Desktop ikone mi nestaju

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Molim vas za pomoc. Naime kad ukljucim racunar windows se ucita i nakon 10-20 sekundi ikonice i taskbar nestanu pa se vrate, pa opet nestanu i posle par minuta ostane samo cist desktop bez mogucnosti da ga iskljucim ili restarujem. NOD32 je skenirao ali ne nalazi nista.
Pokusala sam da odradim Hijackthis ali ne mogu da pronadjem gde je smestio log file( posle skeniranja program se sam iskljuci).
Hvala vam unapred.

Dopuna: 11 Jun 2008 14:41

Evo uspela sam
Logfile of HijackThis v1.99.0
Scan saved at 14:38:23, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Invisible Browsing\servers\IBService.exe
C:\Program Files\Invisible Browsing\servers\Socks\IBSocksManager.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Invisible Browsing\servers\Socks\IBSocks.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Invisible Browsing\servers\Http\ibhttp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
D:\Programi\HT.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\imapi.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {3CA60057-9277-49C0-8D64-280DBAD9C3E1} - C:\WINDOWS\system32\vtUnKcaX.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {C55CF083-33A7-4F50-A566-AFE95403DA45} - C:\WINDOWS\system32\ljJYPjkI.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD517ABD-117C-4685-9C80-1646124580FE}: NameServer = 80.74.160.12 80.74.160.38
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBService - Unknown - C:\Program Files\Invisible Browsing\servers\IBService.exe
O23 - Service: NOD32 Kernel Service - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework - Unknown - hex(2): ~~ (file missing)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav,

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

Zatim skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo ga:

