Treba mi pomoc

1

Treba mi pomoc

offline
  • Pridružio: 30 Nov 2007
  • Poruke: 160

Ovo mi se pojavljuje :







mycity.rs/must-login.png

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Tvoj Windows je 32 bitni. Isprati odgovarajuće uputstvo.

offline
  • Pridružio: 30 Nov 2007
  • Poruke: 160

DDS (Ver_10-11-03.01) - NTFSx86
Run by user at 20:47:02.25 on Thu 11/04/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1576 [GMT 1:00]

AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\FaxTalk Communicator\FTCtrl32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\FaxTalk Communicator\FAPIEXE.EXE
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\FlvTube Toolbar\FlvTubeSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\FlvTube Toolbar\FlvTubeVideoToMp3.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Documents and Settings\All Users\Application Data\QueryBrowser\querybrowser111.exe
C:\WINDOWS\system32\inetsrv\svchost.exe /service
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\QueryBrowser\querybrowser.exe
C:\WINDOWS\slrundll.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ba/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
TB: FlvTube Toolbar: {851552f5-b878-4b03-904f-2ad6a4cc8994} - "c:\program files\flvtube toolbar\flvtubetb.dll"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [BitTorrent] "d:\program files\bittorrent\BitTorrent.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RegistryBooster] "d:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [CallControl 4.5] c:\program files\faxtalk communicator\FTCtrl32.exe /autoload
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: cryptnet32 - cryptnet32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\4vcd0zkp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords=
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: e:\program files\veetle\player\npvlc.dll
FF - plugin: e:\program files\veetle\plugins\npVeetle.dll
FF - plugin: e:\program files\veetle\vlcbroadcast\npvbp.dll

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-10-25 95896]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/31 10:50:29];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-6-24 810144]
R2 FlvTube Toolbar Helper;FlvTube Toolbar Helper;c:\program files\flvtube toolbar\FLVTubeSvc.exe [2010-10-12 255240]
R2 QueryBrowser Service;QueryBrowser Service;c:\documents and settings\all users\application data\querybrowser\querybrowser111.exe [2010-10-28 57616]
R2 svchost32;Windows Service Manager;c:\windows\system32\inetsrv\svchost.exe /service [2010-10-31 47484]

=============== Created Last 30 ================

2010-11-02 17:24:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\KONAMI
2010-10-31 22:39:25 296225 ----a-w- c:\windows\system32\shimg.dll
2010-10-31 22:39:24 46592 ----a-w- c:\windows\system32\cryptnet32.dll
2010-10-31 18:42:15 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2010-10-31 18:42:15 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2010-10-31 18:42:15 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2010-10-31 18:42:15 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2010-10-31 18:42:15 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2010-10-31 18:42:13 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2010-10-31 18:42:12 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2010-10-31 18:20:13 -------- d-----w- c:\docume~1\user\locals~1\applic~1\VirtuaTennis2009
2010-10-31 18:13:51 -------- d-----w- c:\windows\Logs
2010-10-31 18:12:44 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-31 18:12:24 28160 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-31 18:12:18 14048 ------w- c:\windows\system32\spmsg2.dll
2010-10-31 16:23:55 32214 ----a-w- c:\windows\Sysvxd.exe
2010-10-31 15:23:46 47484 ----a-w- C:\~.exe
2010-10-28 13:14:12 -------- d-----w- c:\program files\QueryBrowser
2010-10-28 13:14:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\QueryBrowser
2010-10-28 13:13:43 -------- d-----w- c:\docume~1\user\applic~1\FlvTube Toolbar
2010-10-28 13:13:36 -------- d-----w- c:\program files\FlvTube Toolbar
2010-10-25 14:39:52 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Apple
2010-10-25 14:39:34 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Apple Computer
2010-10-14 13:22:28 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-10-14 13:22:26 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-10-14 13:22:26 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-10-14 13:22:23 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-10-14 13:22:23 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-10-08 16:55:00 -------- d-----w- c:\docume~1\user\locals~1\applic~1\PowerDVDCox
2010-10-08 16:54:55 -------- d-----w- c:\docume~1\user\locals~1\applic~1\PowerDVDCinema

==================== Find3M ====================

2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-31 08:48:59 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-31 08:48:59 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-08-31 08:48:58 505128 ----a-w- c:\windows\system32\msvcp71.dll

============= FINISH: 20:47:10.53 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 30 Nov 2007
  • Poruke: 160

ComboFix 10-11-03.04 - user 11/05/2010 0:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1458 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\~.exe
c:\documents and settings\All Users\Documents\Server\admin.txt
c:\program files\FlvTube Toolbar\flvtubetb.dll
c:\windows\system32\crt.dat
c:\windows\system32\cryptnet32.dll
c:\windows\system32\shimg.dll
c:\windows\Sysvxd.exe

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SVCHOST32
-------\Service_svchost32


((((((((((((((((((((((((( Files Created from 2010-10-04 to 2010-11-04 )))))))))))))))))))))))))))))))
.

