virus gasi Windows Explorer

virus gasi Windows Explorer

offline
  • sense 
  • Novi MyCity građanin
  • Pridružio: 28 Jun 2008
  • Poruke: 13

upao mi je virus juce kada sam skidao neki screensaver (nod je prijavio nesto dole ali nisam imao opciju da obrisem taj virus odmah), i od tada mi se nakon nekog vremena gasi windows explorer, nekada na svakih 10 sec. nekada nakon malo duzeg vremena?

Sta da radim ? Sad

Dopuna: 29 Jun 2008 2:26

i kada god otvorim neki program , windows explorer se restartuje ili skroz ugasi.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


Isprati uputstvo za postavljanje HijackThis loga:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • sense 
  • Novi MyCity građanin
  • Pridružio: 28 Jun 2008
  • Poruke: 13

Logfile of HijackThis v1.99.1
Scan saved at 10:15:50, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Terminator\Quick TV\Scheduled.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svuhost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Sasa\Desktop\abv\TR3.exe.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.babylon.com/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E02BBA0-1CA1-4697-96BA-67FBAAD52CFE} - C:\WINDOWS\system32\mlJDsQHx.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {76ED0E32-FF6C-4D20-A777-F83353F87C26} - C:\WINDOWS\system32\efcDVnNH.dll
O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {FE27E908-4C06-4BAE-88A0-655D0CE752CB} - C:\WINDOWS\system32\rqRIbxvU.dll
O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Quick TV Agent] C:\Program Files\Terminator\Quick TV\Scheduled.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Microsoft Windows Sound] svuhost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svuhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqRIbxvU - C:\WINDOWS\SYSTEM32\rqRIbxvU.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

to je to.

koristim SP2 , imam 512/256 net kablovski.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Upload-uj file: C:\WINDOWS\system32\svuhost.exe (obrati pažnju; u pitanju je svuhost a ne svchost)

preko ovog linka: http://www.mycity.rs/ambulanta-upload.php


-------------------------------------------------------------------------------------



Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • sense 
  • Novi MyCity građanin
  • Pridružio: 28 Jun 2008
  • Poruke: 13

uploadivao sam fajl.

evo loga:

ComboFix 08-06-20.4 - Sasa 2008-06-29 15:43:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.214 [GMT 2:00]
Running from: C:\Documents and Settings\Sasa\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 38
The syntax of the command is incorrect.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\efcDVnNH.dll
C:\WINDOWS\system32\HNnVDcfe.ini
C:\WINDOWS\system32\HNnVDcfe.ini2
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-27 23:42 . 2008-06-27 23:42 95 --a------ C:\WINDOWS\wininit.ini
2008-06-27 22:57 . 2008-06-27 22:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-27 21:58 . 2008-06-27 21:58 319,488 --a------ C:\WINDOWS\system32\mlJDsQHx.dll_old
2008-06-27 21:53 . 2008-06-27 21:53 25,600 --a------ C:\WINDOWS\system32\rqRIbxvU.dll
2008-06-27 11:12 . 2008-06-28 02:04 <DIR> d-------- C:\Program Files\Garena
2008-06-26 16:12 . 2008-06-26 16:12 37,004 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-25 15:48 . 2008-06-25 15:48 69 --a------ C:\WINDOWS\cdplayer.ini
2008-06-20 16:48 . 2008-06-25 11:13 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-17 12:09 . 2008-06-17 12:09 1,961 --a------ C:\WINDOWS\ST5UNST.003
2008-06-17 12:08 . 2008-06-17 12:08 1,961 --a------ C:\WINDOWS\ST5UNST.002
2008-06-17 12:07 . 2008-06-17 12:07 1,961 --a------ C:\WINDOWS\ST5UNST.001
2008-06-17 07:46 . 1999-09-28 18:42 1,050,896 --a------ C:\WINDOWS\system32\MSJet35.dll
2008-06-17 07:46 . 1999-08-25 11:57 415,504 --a------ C:\WINDOWS\system32\MsRepl35.dll
2008-06-17 07:46 . 1998-04-24 00:00 252,176 --a------ C:\WINDOWS\system32\MSRD2x35.dll
2008-06-17 07:46 . 1998-04-24 00:00 123,664 --a------ C:\WINDOWS\system32\MSJInt35.dll
2008-06-17 07:46 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.dll
2008-06-17 07:46 . 1997-01-16 00:00 75,536 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-06-17 07:46 . 1998-05-31 00:00 72,704 --a------ C:\WINDOWS\system32\ODBCTL32.dll
2008-06-17 07:45 . 1998-04-24 00:00 24,848 --a------ C:\WINDOWS\system32\MSJtEr35.dll
2008-06-17 07:45 . 2008-06-17 07:47 4,805 --a------ C:\WINDOWS\ST5UNST.000
2008-06-15 21:28 . 2008-06-15 21:28 <DIR> d-------- C:\Program Files\Common Files\Autodata Limited Shared
2008-06-15 21:04 . 2008-06-15 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodata Limited
2008-06-14 21:45 . 2008-06-14 21:45 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-14 21:45 . 2008-06-14 21:45 <DIR> d-------- C:\Program Files\Ahead
2008-06-14 12:44 . 2004-08-04 14:00 1,376 --a------ C:\WINDOWS\system32\comctl29q.ocx
2008-06-13 12:57 . 2008-06-13 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-06-08 13:37 . 2008-06-27 10:59 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-08 13:37 . 2008-06-08 13:37 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\PC Tools
2008-06-08 13:37 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-08 13:37 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-08 13:37 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-08 13:37 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-07 22:29 . 2008-06-27 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 22:17 . 2008-06-06 22:17 <DIR> d-------- C:\Program Files\Philips Semiconductors
2008-06-05 22:22 . 2008-06-05 22:22 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\MEGAUPLOADTOOLBAR
2008-06-05 22:22 . 2008-06-05 22:22 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\Locktime
2008-06-05 22:22 . 2008-06-05 22:22 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\DivX
2008-06-05 22:21 . 2008-06-05 22:21 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\Nero
2008-06-05 22:21 . 2008-06-27 22:42 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\Babylon
2008-06-05 13:45 . 2008-06-05 13:45 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-06-05 13:45 . 2008-06-05 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-06-04 19:36 . 2008-06-04 19:36 <DIR> d-------- C:\Program Files\AskSBar
2008-06-04 19:36 . 2008-06-04 19:36 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-06-04 19:35 . 2008-06-04 21:25 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\Comodo
2008-06-04 09:02 . 2008-06-04 09:02 <DIR> d-------- C:\Program Files\Display Tuner
2008-06-04 09:02 . 2008-04-09 10:48 10,240 --a------ C:\WINDOWS\system32\drivers\ddcdrv.sys
2008-06-01 12:59 . 1999-06-25 10:55 149,504 --a------ C:\WINDOWS\UNWISE.EXE
2008-05-30 13:15 . 2008-05-30 13:15 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\Locktime
2008-05-30 13:13 . 2008-06-05 10:15 <DIR> d-------- C:\Program Files\NetLimiter 2 Pro
2008-05-30 13:13 . 2008-05-30 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-05-30 11:54 . 2008-06-26 02:29 <DIR> d-------- C:\Program Files\Soulseek
2008-05-30 11:52 . 2008-05-30 11:53 <DIR> d-------- C:\Program Files\Ares

