Provera sta je u pitanju

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nisam bio jedno vreme kuci te sam jednom poznaniku poverio da mi odrazva jednu online igricu. Sta je on sve radio nemam pojma, prilikom podizanja sistema on se dize dosta sporo, i potom na desktopu nema bukvalno nista. Preko upravljaca zadacima sam pokrenuo Operu i uspeo da napravim log. Tek treba da pogledam sta je sve radio tj. brljao na racunaru.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:01, on 23.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Eset_TrialReset_serv.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Administrator\Desktop\Nova fascikla (2)\TR3.exe..exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [srpskey] C:\WINDOWS\SYSTEM32\SRPSKEY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Link mogu videti samo ulogovani korisnici]\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download by YouTube Robot - [Link mogu videti samo ulogovani korisnici]\Program Files\YouTubeRobot\RobotExt.ocx/LINK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - [Link mogu videti samo ulogovani korisnici]\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - [Link mogu videti samo ulogovani korisnici]\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - [Link mogu videti samo ulogovani korisnici]\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - [Link mogu videti samo ulogovani korisnici]\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - [Link mogu videti samo ulogovani korisnici]\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - (no file)
O23 - Service: Eset Service (ekrn) - ESET - (no file)
O23 - Service: Eset TrialReset (Eset_TrialReset_serv) - Everstrike Software - C:\WINDOWS\Eset_TrialReset_serv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O24 - Desktop Component 0: (no name) - [Link mogu videti samo ulogovani korisnici]

--
End of file - 7138 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-01-21.04 - Administrator 2009-01-23 16:49:52.15 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1015.635 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.

