Dosadno stvorenje...

1

Dosadno stvorenje...

offline
  • sladjan ilic
  • stolar
  • Pridružio: 18 Okt 2007
  • Poruke: 70
  • Gde živiš: Svilajnac

U kompu mi je zaraza koju nikako da istrebim sam,sto je najgore Nod ne registruje napad,a spyboot mi je pobrljaveo! molim hitnu pomoc jer i dok ovo pisem racunar mi zatupljuje i dosadjuje sa promenom registra

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Procitaj sledecu temu:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

nakon toga postavi ovde log koji ces napraviti uz pomoc programa HijackThis.

offline
  • sladjan ilic
  • stolar
  • Pridružio: 18 Okt 2007
  • Poruke: 70
  • Gde živiš: Svilajnac

Evo ga brzom brzinom...
Logfile of HijackThis v1.99.1
Scan saved at 21:49:43, on 25.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\sladjan\Desktop\xxxx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SXG Advisor - {61E61BA1-45ED-4835-B504-BBB9C96CB9CD} - C:\WINDOWS\dpvtporrfd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: The elfwgps - {CF4C34FE-2275-45EC-8C7E-2594CC1811A5} - C:\WINDOWS\elfwgps.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpeedOptimizer] "C:\Program Files\SpeedOptimizer\SPO.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing)
O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA5B3E18-C9F8-4C47-939F-9D2A753AE32E}: NameServer = 192.168.6.254,192.168.4.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: bqxomdo - {CAA96999-62B1-4DA3-A8C2-3C73B6C595B8} - C:\WINDOWS\bqxomdo.dll
O21 - SSODL: aswmklt - {FFF79A08-2593-463F-ADC9-A49D3CB3FBEE} - C:\WINDOWS\aswmklt.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • sladjan ilic
  • stolar
  • Pridružio: 18 Okt 2007
  • Poruke: 70
  • Gde živiš: Svilajnac

ComboFix 08-01-23.1C - sladjan 2008-01-25 23:01:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1064 [GMT 1:00]
Running from: C:\Documents and Settings\sladjan\Desktop\ComboFix(3).exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\sladjan\Favorites\Error Cleaner.url
C:\Documents and Settings\sladjan\Favorites\Privacy Protector.url
C:\Documents and Settings\sladjan\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\dat.txt
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\sysdm.exe

----- BITS: Possible infected sites -----

hxxp://softworldnetwork.com
hxxp://onsafepro.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\nm
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.

