Ti u sistemu odnosno na C nemas nista, logovi su cisti, to sto je nasao na D to su verovatno neki krekovi od igrica ili programa i to je avast ocistio.
Drugo, pod hitno da instaliras sp3 ili sp2 jer svaki tvoj izlazak na net je opasan sa sp1, to nema smisla da se cisti uopste., Znaci skini sp3 i instaliraj jer kazes da je sistem sveze instaliran, znaci instalacija ce da prodje bez greske.

Jos nesto, deinstaliraj Combofix
Start> run> combofix /u ok

pa avasta nista nije nasao na D particiji nego na C,kao sto sam rekao kad je presao da skenira D posle nekog vremena mi je izbacio ta dva prozora...
sto se tice service pack-a,kad sam instalirao now windows obicno mi je izbacivao poruku za automatic update ali se to ovaj put nije desilo pa sam otvorio ovu temu http://www.elitesecurity.org/t349975-xp-service-pack-update gde mi je calexx rekao da mozda imam nekog uljeza pa sam tek tad poceo da skeniram po kompu,posto na ovom racunaru imam problem da kad skinem negde ceo SP2 i instaliram ga obicno mi je racunar prijavljivao brdo nekakvih gresaka,a kad je sve to radio preko automatic update-a uvek je sve prolazilo kako treba,malo me buni to sto kad probam da odem na neki microsoft sajt obicno mi izbaci nesto tipa Address Not Found can't find the server ili nesto slicno

Ok nismo se razumeli, a ja nisam zagledao slike, u svakom slucaju logovi su cisti.

Edit:
cekaj samo malo, odakle ova IP na tvom kompu, da li ti je poznata

93.93.93.2
Address: P.O. Box 10096
address: OOO "CCT"
address: Svobody Ul., 91, korp. 2,
address: Moscow, Russia, 123481

hvala

Ova gore IP adresa nikako ne bi smela da se nalazi na tvom racunaru, posto vidim da ti je provajder Beotel.net
Trebali bi da je uklonimo posto je verovatno to problem sto ne mozes na MS sajt

Pokreni HJT oznaci ovu liniju i klikni na Fix

O17 - HKLM\System\CCS\Services\Tcpip\..\{F10FBAA7-E735-452E-BFC0-417D43276FEF}: NameServer = 93.93.93.2,194.106.162.3

meni je provajder optikom.
a te adrese su dns serveri od optikom-a.
da ih uklonim?

izbrisao sam i morao sad da vratim posto mi ne radi net kad to uklonim,izgleda da nesto drugo blokira microsoft sajt

ne kazem da su maliciozni..ali...sto nebi proverio

nadji ove fajlove

c:\windows\nsreg.dat
c:\windows\system32\hldbjxc.dll

uploaduj ih na Virustotal na skeniranje
http://www.virustotal.com/

pre toga prikazi skrivene fajlove

My Computer/ Tools /Folder Options / View tab.
stikliraj Display the contents of system folders.
klikni na Show hidden files and folders.
skini kvacicu sa Hide file extensions for known file types.
skini kvacicu sa Hide protected operating system files.
Apply / OK

194.106.162.3 je Beotelov DNS

pronasao sam te fajlove...





ali nema sanse da otvorim taj link sto si ostavio,uvek izbacuje poruku da nije pronasao adresu,isto kao za microsoft sajtove...
poceo je opet da mi izbacuje avast upozorenja,kao na prvoj slici sto sam postavio,samo sto ovaj put izbacuje dve slike sa istim virusom ali u jednom pise da je virus a na drugom pise da je malware,primer.



skenirao sam 5 puta od sinoc sa Malwarebytes' Anti-Malware-om i jedanput nadje 2 komada pa ih kao obrise,restartuje se komp ali posle nekog vremena avast opet izbaci prozor,ja opet skeniram ali Malwarebytes' ne pronadje nista,posle nekog vremana opet skeniram sa Malwarebytes pa onda nadje 2 komada i tako sve u krug....
primetio sam da na velikom broju sajtova imam restrikcije i ne mogu da im pristupim,kao sto je ovaj sto je magna postavio i na sve microsoft sajtove,verovatno zbog toga ja ne mogu da update windows...
nije mi jasno kako taj virus tako uspesno bezi svim programima,jel moguce da nekako pobegne na D pa da se vrati na? pitam ovo ako ne budem uspeo da ga obrisem da li ce biti problem podizati sistem(nadam se da do dizanja sistema nece doci)

Imas opciju u avasu kad kliknes desni klik na interfejs da mu zakazes skeniranje pre podizanja sistema. Probaj tako pa restaruj i vidi da li ce da ih obrise, posto ih on vec vidi na racunaru ali ne moze da ih obrise iz normal moda.

Uradi jos ovo
Klikni na start pa run i iskopiraj ovo pa lupi enter

C:\WINDOWS\NOTEPAD.EXE C:\WINDOWS\SYSTEM32\DRIVERS\etc\HOSTS

zakaci na forum komplet tekst iz hosts fajla.

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

posto nisam siguran jel ovo neki virus..ili sta vec
napravi kopije ovih fajlova (za svaki slucaj)

ovo su im lokacije

c:\windows\nsreg.dat
c:\windows\system32\hldbjxc.dll

spakuj te kopije u zip / rar pa sacuvaj negde na desktopu

a originale obrisi iz safe moda pa javi stanje
hosts je ok

c:\windows\system32\hldbjxc.dll ne mogu da prekopiram u .rar arhivu



sad mi je izbacio i ovo

A da možda promeniš Avast? Vidiš da on nije sposoban da ukloni te stvari koje ti nađe, neki drugi će sigurno moći.

Skini combofix i trebalo bi da ga sredi.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Probaj skinuti sa sysinternals-ove stranice (http://technet.microsoft.com/e...a3-4ed8-9dd6-40c84cb9e2f5.aspx)
Autoruns pa pogledaj da li ima sta sumnjivo prilikom startanja Windows-a.
Skini regmon i filemon pa pogledaj ima li sta sumnjivo.

Instaliraj firewall ako vec nisi.Kako vidim ova IP adresa je iz Rusije (Moskva) 93.95.160.87

nisam vise mogao da izdrzim i podigao sam sistem...
kad se podizanje zavrsilo i kad mi je izbacio ovaj prozor



znao sam da su gamad jos tu,skinem i instaliram Ad-Aware,odradim update,skeniram i bummm



normalo odem na remove i program mi kaze da moram da restartujem da bi mogao da izbrise neki od ova tri virusa...

kad sam restartovao komp ukljucio sam pa iskljucio system restore,ponovo skenirao,ovaj put je nasao samo treceg sa liste,izbrisao sam ga,restartovao,opet skenirao i ovaj put nije nasao nista...
imam neki utisak da ce da me iznenadi opet za nekih pola sata...posto vidim da je net usporen i da mi treba po nekoliko puta da osvezim stranicu da bi je otvorio

nov sistem kazes...hm
sta ti kazem..postavi svez HJT log
pre pokretanja HjT promeni mu naziv u ES2.exe
moramo da lociramo problem..tj. da se krene od nekle

bilo bi pozeljno da odradis i update




_{[Ovu poruku je menjao magna86 dana 07.01.2009. u 08:58 GMT+1]}

skinuo sam SP2 posto ni na novom sistemu nije hteo da odradi update...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:31 PM, on 1/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\security\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Girder\Girder.exe
C:\Program Files\FreePack\PSU\PSU.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - Startup: Girder3.lnk = C:\Program Files\Girder\Girder.exe
O4 - Startup: PowerInstall Softcam Updater.lnk = C:\Program Files\FreePack\PSU\PSU.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AACF6E13-2B55-499D-A999-253A0FB321E6}: NameServer = 93.93.93.2,194.106.162.3
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows Host32 Server Service (WinHost32Svr) - Unknown owner - C:\WINDOWS\security\svchost.exe

--
End of file - 2673 bytes

koliko vidim jos su tu



koliko sam ja provalio za sad ovi virusi mi delimicno blokiraju izlaz na net,ne mogu da odradim update sa AVG-om,nemam pristup microsoft sajtovima i ne mogu da koristim automatic update,jos jednom da ponovim da sam instalirao nov sistem i da je problem ostao...