ComboFix 08-06-10.5 - XPPRESP3 2008-06-11 16:06:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.227 [GMT 2:00]
Running from: C:\Documents and Settings\XPPRESP3\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\IkjPYJjl.ini
C:\WINDOWS\system32\IkjPYJjl.ini2
C:\WINDOWS\system32\ljJYPjkI.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msssc.dll
C:\WINDOWS\system32\pskill.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-11 14:52 . 2008-06-11 14:52 <DIR> d-------- C:\Program Files\AdwareSpywareScannerDeleter
2008-06-10 23:35 . 2008-06-10 23:35 33,792 --a------ C:\WINDOWS\system32\vtUnKcaX.dll
2008-06-10 23:35 . 2008-06-10 23:35 30,720 --a------ C:\WINDOWS\system32\winccf32.dll
2008-06-09 18:46 . 2008-06-09 18:46 <DIR> d-------- C:\WINDOWS\$regcmp$
2008-06-08 19:50 . 2008-06-08 19:50 137,344 --a------ C:\WINDOWS\system32\drivers\hwpsgt.sys
2008-06-08 19:50 . 2008-06-08 19:50 9,472 --a------ C:\WINDOWS\system32\drivers\lemsgt.sys
2008-06-08 13:30 . 2008-06-08 13:30 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Sega
2008-06-08 12:48 . 2008-06-08 13:10 <DIR> d-------- C:\Program Files\WinUHA
2008-06-07 23:23 . 2008-06-07 23:23 234 --a------ C:\WINDOWS\Pokemon.ini
2008-06-07 21:07 . 2008-06-10 12:27 <DIR> d-------- C:\Program Files\ChickenInvadersROTYXmas
2008-06-07 15:45 . 2008-06-07 15:45 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\URSoft
2008-06-07 14:40 . 2008-06-07 14:40 <DIR> d-------- C:\Program Files\MagicDisc
2008-06-07 14:40 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-06-07 14:24 . 2008-06-07 15:24 290 --a------ C:\WINDOWS\SONIC.INI
2008-06-07 14:16 . 2008-06-07 14:16 <DIR> d-------- C:\Program Files\MagicISO
2008-06-07 13:56 . 2008-06-07 13:56 <DIR> d-------- C:\WINDOWS\Easy Rapidshare Points
2008-06-07 13:19 . 2008-06-11 13:22 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-06 11:55 . 2008-06-06 11:55 <DIR> d-------- C:\Program Files\Invisible Browsing
2008-06-06 11:55 . 2008-06-06 11:55 68 --a------ C:\WINDOWS\MyProg.ini
2008-06-03 18:35 . 2008-06-07 14:02 <DIR> d-------- C:\Program Files\JLC's Software
2008-06-03 18:35 . 2008-06-03 18:35 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\JLC's Software
2008-06-02 16:03 . 2008-06-02 16:03 <DIR> d-------- C:\Program Files\Vidalia Bundle
2008-06-02 16:03 . 2008-06-11 16:21 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Vidalia
2008-06-02 16:03 . 2008-06-11 16:21 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\tor
2008-06-01 22:09 . 2008-06-01 22:10 <DIR> d-------- C:\Program Files\MovieSpot
2008-05-31 22:48 . 2008-05-31 22:48 277 --a------ C:\WINDOWS\madagascar.ini
2008-05-29 15:37 . 2008-06-09 13:08 <DIR> d-------- C:\Games
2008-05-28 22:31 . 2008-05-28 22:31 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Disney Interactive Studios
2008-05-28 22:25 . 2008-05-28 22:25 <DIR> d-------- C:\Program Files\Disney Interactive Studios
2008-05-28 13:12 . 2008-05-28 13:12 <DIR> d-------- C:\WINDOWS\Sun
2008-05-23 22:23 . 2008-05-28 22:10 <DIR> d-------- C:\Program Files\Caesar III
2008-05-23 20:32 . 2008-05-24 11:48 <DIR> d-------- C:\Program Files\Star Defender 4
2008-05-23 20:24 . 2008-05-24 11:30 <DIR> d-------- C:\Program Files\Star Defender 3
2008-05-23 20:16 . 2008-05-23 20:23 <DIR> d-------- C:\Program Files\Star Defender 2
2008-05-23 19:36 . 2008-05-23 20:36 <DIR> d-------- C:\Program Files\Kennys Adventure
2008-05-23 19:34 . 2008-05-23 19:34 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-05-23 17:57 . 2008-06-11 08:39 <DIR> d-------- C:\Downloads
2008-05-23 17:53 . 2008-05-23 17:53 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-05-23 17:53 . 2008-06-11 10:35 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Orbit
2008-05-22 23:20 . 2008-05-22 23:20 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Ashampoo
2008-05-22 22:09 . 2008-05-31 22:47 <DIR> d-------- C:\Program Files\Activision
2008-05-22 10:02 . 2008-05-22 10:02 <DIR> d-------- C:\Program Files\FDRLab
2008-05-22 10:02 . 2008-05-22 10:02 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\FDRLab
2008-05-22 09:35 . 2008-05-22 15:14 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\OpenOffice.org2
2008-05-22 09:33 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-22 09:32 . 2008-05-25 11:00 <DIR> d-------- C:\Program Files\Java
2008-05-22 09:32 . 2008-05-22 09:32 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-22 09:30 . 2008-05-22 09:30 <DIR> d-------- C:\Program Files\oo
2008-05-21 15:37 . 2008-05-22 09:57 <DIR> d-------- C:\Program Files\AbiSuite2
2008-05-21 15:37 . 2008-05-21 15:37 <DIR> d-------- C:\Documents and Settings\XPPRESP3\AbiSuite
2008-05-21 15:06 . 2008-05-21 15:06 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-21 15:05 . 2008-05-21 15:06 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-21 15:05 . 2008-05-21 15:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-21 15:00 . 2008-05-21 15:00 <DIR> dr-h----- C:\MSOCache
2008-05-12 17:19 . 2008-05-28 22:24 382 --a------ C:\WINDOWS\disneysy.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 16:34 --------- d-----w C:\Program Files\HP
2008-06-09 16:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-09 16:33 --------- d-----w C:\Program Files\Disney Interactive
2008-05-29 08:48 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\AdobeUM
2008-05-28 20:11 --------- d-----w C:\Program Files\Rockstar Games
2008-05-22 13:34 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\XnView
2008-05-10 17:08 --------- d-----w C:\Program Files\FreeGamePick.com
2008-05-08 09:07 --------- d-----w C:\Program Files\Phime
2008-05-04 13:57 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Pirates of the Atlantic
2008-05-02 11:25 --------- d-----w C:\Program Files\Internet Jamb 2005
2008-04-27 12:33 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-04-25 19:43 --------- d-----w C:\Program Files\Registry Clean Expert
2008-04-25 19:43 --------- d-----w C:\Program Files\Innovative Solutions
2008-04-25 19:42 --------- d-----w C:\Program Files\Yahoo!
2008-04-25 19:42 --------- d-----w C:\Program Files\IObit
2008-04-25 19:42 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Yahoo!
2008-04-25 19:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-04-23 18:41 --------- d-----w C:\Program Files\Picasa2
2008-04-22 15:23 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Image Zone Express
2008-04-20 17:56 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-04-20 17:50 --------- d-----w C:\Program Files\Phenomedia
2008-04-20 17:28 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Winamp
2008-04-20 17:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks
2008-04-20 17:25 --------- d-----w C:\Program Files\Winamp
2008-04-20 17:19 --------- d-----w C:\Program Files\Winamp Toolbar
2008-04-20 17:19 --------- d-----w C:\Program Files\Winamp Remote
2008-04-20 17:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar
2008-04-20 17:11 --------- d-----w C:\Program Files\Dfx
2008-04-20 15:50 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\MusicIP
2008-04-19 09:38 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\TVU Networks
2008-04-17 19:07 --------- d-----w C:\Program Files\ESET
2008-04-13 20:06 --------- d-----w C:\Program Files\Google
2008-04-13 17:50 --------- d-----w C:\Program Files\AtomixMP3
2008-04-12 16:37 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Ahead
2008-04-12 09:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-07 18:10 298,104 ----a-w C:\WINDOWS\system32\imon.dll
.

