Antichrist [day of judgment]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nasao sam u arhivi da je neko imao slican problem,i uspeli ste da ga resite.Ja sam pokusao na isti nacin ali i dalje je tu.Evo moj log, ako neko ima resenje, i moze da mi pomogne bio bi mu vecno zahvalan:)

Dopuna: 30 Mar 2008 19:21

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:04, on 30.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608-)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer [Day of judgment]
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....6873716390
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 5093 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-03-25.4 - sasha 2008-03-31 0:16:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.629 [GMT 2:00]
Running from: C:\Documents and Settings\sasha\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\WINDOWS\shell.exe
C:\windows\system32\sys.exe
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))
.

2008-03-30 20:15 . 2008-03-30 20:15 <DIR> d-------- C:\Documents and Settings\sasha\Application Data\ACD Systems
2008-03-30 20:14 . 2008-03-30 20:14 <DIR> d-------- C:\Program Files\uTorrent
2008-03-30 20:14 . 2008-03-31 00:09 <DIR> d-------- C:\Documents and Settings\sasha\Application Data\uTorrent
2008-03-30 20:12 . 2008-03-30 20:12 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-30 20:12 . 2008-03-30 20:12 <DIR> d-------- C:\Program Files\Ahead
2008-03-30 20:12 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-03-30 20:12 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-03-30 20:12 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-03-30 20:12 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-30 20:12 . 2003-10-06 08:41 113,664 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2008-03-30 20:12 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-03-30 20:12 . 2003-10-06 08:41 5,632 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-03-30 20:06 . 2008-03-30 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-03-30 20:05 . 2008-03-30 20:05 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-30 20:05 . 2008-03-30 20:06 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-03-30 20:05 . 2008-03-30 20:05 <DIR> d-------- C:\Program Files\ACD Systems
2008-03-30 20:05 . 2008-03-30 20:05 9,856 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-03-30 20:02 . 2008-03-30 20:02 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-30 20:00 . 2008-03-30 21:51 <DIR> d-------- C:\Program Files\Mv2Player
2008-03-30 19:48 . 2008-03-30 19:49 <DIR> d-------- C:\Documents and Settings\sasha\Application Data\AdobeUM
2008-03-30 19:39 . 2008-03-30 19:39 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-03-30 19:39 . 2008-03-30 19:39 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-03-30 19:37 . 2008-03-30 19:37 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-30 19:37 . 2008-03-30 19:37 96,256 --a------ C:\WINDOWS\system32\drivers\sptd3405.sys
2008-03-30 19:31 . 2008-03-30 19:31 <DIR> d-------- C:\Program Files\DivX Total Pack
2008-03-30 19:11 . 2008-03-30 19:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 19:08 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-30 19:08 . 2008-03-30 19:08 376 --a------ C:\WINDOWS\ODBC.INI
2008-03-30 19:07 . 2008-03-30 19:07 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-30 19:07 . 2008-03-30 19:07 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-03-30 19:06 . 2008-03-30 19:06 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-30 19:05 . 2008-03-30 19:05 <DIR> dr-h----- C:\MSOCache
2008-03-30 18:34 . 2008-03-30 18:34 <DIR> d-ahs---- C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}
2008-03-30 18:00 . 2008-03-30 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-30 17:46 . 2008-03-30 17:44 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-30 17:44 . 2008-03-30 17:44 <DIR> d-------- C:\WINDOWS\Sun
2008-03-30 17:44 . 2008-03-30 17:56 <DIR> d-------- C:\Documents and Settings\sasha\.housecall6.6
2008-03-30 17:44 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-03-30 17:43 . 2008-03-30 17:44 <DIR> d-------- C:\Program Files\Java
2008-03-30 17:41 . 2008-03-30 17:41 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-30 16:08 . 2008-03-02 21:40 73,216 --ahs---- C:\WINDOWS\vxds.exe
2008-03-30 16:08 . 2008-03-31 00:16 4,190 --ahs---- C:\WINDOWS\system32\OEMLOGO.BMP
2008-03-30 16:08 . 2008-03-31 00:16 917 --ahs---- C:\WINDOWS\system32\blank.htm
2008-03-30 16:08 . 2008-03-31 00:16 392 --ahs---- C:\WINDOWS\system32\OEMINFO.INI