2008-01-25 23:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 21:20 . 2008-01-24 17:59 253,952 --a------ C:\WINDOWS\dpvtporrfd.dll
2008-01-24 21:20 . 2008-01-24 17:59 196,608 --a------ C:\WINDOWS\aswmklt.dll
2008-01-24 21:19 . 2008-01-24 17:59 348,160 --a------ C:\WINDOWS\bqxomdo.dll
2008-01-24 21:19 . 2008-01-24 17:59 172,032 --------- C:\WINDOWS\elfwgps.dll
2008-01-24 21:19 . 2008-01-24 17:59 81,920 --a------ C:\WINDOWS\fvqkfsp.exe
2008-01-24 20:39 . 2008-01-24 20:39 <DIR> d-------- C:\Program Files\Giganology
2008-01-24 20:39 . 2006-01-09 15:01 86,016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll
2008-01-24 15:19 . 2008-01-24 17:45 <DIR> d-------- C:\WINDOWS\VCP_TEMP
2008-01-24 15:19 . 2008-01-24 15:19 <DIR> d-------- C:\WINDOWS\VCP_SAVE
2008-01-24 15:19 . 2008-01-24 15:19 <DIR> d-------- C:\Program Files\Wallpapers
2008-01-24 15:19 . 2008-01-24 15:19 <DIR> d-------- C:\Program Files\Fonts
2008-01-24 15:19 . 2005-09-28 02:31 49,152 --a------ C:\WINDOWS\system32\icon.exe
2008-01-24 11:07 . 2008-01-25 19:55 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-01-22 23:49 . 2008-01-22 23:49 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-01-22 23:49 . 2008-01-24 02:27 <DIR> d-------- C:\Program Files\BitTorrent Acceleration Patch
2008-01-22 23:31 . 2008-01-22 23:31 <DIR> d-------- C:\Program Files\DNA
2008-01-22 23:31 . 2008-01-22 23:31 <DIR> d-------- C:\Program Files\BitTorrent
2008-01-19 15:56 . 2008-01-19 15:56 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-01-19 15:55 . 2008-01-25 23:00 <DIR> d-------- C:\Program Files\Steam
2008-01-19 12:34 . 2008-01-19 12:34 <DIR> d-------- C:\Program Files\IDM Computer Solutions
2008-01-19 11:50 . 2008-01-19 12:38 <DIR> d-------- C:\Program Files\HHD Software
2008-01-18 21:56 . 2008-01-18 21:56 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-01-17 22:06 . 2008-01-18 17:13 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-17 22:06 . 2008-01-18 17:13 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-17 22:06 . 2008-01-18 17:13 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-17 21:32 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-17 21:32 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-01-17 21:32 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-01-17 21:32 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-01-17 21:32 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-01-17 21:32 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-01-17 21:32 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-01-17 21:32 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-01-17 13:20 . 2008-01-17 13:20 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-17 13:18 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-01-17 13:18 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-01-17 13:18 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-01-17 13:18 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-01-17 13:18 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-01-17 13:18 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-01-16 23:59 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-01-16 23:59 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-01-16 23:57 . 2008-01-16 23:57 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-01-16 23:57 . 2008-01-16 23:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-16 23:57 . 2008-01-16 23:58 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-01-15 18:39 . 2008-01-19 12:35 <DIR> d-------- C:\Program Files\MP3 Recorder
2008-01-15 18:39 . 2008-01-25 11:28 <DIR> d-------- C:\Program Files\Guitartab.co.uk MP3 Recorder
2008-01-14 21:39 . 2005-01-09 03:24 246 --a------ C:\WINDOWS\regkey.reg
2008-01-14 21:26 . 2008-01-14 21:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-14 21:26 . 2008-01-14 21:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-14 14:41 . 2008-01-14 14:41 <DIR> d-------- C:\Program Files\Ahead
2008-01-10 01:24 . 2008-01-10 01:24 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-04 12:32 . 2008-01-04 12:32 0 --a------ C:\WINDOWS\rkkey.lock
2008-01-04 00:07 . 2008-01-04 00:07 244 --ah----- C:\sqmnoopt06.sqm
2008-01-04 00:07 . 2008-01-04 00:07 232 --ah----- C:\sqmdata06.sqm
2008-01-03 00:16 . 2008-01-03 00:16 <DIR> d-------- C:\Program Files\Common Files\Axara
2008-01-03 00:16 . 2007-12-07 15:34 77,824 --a------ C:\WINDOWS\system32\mslvddsfilter.ax
2008-01-02 19:29 . 2008-01-02 19:41 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-01-01 06:08 . 2008-01-17 13:12 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-12-30 11:38 . 2007-12-30 11:38 <DIR> d-------- C:\Program Files\Eltima Software
2007-12-25 23:19 . 2007-12-25 23:19 <DIR> d-------- C:\Program Files\FlashSlider