------- Sigcheck -------

2007-08-08 18:28 360704 a11391be25035570ae4b8970920f2c74 C:\WINDOWS\system32\drivers\tcpip.sys

2007-08-29 16:33 2321792 37b69e310d2ef2cdef0a3207f7619cd7 C:\WINDOWS\system32\ntoskrnl.exe

2007-08-08 18:40 950784 396acc64ecec61d7b2f8b53151b37028 C:\WINDOWS\explorer.exe
2007-08-08 18:40 950784 396acc64ecec61d7b2f8b53151b37028 C:\WINDOWS\XPize\Backup\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CA60057-9277-49C0-8D64-280DBAD9C3E1}]
2008-06-10 23:35 33792 --a------ C:\WINDOWS\system32\vtUnKcaX.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 23:49 12889088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="C:\WINDOWS\VistaDrive\VistaDrive.exe" [2006-10-05 20:56 280779]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-19 12:27 65536]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-07 20:10 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 16:00 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-08 18:24 124928 C:\WINDOWS\system32\advpack.dll]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-07 23:33:44 1205840]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 16:30:54 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3CA60057-9277-49C0-8D64-280DBAD9C3E1}"= C:\WINDOWS\system32\vtUnKcaX.dll [2008-06-10 23:35 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUnKcaX]
vtUnKcaX.dll 2008-06-10 23:35 33792 C:\WINDOWS\system32\vtUnKcaX.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winccf32]
winccf32.dll 2008-06-10 23:35 30720 C:\WINDOWS\system32\winccf32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56179:TCP"= 56179:TCP:Pando P2P TCP Listening Port
"56179:UDP"= 56179:UDP:Pando P2P UDP Listening Port

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 11:22]
R1 as6eio;as6eio;C:\WINDOWS\system32\drivers\as6eio.SYS [1997-12-09 02:33]
R2 IBService;IBService;C:\Program Files\Invisible Browsing\servers\IBService.exe [2007-01-09 15:38]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 13:47]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 21:34]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 21:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ad6b5d1-34db-11dc-ad72-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-06-11 16:19:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [1464] 0x81F90B90

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\winccf32.dll
-> C:\WINDOWS\system32\vtUnKcaX.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Invisible Browsing\servers\socks\IBSocksManager.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Invisible Browsing\servers\socks\IBSocks.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Invisible Browsing\servers\Http\ibhttp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2008-06-11 16:22:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 14:22:46

Pre-Run: 6,032,113,664 bytes free
Post-Run: 5,986,570,240 bytes free

260

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Reci mi samo jednu stvar pre nego pustimo fix;
Da li si ti instalirala VistaDrive aplikaciju? Jel to beše onaj widget koji prikazuje drive na desktop-u?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ja mislim da mi je Vista drive instalirao momak koji mi popravlja komp. Posle ovog Comba nod je ocitao virus odnosno adware ":\WINDOWS\system32\vtUnKcaX.dll - Win32/Adware.Virtumonde application - deleted "
i upravo skenira komp.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sačekaj minut plz da odradimo ovo šta smo započeli. Posle skeniraj računar AV-om ako želiš ali veruj mi da ti je to sada suvišan korak.
Znači.. Prekini skeniranje računara i zaustavi zaštitu kao malopre što sam ti napisao. Zatim isprati ovo uputstvo dole;