@izida koliko vidim malwarebytes je otkrio malware y tvom sistemu, potrebno je samo da kliknes na Remove Selected i problem ce biti resen

obicno je tako ali to kod mene nije slucaj,ja ih izbrise,racunar se restartuje ali problem ostaje...

a da probas da uradis iz safe moda ;)

Privremeno iskljuci svoj AntiVirus program

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

note: Ako vec imas ComboFix u kompjuteru,obrisi tu i skini noviju verziju sa datih linkova radi update-a


Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu.
Nediraj Mis i nediraj tastaturu dok skripta radi!
Znaci ostavi je da odradi svoje
Kada zavrsi,pojavice se log (C:\ComboFix.txt)

*postavi ComboFix logfile

ComboFix 09-01-06.02 - Administrator 2009-01-07 18:05:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.667 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090106-1] *On-access scanning disabled* (Updated)
* Created a new restore point

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\sysdrv32.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32
-------\Legacy_WINHOST32SVR
-------\Service_sysdrv32
-------\Service_WinHost32Svr


((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-07 18:00 . 2009-01-07 18:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-07 17:31 . 2009-01-07 17:31 <DIR> d-------- c:\program files\Alwil Software
2009-01-07 16:56 . 2009-01-07 16:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-07 16:55 . 2009-01-07 16:55 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-07 16:55 . 2009-01-07 16:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-07 12:25 . 2009-01-07 12:25 <DIR> d-------- c:\program files\AVG
2009-01-07 12:19 . 2009-01-07 12:19 <DIR> d-------- c:\program files\Trend Micro
2009-01-07 12:08 . 2009-01-07 12:08 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-07 12:07 . 2004-08-04 00:56 2,897,920 --------- c:\windows\system32\xpsp2res.dll
2009-01-07 12:06 . 2004-07-17 11:40 19,528 --a------ c:\windows\002509_.tmp
2009-01-07 12:05 . 2009-01-07 12:05 <DIR> d-------- c:\windows\EHome
2009-01-07 00:51 . 2009-01-07 00:51 <DIR> d-------- c:\program files\FreePack
2009-01-07 00:51 . 2009-01-07 00:53 94 --a------ c:\windows\Folders.ini
2009-01-07 00:46 . 2009-01-07 00:48 <DIR> d-------- c:\program files\Girder
2009-01-07 00:45 . 2009-01-07 00:45 <DIR> d-------- c:\program files\Foxit Software
2009-01-07 00:45 . 2009-01-07 00:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Foxit
2009-01-07 00:42 . 2009-01-07 01:00 <DIR> d-------- C:\ProgDVB
2009-01-07 00:36 . 2009-01-07 00:36 <DIR> d-------- c:\program files\DVBViewerTE
2009-01-07 00:34 . 2009-01-07 00:34 <DIR> d-------- c:\program files\TechniSat DVB
2009-01-07 00:34 . 2004-03-10 23:37 1,045,776 --a------ c:\windows\system32\msjet35.dll
2009-01-07 00:34 . 2004-03-10 23:37 368,912 --a------ c:\windows\system32\vbar332.dll
2009-01-07 00:34 . 2004-03-10 23:37 252,176 --a------ c:\windows\system32\msrd2x35.dll
2009-01-07 00:34 . 2004-03-10 23:37 123,664 --a------ c:\windows\system32\Msjint35.dll
2009-01-07 00:34 . 2004-05-02 20:30 118,784 --a------ c:\windows\system32\SkyDll.dll
2009-01-07 00:34 . 2004-05-02 20:30 118,784 --a------ c:\windows\system32\Sky2PCUI.dll
2009-01-07 00:34 . 2004-04-13 13:15 102,400 --a------ c:\windows\system32\libbz2.dll
2009-01-07 00:34 . 2004-03-10 23:37 24,848 --a------ c:\windows\system32\msjter35.dll
2009-01-07 00:33 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-01-07 00:32 . 2004-05-02 20:30 451,816 -ra------ c:\windows\system32\drivers\SkyNET.sys
2009-01-07 00:04 . 2009-01-07 00:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 00:04 . 2009-01-07 00:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 00:04 . 2009-01-07 00:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-07 00:04 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 00:04 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-06 23:34 . 2009-01-06 23:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-01-06 23:33 . 2009-01-06 23:33 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-01-06 23:33 . 2009-01-06 23:33 <DIR> d-------- c:\program files\ACD Systems
2009-01-06 23:33 . 2009-01-06 23:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-06 22:31 . 2009-01-06 22:31 <DIR> d-------- c:\program files\Lavasoft
2009-01-06 22:31 . 2009-01-06 22:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-06 22:30 . 2009-01-07 16:55 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-06 22:21 . 2009-01-06 22:21 <DIR> d-------- c:\program files\Valve
2009-01-06 22:10 . 2009-01-06 22:10 <DIR> d-------- c:\windows\system32\bits
2009-01-06 22:10 . 2009-01-06 23:34 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-06 21:43 . 2004-08-04 00:56 438,784 --------- c:\windows\system32\xpob2res.dll
2009-01-06 21:43 . 2004-08-04 00:56 351,232 --a------ c:\windows\system32\winhttp.dll
2009-01-06 21:43 . 2004-08-04 00:56 18,944 --a------ c:\windows\system32\qmgrprxy.dll
2009-01-06 21:43 . 2004-08-04 00:56 8,192 --------- c:\windows\system32\bitsprx2.dll
2009-01-06 21:43 . 2004-08-04 00:56 7,168 --------- c:\windows\system32\bitsprx3.dll
2009-01-06 21:37 . 2009-01-06 21:37 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2009-01-06 21:34 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll
2009-01-06 21:34 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll
2009-01-06 21:34 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl
2009-01-06 21:34 . 2008-10-16 14:13 202,776 --a------ c:\windows\system32\wuweb.dll
2009-01-06 21:34 . 2004-08-03 14:03 186,136 --a------ c:\windows\system32\wuaueng1.dll
2009-01-06 21:34 . 2004-08-03 14:01 167,704 --a------ c:\windows\system32\wuauclt1.exe
2009-01-06 21:34 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll
2009-01-06 21:31 . 2009-01-06 21:31 0 --a------ c:\windows\nsreg.dat
2009-01-06 21:28 . 2009-01-06 21:28 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-06 21:28 . 2009-01-06 21:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 21:18 . 2009-01-06 21:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Logitech
2009-01-06 21:15 . 2009-01-06 21:15 <DIR> d-------- c:\program files\Logitech
2009-01-06 21:15 . 2009-01-06 21:15 <DIR> d-------- c:\program files\Common Files\Logitech
2009-01-06 21:15 . 2004-08-04 00:56 1,119,744 --a------ c:\windows\system32\wmsdmoe2.dll
2009-01-06 21:07 . 2009-01-06 21:07 0 --a------ c:\windows\ativpsrm.bin
2009-01-06 21:06 . 2007-12-20 21:05 593,920 --------- c:\windows\system32\ati2sgag.exe
2009-01-06 21:06 . 2004-08-03 22:59 57,472 --a------ c:\windows\system32\drivers\redbook.sys
2009-01-06 21:06 . 2001-08-17 14:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2009-01-06 21:06 . 2001-08-17 14:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-01-06 21:05 . 2009-01-06 20:13 <DIR> dr------- c:\documents and settings\All Users\Documents
2009-01-06 21:04 . 2009-01-07 18:05 <DIR> d-------- c:\windows\system32\CatRoot2
2009-01-06 21:04 . 2009-01-06 21:04 <DIR> d-------- c:\program files\VID_0E8F&PID_0003
2009-01-06 21:02 . 2009-01-06 20:17 261 --a------ c:\windows\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 21:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-06 20:10 --------- d-----w c:\documents and settings\Administrator\Application Data\ATI
2009-01-06 19:54 --------- d-----w c:\program files\My Company Name
2009-01-06 19:52 --------- d-----w c:\program files\ATI Technologies
2009-01-06 19:51 --------- d-----w c:\program files\Common Files\ATI Technologies
2009-01-06 19:44 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-06 19:34 --------- d-----w c:\program files\Realtek
2009-01-06 19:20 --------- d-----w c:\program files\Intel
2009-01-06 19:15 558,142 ----a-w c:\windows\java\Packages\0FJNJ9FL.ZIP
2009-01-06 19:15 155,995 ----a-w c:\windows\java\Packages\OVRHZTND.ZIP
2009-01-06 19:15 --------- d-----w c:\program files\microsoft frontpage
2004-08-03 23:56 167,833 --sha-r c:\windows\system32\frsvyou.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Girder3.lnk - c:\program files\Girder\Girder.exe [2009-01-07 1830912]
PowerInstall Softcam Updater.lnk - c:\program files\FreePack\PSU\PSU.EXE [2008-10-07 57003]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-06 450560]
Server4PC.lnk - c:\program files\TechniSat DVB\bin\Server4PC.exe [2009-01-07 430080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\TechniSat DVB\\bin\\Server4PC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7253:TCP"= 7253:TCP:xkwwjmol

