pomagajte ljudi-usporen komp

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ljudi komp mi sporo radi...
Neznam sta da radim...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:52 PM, on 7/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bojan Suvajac\Desktop\szfdfbcv\TR3.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 421.420.422:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: I&zvezi u program Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [Link mogu videti samo ulogovani korisnici]
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9ef4c2f326b9a) (gupdate1c9ef4c2f326b9a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 5590 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Jesi li nešto pokušao da uradiš po tom pitanju?

[Link mogu videti samo ulogovani korisnici]


Prvo to, pa onda ćemo da tražimo dalje bude li bilo potrebno.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Probao sam i nista ne pomaze...
Kad se komp ukljuci prvo mi udje u neki notepad i ovo na njemu pise, a nod32 mi nista ne registruje:

[.ShellClassInfo]
LocalizedResourceName=@shell32.dll,-21786
[LocalizedFileNames]
Windows Catalog.lnk=@%SystemRoot%\system32\shell32.dll,-22075
Activate Windows.lnk=@%SystemRoot%\system32\oobe\msoobe.exe,-2000
Set Program Access and Defaults.lnk=@xpsp1res.dll,-10077

mislim da je komp pun virusa.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Proverićemo...




Preuzmi program DDS sa ovog, ovog ili ovog linka na Desktop.


Dvoklikom pokreni DDS;

nakon par minuta će se pojaviti poruka o završetku procesa i otvoriće se dva izveštaja;

snimi oba izveštaja na Desktop (izborom File > Save As);

dvoklikom otvori DDS.txt i iskopiraj sadržaj u temu;

file Attach.txt priloži uz poruku korišćenjem opcije Prikači fajl.

Napomena: u slučaju da zaštitni softver omete DDS u radu, privremeno deaktiviraj isti (uputstvo) i ponovo pokreni DDS.






Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.


Priloži izveštaj uz poruku korišćenjem opcije Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo za DDS

[Link mogu videti samo ulogovani korisnici]

Evo za RootRepeal



[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Dvoklikom otvori DDS.txt i iskopiraj sadržaj u temu...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

biloxi ::Evo za DDS

[Link mogu videti samo ulogovani korisnici]

Evo za RootRepeal



[Link mogu videti samo ulogovani korisnici]

Ovo nista nije dobro...

Evo sad je dobro:

Za DDS


DDS (Ver_09-06-26.01) - NTFSx86
Run by Bojan Suvajac at 14:47:05.81 on Sun 07/26/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.509 [GMT 2:00]

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Bojan Suvajac\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = [Link mogu videti samo ulogovani korisnici]
uSearch Bar = [Link mogu videti samo ulogovani korisnici]
uInternet Settings,ProxyServer = 421.420.422:80
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [nwiz] nwiz.exe /install
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [update.dll] c:\windows\system32\vsnpstd3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: I&zvezi u program Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [Link mogu videti samo ulogovani korisnici]
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bojans~1\applic~1\mozilla\firefox\profiles\ed19s0zo.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms}
FF - prefs.js: browser.search.selectedEngine - RapidSerbia 2 Customized Web Search
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\documents and settings\bojan suvajac\application data\mozilla\firefox\profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\FFExternalAlert.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-7-24 28544]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 107256]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-6-3 604416]
S2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
S2 gupdate1c9ef4c2f326b9a;Google Update Service (gupdate1c9ef4c2f326b9a);c:\program files\google\update\GoogleUpdate.exe [2009-6-17 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-6-14 13224]
S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [2009-5-13 11648]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2008-6-24 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\drivers\kwflower.sys --> c:\windows\system32\drivers\kwflower.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