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\vtUnKcaX.dll
C:\WINDOWS\system32\winccf32.dll

Folder::
C:\Program Files\AdwareSpywareScannerDeleter

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CA60057-9277-49C0-8D64-280DBAD9C3E1}]
[-HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3CA60057-9277-49C0-8D64-280DBAD9C3E1}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUnKcaX]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUnKcaX]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winccf32]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ad6b5d1-34db-11dc-ad72-806d6172696f}]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]

Driver::
WudfPf

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

----------

Tu aplikaciju "VistaDrive" mi pošalji na proveru preko ovog linka;
http://www.mycity.rs/ambulanta-upload.php

Fajl ćeš naći na ovoj putanji;
C:\WINDOWS\VistaDrive\VistaDrive.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-06-10.5 - XPPRESP3 2008-06-11 18:04:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.134 [GMT 2:00]
Running from: C:\Documents and Settings\XPPRESP3\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\XPPRESP3\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\vtUnKcaX.dll
C:\WINDOWS\system32\winccf32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AdwareSpywareScannerDeleter
C:\Program Files\AdwareSpywareScannerDeleter\AdSpyDeleter.exe
C:\Program Files\AdwareSpywareScannerDeleter\homepage.url
C:\Program Files\AdwareSpywareScannerDeleter\LICENSE.TXT
C:\Program Files\AdwareSpywareScannerDeleter\unins000.dat
C:\Program Files\AdwareSpywareScannerDeleter\unins000.exe
C:\WINDOWS\system32\PsvwDMoq.ini
C:\WINDOWS\system32\PsvwDMoq.ini2
C:\WINDOWS\system32\qoMDwvsP.dll
C:\WINDOWS\system32\vtUnKcaX.dll
C:\WINDOWS\system32\winccf32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_WudfPf


