Kaspersky ne moze da ga izbrise

Kaspersky ne moze da ga izbrise

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 1715
  • Gde živiš: Beograd

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:26, on 12.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\User\Desktop\TR2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {75ABCF92-9764-4DFA-A83F-5142C3905052} - C:\WINDOWS\system32\tuvSifCU.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Edgios Page Grabber IE Plug-in - {99756919-C498-4D97-9E20-2076DE0E42B9} - D:\Program Files\Edgios\Edgios\ext\eiexxpw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {C6414BEA-4794-49D5-B015-93D1B01950AE} - C:\WINDOWS\system32\rqRKDsqn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: Edgios IE Toolbar - {C9642A6B-9467-4EB5-9168-F141744AA27F} - D:\Program Files\Edgios\Edgios\ext\eiexxpw.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [1018d555] rundll32.exe "C:\WINDOWS\system32\wlteimvx.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: HDDlife.lnk = D:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,D:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: tuvSifCU - C:\WINDOWS\SYSTEM32\tuvSifCU.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PD91VMDefrag - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk2008\PD91VMDefrag.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11647 bytes


Упало ми је брдо вируса у комп док је Касперски био искључен, обрисао сам доста али се мучим са једним lsass.exe\rqRKDsqn Heur.Trojan.Generic .КИС једноставно не може да га обрише, увек се изонова појављује.

Ако може помоћ нека...

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Privremeno isključi zaštitni softver.


Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 1715
  • Gde živiš: Beograd

ComboFix 08-11-11.01 - User 2008-11-12 20:33:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2706 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\admintxt.txt
c:\windows\service.exe
c:\windows\system32\efcAsPff.dll
c:\windows\system32\exvoutlg.dll
c:\windows\system32\gltuovxe.ini
c:\windows\system32\mibogjmm.dll
c:\windows\system32\mmjgobim.ini
c:\windows\system32\mwbfqhmn.ini
c:\windows\system32\nqsDKRqr.ini
c:\windows\system32\nqsDKRqr.ini2
c:\windows\system32\qjdtdcik.dll
c:\windows\system32\rqRKDsqn.dll
c:\windows\system32\tuvSifCU.dll
c:\windows\system32\wiwvliyc.ini
c:\windows\system32\xvmietlw.ini