2010-11-02 17:24 . 2010-11-02 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2010-10-31 18:42 . 2005-11-13 22:22 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-10-31 18:42 . 2005-11-13 22:22 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-10-31 18:42 . 2005-11-13 22:21 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2010-10-31 18:42 . 2005-11-13 22:20 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2010-10-31 18:42 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-10-31 18:42 . 2010-10-31 18:42 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-10-31 18:42 . 2010-10-31 18:42 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-10-31 18:20 . 2010-10-31 18:20 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\VirtuaTennis2009
2010-10-31 18:13 . 2010-10-31 18:13 -------- d-----w- c:\windows\Logs
2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\program files\Reference Assemblies
2010-10-31 18:12 . 2007-03-22 19:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-31 18:12 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-10-28 13:14 . 2010-10-29 05:44 -------- d-----w- c:\program files\QueryBrowser
2010-10-28 13:14 . 2010-10-28 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\QueryBrowser
2010-10-28 13:13 . 2010-10-28 13:14 -------- d-----w- c:\documents and settings\user\Application Data\FlvTube Toolbar
2010-10-28 13:13 . 2010-11-04 23:30 -------- d-----w- c:\program files\FlvTube Toolbar
2010-10-25 14:41 . 2010-10-25 14:41 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Common Files\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Apple Software Update
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple Computer
2010-10-14 14:24 . 2010-10-14 14:25 -------- d-----w- c:\program files\Ahead
2010-10-14 13:22 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-10-14 13:22 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-10-14 13:22 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-10-14 13:22 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-10-14 13:22 . 2007-01-24 14:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-10-08 16:55 . 2010-10-08 16:55 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCox
2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCinema
2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-31 08:48 . 2010-08-31 08:49 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-31 08:48 . 2010-08-31 08:49 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-08-31 08:48 . 2010-08-31 08:49 505128 ----a-w- c:\windows\system32\msvcp71.dll
.

------- Sigcheck -------

[-] 2008-07-25 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 . 2ED23E969A00E67D1C2EF2534B943BC1 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 0C17E035CD1336F46F6D7C7727EF4059 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-07-25 . 0CDE394F7FB69CB8548CFCA61F1B3855 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"BitTorrent"="d:\program files\BitTorrent\BitTorrent.exe" [2010-10-06 742776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CallControl 4.5"="c:\program files\FaxTalk Communicator\FTCtrl32.exe" [2003-06-03 123392]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-07-25 123904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 8:17 AM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/25/2007 8:27 AM 95896]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/31 10:50];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 6:40 PM 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/24/2010 9:27 AM 810144]
R2 FlvTube Toolbar Helper;FlvTube Toolbar Helper;c:\program files\FlvTube Toolbar\FLVTubeSvc.exe [10/12/2010 10:38 PM 255240]
R2 QueryBrowser Service;QueryBrowser Service;c:\documents and settings\All Users\Application Data\QueryBrowser\querybrowser111.exe [10/28/2010 2:16 PM 57616]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\4vcd0zkp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords=
FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program files\Veetle\Player\npvlc.dll
FF - plugin: e:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: e:\program files\Veetle\VLCBroadcast\npvbp.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{851552F5-B878-4b03-904F-2AD6A4CC8994} - c:\program files\FlvTube Toolbar\flvtubetb.dll
WebBrowser-{851552F5-B878-4B03-904F-2AD6A4CC8994} - c:\program files\FlvTube Toolbar\flvtubetb.dll
HKCU-Run-RegistryBooster - d:\program files\Uniblue\RegistryBooster\launcher.exe
AddRemove-QueryBrowser - c:\program files\QueryBrowser\uninstall.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3620)
c:\program files\QueryBrowser\querybrowser.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\FlvTube Toolbar\FlvTubeVideoToMp3.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\FaxTalk Communicator\FAPIEXE.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\slrundll.exe
c:\program files\QueryBrowser\querybrowser.exe
.
**************************************************************************
.
Completion time: 2010-11-05 00:33:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-04 23:33