((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-09 18:46 . 2008-06-09 18:46 <DIR> d-------- C:\WINDOWS\$regcmp$
2008-06-08 19:50 . 2008-06-08 19:50 137,344 --a------ C:\WINDOWS\system32\drivers\hwpsgt.sys
2008-06-08 19:50 . 2008-06-08 19:50 9,472 --a------ C:\WINDOWS\system32\drivers\lemsgt.sys
2008-06-08 13:30 . 2008-06-08 13:30 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Sega
2008-06-08 12:48 . 2008-06-08 13:10 <DIR> d-------- C:\Program Files\WinUHA
2008-06-07 23:23 . 2008-06-07 23:23 234 --a------ C:\WINDOWS\Pokemon.ini
2008-06-07 21:07 . 2008-06-10 12:27 <DIR> d-------- C:\Program Files\ChickenInvadersROTYXmas
2008-06-07 15:45 . 2008-06-07 15:45 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\URSoft
2008-06-07 14:40 . 2008-06-07 14:40 <DIR> d-------- C:\Program Files\MagicDisc
2008-06-07 14:40 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-06-07 14:24 . 2008-06-07 15:24 290 --a------ C:\WINDOWS\SONIC.INI
2008-06-07 14:16 . 2008-06-07 14:16 <DIR> d-------- C:\Program Files\MagicISO
2008-06-07 13:56 . 2008-06-07 13:56 <DIR> d-------- C:\WINDOWS\Easy Rapidshare Points
2008-06-07 13:19 . 2008-06-11 13:22 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-06 11:55 . 2008-06-06 11:55 <DIR> d-------- C:\Program Files\Invisible Browsing
2008-06-06 11:55 . 2008-06-06 11:55 68 --a------ C:\WINDOWS\MyProg.ini
2008-06-03 18:35 . 2008-06-07 14:02 <DIR> d-------- C:\Program Files\JLC's Software
2008-06-03 18:35 . 2008-06-03 18:35 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\JLC's Software
2008-06-02 16:03 . 2008-06-02 16:03 <DIR> d-------- C:\Program Files\Vidalia Bundle
2008-06-02 16:03 . 2008-06-11 17:49 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Vidalia
2008-06-02 16:03 . 2008-06-11 18:13 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\tor
2008-06-01 22:09 . 2008-06-01 22:10 <DIR> d-------- C:\Program Files\MovieSpot
2008-05-31 22:48 . 2008-05-31 22:48 277 --a------ C:\WINDOWS\madagascar.ini
2008-05-29 15:37 . 2008-06-09 13:08 <DIR> d-------- C:\Games
2008-05-28 22:31 . 2008-05-28 22:31 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Disney Interactive Studios
2008-05-28 22:25 . 2008-05-28 22:25 <DIR> d-------- C:\Program Files\Disney Interactive Studios
2008-05-28 13:12 . 2008-05-28 13:12 <DIR> d-------- C:\WINDOWS\Sun
2008-05-23 22:23 . 2008-05-28 22:10 <DIR> d-------- C:\Program Files\Caesar III
2008-05-23 20:32 . 2008-05-24 11:48 <DIR> d-------- C:\Program Files\Star Defender 4
2008-05-23 20:24 . 2008-05-24 11:30 <DIR> d-------- C:\Program Files\Star Defender 3
2008-05-23 20:16 . 2008-05-23 20:23 <DIR> d-------- C:\Program Files\Star Defender 2
2008-05-23 19:36 . 2008-05-23 20:36 <DIR> d-------- C:\Program Files\Kennys Adventure
2008-05-23 19:34 . 2008-05-23 19:34 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-05-23 17:57 . 2008-06-11 08:39 <DIR> d-------- C:\Downloads
2008-05-23 17:53 . 2008-05-23 17:53 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-05-23 17:53 . 2008-06-11 10:35 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Orbit
2008-05-22 23:20 . 2008-05-22 23:20 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Ashampoo
2008-05-22 22:09 . 2008-05-31 22:47 <DIR> d-------- C:\Program Files\Activision
2008-05-22 10:02 . 2008-05-22 10:02 <DIR> d-------- C:\Program Files\FDRLab
2008-05-22 10:02 . 2008-05-22 10:02 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\FDRLab
2008-05-22 09:35 . 2008-05-22 15:14 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\OpenOffice.org2
2008-05-22 09:33 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-22 09:32 . 2008-05-25 11:00 <DIR> d-------- C:\Program Files\Java
2008-05-22 09:32 . 2008-05-22 09:32 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-22 09:30 . 2008-05-22 09:30 <DIR> d-------- C:\Program Files\oo
2008-05-21 15:37 . 2008-05-22 09:57 <DIR> d-------- C:\Program Files\AbiSuite2
2008-05-21 15:37 . 2008-05-21 15:37 <DIR> d-------- C:\Documents and Settings\XPPRESP3\AbiSuite
2008-05-21 15:06 . 2008-05-21 15:06 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-21 15:05 . 2008-05-21 15:06 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-21 15:05 . 2008-05-21 15:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-21 15:00 . 2008-05-21 15:00 <DIR> dr-h----- C:\MSOCache
2008-05-12 17:19 . 2008-05-28 22:24 382 --a------ C:\WINDOWS\disneysy.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 16:34 --------- d-----w C:\Program Files\HP
2008-06-09 16:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-09 16:33 --------- d-----w C:\Program Files\Disney Interactive
2008-05-29 08:48 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\AdobeUM
2008-05-28 20:11 --------- d-----w C:\Program Files\Rockstar Games
2008-05-22 13:34 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\XnView
2008-05-10 17:08 --------- d-----w C:\Program Files\FreeGamePick.com
2008-05-08 09:07 --------- d-----w C:\Program Files\Phime
2008-05-04 13:57 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Pirates of the Atlantic
2008-05-02 11:25 --------- d-----w C:\Program Files\Internet Jamb 2005
2008-04-27 12:33 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-04-25 19:43 --------- d-----w C:\Program Files\Registry Clean Expert
2008-04-25 19:43 --------- d-----w C:\Program Files\Innovative Solutions
2008-04-25 19:42 --------- d-----w C:\Program Files\Yahoo!
2008-04-25 19:42 --------- d-----w C:\Program Files\IObit
2008-04-25 19:42 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Yahoo!
2008-04-25 19:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-04-23 18:41 --------- d-----w C:\Program Files\Picasa2
2008-04-22 15:23 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Image Zone Express
2008-04-20 17:56 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-04-20 17:50 --------- d-----w C:\Program Files\Phenomedia
2008-04-20 17:28 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Winamp
2008-04-20 17:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks
2008-04-20 17:25 --------- d-----w C:\Program Files\Winamp
2008-04-20 17:19 --------- d-----w C:\Program Files\Winamp Toolbar
2008-04-20 17:19 --------- d-----w C:\Program Files\Winamp Remote
2008-04-20 17:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar
2008-04-20 17:11 --------- d-----w C:\Program Files\Dfx
2008-04-20 15:50 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\MusicIP
2008-04-19 09:38 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\TVU Networks
2008-04-17 19:07 --------- d-----w C:\Program Files\ESET
2008-04-13 20:06 --------- d-----w C:\Program Files\Google
2008-04-13 17:50 --------- d-----w C:\Program Files\AtomixMP3
2008-04-12 16:37 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Ahead
2008-04-12 09:36 --------- d-----w C:\Program Files\Common Files\Adobe
.

