\system32\divxg400.htm
2009-01-24 04:20 . 2009-01-24 04:20 <DIR> d-------- c:\program files\LimeWire
2009-01-20 11:07 . 2009-01-20 19:06 100,352 -r-hs---- c:\windows\system32\miops.exe
2009-01-20 08:11 . 2009-01-20 08:11 <DIR> d-------- c:\program files\uTorrent
2009-01-20 08:11 . 2009-01-28 08:08 <DIR> d-------- c:\documents and settings\ILIJA\Application Data\uTorrent
2009-01-09 17:37 . 2009-01-09 17:37 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-01-09 17:37 . 2009-01-09 17:37 <DIR> d-------- c:\program files\Common Files\Nokia
2009-01-09 17:36 . 2009-01-09 17:36 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-01-09 17:36 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2009-01-09 17:34 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-01-09 17:34 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-01-09 17:34 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 11:54 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-04 11:59 --------- d-----w c:\documents and settings\ILIJA\Application Data\LimeWire
2009-01-29 16:41 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-01-29 15:49 --------- d-----w c:\program files\Bandoo
2009-01-10 01:37 --------- d-----w c:\program files\Nokia
2009-01-10 01:31 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-01-01 15:37 --------- d-----w c:\documents and settings\VELJKOVIC\Application Data\PC Suite
2008-12-09 12:04 --------- d-----w c:\documents and settings\All Users\Application Data\Bandoo
2008-11-21 08:44 2,560 ----a-w c:\windows\_MSRSTRT.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"Microsoft IO-Plugin Service"="miops.exe" [2009-01-20 c:\windows\system32\miops.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 1 (0x1)

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"12CFG914-K641-26SF-N31P"=c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe
"Google Update"="c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"Microsoft IO-Plugin Service"=miops.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\XTCS Counter-Strike 1.6 Final Release\\cstrike.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system\\wmismgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19685:TCP"= 19685:TCP:BitComet 19685 TCP
"19685:UDP"= 19685:UDP:BitComet 19685 UDP

R2 Bandoo Coordinator;Bandoo Coordinator;c:\progra~1\Bandoo\Bandoo.exe [2008-12-09 1484736]
R2 WMISMG;Windows Sync Manager;c:\windows\system\wmismgr.exe [2009-01-31 66048]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2004-08-03 18560]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-11-21 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-11-21 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-11-21 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-11-21 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-11-21 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-11-21 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-11-21 110120]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c74e38d-7c11-11dd-bb51-001485f61cf5}]
\Shell\AutoRun\command - H:\jdhc2x2.com
\Shell\explore\Command - H:\jdhc2x2.com
\Shell\open\Command - H:\jdhc2x2.com
.
Contents of the 'Scheduled Tasks' folder

2009-02-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24]

2008-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-838170752-682003330-1003.job
- c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 09:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = <local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ILIJA\Application Data\Mozilla\Firefox\Profiles\xid2t7u7.default\
FF - prefs.js: browser.startup.homepage - hxxp://download.muzicki.net/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.
.
------- File Associations -------
.
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-08 12:37:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

c:\windows\system32\miops.exe [1624] 0x823F6A20

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-838170752-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bandoo\Bandoo.exe
c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2009-02-08 12:41:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-08 20:40:58

Post-Run: 548,913,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

199 --- E O F --- 2008-07-01 19:07:47

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Prvo skini i pokreni sledeci program:
http://amf.mycity.rs/programs/mirrored/SafeBootKeyRepair.exe

===================================

Nakon toga otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe
c:\windows\system32\miops.exe
c:\windows\system\wmismgr.exe

Driver::
Windows Sync Manager

Rootkit::
c:\windows\system32\miops.exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"12CFG914-K641-26SF-N31P"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Microsoft IO-Plugin Service"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"12CFG914-K641-26SF-N31P"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Microsoft IO-Plugin Service"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c74e38d-7c11-11dd-bb51-001485f61cf5}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 0


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 10 Dec 2007
  • Poruke: 40

Valjda sam to dobro uradio.

ComboFix 09-02-08.01 - ILIJA 2009-02-09 1:33:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.263 [GMT -8:00]
Running from: c:\documents and settings\ILIJA\Desktop\C-F.exe
Command switches used :: c:\documents and settings\ILIJA\Desktop\CFScript.txt

FILE ::
c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe
c:\windows\system\wmismgr.exe
c:\windows\system32\miops.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\wmismgr.exe
c:\windows\system32\miops.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-09 to 2009-02-09 )))))))))))))))))))))))))))))))
.