=============== Created Last 30 ================

2009-07-26 12:54 98,304 a------- c:\windows\system32CmdLineExt.dll
2009-07-26 12:01 41,984 a------- c:\windows\system32\vsnpstd3.exe
2009-07-24 22:09 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-07-24 22:07 <DIR> --d----- c:\program files\Panda Security
2009-07-24 20:12 93,669 a------- c:\windows\system32\drivers\explorer.exe
2009-07-21 11:21 1,696 a------- c:\windows\Ky5s96SF.csa
2009-07-21 11:21 566,784 a------- c:\windows\~de74bc.tmp
2009-07-21 11:21 697,884 a------- c:\windows\~df394b.tmp
2009-07-21 11:21 567,296 a------- c:\windows\n.tmp
2009-07-21 11:20 <DIR> --d----- c:\program files\common files\Autodata Limited Shared
2009-07-21 11:20 <DIR> --d----- C:\Adcda2
2009-07-17 21:15 <DIR> --d----- c:\windows\pss
2009-07-17 10:58 <DIR> --d----- c:\program files\Lavasoft
2009-07-17 10:56 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-17 10:52 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-17 10:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-15 14:00 <DIR> --dsh--- c:\documents and settings\bojan suvajac\IECompatCache
2009-07-15 12:47 <DIR> --dsh--- c:\documents and settings\bojan suvajac\PrivacIE
2009-07-15 12:45 <DIR> --dsh--- c:\documents and settings\bojan suvajac\IETldCache
2009-07-15 12:27 <DIR> --d----- c:\windows\ie8updates
2009-07-15 12:22 <DIR> -cd-h--- c:\windows\ie8
2009-07-15 12:12 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-15 12:11 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-15 12:11 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-15 11:58 218,624 a------- c:\windows\system32\uxtheme.dll.backup
2009-07-15 11:58 <DIR> --d-h--- c:\windows\NiwradSoft Shell Pack
2009-07-14 11:05 <DIR> --d----- c:\docume~1\bojans~1\applic~1\ESET
2009-07-14 11:04 <DIR> --d----- c:\program files\ESET
2009-07-09 14:26 <DIR> --d----- c:\program files\directx
2009-07-09 14:15 <DIR> --d----- c:\program files\TDK
2009-07-04 10:48 <DIR> --d----- c:\program files\UltraISO
2009-07-03 12:00 <DIR> --d----- c:\program files\Urban Jungle
2009-07-01 14:36 268,648 a------- c:\windows\system32\mucltui.dll
2009-07-01 14:36 208,744 a------- c:\windows\system32\muweb.dll
2009-07-01 14:36 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-07-01 14:10 1,897 a------- c:\windows\system32\BIN_STRSBW.SPT
2009-06-30 11:32 20,661 a------- c:\program files\config.dat
2009-06-30 11:22 41,472 a------- c:\program files\DrvMgt.dll
2009-06-30 11:22 12,528 a------- c:\program files\SECDRV.SYS
2009-06-30 11:22 3,985,408 -------- c:\program files\fifa2005.exe
2009-06-30 11:21 <DIR> --d----- c:\program files\Support
2009-06-30 11:21 <DIR> --d----- c:\program files\data
2009-06-29 11:21 <DIR> --d----- c:\program files\Elltube
2009-06-27 18:18 <DIR> --d----- c:\program files\UlisesSoft