------- Sigcheck -------

2007-08-08 18:28 360704 a11391be25035570ae4b8970920f2c74 C:\WINDOWS\system32\drivers\tcpip.sys

2007-08-29 16:33 2321792 37b69e310d2ef2cdef0a3207f7619cd7 C:\WINDOWS\system32\ntoskrnl.exe

2007-08-08 18:40 950784 396acc64ecec61d7b2f8b53151b37028 C:\WINDOWS\explorer.exe
2007-08-08 18:40 950784 396acc64ecec61d7b2f8b53151b37028 C:\WINDOWS\XPize\Backup\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-11_16.22.07.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-11 14:18:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 16:14:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-08-08 16:20:58 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2007-08-08 16:24:27 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
+ 2007-07-30 17:19:10 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
- 2007-08-08 16:24:27 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
+ 2007-07-30 17:19:04 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
+ 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
- 2007-08-08 16:23:50 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2007-08-08 16:23:50 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2007-08-08 16:23:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2007-08-08 16:23:55 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2007-08-08 16:23:55 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2007-08-08 16:24:34 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2007-08-08 16:23:55 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 23:49 12889088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="C:\WINDOWS\VistaDrive\VistaDrive.exe" [2006-10-05 20:56 280779]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-19 12:27 65536]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-07 20:10 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 16:00 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-08 18:24 124928 C:\WINDOWS\system32\advpack.dll]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-07 23:33:44 1205840]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 16:30:54 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56179:TCP"= 56179:TCP:Pando P2P TCP Listening Port
"56179:UDP"= 56179:UDP:Pando P2P UDP Listening Port

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 11:22]
R1 as6eio;as6eio;C:\WINDOWS\system32\drivers\as6eio.SYS [1997-12-09 02:33]
R2 IBService;IBService;C:\Program Files\Invisible Browsing\servers\IBService.exe [2007-01-09 15:38]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 13:47]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 21:34]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 21:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-06-11 18:15:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Invisible Browsing\servers\socks\IBSocksManager.exe
C:\Program Files\Invisible Browsing\servers\socks\IBSocks.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Invisible Browsing\servers\Http\ibhttp.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-11 18:17:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 16:17:43
ComboFix2.txt 2008-06-11 14:22:57

