start windows problem

start windows problem

offline
  • Pridružio: 06 Maj 2008
  • Poruke: 90

Kod podizanja windowsa XP ikonice se pojave 3 puta na kratko.
Posle toga desktop ostaje prazan.
Skeniro sam iz safe moda sa NOD-om .Pronasao je:
C:\windows\system32\CBXQHATQ.dll-AVARIAT OF WIN 32...

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Uradi kako je u ovoj temi receno:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 06 Maj 2008
  • Poruke: 90

Logfile of HijackThis v1.99.1
Scan saved at 2:32:08 PM, on 17-Jun-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\stamenko\Desktop\Lek\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {444FC7D1-8F08-4377-B39B-4D75AE0E9F70} - C:\WINDOWS\system32\ssqOFUNH.dll
O2 - BHO: (no name) - {73F91148-79C0-4BC6-8427-EDD3737C1C08} - C:\WINDOWS\system32\cbXQHAtQ.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Windows Sound] svdhost.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [BM39412636] Rundll32.exe "C:\WINDOWS\system32\kywaeboh.dll",s
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [3a7215aa] rundll32.exe "C:\WINDOWS\system32\nweiifjq.dll",b
O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC33E2EC-BDAB-485B-9C5F-9C0423EB064B}: NameServer = 77.46.137.2
O20 - Winlogon Notify: ssqOFUNH - C:\WINDOWS\SYSTEM32\ssqOFUNH.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Service - Unknown owner - C:\Program Files\BIEN Soft\dxflines\dxflines.exe (file missing)

