usporen pc i virusi koji se ne mogu izbrisati

usporen pc i virusi koji se ne mogu izbrisati

offline
  • Pridružio: 13 Maj 2007
  • Poruke: 163
  • Gde živiš: Gracanica

avira mi pronajde dva virusa:system 32/khffcstj.dll i system32/rqRJBQkk.dll

i ne moze ni jedan da izbrise,a evo kako mi izgleda logfile od hijackthis:



Logfile of HijackThis v1.99.1
Scan saved at 10:54:48 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
D:\Program files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\WLAN\ACU.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
D:\Program files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Documents and Settings\Jasmin\Desktop\TSD\TR3.exe..exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.bearshare.com/intl/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18C6BA00-F4CC-4CEF-84EE-0BF530C0D45C} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll (file missing)
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: (no name) - {71C53EE1-BCD9-46C4-84FA-85933AF96873} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B2BAC412-99EC-471A-BD37-63C2327C97A3} - C:\WINDOWS\system32\ruwfciim.dll (file missing)
O2 - BHO: (no name) - {C9F315B0-F86C-40B8-B593-CF21C81EE1C6} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {CCEA4202-06DC-4552-AA26-CA6D7E36E30F} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {D6258CA6-2028-4CDD-B496-CACC18721A60} - C:\WINDOWS\system32\rqRJBQkK.dll
O2 - BHO: (no name) - {D81C6A1E-82B2-4E92-9CE9-9533155834D8} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {E9DA74DB-27B6-4A75-8A28-F44524401435} - C:\WINDOWS\system32\khffCsTj.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\WLAN\ACU.exe" -nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [8cf8a9f2] rundll32.exe "C:\WINDOWS\system32\nnhojuvd.dll",b
O4 - HKLM\..\Run: [avgnt] "D:\Program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....3723188921
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: rqRJBQkK - C:\WINDOWS\SYSTEM32\rqRJBQkK.dll
O23 - Service: WLAN Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...




Arrow Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


-------------------------------------------------------------------------------------


Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 13 Maj 2007
  • Poruke: 163
  • Gde živiš: Gracanica