2008-03-30 15:38 . 2008-03-30 15:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-30 15:38 . 2008-03-30 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 15:32 . 2008-03-30 15:32 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-30 15:32 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-03-30 15:32 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-03-30 15:32 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-03-30 15:31 . 2008-03-30 15:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-30 15:31 . 2008-03-30 15:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-30 13:37 . 2007-12-07 04:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-30 13:37 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-30 13:37 . 2007-07-01 05:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-30 13:37 . 2007-12-07 04:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-30 13:37 . 2007-12-07 04:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-30 13:37 . 2007-12-07 04:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-30 13:37 . 2007-12-07 04:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-30 13:37 . 2007-12-07 04:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-30 13:37 . 2007-12-06 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-30 13:34 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-03-30 13:31 . 2008-03-30 19:35 <DIR> d-------- C:\Documents and Settings\sasha\Application Data\AVG7
2008-03-30 13:31 . 2008-03-30 13:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-30 13:31 . 2008-03-30 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 13:31 . 2008-03-30 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-30 13:31 . 2008-03-30 13:31 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-30 13:31 . 2008-03-30 13:31 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2008-02-26 05:12 . 2008-02-26 05:12 372,736 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 05:10 . 2008-02-26 05:10 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 05:02 . 2008-02-26 05:02 172,032 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 05:02 . 2008-02-26 05:02 126,976 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 05:01 . 2008-02-26 05:01 126,976 --a------ C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 05:01 . 2008-02-26 05:01 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 05:01 . 2008-02-26 05:01 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 05:00 . 2008-02-26 05:00 520,192 --a------ C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 04:59 . 2008-02-26 04:59 9,797,632 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-02-26 04:58 . 2008-02-26 04:58 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 04:41 . 2008-02-26 04:41 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-02-26 04:41 . 2008-02-26 04:41 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-02-26 04:41 . 2008-02-26 04:41 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-02-26 04:29 . 2008-02-26 04:29 46,080 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 04:25 . 2008-02-26 04:25 393,216 --a------ C:\WINDOWS\system32\atikvmag.dll
2008-02-26 04:23 . 2008-02-26 04:23 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2008-02-26 04:22 . 2008-02-26 04:22 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 04:21 . 2008-02-26 04:21 5,439,488 --a------ C:\WINDOWS\system32\atioglxx.dll
2008-02-26 04:19 . 2008-02-26 04:19 167,936 --a------ C:\WINDOWS\system32\atiok3x2.dll
2008-02-14 19:35 . 2008-02-14 19:35 166,450 --a------ C:\WINDOWS\system32\atiicdxx.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-30 12:11 --------- d-----w C:\Documents and Settings\sasha\Application Data\ATI
2008-03-30 12:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-03-30 12:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 12:09 --------- d-----w C:\Program Files\ATI Technologies
2008-03-30 11:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-30 10:21 --------- d-----w C:\Program Files\BroadCom GB LAN
2008-03-30 10:20 --------- d-----w C:\Program Files\Realtek
2008-03-30 10:18 --------- d-----w C:\Program Files\Intel
2008-03-30 10:13 558,142 ----a-w C:\WINDOWS\java\Packages\V1VXZ3D7.ZIP
2008-03-30 10:13 155,995 ----a-w C:\WINDOWS\java\Packages\3DBRJRHR.ZIP
2008-03-30 10:13 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-02 19:40 73,216 --sha-w C:\WINDOWS\Media\wma.exe
2008-03-02 19:40 73,216 --sha-w C:\WINDOWS\Help\hlps.exe
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"blank"="C:\WINDOWS\system32\blank.htm" [2008-03-31 00:16 917]
"hlps"="C:\WINDOWS\Help\hlps.exe" [2008-03-02 21:40 73216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 07:36 14854144 C:\WINDOWS\RTHDCPL.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-30 13:31 579072]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"blank"="C:\WINDOWS\system32\blank.htm" [2008-03-31 00:16 917]
"vxds"="C:\WINDOWS\vxds.exe" [2008-03-02 21:40 73216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-30 13:31 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"LegalNoticeCaption"="[Antichrist]"
"LegalNoticeText"="[Day of judgment]"
"Shell"="Explorer.exe shell.exe"
"LogonPrompt"="[Day of judgment]"
"Welcome"="[Antichrist]"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-03-31 00:17:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-31 0:18:16
ComboFix-quarantined-files.txt 2008-03-30 22:18:08