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Pozdrav,

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 06 Maj 2008
  • Poruke: 90

ComboFix 08-06-16.2 - stamenko 2008-06-17 15:08:39.4 - FAT32x86
Running from: C:\Documents and Settings\stamenko\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM39412636.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\cbXQHAtQ.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\fccbASih.dll
C:\WINDOWS\system32\fccBSigh.dll
C:\WINDOWS\system32\fccCvtTM.dll
C:\WINDOWS\system32\jkklmMET.dll
C:\WINDOWS\system32\ljJBTMFy.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\qjfiiewn.ini
C:\WINDOWS\system32\QtAHQXbc.ini
C:\WINDOWS\system32\QtAHQXbc.ini2
C:\WINDOWS\system32\rqRHBRKA.dll
C:\WINDOWS\system32\rqRIxUmk.dll
C:\WINDOWS\system32\ssqOFUNH.dll
C:\WINDOWS\system32\svdhost.exe
C:\WINDOWS\system32\vtUMfGwU.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\yayvWomJ.dll
C:\WINDOWS\system32\yaywvsqN.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-16 23:19 . 2008-06-16 23:19 <DIR> d---s---- C:\Documents and Settings\Administrator
2008-06-16 22:59 . 2004-08-03 23:04 156,672 --a------ C:\WINDOWS\system32\dllcache\winzm.ime
2008-06-16 22:59 . 2004-08-03 23:04 156,672 --a------ C:\WINDOWS\system32\dllcache\winsp.ime
2008-06-16 22:59 . 2004-08-03 23:04 156,672 --a------ C:\WINDOWS\system32\dllcache\winpy.ime
2008-06-16 22:59 . 2004-08-03 23:04 79,360 --a------ C:\WINDOWS\system32\dllcache\winar30.ime
2008-06-16 22:59 . 2001-08-23 14:00 69,120 --a------ C:\WINDOWS\system32\dllcache\wingb.ime
2008-06-16 22:59 . 2004-08-03 23:04 65,536 --a------ C:\WINDOWS\system32\dllcache\winime.ime
2008-06-16 22:59 . 2001-08-23 14:00 28,288 --a------ C:\WINDOWS\system32\dllcache\xjis.nls
2008-06-16 22:57 . 2001-08-23 14:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-16 22:53 . 2008-06-16 22:53 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-06-16 22:52 . 2008-06-16 22:52 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-06-16 22:52 . 2008-06-16 22:52 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-06-16 22:52 . 2008-06-16 22:52 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-06-16 22:52 . 2008-06-16 22:52 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-06-16 22:52 . 2008-06-16 22:52 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-06-16 22:41 . 2004-08-04 00:56 363,520 --a------ C:\WINDOWS\system32\dllcache\w3svc.dll
2008-06-16 22:41 . 2004-08-04 00:56 259,072 --a------ C:\WINDOWS\system32\dllcache\snmpcl.dll
2008-06-16 22:41 . 2004-08-04 00:56 61,440 --a------ C:\WINDOWS\system32\dllcache\httpod51.dll
2008-06-16 22:41 . 2004-08-04 00:56 46,592 --a------ C:\WINDOWS\system32\dllcache\sspifilt.dll
2008-06-16 22:41 . 2004-08-04 00:56 40,448 --a------ C:\WINDOWS\system32\dllcache\snmpthrd.dll
2008-06-16 22:41 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\dllcache\httpmb51.dll
2008-06-16 22:41 . 2001-08-23 14:00 7,680 --a------ C:\WINDOWS\system32\dllcache\inetmgr.exe
2008-06-16 22:40 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-06-16 22:40 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-06-16 22:40 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-06-16 22:40 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-06-16 22:25 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-06-16 22:23 . 2004-08-04 01:57 1,086,058 -ra------ C:\WINDOWS\SET4D.tmp
2008-06-16 22:23 . 2004-08-04 02:03 1,042,903 -ra------ C:\WINDOWS\SET4A.tmp
2008-06-16 22:23 . 2004-08-04 01:58 13,753 -ra------ C:\WINDOWS\SET5A.tmp
2008-06-14 22:28 . 2008-06-14 22:28 <DIR> d-------- C:\Program Files\bevel gear
2008-06-14 17:12 . 2008-06-14 17:12 <DIR> d-------- C:\Documents and Settings\stamenko\WLSCompanion
2008-06-14 05:33 . 2008-06-14 05:33 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-06-14 05:33 . 2008-06-14 05:33 <DIR> d-------- C:\Program Files\Winamp Remote
2008-06-14 05:33 . 2008-06-14 05:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-06-14 05:33 . 2008-06-14 05:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-06-13 16:14 . 2008-06-13 16:14 <DIR> d-------- C:\Program Files\Rainbow Technologies
2008-06-13 16:09 . 2008-06-13 16:09 <DIR> d-------- C:\Program Files\ArtCAM Pro 8
2008-06-12 16:11 . 2008-06-12 16:11 <DIR> d-------- C:\CNC XYZ
2008-06-11 12:35 . 2008-06-11 12:35 <DIR> d--hs---- C:\FOUND.013
2008-06-11 10:04 . 2006-06-13 08:44 <DIR> d-------- C:\Program Files\TurnAddons
2008-06-11 10:04 . 2006-08-20 10:31 <DIR> d-------- C:\Program Files\Addons
2008-06-11 10:03 . 2008-06-11 10:03 <DIR> d-------- C:\Program Files\Subroutines
2008-06-11 10:03 . 2008-06-11 10:03 <DIR> d-------- C:\Program Files\SETUP
2008-06-11 10:03 . 2006-06-30 09:01 <DIR> d-------- C:\Program Files\macros
2008-06-11 10:03 . 2008-06-11 10:03 <DIR> d-------- C:\Program Files\Help
2008-06-11 10:03 . 2008-06-11 10:03 <DIR> d-------- C:\Program Files\GCode
2008-06-11 10:03 . 2006-02-21 10:29 <DIR> d-------- C:\Program Files\Bitmaps
2008-06-11 10:03 . 2006-08-18 20:25 5,040 --a------ C:\Program Files\LazyCamsDocs.zip
2008-06-11 10:03 . 2004-11-27 20:23 1,280 --a------ C:\Program Files\Outputs.bin
2008-06-11 10:03 . 2004-11-27 20:23 1,280 --a------ C:\Program Files\Inputs.bin
2008-06-11 10:03 . 2004-11-27 20:23 1,280 --a------ C:\Program Files\Data.bin
2008-06-11 00:58 . 2008-06-11 00:58 <DIR> d-------- C:\Program Files\New Folder(2)
2008-06-10 21:38 . 2008-06-10 21:38 <DIR> d-------- C:\DELCAM.ARTCAM.PRO.V2008-MAGNiTUDE
2008-06-10 15:21 . 2008-06-10 15:21 <DIR> d-------- C:\Program Files\a2
2008-06-10 14:06 . 2008-06-10 14:07 <DIR> d-------- C:\Program Files\free-downloads.net
2008-06-10 06:11 . 2008-06-10 06:11 <DIR> d-------- C:\Documents and Settings\stamenko\Application Data\Thinstall
2008-06-10 06:04 . 2008-06-10 06:04 <DIR> d-------- C:\Artsoft Mach3 + (zabranjeno)
2008-06-07 08:03 . 2008-06-07 08:03 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-06-03 21:36 . 2008-06-03 21:36 <DIR> d-------- C:\Program Files\Optimik
2008-06-03 14:52 . 2008-06-03 14:52 <DIR> d-------- C:\Program Files\Blender Foundation
2008-06-03 14:52 . 2008-06-03 14:52 <DIR> d-------- C:\Documents and Settings\stamenko\Application Data\Blender Foundation
2008-05-24 00:51 . 2008-05-24 00:51 <DIR> d-------- C:\Program Files\gCAD3D
2008-05-20 09:24 . 2008-05-20 09:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe(2)
2008-05-17 23:20 . 2008-06-17 15:06 41 --a------ C:\WINDOWS\Filzip.ini
2008-05-17 22:55 . 2008-05-17 22:55 <DIR> d-------- C:\Program Files\Filzip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 14:32 397 ----a-w C:\Program Files\CNC 3d Upravljac.lnk
2008-06-12 12:40 8,704 --sha-w C:\Program Files\Thumbs.db
2008-06-11 10:13 55 ----a-w C:\Program Files\LastErrors.txt
2008-06-11 10:13 37,340 ----a-w C:\Program Files\Mach3Mill.xml
2008-06-11 10:08 9 ----a-w C:\Program Files\Profile.txt
2008-06-11 10:04 19,636 ----a-w C:\Program Files\.xml
2008-03-28 21:05 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-03-25 13:28 264,097 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_4679.exe
2008-03-15 22:30 2,449 ----a-w C:\Program Files\Microsoft FrontPage.lnk
2007-12-09 05:24 2,492 ----a-w C:\Documents and Settings\stamenko\Application Data\ViewerApp.dat
2006-08-17 03:11 104,096 ----a-w C:\Program Files\Mach3.noapic
2006-08-16 11:16 44,744 ------w C:\Program Files\Mach3_4axis.xml
2006-07-14 02:15 99,505 ----a-w C:\Program Files\1024.set
2006-07-13 21:19 50,487 ----a-w C:\Program Files\1024.lset
2006-05-04 06:00 30,054 ----a-w C:\Program Files\LegacyYellow.bmp
2006-05-04 06:00 30,054 ----a-w C:\Program Files\LegacyRed.bmp
2006-05-04 06:00 30,054 ----a-w C:\Program Files\LegacyGreen.bmp
2006-04-29 00:25 30,054 ----a-w C:\Program Files\LegacyRedGreen.bmp
2006-02-06 21:03 633 ----a-w C:\Program Files\Leds.txt
2006-02-06 20:44 386 ----a-w C:\Program Files\Buttons.txt
2006-02-06 20:01 501 ----a-w C:\Program Files\DROs.txt
2005-12-08 13:53 979 ----a-w C:\Program Files\ReadMe.txt
2005-10-18 00:23 42,804 ----a-w C:\Program Files\Mach3Turn.xml
2005-07-13 06:47 10,479 ----a-w C:\Program Files\m1076.m1s
2004-10-19 06:57 7,234 ----a-w C:\Program Files\MachTurn.txt
2004-05-09 01:30 136,124 ----a-w C:\Program Files\diags.wav
2003-09-11 04:59 44 ----a-w C:\Program Files\TurnJogIncs.txt
2003-09-11 04:59 44 ----a-w C:\Program Files\MillJogIncs.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-15 10:40 68856]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-01-19 11:07 65536]
"ATIModeChange"="Ati2mdxx.exe" [2004-04-01 21:43 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"TWCU"="C:\Program Files\TP-LINK\TWCU\TWCU.exe" [2005-07-14 11:40 413696]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 21:28 185896]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-24 09:23 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-24 09:23 618496]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-11-28 16:50 917504]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 10:29 2007088]
"BM39412636"="C:\WINDOWS\system32\kywaeboh.dll" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-25 21:10 335872]
"3a7215aa"="C:\WINDOWS\system32\nweiifjq.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 22:59 44544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-11-21 11:00:02 394856]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-05-03 16:15:29 106496]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-05-03 16:15:32 151552]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 02:35:22 10872]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-04-26 13:33:18 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"SENTINEL"= snti386.dll