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-07 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R3 SKYNET;B2C2 Broadband Receiver PCI Adapter;c:\windows\system32\drivers\SkyNET.sys [2009-01-07 451816]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D32.sys [2009-01-06 10752]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-07 20560]
R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [2009-01-06 5376]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 xzyhysqm;xzyhysqm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S4 dztwbejgo;Microsoft Security;c:\windows\system32\svchost.exe -k netsvcs [2001-08-23 14336]
S4 hkxbzg;hkxbzg;c:\windows\system32\svchost.exe -k netsvcs [2001-08-23 14336]
S4 wqenk;Task Windows;c:\windows\system32\svchost.exe -k netsvcs [2001-08-23 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hkxbzg
dztwbejgo
wqenk
.
.
------- Supplementary Scan -------
.
TCP: {AACF6E13-2B55-499D-A999-253A0FB321E6} = 93.93.93.2,194.106.162.3

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0u3h6l59.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.elitesecurity.org/f101-PC-DVB-kartice
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 18:07:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xzyhysqm]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dztwbejgo]
"ServiceDll"="c:\windows\System32\frsvyou.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wqenk]
"ServiceDll"="c:\windows\system32\frsvyou.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\windows\ATKKBService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-01-07 18:08:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-07 17:08:53

Pre-Run: 46,348,374,016 bytes free
Post-Run: 46,285,733,888 bytes free

214 --- E O F --- 2009-01-06 21:10:44

Kazi mi da li si imao AVG8 pre avasta i da li si ga deinstalirao, posto vidim ovde ostatke istog i postavi mi novi HJT log, svezi.

imao sam ga pre avast-a ali sa da deinstalirao posto nije hteo da radi update a taj ostatak je bio prazan folder(izbrisan)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:37 PM, on 1/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Girder\Girder.exe
C:\Program Files\FreePack\PSU\PSU.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Girder3.lnk = C:\Program Files\Girder\Girder.exe
O4 - Startup: PowerInstall Softcam Updater.lnk = C:\Program Files\FreePack\PSU\PSU.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AACF6E13-2B55-499D-A999-253A0FB321E6}: NameServer = 93.93.93.2,194.106.162.3
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 3832 bytes

Otvori Notepad i kopiraj tekst koji se nalazi ispod:
Klikni na File\Save as i sacuvaj tekst kao CFScript na desktop





Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe
To ce startovati ComboFix automatski ,mozda ce doci do restarta sistema (to je normalno)
Kada zavrsi,pojavice se log (C:\ComboFix.txt)
Posalji ComboFix log kao i svez HijackThis log



_{[Ovu poruku je menjao Goran Mijailovic dana 07.01.2009. u 20:33 GMT+1]}

nadam se da sam dobro odradio,ovo sto sam trebao da prekopiram nadam se da je trebalo samo ovo
bez ovog

ComboFix 09-01-07.01 - Administrator 2009-01-07 20:10:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.568 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090107-0] *On-access scanning disabled* (Updated)
* Created a new restore point

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]

FILE ::
c:\documents and settings\All Users\Application Data\Avg8
.

