SmitFraud - Fix

Gax

Domaćin
Poruka
3.149
Kada otvorim IE uvek mi je pocetna strana safetyonlinepage.com(pokusao sam da vratim na Use Balnk,ali uvek isto),na toj strani pise kao da mi je komp. zarazen i da treba da se skenira.Kada nisam na liniji i udjem u IE on pokusava da otvori tu stranu tako da mi IE zablokira.Konekcija mi je Dial-Up(Neobee).

Logfile of HijackThis v1.99.1
Scan saved at 14:41:26, on 1.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\G-VGA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Neobee Speeedy Internet Accelerator\speeedycore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Neobee Speeedy Internet Accelerator\speeedygui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\BRANKOV company\Desktop\-VAZNO-\123.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2362982A-85FA-45F1-9594-574AACC18F4C} - C:\WINDOWS\system32\jkhff.dll (file missing)
O2 - BHO: (no name) - {23B760D6-C98B-450B-9B32-26C7775CDF83} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: TBSB07218 - {3AF93A29-A296-4AB0-9011-D85A559203B3} - C:\Program Files\TurboUpload\TurboUpload Toolbar\turboupload.dll (file missing)
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Neobee Speeedy Internet Accelerator\PBHelper.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\dfomtryn.dll (file missing)
O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - C:\WINDOWS\system32\opnnnnl.dll (file missing)
O3 - Toolbar: Neobee Speeedy Internet Accelerator - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\Neobee Speeedy Internet Accelerator\Toolband.dll
O3 - Toolbar: TurboUpload Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\TurboUpload\TurboUpload Toolbar\turboupload.dll (file missing)
O3 - Toolbar: IE Custom Tools - {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\system32\G-VGA.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Neobee Speeedy Internet Accelerator\speeedycore.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [L07AXLRD_2162890] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
O4 - Global Startup: Neobee Speeedy Internet Accelerator.lnk = C:\Program Files\Neobee Speeedy Internet Accelerator\speeedygui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: opnnnnl - opnnnnl.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
Pokreni HT, skeniraj i čekiraj sledeće linije:

O2 - BHO: (no name) - {2362982A-85FA-45F1-9594-574AACC18F4C} - C:\WINDOWS\system32\jkhff.dll (file missing)
O2 - BHO: TBSB07218 - {3AF93A29-A296-4AB0-9011-D85A559203B3} - C:\Program Files\TurboUpload\TurboUpload Toolbar\turboupload.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\dfomtryn.dll (file missing)
O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - C:\WINDOWS\system32\opnnnnl.dll (file missing)
O3 - Toolbar: TurboUpload Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\TurboUpload\TurboUpload Toolbar\turboupload.dll (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O20 - Winlogon Notify: opnnnnl - opnnnnl.dll (file missing)

Klikni Fix Checked.


---------------------------------------------------------------------------------------------------------------------------------


Privremeno isključi antivirus a zatim...
(Ukoliko već imaš smitfraudfix, obriši ga i skini najnoviju verziju sa donjeg linka)


Preuzmi SmitfraudFix.

  • Restartuj kompjuter u Safe Mode (pritiskuj F8 pri paljenju kompjutera i izaberi Safe Mode iz menija)
  • Dvoklikom pokreni SmitfraudFix.exe
  • Izaberi opciju #2 - Clean kucajući 2 i Enter
  • Sačekaj da se čišćenje i Disk Cleanup završe
  • Biće ti postavljeno pitanje: "Registry cleaning - Do you want to clean the registry ?" odgovori "Yes" kucajući Y i Enter
  • Program će takođe proveriti da li je wininet.dll inficiran. Ukoliko jeste, bićeš upitan(a) oko zamene wininet.dll. Odgovori "Yes" na pitanje "Replace infected file ?" kucajući Y i Enter

Možda će biti potreban restart da bi se završio proces čišćenja; ukoliko se kompjuter automatski ne restartuje, ti to učini.
Ovaj program će napraviti logfile C:\rapport.txt koji je potrebno iskopirati u temu na forumu.


Uz C:\rapport.txt postavi i novi HijackThis log...
 
Uspeo sam,hvala,super si objasnio.