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 14:18 --------- d-----w C:\Program Files\PowerArchiver
2008-01-20 11:13 --------- d-----w C:\Program Files\Di recnik
2008-01-18 20:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-10 23:52 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-01-05 23:21 --------- d-----w C:\Program Files\Metacafe
2008-01-04 17:36 --------- d-----w C:\Program Files\MSN Messenger
2007-12-24 23:35 --------- d-----w C:\Program Files\Net-FM Radio&TV
2007-12-22 11:13 --------- d-----w C:\Program Files\JetAudio
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-19 22:42 --------- d-----w C:\Program Files\DAP
2007-12-19 22:13 --------- d-----w C:\Program Files\AskPBar
2007-12-19 21:28 --------- d-----w C:\Program Files\XviD
2007-12-18 23:29 --------- d-----w C:\Program Files\Apex
2007-12-18 21:38 --------- d-----w C:\Program Files\Google
2007-12-18 18:43 --------- d-----w C:\Program Files\Ashampoo
2007-12-17 17:10 --------- d-----w C:\Program Files\WinAVI Video Converter
2007-12-16 23:14 --------- d-----w C:\Program Files\New Folder
2007-12-14 19:36 --------- d-----w C:\Program Files\DVDx
2007-12-10 21:15 --------- d-----w C:\Program Files\TeamViewer3
2007-12-10 21:10 --------- d-----w C:\Program Files\BPS
2007-12-09 16:09 --------- d-----w C:\Program Files\GameSpy
2007-12-02 21:12 --------- d-----w C:\Program Files\Winamp
2007-12-02 19:47 --------- d-----w C:\Program Files\Common Files\Acronis
2007-12-02 16:29 441,760 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2007-12-02 16:29 44,384 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-12-02 16:29 368,736 ----a-w C:\WINDOWS\system32\drivers\tdrpman.sys
2007-12-02 16:29 129,248 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2007-12-02 16:22 --------- d-----w C:\Program Files\Eraser
2007-12-02 16:22 --------- d-----w C:\Program Files\ChrisTV
2007-12-02 16:22 --------- d-----w C:\Program Files\Chicken Invaders 2
2007-12-02 16:22 --------- d-----w C:\Program Files\CDlyse
2007-12-01 19:30 --------- d-----w C:\Program Files\Common Files\COWON
2007-12-01 19:27 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-12-01 19:10 23,616 ----a-w C:\WINDOWS\system32\drivers\nchssvad.sys
2007-11-30 16:42 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-28 17:50 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-28 17:36 --------- d-----w C:\Program Files\CCleaner
1998-04-26 23:00 570,128 ----a-w C:\Program Files\DAO350.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61E61BA1-45ED-4835-B504-BBB9C96CB9CD}]
2008-01-24 17:59 253952 --a------ C:\WINDOWS\dpvtporrfd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{F4D76F09-7896-458A-890F-E1F05C46069F}
{CF4C34FE-2275-45EC-8C7E-2594CC1811A5}
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOT\clsid\{cf4c34fe-2275-45ec-8c7e-2594cc1811a5}]
[HKEY_CLASSES_ROOT\elfwgps.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{624AB37D-0196-44D1-8EB1-19D9EC09BF80}]
[HKEY_CLASSES_ROOT\elfwgps.ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2003-03-02 01:40 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46 1460560]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-01-19 15:59 1266936]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-01-22 23:31 286528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBM 5"="C:\Program Files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 17:40 594944]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-04 22:36 949376]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
"iconcache"="" []
"SpeedOptimizer"="C:\Program Files\SpeedOptimizer\SPO.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bqxomdo"= {CAA96999-62B1-4DA3-A8C2-3C73B6C595B8} - C:\WINDOWS\bqxomdo.dll [2008-01-24 17:59 348160]
"aswmklt"= {FFF79A08-2593-463F-ADC9-A49D3CB3FBEE} - C:\WINDOWS\aswmklt.dll [2008-01-24 17:59 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^sladjan^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\sladjan\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools]
--a------ 2005-07-18 07:45 435712 C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 15:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 19:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
--a------ 2004-06-04 05:51 131072 C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerArchiver Tray]
--a------ 2007-03-13 19:06 140840 C:\Program Files\PowerArchiver\PASTARTER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-03 04:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 22:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--------- 2003-11-19 01:20 45056 C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
--a------ 2004-01-13 04:40 69632 C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"winvnc"=2 (0x2)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)

R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2005-06-22 10:15]
R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-04-04 10:14]
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 21:34]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 10:20]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 21:34]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 21:34]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys []
S3 snpstd2;Trek 310;C:\WINDOWS\system32\DRIVERS\snpstd2.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-31 02:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-31 02:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-31 02:59]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 20:54]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-07 01:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e21076-937e-11db-b1d8-806d6172696f}]
\Shell\AutoRun\command - F:\Autorun.exe root.ini

.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 22:32:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-01-25 23:13:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\bqxomdo.dll
.
Completion time: 2008-01-25 23:15:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 22:15:55
.
2008-01-09 12:17:30 --- E O F ---

Dopuna: 26 Jan 2008 0:25

Imam mali problemcic koji me iritira:desktop mi se ponasa kao URL stranica i nemogu to da promenim.sto se tice blinkanja racunara,smirio se u dobroj meri...