[HKLM\~\startupfolder\C:^Documents and Settings^stamenko^Start Menu^Programs^Startup^ubisoft register.lnk]
path=C:\Documents and Settings\stamenko\Start Menu\Programs\Startup\ubisoft register.lnk
backup=C:\WINDOWS\pss\ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FreezeScreenSaver"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\ASUS\\AP Utilities\\Wireless.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Documents and Settings\\STAMENKO\\Application Data\\Thinstall\\CatiaV5Lite\\400000c00002i\\CNEXT.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2005-10-31 17:50]
R2 ddnt;ddnt;C:\WINDOWS\system32\drivers\ddnt.sys [2006-06-02 22:48]
R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\System32\DRIVERS\DLPortIO.SYS [1999-01-10 19:00]
R2 io.sys;IO.DLL Driver;C:\WINDOWS\System32\drivers\io.sys [2006-01-25 03:27]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
R3 Mach2;Mach2 Pulseing Service;C:\WINDOWS\system32\Drivers\Mach2.sys [2003-11-08 02:44]
R3 Mach3;Mach3 Pulseing Service;C:\WINDOWS\system32\Drivers\Mach3.sys [2006-03-16 06:07]
R3 Pulser;CNC Pulseing Service;C:\WINDOWS\system32\Drivers\Pulser.sys [2002-05-02 23:49]
S3 Ptserli;PCTEL Serial Device Driver for INTEL;C:\WINDOWS\system32\DRIVERS\ptserli.sys [2001-08-17 13:28]
S3 zlportio;zlportio;C:\Program Files\cp09632\temp\zlportio.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23c7e1c0-37a0-11dd-9230-00112fde9b0a}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f240481-072b-11dd-91ea-00112fde9b0a}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52931fd0-0d84-11dd-91ef-00112fde9b0a}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0e8d0b1-0150-11dd-91d9-00112fde9b0a}]
\Shell\AutoRun\command - E:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 19:29:02 C:\WINDOWS\Tasks\{016E2323-7D1D-49B1-8431-57F665BC6E08}_TRADICIJ-PHDH6Y_stamenko.job"
- C:\WINDOWS\system32\mobsync.exe
"2008-06-13 07:00:08 C:\WINDOWS\Tasks\{530A5723-BBAF-4112-AB67-22168A3C95BF}_TRADICIJ-PHDH6Y_stamenko.job"
- C:\WINDOWS\system32\mobsync.exeM /Schedule=
"2008-06-16 14:00:02 C:\WINDOWS\Tasks\{97F2A16A-507D-4D7C-A9E6-AB9CE53792DD}_TRADICIJ-PHDH6Y_stamenko.job"
- C:\WINDOWS\system32\mobsync.exeM /Schedule=
"2008-06-13 14:00:02 C:\WINDOWS\Tasks\{EDCBC54F-DDE2-4E5B-B274-DE8192C27494}_TRADICIJ-PHDH6Y_stamenko.job"
- C:\WINDOWS\system32\mobsync.exeM /Schedule=
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-06-17 15:16:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ACS.EXE
C:\WINDOWS\SYSTEM32\MSDTC.EXE
C:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCDSRV.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
C:\WINDOWS\SYSTEM32\SNMP.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\WINDOWS\ATK0100\ATKOSD.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\program files\winamp toolbar\WinampTbServer.exe
.
**************************************************************************
.
Completion time: 2008-06-17 15:20:32 - machine was rebooted
ComboFix2.txt 2008-05-07 18:21:14
ComboFix-quarantined-files.txt 2008-06-17 13:20:26