Dopuna: 31 Mar 2008 0:22

Evo sledio sam uputstva, cekam odgovor. Unapred hvala na pomoci.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\blank.htm
C:\WINDOWS\vxds.exe
C:\WINDOWS\Help\hlps.exe
C:\WINDOWS\Media\wma.exe
C:\WINDOWS\system32\OEMINFO.INI
C:\WINDOWS\system32\OEMLOGO.BMP

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"blank"=-
"hlps"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"blank"=-
"vxds"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"LegalNoticeCaption"=-
"LegalNoticeText"=-
"LogonPrompt"=-
"Welcome"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Interesuje me jos i sledeci fajl - shell.exe
Potrazi ga na svom kompu (najverovatnije je u System32 folderu) i uploaduj mi ga preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo log Combofixa posle ciscenja.

ComboFix 08-03-25.4 - sasha 2008-04-01 1:44:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.637 [GMT 2:00]
Running from: C:\Documents and Settings\sasha\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\sasha\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\Help\hlps.exe
C:\WINDOWS\Media\wma.exe
C:\WINDOWS\system32\blank.htm
C:\WINDOWS\system32\OEMINFO.INI
C:\WINDOWS\system32\OEMLOGO.BMP
C:\WINDOWS\vxds.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Help\hlps.exe
C:\WINDOWS\Media\wma.exe
C:\WINDOWS\system32\blank.htm
C:\WINDOWS\system32\OEMINFO.INI
C:\WINDOWS\system32\OEMLOGO.BMP
C:\WINDOWS\vxds.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.