((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-07 19:41 . 2009-01-07 19:46 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~0
2009-01-07 19:41 . 2009-01-07 19:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Uniblue
2009-01-07 18:00 . 2009-01-07 18:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-07 17:31 . 2009-01-07 17:31 <DIR> d-------- c:\program files\Alwil Software
2009-01-07 16:56 . 2009-01-07 16:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-07 16:55 . 2009-01-07 16:55 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-07 16:55 . 2009-01-07 16:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-07 12:19 . 2009-01-07 12:19 <DIR> d-------- c:\program files\Trend Micro
2009-01-07 12:08 . 2009-01-07 12:08 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-07 12:07 . 2004-08-04 00:56 2,897,920 --------- c:\windows\system32\xpsp2res.dll
2009-01-07 12:06 . 2004-07-17 11:40 19,528 --a------ c:\windows\002509_.tmp
2009-01-07 12:05 . 2009-01-07 12:05 <DIR> d-------- c:\windows\EHome
2009-01-07 00:51 . 2009-01-07 00:51 <DIR> d-------- c:\program files\FreePack
2009-01-07 00:51 . 2009-01-07 00:53 94 --a------ c:\windows\Folders.ini
2009-01-07 00:46 . 2009-01-07 00:48 <DIR> d-------- c:\program files\Girder
2009-01-07 00:45 . 2009-01-07 00:45 <DIR> d-------- c:\program files\Foxit Software
2009-01-07 00:45 . 2009-01-07 00:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Foxit
2009-01-07 00:42 . 2009-01-07 01:00 <DIR> d-------- C:\ProgDVB
2009-01-07 00:36 . 2009-01-07 00:36 <DIR> d-------- c:\program files\DVBViewerTE
2009-01-07 00:34 . 2009-01-07 00:34 <DIR> d-------- c:\program files\TechniSat DVB
2009-01-07 00:34 . 2004-03-10 23:37 1,045,776 --a------ c:\windows\system32\msjet35.dll
2009-01-07 00:34 . 2004-03-10 23:37 368,912 --a------ c:\windows\system32\vbar332.dll
2009-01-07 00:34 . 2004-03-10 23:37 252,176 --a------ c:\windows\system32\msrd2x35.dll
2009-01-07 00:34 . 2004-03-10 23:37 123,664 --a------ c:\windows\system32\Msjint35.dll
2009-01-07 00:34 . 2004-05-02 20:30 118,784 --a------ c:\windows\system32\SkyDll.dll
2009-01-07 00:34 . 2004-05-02 20:30 118,784 --a------ c:\windows\system32\Sky2PCUI.dll
2009-01-07 00:34 . 2004-04-13 13:15 102,400 --a------ c:\windows\system32\libbz2.dll
2009-01-07 00:34 . 2004-03-10 23:37 24,848 --a------ c:\windows\system32\msjter35.dll
2009-01-07 00:33 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-01-07 00:32 . 2004-05-02 20:30 451,816 -ra------ c:\windows\system32\drivers\SkyNET.sys
2009-01-07 00:04 . 2009-01-07 00:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 00:04 . 2009-01-07 00:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 00:04 . 2009-01-07 00:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-07 00:04 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 00:04 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-06 23:34 . 2009-01-06 23:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-01-06 23:33 . 2009-01-06 23:33 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-01-06 23:33 . 2009-01-06 23:33 <DIR> d-------- c:\program files\ACD Systems
2009-01-06 23:33 . 2009-01-06 23:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-06 22:31 . 2009-01-06 22:31 <DIR> d-------- c:\program files\Lavasoft
2009-01-06 22:31 . 2009-01-06 22:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-06 22:30 . 2009-01-07 16:55 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-06 22:21 . 2009-01-06 22:21 <DIR> d-------- c:\program files\Valve
2009-01-06 22:10 . 2009-01-06 22:10 <DIR> d-------- c:\windows\system32\bits
2009-01-06 22:10 . 2009-01-06 23:34 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-06 21:43 . 2004-08-04 00:56 438,784 --------- c:\windows\system32\xpob2res.dll
2009-01-06 21:43 . 2004-08-04 00:56 351,232 --a------ c:\windows\system32\winhttp.dll
2009-01-06 21:43 . 2004-08-04 00:56 18,944 --a------ c:\windows\system32\qmgrprxy.dll
2009-01-06 21:43 . 2004-08-04 00:56 8,192 --------- c:\windows\system32\bitsprx2.dll
2009-01-06 21:43 . 2004-08-04 00:56 7,168 --------- c:\windows\system32\bitsprx3.dll
2009-01-06 21:37 . 2009-01-06 21:37 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2009-01-06 21:34 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll
2009-01-06 21:34 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll
2009-01-06 21:34 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl
2009-01-06 21:34 . 2008-10-16 14:13 202,776 --a------ c:\windows\system32\wuweb.dll
2009-01-06 21:34 . 2004-08-03 14:03 186,136 --a------ c:\windows\system32\wuaueng1.dll
2009-01-06 21:34 . 2004-08-03 14:01 167,704 --a------ c:\windows\system32\wuauclt1.exe
2009-01-06 21:34 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll
2009-01-06 21:31 . 2009-01-06 21:31 0 --a------ c:\windows\nsreg.dat
2009-01-06 21:28 . 2009-01-06 21:28 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-06 21:28 . 2009-01-06 21:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 21:18 . 2009-01-06 21:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Logitech
2009-01-06 21:15 . 2009-01-06 21:15 <DIR> d-------- c:\program files\Logitech
2009-01-06 21:15 . 2009-01-06 21:15 <DIR> d-------- c:\program files\Common Files\Logitech
2009-01-06 21:15 . 2005-01-28 13:44 1,119,744 --a------ c:\windows\system32\wmsdmoe2.dll
2009-01-06 21:07 . 2009-01-06 21:07 0 --a------ c:\windows\ativpsrm.bin
2009-01-06 21:06 . 2007-12-20 21:05 593,920 --------- c:\windows\system32\ati2sgag.exe
2009-01-06 21:06 . 2004-08-03 22:59 57,472 --a------ c:\windows\system32\drivers\redbook.sys
2009-01-06 21:06 . 2001-08-17 14:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2009-01-06 21:06 . 2001-08-17 14:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-01-06 21:05 . 2009-01-06 20:13 <DIR> dr------- c:\documents and settings\All Users\Documents
2009-01-06 21:04 . 2009-01-07 20:10 <DIR> d-------- c:\windows\system32\CatRoot2
2009-01-06 21:04 . 2009-01-06 21:04 <DIR> d-------- c:\program files\VID_0E8F&PID_0003
2009-01-06 21:02 . 2009-01-06 20:17 261 --a------ c:\windows\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 21:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-06 20:10 --------- d-----w c:\documents and settings\Administrator\Application Data\ATI
2009-01-06 19:54 --------- d-----w c:\program files\My Company Name
2009-01-06 19:52 --------- d-----w c:\program files\ATI Technologies
2009-01-06 19:51 --------- d-----w c:\program files\Common Files\ATI Technologies
2009-01-06 19:44 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-06 19:34 --------- d-----w c:\program files\Realtek
2009-01-06 19:20 --------- d-----w c:\program files\Intel
2009-01-06 19:15 558,142 ----a-w c:\windows\java\Packages\0FJNJ9FL.ZIP
2009-01-06 19:15 155,995 ----a-w c:\windows\java\Packages\OVRHZTND.ZIP
2009-01-06 19:15 --------- d-----w c:\program files\microsoft frontpage
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2004-08-03 23:56 167,833 --sha-r c:\windows\system32\frsvyou.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-07_18.08.21.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-03 23:56:58 208,896 ----a-w c:\windows\inf\unregmp2.exe
+ 2005-01-28 12:44:28 192,512 ----a-w c:\windows\inf\unregmp2.exe
+ 2004-08-03 23:56:42 159,232 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\cewmdm.dll
+ 2004-08-03 23:56:44 52,224 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
+ 2004-08-03 23:56:44 201,728 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSP.dll
+ 2004-08-03 23:57:02 356,352 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSSCP.dll
+ 2004-08-03 23:56:46 245,760 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSWMDM.dll
+ 2004-08-03 23:56:48 27,136 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMLOG.dll
+ 2004-08-03 23:56:48 23,552 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMPS.dll
+ 2005-01-28 12:44:28 164,864 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
+ 2005-01-28 12:44:28 25,088 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2005-01-28 12:44:28 173,568 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
+ 2005-01-28 12:44:28 364,784 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
+ 2005-01-28 12:44:28 315,904 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
+ 2005-01-28 12:44:28 28,160 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
+ 2005-01-28 12:44:28 33,792 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2004-08-03 23:56:58 774,144 ----a-w c:\windows\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
+ 2005-01-28 12:44:28 819,200 ----a-w c:\windows\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\setup_wm.exe
+ 2004-08-03 23:56:48 20,480 ----a-w c:\windows\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\wmpcore.dll
+ 2004-08-03 23:56:48 20,480 ----a-w c:\windows\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\wmpui.dll
+ 2005-01-28 12:44:28 20,480 ----a-w c:\windows\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\wmpcore.dll
+ 2005-01-28 12:44:28 20,480 ----a-w c:\windows\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\wmpui.dll
+ 2005-01-28 12:44:28 47,104 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
+ 2005-01-28 12:44:28 15,872 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
+ 2005-01-28 12:44:28 38,912 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
+ 2005-01-28 12:44:28 38,912 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
+ 2005-01-28 12:44:28 61,952 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
+ 2005-01-28 12:44:28 114,176 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
+ 2005-01-28 12:44:28 331,776 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
+ 2005-01-28 12:44:28 66,560 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
+ 2005-01-28 12:44:28 331,264 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
+ 2005-01-28 12:44:28 10,752 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
+ 2005-01-28 12:44:28 18,944 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2004-08-03 23:56:48 408,064 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmod.dll
+ 2004-08-03 23:56:48 759,296 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmsdmod.dll
+ 2004-08-03 23:56:48 484,864 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmspdmod.dll
+ 2004-08-03 23:56:48 809,984 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvdmod.dll
+ 2005-01-28 12:44:28 396,528 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2005-01-28 12:44:28 774,904 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2005-01-28 12:44:28 413,944 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2005-01-28 12:44:28 1,218,808 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2005-01-28 12:44:28 895,736 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2004-08-03 23:56:44 6,656 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\laprxy.dll
+ 2004-08-03 23:56:52 103,936 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
+ 2004-08-03 23:56:46 237,568 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\qasf.dll
+ 2004-08-03 23:56:48 670,720 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmadmoe.dll
+ 2004-08-03 23:56:48 230,400 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmasf.dll
+ 2004-08-03 23:56:48 151,552 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmidx.dll
+ 2004-08-03 23:56:48 1,050,624 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmnetmgr.dll
+ 2004-08-03 23:56:48 1,119,744 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmsdmoe2.dll
+ 2004-08-03 23:56:48 896,512 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmspdmoe.dll
+ 2004-08-03 23:57:04 2,105,344 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvcore.dll
+ 2004-08-03 23:56:48 1,001,472 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvdmoe2.dll
+ 2005-01-28 12:44:28 6,656 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
+ 2005-01-28 12:44:28 96,768 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2005-01-28 12:44:28 221,184 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
+ 2005-01-28 12:44:28 716,288 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
+ 2005-01-28 12:44:28 224,768 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
+ 2005-01-28 12:44:28 335,872 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
+ 2005-01-28 12:44:28 290,816 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
+ 2005-01-28 12:44:28 150,016 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
+ 2005-01-28 12:44:28 1,027,072 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
+ 2005-01-28 12:44:28 1,119,744 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
+ 2005-01-28 12:44:28 940,544 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
+ 2005-01-28 12:44:28 1,512,448 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
+ 2005-01-28 12:44:28 2,370,296 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
+ 2005-01-28 12:44:28 1,003,008 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
+ 2004-08-03 23:56:42 286,208 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\blackbox.dll
+ 2004-08-03 23:57:06 299,520 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmclien.dll
+ 2004-08-03 23:56:44 87,040 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmstor.dll
+ 2004-08-03 23:57:04 695,296 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmv2clt.dll
+ 2004-08-03 23:57:02 259,072 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\msnetobj.dll
+ 2005-01-28 12:44:28 294,912 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
+ 2005-01-28 12:44:28 258,296 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
+ 2005-01-28 12:44:28 96,768 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