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 13:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-29 13:41 --------- d-----w C:\Documents and Settings\Sasa\Application Data\uTorrent
2008-06-29 13:41 --------- d-----w C:\Documents and Settings\Sasa\Application Data\mIRC
2008-06-29 09:25 --------- d-----w C:\Program Files\mIRC
2008-06-27 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-06-27 19:53 7 ----a-w C:\WINDOWS\Fonts\1.txt
2008-06-27 19:53 33,280 ------w C:\WINDOWS\Fonts\is157454.exe
2008-06-27 16:14 --------- d-----w C:\Program Files\Valve
2008-06-27 13:09 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Skype
2008-06-27 12:28 --------- d-----w C:\Documents and Settings\Sasa\Application Data\skypePM
2008-06-27 09:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-26 09:52 --------- d-----w C:\Program Files\sXe Injected
2008-06-26 00:34 --------- d-----w C:\Documents and Settings\Sasa\Application Data\LimeWire
2008-06-23 11:23 --------- d-----w C:\Program Files\Warcraft III
2008-06-23 08:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-06-19 11:14 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-19 11:13 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-13 20:09 --------- d-----w C:\Program Files\Opera
2008-06-13 10:57 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-06-13 10:57 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-06-13 10:38 --------- d-----w C:\Program Files\Zoom Player
2008-06-11 18:43 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Babylon
2008-06-10 20:18 --------- d-----w C:\Documents and Settings\Sasa\Application Data\MyPhoneExplorer
2008-06-09 20:02 --------- d-----w C:\Program Files\ACD Systems
2008-06-09 19:29 --------- d-----w C:\Documents and Settings\Sasa\Application Data\gtk-2.0
2008-06-08 11:32 --------- d-----w C:\Program Files\DVBPortal
2008-06-06 08:33 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Winamp
2008-06-04 17:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 12:44 --------- d-----w C:\Program Files\Hard Disk Sentinel
2008-06-01 17:17 --------- d-----w C:\Program Files\AIMP2
2008-05-29 20:33 --------- d-----w C:\Program Files\Fraps
2008-05-28 21:35 --------- d-----w C:\Program Files\Google
2008-05-27 20:06 --------- d-----w C:\Program Files\ElcomSoft
2008-05-25 06:50 --------- d-----w C:\Program Files\Dream Aquarium
2008-05-22 15:57 20 ----a-w C:\sccfg.sys
2008-05-22 10:22 --------- d-----w C:\Program Files\Achilles-Script 3.7
2008-05-21 11:46 --------- d-----w C:\Program Files\Solveig Multimedia
2008-05-21 11:46 --------- d-----w C:\Program Files\Common Files\Solveig Multimedia
2008-05-21 11:46 --------- d-----w C:\Program Files\Common Files\Elecard
2008-05-19 13:30 --------- d-----w C:\Program Files\The KMPlayer
2008-05-19 08:11 --------- d-----w C:\Program Files\Babylon
2008-05-17 14:38 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Nero
2008-05-17 14:37 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-17 14:35 --------- d-----w C:\Program Files\Nero
2008-05-17 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-17 07:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
2008-05-16 18:50 89,600 ----a-w C:\WINDOWS\system32\atl71.dll
2008-05-16 18:50 503,808 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-16 18:50 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-16 18:50 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
2008-05-16 18:50 1,053,184 ----a-w C:\WINDOWS\system32\mfc71u.dll
2008-05-16 11:41 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-05-16 11:41 --------- d-----w C:\Program Files\MSECACHE
2008-05-12 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\BlazeVideo
2008-05-07 09:07 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-07 09:07 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-05-06 19:29 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-06 17:13 --------- d-----w C:\Program Files\Activision
2008-05-06 17:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-06 09:21 --------- d-----w C:\Program Files\X-Fusions Wallpaper
2008-05-06 09:19 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-05-06 09:19 1,388,544 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2008-05-05 18:56 --------- d-----w C:\Program Files\SHOUTcast Source
2008-05-05 18:24 --------- d-----w C:\Program Files\Unlocker
2008-05-05 08:37 --------- d-----w C:\Documents and Settings\Nino\Application Data\HP
2008-04-28 06:52 2,121,235 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-04-18 17:15 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-02-25 18:10 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-06 12:29 88 --sha-r C:\WINDOWS\system32\E6FF164BA3.sys
2004-08-04 12:00 946,176 --sha-r C:\WINDOWS\system32\svuhost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D0880C3-CDC3-4505-B9E4-30A25D3B1792}]
2008-06-29 15:54 319488 --a------ C:\WINDOWS\system32\vtUMEWmJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E02BBA0-1CA1-4697-96BA-67FBAAD52CFE}]
C:\WINDOWS\system32\mlJDsQHx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE27E908-4C06-4BAE-88A0-655D0CE752CB}]
2008-06-27 21:53 25600 --a------ C:\WINDOWS\system32\rqRIbxvU.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 17:58 217544]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 11:01 68096 C:\WINDOWS\SOUNDMAN.EXE]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 05:15 83968]
"Quick TV Agent"="C:\Program Files\Terminator\Quick TV\Scheduled.exe" [2004-10-11 11:46 740352]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 09:21 1443072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-28 21:27 185896]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-05-19 10:12 3551456]
"Microsoft Windows Sound"="svuhost.exe" [2004-08-04 14:00 946176 C:\WINDOWS\system32\svuhost.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Windows Sound"="svuhost.exe" [2004-08-04 14:00 946176 C:\WINDOWS\system32\svuhost.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 14:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
TV Remote Control.lnk - C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe [2008-01-05 18:02:51 57344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FE27E908-4C06-4BAE-88A0-655D0CE752CB}"= C:\WINDOWS\system32\rqRIbxvU.dll [2008-06-27 21:53 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIbxvU]
rqRIbxvU.dll 2008-06-27 21:53 25600 C:\WINDOWS\system32\rqRIbxvU.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtUMEWmJ

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hard Disk Sentinel]
--a------ 2008-05-22 12:47 3264000 C:\Program Files\Hard Disk Sentinel\HDSentinel.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"ares"="C:\Program Files\Ares\Ares.exe" -h
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Hard Disk Sentinel"="C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"D:\\ApexDC++\\ApexDC.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Garena\\Garena.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55380:TCP"= 55380:TCP:tshack

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 09:21]
R1 hmonitor;hmonitor;C:\WINDOWS\system32\drivers\hmonitor.sys [2007-06-21 12:42]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\WINDOWS\system32\drivers\DDCDrv.sys [2008-04-09 10:48]
R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-20 09:34]
R3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys [2002-05-14 13:05]
R3 ZSMC302;PC CAM 300A;C:\WINDOWS\system32\Drivers\usbvm302.sys [2002-11-01 19:43]
S3 NPF;Netgroup Packet Filter;C:\WINDOWS\system32\drivers\npf.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-07 11:07]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 15:18:14 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-06-29 15:50:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\rqRIbxvU.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-06-29 15:57:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 13:57:36

Pre-Run: 25,849,765,888 bytes free
Post-Run: 25,834,692,608 bytes free

311






kada mi je combo restartovao, kada sam se ulogovao rekao mi je da svuhost nije startovan ili tako nesto zato sto nema nekog packet dll file-a

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:


File::
C:\WINDOWS\system32\mlJDsQHx.dll_old
C:\WINDOWS\system32\rqRIbxvU.dll
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\Fonts\1.txt
C:\WINDOWS\Fonts\is157454.exe
C:\WINDOWS\system32\svuhost.exe
C:\WINDOWS\system32\vtUMEWmJ.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D0880C3-CDC3-4505-B9E4-30A25D3B1792}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E02BBA0-1CA1-4697-96BA-67FBAAD52CFE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE27E908-4C06-4BAE-88A0-655D0CE752CB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows Sound"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Windows Sound"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIbxvU]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • sense 
  • Novi MyCity građanin
  • Pridružio: 28 Jun 2008
  • Poruke: 13

uradio sam.

