Problem sa USB stick-ovima!

1

Problem sa USB stick-ovima!

offline
  • Pridružio: 20 Mar 2007
  • Poruke: 97

Imam 2 USB sticka i nedavno mi je antivirus poceo da javlja da su zarazeni kada ih prikljucim na racunar. Javi mi da imam virus i kao obrise ga. Ali sutra mi ga opet javi..i. tako stalno. Nekada ga ne prepozna(milism na virus), ne javi da je tu, pa opet sutra javi. Na dupli klik mi nekada izbacuje error, da ne moze da mu pristupi, a nekada mi da onaj prozor da izaberem program sa kojim cu da ga otvorim, pa moram da ga otvaram na desni klip pa OPEN. A default funkcija za dupli klik mi je Auto open. Pokusao sam da ga formatiram, ali za 2 dana se isto javi.
Tako mi se desava sa oba sticka.
Evo sta mi javlja NOD:
K:\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe - Win32/TrojanDropper.Agent.NHN trojan

Da li treba da okacim HijackThis log za ovo ili da temu postavim na drugo mjesto?

Dopuna: 14 Feb 2008 14:41

Evo log za svaki slucaj:

Logfile of HijackThis v1.99.1
Scan saved at 2:37:48 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BWMeter\BWMeter.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Zvjezdan\Ambulance\zekaThis\zekaThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: BWMeter.lnk = C:\Program Files\BWMeter\BWMeter.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Razvoj\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Preuzmi program Flash_Disinfector.

program se pokreće dvoklikom na Flash_Disinfector.exe
kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay)
kliknuti na OK i sačekati da se proces završi
kada se pojavi poruka Done !!, kliknuti na OK.