+ 2005-01-28 12:44:28 502,272 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
+ 2005-01-28 12:44:28 142,336 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2004-08-03 23:56:48 20,480 ----a-w c:\windows\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$\System\wmpcd.dll
+ 2005-01-28 12:44:28 20,480 ----a-w c:\windows\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\wmpcd.dll
+ 2004-08-03 23:56:00 8,192 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\asferror.dll
+ 2004-08-03 23:56:42 28,672 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\custsat.dll
+ 2004-08-03 23:56:52 786,432 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\migrate.exe
+ 2004-08-03 23:56:44 368,640 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\mpvis.dll
+ 2004-08-03 23:56:58 208,896 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe
+ 2004-08-03 23:56:36 168,448 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmerror.dll
+ 2004-08-03 23:56:48 4,874,240 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmp.dll
+ 2004-08-03 23:56:48 114,688 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpasf.dll
+ 2004-08-03 23:56:48 98,304 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpband.dll
+ 2004-08-03 23:56:48 233,472 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpdxm.dll
+ 2004-08-03 23:56:58 73,728 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
+ 2004-08-03 23:56:38 2,940,928 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmploc.dll
+ 2004-08-03 23:56:48 102,400 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpshell.dll
+ 2005-01-28 12:44:28 8,192 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\asferror.dll
+ 2005-01-28 12:44:28 484,352 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\Audiodev.dll
+ 2005-01-28 12:44:28 28,672 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\custsat.dll
+ 2005-01-28 12:44:28 991,232 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe
+ 2005-01-28 12:44:28 352,256 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\mpvis.dll
+ 2005-01-28 12:44:28 192,512 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe
+ 2005-01-28 12:44:28 189,440 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmerror.dll
+ 2005-01-28 12:44:28 122,880 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmlaunch.exe
+ 2005-01-28 12:44:28 5,525,504 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmp.dll
+ 2005-01-28 12:44:28 135,168 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpasf.dll
+ 2005-01-28 12:44:28 77,824 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpband.dll
+ 2005-01-28 12:44:28 282,624 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpdxm.dll
+ 2005-01-28 12:44:28 28,672 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpenc.exe
+ 2005-01-28 12:44:28 1,594,880 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpencen.dll
+ 2005-01-28 12:44:28 73,728 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmplayer.exe
+ 2005-01-28 12:44:28 3,371,008 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmploc.dll
+ 2005-01-28 12:44:28 86,016 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpshell.dll
+ 2005-01-28 12:44:28 175,104 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpsrcwp.dll
- 2004-08-03 23:56:00 8,192 ----a-w c:\windows\system32\asferror.dll
+ 2005-01-28 12:44:28 8,192 ----a-w c:\windows\system32\asferror.dll
+ 2005-01-28 12:44:28 484,352 ----a-w c:\windows\system32\Audiodev.dll
- 2004-08-03 23:56:42 286,208 ----a-w c:\windows\system32\blackbox.dll
+ 2005-01-28 12:44:28 294,912 ----a-w c:\windows\system32\blackbox.dll
- 2004-08-03 23:56:42 159,232 ----a-w c:\windows\system32\cewmdm.dll
+ 2005-01-28 12:44:28 164,864 ----a-w c:\windows\system32\cewmdm.dll
+ 2005-01-28 12:44:28 8,192 -c--a-w c:\windows\system32\dllcache\asferror.dll
+ 2005-01-28 12:44:28 294,912 -c--a-w c:\windows\system32\dllcache\blackbox.dll
+ 2005-01-28 12:44:28 164,864 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
+ 2005-01-28 12:44:28 28,672 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2005-01-28 12:44:28 258,296 -c--a-w c:\windows\system32\dllcache\drmclien.dll
+ 2005-01-28 12:44:28 96,768 -c--a-w c:\windows\system32\dllcache\drmstor.dll
+ 2005-01-28 12:44:28 502,272 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
+ 2005-01-28 12:44:28 6,656 -c--a-w c:\windows\system32\dllcache\laprxy.dll
+ 2005-01-28 12:44:28 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2005-01-28 12:44:28 991,232 -c--a-w c:\windows\system32\dllcache\migrate.exe
+ 2005-01-28 12:44:28 352,256 -c--a-w c:\windows\system32\dllcache\mpvis.dll
+ 2005-01-28 12:44:28 142,336 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
+ 2005-01-28 12:44:28 25,088 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
+ 2005-01-28 12:44:28 173,568 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
+ 2005-01-28 12:44:28 364,784 -c--a-w c:\windows\system32\dllcache\msscp.dll
+ 2005-01-28 12:44:28 315,904 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
+ 2005-01-28 12:44:28 221,184 -c--a-w c:\windows\system32\dllcache\qasf.dll
+ 2005-01-28 12:44:28 819,200 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
+ 2005-01-28 12:44:28 192,512 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
+ 2005-01-28 12:44:28 396,528 -c--a-w c:\windows\system32\dllcache\wmadmod.dll
+ 2005-01-28 12:44:28 716,288 -c--a-w c:\windows\system32\dllcache\wmadmoe.dll
+ 2005-01-28 12:44:28 224,768 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2005-01-28 12:44:28 28,160 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
+ 2005-01-28 12:44:28 33,792 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
+ 2005-01-28 12:44:28 189,440 -c--a-w c:\windows\system32\dllcache\wmerror.dll
+ 2005-01-28 12:44:28 150,016 -c--a-w c:\windows\system32\dllcache\wmidx.dll
+ 2005-01-28 12:44:28 1,027,072 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2005-01-28 12:44:28 5,525,504 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2005-01-28 12:44:28 135,168 -c--a-w c:\windows\system32\dllcache\wmpasf.dll
+ 2005-01-28 12:44:28 77,824 -c--a-w c:\windows\system32\dllcache\wmpband.dll
+ 2005-01-28 12:44:28 20,480 -c--a-w c:\windows\system32\dllcache\wmpcd.dll
+ 2005-01-28 12:44:28 20,480 -c--a-w c:\windows\system32\dllcache\wmpcore.dll
+ 2005-01-28 12:44:28 282,624 -c--a-w c:\windows\system32\dllcache\wmpdxm.dll
+ 2005-01-28 12:44:28 73,728 -c--a-w c:\windows\system32\dllcache\wmplayer.exe
+ 2005-01-28 12:44:28 3,371,008 -c--a-w c:\windows\system32\dllcache\wmploc.dll
+ 2005-01-28 12:44:28 86,016 -c--a-w c:\windows\system32\dllcache\wmpshell.dll
+ 2005-01-28 12:44:28 20,480 -c--a-w c:\windows\system32\dllcache\wmpui.dll
+ 2005-01-28 12:44:28 774,904 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
+ 2005-01-28 12:44:28 1,119,744 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2005-01-28 12:44:28 413,944 -c--a-w c:\windows\system32\dllcache\wmspdmod.dll
+ 2005-01-28 12:44:28 940,544 -c--a-w c:\windows\system32\dllcache\wmspdmoe.dll
+ 2005-01-28 12:44:28 2,370,296 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2005-01-28 12:44:28 895,736 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
+ 2005-01-28 12:44:28 1,003,008 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2005-01-28 12:44:28 18,944 ----a-w c:\windows\system32\drivers\wpdusb.sys
- 2004-08-03 23:57:06 299,520 ----a-w c:\windows\system32\drmclien.dll
+ 2005-01-28 12:44:28 258,296 ----a-w c:\windows\system32\drmclien.dll
- 2004-08-03 23:56:44 87,040 ----a-w c:\windows\system32\drmstor.dll
+ 2005-01-28 12:44:28 96,768 ----a-w c:\windows\system32\drmstor.dll
- 2004-08-03 23:57:04 695,296 ----a-w c:\windows\system32\drmv2clt.dll
+ 2005-01-28 12:44:28 502,272 ----a-w c:\windows\system32\drmv2clt.dll
- 2004-08-03 23:56:44 6,656 ----a-w c:\windows\system32\laprxy.dll
+ 2005-01-28 12:44:28 6,656 ----a-w c:\windows\system32\laprxy.dll
- 2004-08-03 23:56:52 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2005-01-28 12:44:28 96,768 ----a-w c:\windows\system32\logagent.exe
- 2004-08-03 23:57:02 259,072 ----a-w c:\windows\system32\msnetobj.dll
+ 2005-01-28 12:44:28 142,336 ----a-w c:\windows\system32\msnetobj.dll
- 2004-08-03 23:56:44 52,224 ----a-w c:\windows\system32\mspmsnsv.dll
+ 2005-01-28 12:44:28 25,088 ----a-w c:\windows\system32\MsPMSNSv.dll
- 2004-08-03 23:56:44 201,728 ----a-w c:\windows\system32\mspmsp.dll
+ 2005-01-28 12:44:28 173,568 ----a-w c:\windows\system32\MsPMSP.dll
- 2004-08-03 23:57:02 356,352 ----a-w c:\windows\system32\msscp.dll
+ 2005-01-28 12:44:28 364,784 ----a-w c:\windows\system32\MSSCP.dll
- 2004-08-03 23:56:46 245,760 ----a-w c:\windows\system32\mswmdm.dll
+ 2005-01-28 12:44:28 315,904 ----a-w c:\windows\system32\MSWMDM.dll
- 2004-08-03 23:56:46 237,568 ----a-w c:\windows\system32\qasf.dll
+ 2005-01-28 12:44:28 221,184 ----a-w c:\windows\system32\qasf.dll
+ 2005-01-28 12:44:28 47,104 ----a-w c:\windows\system32\uwdf.exe
+ 2005-01-28 12:44:28 15,872 ----a-w c:\windows\system32\wdfapi.dll
+ 2005-01-28 12:44:28 38,912 ----a-w c:\windows\system32\wdfmgr.exe
- 2004-08-03 23:56:48 408,064 ----a-w c:\windows\system32\wmadmod.dll
+ 2005-01-28 12:44:28 396,528 ----a-w c:\windows\system32\wmadmod.dll
- 2004-08-03 23:56:48 670,720 ----a-w c:\windows\system32\wmadmoe.dll
+ 2005-01-28 12:44:28 716,288 ----a-w c:\windows\system32\wmadmoe.dll
- 2004-08-03 23:56:48 230,400 ----a-w c:\windows\system32\wmasf.dll
+ 2005-01-28 12:44:28 224,768 ----a-w c:\windows\system32\wmasf.dll
- 2004-08-03 23:56:48 27,136 ----a-w c:\windows\system32\wmdmlog.dll
+ 2005-01-28 12:44:28 28,160 ----a-w c:\windows\system32\WMDMLOG.dll
- 2004-08-03 23:56:48 23,552 ----a-w c:\windows\system32\wmdmps.dll
+ 2005-01-28 12:44:28 33,792 ----a-w c:\windows\system32\WMDMPS.dll
+ 2005-01-28 12:44:28 335,872 ----a-w c:\windows\system32\WMDRMdev.dll
+ 2005-01-28 12:44:28 290,816 ----a-w c:\windows\system32\WMDRMNet.dll
- 2004-08-03 23:56:36 168,448 ----a-w c:\windows\system32\wmerror.dll
+ 2005-01-28 12:44:28 189,440 ----a-w c:\windows\system32\wmerror.dll
- 2004-08-03 23:56:48 151,552 ----a-w c:\windows\system32\wmidx.dll
+ 2005-01-28 12:44:28 150,016 ----a-w c:\windows\system32\wmidx.dll
- 2004-08-03 23:56:48 1,050,624 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2005-01-28 12:44:28 1,027,072 ----a-w c:\windows\system32\wmnetmgr.dll
- 2004-08-03 23:56:48 4,874,240 ----a-w c:\windows\system32\wmp.dll
+ 2005-01-28 12:44:28 5,525,504 ----a-w c:\windows\system32\wmp.dll
- 2004-08-03 23:56:48 114,688 ----a-w c:\windows\system32\wmpasf.dll
+ 2005-01-28 12:44:28 135,168 ----a-w c:\windows\system32\wmpasf.dll
- 2004-08-03 23:56:48 20,480 ----a-w c:\windows\system32\wmpcd.dll
+ 2005-01-28 12:44:28 20,480 ----a-w c:\windows\system32\wmpcd.dll
- 2004-08-03 23:56:48 20,480 ----a-w c:\windows\system32\wmpcore.dll
+ 2005-01-28 12:44:28 20,480 ----a-w c:\windows\system32\wmpcore.dll
- 2004-08-03 23:56:48 233,472 ----a-w c:\windows\system32\wmpdxm.dll
+ 2005-01-28 12:44:28 282,624 ----a-w c:\windows\system32\wmpdxm.dll
+ 2005-01-28 12:44:28 1,594,880 ----a-w c:\windows\system32\wmpencen.dll
- 2004-08-03 23:56:38 2,940,928 ----a-w c:\windows\system32\wmploc.dll
+ 2005-01-28 12:44:28 3,371,008 ----a-w c:\windows\system32\wmploc.dll
- 2004-08-03 23:56:48 102,400 ----a-w c:\windows\system32\wmpshell.dll
+ 2005-01-28 12:44:28 86,016 ----a-w c:\windows\system32\wmpshell.dll
+ 2005-01-28 12:44:28 175,104 ----a-w c:\windows\system32\wmpsrcwp.dll
- 2004-08-03 23:56:48 20,480 ----a-w c:\windows\system32\wmpui.dll
+ 2005-01-28 12:44:28 20,480 ----a-w c:\windows\system32\wmpui.dll
- 2004-08-03 23:56:48 759,296 ----a-w c:\windows\system32\wmsdmod.dll
+ 2005-01-28 12:44:28 774,904 ----a-w c:\windows\system32\wmsdmod.dll
- 2004-08-03 23:56:48 484,864 ----a-w c:\windows\system32\wmspdmod.dll
+ 2005-01-28 12:44:28 413,944 ----a-w c:\windows\system32\wmspdmod.dll
- 2004-08-03 23:56:48 896,512 ----a-w c:\windows\system32\wmspdmoe.dll
+ 2005-01-28 12:44:28 940,544 ----a-w c:\windows\system32\wmspdmoe.dll
+ 2005-01-28 12:44:28 1,218,808 ----a-w c:\windows\system32\wmvadvd.dll
+ 2005-01-28 12:44:28 1,512,448 ----a-w c:\windows\system32\WMVADVE.DLL
- 2004-08-03 23:57:04 2,105,344 ----a-w c:\windows\system32\wmvcore.dll
+ 2005-01-28 12:44:28 2,370,296 ----a-w c:\windows\system32\wmvcore.dll
- 2004-08-03 23:56:48 809,984 ----a-w c:\windows\system32\wmvdmod.dll
+ 2005-01-28 12:44:28 895,736 ----a-w c:\windows\system32\wmvdmod.dll
- 2004-08-03 23:56:48 1,001,472 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2005-01-28 12:44:28 1,003,008 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2005-01-28 12:44:28 38,912 ----a-w c:\windows\system32\wpd_ci.dll
+ 2005-01-28 12:44:28 61,952 ----a-w c:\windows\system32\wpdconns.dll
+ 2005-01-28 12:44:28 114,176 ----a-w c:\windows\system32\wpdmtp.dll
+ 2005-01-28 12:44:28 331,776 ----a-w c:\windows\system32\wpdmtpdr.dll
+ 2005-01-28 12:44:28 66,560 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2005-01-28 12:44:28 331,264 ----a-w c:\windows\system32\wpdsp.dll
+ 2005-01-28 12:44:28 10,752 ----a-w c:\windows\system32\wpdtrace.dll
+ 2009-01-07 18:45:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Girder3.lnk - c:\program files\Girder\Girder.exe [2009-01-07 1830912]
PowerInstall Softcam Updater.lnk - c:\program files\FreePack\PSU\PSU.EXE [2008-10-07 57003]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-06 450560]
Server4PC.lnk - c:\program files\TechniSat DVB\bin\Server4PC.exe [2009-01-07 430080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\TechniSat DVB\\bin\\Server4PC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7253:TCP"= 7253:TCP:xkwwjmol