==================== Find3M ====================

2009-07-17 14:58 218,624 a------- c:\windows\system32\uxtheme.dll
2009-07-15 13:12 2,320,640 a------- c:\windows\system32\TUKernel.exe
2009-06-25 12:28 6,028 a------- c:\windows\system32\drivers\kwflower.log
2009-06-25 12:26 2,965 a------- c:\windows\system32\drivers\kwfupper.log
2009-06-14 15:16 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-06-14 15:16 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-14 15:10 1,112,288 a------- c:\windows\system32\WdfCoInstaller01007.dll
2009-06-14 15:10 25,512 a------- c:\windows\system32\drivers\ggsemc.sys
2009-06-14 15:10 13,224 a------- c:\windows\system32\drivers\ggflt.sys
2009-06-03 09:38 604,416 a------- c:\windows\system32\TUProgSt.exe
2009-06-03 09:38 361,216 a------- c:\windows\system32\TuneUpDefragService.exe
2009-06-01 16:56 4,608 a------- c:\windows\system32\w95inf32.dll
2009-06-01 16:56 2,272 a------- c:\windows\system32\w95inf16.dll
2009-05-21 12:44 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-05-19 21:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 18:09 720,896 a------- c:\windows\iun6002.exe
2009-05-10 17:00 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-10 16:12 2,678 a------- c:\windows\java\packages\data\TR13DVRF.DAT
2009-05-10 16:12 558,142 a------- c:\windows\java\packages\5Z3TB97D.ZIP
2009-05-10 16:12 2,678 a------- c:\windows\java\packages\data\TBTFJVZ1.DAT
2009-05-10 16:12 155,995 a------- c:\windows\java\packages\3B9N5R1V.ZIP
2009-05-10 16:12 2,678 a------- c:\windows\java\packages\data\WCTRT7J7.DAT
2009-05-10 16:12 2,678 a------- c:\windows\java\packages\data\BP3PJPJR.DAT
2009-05-10 16:12 2,678 a------- c:\windows\java\packages\data\NVB3TB79.DAT
2009-05-10 16:09 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-04-28 11:47 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-28 11:47 348,160 a------- c:\windows\system32\msvcr71.dll
2007-03-15 18:03 215,453 a------- c:\documents and settings\bojan suvajac\we07keygen.exe
2004-08-04 00:56 24,804 ----h--- c:\docume~1\bojans~1\applic~1\addons.dat

============= FINISH: 14:47:41.65 ===============


[Link mogu videti samo ulogovani korisnici]