2008-03-31 23:58 . 2008-03-31 23:58 <DIR> d-------- C:\Deckard
2008-03-31 00:24 . 2008-03-31 01:19 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-31 00:24 . 2008-03-31 00:38 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-31 00:24 . 2008-03-31 00:38 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-31 00:24 . 2008-03-31 00:38 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-30 20:15 . 2008-03-30 20:15 <DIR> d-------- C:\Documents and Settings\sasha\Application Data\ACD Systems
2008-03-30 20:14 . 2008-03-30 20:14 <DIR> d-------- C:\Program Files\uTorrent
2008-03-30 20:14 . 2008-03-31 23:00 <DIR> d-------- C:\Documents and Settings\sasha\Application Data\uTorrent
2008-03-30 20:12 . 2008-03-30 20:12 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-30 20:12 . 2008-03-30 20:12 <DIR> d-------- C:\Program Files\Ahead
2008-03-30 20:12 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-03-30 20:12 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-03-30 20:12 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-03-30 20:12 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-30 20:12 . 2003-10-06 08:41 113,664 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2008-03-30 20:12 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-03-30 20:12 . 2003-10-06 08:41 5,632 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-03-30 20:06 . 2008-03-30 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-03-30 20:05 . 2008-03-30 20:05 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-30 20:05 . 2008-03-30 20:06 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-03-30 20:05 . 2008-03-30 20:05 <DIR> d-------- C:\Program Files\ACD Systems
2008-03-30 20:05 . 2008-03-30 20:05 9,856 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-03-30 20:02 . 2008-03-30 20:02 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-30 20:00 . 2008-03-30 21:51 <DIR> d-------- C:\Program Files\Mv2Player
2008-03-30 19:48 . 2008-03-30 19:49 <DIR> d-------- C:\Documents and Settings\sasha\Application Data\AdobeUM
2008-03-30 19:39 . 2008-03-30 19:39 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-03-30 19:39 . 2008-03-30 19:39 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-03-30 19:37 . 2008-03-30 19:37 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-30 19:37 . 2008-03-30 19:37 96,256 --a------ C:\WINDOWS\system32\drivers\sptd3405.sys
2008-03-30 19:31 . 2008-03-30 19:31 <DIR> d-------- C:\Program Files\DivX Total Pack
2008-03-30 19:11 . 2008-03-30 19:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 19:08 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-30 19:08 . 2008-03-30 19:08 376 --a------ C:\WINDOWS\ODBC.INI
2008-03-30 19:07 . 2008-03-30 19:07 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-30 19:07 . 2008-03-30 19:07 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-03-30 19:06 . 2008-03-30 19:06 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-30 19:05 . 2008-03-30 19:05 <DIR> dr-h----- C:\MSOCache
2008-03-30 18:34 . 2008-03-30 18:34 <DIR> d-ahs---- C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}
2008-03-30 18:00 . 2008-03-30 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-30 17:46 . 2008-03-30 17:44 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-30 17:44 . 2008-03-30 17:44 <DIR> d-------- C:\WINDOWS\Sun
2008-03-30 17:44 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-03-30 17:43 . 2008-03-30 17:44 <DIR> d-------- C:\Program Files\Java
2008-03-30 17:41 . 2008-03-30 17:41 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-30 15:38 . 2008-03-31 01:10 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-30 15:38 . 2008-03-30 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 15:32 . 2008-03-30 15:32 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-30 15:32 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-03-30 15:32 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-03-30 15:32 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-03-30 15:31 . 2008-03-30 15:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-30 15:31 . 2008-03-30 15:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-30 13:37 . 2007-12-07 04:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-30 13:37 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-30 13:37 . 2007-07-01 05:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-30 13:37 . 2007-12-07 04:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-30 13:37 . 2007-12-07 04:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-30 13:37 . 2007-12-07 04:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-30 13:37 . 2007-12-07 04:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-30 13:37 . 2007-12-07 04:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-30 13:37 . 2007-12-06 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-30 13:34 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-03-30 13:31 . 2008-03-30 19:35 <DIR> d-------- C:\Documents and Settings\sasha\Application Data\AVG7