Logfile of HijackThis v1.99.1
Scan saved at 14:42:58, on 2.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\G-VGA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Neobee Speeedy Internet Accelerator\speeedycore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Neobee Speeedy Internet Accelerator\speeedygui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\BRANKOV company\Desktop\-VAZNO-\123.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Neobee Speeedy Internet Accelerator\PBHelper.dll
O3 - Toolbar: Neobee Speeedy Internet Accelerator - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\Neobee Speeedy Internet Accelerator\Toolband.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\system32\G-VGA.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Neobee Speeedy Internet Accelerator\speeedycore.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [L07AXLRD_2162890] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
O4 - Global Startup: Neobee Speeedy Internet Accelerator.lnk = C:\Program Files\Neobee Speeedy Internet Accelerator\speeedygui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


-----------------------------------------------------------------------------------------------------------------------------------------------------------


SmitFraudFix v2.256

Scan done at 14:36:09,37, ned 02.12.2007
Run from C:\Documents and Settings\BRANKOV company\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b0883848-1466-4470-a418-3fe7d36694b9}"="bemocked"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\rldyt.dll Deleted
C:\Program Files\Video Add-on\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
 
Pokreni HijackThis, skeniraj i čekiraj sledeće linije:

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)

Klikni Fix Checked.


Potrebno je resetovati System Restore:
Control Panel - System: System Restore tab: čekiraj Turn off System Restore on all drives.
Restartuj kompjuter, a zatim dečekiraj gornju opciju (tj. uključi SR).


To bi bilo sve...
 
Ponovo slican problem,samo mi je sada pocetna strana www.serial99.com,opcija Use Blank je van mogucnosti za koriscenje.
P.S. Koji program mi je najbolji da se zastitim od ovoga,a da bude kompatibilan sa Avast-om.Probao sam da problem resim sa SpyBot-om,ali nisam uspeo.

Logfile of HijackThis v1.99.1
Scan saved at 22:52:16, on 8.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\G-VGA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Neobee Speeedy Internet Accelerator\speeedycore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\WINDOWS\system32\svehost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Neobee Speeedy Internet Accelerator\speeedygui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\BRANKOV company\Desktop\HT - SmitfraudFix\HT\123.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serial99.com/?a
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Neobee Speeedy Internet Accelerator\PBHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Neobee Speeedy Internet Accelerator - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\Neobee Speeedy Internet Accelerator\Toolband.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\system32\G-VGA.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Neobee Speeedy Internet Accelerator\speeedycore.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [L07AXLRD_2162890] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Neobee Speeedy Internet Accelerator.lnk = C:\Program Files\Neobee Speeedy Internet Accelerator\speeedygui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
 
Pa i nije baš sličan problem. Uz to što ti je promenjena početna strana u IE-u, imaš i (bar) jednog crva koga si najverovatnije pokupio skidajući cr*ck-ove sa neke P2P mreže.
Time ti je i jasno kako da se zaštitiš ubuduće...

Pokreni HijackThis, skeniraj i čekiraj sledeće linije:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serial99.com/?a
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Klikni Fix Checked.

---------------------------------------------------------------------------------------------------------------------------------

Restartuj kompjuter...


Preuzmi ComboFix sa jednog od sledećih linkova i sačuvaj ga na Desktop-u:
download link 1, download link 2
  • Privremeno isključi AV program kako ne bi ometao proces čišćenja
  • Dvoklikom pokreni ComboFix.exe i isprati uputstva
  • Nemoj klikati mišem u prozoru ComboFix-a dok radi!
  • Kada proces bude završen, logfile C:\ComboFix.txt će se otvoriti u Notepad-u
  • Iskopiraj sadržaj tog logfile-a u temu na forumu
 
Mora iz dva dela...

ComboFix 07-12-09.1 - GAX company 2007-12-08 23:46:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.210 [GMT 1:00]
Running from: C:\Documents and Settings\GAX company\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\svehost.exe
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\xpdx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NEW_DRV
-------\LEGACY_SFSYNC02
-------\NPF
-------\sfsync02
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.