.
((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-12 19:40 . 2008-11-12 20:42 540 --a------ c:\windows\system32\PDBootState
2008-11-09 14:00 . 2008-11-09 14:00 268 --ah----- C:\sqmdata19.sqm
2008-11-09 14:00 . 2008-11-09 14:00 244 --ah----- C:\sqmnoopt19.sqm
2008-11-09 00:34 . 2008-11-09 00:34 268 --ah----- C:\sqmdata18.sqm
2008-11-09 00:34 . 2008-11-09 00:34 244 --ah----- C:\sqmnoopt18.sqm
2008-11-08 22:06 . 2008-11-08 22:34 1,615 --a------ c:\windows\disney.ini
2008-11-08 22:05 . 2008-11-08 22:05 204 --a------ c:\windows\disneysy.ini
2008-11-08 17:40 . 2008-11-08 17:40 268 --ah----- C:\sqmdata17.sqm
2008-11-08 17:40 . 2008-11-08 17:40 244 --ah----- C:\sqmnoopt17.sqm
2008-11-08 15:42 . 2008-11-08 15:42 268 --ah----- C:\sqmdata16.sqm
2008-11-08 15:42 . 2008-11-08 15:42 244 --ah----- C:\sqmnoopt16.sqm
2008-11-08 14:46 . 2008-11-08 14:46 268 --ah----- C:\sqmdata15.sqm
2008-11-08 14:46 . 2008-11-08 14:46 244 --ah----- C:\sqmnoopt15.sqm
2008-11-08 13:32 . 2008-11-08 13:32 268 --ah----- C:\sqmdata14.sqm
2008-11-08 13:32 . 2008-11-08 13:32 244 --ah----- C:\sqmnoopt14.sqm
2008-11-08 00:05 . 2008-11-08 00:05 268 --ah----- C:\sqmdata13.sqm
2008-11-08 00:05 . 2008-11-08 00:05 244 --ah----- C:\sqmnoopt13.sqm
2008-11-07 20:46 . 2008-11-07 20:46 120 --ahs---- c:\windows\system32\sguhfowd.ini
2008-11-07 00:27 . 2008-11-07 00:27 268 --ah----- C:\sqmdata12.sqm
2008-11-07 00:27 . 2008-11-07 00:27 244 --ah----- C:\sqmnoopt12.sqm
2008-11-07 00:06 . 2008-11-07 00:06 268 --ah----- C:\sqmdata11.sqm
2008-11-07 00:06 . 2008-11-07 00:06 244 --ah----- C:\sqmnoopt11.sqm
2008-11-06 22:44 . 2008-11-06 22:44 268 --ah----- C:\sqmdata10.sqm
2008-11-06 22:44 . 2008-11-06 22:44 244 --ah----- C:\sqmnoopt10.sqm
2008-11-06 20:43 . 2008-11-06 20:43 120 --ahs---- c:\windows\system32\vhjxpgmk.ini
2008-11-06 20:42 . 2008-11-06 20:42 120 --ahs---- c:\windows\system32\drhlsgxq.ini
2008-11-06 00:12 . 2008-11-11 18:08 211 --a------ c:\windows\wininit.ini
2008-11-05 17:55 . 2008-11-05 17:55 120 --ahs---- c:\windows\system32\vgnbkyyu.ini
2008-11-04 18:39 . 2008-11-04 18:39 120 --ahs---- c:\windows\system32\yatsvevk.ini
2008-11-04 17:06 . 2008-11-04 17:07 41,522 --a------ c:\documents and settings\User\javaplugin.exe
2008-10-25 09:13 . 2008-10-26 12:33 921,624 --a------ C:\img2-001.raw
2008-10-24 16:56 . 2008-10-15 17:34 337,408 --a------ c:\windows\system32\dllcache\netapi32.dll
2008-10-18 16:27 . 2008-11-02 11:41 <DIR> d-------- c:\documents and settings\User\Application Data\skypePM
2008-10-18 16:27 . 2008-10-18 16:27 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-18 16:22 . 2008-10-18 16:22 <DIR> d-------- c:\program files\Skype
2008-10-18 16:22 . 2008-10-18 16:22 <DIR> d-------- c:\program files\Common Files\Skype
2008-10-18 16:22 . 2008-11-02 11:42 <DIR> d-------- c:\documents and settings\User\Application Data\Skype
2008-10-18 16:22 . 2008-10-18 16:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-10-18 16:09 . 2008-10-18 16:09 <DIR> d-------- c:\program files\Common Files\snpstd3
2008-10-18 16:09 . 2008-10-18 16:09 <DIR> d-------- c:\documents and settings\User\Application Data\InstallShield
2008-10-18 16:09 . 2007-04-03 18:25 10,246,144 --a------ c:\windows\system32\drivers\snpstd3.sys
2008-10-18 16:09 . 2006-09-18 13:12 843,776 --a------ c:\windows\vsnpstd3.exe
2008-10-18 16:09 . 2007-03-30 16:44 262,144 --a------ c:\windows\tsnpstd3.exe
2008-10-18 16:09 . 2007-03-21 14:23 172,032 --a------ c:\windows\system32\rsnpstd3.dll
2008-10-18 16:09 . 2006-07-03 09:31 94,208 --a------ c:\windows\amcap.exe
2008-10-18 16:09 . 2007-03-30 14:09 61,440 --a------ c:\windows\system32\vsnpstd3.dll
2008-10-18 16:09 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-10-18 16:09 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2008-10-18 16:09 . 2005-11-23 12:55 53,248 --a------ c:\windows\system32\csnpstd3.dll
2008-10-18 16:09 . 2005-11-23 12:55 53,248 --a------ c:\windows\csnpstd3.dll
2008-10-18 16:09 . 2004-02-27 16:36 15,498 --a------ c:\windows\snpstd3.ini
2008-10-18 16:09 . 2004-02-27 16:36 13,023 --a------ c:\windows\snpstd3.src
2008-10-15 19:27 . 2008-10-15 19:28 1,393 --a------ c:\windows\imsins.BAK
2008-10-15 16:50 . 2008-09-15 13:12 1,846,400 --a------ c:\windows\system32\dllcache\win32k.sys
2008-10-15 16:50 . 2008-09-08 11:41 333,824 --a------ c:\windows\system32\dllcache\srv.sys
2008-10-15 16:49 . 2008-08-14 11:11 2,189,184 --a------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 16:49 . 2008-08-14 11:09 2,145,280 --a------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 16:49 . 2008-08-14 10:33 2,066,048 --a------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 16:49 . 2008-08-14 10:33 2,023,936 --a------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-13 16:45 . 2008-10-13 16:45 <DIR> d-------- c:\program files\Java
2008-10-12 17:53 . 2008-10-12 17:53 <DIR> d--h----- c:\program files\InstallJammer Registry