2008-03-30 13:31 . 2008-03-30 13:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-30 13:31 . 2008-03-30 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 13:31 . 2008-03-30 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-30 13:31 . 2008-03-30 13:31 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-30 13:31 . 2008-03-30 13:31 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2008-02-26 05:12 . 2008-02-26 05:12 372,736 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 05:10 . 2008-02-26 05:10 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 05:02 . 2008-02-26 05:02 172,032 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 05:02 . 2008-02-26 05:02 126,976 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 05:01 . 2008-02-26 05:01 126,976 --a------ C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 05:01 . 2008-02-26 05:01 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 05:01 . 2008-02-26 05:01 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 05:00 . 2008-02-26 05:00 520,192 --a------ C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 04:59 . 2008-02-26 04:59 9,797,632 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-02-26 04:58 . 2008-02-26 04:58 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 04:41 . 2008-02-26 04:41 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-02-26 04:41 . 2008-02-26 04:41 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-02-26 04:41 . 2008-02-26 04:41 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-02-26 04:29 . 2008-02-26 04:29 46,080 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 04:25 . 2008-02-26 04:25 393,216 --a------ C:\WINDOWS\system32\atikvmag.dll
2008-02-26 04:23 . 2008-02-26 04:23 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2008-02-26 04:22 . 2008-02-26 04:22 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 04:21 . 2008-02-26 04:21 5,439,488 --a------ C:\WINDOWS\system32\atioglxx.dll
2008-02-26 04:19 . 2008-02-26 04:19 167,936 --a------ C:\WINDOWS\system32\atiok3x2.dll
2008-02-14 19:35 . 2008-02-14 19:35 166,450 --a------ C:\WINDOWS\system32\atiicdxx.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 22:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-31 22:21 --------- d-----w C:\Documents and Settings\sasha\Application Data\Corel
2008-03-31 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-31 22:19 --------- d-----w C:\Program Files\Corel
2008-03-31 22:19 --------- d-----w C:\Program Files\Common Files\Corel
2008-03-30 12:11 --------- d-----w C:\Documents and Settings\sasha\Application Data\ATI
2008-03-30 12:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-03-30 12:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 12:09 --------- d-----w C:\Program Files\ATI Technologies
2008-03-30 10:21 --------- d-----w C:\Program Files\BroadCom GB LAN
2008-03-30 10:20 --------- d-----w C:\Program Files\Realtek
2008-03-30 10:18 --------- d-----w C:\Program Files\Intel
2008-03-30 10:13 558,142 ----a-w C:\WINDOWS\java\Packages\V1VXZ3D7.ZIP
2008-03-30 10:13 155,995 ----a-w C:\WINDOWS\java\Packages\3DBRJRHR.ZIP
2008-03-30 10:13 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-31_ 0.18.01,98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-07-25 16:13:18 24,576 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.dll
+ 2002-07-25 16:13:12 196,608 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.exe
+ 2005-08-11 14:30:30 417,792 ----a-w C:\WINDOWS\Downloaded Program Files\isusweb.dll
+ 2008-03-31 22:20:57 65,536 ----a-r C:\WINDOWS\Installer\{32A72502-BC2C-4C39-ACEA-BC3D463F0697}\ARPPRODUCTICON.exe
+ 2008-03-31 22:21:23 65,536 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\ARPPRODUCTICON.exe
+ 2008-03-31 22:21:23 45,056 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9_1.exe
+ 2008-03-31 22:21:23 45,056 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut90.exe
+ 2008-03-31 22:21:23 45,056 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut900.exe
+ 2008-03-31 22:21:23 45,056 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9000.exe
+ 2008-03-31 22:21:23 45,056 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9001.exe
+ 2008-03-31 22:21:23 45,056 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut901.exe
+ 2008-03-31 22:21:23 45,056 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut902.exe
+ 2008-03-31 22:21:23 45,056 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut91.exe
+ 2008-03-31 22:21:23 45,056 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut910.exe
+ 2008-03-31 22:21:23 45,056 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9100.exe
+ 2008-03-31 22:21:23 45,056 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9101.exe
+ 2008-03-31 22:21:23 45,056 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut911.exe
+ 2008-03-31 22:21:23 45,056 ----a-r C:\WINDOWS\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut912.exe
+ 2008-03-31 22:20:31 22,758 ----a-r C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\ARPPRODUCTICON.exe
+ 2008-03-31 22:20:31 65,536 ----a-r C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\NewShortcut1.exe
+ 2008-03-31 22:20:31 65,536 ----a-r C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\NewShortcut2.exe
+ 2008-03-31 22:20:31 65,536 ----a-r C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\NewShortcut4.exe
+ 2008-03-31 22:20:31 65,536 ----a-r C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\NewShortcut5.exe