2007-12-08 16:23 . 2007-12-08 16:23 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2007-12-08 16:20 . 2007-12-08 16:22 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-08 16:19 . 2007-12-08 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-12-08 15:36 . 2007-12-08 16:06 <DIR> d-------- C:\Program Files\Electronic Arts
2007-12-08 14:41 . 2006-05-31 08:22 62,232 -r------- C:\WINDOWS\system32\GameuxInstallHelper.dll
2007-12-08 12:34 . 2007-12-08 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-08 00:04 . 2007-12-08 00:04 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Share-to-Web Upload Folder
2007-12-08 00:04 . 2007-12-08 00:04 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\ATI
2007-12-07 23:49 . 2007-12-07 23:50 <DIR> d-------- C:\Program Files\Womble MPEG Editor
2007-12-06 20:31 . 2007-12-06 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cyberlink
2007-12-06 15:42 . 2004-07-07 02:33 292,896 --a------ C:\WINDOWS\system32\drivers\USIUDF.sys
2007-12-06 15:42 . 2004-12-23 17:27 27,392 --a------ C:\WINDOWS\system32\drivers\ULCDRHlp.sys
2007-12-06 15:41 . 2002-08-29 18:41 401,462 --a------ C:\WINDOWS\msvcp60.dll
2007-12-06 15:41 . 2000-04-07 11:10 278,581 --a------ C:\WINDOWS\msvcrt.dll
2007-12-06 15:10 . 2007-12-08 22:42 2,712 --a------ C:\WINDOWS\u3dedit3.INI
2007-12-06 15:10 . 2007-12-08 22:42 549 --a------ C:\WINDOWS\ULead32.ini
2007-12-06 15:10 . 2007-12-06 15:10 24 --a------ C:\WINDOWS\system32\DKRNL.JAX
2007-12-06 15:09 . 2007-12-06 15:10 <DIR> d-------- C:\WINDOWS\Ulead.dat
2007-12-06 15:04 . 2004-05-04 11:53 1,645,320 --------- C:\WINDOWS\system32\gdiplus.dll
2007-12-06 15:03 . 2007-12-06 15:06 <DIR> d-------- C:\Program Files\QuickTime
2007-12-05 15:36 . 2007-12-07 13:47 1,244,962 --a------ C:\fth.bin
2007-12-05 12:28 . 2007-12-05 17:25 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-04 19:12 . 2007-12-08 14:15 5,700 --a------ C:\Documents and Settings\BRANKOV company\FMCodec.dat
2007-12-04 19:12 . 2007-12-08 14:15 4 --a------ C:\Documents and Settings\BRANKOV company\WFSCHDL.dat
2007-12-04 18:39 . 2007-12-08 20:48 2 --a------ C:\WINDOWS\system32\Dvbpws.dll
2007-12-04 18:36 . 2007-12-04 18:36 <DIR> d-------- C:\WFDB
2007-12-04 18:36 . 2007-12-04 18:36 <DIR> d-------- C:\Program Files\WinFast
2007-12-04 18:32 . 2006-10-18 11:37 162,944 --a------ C:\WINDOWS\system32\drivers\cx88vid.sys
2007-12-04 18:32 . 2006-10-18 11:37 50,816 --a------ C:\WINDOWS\system32\drivers\cx88tune.sys
2007-12-04 18:32 . 2006-10-18 11:38 9,728 --a------ C:\WINDOWS\system32\drivers\cxavxbar.sys
2007-12-04 18:28 . 2007-12-04 18:28 <DIR> d-------- C:\WINDOWS\system32\WinFox
2007-12-04 18:28 . 2007-12-04 18:32 <DIR> d-------- C:\WINDOWS\system32\WinFast
2007-12-04 18:28 . 2003-09-05 09:57 9,469 --a------ C:\WINDOWS\system32\drivers\WINFOXIO.sys
2007-12-02 14:36 . 2007-12-02 14:36 3,226 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-29 12:15 . 2007-12-08 14:41 <DIR> d-------- C:\Program Files\Sega
2007-11-28 18:55 . 2007-11-28 18:55 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2007-11-28 12:21 . 2007-12-04 21:56 <DIR> d-------- C:\Program Files\RACE 07 Offline
2007-11-28 09:43 . 2007-11-28 09:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-28 09:43 . 2007-11-28 09:43 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-11-27 22:44 . 2007-11-27 22:44 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-11-27 22:34 . 2007-11-27 22:34 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-11-27 21:50 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-27 21:50 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-27 21:50 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-27 21:50 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-27 21:50 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-27 19:05 . 2007-11-27 19:05 <DIR> d-------- C:\Documents and Settings\BRANKOV company\Application Data\InstallShield
2007-11-27 15:46 . 2007-11-27 15:46 <DIR> d-------- C:\Program Files\KONAMI
2007-11-27 13:22 . 2007-11-28 10:07 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-27 13:06 . 2007-11-27 13:06 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2007-11-27 12:40 . 2007-11-27 13:10 1,008 --a------ C:\WINDOWS\ATICIM.INI
2007-11-26 13:29 . 2007-11-28 10:06 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-25 21:37 . 2007-11-25 22:01 <DIR> d-------- C:\Program Files\DAP
2007-11-24 16:54 . 2007-11-24 16:54 <DIR> d-------- C:\Documents and Settings\BRANKOV company\Application Data\Gearbox Software
2007-11-24 15:06 . 2007-11-24 15:06 <DIR> d-------- C:\Program Files\OpenAL
2007-11-24 15:06 . 2007-11-24 15:06 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-11-24 15:06 . 2007-11-24 15:06 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-11-24 15:03 . 2007-11-24 15:03 <DIR> d-------- C:\WINDOWS\system32\xlive
2007-11-24 14:46 . 2007-11-24 14:46 <DIR> d-------- C:\Documents and Settings\BRANKOV company\Application Data\Eidos
2007-11-24 14:38 . 2007-12-06 15:56 <DIR> d-------- C:\Program Files\Eidos
2007-11-23 17:13 . 2007-11-23 17:13 <DIR> d-------- C:\Program Files\XviD
2007-11-23 17:13 . 2007-11-23 17:13 <DIR> d-------- C:\Program Files\DivX_311alpha
2007-11-23 17:13 . 2007-11-23 17:13 <DIR> d-------- C:\Program Files\AC3Filter
2007-11-23 17:13 . 2005-12-30 20:10 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-23 17:13 . 2004-05-25 16:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl
2007-11-23 17:13 . 2001-12-28 01:22 315,392 -ra------ C:\WINDOWS\system32\iviaudio.ax
2007-11-23 17:13 . 2005-12-30 20:18 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-23 17:13 . 2005-12-30 20:16 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2007-11-23 17:13 . 2001-04-05 06:57 56,832 -ra------ C:\WINDOWS\system32\mmswitch.ax
2007-11-23 17:13 . 2001-12-28 01:22 34,816 -ra------ C:\WINDOWS\system32\mpgaudio.ax
2007-11-22 18:17 . 2007-11-22 18:17 <DIR> d-------- C:\Program Files\Common Files\Xing Shared
2007-11-22 18:17 . 1998-12-16 12:08 317,952 --a------ C:\WINDOWS\system32\Roboex32.dll
2007-11-22 18:12 . 2007-11-23 15:51 <DIR> d-------- C:\Program Files\Total Video Converter
2007-11-22 18:11 . 2007-11-22 18:17 <DIR> d-------- C:\Program Files\Xing
2007-11-17 10:49 . 2004-03-10 16:36 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-11-17 10:49 . 2004-03-10 16:36 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2007-11-17 10:49 . 2004-03-10 16:36 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2007-11-17 10:49 . 2004-03-10 16:36 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2007-11-17 10:49 . 2004-03-10 16:36 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
2007-11-17 10:49 . 2004-03-10 16:36 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2007-11-17 10:49 . 2004-03-10 16:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-16 14:12 . 2007-11-24 17:57 <DIR> d-------- C:\Program Files\Ubisoft
2007-11-15 20:45 . 2007-12-08 09:39 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-11-13 21:53 . 2007-11-13 21:53 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-09 19:57 . 2007-12-08 22:30 <DIR> d-------- C:\Temp
 