2009-01-23 10:57 . 2009-01-23 10:57 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-23 10:57 . 2009-01-23 10:57 1,409 --a------ c:\windows\QTFont.for
2009-01-23 09:06 . 2009-01-23 09:06 <DIR> d-------- c:\documents and settings\Administrator\Application Data\TrojanHunter
2009-01-23 07:06 . 2009-01-23 09:58 <DIR> d-------- c:\program files\TrojanHunter 5.0
2009-01-23 06:54 . 2009-01-23 06:54 <DIR> d-------- c:\program files\VirusTotalUploader
2009-01-22 14:39 . 2009-01-22 14:39 5,632 --ahs---- c:\windows\Thumbs.db
2009-01-22 08:17 . 2009-01-23 09:12 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-22 08:17 . 2009-01-23 09:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-21 17:55 . 2009-01-21 17:55 685,816 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-21 15:55 . 2009-01-21 15:55 <DIR> d-------- c:\program files\Rosetta Stone
2009-01-21 13:35 . 2009-01-21 13:35 <DIR> d-------- c:\program files\Microsoft WSE
2009-01-21 13:35 . 2009-01-21 13:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-21 13:34 . 2009-01-23 12:11 <DIR> d-------- c:\program files\Family Tree Maker 2009
2009-01-20 13:55 . 1998-09-02 09:02 194,320 --a------ c:\windows\system32\qcut.dll
2009-01-20 13:55 . 1998-08-27 05:51 182,032 --a------ c:\windows\system32\dxtmsft3.dll
2009-01-20 13:55 . 1998-08-20 12:02 140,800 --a------ c:\windows\system32\tm20dec.ax
2009-01-20 13:55 . 1998-09-02 09:28 63,488 --a------ c:\windows\system32\unam4ie.exe
2009-01-20 13:55 . 1998-09-02 09:28 38,160 --a------ c:\windows\system32\LMRTREND.dll
2009-01-20 13:55 . 1998-08-17 10:21 11,776 --a------ c:\windows\system32\mciqtz.drv
2009-01-20 13:55 . 1998-08-17 10:21 10,240 --a------ c:\windows\system32\vidx16.dll
2009-01-20 13:55 . 1998-08-17 10:21 5,672 --a------ c:\windows\system32\quartz.vxd
2009-01-20 13:55 . 2009-01-20 13:55 4,608 --a------ c:\windows\system32\w95inf32.dll
2009-01-20 13:55 . 2009-01-20 13:55 2,272 --a------ c:\windows\system32\w95inf16.dll
2009-01-20 13:55 . 2009-01-20 14:07 11 --a------ C:\trace.ini
2009-01-20 13:54 . 2009-01-20 13:54 <DIR> d-------- c:\program files\Auralog
2009-01-15 23:10 . 2009-01-20 11:27 <DIR> d-------- c:\program files\Total Network Monitor
2009-01-15 23:09 . 2009-01-15 23:09 6,858,793 --a------ c:\documents and settings\Administrator\Application Data\tnm-setup.exe
2009-01-13 08:57 . 2009-01-13 09:03 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SecondLife
2009-01-13 08:55 . 2009-01-13 09:05 <DIR> d-------- c:\program files\SecondLife
2009-01-09 19:59 . 2009-01-15 23:54 <DIR> d-------- c:\program files\YouTubeRobot
2009-01-09 19:59 . 2007-02-28 13:30 593,920 --a------ c:\windows\system32\dpuGUI11.dll
2009-01-09 19:59 . 2007-02-28 13:30 577,536 --a------ c:\windows\system32\divxdec.ax
2009-01-09 19:59 . 2007-02-28 13:30 294,912 --a------ c:\windows\system32\dpu11.dll
2009-01-09 19:59 . 2007-02-28 13:30 57,344 --a------ c:\windows\system32\dpv11.dll
2009-01-09 19:59 . 2007-02-28 13:32 414 --a------ c:\windows\system32\lame_acm.xml
2009-01-05 23:33 . 2009-01-05 23:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr
2009-01-04 15:28 . 2009-01-04 15:28 51,712 --a------ c:\windows\wc98pp.dll
2009-01-04 00:17 . 2009-01-04 00:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\BlazeVideo
2009-01-04 00:17 . 2005-03-25 17:42 363,520 --a------ c:\windows\system32\psisdecd.dll
2009-01-04 00:17 . 2005-03-25 17:42 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll
2009-01-04 00:17 . 2004-08-04 00:56 56,832 --a------ c:\windows\system32\msdvbnp.ax
2009-01-04 00:17 . 2004-08-04 00:56 56,832 --a--c--- c:\windows\system32\dllcache\msdvbnp.ax
2009-01-04 00:17 . 2004-08-04 00:56 33,280 --a------ c:\windows\system32\psisrndr.ax
2009-01-04 00:17 . 2004-08-04 00:56 33,280 --a--c--- c:\windows\system32\dllcache\psisrndr.ax
2009-01-03 01:54 . 2009-01-03 01:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2009-01-03 01:54 . 2009-01-03 01:54 <DIR> d-------- c:\documents and settings\Administrator\Application Data\iolo
2009-01-01 09:29 . 2009-01-01 09:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2009-01-01 09:19 . 2007-03-28 20:49 128,104 --a------ c:\windows\system32\drivers\WimFltr.sys