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\dpvtporrfd.dll
C:\WINDOWS\aswmklt.dll
C:\WINDOWS\bqxomdo.dll
C:\WINDOWS\elfwgps.dll
C:\WINDOWS\fvqkfsp.exe
C:\WINDOWS\privacy_danger\index.htm

Folder::
C:\WINDOWS\privacy_danger



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • sladjan ilic
  • stolar
  • Pridružio: 18 Okt 2007
  • Poruke: 70
  • Gde živiš: Svilajnac

ComboFix 08-01-23.1C - sladjan 2008-01-26 10:47:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1098 [GMT 1:00]
Running from: C:\Documents and Settings\sladjan\Desktop\ComboFix.exe
Command switches used :: C:\CFScript
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.

2008-01-25 23:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 21:20 . 2008-01-24 17:59 253,952 --a------ C:\WINDOWS\dpvtporrfd.dll
2008-01-24 21:20 . 2008-01-24 17:59 196,608 --a------ C:\WINDOWS\aswmklt.dll
2008-01-24 21:19 . 2008-01-24 17:59 172,032 --------- C:\WINDOWS\elfwgps.dll
2008-01-24 21:19 . 2008-01-24 17:59 81,920 --a------ C:\WINDOWS\fvqkfsp.exe
2008-01-24 20:39 . 2008-01-24 20:39 <DIR> d-------- C:\Program Files\Giganology
2008-01-24 20:39 . 2006-01-09 15:01 86,016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll
2008-01-24 15:19 . 2008-01-24 17:45 <DIR> d-------- C:\WINDOWS\VCP_TEMP
2008-01-24 15:19 . 2008-01-24 15:19 <DIR> d-------- C:\WINDOWS\VCP_SAVE
2008-01-24 15:19 . 2008-01-24 15:19 <DIR> d-------- C:\Program Files\Wallpapers
2008-01-24 15:19 . 2008-01-24 15:19 <DIR> d-------- C:\Program Files\Fonts
2008-01-24 15:19 . 2005-09-28 02:31 49,152 --a------ C:\WINDOWS\system32\icon.exe
2008-01-24 11:07 . 2008-01-25 19:55 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-01-22 23:49 . 2008-01-22 23:49 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-01-22 23:49 . 2008-01-24 02:27 <DIR> d-------- C:\Program Files\BitTorrent Acceleration Patch
2008-01-22 23:31 . 2008-01-22 23:31 <DIR> d-------- C:\Program Files\DNA
2008-01-22 23:31 . 2008-01-22 23:31 <DIR> d-------- C:\Program Files\BitTorrent
2008-01-19 15:56 . 2008-01-19 15:56 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-01-19 15:55 . 2008-01-26 10:28 <DIR> d-------- C:\Program Files\Steam
2008-01-19 12:34 . 2008-01-19 12:34 <DIR> d-------- C:\Program Files\IDM Computer Solutions
2008-01-19 11:50 . 2008-01-19 12:38 <DIR> d-------- C:\Program Files\HHD Software
2008-01-18 21:56 . 2008-01-18 21:56 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-01-17 22:06 . 2008-01-18 17:13 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-17 22:06 . 2008-01-18 17:13 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-17 22:06 . 2008-01-18 17:13 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-17 21:32 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-17 21:32 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-01-17 21:32 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-01-17 21:32 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-01-17 21:32 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-01-17 21:32 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-01-17 21:32 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-01-17 21:32 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-01-17 13:20 . 2008-01-17 13:20 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-17 13:18 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-01-17 13:18 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-01-17 13:18 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-01-17 13:18 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-01-17 13:18 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-01-17 13:18 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-01-16 23:59 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-01-16 23:59 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-01-16 23:57 . 2008-01-16 23:57 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-01-16 23:57 . 2008-01-16 23:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-16 23:57 . 2008-01-16 23:58 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-01-15 18:39 . 2008-01-19 12:35 <DIR> d-------- C:\Program Files\MP3 Recorder
2008-01-15 18:39 . 2008-01-25 11:28 <DIR> d-------- C:\Program Files\Guitartab.co.uk MP3 Recorder
2008-01-14 21:39 . 2005-01-09 03:24 246 --a------ C:\WINDOWS\regkey.reg
2008-01-14 21:26 . 2008-01-14 21:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-14 21:26 . 2008-01-14 21:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-14 14:41 . 2008-01-14 14:41 <DIR> d-------- C:\Program Files\Ahead
2008-01-10 01:24 . 2008-01-10 01:24 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-04 12:32 . 2008-01-04 12:32 0 --a------ C:\WINDOWS\rkkey.lock
2008-01-04 00:07 . 2008-01-04 00:07 244 --ah----- C:\sqmnoopt06.sqm
2008-01-04 00:07 . 2008-01-04 00:07 232 --ah----- C:\sqmdata06.sqm
2008-01-03 00:16 . 2008-01-03 00:16 <DIR> d-------- C:\Program Files\Common Files\Axara
2008-01-03 00:16 . 2007-12-07 15:34 77,824 --a------ C:\WINDOWS\system32\mslvddsfilter.ax
2008-01-02 19:29 . 2008-01-02 19:41 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-01-01 06:08 . 2008-01-17 13:12 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-12-30 11:38 . 2007-12-30 11:38 <DIR> d-------- C:\Program Files\Eltima Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 22:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 14:18 --------- d-----w C:\Program Files\PowerArchiver
2008-01-20 11:13 --------- d-----w C:\Program Files\Di recnik
2008-01-10 23:52 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-01-05 23:21 --------- d-----w C:\Program Files\Metacafe
2008-01-04 17:36 --------- d-----w C:\Program Files\MSN Messenger