Za RootRepeal




[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-07-25.06 - Bojan Suvajac 07/26/2009 18:11.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.517 [GMT 2:00]
Running from: c:\documents and settings\Bojan Suvajac\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bojan Suvajac\Application Data\addons.dat
c:\windows\n.tmp
c:\windows\system32\drivers\1.txt
c:\windows\system32\drivers\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-26 10:54 . 2009-07-26 10:54 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-07-26 10:01 . 2009-07-26 10:01 41984 ----a-w- c:\windows\system32\vsnpstd3.exe
2009-07-24 20:09 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-24 20:07 . 2009-07-24 20:07 -------- d-----w- c:\program files\Panda Security
2009-07-21 09:20 . 2009-07-21 09:20 -------- d-----w- c:\program files\Common Files\Autodata Limited Shared
2009-07-21 09:20 . 2009-07-21 19:21 -------- d-----w- C:\Adcda2
2009-07-17 08:58 . 2009-07-17 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-17 08:58 . 2009-07-17 08:58 -------- d-----w- c:\program files\Lavasoft
2009-07-17 08:56 . 2009-07-17 08:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-17 08:52 . 2009-07-17 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 08:52 . 2009-07-17 08:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-15 16:53 . 2009-07-15 16:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-15 15:55 . 2009-07-15 16:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-15 12:00 . 2009-07-15 12:00 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\IECompatCache
2009-07-15 10:47 . 2009-07-15 10:47 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\PrivacIE
2009-07-15 10:45 . 2009-07-15 10:45 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\IETldCache
2009-07-15 10:27 . 2009-07-15 10:27 -------- d-----w- c:\windows\ie8updates
2009-07-15 10:22 . 2009-07-15 10:22 -------- dc-h--w- c:\windows\ie8
2009-07-15 10:12 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-15 10:11 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-15 10:11 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-15 09:58 . 2009-07-17 13:26 -------- d--h--w- c:\windows\NiwradSoft Shell Pack
2009-07-14 09:05 . 2009-07-14 09:05 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\ESET
2009-07-14 09:04 . 2009-07-14 09:04 -------- d-----w- c:\program files\ESET
2009-07-09 12:26 . 2009-07-09 12:26 -------- d-----w- c:\program files\directx
2009-07-09 12:15 . 2009-07-09 12:15 -------- d-----w- c:\program files\TDK
2009-07-06 11:26 . 2009-07-01 16:22 52224 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\FFExternalAlert.dll
2009-07-06 11:26 . 2009-07-01 16:22 114688 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\npmozax.dll
2009-07-04 08:48 . 2009-07-04 09:10 -------- d-----w- c:\program files\UltraISO
2009-07-03 10:00 . 2009-07-03 10:02 -------- d-----w- c:\program files\Urban Jungle
2009-07-01 12:36 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-01 12:36 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-06-30 09:32 . 2004-09-09 16:36 20661 ----a-w- c:\program files\config.dat
2009-06-30 09:22 . 2004-02-25 04:41 41472 ----a-w- c:\program files\DrvMgt.dll
2009-06-30 09:22 . 2004-02-25 04:41 12528 ----a-w- c:\program files\SECDRV.SYS
2009-06-30 09:22 . 2004-10-08 17:51 3985408 ------w- c:\program files\fifa2005.exe
2009-06-30 09:21 . 2006-08-08 14:41 -------- d-----w- c:\program files\Support
2009-06-30 09:21 . 2004-10-10 10:48 -------- d-----w- c:\program files\data
2009-06-29 09:21 . 2009-06-30 08:58 -------- d-----w- c:\program files\Elltube
2009-06-27 16:18 . 2009-06-27 16:18 -------- d-----w- c:\program files\UlisesSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 08:43 . 2009-06-25 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-21 19:20 . 2009-07-21 09:21 566784 ----a-w- c:\windows\~de74bc.tmp
2009-07-17 12:58 . 2002-08-29 01:41 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-07-15 11:12 . 2009-06-03 09:20 2320640 ----a-w- c:\windows\system32\TUKernel.exe
2009-07-15 09:29 . 2009-06-14 08:49 -------- d-----w- c:\program files\Winamp
2009-07-14 14:03 . 2009-05-10 15:23 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-14 09:04 . 2009-05-10 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-13 19:33 . 2009-05-20 16:50 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-06 11:03 . 2009-05-11 09:23 -------- d-----w- c:\program files\Microsoft
2009-06-27 16:44 . 2009-05-11 16:47 -------- d-----w- c:\program files\CODTR
2009-06-26 09:01 . 2009-06-26 09:01 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-06-26 09:00 . 2009-06-26 09:00 -------- d-----w- c:\program files\MSECache
2009-06-25 14:08 . 2009-05-10 15:22 69232 ----a-w- c:\documents and settings\Bojan Suvajac\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 14:00 . 2009-06-25 14:00 -------- d-----w- c:\program files\Microsoft Works