2009-01-01 09:19 . 2007-03-28 20:12 109,360 --a------ c:\windows\system32\GEARAspi.dll
2009-01-01 09:19 . 2007-03-28 20:29 37,864 --a------ c:\windows\system32\drivers\v2imount.sys
2009-01-01 09:19 . 2007-03-28 20:12 15,664 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-01 09:19 . 2007-07-31 17:22 14,072 --a------ c:\windows\system32\drivers\vproeventmonitor.sys
2009-01-01 09:18 . 2009-01-05 01:35 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-01 09:18 . 2007-03-28 20:29 131,944 --a------ c:\windows\system32\drivers\symsnap.sys
2009-01-01 09:16 . 2009-01-05 01:35 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-01-01 09:16 . 2009-01-05 01:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-12-24 15:34 . 2008-12-24 15:34 <DIR> d-------- c:\program files\Steveredrum
2008-12-24 15:33 . 2008-12-24 15:33 8,302,698 --a------ c:\windows\system32\xa14443390.exe
2008-12-24 15:33 . 2008-12-24 15:33 8,302,698 --a------ c:\windows\system32\xa14442109.exe
2008-12-24 11:04 . 2008-12-24 11:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Software Informer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 15:47 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-01-23 12:39 --------- d-----w c:\program files\CCleaner
2009-01-23 11:09 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-23 09:13 --------- d-----w c:\program files\Spy Cleaner Platinum
2009-01-22 13:40 --------- d-----w c:\program files\Your Uninstaller 2008
2009-01-22 13:40 --------- d-----w c:\program files\WinWatermark 2
2009-01-22 13:40 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-22 13:40 --------- d-----w c:\program files\Trojan Remover
2009-01-22 06:23 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-21 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\Rosetta Stone
2009-01-21 15:01 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-21 14:59 --------- d-----w c:\program files\ImageShackToolbar
2009-01-21 14:59 --------- d-----w c:\program files\GmailBackup
2009-01-21 14:59 --------- d-----w c:\program files\Free Photo Resizer
2009-01-21 14:59 --------- d-----w c:\program files\FastStone Capture
2009-01-21 14:58 --------- d-----w c:\program files\res
2009-01-21 14:58 --------- d-----w c:\program files\RegCure
2009-01-21 14:58 --------- d-----w c:\program files\Mouse
2009-01-21 14:58 --------- d-----w c:\program files\ClocX
2009-01-21 12:36 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-20 19:13 --------- d-----w c:\documents and settings\All Users\Application Data\Bitmeter2
2009-01-20 09:54 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-20 00:36 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-01-15 22:54 --------- d-----w c:\program files\SHOUTcast
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-12 15:48 --------- d-----w c:\program files\Babylon
2009-01-11 21:38 --------- d-----w c:\program files\URUSoft
2009-01-03 21:52 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-01-03 20:36 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2008-12-22 10:10 --------- d-----w c:\program files\uTorrent
2008-12-22 10:10 --------- d-----w c:\program files\FF
2008-12-22 10:10 --------- d-----w c:\documents and settings\Administrator\Application Data\MegauploadToolbar
2008-12-20 00:20 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-12-20 00:20 262,144 ------w c:\windows\Setup1.exe
2008-12-20 00:20 --------- d-----w c:\program files\JoLiViewer
2008-12-19 02:48 --------- d-----w c:\documents and settings\All Users\Application Data\RFA_Backups
2008-12-19 02:11 --------- d-----w c:\documents and settings\Administrator\Application Data\Nitro PDF
2008-12-19 02:09 --------- d-----w c:\program files\Nitro PDF
2008-12-19 02:09 --------- d-----w c:\program files\Common Files\Nitro PDF
2008-12-19 02:09 --------- d-----w c:\program files\Common Files\BCL Technologies
2008-12-19 02:09 --------- d-----w c:\documents and settings\All Users\Application Data\Nitro PDF
2008-12-17 22:52 --------- d-----w c:\program files\extensions
2008-12-17 22:51 --------- d-----w c:\program files\searchplugins