2009-02-07 12:34 . 2009-02-07 12:34 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-07 12:34 . 2009-02-07 12:34 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-04 07:47 . 2009-02-04 07:47 <DIR> d-------- c:\program files\Monster Trucks Nitro Demo
2009-02-02 12:05 . 2009-02-02 12:05 315 --a------ C:\test.exe
2009-01-27 13:25 . 2009-01-27 13:26 262,878 --a------ c:\windows\IPUI_DivXG400.exe
2009-01-27 13:25 . 2009-01-27 13:26 245,760 --a------ c:\windows\system32\DivXG400.ax
2009-01-27 13:25 . 2009-01-27 13:26 21,869 --a------ c:\windows\system32\divxg400.htm
2009-01-24 04:20 . 2009-01-24 04:20 <DIR> d-------- c:\program files\LimeWire
2009-01-20 08:11 . 2009-01-20 08:11 <DIR> d-------- c:\program files\uTorrent
2009-01-20 08:11 . 2009-01-28 08:08 <DIR> d-------- c:\documents and settings\ILIJA\Application Data\uTorrent
2009-01-09 17:37 . 2009-01-09 17:37 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-01-09 17:37 . 2009-01-09 17:37 <DIR> d-------- c:\program files\Common Files\Nokia
2009-01-09 17:36 . 2009-01-09 17:36 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-01-09 17:36 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2009-01-09 17:34 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-01-09 17:34 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-01-09 17:34 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 11:54 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-04 11:59 --------- d-----w c:\documents and settings\ILIJA\Application Data\LimeWire
2009-01-29 16:41 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-01-29 15:49 --------- d-----w c:\program files\Bandoo
2009-01-10 01:37 --------- d-----w c:\program files\Nokia
2009-01-10 01:31 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-01-01 15:37 --------- d-----w c:\documents and settings\VELJKOVIC\Application Data\PC Suite
2008-12-09 12:04 --------- d-----w c:\documents and settings\All Users\Application Data\Bandoo
2008-11-21 08:44 2,560 ----a-w c:\windows\_MSRSTRT.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\bandoo\bndhook.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\XTCS Counter-Strike 1.6 Final Release\\cstrike.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19685:TCP"= 19685:TCP:BitComet 19685 TCP
"19685:UDP"= 19685:UDP:BitComet 19685 UDP

R2 Bandoo Coordinator;Bandoo Coordinator;c:\progra~1\Bandoo\Bandoo.exe [2008-12-09 1484736]
S2 WMISMG;Windows Sync Manager;"c:\windows\system\wmismgr.exe" --> c:\windows\system\wmismgr.exe [?]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2004-08-03 18560]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-11-21 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-11-21 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-11-21 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-11-21 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-11-21 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-11-21 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-11-21 110120]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-02-09 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24]

2008-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-838170752-682003330-1003.job
- c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 09:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = <local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ILIJA\Application Data\Mozilla\Firefox\Profiles\xid2t7u7.default\
FF - prefs.js: browser.startup.homepage - hxxp://download.muzicki.net/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-09 01:36:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-838170752-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NTMARTA.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bandoo\Bandoo.exe
c:\progra~1\Bandoo\BandooUI.exe
c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2009-02-09 1:39:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-09 09:39:02
ComboFix2.txt 2009-02-08 20:41:19

Pre-Run: 1,065,340,928 bytes free
Post-Run: 1,055,461,376 bytes free

156 --- E O F --- 2008-07-01 19:07:47

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ovo izgleda daleko bolje.

Hajmo da pustimo jos jedan skript.

Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
Windows Sync Manager
WMISMG


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 10 Dec 2007
  • Poruke: 40

ComboFix 09-02-08.01 - ILIJA 2009-02-10 0:52:58.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.269 [GMT -8:00]
Running from: c:\documents and settings\ILIJA\Desktop\C-F.exe
Command switches used :: c:\documents and settings\ILIJA\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WMISMG
-------\Service_WMISMG


((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))
.