2009-06-25 10:28 . 2009-06-25 10:19 6028 ----a-w- c:\windows\system32\drivers\kwflower.log
2009-06-25 10:26 . 2009-06-25 10:19 2965 ----a-w- c:\windows\system32\drivers\kwfupper.log
2009-06-25 10:20 . 2009-06-25 10:20 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\Kerio
2009-06-23 10:43 . 2009-05-12 18:03 -------- d-----w- c:\program files\EA GAMES
2009-06-23 09:20 . 2009-06-23 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NFS Underground
2009-06-22 16:17 . 2009-06-22 16:17 -------- d-----w- c:\program files\Na_Kosovo_ravno
2009-06-18 21:20 . 2009-06-17 10:29 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\DNA
2009-06-18 20:29 . 2009-05-20 17:22 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\Dev-Cpp
2009-06-17 16:26 . 2009-06-17 13:02 -------- d-----w- c:\program files\Google
2009-06-17 06:27 . 2009-06-17 06:26 -------- d-----w- c:\program files\18 Wheels of Steel Convoy
2009-06-16 11:32 . 2009-06-04 13:30 -------- d-----w- c:\program files\18 WoS Pedal to the Metal
2009-06-14 13:16 . 2009-06-14 13:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-06-14 13:16 . 2009-06-14 13:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-14 13:10 . 2009-06-14 13:10 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-06-14 13:10 . 2009-06-14 13:10 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-06-14 13:10 . 2009-06-14 13:10 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-06-14 13:06 . 2009-05-13 11:14 -------- d-----w- c:\program files\Sony Ericsson
2009-06-07 14:56 . 2009-06-07 14:55 -------- d-----w- c:\program files\Dream Match Tennis Pro
2009-06-07 14:27 . 2009-06-07 14:24 -------- d-----w- c:\program files\VIRTUA TENNIS
2009-06-04 13:15 . 2009-06-02 16:36 -------- d-----w- c:\program files\18 WoS Across America
2009-06-03 07:38 . 2009-06-03 07:38 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-03 07:38 . 2009-06-03 07:38 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-02 16:36 . 2009-05-24 16:54 -------- d-----w- c:\program files\InstallShield Installation Information
2009-06-01 15:05 . 2009-06-01 15:05 -------- d-----w- c:\program files\Ligos
2009-06-01 14:56 . 2009-06-01 14:56 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-06-01 14:56 . 2009-06-01 14:56 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-05-28 14:51 . 2009-05-28 14:50 -------- d-----w- c:\program files\Ahead
2009-05-28 14:50 . 2009-05-28 14:50 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-27 20:42 . 2009-05-27 20:41 -------- d-----w- c:\program files\CDex_150
2009-05-24 17:28 . 2009-05-24 17:28 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-22 20:43 . 2009-05-22 20:43 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-05-22 20:43 . 2009-05-22 20:43 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-05-22 20:43 . 2009-05-22 20:43 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-05-21 10:44 . 2009-05-21 10:44 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-20 16:51 . 2009-05-20 16:53 38200 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-19 19:35 . 2009-05-19 19:35 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 19:34 . 2009-05-19 19:34 152576 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-14 13:49 . 2009-05-14 13:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 13:49 . 2009-05-14 13:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 13:49 . 2009-05-14 13:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 13:47 . 2009-02-06 12:23 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2008-07-01 06:56 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-13 18:11 . 2009-05-13 18:11 0 ----a-w- c:\windows\nsreg.dat
2009-05-13 16:09 . 2009-05-13 16:09 720896 ----a-w- c:\windows\iun6002.exe
2009-05-10 15:00 . 2009-05-10 14:11 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\TR13DVRF.DAT
2009-05-10 14:12 . 2009-05-10 14:12 558142 ----a-w- c:\windows\java\Packages\5Z3TB97D.ZIP
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\TBTFJVZ1.DAT
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\WCTRT7J7.DAT
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\BP3PJPJR.DAT
2009-05-10 14:12 . 2009-05-10 14:12 155995 ----a-w- c:\windows\java\Packages\3B9N5R1V.ZIP
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\NVB3TB79.DAT
2009-05-10 14:09 . 2009-05-10 14:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-16 01:53 . 2009-05-13 18:10 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[7] 2004-08-03 22:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2004-08-03 22:56 576512 939DF837B04A85963D295E25CBE449AD c:\windows\ServicePackFiles\i386\user32.dll
[-] 2004-08-03 22:56 576512 939DF837B04A85963D295E25CBE449AD c:\windows\system32\user32.dll