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 20 Mar 2007
  • Poruke: 97

ComboFix 08-02-15.2 - Razvoj 2008-02-15 7:26:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.75 [GMT 1:00]
Running from: C:\Documents and Settings\Razvoj\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\xbox.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-14 07:33 . 2008-02-14 07:37 <DIR> d-------- C:\Program Files\The KMPlayer
2008-02-13 11:00 . 2008-02-13 11:09 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\IMVU
2008-02-13 10:59 . 2008-02-13 11:08 <DIR> d-------- C:\Program Files\IMVU
2008-02-11 13:52 . 2008-02-11 13:52 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\Media Player Classic
2008-02-11 13:29 . 2008-02-13 07:52 <DIR> d-------- C:\Program Files\EO Video
2008-02-11 13:29 . 2008-02-11 13:28 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-02-08 10:10 . 2008-02-08 10:10 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-08 10:10 . 2008-02-08 10:10 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-08 10:10 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-02-08 08:43 . 2008-02-08 08:43 334 --ah----- C:\WINDOWS\Fix.reg
2008-02-06 16:09 . 2008-02-06 16:09 34,312 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-06 16:06 . 2008-02-06 16:06 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-02-06 16:06 . 2008-02-06 16:06 29,704 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-06 11:13 . 2008-02-06 11:14 <DIR> d-------- C:\Program Files\Opera 9
2008-01-31 15:20 . 2008-01-31 15:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-31 15:12 . 2008-01-31 15:57 <DIR> d-------- C:\Documents and Settings\Razvoj\.housecall6.6
2008-01-31 08:50 . 2008-02-07 10:37 <DIR> d-------- C:\Program Files\eMule
2008-01-30 07:54 . 2008-01-30 07:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-30 07:54 . 2008-01-30 07:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-29 14:20 . 2008-01-29 14:20 48,174 --a------ C:\olearch.dat
2008-01-29 14:14 . 2008-01-29 14:14 0 --a------ C:\acadminidump.dmp
2008-01-29 12:49 . 2008-01-29 12:49 <DIR> d-------- C:\WINDOWS\SXS
2008-01-29 11:43 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-01-29 11:43 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-01-29 11:41 . 2008-01-29 11:41 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-01-29 11:37 . 2008-01-29 11:38 <DIR> d-------- C:\Program Files\Microsoft WSE
2008-01-25 10:50 . 2008-01-25 10:50 <DIR> d-------- C:\Program Files\Common Files\Synacast
2008-01-25 10:50 . 2008-01-25 10:50 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\PPMate
2008-01-25 10:01 . 2008-01-25 10:01 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\acccore
2008-01-25 08:09 . 2008-01-25 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-25 08:09 . 2008-01-25 08:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-25 08:09 . 2008-01-25 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-01-25 08:08 . 2008-02-06 07:20 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-01-25 08:07 . 2008-01-25 08:09 538 --ah----- C:\IPH.PH
2008-01-24 13:19 . 2008-01-24 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DeskSoft
2008-01-24 13:18 . 2008-01-24 13:19 <DIR> d-------- C:\Program Files\BWMeter
2008-01-24 13:18 . 2008-01-24 13:18 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\DeskSoft
2008-01-24 13:18 . 2008-01-24 13:18 16,896 --a------ C:\WINDOWS\system32\drivers\dsnpfd.sys
2008-01-24 09:24 . 2008-01-24 09:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-24 09:24 . 2008-02-12 07:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-24 09:24 . 2008-01-24 09:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-22 07:06 . 2008-01-22 07:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-21 12:17 . 2008-01-21 12:34 <DIR> d-------- C:\convert
2008-01-21 12:03 . 2008-01-21 12:03 <DIR> d-------- C:\Program Files\QuickTime
2008-01-21 12:02 . 2008-01-21 12:02 <DIR> d-------- C:\Program Files\ImTOO
2008-01-21 11:29 . 2008-02-01 09:29 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\Screenshot Sender
2008-01-21 11:00 . 2008-01-21 11:00 <DIR> d-------- C:\Program Files\Windows Live
2008-01-21 11:00 . 2008-01-21 11:17 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-01-17 10:07 . 2008-01-17 10:08 38 --a------ C:\WINDOWS\avisplitter.INI
2008-01-15 11:06 . 2008-01-15 11:06 <DIR> d-------- C:\WINDOWS\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 10:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-14 07:29 --------- d-----w C:\Program Files\ESET
2008-02-14 07:24 --------- d-----w C:\Program Files\BitDefender
2008-02-14 07:18 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Babylon
2008-02-14 07:17 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-02-14 07:12 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\uTorrent
2008-02-14 06:05 --------- d-----w C:\Program Files\Webteh
2008-02-14 06:04 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\BSplayer PRO
2008-02-08 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-08 09:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-06 06:17 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Skype
2008-02-05 13:51 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-29 13:00 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-01-29 13:00 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Autodesk
2008-01-29 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-23 11:36 --------- d-----w C:\Program Files\Autodesk
2008-01-21 10:00 --------- d-----w C:\Program Files\MSN Messenger
2008-01-15 13:53 --------- d-----w C:\Program Files\Phoenix Contact
2008-01-14 13:49 --------- d-----w C:\Program Files\Skype
2008-01-14 10:30 --------- d-----w C:\Program Files\Common Files\Skype
2008-01-14 10:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-24 12:27 --------- d-----w C:\Program Files\Java
2007-12-24 12:04 --------- d-----w C:\Program Files\Common Files\Java
2007-12-24 10:00 --------- d-----w C:\Program Files\Common Files\Bcgsoft
2007-12-19 10:21 --------- d-----w C:\Program Files\Google
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-05-22 13:55 2663480]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-06 16:08 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnvyHFCPL]
--a------ 2006-02-06 10:12 327680 C:\Program Files\Audio Deck\EnMixCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 15:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-18 17:32 25365032 C:\Program Files\Skype\Phone\Skype.exe

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-06 16:09]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 17:26]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]
R3 dsnpfd;DeskSoft Service;C:\WINDOWS\system32\DRIVERS\dsnpfd.sys [2008-01-24 13:18]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2006-01-12 13:57]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-08 10:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7783a3e-cd72-11dc-b687-005070231a9d}]
\Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72637363-7069-7374-652E-336D65747300}]
C:\WINDOWS\system32\cscripts.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-15 07:30:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-15 7:31:40
ComboFix-quarantined-files.txt 2008-02-15 06:31:24

Dopuna: 15 Feb 2008 14:36

Bilo je ok, dok ih nisam iskopcao i stavio u drugi racunar. Sada je sve isto. Opet mi je nod javio isti virus. Sad

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\cscripts.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7783a3e-cd72-11dc-b687-005070231a9d}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72637363-7069-7374-652E-336D65747300}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 20 Mar 2007
  • Poruke: 97

Nadam se da nije problem sto sam ovo odradio na drugom racunaru. Isto mi se desavalo i na ovom.