evo loga



ComboFix 08-06-20.4 - Sasa 2008-06-29 17:21:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.165 [GMT 2:00]
Running from: C:\Documents and Settings\Sasa\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sasa\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\Fonts\1.txt
C:\WINDOWS\Fonts\is157454.exe
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\mlJDsQHx.dll_old
C:\WINDOWS\system32\rqRIbxvU.dll
C:\WINDOWS\system32\svuhost.exe
C:\WINDOWS\system32\vtUMEWmJ.dll
.
/wow section - STAGE 38
pv: No matching processes found
The syntax of the command is incorrect.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\1.txt
C:\WINDOWS\Fonts\is157454.exe
C:\WINDOWS\system32\JmWEMUtv.ini
C:\WINDOWS\system32\JmWEMUtv.ini2
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\mlJDsQHx.dll_old
C:\WINDOWS\system32\rqRIbxvU.dll
C:\WINDOWS\system32\svuhost.exe
C:\WINDOWS\system32\vtUMEWmJ.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-27 23:42 . 2008-06-27 23:42 95 --a------ C:\WINDOWS\wininit.ini
2008-06-27 22:57 . 2008-06-27 22:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-27 11:12 . 2008-06-28 02:04 <DIR> d-------- C:\Program Files\Garena
2008-06-25 15:48 . 2008-06-25 15:48 69 --a------ C:\WINDOWS\cdplayer.ini
2008-06-20 16:48 . 2008-06-25 11:13 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-17 12:09 . 2008-06-17 12:09 1,961 --a------ C:\WINDOWS\ST5UNST.003
2008-06-17 12:08 . 2008-06-17 12:08 1,961 --a------ C:\WINDOWS\ST5UNST.002
2008-06-17 12:07 . 2008-06-17 12:07 1,961 --a------ C:\WINDOWS\ST5UNST.001
2008-06-17 07:46 . 1999-09-28 18:42 1,050,896 --a------ C:\WINDOWS\system32\MSJet35.dll
2008-06-17 07:46 . 1999-08-25 11:57 415,504 --a------ C:\WINDOWS\system32\MsRepl35.dll
2008-06-17 07:46 . 1998-04-24 00:00 252,176 --a------ C:\WINDOWS\system32\MSRD2x35.dll
2008-06-17 07:46 . 1998-04-24 00:00 123,664 --a------ C:\WINDOWS\system32\MSJInt35.dll
2008-06-17 07:46 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.dll
2008-06-17 07:46 . 1997-01-16 00:00 75,536 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-06-17 07:46 . 1998-05-31 00:00 72,704 --a------ C:\WINDOWS\system32\ODBCTL32.dll
2008-06-17 07:45 . 1998-04-24 00:00 24,848 --a------ C:\WINDOWS\system32\MSJtEr35.dll
2008-06-17 07:45 . 2008-06-17 07:47 4,805 --a------ C:\WINDOWS\ST5UNST.000
2008-06-15 21:28 . 2008-06-15 21:28 <DIR> d-------- C:\Program Files\Common Files\Autodata Limited Shared
2008-06-15 21:04 . 2008-06-15 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodata Limited
2008-06-14 21:45 . 2008-06-14 21:45 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-14 21:45 . 2008-06-14 21:45 <DIR> d-------- C:\Program Files\Ahead
2008-06-14 12:44 . 2004-08-04 14:00 1,376 --a------ C:\WINDOWS\system32\comctl29q.ocx
2008-06-13 12:57 . 2008-06-13 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-06-08 13:37 . 2008-06-27 10:59 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-08 13:37 . 2008-06-08 13:37 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\PC Tools
2008-06-08 13:37 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-08 13:37 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-08 13:37 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-08 13:37 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-07 22:29 . 2008-06-27 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 22:17 . 2008-06-06 22:17 <DIR> d-------- C:\Program Files\Philips Semiconductors
2008-06-05 22:22 . 2008-06-05 22:22 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\MEGAUPLOADTOOLBAR
2008-06-05 22:22 . 2008-06-05 22:22 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\Locktime
2008-06-05 22:22 . 2008-06-05 22:22 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\DivX
2008-06-05 22:21 . 2008-06-05 22:21 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\Nero
2008-06-05 22:21 . 2008-06-27 22:42 <DIR> d-------- C:\Documents and Settings\Nino\Application Data\Babylon
2008-06-05 13:45 . 2008-06-05 13:45 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-06-05 13:45 . 2008-06-05 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-06-04 19:36 . 2008-06-04 19:36 <DIR> d-------- C:\Program Files\AskSBar
2008-06-04 19:36 . 2008-06-04 19:36 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-06-04 19:35 . 2008-06-04 21:25 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\Comodo
2008-06-04 09:02 . 2008-06-04 09:02 <DIR> d-------- C:\Program Files\Display Tuner
2008-06-04 09:02 . 2008-04-09 10:48 10,240 --a------ C:\WINDOWS\system32\drivers\ddcdrv.sys
2008-06-01 12:59 . 1999-06-25 10:55 149,504 --a------ C:\WINDOWS\UNWISE.EXE
2008-05-30 13:15 . 2008-05-30 13:15 <DIR> d-------- C:\Documents and Settings\Sasa\Application Data\Locktime
2008-05-30 13:13 . 2008-06-05 10:15 <DIR> d-------- C:\Program Files\NetLimiter 2 Pro
2008-05-30 13:13 . 2008-05-30 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-05-30 11:54 . 2008-06-26 02:29 <DIR> d-------- C:\Program Files\Soulseek
2008-05-30 11:52 . 2008-05-30 11:53 <DIR> d-------- C:\Program Files\Ares