2007-12-25 22:19 --------- d-----w C:\Program Files\FlashSlider
2007-12-24 23:35 --------- d-----w C:\Program Files\Net-FM Radio&TV
2007-12-22 11:13 --------- d-----w C:\Program Files\JetAudio
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-19 22:42 --------- d-----w C:\Program Files\DAP
2007-12-19 22:13 --------- d-----w C:\Program Files\AskPBar
2007-12-19 21:28 --------- d-----w C:\Program Files\XviD
2007-12-18 23:29 --------- d-----w C:\Program Files\Apex
2007-12-18 21:38 --------- d-----w C:\Program Files\Google
2007-12-18 18:43 --------- d-----w C:\Program Files\Ashampoo
2007-12-17 17:10 --------- d-----w C:\Program Files\WinAVI Video Converter
2007-12-16 23:14 --------- d-----w C:\Program Files\New Folder
2007-12-14 19:36 --------- d-----w C:\Program Files\DVDx
2007-12-10 21:15 --------- d-----w C:\Program Files\TeamViewer3
2007-12-10 21:10 --------- d-----w C:\Program Files\BPS
2007-12-09 16:09 --------- d-----w C:\Program Files\GameSpy
2007-12-02 21:12 --------- d-----w C:\Program Files\Winamp
2007-12-02 19:47 --------- d-----w C:\Program Files\Common Files\Acronis
2007-12-02 16:29 441,760 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2007-12-02 16:29 44,384 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-12-02 16:29 368,736 ----a-w C:\WINDOWS\system32\drivers\tdrpman.sys
2007-12-02 16:29 129,248 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2007-12-02 16:22 --------- d-----w C:\Program Files\Eraser
2007-12-02 16:22 --------- d-----w C:\Program Files\ChrisTV
2007-12-02 16:22 --------- d-----w C:\Program Files\Chicken Invaders 2
2007-12-02 16:22 --------- d-----w C:\Program Files\CDlyse
2007-12-01 19:30 --------- d-----w C:\Program Files\Common Files\COWON
2007-12-01 19:27 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-12-01 19:10 23,616 ----a-w C:\WINDOWS\system32\drivers\nchssvad.sys
2007-11-30 16:42 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-28 17:50 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-28 17:36 --------- d-----w C:\Program Files\CCleaner
2007-11-15 17:46 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2007-11-15 17:46 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-11-15 17:46 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2007-11-15 17:46 21,496 ----a-w C:\WINDOWS\system32\LMIport.dll
2007-11-15 17:46 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
1998-04-26 23:00 570,128 ----a-w C:\Program Files\DAO350.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-01-25_23.15.39.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 22:00:59 1,269,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-26 09:47:40 1,269,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-25 22:00:59 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-26 09:47:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-25 22:01:00 1,269,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-26 09:47:40 1,269,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-25 22:01:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-26 09:47:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-25 22:01:00 7,925,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-26 09:47:41 7,925,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-25 22:01:00 528,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-26 09:47:41 528,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61E61BA1-45ED-4835-B504-BBB9C96CB9CD}]
2008-01-24 17:59 253952 --a------ C:\WINDOWS\dpvtporrfd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{F4D76F09-7896-458A-890F-E1F05C46069F}
{CF4C34FE-2275-45EC-8C7E-2594CC1811A5}
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOT\clsid\{cf4c34fe-2275-45ec-8c7e-2594cc1811a5}]
[HKEY_CLASSES_ROOT\elfwgps.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{624AB37D-0196-44D1-8EB1-19D9EC09BF80}]
[HKEY_CLASSES_ROOT\elfwgps.ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2003-03-02 01:40 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46 1460560]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-01-19 15:59 1266936]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-01-22 23:31 286528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBM 5"="C:\Program Files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 17:40 594944]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-04 22:36 949376]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
"iconcache"="" []
"SpeedOptimizer"="C:\Program Files\SpeedOptimizer\SPO.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bqxomdo"= {CAA96999-62B1-4DA3-A8C2-3C73B6C595B8} - C:\WINDOWS\bqxomdo.dll [ ]
"aswmklt"= {FFF79A08-2593-463F-ADC9-A49D3CB3FBEE} - C:\WINDOWS\aswmklt.dll [2008-01-24 17:59 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^sladjan^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\sladjan\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools]
--a------ 2005-07-18 07:45 435712 C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 15:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 19:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
--a------ 2004-06-04 05:51 131072 C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerArchiver Tray]
--a------ 2007-03-13 19:06 140840 C:\Program Files\PowerArchiver\PASTARTER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-03 04:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 22:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--------- 2003-11-19 01:20 45056 C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
--a------ 2004-01-13 04:40 69632 C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"winvnc"=2 (0x2)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)