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 14:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 14:08 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-06 15:07 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-06 14:57 --------- d-----w C:\Documents and Settings\BRANKOV company\Application Data\Ulead Systems
2007-12-06 14:52 --------- d-----w C:\Program Files\Ulead Systems
2007-12-06 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-06 14:51 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-27 15:58 --------- d-----w C:\Program Files\ATI Technologies
2007-11-26 12:13 --------- d-----w C:\Program Files\Winamp
2007-11-24 14:01 --------- d-----w C:\Program Files\EA SPORTS
2007-11-18 15:14 --------- d-----w C:\Documents and Settings\BRANKOV company\Application Data\temp
2007-11-06 10:30 --------- d-----w C:\Program Files\GigaByte
2007-11-05 15:34 --------- d-----w C:\Documents and Settings\BRANKOV company\Application Data\ATI
2007-11-02 14:16 --------- d--h--r C:\Documents and Settings\BRANKOV company\Application Data\SecuROM
2007-10-21 16:34 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-21 16:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"L07AXLRD_2162890"="C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 09:42]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 18:51]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 14:43]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 17:37]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 07:15]
"VGAUtil"="C:\WINDOWS\system32\G-VGA.exe" [2003-10-08 15:07]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:07 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 11:48 C:\WINDOWS\SOUNDMAN.EXE]
"SlipStream"="C:\Program Files\Neobee Speeedy Internet Accelerator\speeedycore.exe" [2005-12-15 10:10]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 18:16]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-02-12 16:22]
"Ulead Quick-Drop"="C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Neobee Speeedy Internet Accelerator.lnk - C:\Program Files\Neobee Speeedy Internet Accelerator\speeedygui.exe [2007-07-05 22:58:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoRecentDocsMenu"= 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BRANKOV company^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\BRANKOV company\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantTray]
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2003-11-10 15:06 406016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDrvCheck]
C:\Program Files\Pinnacle\Instant VideoAlbum\programs\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlz]
C:\WINDOWS\47681728.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ttool]
C:\WINDOWS\9129837.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebInstall2]
C:\DOCUME~1\BRANKO~1\LOCALS~1\Temp\WebInstall.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"Nla"=3 (0x3)
"RasAuto"=3 (0x3)
"WZCSVC"=2 (0x2)
"WebClient"=2 (0x2)
"hpdj"=2 (0x2)