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 19:40 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-12 19:37 647,200 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-12 19:37 59,888 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-12 19:37 168,500 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-12 19:37 12,189,216 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-12 18:46 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-12 12:41 --------- d-----w c:\documents and settings\User\Application Data\BearShare
2008-11-09 18:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 14:14 --------- d-----w c:\program files\Mozilla Thunderbird
2008-10-21 21:07 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-07 20:13 --------- d-----w c:\program files\Strategy First
2008-10-03 17:41 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-09-27 15:27 --------- d-----w c:\documents and settings\User\Application Data\XnView
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-09 11:49 230,152 ----a-w c:\windows\system32\PDBoot.exe
2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 10:04 138,496 ----a-w c:\windows\system32\dllcache\afd.sys
2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
2006-06-23 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
2008-05-12 18:46 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-05-12 18:46 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-05-12 18:46 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051220080513\index.dat
2008-05-12 18:46 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99756919-C498-4D97-9E20-2076DE0E42B9}]
2008-09-19 15:16 151552 --a------ d:\program files\Edgios\Edgios\ext\eiexxpw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "c:\program files\BS.Player ControlBar\BSToolbar.dll" [2008-08-13 757192]
"{C9642A6B-9467-4EB5-9168-F141744AA27F}"= "d:\program files\Edgios\Edgios\ext\eiexxpw.dll" [2008-09-19 151552]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "c:\program files\BS.Player ControlBar\BSToolbar.dll" [2008-08-13 757192]
"{C9642A6B-9467-4EB5-9168-F141744AA27F}"= "d:\program files\Edgios\Edgios\ext\eiexxpw.dll" [2008-09-19 151552]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_CLASSES_ROOT\clsid\{c9642a6b-9467-4eb5-9168-f141744aa27f}]
[HKEY_CLASSES_ROOT\EdgiosPlugin.EdgiosToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{67206978-4FEA-42B0-B3FC-DB1D38276494}]
[HKEY_CLASSES_ROOT\EdgiosPlugin.EdgiosToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-08-17 1232384]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]

c:\documents and settings\User\Start Menu\Programs\Startup\
HDDlife.lnk - d:\program files\BinarySense\HDDlife 3\HDDlifePro.exe [2008-02-15 712758]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Shortcut to RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2002-01-01 495616]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-21 07:57 176128 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to RocketDock.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Shortcut to RocketDock.lnk
backup=c:\windows\pss\Shortcut to RocketDock.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 01:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
--a------ 2004-09-29 12:01 106496 c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 18:51 1836328 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-02 00:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
--a------ 2004-09-29 12:26 192512 c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"HostManager"=c:\program files\Common Files\AOL\1210677751\ee\AOLSoftware.exe
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [2008-02-15 832760]
R2 PD91Agent;PD91Agent;d:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-09 693512]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l151x86.sys [2008-02-24 37376]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 Cap713x;Cap713x Video Capture;c:\windows\system32\DRIVERS\Cap713x.sys [2004-10-14 751104]
S3 PD91Engine;PD91Engine;d:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-09 906504]
S3 PD91VMDefrag;PD91VMDefrag;d:\program files\Raxco\PerfectDisk2008\PD91VMDefrag.exe [2008-02-29 226568]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-04-04 306432]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22d17f5d-3543-11dd-ba5d-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
- - - - ORPHANS REMOVED - - - -