+ 2008-03-31 22:20:31 65,536 ----a-r C:\WINDOWS\Installer\{63218538-4A69-497F-8455-904261B0E9E4}\NewShortcut8.exe
+ 2008-03-31 22:21:17 65,536 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\ARPPRODUCTICON.exe
+ 2008-03-31 22:21:17 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-03-31 22:21:17 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1028.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-03-31 22:21:17 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1031.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-03-31 22:21:17 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1036.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-03-31 22:21:17 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1040.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-03-31 22:21:17 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1041.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-03-31 22:21:17 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1042.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-03-31 22:21:17 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1043.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-03-31 22:21:17 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1046.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-03-31 22:21:17 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_1053.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-03-31 22:21:17 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_2052.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2008-03-31 22:21:17 34,304 ----a-r C:\WINDOWS\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\misc.exe_3082.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
+ 2007-03-29 07:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-05 14:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 12:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 09:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 11:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2007-11-12 07:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll
+ 2006-02-16 16:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-25 16:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2007-11-26 09:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll
+ 2004-05-04 13:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 11:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 08:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 11:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-16 16:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-05 14:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2007-06-04 09:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll
+ 2006-06-30 12:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 12:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2007-10-30 08:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll
+ 2006-08-01 11:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2007-11-21 08:00:06 376,832 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2007-10-31 11:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll
+ 2006-08-17 09:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 09:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 06:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 12:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 08:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 08:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-20 14:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 07:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 08:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 12:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 12:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 11:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 06:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 06:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-10-18 07:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll
+ 2007-11-23 12:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll
+ 2007-10-18 07:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll
+ 2007-10-30 09:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll
+ 2007-08-22 06:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll
+ 2007-08-22 06:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll
+ 2007-08-22 06:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll
+ 2007-10-04 13:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll
+ 2007-10-23 09:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll
+ 2007-05-24 09:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll
+ 2007-11-12 13:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll
+ 2007-04-18 15:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 12:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 2007-06-08 07:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys
+ 2007-06-05 08:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys
+ 1997-09-18 04:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
+ 2006-02-28 15:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2007-09-17 07:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll
+ 2006-08-02 10:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
