Pomoc molim

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of HijackThis v1.99.1
Scan saved at 14:25:27, on 29.08.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\WLAN\ACU.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
D:\Install\opera926\op.com
C:\Documents and Settings\Dragan\Application Data\Thinstall\Total Commander Ultima Prime 4.0.0.0.ASPIRE\40000033f00002i\totalcmd.exe
c:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Dragan
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....3355553359
O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) - appservers.it.telekom.rs/forms/jinitiator/jinit13113.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: WLAN Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IA Analysing v2.0 (IACtrl) - Unknown owner - C:\Program Files\Pointdev\IDEAL Administration\IACtrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)

Dopuna: 29 Avg 2008 14:36

nisam bio precizan,ne dozvoljava mi instalaciju KIS -a 2009,programe koje instaliram ne vidi Win explorer,tako da Shortcut sa Desk-a mi je neupotrebljiv

Dopuna: 29 Avg 2008 14:40

poratble opera usb

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poz...


Obrisah prethodnu poruku, pošto sam naknadno video pojašnjenje.

U postavljenom logu nema tragova malware-a.

A pomenuti problemi... Nisam baš siguran da imaju veze sa malware-om.

No, proverićemo.

Pošto vidim da nemaš antivirus, prvo ćemo odraditi jedan av-scan.



Preuzmi Dr.Web CureIt (~10 MB).
Dvoklikom pokreni cureit.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu

Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Malo je trajalo ali vredi,

ComboFix.exe\327882R2FWJFW\psexec.cfexe C:\Documents and Settings\Dragan\Desktop\ComboFix.exe Program.PsExec.171
ComboFix.exe C:\Documents and Settings\Dragan\Desktop Archive contains infected objects Moved.
lqhbeqrp.exe.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Starter.561 Deleted.
oerypvqu.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod.based.23 Deleted.
A0006778.exe C:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP38 Trojan.Starter.561 Deleted.
A0006779.dll C:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP38 Trojan.Virtumod.based.23 Deleted.
A0006796.EXE C:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP38 Program.PsExec.170 Incurable.Moved.
A0008019.exe\327882R2FWJFW\psexec.cfexe C:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41\A0008019.exe Program.PsExec.171
A0008019.exe C:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41 Archive contains infected objects Moved.
USBThief.exe\USBThief\USBThief\batexe\iepv.exe C:\Temp\USBThief.exe Tool.PassView.22
USBThief.exe\USBThief\USBThief\batexe\mailpv.exe C:\Temp\USBThief.exe Tool.PassView
USBThief.exe\USBThief\USBThief\batexe\mspass.exe C:\Temp\USBThief.exe Tool.MessenPass
USBThief.exe\USBThief\USBThief\batexe\netpass.exe C:\Temp\USBThief.exe Tool.Netpass
USBThief.exe\USBThief\USBThief\batexe\ProduKey.exe C:\Temp\USBThief.exe Tool.ProductKey
USBThief.exe\USBThief\USBThief\batexe\pspv.exe C:\Temp\USBThief.exe Tool.PassView
USBThief.exe\USBThief\USBThief\batexe\PstPassword.exe C:\Temp\USBThief.exe Tool.MailPassView.134
USBThief.exe\USBThief\USBThief\batexe\strun.exe C:\Temp\USBThief.exe Tool.StartupRun.122
USBThief.exe\USBThief\USBThief\batexe\wul.exe C:\Temp\USBThief.exe Tool.ShowPass.3
USBThief.exe C:\Temp Archive contains infected objects Moved.
iepv.exe C:\Temp\USBThief\USBThief\batexe Tool.PassView.22 Incurable.Moved.
mailpv.exe C:\Temp\USBThief\USBThief\batexe Tool.PassView Incurable.Moved.
mspass.exe C:\Temp\USBThief\USBThief\batexe Tool.MessenPass Incurable.Moved.
netpass.exe C:\Temp\USBThief\USBThief\batexe Tool.Netpass Incurable.Moved.
ProduKey.exe C:\Temp\USBThief\USBThief\batexe Tool.ProductKey Incurable.Moved.
pspv.exe C:\Temp\USBThief\USBThief\batexe Tool.PassView Incurable.Moved.
PstPassword.exe C:\Temp\USBThief\USBThief\batexe Tool.MailPassView.134 Incurable.Moved.
strun.exe C:\Temp\USBThief\USBThief\batexe Tool.StartupRun.122 Incurable.Moved.
wul.exe C:\Temp\USBThief\USBThief\batexe Tool.ShowPass.3 Incurable.Moved.
Office2003SP1-kb842532-fullfile-srl.exe D:\Downloads\Office 2003 srpski Win95.SK Incurable.Moved.
Timer1.1.exe\data006 D:\Install\Timer1.1.exe Modification of Win32.HLLW.Generic.186
Timer1.1.exe D:\Install Archive contains infected objects Moved.
data002\data002 D:\Install\BandWidthMeter.v3.1.0\BMSetup\BMSetup.exe\data002 Program.SrvAny
data002 D:\Install\BandWidthMeter.v3.1.0\BMSetup\BMSetup.exe Archive contains infected objects
BMSetup.exe D:\Install\BandWidthMeter.v3.1.0\BMSetup Archive contains infected objects Moved.
data002\data002 D:\Install\BandWidthMeter.v3.1.0\BMSetup\BMSetup\BMSetup.exe\data002 Program.SrvAny
data002 D:\Install\BandWidthMeter.v3.1.0\BMSetup\BMSetup\BMSetup.exe Archive contains infected objects
BMSetup.exe D:\Install\BandWidthMeter.v3.1.0\BMSetup\BMSetup Archive contains infected objects Moved.
data002\data002 D:\Install\BandWidthMeter.v3.1.0\BWMeter.v3.1.0.WinALL-CHiCNCREAM\BMSetup\BMSetup.exe\data002 Program.SrvAny
data002 D:\Install\BandWidthMeter.v3.1.0\BWMeter.v3.1.0.WinALL-CHiCNCREAM\BMSetup\BMSetup.exe Archive contains infected objects
BMSetup.exe D:\Install\BandWidthMeter.v3.1.0\BWMeter.v3.1.0.WinALL-CHiCNCREAM\BMSetup Archive contains infected objects Moved.
Office2003SP1-kb842532-fullfile-srl.exe D:\Install\Office 2003 srpski Win95.SK Incurable.Moved.
gj.exe\data001 D:\Miljana\Mob\gj.exe Adware.Zango
gj.exe D:\Miljana\Mob Archive contains infected objects Moved.
Setup.exe\data001 D:\Miljana\Mob\Setup.exe Adware.Zango
Setup.exe D:\Miljana\Mob Archive contains infected objects Moved.
A0008025.exe D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41 Win95.SK Incurable.Moved.
A0008026.exe\data006 D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41\A0008026.exe Modification of Win32.HLLW.Generic.186
A0008026.exe D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41 Archive contains infected objects Moved.
data002\data002 D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41\A0008027.exe\data002 Program.SrvAny
data002 D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41\A0008027.exe Archive contains infected objects
A0008027.exe D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41 Archive contains infected objects Moved.
data002\data002 D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41\A0008028.exe\data002 Program.SrvAny
data002 D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41\A0008028.exe Archive contains infected objects
A0008028.exe D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41 Archive contains infected objects Moved.
data002\data002 D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41\A0008029.exe\data002 Program.SrvAny
data002 D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41\A0008029.exe Archive contains infected objects
A0008029.exe D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41 Archive contains infected objects Moved.
A0008030.exe D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41 Win95.SK Incurable.Moved.
A0008031.exe\data001 D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41\A0008031.exe Adware.Zango
A0008031.exe D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41 Archive contains infected objects Moved.
A0008032.exe\data001 D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41\A0008032.exe Adware.Zango
A0008032.exe D:\System Volume Information\_restore{BF0A51FF-539F-4CD2-84C7-F157D6FE3592}\RP41 Archive contains infected objects Moved.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-08-29.02 - Dragan 2008-08-29 23:52:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.428 [GMT 2:00]
Running from: C:\Documents and Settings\Dragan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.