2009-02-07 12:34 . 2009-02-07 12:34 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-07 12:34 . 2009-02-07 12:34 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-04 07:47 . 2009-02-04 07:47 <DIR> d-------- c:\program files\Monster Trucks Nitro Demo
2009-02-02 12:05 . 2009-02-02 12:05 315 --a------ C:\test.exe
2009-01-27 13:25 . 2009-01-27 13:26 262,878 --a------ c:\windows\IPUI_DivXG400.exe
2009-01-27 13:25 . 2009-01-27 13:26 245,760 --a------ c:\windows\system32\DivXG400.ax
2009-01-27 13:25 . 2009-01-27 13:26 21,869 --a------ c:\windows\system32\divxg400.htm
2009-01-24 04:20 . 2009-01-24 04:20 <DIR> d-------- c:\program files\LimeWire
2009-01-20 08:11 . 2009-01-20 08:11 <DIR> d-------- c:\program files\uTorrent
2009-01-20 08:11 . 2009-01-28 08:08 <DIR> d-------- c:\documents and settings\ILIJA\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 19:48 --------- d-----w c:\documents and settings\ILIJA\Application Data\LimeWire
2009-02-09 19:30 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-29 16:41 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-01-29 15:49 --------- d-----w c:\program files\Bandoo
2009-01-10 01:37 --------- d-----w c:\program files\Nokia
2009-01-10 01:37 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-10 01:37 --------- d-----w c:\program files\Common Files\Nokia
2009-01-10 01:36 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-10 01:31 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-01-01 15:37 --------- d-----w c:\documents and settings\VELJKOVIC\Application Data\PC Suite
2008-11-21 08:44 2,560 ----a-w c:\windows\_MSRSTRT.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\XTCS Counter-Strike 1.6 Final Release\\cstrike.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19685:TCP"= 19685:TCP:BitComet 19685 TCP
"19685:UDP"= 19685:UDP:BitComet 19685 UDP

R2 Bandoo Coordinator;Bandoo Coordinator;c:\progra~1\Bandoo\Bandoo.exe [2008-12-09 1484736]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2004-08-03 18560]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-11-21 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-11-21 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-11-21 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-11-21 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-11-21 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-11-21 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-11-21 110120]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-02-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24]

2008-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-838170752-682003330-1003.job
- c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 09:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = <local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ILIJA\Application Data\Mozilla\Firefox\Profiles\xid2t7u7.default\
FF - prefs.js: browser.startup.homepage - hxxp://download.muzicki.net/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\ILIJA\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-10 00:56:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-838170752-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bandoo\Bandoo.exe
c:\progra~1\Bandoo\BandooUI.exe
c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2009-02-10 0:58:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-10 08:58:16
ComboFix2.txt 2009-02-09 09:39:06
ComboFix3.txt 2009-02-08 20:41:19

Pre-Run: 1,043,644,416 bytes free
Post-Run: 1,091,813,376 bytes free

148 --- E O F --- 2008-07-01 19:07:47

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Reci mi kako se sada komp ponasa?
Logovi ne pokazuju vise nista neobicno.

Ko je trenutno na forumu
 

Ukupno su 1197 korisnika na forumu :: 98 registrovanih, 13 sakrivenih i 1086 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, A.R.Chafee.Jr., aboris, airsuba, amaterSRB, armor, Atomski čoban, awathorn, Batinas, Bobrock1, bojank, branko7, brundo65, Bubili, Bubimir, chavaledeni, chichabg, darkangel, Denaya, djboj, Djokkinen, DonRumataEstorski, Drug pukovnik, Duh sa sekirom, ekozelj, ekser222, esx66, eulereix, flash12, Fog of War, geo.dule, Georgius, gomago, goranperović66, gorican, helen1, HrcAk47, Insan, Istman, ivica976, kairos, kaptain, karevski, Lieutenant, Ligavesh, LonelyWolf, Lord Nem, Milan A. Nikolic, MilosKop, miodrag, Miskohd, mohikanac81, Nemanja.M, nenad81, nenooo, novator, pacika, panda1, pandur, panzerwaffe, Parker, Pohovani_00, proka89, proleter373, pvoman, Rakenica, raptorsi, Recce, RiV, RobinHood12, Rogan33, shaja1, Sirius, Skywhaler, slonic_tonic, solic, Srle993, strn, Stuka76, theNedjeljko, tmanda323, tubular, uruk, Van, vasa.93, Vatrogasaccc, virked, Visionary, Vlada1389, vladulns, vukovi, Wrangler, x9, YugoSlav, Zerajic, Zuna77, zxstole, Žukov