Pre-Run: 5,900,562,432 bytes free
Post-Run: 5,894,017,024 bytes free

264

Dopuna: 11 Jun 2008 19:10

Postupak uspesan.. evo loga


ComboFix 08-06-10.5 - XPPRESP3 2008-06-11 18:54:53.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.208 [GMT 2:00]
Running from: C:\Documents and Settings\XPPRESP3\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-09 18:46 . 2008-06-09 18:46 <DIR> d-------- C:\WINDOWS\$regcmp$
2008-06-08 19:50 . 2008-06-08 19:50 137,344 --a------ C:\WINDOWS\system32\drivers\hwpsgt.sys
2008-06-08 19:50 . 2008-06-08 19:50 9,472 --a------ C:\WINDOWS\system32\drivers\lemsgt.sys
2008-06-08 13:30 . 2008-06-08 13:30 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Sega
2008-06-08 12:48 . 2008-06-08 13:10 <DIR> d-------- C:\Program Files\WinUHA
2008-06-07 23:23 . 2008-06-07 23:23 234 --a------ C:\WINDOWS\Pokemon.ini
2008-06-07 21:07 . 2008-06-10 12:27 <DIR> d-------- C:\Program Files\ChickenInvadersROTYXmas
2008-06-07 15:45 . 2008-06-07 15:45 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\URSoft
2008-06-07 14:40 . 2008-06-07 14:40 <DIR> d-------- C:\Program Files\MagicDisc
2008-06-07 14:40 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-06-07 14:24 . 2008-06-07 15:24 290 --a------ C:\WINDOWS\SONIC.INI
2008-06-07 14:16 . 2008-06-07 14:16 <DIR> d-------- C:\Program Files\MagicISO
2008-06-07 13:56 . 2008-06-07 13:56 <DIR> d-------- C:\WINDOWS\Easy Rapidshare Points
2008-06-07 13:19 . 2008-06-11 13:22 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-06 11:55 . 2008-06-06 11:55 <DIR> d-------- C:\Program Files\Invisible Browsing
2008-06-06 11:55 . 2008-06-06 11:55 68 --a------ C:\WINDOWS\MyProg.ini
2008-06-03 18:35 . 2008-06-07 14:02 <DIR> d-------- C:\Program Files\JLC's Software
2008-06-03 18:35 . 2008-06-03 18:35 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\JLC's Software
2008-06-02 16:03 . 2008-06-02 16:03 <DIR> d-------- C:\Program Files\Vidalia Bundle
2008-06-02 16:03 . 2008-06-11 18:28 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Vidalia
2008-06-02 16:03 . 2008-06-11 18:37 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\tor
2008-06-01 22:09 . 2008-06-01 22:10 <DIR> d-------- C:\Program Files\MovieSpot
2008-05-31 22:48 . 2008-05-31 22:48 277 --a------ C:\WINDOWS\madagascar.ini
2008-05-29 15:37 . 2008-06-09 13:08 <DIR> d-------- C:\Games
2008-05-28 22:31 . 2008-05-28 22:31 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Disney Interactive Studios
2008-05-28 22:25 . 2008-05-28 22:25 <DIR> d-------- C:\Program Files\Disney Interactive Studios
2008-05-28 13:12 . 2008-05-28 13:12 <DIR> d-------- C:\WINDOWS\Sun
2008-05-23 22:23 . 2008-05-28 22:10 <DIR> d-------- C:\Program Files\Caesar III
2008-05-23 20:32 . 2008-05-24 11:48 <DIR> d-------- C:\Program Files\Star Defender 4
2008-05-23 20:24 . 2008-05-24 11:30 <DIR> d-------- C:\Program Files\Star Defender 3
2008-05-23 20:16 . 2008-05-23 20:23 <DIR> d-------- C:\Program Files\Star Defender 2
2008-05-23 19:36 . 2008-05-23 20:36 <DIR> d-------- C:\Program Files\Kennys Adventure
2008-05-23 19:34 . 2008-05-23 19:34 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-05-23 17:57 . 2008-06-11 08:39 <DIR> d-------- C:\Downloads
2008-05-23 17:53 . 2008-05-23 17:53 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-05-23 17:53 . 2008-06-11 10:35 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Orbit
2008-05-22 23:20 . 2008-05-22 23:20 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Ashampoo
2008-05-22 22:09 . 2008-05-31 22:47 <DIR> d-------- C:\Program Files\Activision
2008-05-22 10:02 . 2008-05-22 10:02 <DIR> d-------- C:\Program Files\FDRLab
2008-05-22 10:02 . 2008-05-22 10:02 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\FDRLab
2008-05-22 09:35 . 2008-05-22 15:14 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\OpenOffice.org2
2008-05-22 09:33 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-22 09:32 . 2008-05-25 11:00 <DIR> d-------- C:\Program Files\Java
2008-05-22 09:32 . 2008-05-22 09:32 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-22 09:30 . 2008-05-22 09:30 <DIR> d-------- C:\Program Files\oo
2008-05-21 15:37 . 2008-05-22 09:57 <DIR> d-------- C:\Program Files\AbiSuite2
2008-05-21 15:37 . 2008-05-21 15:37 <DIR> d-------- C:\Documents and Settings\XPPRESP3\AbiSuite
2008-05-21 15:06 . 2008-05-21 15:06 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-21 15:05 . 2008-05-21 15:06 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-21 15:05 . 2008-05-21 15:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-21 15:00 . 2008-05-21 15:00 <DIR> dr-h----- C:\MSOCache
2008-05-12 17:19 . 2008-05-28 22:24 382 --a------ C:\WINDOWS\disneysy.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 16:34 --------- d-----w C:\Program Files\HP
2008-06-09 16:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-09 16:33 --------- d-----w C:\Program Files\Disney Interactive
2008-05-29 08:48 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\AdobeUM
2008-05-28 20:11 --------- d-----w C:\Program Files\Rockstar Games
2008-05-22 13:34 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\XnView
2008-05-10 17:08 --------- d-----w C:\Program Files\FreeGamePick.com
2008-05-08 09:07 --------- d-----w C:\Program Files\Phime
2008-05-04 13:57 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Pirates of the Atlantic
2008-05-02 11:25 --------- d-----w C:\Program Files\Internet Jamb 2005
2008-04-27 12:33 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-04-25 19:43 --------- d-----w C:\Program Files\Registry Clean Expert
2008-04-25 19:43 --------- d-----w C:\Program Files\Innovative Solutions
2008-04-25 19:42 --------- d-----w C:\Program Files\Yahoo!
2008-04-25 19:42 --------- d-----w C:\Program Files\IObit
2008-04-25 19:42 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Yahoo!
2008-04-25 19:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-04-23 18:41 --------- d-----w C:\Program Files\Picasa2
2008-04-22 15:23 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Image Zone Express
2008-04-20 17:56 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-04-20 17:50 --------- d-----w C:\Program Files\Phenomedia
2008-04-20 17:28 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Winamp
2008-04-20 17:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks
2008-04-20 17:25 --------- d-----w C:\Program Files\Winamp
2008-04-20 17:19 --------- d-----w C:\Program Files\Winamp Toolbar
2008-04-20 17:19 --------- d-----w C:\Program Files\Winamp Remote
2008-04-20 17:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar
2008-04-20 17:11 --------- d-----w C:\Program Files\Dfx
2008-04-20 15:50 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\MusicIP
2008-04-19 09:38 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\TVU Networks
2008-04-17 19:07 --------- d-----w C:\Program Files\ESET
2008-04-13 20:06 --------- d-----w C:\Program Files\Google
2008-04-13 17:50 --------- d-----w C:\Program Files\AtomixMP3
2008-04-12 16:37 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Ahead
2008-04-12 09:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-07 18:10 298,104 ----a-w C:\WINDOWS\system32\imon.dll
.