ComboFix 08-02-17.2 - Nikola 2008-02-17 10:28:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.451 [GMT 1:00]
Running from: C:\Documents and Settings\Nikola\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nikola\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\cscripts.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Nikola\ravmonlog
C:\WINDOWS\server.exe
C:\WINDOWS\system32\0.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_KSD2SERVICE


((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-12 23:07 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-02-12 23:07 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-02-10 02:09 . 2008-02-10 20:08 <DIR> d-------- C:\Documents and Settings\Nikola\.limewire
2008-02-06 00:51 . 2008-02-06 00:51 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Media Player Classic
2008-02-03 12:14 . 2008-01-22 22:08 5,705,756 --a------ C:\WINDOWS\Timbaland_feat_Ciara_-_Undercover.mp3
2008-01-23 01:58 . 2008-01-23 01:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Genimo
2008-01-22 00:12 . 2008-01-22 00:16 <DIR> d-------- C:\Program Files\HTML Help Workshop
2008-01-22 00:12 . 2008-01-22 00:30 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-01-22 00:12 . 2008-01-22 00:15 <DIR> d-------- C:\Program Files\Common Files\Crystal Decisions
2008-01-20 23:46 . 2008-01-20 23:46 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Genimo
2008-01-20 23:38 . 2008-01-20 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScreenSeven
2008-01-20 21:24 . 2008-01-20 21:24 <DIR> d-------- C:\Program Files\Xinox Software
2008-01-20 21:12 . 2008-01-20 21:12 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-20 21:10 . 2008-01-20 21:12 <DIR> d-------- C:\Program Files\Java
2008-01-20 21:10 . 2008-01-20 21:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-20 21:07 . 2008-01-20 21:07 <DIR> d-------- C:\Documents and Settings\Nikola\System
2008-01-20 21:07 . 2008-01-20 21:09 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\SmartDraw
2008-01-20 18:20 . 2008-01-20 18:20 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\JCreator
2008-01-20 18:20 . 2008-01-20 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JCreator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 09:44 32,727,328 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-17 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-17 09:40 453,620 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-17 09:40 160,388 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-17 09:40 1,655,328 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-17 02:35 --------- d-----w C:\Documents and Settings\Nikola\Application Data\uTorrent
2008-02-13 22:38 --------- d-----w C:\Program Files\eMule
2008-02-11 22:21 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-02-05 23:50 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-28 20:53 --------- d-----w C:\Program Files\MSN Messenger
2008-01-27 17:13 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-01-21 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-21 23:27 --------- d-----w C:\Program Files\Microsoft Visual Studio .NET
2008-01-21 23:12 --------- d-----w C:\Program Files\Microsoft ACT
2008-01-16 18:38 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Ahead
2007-12-24 18:59 --------- d-----w C:\Program Files\Nokia
2007-12-24 18:58 --------- d-----w C:\Program Files\Common Files\Nokia
2007-12-24 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-19 16:26 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Screenshot Sender
2007-12-17 18:33 --------- d-----w C:\Documents and Settings\Nikola\Application Data\SmartFTP
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 10:01 16010752 C:\WINDOWS\RTHDCPL.exe]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-01-12 13:44 2663480]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-05-28 15:58 218640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"snp2std"=C:\WINDOWS\vsnp2std.exe
"tsnp2std"=C:\WINDOWS\tsnp2std.exe
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"AGRSMMSG"=AGRSMMSG.exe
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 08:00]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 09:01]
R2 Fireserv;Fireserv;"C:\fireserv\Apache\bin\Apache.exe" [2002-05-06 23:31]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:07]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 13:58]
S3 BTNetFilter;Bluetooth Network Filter;C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [2005-11-29 16:44]
S3 FlyPCI;FlyPCI;C:\WINDOWS\system32\drivers\FlyPCI.sys [2003-10-10 11:06]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-08-25 22:55]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a92b228-09d4-11dc-a2a1-0016174fd288}]
\Shell\AutoOpen\command - H:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{139872b8-5f73-11dc-b3d2-0016174fd288}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{230b733a-cfbe-11db-87f3-0016174fd288}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ce65432-95c7-11dc-a894-0016174fd288}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b6ae1ab-6e6a-11dc-a850-0016174fd288}]
\Shell\AutoOpen\command - H:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3da86d76-fcbb-11db-a28c-806d6172696f}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49bc19ec-4c36-11dc-a315-0016174fd288}]
\Shell\AutoRun\command - H:\autorun6e.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cf237ff-0ae3-11dc-a2a4-0016174fd288}]
\Shell\AutoRun\command - H:\autorun6e.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f5304ec-ee52-11db-973c-0016174fd288}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{814e6928-b145-11dc-a8c0-0016174fd288}]
\Shell\AutoOpen\command - H:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8423ee57-f022-11db-9740-0016174fd288}]
\Shell\Auto\command - H:\sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c0244fc-c844-11dc-a8e4-a26f4fb30d8c}]
\Shell\AutoOpen\command - H:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb86923a-b558-11db-8bbb-0016174fd288}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf4c7a91-a2c2-11db-8b2d-0016174fd288}]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcc31705-14ee-11dc-a2c5-0016174fd288}]
\Shell\AutoOpen\command - J:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f868f10a-ce57-11dc-a8ec-0016174fd288}]
\Shell\AutoOpen\command - H:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 17:45:11 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-17 10:44:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\fireserv\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
.
**************************************************************************
.
Completion time: 2008-02-17 10:49:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 09:48:55