evo ga,nisam mogao brze Smile



ComboFix 08-06-30.2 - Jasmin 2008-07-01 23:44:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.115 [GMT 2:00]
Running from: C:\Documents and Settings\Jasmin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\axffosbu.ini
C:\WINDOWS\system32\bqcmsauj.ini
C:\WINDOWS\system32\cgnxtcye.ini
C:\WINDOWS\system32\cjeqouay.ini
C:\WINDOWS\system32\dvujohnn.ini
C:\WINDOWS\system32\ejgirgtx.dll
C:\WINDOWS\system32\fpxnawaf.ini
C:\WINDOWS\system32\hxybckki.ini
C:\WINDOWS\system32\jTsCffhk.ini
C:\WINDOWS\system32\jTsCffhk.ini2
C:\WINDOWS\system32\khffCsTj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msssc.dll
C:\WINDOWS\system32\nnhojuvd.dll
C:\WINDOWS\system32\pgiqkwcx.ini
C:\WINDOWS\system32\rqRJBQkK.dll
C:\WINDOWS\system32\rvkxeakl.ini
C:\WINDOWS\system32\skykqgjk.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-07-01 14:36 . 2008-07-01 14:36 <DIR> d-------- C:\Program Files\OGPlanet
2008-07-01 13:28 . 2008-07-01 13:28 <DIR> d-------- C:\Program Files\Games-Masters.com
2008-06-29 01:13 . 2008-06-29 01:13 <DIR> d-------- C:\Documents and Settings\Jasmin\Logs
2008-06-29 01:05 . 2008-06-29 01:05 <DIR> d-------- C:\Logs
2008-06-26 16:42 . 2008-06-26 16:42 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-25 17:19 . 2008-06-25 17:19 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-06-25 17:18 . 2008-06-25 17:18 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-25 16:35 . 2008-06-25 16:35 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-06-25 16:35 . 2008-06-25 16:35 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-06-25 16:31 . 2008-06-25 16:31 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-25 16:31 . 2008-06-25 16:31 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6397.sys
2008-06-23 23:57 . 2008-06-25 15:45 <DIR> d-------- C:\Program Files\BearShare Applications
2008-06-23 23:57 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-06-20 23:56 . 2008-06-20 23:56 <DIR> d-------- C:\Documents and Settings\Jasmin\Application Data\atitray
2008-06-20 16:49 . 2008-06-20 16:49 <DIR> d-------- C:\ATI
2008-06-20 16:47 . 2008-06-20 16:47 <DIR> d-------- C:\Program Files\Ray Adams
2008-06-20 10:57 . 2008-06-20 10:57 761 --a------ C:\WINDOWS\system32\tutgfppp.dll
2008-06-20 00:17 . 2008-06-20 00:17 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-20 00:09 . 2008-06-20 00:09 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-20 00:07 . 2008-06-20 00:10 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-20 00:06 . 2008-06-20 00:06 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-19 16:56 . 2008-06-19 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-06-19 13:42 . 2008-06-19 13:42 900 --a------ C:\WINDOWS\system32\ixhfrpcc.dll
2008-06-19 01:14 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-18 15:23 . 2008-06-20 11:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-18 14:47 . 2008-06-30 22:30 <DIR> d-------- C:\Documents and Settings\Jasmin\amsn
2008-06-18 14:45 . 2008-06-18 14:46 <DIR> d-------- C:\Program Files\aMSN
2008-06-18 14:39 . 2008-06-18 14:39 <DIR> d-------- C:\Documents and Settings\Jasmin\Application Data\GRETECH
2008-06-18 14:35 . 2008-06-18 14:35 900 --a------ C:\WINDOWS\system32\oqgnfykb.dll
2008-06-18 14:32 . 2008-06-18 14:32 761 --a------ C:\WINDOWS\system32\epgjsdbe.dll
2008-06-18 08:28 . 2008-06-22 00:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-18 04:10 . 2008-06-17 19:36 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-18 04:05 . 2008-07-02 00:00 7,991,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-18 04:05 . 2008-07-02 00:00 95,696 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-18 04:02 . 2008-06-18 04:02 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-06-18 04:02 . 2008-07-01 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-18 04:00 . 2008-06-18 04:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-18 03:59 . 2008-07-01 23:41 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-06-18 03:59 . 2008-06-18 03:59 <DIR> d-------- C:\Program Files\Zone Labs
2008-06-18 03:58 . 2008-06-18 03:58 <DIR> d-------- C:\Program Files\WLAN
2008-06-18 03:57 . 2008-06-18 03:57 <DIR> d-------- C:\temp
2008-06-18 03:29 . 2008-06-18 03:29 <DIR> d-------- C:\DAIBLO
2008-06-18 03:28 . 2007-12-23 15:34 39 --a------ C:\realmlist.wtf
2008-06-18 03:16 . 2008-06-18 03:16 <DIR> d-------- C:\Program Files\Intel
2008-06-18 03:16 . 2002-10-15 09:00 101,431 --a------ C:\WINDOWS\system32\drivers\IdeChnDr.sys
2008-06-18 03:16 . 2002-10-15 09:00 44,875 --a------ C:\WINDOWS\system32\IPrtCnst.dll
2008-06-18 03:16 . 2002-10-15 09:00 13,891 --a------ C:\WINDOWS\system32\drivers\IdeBusDr.sys
2008-06-18 03:14 . 2004-08-04 08:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-06-18 03:13 . 2008-06-18 03:13 <DIR> d-------- C:\WINDOWS\VirtualEar
2008-06-18 03:13 . 2008-06-18 03:13 <DIR> d-------- C:\Program Files\Analog Devices
2008-06-18 03:12 . 2000-03-29 08:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-06-18 03:12 . 2008-06-18 03:12 2,961 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-06-18 03:10 . 2005-02-22 21:05 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-06-18 03:10 . 2005-02-23 05:46 299,008 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-06-18 03:09 . 2008-06-17 22:09 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 03:09 . 2008-06-18 03:57 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-18 03:09 . 2008-06-18 03:11 <DIR> d-------- C:\Program Files\ATI Technologies
2008-06-18 03:07 . 2003-01-29 09:29 8,703 -r------- C:\WINDOWS\system32\drivers\EIO.sys
2008-06-18 03:05 . 2008-07-01 18:26 <DIR> d-------- C:\Documents and Settings\Jasmin
2008-06-18 03:01 . 2008-06-18 03:01 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-06-18 03:01 . 2008-06-18 03:01 <DIR> d--hs---- C:\Documents and Settings\NetworkService
2008-06-18 03:01 . 2008-07-01 22:21 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-06-18 01:31 . 2008-06-19 18:50 <DIR> d-------- C:\Program Files\Uniblue
2008-06-18 01:31 . 2008-06-19 18:50 <DIR> d-------- C:\Documents and Settings\Jasmin\Application Data\Uniblue
2008-06-18 00:53 . 2008-06-18 00:54 164 --a------ C:\install.dat
2008-06-17 23:24 . 2008-06-17 23:25 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-17 17:56 . 2008-06-17 17:57 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-06-17 17:52 . 2008-06-17 17:52 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-06-17 17:28 . 2008-06-17 17:28 <DIR> d-------- C:\Program Files\Comodo
2008-06-17 17:28 . 2008-06-17 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-06-17 17:28 . 2008-06-17 17:28 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-06-17 17:28 . 2008-06-17 17:28 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-06-17 17:28 . 2008-06-17 17:28 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-06-17 17:28 . 2008-06-17 17:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-06-17 17:28 . 2008-06-17 17:28 216,576 --a------ C:\WINDOWS\system32\monln.dll
2008-06-17 17:24 . 2008-06-17 17:24 <DIR> d-------- C:\Program Files\Codebox
2008-06-17 17:16 . 2008-06-17 17:47 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-17 17:16 . 2005-02-25 05:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-17 17:12 . 2008-06-17 17:12 <DIR> d-------- C:\Program Files\GRETECH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 16:23 2,638,848 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-06-23 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-18 01:58 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-06-18 00:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-17 17:36 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-17 17:36 --------- d-----w C:\Program Files\Windows Live
2008-06-17 17:33 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-06-17 17:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 17:32 --------- d-----w C:\Documents and Settings\Jasmin\Application Data\TuneUp Software
2008-06-17 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-06-17 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-19 13:33 4,445,184 ----a-w C:\WINDOWS\system32\msi.dll
2008-05-19 13:33 332,800 ----a-w C:\WINDOWS\system32\msihnd.dll
2008-05-19 13:33 18,944 ----a-w C:\WINDOWS\system32\msisip.dll
2008-05-19 08:57 95,744 ----a-w C:\WINDOWS\system32\msiexec.exe
2008-04-17 08:43 2,560 ----a-w C:\WINDOWS\system32\msimsg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
2008-04-17 09:44 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 20:34 5724184]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 12:22 1923352]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 09:50 9442584]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2006-12-06 15:00 516608]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 09:50 1424648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 21:05 339968]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 17:57 143360]
"ACU"="C:\Program Files\WLAN\ACU.exe" [2006-01-06 01:47 303104]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 08:11 919016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
"avgnt"="D:\Program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bitmeter2.lnk - C:\Program Files\Codebox\BitMeter\BitMeter2.exe [2006-02-11 17:35:08 1359872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2006-11-30 10:05]
R3 AR5523;WLAN USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-06 01:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e57bb4e5-3c8f-11dd-a300-806d6172696f}]
\Shell\AutoRun\command - E:\Bin\asusqfe.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 15:15:56 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-06-29 16:50:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-19 16:50:48 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-29 16:37:04 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-06-21 22:31:16 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{18C6BA00-F4CC-4CEF-84EE-0BF530C0D45C} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll
BHO-{71C53EE1-BCD9-46C4-84FA-85933AF96873} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll
BHO-{B2BAC412-99EC-471A-BD37-63C2327C97A3} - C:\WINDOWS\system32\ruwfciim.dll
BHO-{C9F315B0-F86C-40B8-B593-CF21C81EE1C6} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll
BHO-{CCEA4202-06DC-4552-AA26-CA6D7E36E30F} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll
BHO-{D81C6A1E-82B2-4E92-9CE9-9533155834D8} - C:\DOCUME~1\Jasmin\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8R21WZYJ\3077ahntdksr[1].dll
HKLM-Run-8cf8a9f2 - C:\WINDOWS\system32\nnhojuvd.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-02 00:01:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\acs.exe
D:\Program files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\SoftwareDistribution\Download\07fc28da31fb67510471389f08fbbe93\update\update.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-02 0:07:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-01 22:07:39