Pre-Run: 29,819,215,872 bytes free
Post-Run: 30,485,401,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D608FDCAA8E8A677DFF1F80D4C5846AB

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Deinstaliraj (ukoliko je moguće) sledeće programe:

FlvTube Toolbar
Homepage Protection Service
QueryBrowser 1.0 build 111




Arrow Uploaduj file-ove:

c:\windows\system32\winlogon.exe
c:\windows\explorer.exe

preko ovog linka: http://www.mycity.rs/ambulanta-upload.php




Arrow Otvoriti Notepad i iskopirati sledeci tekst:


Folder::
c:\program files\QueryBrowser
c:\documents and settings\All Users\Application Data\QueryBrowser
c:\documents and settings\user\Application Data\FlvTube Toolbar
c:\program files\FlvTube Toolbar

Driver::
FlvTube Toolbar Helper
QueryBrowser Service

Firefox::
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\4vcd0zkp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube
FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords=
FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 30 Nov 2007
  • Poruke: 160

Napisano: 05 Nov 2010 20:13

Uspio sam da obrisem onaj flv tube i ovaj drugi ali ovaj treci nisam uspio naci i postavio sam ono na upload


ComboFix 10-11-05.01 - user 11/05/2010 20:02:46.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1430 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\QueryBrowser
c:\documents and settings\All Users\Application Data\QueryBrowser\querybrowser111.exe
c:\documents and settings\user\Application Data\FlvTube Toolbar
c:\documents and settings\user\Application Data\FlvTube Toolbar\images\divider.png
c:\documents and settings\user\Application Data\FlvTube Toolbar\images\facebook.png
c:\documents and settings\user\Application Data\FlvTube Toolbar\images\feeditem.png
c:\documents and settings\user\Application Data\FlvTube Toolbar\images\games.png
c:\documents and settings\user\Application Data\FlvTube Toolbar\images\news.png
c:\documents and settings\user\Application Data\FlvTube Toolbar\images\saveyoutubevideos-on.png
c:\documents and settings\user\Application Data\FlvTube Toolbar\images\saveyoutubevideos.png
c:\documents and settings\user\Application Data\FlvTube Toolbar\images\shopping.png
c:\documents and settings\user\Application Data\FlvTube Toolbar\images\watermark.png
c:\documents and settings\user\Application Data\FlvTube Toolbar\images\weatherbug.png
c:\documents and settings\user\Application Data\FlvTube Toolbar\images\YouTube.png
c:\documents and settings\user\Application Data\FlvTube Toolbar\pref.xml
c:\documents and settings\user\Application Data\FlvTube Toolbar\tbconfig.xml
c:\documents and settings\user\Application Data\FlvTube Toolbar\weather.xml
c:\program files\FlvTube Toolbar
c:\program files\QueryBrowser
c:\program files\QueryBrowser\querybrowser.dll
c:\program files\QueryBrowser\querybrowser.exe

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_QUERYBROWSER_SERVICE
-------\Service_QueryBrowser Service


((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 )))))))))))))))))))))))))))))))
.

2010-11-02 17:24 . 2010-11-02 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2010-10-31 18:42 . 2005-11-13 22:22 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-10-31 18:42 . 2005-11-13 22:22 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-10-31 18:42 . 2005-11-13 22:21 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2010-10-31 18:42 . 2005-11-13 22:20 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2010-10-31 18:42 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-10-31 18:42 . 2010-10-31 18:42 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-10-31 18:42 . 2010-10-31 18:42 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-10-31 18:20 . 2010-10-31 18:20 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\VirtuaTennis2009
2010-10-31 18:13 . 2010-10-31 18:13 -------- d-----w- c:\windows\Logs
2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\program files\Reference Assemblies
2010-10-31 18:12 . 2007-03-22 19:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-31 18:12 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-10-25 14:41 . 2010-10-25 14:41 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Common Files\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Apple Software Update
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple Computer
2010-10-14 14:24 . 2010-10-14 14:25 -------- d-----w- c:\program files\Ahead
2010-10-14 13:22 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-10-14 13:22 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-10-14 13:22 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-10-14 13:22 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-10-14 13:22 . 2007-01-24 14:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-10-08 16:55 . 2010-10-08 16:55 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCox
2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCinema
2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-31 08:48 . 2010-08-31 08:49 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-31 08:48 . 2010-08-31 08:49 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-08-31 08:48 . 2010-08-31 08:49 505128 ----a-w- c:\windows\system32\msvcp71.dll
.