R2 CX23880;WinFast CX2388x WDM Video Capture.;C:\WINDOWS\system32\drivers\cx88vid.sys
R2 CXAVXBAR;WinFast CX2388x WDM Crossbar.;C:\WINDOWS\system32\drivers\cxavxbar.sys
R2 CXTUNE;WinFast CX2388x WDM TVTuner.;C:\WINDOWS\system32\drivers\CX88TUNE.sys
R2 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
R3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS
S3 actvcomm;actvcomm;C:\WINDOWS\system32\drivers\actvcomm.sys
S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys

.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\DOCUME~1\BRANKO~1\LOCALS~1\Temp\qpspveek.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 23:51:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-09 23:52:47 - machine was rebooted
.
--- E O F ---
 
Potraži i ako postoje, obriši sledeće:

C:\WINDOWS\47681728.exe
C:\WINDOWS\9129837.exe
--------------------------------------------------------

Proveri da li postoji file:
C:\Documents and settings\BRANKOV company\Local Settings\Temp\qpspveek.dll

Ako postoji, zipuj ga i priloži uz poruku.

Kada odradiš sve ovo, restartuj PC a zatim ponovo pokreni ComboFix i postavi njegov novi log.
 
ComboFix 07-12-09.1 - BRANKOV company 2007-12-10 17:11:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.151 [GMT 1:00]
Running from: D:\DB co.Gagi\Programi\HT - SmitfraudFix\ComboFix\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.