2008-08-29 15:38 . 2008-08-29 15:52 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-29 15:38 . 2008-08-29 15:52 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-29 15:36 . 2008-08-29 15:36 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-08-29 15:36 . 2008-08-29 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-29 15:36 . 2008-08-29 23:59 4,082,208 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-29 15:36 . 2008-08-29 23:59 434,208 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-29 15:36 . 2008-08-29 23:59 34,020 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-29 15:36 . 2008-08-29 23:59 3,612 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-29 14:55 . 2008-08-29 15:43 <DIR> d-------- C:\Documents and Settings\Dragan\DoctorWeb
2008-08-28 22:17 . 2008-08-28 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-28 22:16 . 2008-08-28 22:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2008-08-28 22:15 . 2008-08-28 22:15 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-28 15:14 . 2008-08-28 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-08-28 15:11 . 2008-08-28 15:11 <DIR> d-------- C:\Program Files\IVT Corporation
2008-08-28 15:07 . 2008-08-28 15:07 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-28 15:07 . 2008-08-28 15:07 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_btprot_01005.Wdf
2008-08-28 14:25 . 2008-02-27 02:41 <DIR> d-------- C:\Temp\USBThief
2008-08-21 18:57 . 2008-08-21 18:57 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks
2008-08-19 16:21 . 2003-06-19 00:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-08-19 16:19 . 2008-08-19 16:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-19 16:19 . 2008-08-19 16:19 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-08-19 16:16 . 2008-08-19 16:16 <DIR> dr-h----- C:\MSOCache
2008-08-19 12:44 . 2008-04-14 05:42 151,552 --a------ C:\WINDOWS\system32\irftp.exe
2008-08-19 12:44 . 2008-04-14 05:42 151,552 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-08-19 12:44 . 2008-04-14 05:41 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-08-19 12:44 . 2008-04-14 05:41 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-08-19 12:44 . 2008-04-14 05:42 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-08-19 12:44 . 2008-04-14 05:42 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-08-06 21:15 . 2008-04-14 05:41 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-06 21:15 . 2008-04-14 05:41 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-06 21:15 . 2008-04-14 00:09 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-06 21:15 . 2008-04-14 00:09 14,592 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-08-03 07:34 . 2008-08-03 07:34 <DIR> d-------- C:\Documents and Settings\Dragan\Application Data\zweitgeist
2008-08-02 10:22 . 2008-08-02 10:22 453,120 --a------ C:\WINDOWS\system32\drivers\btprot.sys
2008-07-30 21:27 . 2008-07-30 21:27 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-30 21:20 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-30 21:19 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-30 21:19 . 2007-03-08 07:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-30 21:19 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-30 21:19 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-30 21:19 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-30 21:19 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-30 21:19 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-30 21:19 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-30 21:18 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-30 21:05 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-07-30 09:04 . 2008-07-30 09:04 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-07-30 09:04 . 2008-07-30 09:04 23,808 --a------ C:\WINDOWS\system32\drivers\btiausb.sys
2008-07-30 09:04 . 2008-07-30 09:04 10,240 --a------ C:\WINDOWS\system32\btiaci.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 21:48 --------- d-----w C:\Documents and Settings\Dragan\Application Data\Skype
2008-08-29 14:29 --------- d-----w C:\Documents and Settings\Dragan\Application Data\skypePM
2008-08-28 13:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 12:52 --------- d-----w C:\Documents and Settings\Dragan\Application Data\Thinstall
2008-08-25 06:51 --------- d-----w C:\Documents and Settings\Dragan\Application Data\uTorrent
2008-08-19 13:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-16 15:23 --------- d-----w C:\Documents and Settings\Dragan\Application Data\Winamp
2008-07-25 23:56 --------- d-----w C:\Program Files\Bonjour
2008-07-25 23:54 --------- d-----w C:\Program Files\Process Master
2008-07-25 23:46 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-25 23:46 --------- d-----w C:\Documents and Settings\Dragan\Application Data\Malwarebytes
2008-07-25 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-25 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-23 22:21 --------- d-----w C:\Program Files\MP3Gain
2008-07-23 18:09 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-23 18:09 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-05 07:00 --------- d-----w C:\Program Files\Uniblue
2008-07-05 07:00 --------- d-----w C:\Documents and Settings\Dragan\Application Data\Uniblue
2008-07-04 16:56 --------- d-----w C:\Documents and Settings\Dragan\Application Data\Samsung
2008-07-04 16:52 --------- d-----w C:\Program Files\Samsung
2008-06-28 06:03 --------- d-----w C:\Documents and Settings\Dragan\Application Data\HateML
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-02-21 18:57 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-21 05:50 56 --sha-r C:\WINDOWS\system32\C2E67EEC1F.sys