2008-12-17 22:51 --------- d-----w c:\program files\plugins
2008-12-17 22:51 --------- d-----w c:\program files\modules
2008-12-17 22:51 --------- d-----w c:\program files\greprefs
2008-12-17 22:51 --------- d-----w c:\program files\dictionaries
2008-12-17 22:51 --------- d-----w c:\program files\defaults
2008-12-17 22:51 --------- d-----w c:\program files\components
2008-12-17 22:51 --------- d-----w c:\program files\chrome
2008-12-17 02:43 --------- d-----w c:\program files\Super Internet TV
2008-12-17 00:55 --------- d-----w c:\documents and settings\Administrator\Application Data\BSplayer PRO
2008-12-16 15:52 --------- d-----w c:\program files\Opera
2008-12-15 10:35 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2008-12-15 10:35 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-12-15 01:36 --------- d-----w c:\documents and settings\All Users\Application Data\Sunbelt
2008-12-15 01:36 --------- d-----w c:\documents and settings\Administrator\Application Data\Sunbelt
2008-12-15 01:34 --------- d-----w c:\program files\Sunbelt Software
2008-12-13 17:09 --------- d-----w c:\program files\profile
2008-12-13 17:09 --------- d-----w c:\program files\mail
2008-12-12 20:14 --------- d-----w c:\program files\RFA
2008-12-12 06:21 --------- d-----r c:\program files\TypingMaster
2008-12-11 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-11 16:58 --------- d-----w c:\documents and settings\Administrator\Application Data\TypingMaster7
2008-12-11 12:31 27,904 ----a-w c:\windows\system32\uxtuneup.dll
2008-12-11 10:24 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 16:35 --------- d-----w c:\documents and settings\Administrator\Application Data\GetRightToGo
2008-12-10 14:51 --------- d-----w c:\program files\MSECache
2008-12-09 14:43 698,880 ----a-w c:\windows\is-HON84.exe
2008-12-08 08:15 --------- d-----w c:\program files\Common Files\Adobe
2008-12-08 03:01 --------- d-----w c:\documents and settings\Administrator\Application Data\Thinstall
2008-12-04 16:18 509,224 ----a-w c:\windows\system32\ICCProfiles.dll
2008-12-04 04:12 --------- d-----w c:\program files\Raxco
2008-12-04 04:12 --------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2008-12-02 06:20 --------- d-----w c:\program files\VDJ5
2008-12-01 11:16 --------- d-----w c:\program files\Winamp
2008-11-29 06:18 --------- d-----w c:\program files\MSBuild
2008-11-29 06:04 --------- d-----w c:\program files\Reference Assemblies
2008-11-27 13:17 --------- d-----w c:\program files\PostgreSQL
2008-11-27 03:25 --------- d-----w c:\documents and settings\Administrator\Application Data\Winamp
2008-11-27 00:55 --------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2008-11-27 00:55 --------- d-----w c:\documents and settings\Administrator\Application Data\Simply Super Software
2008-11-25 22:18 --------- d-----w c:\program files\WinASO
2008-11-24 07:02 304,182 ----a-w C:\StiImg.dat
2008-11-21 04:49 218,624 ----a-w c:\windows\system32\uxtheme.dll
2008-11-20 05:41 206,256 ----a-w c:\windows\system32\idmmbc.dll
2008-10-28 15:28 65,320 ----a-w c:\windows\system32\sbbd.exe
2008-10-23 12:51 284,160 ----a-w c:\windows\system32\gdi32.dll
2007-12-17 02:11 47,360 ----a-w c:\documents and settings\Administrator\Application Data\pcouffin.sys
2008-10-05 16:41 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2005-07-14 19:31 27,648 --sha-w c:\windows\system32\AVSredirect.dll
2007-10-10 23:28 2,568 --sha-w c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2007-06-27 15:40 824320 d6ed5e042c5207553e7f5e842918137f c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2006-04-11 16:34 663552 c0845ecbf4f9164e618ee381b79c9032 c:\windows\ie7\wininet.dll
2006-11-07 20:03 818688 92995334f993e6e49c25c6d02ec04401 c:\windows\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 15:34 925184 df7b22a7ca0de1961e60a032b2a9f914 c:\windows\ie8\wininet.dll
2008-08-22 03:08 979968 bb6322aa82819491f545021e96d0282b c:\windows\system32\wininet.dll
2008-08-22 03:08 979968 bb6322aa82819491f545021e96d0282b c:\windows\system32\dllcache\wininet.dll
2008-08-22 03:08 878592 df1cb456ed1e038b276123365a1a93c4 c:\windows\VistaMizer\old\wininet.dll