Pre-Run: 30,708,826,112 bytes free
Post-Run: 31,316,639,744 bytes free

273 --- E O F --- 2008-05-02 20:03:52

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


helen1 je zauzet, stoga ću ti ja dati dalja upustva.


Pokreni HijackThis, skeniraj i čekiraj sledeće linije:

O4 - HKLM\..\Run: [BM39412636] Rundll32.exe "C:\WINDOWS\system32\kywaeboh.dll",s
O4 - HKLM\..\Run: [3a7215aa] rundll32.exe "C:\WINDOWS\system32\nweiifjq.dll",b

Klikni Fix checked.


Kakvo je sada stanje? Primetiš li neke probleme?

offline
  • Pridružio: 06 Maj 2008
  • Poruke: 90

Uradijo sam ovo. Juce mi se stanje popravilo kada sam deistaliro Mozilu.
Dali je smijem ponovo istalirati

Dopuna: 18 Jun 2008 21:52

Uradijo sam ovo. Juce mi se stanje popravilo kada sam deistaliro Mozilu.
Dali je smijem ponovo istalirati? Sad je racunar usporijo

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ko je trenutno na forumu
 

Ukupno su 1112 korisnika na forumu :: 24 registrovanih, 5 sakrivenih i 1083 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: BlekMen, bokisha253, Dogma21, draganl, Frunze, Georgius, HogarStrashni, Kibice, Kubovac, LUDI, Mercury, Milan A. Nikolic, milenko crazy north, Milometer, milutin134, MiroslavD, moldway, Nikola00, Sir Budimir, Snorks, styg, vrag81, wizzardone, zastavnik