2008-03-21 05:50 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-28_ 8.47.34.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-16 12:23:44 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2008-01-29 16:29:38 32,784 ----a-w C:\WINDOWS\system32\drivers\klbg.sys
+ 2008-03-13 17:02:46 26,640 ----a-w C:\WINDOWS\system32\drivers\klfltdev.sys
+ 2008-08-29 13:52:36 187,920 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-03-25 18:07:10 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2008-04-25 16:21:06 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
+ 2006-11-02 05:22:54 492,000 ------w C:\WINDOWS\system32\drivers\wdf01000.sys
+ 2006-11-02 05:22:52 32,224 ------w C:\WINDOWS\system32\drivers\wdfldr.sys
+ 2008-04-25 16:22:24 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
- 2008-08-19 15:41:36 72,350 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-28 13:08:23 72,350 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-19 15:41:36 444,766 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-28 13:08:23 444,766 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-10-16 15:10:58 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-08 19:51:14 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="C:\Program Files\WLAN\ACU.exe" [2006-01-05 17:47 303104]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 08:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 08:43 688218]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 14:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - C:\WINDOWS\Installer\{C91DE044-D900-4F15-BBD1-44FD9D59B277}\Icon3E5562ED7.ico [2008-08-21 18:58:04 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dragan^Start Menu^Programs^Startup^Stickies.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HEXelon MAX
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
--------- 2007-12-14 11:36 50472 C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
--------- 2008-03-20 20:23 83240 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
--a------ 2005-03-04 14:13 32768 C:\WINDOWS\system32\Keyhook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2004-06-10 14:48 286720 C:\WINDOWS\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a------ 2007-06-13 08:16 528384 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-10-08 08:43 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-10-08 08:44 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster2]
--a------ 2007-04-13 11:51 1848864 C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2008-04-14 14:00 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
-ra------ 2005-02-25 13:35 49152 C:\WINDOWS\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-02-23 12:13 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Install\\Windows_Live_Messenger_8.1.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4445:TCP"= 4445:TCP:Network LookOut Administrator Configuration
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;C:\WINDOWS\ZDCNDIS5.sys [2006-04-14 16:35]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S3 AR5523;WLAN USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-05 17:56]
S3 BTIAUSB;Generic Bluetooth Device;C:\WINDOWS\system32\DRIVERS\btiausb.sys [2008-07-30 09:04]
S3 BTPROT;Generic Bluetooth Filter;C:\WINDOWS\system32\DRIVERS\btprot.sys [2008-08-02 10:22]
S3 G120(ZyXEL);ZyXEL G-120 IEEE 802.11g Wireless CardBus Adapter(ZyXEL);C:\WINDOWS\system32\DRIVERS\G120.sys [2006-07-20 13:40]
S3 IACtrl;IA Analysing v2.0;C:\Program Files\Pointdev\IDEAL Administration\IACtrl.exe [2001-01-03 12:37]
S3 ncvhook;ncvhook;C:\WINDOWS\system32\DRIVERS\ncvhook.sys [2007-09-30 17:54]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 09:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 09:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 09:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 09:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 09:33]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 12:55]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 12:55]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 12:55]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 12:56]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 12:56]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 12:56]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 12:56]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
S3 TEUSBMU;Panasonic Analog PBX USB Main Unit driver;C:\WINDOWS\system32\Drivers\TEUSBMU.sys [2005-01-14 15:36]
S4 NetworkLookOutAgent;Network LookOut Agent;C:\Program Files\Network LookOut Administrator Pro\bin\NLAgentProSvc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe

O16 -: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} - hxxp://appservers.it.telekom.rs/forms/jinitiator/jinit13113.exe
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-08-30 00:00:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\acs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-08-30 0:06:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-29 22:05:57
ComboFix2.txt 2008-08-28 06:48:26

Pre-Run: 17,030,217,728 bytes free
Post-Run: 17,042,579,456 bytes free

254

Dopuna: 30 Avg 2008 0:22

Danas sam posle zadnjeg kontakta instalirao KIS 2009 i skenirao racunar(nasao je boga oca virusa,spywera itd.).Naravno pre toga sam sledio Dr. Borina uputstva.Uglavnom ishod svega je da mi Lap Top sada radi normalno.Dr.Boro stvano si doktor,uz neizmernu zahvanost saljem veliki pozdrav

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odradi još sledeće:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


To je sve...