Dopuna: 17 Feb 2008 17:27

Kada se ovo zavrsilo, sve je bilo ok. otisao sam na kafu, vratio se, prikljucio stickove i opet sve po starom. Sad


offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Jesi li stickove lepo ocistio kao sto ti je receno gore, Flash Disinfectorom?
Jesi li ih ubacivao u neki drugi komp u medjuvremenu?

offline
  • Pridružio: 20 Mar 2007
  • Poruke: 97

Jesam. Ali evo ponovio sam oba postupka ispocetka:

ComboFix 08-02-15.2 - Razvoj 2008-02-20 9:23:31.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.152 [GMT 1:00]
Running from: C:\Documents and Settings\Razvoj\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Razvoj\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\cscripts.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-19 08:40 . 2008-02-19 08:40 <DIR> d-------- C:\Program Files\Pravoslavac
2008-02-14 07:33 . 2008-02-14 07:37 <DIR> d-------- C:\Program Files\The KMPlayer
2008-02-13 11:00 . 2008-02-13 11:09 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\IMVU
2008-02-13 10:59 . 2008-02-13 11:08 <DIR> d-------- C:\Program Files\IMVU
2008-02-11 13:52 . 2008-02-11 13:52 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\Media Player Classic
2008-02-11 13:29 . 2008-02-13 07:52 <DIR> d-------- C:\Program Files\EO Video
2008-02-11 13:29 . 2008-02-11 13:28 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-02-08 10:10 . 2008-02-08 10:10 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-08 10:10 . 2008-02-08 10:10 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-08 10:10 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-02-08 08:43 . 2008-02-08 08:43 334 --ah----- C:\WINDOWS\Fix.reg
2008-02-06 16:09 . 2008-02-06 16:09 34,312 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-06 16:06 . 2008-02-06 16:06 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-02-06 16:06 . 2008-02-06 16:06 29,704 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-06 11:13 . 2008-02-06 11:14 <DIR> d-------- C:\Program Files\Opera 9
2008-01-31 15:20 . 2008-01-31 15:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-31 15:12 . 2008-01-31 15:57 <DIR> d-------- C:\Documents and Settings\Razvoj\.housecall6.6
2008-01-31 08:50 . 2008-02-19 10:06 <DIR> d-------- C:\Program Files\eMule
2008-01-30 07:54 . 2008-01-30 07:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-30 07:54 . 2008-01-30 07:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-29 14:20 . 2008-01-29 14:20 48,174 --a------ C:\olearch.dat
2008-01-29 14:14 . 2008-01-29 14:14 0 --a------ C:\acadminidump.dmp
2008-01-29 12:49 . 2008-01-29 12:49 <DIR> d-------- C:\WINDOWS\SXS
2008-01-29 11:43 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-01-29 11:43 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-01-29 11:41 . 2008-01-29 11:41 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-01-29 11:37 . 2008-01-29 11:38 <DIR> d-------- C:\Program Files\Microsoft WSE
2008-01-25 10:50 . 2008-01-25 10:50 <DIR> d-------- C:\Program Files\Common Files\Synacast
2008-01-25 10:50 . 2008-01-25 10:50 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\PPMate
2008-01-25 10:01 . 2008-01-25 10:01 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\acccore
2008-01-25 08:09 . 2008-01-25 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-25 08:09 . 2008-01-25 08:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-25 08:09 . 2008-01-25 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-01-25 08:08 . 2008-02-06 07:20 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-01-25 08:07 . 2008-01-25 08:09 538 --ah----- C:\IPH.PH
2008-01-24 13:19 . 2008-01-24 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DeskSoft
2008-01-24 13:18 . 2008-01-24 13:19 <DIR> d-------- C:\Program Files\BWMeter
2008-01-24 13:18 . 2008-01-24 13:18 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\DeskSoft
2008-01-24 13:18 . 2008-01-24 13:18 16,896 --a------ C:\WINDOWS\system32\drivers\dsnpfd.sys