[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2004-08-03 22:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\ie7\wininet.dll
[7] 2007-08-13 16:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\ie8\wininet.dll
[7] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\system32\wininet.dll
[-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\system32\dllcache\wininet.dll

[7] 2004-08-03 22:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2004-08-03 22:56 541696 55ACA85EB80E2155E20211AAADDD711A c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-03 22:56 541696 55ACA85EB80E2155E20211AAADDD711A c:\windows\system32\winlogon.exe

[7] 2004-08-03 20:59 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2004-08-03 20:59 2219392 7C1A605F4CB69848662ECAAAF6A8D02D c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-08-03 20:59 2219392 7C1A605F4CB69848662ECAAAF6A8D02D c:\windows\system32\ntkrnlpa.exe

[7] 2004-08-03 21:20 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2004-08-03 21:20 2343552 6BC846EE7B53C526D2A1C6E6676C4726 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2004-08-03 21:20 2343552 6BC846EE7B53C526D2A1C6E6676C4726 c:\windows\system32\ntoskrnl.exe

[-] 2004-08-03 22:56 1539072 A8E5C63DC67BD7B78F72FB3819EB07C2 c:\windows\explorer.exe
[7] 2004-08-03 22:56 1032192 A0732187050030AE399B241436565E64 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2004-08-03 22:56 1539072 A8E5C63DC67BD7B78F72FB3819EB07C2 c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2004-08-03 22:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2004-08-03 22:56 40448 E00DFA816FA5521EB44C5D63109DE2A9 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-03 22:56 40448 E00DFA816FA5521EB44C5D63109DE2A9 c:\windows\system32\ctfmon.exe

[7] 2004-08-03 22:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
[-] 2004-08-03 22:56 1493504 843EB0A73E327BE505F44A27CBB757F8 c:\windows\ServicePackFiles\i386\comres.dll
[-] 2004-08-03 22:56 1493504 843EB0A73E327BE505F44A27CBB757F8 c:\windows\system32\comres.dll

[7] 2004-08-03 22:56 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2004-08-03 22:56 636928 4F625DB27C33EB26CC883E952C4E10A3 c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2004-08-03 22:56 636928 4F625DB27C33EB26CC883E952C4E10A3 c:\windows\system32\comctl32.dll
[7] 2001-08-23 11:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2002-08-29 01:41 921600 76B90BD220F1B1CC9E183C6B1AE9FBB4 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
[7] 2004-08-03 22:57 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 40448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2002-12-27 774213]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"update.dll"="c:\windows\system32\vsnpstd3.exe" [2009-07-26 41984]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-12-27 315392]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-13 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"Yodm3D"=c:\documents and settings\Bojan Suvajac\Desktop\Ubuntu_XP_by_ShamusHand\3D Desktop\yodm3D\Yodm3D.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Na_Kosovo_ravno\\Na Kosovo ravno\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:*:Disabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:*:Disabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:*:Disabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:*:Disabled:@xpsp2res.dll,-22002

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/24/2009 10:09 PM 28544]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [6/3/2009 9:38 AM 604416]
S2 gupdate1c9ef4c2f326b9a;Google Update Service (gupdate1c9ef4c2f326b9a);c:\program files\Google\Update\GoogleUpdate.exe [6/17/2009 3:04 PM 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [6/14/2009 3:10 PM 13224]
S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [5/13/2009 1:14 PM 11648]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [6/24/2008 10:36 AM 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2BEE6818-80CE-52F9-4A3B-4A96100BABC0}]
c:\windows\system32\$NtUninstallKB9\update.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7E988172-BF51-8785-D7C6-19BEEAC234E3}]
c:\windows\system32\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DED0715F-0B03-9A01-2CF0-AC2116E3D4BD}]
c:\windows\system32\$NtUninstallKB9\alg.exe s
.
Contents of the 'Scheduled Tasks' folder

2009-07-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 13:04]

2009-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 13:04]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Settings,ProxyServer = 421.420.422:80
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: I&zvezi u program Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms}
FF - prefs.js: browser.search.selectedEngine - RapidSerbia 2 Customized Web Search
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-07-26 18:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

c:\program files\Internet Explorer\iexplore.exe [8188] 0x84FB6520

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
update.dll = c:\windows\system32\vsnpstd3.exe???????????????????????????????????????????????
???????????????????????????????????????????????????????????????????????
???????????????????????????????????????????????????????????????????????
?????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1104)
c:\windows\system32\SETUPAPI.dll
.
Completion time: 2009-07-26 18:20
ComboFix-quarantined-files.txt 2009-07-26 16:19

Pre-Run: 10,689,171,456 bytes free
Post-Run: 11,246,395,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /TUTag=2WH7U3 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /fastdetect /NoExecute=OptIn /TUTag=2WH7U3-BAK

341 --- E O F --- 2009-05-10 15:26

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Aktiviraj prikaz skrivenih file-ova: [Link mogu videti samo ulogovani korisnici]


Upload-uj sledeće file-ove (poslednja dva možda ne postoje):

c:\windows\system32\vsnpstd3.exe
c:\windows\system32\$NtUninstallKB9\update.exe
c:\windows\system32\$NtUninstallKB9\alg.exe

preko ovog linka: [Link mogu videti samo ulogovani korisnici]