R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2005-06-22 10:15]
R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-04-04 10:14]
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 21:34]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 10:20]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 21:34]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 21:34]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys []
S3 snpstd2;Trek 310;C:\WINDOWS\system32\DRIVERS\snpstd2.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-31 02:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-31 02:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-31 02:59]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 20:54]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-07 01:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e21076-937e-11db-b1d8-806d6172696f}]
\Shell\AutoRun\command - F:\Autorun.exe root.ini

.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 22:32:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-01-26 10:49:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 10:50:29
ComboFix-quarantined-files.txt 2008-01-26 09:50:13
ComboFix2.txt 2008-01-25 22:15:57
.
2008-01-09 12:17:30 --- E O F ---


NIsam uspeo sa desktopa da usnimim notepad,jer se jos uvek ponasa kao stranica,a nakon pokusaja da se ulogujem na forum,Mozila je blokirala i odjedanput mi se aktivirala 43 prozora IE,posto ih imama obadva

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Udji u Safe Mode prema sledecem uputstvu:
http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-uci-u-SAFE-MODE.html

Obrisi sledeci folder:
C:\WINDOWS\privacy_danger

To treba da resi ponasanje desktopa.

Nakon toga odradi ono sto sam ti napisao u prethodnoj poruci.

offline
  • sladjan ilic
  • stolar
  • Pridružio: 18 Okt 2007
  • Poruke: 70
  • Gde živiš: Svilajnac

Nasao sam jedno divno iznanadjenje:ustvari nisam nasao ovaj fajl,pa ni u hidden folderima...nema ga...

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Folder, ne fajl.

Citat:Obrisi sledeci folder:
C:\WINDOWS\privacy_danger

Ko je trenutno na forumu
 

Ukupno su 784 korisnika na forumu :: 3 registrovanih, 0 sakrivenih i 781 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bestguarder, Leonov, Nemanja.M