2008-01-24 09:24 . 2008-01-24 09:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-24 09:24 . 2008-02-12 07:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-24 09:24 . 2008-01-24 09:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-22 07:06 . 2008-01-22 07:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-21 12:17 . 2008-01-21 12:34 <DIR> d-------- C:\convert
2008-01-21 12:03 . 2008-01-21 12:03 <DIR> d-------- C:\Program Files\QuickTime
2008-01-21 12:02 . 2008-01-21 12:02 <DIR> d-------- C:\Program Files\ImTOO
2008-01-21 11:29 . 2008-02-01 09:29 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\Screenshot Sender
2008-01-21 11:00 . 2008-01-21 11:00 <DIR> d-------- C:\Program Files\Windows Live
2008-01-21 11:00 . 2008-01-21 11:17 <DIR> d-------- C:\Program Files\Messenger Plus! Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 08:06 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\uTorrent
2008-02-18 08:57 --------- d-----w C:\Program Files\Winamp
2008-02-14 10:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-14 07:29 --------- d-----w C:\Program Files\ESET
2008-02-14 07:24 --------- d-----w C:\Program Files\BitDefender
2008-02-14 07:18 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Babylon
2008-02-14 07:17 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-02-14 06:05 --------- d-----w C:\Program Files\Webteh
2008-02-14 06:04 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\BSplayer PRO
2008-02-08 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-08 09:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-06 06:17 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Skype
2008-02-05 13:51 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-29 13:00 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-01-29 13:00 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Autodesk
2008-01-29 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-23 11:36 --------- d-----w C:\Program Files\Autodesk
2008-01-21 10:00 --------- d-----w C:\Program Files\MSN Messenger
2008-01-15 13:53 --------- d-----w C:\Program Files\Phoenix Contact
2008-01-14 13:49 --------- d-----w C:\Program Files\Skype
2008-01-14 10:30 --------- d-----w C:\Program Files\Common Files\Skype
2008-01-14 10:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-24 12:27 --------- d-----w C:\Program Files\Java
2007-12-24 12:04 --------- d-----w C:\Program Files\Common Files\Java
2007-12-24 10:00 --------- d-----w C:\Program Files\Common Files\Bcgsoft
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-05-22 13:55 2663480]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-06 16:08 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnvyHFCPL]
--a------ 2006-02-06 10:12 327680 C:\Program Files\Audio Deck\EnMixCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 15:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-18 17:32 25365032 C:\Program Files\Skype\Phone\Skype.exe

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-06 16:09]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 17:26]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]
R3 dsnpfd;DeskSoft Service;C:\WINDOWS\system32\DRIVERS\dsnpfd.sys [2008-01-24 13:18]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2006-01-12 13:57]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-08 10:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-20 09:25:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-20 9:25:50
ComboFix-quarantined-files.txt 2008-02-20 08:25:28
ComboFix2.txt 2008-02-15 06:31:41

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Pokrenuo si ComboFix tako sto si prevukao stari CFScript na ikonicu ComboFixa.
Obrisi taj CFScript, posto je on odradio svoj posao, i napisan je samo za tu jednu priliku.
Molim te skeniraj ComboFixom tako sto ces startovati ComboFix na uobicajen nacin.

offline
  • Pridružio: 20 Mar 2007
  • Poruke: 97

Da, tako sam uradio. CFScript je sam od sebe nestao poslije skeniranja.
Poslije skeniranja, stikovi su bili ok, ali kada sam otisao kuci, ubacio ih u 2. racunar, sve po starom. Opet Autoopen na dupli klik. Ali nemoj misliti da se to pojavilo zbog drugog racunara. I na ovom se isto pojavi. Mozda ne odmah poslije ciscenja i ponovnog ubacivanja, ali se pojavi.
Evo sad cu odraditi obicni scan.