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 15:26 --------- d-----w C:\Documents and Settings\Sasa\Application Data\uTorrent
2008-06-29 13:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-29 13:41 --------- d-----w C:\Documents and Settings\Sasa\Application Data\mIRC
2008-06-29 09:25 --------- d-----w C:\Program Files\mIRC
2008-06-27 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-06-27 16:14 --------- d-----w C:\Program Files\Valve
2008-06-27 13:09 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Skype
2008-06-27 12:28 --------- d-----w C:\Documents and Settings\Sasa\Application Data\skypePM
2008-06-27 09:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-26 09:52 --------- d-----w C:\Program Files\sXe Injected
2008-06-26 00:34 --------- d-----w C:\Documents and Settings\Sasa\Application Data\LimeWire
2008-06-23 11:23 --------- d-----w C:\Program Files\Warcraft III
2008-06-23 08:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-06-19 11:14 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-19 11:13 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-13 20:09 --------- d-----w C:\Program Files\Opera
2008-06-13 10:57 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-06-13 10:57 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-06-13 10:38 --------- d-----w C:\Program Files\Zoom Player
2008-06-11 18:43 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Babylon
2008-06-10 20:18 --------- d-----w C:\Documents and Settings\Sasa\Application Data\MyPhoneExplorer
2008-06-09 20:02 --------- d-----w C:\Program Files\ACD Systems
2008-06-09 19:29 --------- d-----w C:\Documents and Settings\Sasa\Application Data\gtk-2.0
2008-06-08 11:32 --------- d-----w C:\Program Files\DVBPortal
2008-06-06 08:33 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Winamp
2008-06-04 17:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 12:44 --------- d-----w C:\Program Files\Hard Disk Sentinel
2008-06-01 17:17 --------- d-----w C:\Program Files\AIMP2
2008-05-29 20:33 --------- d-----w C:\Program Files\Fraps
2008-05-28 21:35 --------- d-----w C:\Program Files\Google
2008-05-27 20:06 --------- d-----w C:\Program Files\ElcomSoft
2008-05-25 06:50 --------- d-----w C:\Program Files\Dream Aquarium
2008-05-22 15:57 20 ----a-w C:\sccfg.sys
2008-05-22 10:22 --------- d-----w C:\Program Files\Achilles-Script 3.7
2008-05-21 11:46 --------- d-----w C:\Program Files\Solveig Multimedia
2008-05-21 11:46 --------- d-----w C:\Program Files\Common Files\Solveig Multimedia
2008-05-21 11:46 --------- d-----w C:\Program Files\Common Files\Elecard
2008-05-19 13:30 --------- d-----w C:\Program Files\The KMPlayer
2008-05-19 08:11 --------- d-----w C:\Program Files\Babylon
2008-05-17 14:38 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Nero
2008-05-17 14:37 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-17 14:35 --------- d-----w C:\Program Files\Nero
2008-05-17 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-17 07:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
2008-05-16 18:50 89,600 ----a-w C:\WINDOWS\system32\atl71.dll
2008-05-16 18:50 503,808 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-16 18:50 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-16 18:50 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
2008-05-16 18:50 1,053,184 ----a-w C:\WINDOWS\system32\mfc71u.dll
2008-05-16 11:41 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-05-16 11:41 --------- d-----w C:\Program Files\MSECACHE
2008-05-12 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\BlazeVideo
2008-05-07 09:07 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-07 09:07 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-05-06 19:29 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-06 17:13 --------- d-----w C:\Program Files\Activision
2008-05-06 17:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-06 09:21 --------- d-----w C:\Program Files\X-Fusions Wallpaper
2008-05-06 09:19 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-05-06 09:19 1,388,544 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2008-05-05 18:56 --------- d-----w C:\Program Files\SHOUTcast Source
2008-05-05 18:24 --------- d-----w C:\Program Files\Unlocker
2008-05-05 08:37 --------- d-----w C:\Documents and Settings\Nino\Application Data\HP
2008-04-28 06:52 2,121,235 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-04-18 17:15 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-02-25 18:10 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-06 12:29 88 --sha-r C:\WINDOWS\system32\E6FF164BA3.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-29_15.57.08.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 13:49:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 15:28:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-29 13:50:06 16,384 ----a-w C:\WINDOWS\Temp\Cookies\index.dat
+ 2008-06-29 15:29:23 16,384 ----a-w C:\WINDOWS\Temp\Cookies\index.dat
- 2008-06-29 13:50:36 32,768 ----a-w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-06-29 15:29:23 16,384 ----a-w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-06-29 15:29:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_768.dat
- 2008-06-29 13:50:12 32,768 ----a-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-29 15:29:31 32,768 ----a-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 17:58 217544]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 11:01 68096 C:\WINDOWS\SOUNDMAN.EXE]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 05:15 83968]
"Quick TV Agent"="C:\Program Files\Terminator\Quick TV\Scheduled.exe" [2004-10-11 11:46 740352]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 09:21 1443072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-28 21:27 185896]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-05-19 10:12 3551456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 14:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
TV Remote Control.lnk - C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe [2008-01-05 18:02:51 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hard Disk Sentinel]
--a------ 2008-05-22 12:47 3264000 C:\Program Files\Hard Disk Sentinel\HDSentinel.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"ares"="C:\Program Files\Ares\Ares.exe" -h
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Hard Disk Sentinel"="C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"D:\\ApexDC++\\ApexDC.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Garena\\Garena.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55380:TCP"= 55380:TCP:tshack