Pre-Run: 23,207,968,768 bytes free
Post-Run: 23,095,652,352 bytes free

225 --- E O F --- 2008-06-17 15:16:07

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\tutgfppp.dll
C:\WINDOWS\system32\ixhfrpcc.dll
C:\WINDOWS\system32\oqgnfykb.dll
C:\WINDOWS\system32\epgjsdbe.dll


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 13 Maj 2007
  • Poruke: 163
  • Gde živiš: Gracanica

evo ga :


ComboFix 08-06-30.2 - Jasmin 2008-07-02 18:51:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.173 [GMT 2:00]
Running from: C:\Documents and Settings\Jasmin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jasmin\Desktop\CFScript.txt

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Logfile nije kompletan. Priloži ga uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 13 Maj 2007
  • Poruke: 163
  • Gde živiš: Gracanica

koliko sam ja shvatio,ovo si trazio Smile


mycity.rs/must-login.png

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

offline
  • Pridružio: 13 Maj 2007
  • Poruke: 163
  • Gde živiš: Gracanica

uradio sam,hvala ti puno Wink

Ko je trenutno na forumu
 

Ukupno su 893 korisnika na forumu :: 60 registrovanih, 7 sakrivenih i 826 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 5rovic, aljosa7, Apok, aramis s, attila.jukicburai, axa, burekbrigada, cvrle312, Dimitrise93, djboj, Dragan Mačak Damljanović, dragisa dragisa, drgnk, Dukelander, Dusko Nikolin, ivica976, kostolac, Kubovac, lojola, maks l 5735, MarKhan, Marko Marković2, Metanoja, MiG-29M2, mikrimaus2, Milan A. Nikolic, milijarder, miodrag, Miskohd, mushroom, nemkea71, novator, operniki, ostoja2, Parker, pedja.st, pedjolino76, powSrb, reidmihajilo, repac2, rikirubio, RJ, Roman, SAA fan, sevenino, shaja1, Sr.Stat., srecko81, theNedjeljko, Toni, trajkoni018, Viceroy2, Vieri, VJ, VP3987, vukdra, wizzardone, yrraf, zoidbergs, Zori2