Dopuna: 21 Feb 2008 9:59

Evo ga. Prvo Flash Disinfector, pa Combo Fix.
Kada sam pokrenuo Combo, na pocetku mi je javio nesto "acess denied", pa da cannot find file temp04..., pa je onda odradio scan. Ali mi na kraju nije automatski izbacio log. PA sm ja onda ponovo pokrenuo Combo i evo log:
P.S(Ovo mi se i prosli put desilo)

ComboFix 08-02-15.2 - Razvoj 2008-02-21 9:53:38.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.296 [GMT 1:00]
Running from: C:\Documents and Settings\Razvoj\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-19 08:40 . 2008-02-19 08:40 <DIR> d-------- C:\Program Files\Pravoslavac
2008-02-14 07:33 . 2008-02-14 07:37 <DIR> d-------- C:\Program Files\The KMPlayer
2008-02-13 11:00 . 2008-02-13 11:09 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\IMVU
2008-02-13 10:59 . 2008-02-13 11:08 <DIR> d-------- C:\Program Files\IMVU
2008-02-11 13:52 . 2008-02-11 13:52 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\Media Player Classic
2008-02-11 13:29 . 2008-02-13 07:52 <DIR> d-------- C:\Program Files\EO Video
2008-02-11 13:29 . 2008-02-11 13:28 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-02-08 10:10 . 2008-02-08 10:10 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-08 10:10 . 2008-02-08 10:10 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-08 10:10 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-02-08 08:43 . 2008-02-08 08:43 334 --ah----- C:\WINDOWS\Fix.reg
2008-02-06 16:09 . 2008-02-06 16:09 34,312 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-06 16:06 . 2008-02-06 16:06 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-02-06 16:06 . 2008-02-06 16:06 29,704 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-06 11:13 . 2008-02-06 11:14 <DIR> d-------- C:\Program Files\Opera 9
2008-01-31 15:20 . 2008-01-31 15:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-31 15:12 . 2008-01-31 15:57 <DIR> d-------- C:\Documents and Settings\Razvoj\.housecall6.6
2008-01-31 08:50 . 2008-02-20 15:31 <DIR> d-------- C:\Program Files\eMule
2008-01-30 07:54 . 2008-01-30 07:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-30 07:54 . 2008-01-30 07:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-29 14:20 . 2008-01-29 14:20 48,174 --a------ C:\olearch.dat
2008-01-29 14:14 . 2008-01-29 14:14 0 --a------ C:\acadminidump.dmp
2008-01-29 12:49 . 2008-01-29 12:49 <DIR> d-------- C:\WINDOWS\SXS
2008-01-29 11:43 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-01-29 11:43 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-01-29 11:41 . 2008-01-29 11:41 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-01-29 11:37 . 2008-01-29 11:38 <DIR> d-------- C:\Program Files\Microsoft WSE
2008-01-25 10:50 . 2008-01-25 10:50 <DIR> d-------- C:\Program Files\Common Files\Synacast
2008-01-25 10:50 . 2008-01-25 10:50 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\PPMate
2008-01-25 10:01 . 2008-01-25 10:01 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\acccore
2008-01-25 08:09 . 2008-01-25 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-25 08:09 . 2008-01-25 08:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-25 08:09 . 2008-01-25 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-01-25 08:08 . 2008-02-06 07:20 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-01-25 08:07 . 2008-01-25 08:09 538 --ah----- C:\IPH.PH
2008-01-24 13:19 . 2008-01-24 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DeskSoft
2008-01-24 13:18 . 2008-01-24 13:19 <DIR> d-------- C:\Program Files\BWMeter
2008-01-24 13:18 . 2008-01-24 13:18 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\DeskSoft
2008-01-24 13:18 . 2008-01-24 13:18 16,896 --a------ C:\WINDOWS\system32\drivers\dsnpfd.sys
2008-01-24 09:24 . 2008-01-24 09:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-24 09:24 . 2008-02-12 07:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-24 09:24 . 2008-01-24 09:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-22 07:06 . 2008-01-22 07:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-21 12:17 . 2008-01-21 12:34 <DIR> d-------- C:\convert
2008-01-21 12:03 . 2008-01-21 12:03 <DIR> d-------- C:\Program Files\QuickTime
2008-01-21 12:02 . 2008-01-21 12:02 <DIR> d-------- C:\Program Files\ImTOO
2008-01-21 11:29 . 2008-02-01 09:29 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\Screenshot Sender
2008-01-21 11:00 . 2008-01-21 11:00 <DIR> d-------- C:\Program Files\Windows Live
2008-01-21 11:00 . 2008-01-21 11:17 <DIR> d-------- C:\Program Files\Messenger Plus! Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 01:50 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\uTorrent
2008-02-18 08:57 --------- d-----w C:\Program Files\Winamp
2008-02-14 10:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-14 07:29 --------- d-----w C:\Program Files\ESET
2008-02-14 07:24 --------- d-----w C:\Program Files\BitDefender
2008-02-14 07:18 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Babylon
2008-02-14 07:17 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-02-14 06:05 --------- d-----w C:\Program Files\Webteh
2008-02-14 06:04 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\BSplayer PRO
2008-02-08 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-08 09:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-06 06:17 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Skype
2008-02-05 13:51 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-29 13:00 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-01-29 13:00 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Autodesk
2008-01-29 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-23 11:36 --------- d-----w C:\Program Files\Autodesk
2008-01-21 10:00 --------- d-----w C:\Program Files\MSN Messenger
2008-01-15 13:53 --------- d-----w C:\Program Files\Phoenix Contact
2008-01-14 13:49 --------- d-----w C:\Program Files\Skype
2008-01-14 10:30 --------- d-----w C:\Program Files\Common Files\Skype
2008-01-14 10:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-24 12:27 --------- d-----w C:\Program Files\Java
2007-12-24 12:04 --------- d-----w C:\Program Files\Common Files\Java
2007-12-24 10:00 --------- d-----w C:\Program Files\Common Files\Bcgsoft
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-05-22 13:55 2663480]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-06 16:08 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