2007-12-10 13:23 . 2007-12-10 13:23 <DIR> d-------- C:\Program Files\Ferrero
2007-12-08 16:23 . 2007-12-08 16:23 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2007-12-08 16:20 . 2007-12-08 16:22 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-08 16:19 . 2007-12-08 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-12-08 15:36 . 2007-12-08 16:06 <DIR> d-------- C:\Program Files\Electronic Arts
2007-12-08 14:41 . 2006-05-31 08:22 62,232 -r------- C:\WINDOWS\system32\GameuxInstallHelper.dll
2007-12-08 12:34 . 2007-12-10 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-08 00:04 . 2007-12-08 00:04 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Share-to-Web Upload Folder
2007-12-08 00:04 . 2007-12-08 00:04 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\ATI
2007-12-07 23:49 . 2007-12-07 23:50 <DIR> d-------- C:\Program Files\Womble MPEG Editor
2007-12-06 20:31 . 2007-12-06 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cyberlink
2007-12-06 15:42 . 2004-07-07 02:33 292,896 --a------ C:\WINDOWS\system32\drivers\USIUDF.sys
2007-12-06 15:42 . 2004-12-23 17:27 27,392 --a------ C:\WINDOWS\system32\drivers\ULCDRHlp.sys
2007-12-06 15:41 . 2002-08-29 18:41 401,462 --a------ C:\WINDOWS\msvcp60.dll
2007-12-06 15:41 . 2000-04-07 11:10 278,581 --a------ C:\WINDOWS\msvcrt.dll
2007-12-06 15:10 . 2007-12-10 00:07 2,712 --a------ C:\WINDOWS\u3dedit3.INI
2007-12-06 15:10 . 2007-12-10 00:07 549 --a------ C:\WINDOWS\ULead32.ini
2007-12-06 15:10 . 2007-12-06 15:10 24 --a------ C:\WINDOWS\system32\DKRNL.JAX
2007-12-06 15:09 . 2007-12-06 15:10 <DIR> d-------- C:\WINDOWS\Ulead.dat
2007-12-06 15:04 . 2004-05-04 11:53 1,645,320 --------- C:\WINDOWS\system32\gdiplus.dll
2007-12-06 15:03 . 2007-12-06 15:06 <DIR> d-------- C:\Program Files\QuickTime
2007-12-05 15:36 . 2007-12-07 13:47 1,244,962 --a------ C:\fth.bin
2007-12-05 12:28 . 2007-12-05 17:25 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-04 19:12 . 2007-12-08 14:15 5,700 --a------ C:\Documents and Settings\BRANKOV company\FMCodec.dat
2007-12-04 19:12 . 2007-12-08 14:15 4 --a------ C:\Documents and Settings\BRANKOV company\WFSCHDL.dat
2007-12-04 18:39 . 2007-12-10 11:52 2 --a------ C:\WINDOWS\system32\Dvbpws.dll
2007-12-04 18:36 . 2007-12-04 18:36 <DIR> d-------- C:\WFDB
2007-12-04 18:36 . 2007-12-04 18:36 <DIR> d-------- C:\Program Files\WinFast
2007-12-04 18:32 . 2006-10-18 11:37 162,944 --a------ C:\WINDOWS\system32\drivers\cx88vid.sys
2007-12-04 18:32 . 2006-10-18 11:37 50,816 --a------ C:\WINDOWS\system32\drivers\cx88tune.sys
2007-12-04 18:32 . 2006-10-18 11:38 9,728 --a------ C:\WINDOWS\system32\drivers\cxavxbar.sys
2007-12-04 18:28 . 2007-12-04 18:28 <DIR> d-------- C:\WINDOWS\system32\WinFox
2007-12-04 18:28 . 2007-12-04 18:32 <DIR> d-------- C:\WINDOWS\system32\WinFast
2007-12-04 18:28 . 2003-09-05 09:57 9,469 --a------ C:\WINDOWS\system32\drivers\WINFOXIO.sys
2007-12-02 14:36 . 2007-12-02 14:36 3,226 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-29 12:15 . 2007-12-08 14:41 <DIR> d-------- C:\Program Files\Sega
2007-11-28 18:55 . 2007-11-28 18:55 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2007-11-28 12:21 . 2007-12-04 21:56 <DIR> d-------- C:\Program Files\RACE 07 Offline
2007-11-28 09:43 . 2007-11-28 09:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-28 09:43 . 2007-11-28 09:43 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-11-27 22:44 . 2007-11-27 22:44 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-11-27 22:34 . 2007-11-27 22:34 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-11-27 21:50 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-27 21:50 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-27 21:50 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-27 21:50 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-27 21:50 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-27 19:05 . 2007-11-27 19:05 <DIR> d-------- C:\Documents and Settings\BRANKOV company\Application Data\InstallShield
2007-11-27 15:46 . 2007-11-27 15:46 <DIR> d-------- C:\Program Files\KONAMI
2007-11-27 13:22 . 2007-11-28 10:07 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-27 13:06 . 2007-11-27 13:06 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2007-11-27 12:40 . 2007-11-27 13:10 1,008 --a------ C:\WINDOWS\ATICIM.INI
2007-11-26 13:29 . 2007-11-28 10:06 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-25 21:37 . 2007-11-25 22:01 <DIR> d-------- C:\Program Files\DAP
2007-11-24 16:54 . 2007-11-24 16:54 <DIR> d-------- C:\Documents and Settings\BRANKOV company\Application Data\Gearbox Software
2007-11-24 15:06 . 2007-11-24 15:06 <DIR> d-------- C:\Program Files\OpenAL
2007-11-24 15:06 . 2007-11-24 15:06 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-11-24 15:06 . 2007-11-24 15:06 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-11-24 15:03 . 2007-11-24 15:03 <DIR> d-------- C:\WINDOWS\system32\xlive
2007-11-24 14:46 . 2007-11-24 14:46 <DIR> d-------- C:\Documents and Settings\BRANKOV company\Application Data\Eidos
2007-11-24 14:38 . 2007-12-06 15:56 <DIR> d-------- C:\Program Files\Eidos
2007-11-23 17:13 . 2007-11-23 17:13 <DIR> d-------- C:\Program Files\XviD
2007-11-23 17:13 . 2007-11-23 17:13 <DIR> d-------- C:\Program Files\DivX_311alpha
2007-11-23 17:13 . 2007-11-23 17:13 <DIR> d-------- C:\Program Files\AC3Filter
2007-11-23 17:13 . 2005-12-30 20:10 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-23 17:13 . 2004-05-25 16:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl
2007-11-23 17:13 . 2001-12-28 01:22 315,392 -ra------ C:\WINDOWS\system32\iviaudio.ax
2007-11-23 17:13 . 2005-12-30 20:18 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-23 17:13 . 2005-12-30 20:16 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2007-11-23 17:13 . 2001-04-05 06:57 56,832 -ra------ C:\WINDOWS\system32\mmswitch.ax
2007-11-23 17:13 . 2001-12-28 01:22 34,816 -ra------ C:\WINDOWS\system32\mpgaudio.ax
2007-11-22 18:17 . 2007-11-22 18:17 <DIR> d-------- C:\Program Files\Common Files\Xing Shared
2007-11-22 18:17 . 1998-12-16 12:08 317,952 --a------ C:\WINDOWS\system32\Roboex32.dll
2007-11-22 18:12 . 2007-11-23 15:51 <DIR> d-------- C:\Program Files\Total Video Converter
2007-11-22 18:11 . 2007-11-22 18:17 <DIR> d-------- C:\Program Files\Xing
2007-11-17 10:49 . 2004-03-10 16:36 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-11-17 10:49 . 2004-03-10 16:36 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2007-11-17 10:49 . 2004-03-10 16:36 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2007-11-17 10:49 . 2004-03-10 16:36 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2007-11-17 10:49 . 2004-03-10 16:36 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
2007-11-17 10:49 . 2004-03-10 16:36 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2007-11-17 10:49 . 2004-03-10 16:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-16 14:12 . 2007-11-24 17:57 <DIR> d-------- C:\Program Files\Ubisoft
2007-11-15 20:45 . 2007-12-08 09:39 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-11-13 21:53 . 2007-11-13 21:53 <DIR> d--hs---- C:\WINDOWS\ftpcache
 