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-07 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R3 SKYNET;B2C2 Broadband Receiver PCI Adapter;c:\windows\system32\drivers\SkyNET.sys [2009-01-07 451816]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D32.sys [2009-01-06 10752]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-07 20560]
R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [2009-01-06 5376]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 xzyhysqm;xzyhysqm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S4 dztwbejgo;Microsoft Security;c:\windows\system32\svchost.exe -k netsvcs [2001-08-23 14336]
S4 hkxbzg;hkxbzg;c:\windows\system32\svchost.exe -k netsvcs [2001-08-23 14336]
S4 wqenk;Task Windows;c:\windows\system32\svchost.exe -k netsvcs [2001-08-23 14336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UMWDF

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hkxbzg
dztwbejgo
wqenk
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


.
------- Supplementary Scan -------
.
TCP: {AACF6E13-2B55-499D-A999-253A0FB321E6} = 93.93.93.2,194.106.162.3

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0u3h6l59.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.elitesecurity.org/f101-PC-DVB-kartice
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 20:11:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xzyhysqm]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dztwbejgo]
"ServiceDll"="c:\windows\System32\frsvyou.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wqenk]
"ServiceDll"="c:\windows\system32\frsvyou.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-07 20:11:52
ComboFix-quarantined-files.txt 2009-01-07 19:11:50
ComboFix2.txt 2009-01-07 17:08:57

Pre-Run: 46,055,989,248 bytes free
Post-Run: 46,048,854,016 bytes free

450 --- E O F --- 2009-01-06 21:10:44

i nije se restartovao....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:13 PM, on 1/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Girder\Girder.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Girder3.lnk = C:\Program Files\Girder\Girder.exe
O4 - Startup: PowerInstall Softcam Updater.lnk = C:\Program Files\FreePack\PSU\PSU.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AACF6E13-2B55-499D-A999-253A0FB321E6}: NameServer = 93.93.93.2,194.106.162.3
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 3772 bytes

Start > Run > Combofix /u enter i sacekaj da se combofix deinstalira

Restartuj kompjuter i pritiskaj F8 taster.
Pojavice se menu
U boot menu-iju izaberi Safe Mode


* Pokreni HijackThis
* Izaberi opciju "Do a system scan only"
* Stikliraj sledece linije:



Javi kakva je situacija

koliko vidim nista se nije promenilo...

Combofix je obrisao virus koji nije mogao malwarebytes, HJT log je cist osim ove linije koju ti kazes kad fixas izgubis net.