------- Sigcheck -------

[-] 2008-07-25 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2GDR\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2QFE\tcpip.sys

[-] 2008-04-14 . 2ED23E969A00E67D1C2EF2534B943BC1 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 0C17E035CD1336F46F6D7C7727EF4059 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-07-25 . 0CDE394F7FB69CB8548CFCA61F1B3855 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-11-04_23.32.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-11-04 23:37 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-14 12:41 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 12:41 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2010-08-30 17:51 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2010-08-30 17:51 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-08-30 17:51 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2010-08-30 17:51 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"BitTorrent"="d:\program files\BitTorrent\BitTorrent.exe" [2010-10-06 742776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CallControl 4.5"="c:\program files\FaxTalk Communicator\FTCtrl32.exe" [2003-06-03 123392]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-07-25 123904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 8:17 AM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/25/2007 8:27 AM 95896]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/31 10:50];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 6:40 PM 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/24/2010 9:27 AM 810144]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\4vcd0zkp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program files\Veetle\Player\npvlc.dll
FF - plugin: e:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: e:\program files\Veetle\VLCBroadcast\npvbp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-11-05 20:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2832)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\FaxTalk Communicator\FAPIEXE.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\slrundll.exe
.
**************************************************************************
.
Completion time: 2010-11-05 20:10:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-05 19:10
ComboFix2.txt 2010-11-04 23:33

Pre-Run: 30,357,901,312 bytes free
Post-Run: 30,347,595,776 bytes free

- - End Of File - - 64C70BE58F832FB70CEE222EB09EABC0

Dopuna: 05 Nov 2010 21:50

ComboFix 10-11-05.01 - user 11/05/2010 21:35:46.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1514 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\explorer.exe
c:\windows\system32\crt.dat
c:\windows\system32\cryptnet32.dll
c:\windows\system32\shimg.dll
C:\winlogon.exe

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 )))))))))))))))))))))))))))))))
.

2010-11-05 20:31 . 2008-04-14 03:42 507904 ----a-w- c:\windows\system32\dllcache\winlogon.exe
2010-11-05 20:31 . 2008-04-14 03:42 1033728 ----a-w- c:\windows\system32\dllcache\explorer.exe
2010-11-02 17:24 . 2010-11-02 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2010-10-31 18:42 . 2005-11-13 22:22 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-10-31 18:42 . 2005-11-13 22:22 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-10-31 18:42 . 2005-11-13 22:21 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2010-10-31 18:42 . 2005-11-13 22:20 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2010-10-31 18:42 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-10-31 18:42 . 2010-10-31 18:42 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-10-31 18:42 . 2010-10-31 18:42 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-10-31 18:20 . 2010-10-31 18:20 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\VirtuaTennis2009
2010-10-31 18:13 . 2010-10-31 18:13 -------- d-----w- c:\windows\Logs
2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-31 18:12 . 2010-10-31 18:12 -------- d-----w- c:\program files\Reference Assemblies
2010-10-31 18:12 . 2007-03-22 19:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-31 18:12 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-10-25 14:41 . 2010-10-25 14:41 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Common Files\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\program files\Apple Software Update
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-10-25 14:39 . 2010-10-25 14:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Apple Computer
2010-10-14 14:24 . 2010-10-14 14:25 -------- d-----w- c:\program files\Ahead
2010-10-14 13:22 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-10-14 13:22 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-10-14 13:22 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-10-14 13:22 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-10-14 13:22 . 2007-01-24 14:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-10-08 16:55 . 2010-10-08 16:55 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCox
2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PowerDVDCinema
2010-10-08 16:54 . 2010-10-08 16:54 -------- d-----w- c:\documents and settings\user\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-31 08:48 . 2010-08-31 08:49 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-31 08:48 . 2010-08-31 08:49 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-08-31 08:48 . 2010-08-31 08:49 505128 ----a-w- c:\windows\system32\msvcp71.dll
.