C:\Documents and Settings\Razvoj\Start Menu\Programs\Startup\
BWMeter.lnk - C:\Program Files\BWMeter\BWMeter.exe [2008-01-24 13:18:17 753664]
Pravoslavac 2008.lnk - C:\Program Files\Pravoslavac\Pravoslavac 2008.exe [2008-02-19 08:40:16 1054254]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnvyHFCPL]
--a------ 2006-02-06 10:12 327680 C:\Program Files\Audio Deck\EnMixCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 15:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-18 17:32 25365032 C:\Program Files\Skype\Phone\Skype.exe

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-06 16:09]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 17:26]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]
R3 dsnpfd;DeskSoft Service;C:\WINDOWS\system32\DRIVERS\dsnpfd.sys [2008-01-24 13:18]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2006-01-12 13:57]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-08 10:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-21 09:54:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-21 9:54:46
ComboFix-quarantined-files.txt 2008-02-21 08:54:31
ComboFix2.txt 2008-02-20 08:25:50
ComboFix3.txt 2008-02-15 06:31:41

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Imam osecaj da nesto pogresno radis...
Izgleda da premestas infekciju sa jednog na drugi racunar, i nazad.
Ocisti oba racunara i sve stickove.
Infekcija se prenosi na, i sa sticka cim ga ubacis u racunar, narocito ukoliko nisi doslovce ispratio uputstvo za Flash Disinfector.

Ko je trenutno na forumu
 

Ukupno su 1031 korisnika na forumu :: 38 registrovanih, 9 sakrivenih i 984 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, acatomic, airsuba, Arsenije, asdfjklc, Bane san, bokisha253, brundo65, Dogma21, draganca, HrcAk47, Insan, Još malo pa deda, kovinacc, Kubovac, kybonacci, laurusri, lord sir giga, LUDI, mrav pesadinac, nebkv, Parker, predragc, proka89, rodoljub, rovac, royst33, ruma, Srki94, trutcina, USSVoyager, VJ, vladaa012, VP6919, wizzardone, zbazin, ZetaMan, zlaya011