O17 - HKLM\System\CCS\Services\Tcpip\..\{AACF6E13-2B55-499D-A999-253A0FB321E6}: NameServer = 93.93.93.2,194.106.162.3
93.93.93.2 - ova IP adresa je uljez, nikako ne moze da pripada tvom provajderu http://samspade.org/whois/93.93.93.2
194.106.162.3 - Ova IP adresa pripada Beotel .net http://samspade.org/whois/194.106.162.3

Ti u prethodnom postu kazes



Ja mislim da je tu problem, a mozes se i sam uveriti ako kliknes na gornje linkove. Pogledaj na tvom ruteru da li je DNS podesen na automatski.

kad ubacim log fajl na http://www.hijackthis.de/en za tu adresu kaze da je safe


ja imam bezicni net sa javnom IP adresom,nemam ruter imam ovu kantu http://www.planet.com.tw/news/productnews/WAP-4033.htm
pre par dana sam zvao provajdera i oni su mi govorili sta da kucam pod internet protocol,a gledam bas sad na njihovom sajtu http://isp-optikom.net/podesavanje.php gde pisu neke druge dns adrese,nemam pojma zbog cega su meni rekli da kucam ove...mozda zbog javne ip,to su nazvali staticki natovana ili nesto slicno...
uglavno,zovem ih sutra pa cu da vidim sta ce reci.
hvala za ovo cimanje,javljam sutra sta sam uradio.

Ove adrese na sajtu su njihove

inetnum: 93.93.192.0 - 93.93.199.255
netname: RS-OPTIKOMNET-20080226

A ove sto su kod tebe nemaju blage veze sa njima, jedna je cak iz Rusije

otprilike ja sam imao i virus i pogresnu dns adresu koja je blokirarala pristup odredjenim sajtovima ili mislis da je i ovo neki viris O17 - HKLM\System\CCS\Services\Tcpip\..\{AACF6E13-2B55-499D-A999-253A0FB321E6}: NameServer = 93.93.93.2,194.106.162.3
93.93.93.2

brza pomoc, da ne gubite vreme

par stvatri sa kojima resavate sve probleme :

nadjes i skines :

- CA Antivirus 2009
- CA AntiSpyware

instaliras antivirus, restart, instaliras anti spyware,
skeniras pc, ocistice ti sve.

reboot

nadjes i skines Trojan Remover (trial, moze da ocisti sve)
pokrenes, ocistis sve, reboot, ponovis sken posle,
ako treba ocisti ponovo

nadjes i skines, pokrenes WinSock Registry Fix,
on ce da ti sredi mrezu.


kraj

poz.
Brka.

Ili jos brze : Formatiras disk ,nadjes drugu instalaciju sa XP sp3, instaliras i Bog da te vidi !

P.S. Sa kakvim se glupostima smarate , ionako je sveza instalacija !

_{[Ovu poruku je menjao stonex dana 08.01.2009. u 15:12 GMT+1]}

prva IP adresa nema veze sa telekomom to je ta iz rusije ,a druga ip adresa je telekomova

aj za sad odradi samo ovo:

Privremeno iskljuci svoj Anti Virus

Otvori Notepad i kopiraj tekst koji se nalazi ispod:
Klikni na File\Save as i sacuvaj tekst kao CFScript na Desktop





Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe
To ce startovati ComboFix automatski ,mozda ce doci do restarta sistema (to je normalno)
Kada zavrsi,pojavice se log (C:\ComboFix.txt)
Sacuvaj taj CF log
......................

Skini program JavaRa
http://sourceforge.net/project...JavaRa.zip&use_mirror=osdn


klikni na Remove older versions
kad se zavrsi izbaci log,ti onda klikni na
Search for updates
onda odabrati donju opciju pa kliknuti na Search
To ce te odvesti na sajt sa koga skines i instaliras zadnju verziju Jave

.....................
onda skini ovaj program
http://us.trendmicro.com/us/products/personal/CWShredder/

ovde imas uputstvo ako ti treba
http://www.bleepingcomputer.com/tutorials/tutorial47.html

mislim da nista nece naci ali nije na odmet da ga pokrenes ako si voljan,
mozda nadje neke ostatke

................

imas li neku flesku?
da?
ili je formatiraj ,a ako neces onda bolje preuzmi ovaj program

http://www.techsupportforum.co...ols/sUBs/Flash_Disinfector.exe

pokreni ga,kad ti se pojavi poruka prikaci usb flash
za to vreme drzi shift taster (da bi izbegao autoplay)

.......................


postavi samo svez HijackThis log


_{[Ovu poruku je menjao magna86 dana 08.01.2009. u 03:32 GMT+1]}

bravo,koliko vidim ovo je resilo problem



evo i dokaz





za svaki slucaj evo i log

ComboFix 09-01-07.02 - Administrator 2009-01-08 15:06:11.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.579 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090107-0] *On-access scanning disabled* (Updated)
* Created a new restore point

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]

FILE ::
c:\windows\ativpsrm.bin
c:\windows\nsreg.dat
c:\windows\system32\frsvyou.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ativpsrm.bin
c:\windows\nsreg.dat
c:\windows\system32\frsvyou.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_dztwbejgo
-------\Legacy_wqenk
-------\Service_dztwbejgo
-------\Service_wqenk