------- Sigcheck -------

[-] 2008-07-25 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2GDR\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2QFE\tcpip.sys

[-] 2008-04-14 . 2ED23E969A00E67D1C2EF2534B943BC1 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 4C6174082E58BD30527318D634448BA7 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-14 . 0C17E035CD1336F46F6D7C7727EF4059 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 29C3197BAEC50CAF1B7557CDFA5194B2 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-07-25 . 0CDE394F7FB69CB8548CFCA61F1B3855 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-11-04_23.32.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-11-04 23:37 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-14 12:41 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 12:41 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2010-08-30 17:51 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2010-08-30 17:51 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2010-08-30 17:51 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-08-30 17:51 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2010-08-30 17:51 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"BitTorrent"="d:\program files\BitTorrent\BitTorrent.exe" [2010-10-06 742776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CallControl 4.5"="c:\program files\FaxTalk Communicator\FTCtrl32.exe" [2003-06-03 123392]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-07-25 123904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 8:17 AM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/25/2007 8:27 AM 95896]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/31 10:50];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 6:40 PM 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/24/2010 9:27 AM 810144]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\4vcd0zkp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program files\Veetle\Player\npvlc.dll
FF - plugin: e:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: e:\program files\Veetle\VLCBroadcast\npvbp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-11-05 21:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-05 21:39:38
ComboFix-quarantined-files.txt 2010-11-05 20:39
ComboFix2.txt 2010-11-05 19:10
ComboFix3.txt 2010-11-04 23:33

Pre-Run: 30,367,989,760 bytes free
Post-Run: 30,357,598,208 bytes free

- - End Of File - - 44192EC652CB53041AB4E69811F8A7C1

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Opet raspakuj files.zip na C: disk. Nakon toga...



Preuzmi BlitzBlank sa sledeće adrese na Desktop:

http://download1.emsisoft.com/BlitzBlank.exe

Pokreni BlitzBlank (dvoklikom na ikonicu);


Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

MoveFile:
c:\winlogon.exe c:\windows\system32\winlogon.exe
c:\explorer.exe c:\windows\explorer.exe



Izvršiti komandu klikom na taster Execute Now;
Na oba upita kliknuti OK.



Napomena:

Nakon restarta računara izveštaj će biti sačuvan pod nazivom blitzblank.log na sistemskoj particiji (tipična lokacija: C:\blitzblank.log);
Sadržaj izveštaja blitzblank.log je potrebno iskopirati ovde u poruci.




Nakon svega postavi svež ComboFix log.

offline
  • Pridružio: 30 Nov 2007
  • Poruke: 160

Evo sada jos vecih problema ali cini mi se da ovo nece da se popravi bez reinstalacije , kada sam pokrenuo BlitzBlank i kopirao to sto si mi rekao pojavila mi se poruka da izgasim sve ukljucene programe i da ce se nakon restarta komp. pokrenuti program ili tako nesto i samo je tako stajalo dugo vremena i onda sam ja restartovo komp. rucno (sada shvatam da je to bila greska sto sam uradio ) i posle toga nema sanse da se upali komp. , dodje do onoga kada pise windows xp i pocne ocitavat i onda pocrni ekran i restartuje se i tako stalno .

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pokušaćemo srediti...


Kad upališ kompjuter, pritiskuj taster F8.


Pojaviće se meni u kome treba da izabereš Microsoft Windows XP, a zatim meni u kome treba da izabereš Last known good configuration.



Ako se Windows nije pokrenuo nakon ovoga gore, onda...


Kad upališ kompjuter, pritiskuj taster F8.

Pojaviće se meni u kome treba da izabereš Microsoft Windows Recovery Console.

Započeti će startovanje Recovery Console i bićeš upitan u koju instalaciju želiš da se uloguješ. Ukucaj 1 i potvrdi sa Enter. Slično možeš biti upitan i za password - ukucaj ga ili samo pritisni Enter ako ga nemaš.

Na ekranu će se pojaviti sledeće:

C:\Windows>_

Ukucaj:

dir explorer.exe

Zapiši tekst koji bude ispisan na ekranu.


Ukucaj:

cd system32

Zatim:

dir winlogon.exe

Zapiši tekst koji bude ispisan na ekranu i postavi ga ovde.

Ko je trenutno na forumu
 

Ukupno su 971 korisnika na forumu :: 29 registrovanih, 6 sakrivenih i 936 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Arahne, bokisha253, debeli, djuradj, doktor1964, DragoslavS, Dukelander, Još malo pa deda, Koridor, ladro, loon123, Lucije Kvint, MB120mm, moldway, nebidrag, pein, perko91, predragc, robertino, Romibrat, sevenino, sokars, uruk, virked, Vlad000, Vlada1389, Vlada78, vladaa012