BHO-{5B1B65D9-0F5A-40A7-A80A-28E42C00AE0E} - c:\windows\system32\rqRKDsqn.dll
BHO-{75ABCF92-9764-4DFA-A83F-5142C3905052} - c:\windows\system32\tuvSifCU.dll
HKLM-Run-1018d555 - c:\windows\system32\exvoutlg.dll
ShellExecuteHooks-{75ABCF92-9764-4DFA-A83F-5142C3905052} - c:\windows\system32\tuvSifCU.dll
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ldlg5ri8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://sr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sr:official
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\np32dsw.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npnul32.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\NPSWF32.dll
FF -: plugin - d:\program files\Opera\program\plugins\npdsplay.dll
FF -: plugin - d:\program files\Opera\program\plugins\npwmsdrm.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 20:40:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
d:\program files\a-squared Free\a2service.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-11-12 20:43:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-12 19:43:39

Pre-Run: 195.026.292.736 bytes free
Post-Run: 194,941,919,232 bytes free

290 --- E O F --- 2008-10-24 17:41:42

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Uploaduj sledeće file-ove:

d:\program files\Edgios\Edgios\ext\eiexxpw.dll
c:\documents and settings\User\javaplugin.exe

preko ovog linka: http://www.mycity.rs/ambulanta-upload.php


-------------------------------------------------------------------------------------



Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\sguhfowd.ini
c:\windows\system32\vhjxpgmk.ini
c:\windows\system32\drhlsgxq.ini
c:\windows\system32\vgnbkyyu.ini
c:\windows\system32\yatsvevk.ini


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 1715
  • Gde živiš: Beograd