------- Sigcheck -------

2007-08-08 18:28 360704 a11391be25035570ae4b8970920f2c74 C:\WINDOWS\system32\drivers\tcpip.sys

2007-08-29 16:33 2321792 37b69e310d2ef2cdef0a3207f7619cd7 C:\WINDOWS\system32\ntoskrnl.exe

2007-08-08 18:40 950784 396acc64ecec61d7b2f8b53151b37028 C:\WINDOWS\explorer.exe
2007-08-08 18:40 950784 396acc64ecec61d7b2f8b53151b37028 C:\WINDOWS\XPize\Backup\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-11_16.22.07.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-11 14:18:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 16:33:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-08-08 16:20:58 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2007-08-08 16:24:27 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
+ 2007-07-30 17:19:10 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
- 2007-08-08 16:24:27 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
+ 2007-07-30 17:19:04 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
+ 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
- 2007-08-08 16:23:50 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2007-08-08 16:23:50 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2007-08-08 16:23:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2007-08-08 16:23:55 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2007-08-08 16:23:55 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2007-08-08 16:24:34 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2007-08-08 16:23:55 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="C:\WINDOWS\VistaDrive\VistaDrive.exe" [2006-10-05 20:56 280779]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-07 20:10 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 16:00 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-08 18:24 124928 C:\WINDOWS\system32\advpack.dll]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-07 23:33:44 1205840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56179:TCP"= 56179:TCP:Pando P2P TCP Listening Port
"56179:UDP"= 56179:UDP:Pando P2P UDP Listening Port

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 11:22]
R1 as6eio;as6eio;C:\WINDOWS\system32\drivers\as6eio.SYS [1997-12-09 02:33]
R2 IBService;IBService;C:\Program Files\Invisible Browsing\servers\IBService.exe [2007-01-09 15:38]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 13:47]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 21:34]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 21:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-06-11 18:57:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-11 18:58:19
ComboFix-quarantined-files.txt 2008-06-11 16:58:12
ComboFix2.txt 2008-06-11 16:17:50
ComboFix3.txt 2008-06-11 14:22:57

Pre-Run: 5,818,322,944 bytes free
Post-Run: 5,810,151,424 bytes free

211

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odradjeno! Javljam se sutra kada malo razradimo komp

Dopuna: 12 Jun 2008 11:13

Racunar odlicno radi, hvala puuuno na pomoci DEMIANe!
Hvala Hvala Hvala!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odlično. Drago mi je da je problem rešen. Tema ide u arhivu..
Pozz