((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-07 21:41 . 2009-01-07 21:41 <DIR> d-------- c:\program files\sXe Injected
2009-01-07 20:34 . 2009-01-07 20:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\True Sword
2009-01-07 20:31 . 2009-01-08 11:59 <DIR> d-------- c:\program files\True Sword 5
2009-01-07 19:41 . 2009-01-07 19:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Uniblue
2009-01-07 18:00 . 2009-01-07 18:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-07 17:31 . 2009-01-07 17:31 <DIR> d-------- c:\program files\Alwil Software
2009-01-07 16:56 . 2009-01-07 16:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-07 16:55 . 2009-01-07 16:55 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-07 16:55 . 2009-01-07 16:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-07 12:19 . 2009-01-07 12:19 <DIR> d-------- c:\program files\Trend Micro
2009-01-07 12:08 . 2009-01-07 12:08 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-07 12:07 . 2004-08-04 00:56 2,897,920 --------- c:\windows\system32\xpsp2res.dll
2009-01-07 12:06 . 2004-07-17 11:40 19,528 --a------ c:\windows\002509_.tmp
2009-01-07 12:05 . 2009-01-07 12:05 <DIR> d-------- c:\windows\EHome
2009-01-07 00:51 . 2009-01-07 00:51 <DIR> d-------- c:\program files\FreePack
2009-01-07 00:51 . 2009-01-07 00:53 94 --a------ c:\windows\Folders.ini
2009-01-07 00:46 . 2009-01-07 00:48 <DIR> d-------- c:\program files\Girder
2009-01-07 00:45 . 2009-01-07 00:45 <DIR> d-------- c:\program files\Foxit Software
2009-01-07 00:45 . 2009-01-07 00:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Foxit
2009-01-07 00:42 . 2009-01-07 01:00 <DIR> d-------- C:\ProgDVB
2009-01-07 00:36 . 2009-01-07 00:36 <DIR> d-------- c:\program files\DVBViewerTE
2009-01-07 00:34 . 2009-01-07 00:34 <DIR> d-------- c:\program files\TechniSat DVB
2009-01-07 00:34 . 2004-03-10 23:37 1,045,776 --a------ c:\windows\system32\msjet35.dll
2009-01-07 00:34 . 2004-03-10 23:37 368,912 --a------ c:\windows\system32\vbar332.dll
2009-01-07 00:34 . 2004-03-10 23:37 252,176 --a------ c:\windows\system32\msrd2x35.dll
2009-01-07 00:34 . 2004-03-10 23:37 123,664 --a------ c:\windows\system32\Msjint35.dll
2009-01-07 00:34 . 2004-05-02 20:30 118,784 --a------ c:\windows\system32\SkyDll.dll
2009-01-07 00:34 . 2004-05-02 20:30 118,784 --a------ c:\windows\system32\Sky2PCUI.dll
2009-01-07 00:34 . 2004-04-13 13:15 102,400 --a------ c:\windows\system32\libbz2.dll
2009-01-07 00:34 . 2004-03-10 23:37 24,848 --a------ c:\windows\system32\msjter35.dll
2009-01-07 00:33 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-01-07 00:32 . 2004-05-02 20:30 451,816 -ra------ c:\windows\system32\drivers\SkyNET.sys
2009-01-07 00:04 . 2009-01-07 00:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 00:04 . 2009-01-07 00:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 00:04 . 2009-01-07 00:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-07 00:04 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 00:04 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-06 23:34 . 2009-01-06 23:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-01-06 23:33 . 2009-01-06 23:33 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-01-06 23:33 . 2009-01-06 23:33 <DIR> d-------- c:\program files\ACD Systems
2009-01-06 23:33 . 2009-01-06 23:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-06 22:31 . 2009-01-06 22:31 <DIR> d-------- c:\program files\Lavasoft
2009-01-06 22:31 . 2009-01-06 22:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-06 22:30 . 2009-01-07 16:55 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-06 22:21 . 2009-01-07 21:45 <DIR> d-------- c:\program files\Valve
2009-01-06 22:10 . 2009-01-06 22:10 <DIR> d-------- c:\windows\system32\bits
2009-01-06 22:10 . 2009-01-06 23:34 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-06 21:43 . 2004-08-04 00:56 438,784 --------- c:\windows\system32\xpob2res.dll
2009-01-06 21:43 . 2004-08-04 00:56 351,232 --a------ c:\windows\system32\winhttp.dll
2009-01-06 21:43 . 2004-08-04 00:56 18,944 --a------ c:\windows\system32\qmgrprxy.dll
2009-01-06 21:43 . 2004-08-04 00:56 8,192 --------- c:\windows\system32\bitsprx2.dll
2009-01-06 21:43 . 2004-08-04 00:56 7,168 --------- c:\windows\system32\bitsprx3.dll
2009-01-06 21:37 . 2009-01-06 21:37 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2009-01-06 21:34 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll
2009-01-06 21:34 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll
2009-01-06 21:34 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl
2009-01-06 21:34 . 2008-10-16 14:13 202,776 --a------ c:\windows\system32\wuweb.dll
2009-01-06 21:34 . 2004-08-03 14:03 186,136 --a------ c:\windows\system32\wuaueng1.dll
2009-01-06 21:34 . 2004-08-03 14:01 167,704 --a------ c:\windows\system32\wuauclt1.exe
2009-01-06 21:34 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll
2009-01-06 21:28 . 2009-01-06 21:28 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-06 21:28 . 2009-01-06 21:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 21:18 . 2009-01-06 21:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Logitech
2009-01-06 21:15 . 2009-01-06 21:15 <DIR> d-------- c:\program files\Logitech
2009-01-06 21:15 . 2009-01-06 21:15 <DIR> d-------- c:\program files\Common Files\Logitech
2009-01-06 21:15 . 2005-01-28 13:44 1,119,744 --a------ c:\windows\system32\wmsdmoe2.dll
2009-01-06 21:06 . 2007-12-20 21:05 593,920 --------- c:\windows\system32\ati2sgag.exe
2009-01-06 21:06 . 2004-08-03 22:59 57,472 --a------ c:\windows\system32\drivers\redbook.sys
2009-01-06 21:06 . 2001-08-17 14:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2009-01-06 21:06 . 2001-08-17 14:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-01-06 21:05 . 2009-01-06 20:13 <DIR> dr------- c:\documents and settings\All Users\Documents
2009-01-06 21:04 . 2009-01-08 12:17 <DIR> d-------- c:\windows\system32\CatRoot2
2009-01-06 21:04 . 2009-01-06 21:04 <DIR> d-------- c:\program files\VID_0E8F&PID_0003
2009-01-06 21:02 . 2009-01-06 20:17 261 --a------ c:\windows\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 11:19 196,608 ----a-w c:\windows\system32\drivers\aStandard.bin
2009-01-06 21:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-06 20:10 --------- d-----w c:\documents and settings\Administrator\Application Data\ATI
2009-01-06 19:54 --------- d-----w c:\program files\My Company Name
2009-01-06 19:52 --------- d-----w c:\program files\ATI Technologies
2009-01-06 19:51 --------- d-----w c:\program files\Common Files\ATI Technologies
2009-01-06 19:44 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-06 19:34 --------- d-----w c:\program files\Realtek
2009-01-06 19:20 --------- d-----w c:\program files\Intel
2009-01-06 19:15 558,142 ----a-w c:\windows\java\Packages\0FJNJ9FL.ZIP
2009-01-06 19:15 155,995 ----a-w c:\windows\java\Packages\OVRHZTND.ZIP
2009-01-06 19:15 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Girder3.lnk - c:\program files\Girder\Girder.exe [2009-01-07 1830912]
PowerInstall Softcam Updater.lnk - c:\program files\FreePack\PSU\PSU.EXE [2008-10-07 57003]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-06 450560]
Server4PC.lnk - c:\program files\TechniSat DVB\bin\Server4PC.exe [2009-01-07 430080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\TechniSat DVB\\bin\\Server4PC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7253:TCP"= 7253:TCP:xkwwjmol

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-07 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R3 SKYNET;B2C2 Broadband Receiver PCI Adapter;c:\windows\system32\drivers\SkyNET.sys [2009-01-07 451816]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D32.sys [2009-01-06 10752]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-07 20560]
R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [2009-01-06 5376]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 xzyhysqm;xzyhysqm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S4 dztwbejgo;Microsoft Security;c:\windows\system32\svchost.exe -k netsvcs [2001-08-23 14336]
S4 hkxbzg;hkxbzg;c:\windows\system32\svchost.exe -k netsvcs [2001-08-23 14336]
S4 wqenk;Task Windows;c:\windows\system32\svchost.exe -k netsvcs [2001-08-23 14336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DZTWBEJGO
*NewlyCreated* - WQENK

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hkxbzg
dztwbejgo
wqenk
.
.
------- Supplementary Scan -------
.
TCP: {AACF6E13-2B55-499D-A999-253A0FB321E6} = 93.93.93.2,194.106.162.3

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0u3h6l59.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.elitesecurity.org/f101-PC-DVB-kartice
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 15:09:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xzyhysqm]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dztwbejgo]
"ServiceDll"="c:\windows\System32\frsvyou.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wqenk]
"ServiceDll"="c:\windows\system32\frsvyou.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\windows\ATKKBService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-08 15:11:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-08 14:11:03

Pre-Run: 46,272,319,488 bytes free
Post-Run: 46,231,392,256 bytes free

223 --- E O F --- 2009-01-06 21:10:44

sta je bio problem

nsreg.dat - verujem da je ovo neka nova vrsta malware-a
AV jos neznaju za njega ,HjT ga nevidi...a format ocigledno nepomaze

ativpsrm.bin je takodje neki malware mozda je deo onog gornjeg

i ovaj zadnji je takodje nepoznat

u CF logu sam nasao neke meni sumnjive stavke koje su povezane sa javom i virusom zvanim CoolWebSearch

zato sam i rekao da odradis ono gore sa datim alatima za svaki slucaj

molim te nadji sledeci folder
C:\QooBox
spakuj ga u .rar ili .zip i uploaduj ga negde npr. na rapidshare
posalji mi na PP link

pa uninstaliraj CF


Start / Run kopirati ovo:

Combofix /u

pa Ok



i odradi ono sto sam napisao za Javu i CWS

_{[Ovu poruku je menjao magna86 dana 08.01.2009. u 16:19 GMT+1]}

problem resen novom instalacijom sa treceg diska posto se sve vratilo na staro posle nekog vremena,ociti da je ovaj virus dosta pametan....
hvala svima na trudu posebno kristi1 i magna86

_{[Ovu poruku je menjao izida dana 08.01.2009. u 21:42 GMT+1]}

hm...svasta...
mozda se vratio sa nekog diska ili fleske ili pak nekog programa sto koristis..ko zna

nemam pojma,od diskova sam ubacivao samo fabricke drivere a flash nikad nije usao u moje kuciste.....
sa ovom novom instalacijom sistema radi super,sam meo sad buni ona IP adresa iz hjt... provajderu sam poslao mail i cekam da mi odgovore...

http://www.spywaredata.com/spyware/malware/nsreg.dat.php
http://tech.firdooze.com/2008/...-msn-virus-from-your-computer/


http://www.lavasoftsupport.com/index.php?showtopic=13632

hehe..znaci ipak sam bio u pravu
CWShredder bi to razbio
samo..sto ga @izida nije pokrenuo kao sto sam predlozio

ja se izvinjavam sto ponovo pokrecem temu,ali,problem je bio na drugom mestu,CWShredder sam pokrenuo ali posto nije resio problem zaboravio sam to da napomenem u poruci...
posto sam opet instalirao operativni sistem sa tog spornog diska,evo gde je bio problem http://tinypic.com/view.php?pic=u6mut&s=5 posle brisanja ovog fajla problem je trajno nestao.....