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 15:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 14:08 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-06 15:07 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-06 14:59 11,690 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-06 14:57 --------- d-----w C:\Documents and Settings\BRANKOV company\Application Data\Ulead Systems
2007-12-06 14:52 --------- d-----w C:\Program Files\Ulead Systems
2007-12-06 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-06 14:51 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-27 15:58 --------- d-----w C:\Program Files\ATI Technologies
2007-11-26 12:13 --------- d-----w C:\Program Files\Winamp
2007-11-24 14:01 --------- d-----w C:\Program Files\EA SPORTS
2007-11-18 15:14 --------- d-----w C:\Documents and Settings\BRANKOV company\Application Data\temp
2007-11-06 10:30 --------- d-----w C:\Program Files\GigaByte
2007-11-05 15:34 --------- d-----w C:\Documents and Settings\BRANKOV company\Application Data\ATI
2007-11-02 14:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-02 14:16 --------- d--h--r C:\Documents and Settings\BRANKOV company\Application Data\SecuROM
2007-10-21 16:34 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-21 16:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-18 19:21 623,712 --sh--w C:\WINDOWS\system32\ffhkj.ini2
2007-10-17 19:57 308,302 --sha-w C:\WINDOWS\system32\ffhkj.bak2
2007-10-12 22:19 13,653,824 ----a-w C:\WINDOWS\system32\xlivefnt.dll
2007-10-12 22:19 10,155,840 ----a-w C:\WINDOWS\system32\xlive.dll
2007-09-15 20:27 6,385 --sha-w C:\WINDOWS\system32\ffhkj.bak1
.