ComboFix 08-11-11.01 - User 2008-11-12 22:22:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2670 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-12 20:48 . 2008-11-12 20:48 <DIR> d-------- c:\windows\LastGood
2008-11-12 19:40 . 2008-11-12 20:42 540 --a------ c:\windows\system32\PDBootState
2008-11-09 14:00 . 2008-11-09 14:00 268 --ah----- C:\sqmdata19.sqm
2008-11-09 14:00 . 2008-11-09 14:00 244 --ah----- C:\sqmnoopt19.sqm
2008-11-09 00:34 . 2008-11-09 00:34 268 --ah----- C:\sqmdata18.sqm
2008-11-09 00:34 . 2008-11-09 00:34 244 --ah----- C:\sqmnoopt18.sqm
2008-11-08 22:06 . 2008-11-08 22:34 1,615 --a------ c:\windows\disney.ini
2008-11-08 22:05 . 2008-11-08 22:05 204 --a------ c:\windows\disneysy.ini
2008-11-08 17:40 . 2008-11-08 17:40 268 --ah----- C:\sqmdata17.sqm
2008-11-08 17:40 . 2008-11-08 17:40 244 --ah----- C:\sqmnoopt17.sqm
2008-11-08 15:42 . 2008-11-08 15:42 268 --ah----- C:\sqmdata16.sqm
2008-11-08 15:42 . 2008-11-08 15:42 244 --ah----- C:\sqmnoopt16.sqm
2008-11-08 14:46 . 2008-11-08 14:46 268 --ah----- C:\sqmdata15.sqm
2008-11-08 14:46 . 2008-11-08 14:46 244 --ah----- C:\sqmnoopt15.sqm
2008-11-08 13:32 . 2008-11-08 13:32 268 --ah----- C:\sqmdata14.sqm
2008-11-08 13:32 . 2008-11-08 13:32 244 --ah----- C:\sqmnoopt14.sqm
2008-11-08 00:05 . 2008-11-08 00:05 268 --ah----- C:\sqmdata13.sqm
2008-11-08 00:05 . 2008-11-08 00:05 244 --ah----- C:\sqmnoopt13.sqm
2008-11-07 20:46 . 2008-11-07 20:46 120 --ahs---- c:\windows\system32\sguhfowd.ini
2008-11-07 00:27 . 2008-11-07 00:27 268 --ah----- C:\sqmdata12.sqm
2008-11-07 00:27 . 2008-11-07 00:27 244 --ah----- C:\sqmnoopt12.sqm
2008-11-07 00:06 . 2008-11-07 00:06 268 --ah----- C:\sqmdata11.sqm
2008-11-07 00:06 . 2008-11-07 00:06 244 --ah----- C:\sqmnoopt11.sqm
2008-11-06 22:44 . 2008-11-06 22:44 268 --ah----- C:\sqmdata10.sqm
2008-11-06 22:44 . 2008-11-06 22:44 244 --ah----- C:\sqmnoopt10.sqm
2008-11-06 20:43 . 2008-11-06 20:43 120 --ahs---- c:\windows\system32\vhjxpgmk.ini
2008-11-06 20:42 . 2008-11-06 20:42 120 --ahs---- c:\windows\system32\drhlsgxq.ini
2008-11-06 00:12 . 2008-11-11 18:08 211 --a------ c:\windows\wininit.ini
2008-11-05 17:55 . 2008-11-05 17:55 120 --ahs---- c:\windows\system32\vgnbkyyu.ini
2008-11-04 18:39 . 2008-11-04 18:39 120 --ahs---- c:\windows\system32\yatsvevk.ini
2008-11-04 17:06 . 2008-11-04 17:07 41,522 --a------ c:\documents and settings\User\javaplugin.exe
2008-10-25 09:13 . 2008-10-26 12:33 921,624 --a------ C:\img2-001.raw
2008-10-24 16:56 . 2008-10-15 17:34 337,408 --a------ c:\windows\system32\dllcache\netapi32.dll
2008-10-18 16:27 . 2008-11-02 11:41 <DIR> d-------- c:\documents and settings\User\Application Data\skypePM
2008-10-18 16:27 . 2008-10-18 16:27 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-18 16:22 . 2008-10-18 16:22 <DIR> d-------- c:\program files\Skype
2008-10-18 16:22 . 2008-10-18 16:22 <DIR> d-------- c:\program files\Common Files\Skype
2008-10-18 16:22 . 2008-11-02 11:42 <DIR> d-------- c:\documents and settings\User\Application Data\Skype
2008-10-18 16:22 . 2008-10-18 16:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-10-18 16:09 . 2008-10-18 16:09 <DIR> d-------- c:\program files\Common Files\snpstd3
2008-10-18 16:09 . 2008-10-18 16:09 <DIR> d-------- c:\documents and settings\User\Application Data\InstallShield
2008-10-18 16:09 . 2007-04-03 18:25 10,246,144 --a------ c:\windows\system32\drivers\snpstd3.sys
2008-10-18 16:09 . 2006-09-18 13:12 843,776 --a------ c:\windows\vsnpstd3.exe
2008-10-18 16:09 . 2007-03-30 16:44 262,144 --a------ c:\windows\tsnpstd3.exe
2008-10-18 16:09 . 2007-03-21 14:23 172,032 --a------ c:\windows\system32\rsnpstd3.dll
2008-10-18 16:09 . 2006-07-03 09:31 94,208 --a------ c:\windows\amcap.exe
2008-10-18 16:09 . 2007-03-30 14:09 61,440 --a------ c:\windows\system32\vsnpstd3.dll
2008-10-18 16:09 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-10-18 16:09 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2008-10-18 16:09 . 2005-11-23 12:55 53,248 --a------ c:\windows\system32\csnpstd3.dll
2008-10-18 16:09 . 2005-11-23 12:55 53,248 --a------ c:\windows\csnpstd3.dll
2008-10-18 16:09 . 2004-02-27 16:36 15,498 --a------ c:\windows\snpstd3.ini
2008-10-18 16:09 . 2004-02-27 16:36 13,023 --a------ c:\windows\snpstd3.src
2008-10-15 19:27 . 2008-10-15 19:28 1,393 --a------ c:\windows\imsins.BAK
2008-10-15 16:50 . 2008-09-15 13:12 1,846,400 --a------ c:\windows\system32\dllcache\win32k.sys
2008-10-15 16:50 . 2008-09-08 11:41 333,824 --a------ c:\windows\system32\dllcache\srv.sys
2008-10-15 16:49 . 2008-08-14 11:11 2,189,184 --a------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 16:49 . 2008-08-14 11:09 2,145,280 --a------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 16:49 . 2008-08-14 10:33 2,066,048 --a------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 16:49 . 2008-08-14 10:33 2,023,936 --a------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-13 16:45 . 2008-10-13 16:45 <DIR> d-------- c:\program files\Java
2008-10-12 17:53 . 2008-10-12 17:53 <DIR> d--h----- c:\program files\InstallJammer Registry