2004-08-03 23:56 541696 55aca85eb80e2155e20211aaaddd711a c:\windows\system32\winlogon.exe
2004-08-03 23:56 541696 55aca85eb80e2155e20211aaaddd711a c:\windows\system32\dllcache\winlogon.exe
2004-08-03 23:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\VistaMizer\old\winlogon.exe

2008-08-14 10:18 2062976 63ec865dff6ccfc7bef94b5c50297cad c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
2008-08-14 10:33 2066048 4ac58f03eb94a72809949d757fc39d80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
2008-08-14 15:39 2066048 a25e9b86effb2af33bf51e676b68bfb0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2008-08-14 10:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-08-14 10:22 2314880 022bfdbdee6676912e764c789cd8091d c:\windows\system32\ntkrnlpa.exe
2008-08-14 10:22 2314880 022bfdbdee6676912e764c789cd8091d c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 10:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\VistaMizer\old\ntkrnlpa.exe

2008-08-14 10:57 2185984 ce69dbd54221f2d40e49ff6db77c6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
2008-08-14 11:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
2008-08-14 16:11 2189184 31914172342bff330063f343ac6958fe c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2008-08-14 11:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-08-14 11:00 2437504 432a97664f0e59aed3c54e4516aede99 c:\windows\system32\ntoskrnl.exe
2008-08-14 11:00 2437504 432a97664f0e59aed3c54e4516aede99 c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 11:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\VistaMizer\old\ntoskrnl.exe

2004-08-03 23:56 25088 5f1724d0e11eb88c95a3b73a6dd72779 c:\windows\system32\ctfmon.exe
2004-08-03 23:56 25088 5f1724d0e11eb88c95a3b73a6dd72779 c:\windows\system32\dllcache\ctfmon.exe
2004-08-03 23:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2009-01-22_ 7.44.34.70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-23 06:06:36 59,392 ------r c:\windows\system32\streamhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 25088]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2008-12-11 155904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2004-01-21 103936]
"srpskey"="c:\windows\SYSTEM32\SRPSKEY.EXE" [2007-05-04 35840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-23 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 25088]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
FastStone Capture.lnk - c:\program files\FastStone Capture\FSCapture.exe [2008-05-07 1008128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\SHOUTcast\\sc_serv.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2008-12-17 13360]
R3 HidMouse;HidMouse;c:\windows\system32\drivers\HidMouse.sys [2008-02-03 34585]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
R4 Eset_TrialReset_serv;Eset TrialReset;c:\windows\Eset_TrialReset_serv.exe [2008-07-27 69632]
R4 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-09 693512]
R4 SBAMSvc;CounterSpy Antispyware;c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-10-28 886056]
R4 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2008-12-17 69168]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-15 603904]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2008-06-12 14336]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-05 30192]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-09 906504]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-23 92464]
S4 ekrn;Eset Service; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
cscript //B "c:\program files\Nitro PDF\Professional\RemoveOldAddins.vbs"
.
Contents of the 'Scheduled Tasks' folder

2009-01-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]

2009-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1614895754-1801674531-500.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 18:38]

2009-01-22 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-07-26 20:37]

2009-01-23 c:\windows\Tasks\User_Feed_Synchronization-{61EDF5FA-C82B-4023-8C2B-44D92736E24F}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 03:05]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici]
uStart Page = [Link mogu videti samo ulogovani korisnici]
mSearch Bar = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM
IE: Download by YouTube Robot - c:\program files\YouTubeRobot\RobotExt.ocx/LINK.HTM
IE: Download FLV video content with IDM
IE: Download with IDM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Post Image to Blog - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5003
IE: Tag This Image - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5002
IE: Transload Image to ImageShack - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5004
IE: Upload All Images to ImageShack - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5000
IE: Upload Image to ImageShack - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5001
LSP: c:\windows\system32\idmmbc.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-01-23 16:53:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,bb,58,50,92,f6,e0,48,b7,11,60,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,bb,58,50,92,f6,e0,48,b7,11,60,\
"B34DEDAE08DEBC3D9AE72E5085B5F343BB2B215141"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,bb,58,50,92,f6,e0,48,b7,11,60,\