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 09:21]
R1 hmonitor;hmonitor;C:\WINDOWS\system32\drivers\hmonitor.sys [2007-06-21 12:42]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\WINDOWS\system32\drivers\DDCDrv.sys [2008-04-09 10:48]
R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-20 09:34]
R3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys [2002-05-14 13:05]
R3 ZSMC302;PC CAM 300A;C:\WINDOWS\system32\Drivers\usbvm302.sys [2002-11-01 19:43]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-07 11:07]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 15:18:14 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-06-29 17:29:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-06-29 17:39:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 15:39:01
ComboFix2.txt 2008-06-29 13:57:51

Pre-Run: 25,796,198,400 bytes free
Post-Run: 25,783,619,584 bytes free

314

Dopuna: 29 Jun 2008 18:18

ne desava mi se vise ovaj problem Smile

hvala ti puno car si! Smile

da li treba jos nesto da uradim?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

offline
  • sense 
  • Novi MyCity građanin
  • Pridružio: 28 Jun 2008
  • Poruke: 13

uradjeno sve sto si mi rekao Smile

jos jednom veliko hvala za svu pomoc.

Pozdrav

Ko je trenutno na forumu
 

Ukupno su 805 korisnika na forumu :: 38 registrovanih, 3 sakrivenih i 764 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., amaterSRB, babaroga, Boris90, BSD, Cirkon, darkangel, Denox, djordje92sm, doloress, draggan, dragonserbia, Faki-Valjevo, Filip Marinković, generalGerilac, Georgius, hazmaju, HrcAk47, Korisnik038, Krusarac, kybonacci, Marko Marković, MB120mm, mean_machine, MegaVLAdaR, mercedesamg, moldway, NoOneEver Dreams, RJ, sakota79, Sale.S, Singidunumac, stegonosa, Toni, vargas, Viceroy, vlvl