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 20:52 655,392 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-12 20:01 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-12 19:40 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-12 19:37 59,888 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-12 19:37 168,500 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-12 19:37 12,189,216 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-12 12:41 --------- d-----w c:\documents and settings\User\Application Data\BearShare
2008-11-09 18:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 14:14 --------- d-----w c:\program files\Mozilla Thunderbird
2008-10-21 21:07 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-07 20:13 --------- d-----w c:\program files\Strategy First
2008-10-03 17:41 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-09-27 15:27 --------- d-----w c:\documents and settings\User\Application Data\XnView
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-09 11:49 230,152 ----a-w c:\windows\system32\PDBoot.exe
2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 10:04 138,496 ----a-w c:\windows\system32\dllcache\afd.sys
2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
2006-06-23 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
2008-05-12 18:46 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-05-12 18:46 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-05-12 18:46 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051220080513\index.dat
2008-05-12 18:46 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-12_20.43.11.06 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99756919-C498-4D97-9E20-2076DE0E42B9}]
2008-09-19 15:16 151552 --a------ d:\program files\Edgios\Edgios\ext\eiexxpw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "c:\program files\BS.Player ControlBar\BSToolbar.dll" [2008-08-13 757192]
"{C9642A6B-9467-4EB5-9168-F141744AA27F}"= "d:\program files\Edgios\Edgios\ext\eiexxpw.dll" [2008-09-19 151552]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "c:\program files\BS.Player ControlBar\BSToolbar.dll" [2008-08-13 757192]
"{C9642A6B-9467-4EB5-9168-F141744AA27F}"= "d:\program files\Edgios\Edgios\ext\eiexxpw.dll" [2008-09-19 151552]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_CLASSES_ROOT\clsid\{c9642a6b-9467-4eb5-9168-f141744aa27f}]
[HKEY_CLASSES_ROOT\EdgiosPlugin.EdgiosToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{67206978-4FEA-42B0-B3FC-DB1D38276494}]
[HKEY_CLASSES_ROOT\EdgiosPlugin.EdgiosToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-08-17 1232384]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]

c:\documents and settings\User\Start Menu\Programs\Startup\
HDDlife.lnk - d:\program files\BinarySense\HDDlife 3\HDDlifePro.exe [2008-02-15 712758]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Shortcut to RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2002-01-01 495616]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-21 07:57 176128 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to RocketDock.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Shortcut to RocketDock.lnk
backup=c:\windows\pss\Shortcut to RocketDock.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 01:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
--a------ 2004-09-29 12:01 106496 c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 18:51 1836328 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-02 00:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
--a------ 2004-09-29 12:26 192512 c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"HostManager"=c:\program files\Common Files\AOL\1210677751\ee\AOLSoftware.exe
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [2008-02-15 832760]
R2 PD91Agent;PD91Agent;d:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-09 693512]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l151x86.sys [2008-02-24 37376]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Cap713x;Cap713x Video Capture;c:\windows\system32\DRIVERS\Cap713x.sys [2004-10-14 751104]
S3 PD91Engine;PD91Engine;d:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-09 906504]
S3 PD91VMDefrag;PD91VMDefrag;d:\program files\Raxco\PerfectDisk2008\PD91VMDefrag.exe [2008-02-29 226568]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-04-04 306432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22d17f5d-3543-11dd-ba5d-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 22:23:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\User\LOCALS~1\Temp\RGI8B.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-11-12 22:24:31
ComboFix-quarantined-files.txt 2008-11-12 21:24:22
ComboFix2.txt 2008-11-12 19:43:44

Pre-Run: 194.841.313.280 bytes free
Post-Run: 194,823,114,752 bytes free

235 --- E O F --- 2008-10-24 17:41:42

Dopuna: 13 Nov 2008 19:27

Јел овај последњи лог у реду.Јел сада чисто? Mr. Green

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Nisi upload-ovao file-ove koje sam tražio.

Takođe, postupak sa ComboFix-om nije pravilno odrađen - ponovi ga (znači, sve što se nalazi unutar kod polja je potrebno iskopirati u Notepad...)

Ko je trenutno na forumu
 

Ukupno su 840 korisnika na forumu :: 11 registrovanih, 1 sakriven i 828 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, Belisarius, Bobrock1, Georgius, ikan, Istman, krkalon, minmatar34957, Viktor Petrenko, vladetije, Žoržo