((((((((((((((((((((((((((((( snapshot@2007-12-09_23.52.03.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-08 14:49:17 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2007-12-10 16:03:36 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2007-12-08 14:49:18 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2007-12-10 16:03:36 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2007-12-08 14:49:18 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2007-12-10 16:03:37 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2007-12-08 14:49:08 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 16:03:27 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-08 14:49:10 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 16:03:28 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-08 14:49:11 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 16:03:29 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-08 14:49:12 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 16:03:30 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-08 14:49:13 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 16:03:31 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-08 14:49:14 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 16:03:32 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-08 14:49:14 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 16:03:33 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-08 14:49:15 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 16:03:34 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-08 14:49:19 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-10 16:03:37 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-12-08 14:49:19 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2007-12-10 16:03:38 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2007-12-08 14:49:20 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2007-12-10 16:03:38 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2007-12-08 14:49:20 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2007-12-10 16:03:39 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2007-12-08 14:49:21 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2007-12-10 16:03:39 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2007-12-08 14:49:16 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2007-12-10 16:03:35 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2007-12-10 16:10:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_550.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"L07AXLRD_2162890"="C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 09:42]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 18:51]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 14:43]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 17:37]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 07:15]
"VGAUtil"="C:\WINDOWS\system32\G-VGA.exe" [2003-10-08 15:07]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:07 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 11:48 C:\WINDOWS\SOUNDMAN.EXE]
"SlipStream"="C:\Program Files\Neobee Speeedy Internet Accelerator\speeedycore.exe" [2005-12-15 10:10]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 18:16]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-02-12 16:22]
"Ulead Quick-Drop"="C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Neobee Speeedy Internet Accelerator.lnk - C:\Program Files\Neobee Speeedy Internet Accelerator\speeedygui.exe [2007-07-05 22:58:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoRecentDocsMenu"= 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BRANKOV company^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\BRANKOV company\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantTray]
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2003-11-10 15:06 406016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDrvCheck]
C:\Program Files\Pinnacle\Instant VideoAlbum\programs\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlz]
C:\WINDOWS\47681728.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ttool]
C:\WINDOWS\9129837.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebInstall2]
C:\DOCUME~1\BRANKO~1\LOCALS~1\Temp\WebInstall.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"Nla"=3 (0x3)
"RasAuto"=3 (0x3)
"WZCSVC"=2 (0x2)
"WebClient"=2 (0x2)
"hpdj"=2 (0x2)

R2 CX23880;WinFast CX2388x WDM Video Capture.;C:\WINDOWS\system32\drivers\cx88vid.sys
R2 CXAVXBAR;WinFast CX2388x WDM Crossbar.;C:\WINDOWS\system32\drivers\cxavxbar.sys
R2 CXTUNE;WinFast CX2388x WDM TVTuner.;C:\WINDOWS\system32\drivers\CX88TUNE.sys
R2 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
R3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS
S3 actvcomm;actvcomm;C:\WINDOWS\system32\drivers\actvcomm.sys
S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys

.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 17:14:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 17:14:59
C:\ComboFix2.txt ... 2007-12-09 23:52
.
--- E O F ---
 
Ovo sada izgleda ok.

Potrebno je aktivirati prikaz skrivenih file-ova/foldera:
  • Windows Explorer: Tools meni > Folder options: na View tabu:
    • obeleži Show hidden files and folders
    • dečekiraj Hide protected operating system files (Recommended)

Obriši:

C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\ffhkj.bak2
C:\WINDOWS\system32\ffhkj.bak1

-----------------------------------------------------------------------------------

Potrebno je resetovati System Restore:
  • Control Panel > System: na System Restore tabu: čekiraj Turn off System Restore on all drives
  • Restartuj kompjuter
  • Control Panel > System: na System Restore tabu: dečekiraj Turn off System Restore on all drives
Gornji postupak će obrisati sadržaj System Restore foldera a time i malware koji se nalazi u njemu i kreirati novu, "čistu" tačku za oporavak sistema.

-----------------------------------------------------------------------------------

To bi bilo sve.
 

Back
Top