+ 2001-04-19 22:50:36 26,384 ----a-w C:\WINDOWS\system32\FM20CHS.DLL
+ 2001-04-19 22:50:34 26,384 ----a-w C:\WINDOWS\system32\FM20CHT.DLL
+ 2001-03-12 08:51:42 30,480 ----a-w C:\WINDOWS\system32\FM20DEU.DLL
+ 2001-04-20 09:36:38 28,944 ----a-w C:\WINDOWS\system32\FM20ESN.DLL
+ 2001-04-20 09:36:32 29,456 ----a-w C:\WINDOWS\system32\FM20FRA.DLL
+ 2001-04-20 09:36:32 29,456 ----a-w C:\WINDOWS\system32\fm20ita.dll
+ 2001-03-12 08:51:44 26,384 ----a-w C:\WINDOWS\system32\FM20JPN.DLL
+ 2001-04-19 22:50:36 26,384 ----a-w C:\WINDOWS\system32\FM20KOR.DLL
+ 2001-04-20 09:36:34 29,968 ----a-w C:\WINDOWS\system32\FM20NLD.DLL
+ 2001-04-20 09:36:36 28,944 ----a-w C:\WINDOWS\system32\FM20PTB.DLL
+ 2001-04-20 09:36:38 27,408 ----a-w C:\WINDOWS\system32\FM20SVE.DLL
- 2008-03-30 13:12:43 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-03-31 22:11:42 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2003-03-18 19:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2003-03-18 18:44:36 40,960 ----a-w C:\WINDOWS\system32\MFC71CHS.DLL
+ 2003-03-18 18:44:36 45,056 ----a-w C:\WINDOWS\system32\MFC71CHT.DLL
+ 2003-03-18 18:44:34 65,536 ----a-w C:\WINDOWS\system32\MFC71DEU.DLL
+ 2003-03-18 18:44:38 57,344 ----a-w C:\WINDOWS\system32\MFC71ENU.DLL
+ 2003-03-18 18:44:36 61,440 ----a-w C:\WINDOWS\system32\MFC71ESP.DLL
+ 2003-03-18 18:44:34 61,440 ----a-w C:\WINDOWS\system32\MFC71FRA.DLL
+ 2003-03-18 18:44:36 61,440 ----a-w C:\WINDOWS\system32\MFC71ITA.DLL
+ 2003-03-18 18:44:34 49,152 ----a-w C:\WINDOWS\system32\MFC71JPN.DLL
+ 2003-03-18 18:44:38 49,152 ----a-w C:\WINDOWS\system32\MFC71KOR.DLL
+ 2003-03-18 19:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
+ 1999-07-14 15:00:46 7,168 ----a-w C:\WINDOWS\system32\msprpchs.dll
+ 1999-07-14 12:07:32 7,168 ----a-w C:\WINDOWS\system32\msprpcht.dll
+ 2000-04-03 18:06:48 8,192 ----a-w C:\WINDOWS\system32\msprpde.dll
+ 1999-05-23 18:07:52 8,192 ----a-w C:\WINDOWS\system32\msprpes.dll
+ 1999-05-23 18:07:52 7,680 ----a-w C:\WINDOWS\system32\msprpfr.dll
+ 1999-05-23 18:07:52 8,192 ----a-w C:\WINDOWS\system32\msprpit.dll
+ 2000-05-11 20:07:14 7,168 ----a-w C:\WINDOWS\system32\msprpjp.dll
+ 1999-07-14 15:00:46 7,168 ----a-w C:\WINDOWS\system32\msprpko.dll
+ 1999-06-20 18:06:54 8,192 ----a-w C:\WINDOWS\system32\msprpnl.dll
+ 1999-06-20 18:06:54 7,680 ----a-w C:\WINDOWS\system32\msprpptb.dll
+ 1999-06-20 18:06:56 7,680 ----a-w C:\WINDOWS\system32\msprpsv.dll
- 2000-05-23 20:45:58 118,784 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL
+ 2000-04-03 18:05:58 118,784 ----a-w C:\WINDOWS\system32\msstdfmt.dll
+ 2002-02-04 00:52:54 1,230,336 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2002-02-04 00:43:00 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
+ 1999-07-14 12:07:32 6,144 ----a-w C:\WINDOWS\system32\stdftchs.dll
+ 1999-07-14 12:07:32 6,144 ----a-w C:\WINDOWS\system32\stdftcht.dll
+ 1999-07-14 12:07:32 6,656 ----a-w C:\WINDOWS\system32\stdftde.dll
+ 1999-05-23 18:07:52 6,656 ----a-w C:\WINDOWS\system32\stdftes.dll
+ 1999-05-23 18:07:52 6,656 ----a-w C:\WINDOWS\system32\stdftfr.dll
+ 1999-05-23 18:07:52 6,656 ----a-w C:\WINDOWS\system32\stdftit.dll
+ 1999-07-14 12:07:34 6,144 ----a-w C:\WINDOWS\system32\stdftjp.dll
+ 1999-07-14 12:07:34 6,144 ----a-w C:\WINDOWS\system32\stdftko.dll
+ 1999-07-14 12:07:32 102,160 ----a-w C:\WINDOWS\system32\vb6chs.dll
+ 1999-07-14 12:07:32 102,160 ----a-w C:\WINDOWS\system32\vb6cht.dll
+ 2000-11-22 09:33:20 125,712 ----a-w C:\WINDOWS\system32\vb6de.dll
+ 1999-05-23 18:07:52 119,568 ----a-w C:\WINDOWS\system32\vb6es.dll
+ 1999-05-23 18:07:52 119,568 ----a-w C:\WINDOWS\system32\vb6fr.dll
+ 1999-05-23 18:07:52 122,128 ----a-w C:\WINDOWS\system32\vb6it.dll
+ 2000-11-22 09:15:12 102,160 ----a-w C:\WINDOWS\system32\vb6jp.dll
+ 1999-07-14 12:07:34 102,160 ----a-w C:\WINDOWS\system32\vb6ko.dll
+ 2003-03-25 16:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
+ 2008-03-31 22:20:10 1,230,336 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2008-03-31 22:20:10 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 07:36 14854144 C:\WINDOWS\RTHDCPL.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-30 13:31 579072]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-30 13:31 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-04-01 01:46:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-01 1:46:37
ComboFix-quarantined-files.txt 2008-03-31 23:46:28
ComboFix2.txt 2008-03-30 22:18:17

Dopuna: 01 Apr 2008 1:59

Bobby ne mogu da nadjem shell.exe na svom racunaru da li je moguce da ga je obrisao antivirus?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Izvini na malom kasnjenju.
Nije frka ukoliko ne mozes da ga nadjes. Moguce je da je vec obrisan.

Javicu ti se uskoro ponovo, a ti do tada deinstaliraj sa svog kompa staru Javu i instaliraj novu sa www.java.com
Ovo obavezno uradi, posto je stara Java podlozna infekcijama, a ti imas uzasno matoru verziju.

Dopuna: 05 Apr 2008 16:54

Skini sledeci fajl (desno dugme na link, pa Save As ili slicna opcija u tvom browseru):
https://www.mycity.rs/must-login.png

Snimi ga na Desktop.

Pokreni fajl duplim klikom.
Bices upitan da potvrdis upis u reg. bazu, na sta ces odgovoriti potvrdno.

To bi trebalo da resi i zadnje tragove ove infekcije.