[HKEY_USERS\Administrator\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4620CD29-1B67-D34C-906C-319A7AA4E8DF}*]
"jaiajijmgobmicpheddm"=hex:66,61,6e,6f,67,68,64,70,63,69,61,64,00,f1
"paabhkcfcahlnkeommkmnpfkadcdpmoh"=hex:65,61,6e,6f,66,68,68,70,6b,6e,00,00
"haiajijmgobmicph"=hex:6e,62,6e,6f,61,69,6d,6b,6f,62,62,66,6b,6e,68,6a,62,69,
67,66,6a,6f,70,6a,65,6f,61,65,64,6f,68,6f,67,67,61,6e,6d,6e,68,65,63,64,63,\

[HKEY_USERS\Administrator\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:04,8f,c4,9f,65,15,01,fe,16,7f,47,d3,97,c4,d1,1e,f6,9d,20,b4,dd,61,d4,
ef,7b,1a,ca,eb,0b,97,22,ce,43,b8,a7,fc,d9,52,89,f0,fa,69,37,a4,70,13,3c,7f,\
"??"=hex:78,83,31,25,fc,4f,04,4d,e7,a9,e8,08,be,4c,bc,8c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
.
Completion time: 2009-01-23 16:58:41
ComboFix-quarantined-files.txt 2009-01-23 15:57:20
ComboFix2.txt 2009-01-23 09:49:21
ComboFix3.txt 2009-01-22 06:48:20

Pre-Run: 10.974.609.408 bytes free
Post-Run: 10,956,857,344 bytes free

336

Dopuna: 23 Jan 2009 17:07

Zaboravio sam da napomenem, ne znam da li je bitno ali na kraju sam dobio i ovo obavestenje:

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preko Task Managera pokreni regedit
Idi do sledeceg kljuca:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

Vidi da li se Explorer i Internet Explorer nalaze kao podkljucevi tog kljuca.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pregledao sam ali nema ni jednog ni drugog, evo i slike iz regedita, da budem siguran da je to taj niz:

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hmmm...

Sta se desava kada u Task Manageru pokusas da pokrenes explorer?
Je li isto prijavljuje tu poruku da ne moze da ga nadje?

Pokusaj onda u Task Manageru da pokrenes explorer kucanjem pune putanje:
C:\Windows\Explorer.exe

Vidi da li hoce tada da ga pokrene.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Nazlasot nece, daje mi opet isto obavestenje:


Najgore u svemu je sto ne mogu da nadjem ovog poznanika, nemam nikakavu predstavu sta je radio i sta se deslio.

Dopuna: 23 Jan 2009 18:53

Jel mozes da pogledas ovaj log, sada sam ga ugledao na desktopu kada sam kacio sliku, ovo nije od mene to znam sigurno, izgelda da je on nesto cackao.

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kada je on to radio za tvojim kompjuterom?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Od 20.01. navece do jutors. Ja sam dosao jutors oko 10 sati i racunar je bio ugasen ali jos ugrejan, sto znaci da je verovatno nesto zabrljao u tom vremenu. Evo sada sam pokusavao da ga dobijem ali ne javlja se.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hajde probaj iz Task Managera da pokrenes cmd (konzolu).
Ukoliko uspes, onda kucaj sledece:
echo %PATH%
i stisni Enter.
Prekucaj ili iskopira rezultat ovde.

====================================

Nakon toga probaj da odradis jedno vracanje sistema na prethodno stanje (System Restore) pomocu sledece komande:
C:\Windows\system32\restore\rstrui.exe


====================================

Ako ni to ne pomogne, onda ces probati sledece:
spremi instalacioni CD Windowsa i u konzoli ukucaj:
sfc /scannow

To ce da proskenira instalaciju Windowsa i da popravi ono sto ne valja u instaliranim fajlovima.
Ova alatka nije magicna, ali vredi probati.