Hijack i ComboFix Log - Problemi sa sistemom

[ akiko1 @ 16.12.2009. 00:03 ] @

Pozdrav,
Zadnjih par dana imam problem sa compom,jer se sistem sporije dize, DVD-ROM nece da ocita DVD-ove, a jedan od externih diskova (Toshiba) sistem ne prepoznaje (na drugom compu radi dobro).
Skenirao sam Hijackom i ComboFixom i evo postavio sam log od oba! Ako neko moze pomoci u rjesenju problema bio bih mu zahvalan!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:43 AM, on 12/16/2009
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\WinFlip\WinFlip.exe
C:\Program Files\ViSplore\ViSplore.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\VISTAR~1\Rainbar.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\akiko\Desktop\ESScan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\launcher.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViGlance] C:\Program Files\ViGlance\ViGlance.exe
O4 - HKCU\..\Run: [WinFlip] C:\Program Files\WinFlip\WinFlip.exe
O4 - HKCU\..\Run: [ViSplore] C:\Program Files\ViSplore\ViSplore.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6329914-D4B7-48E7-96B1-4C8B743C9E66}: NameServer = 195.222.32.10 195.222.32.20
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6587 bytes

--------------------------------------------------------------------------------------------------------------------------------------------------
ComboFix 09-09-14.02 - akiko 09/16/2009 0:39.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.601 [GMT 2:00]
Running from: c:\documents and settings\akiko\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\akiko\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.

2009-12-15 19:00 . 2009-12-15 19:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software
2009-12-15 18:21 . 2009-12-15 18:21 -------- d-----w- c:\documents and settings\akiko\Application Data\Malwarebytes
2009-12-15 18:21 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-15 18:21 . 2009-12-15 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-15 18:21 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-15 18:21 . 2009-12-15 18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 18:17 . 2009-11-17 09:37 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-15 18:17 . 2009-11-17 09:31 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-15 18:16 . 2009-12-15 18:17 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-12-15 18:16 . 2009-12-15 18:16 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-15 13:37 . 2009-12-15 17:03 -------- d-----w- c:\windows\system32\NtmsData
2009-11-29 11:49 . 2004-03-02 16:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2009-11-29 11:49 . 2004-03-02 16:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2009-11-29 11:48 . 2009-11-29 11:49 -------- d-----w- c:\program files\Ahead
2009-11-26 08:01 . 2009-11-26 08:01 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-25 22:41 . 2009-11-26 08:01 -------- d-----w- c:\windows\SxsCaPendDel
2009-11-20 15:48 . 2009-11-20 21:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-16 23:29 . 2009-11-25 22:35 -------- d-----w- c:\program files\Common Files\Logitech
2009-11-16 23:29 . 2008-02-12 02:12 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-11-16 23:29 . 2008-02-12 02:12 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-11-16 23:27 . 2008-02-12 02:20 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-11-16 23:27 . 2008-02-12 02:20 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-11-16 23:27 . 2008-02-12 02:20 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-11-16 23:27 . 2008-02-12 02:20 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-11-16 23:27 . 2008-02-12 02:20 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-11-16 23:27 . 2008-02-12 02:20 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-11-16 23:26 . 2008-02-12 02:20 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-11-16 23:26 . 2008-02-12 02:20 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-11-16 23:26 . 2008-02-12 02:20 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-11-16 23:26 . 2008-02-12 02:20 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-11-16 23:26 . 2008-02-12 02:20 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-11-16 23:26 . 2008-02-12 02:20 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-11-16 23:25 . 2009-11-25 22:35 -------- d-----w- c:\program files\Common Files\logishrd
2009-11-16 23:25 . 2008-02-12 13:59 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-11-16 23:25 . 2008-02-12 13:59 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-11-11 15:15 . 2009-11-11 15:21 -------- d-----w- c:\program files\Common Files\Elecard
2009-11-11 15:15 . 2009-11-11 15:21 -------- d-----w- c:\program files\Elecard
2009-11-11 14:51 . 2009-11-11 14:51 158528 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-11 14:49 . 2009-11-11 14:49 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-11 14:49 . 2009-11-11 14:49 -------- d-----w- c:\program files\Reference Assemblies
2009-11-11 14:48 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-11-11 14:40 . 2001-08-17 12:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-11-11 14:40 . 2001-08-17 12:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-11-11 14:34 . 2009-12-07 13:03 -------- d-----w- C:\ProgDVB
2009-11-01 23:35 . 2009-11-02 08:27 -------- d-----w- c:\program files\CHM To PDF Converter PRO
2009-11-01 21:54 . 2009-11-01 22:06 -------- d-----w- c:\documents and settings\akiko\Application Data\PrimoPDF
2009-11-01 21:53 . 2009-07-31 01:44 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2009-10-27 09:13 . 2009-11-09 10:54 -------- d--h--w- c:\windows\system32\Restor
2009-10-20 09:04 . 2009-10-23 16:25 -------- d--h--w- c:\windows\system32\rstute
2009-10-18 10:36 . 2009-10-18 10:37 -------- d--h--w- c:\windows\system32\java
2009-10-14 12:00 . 2009-12-15 19:14 -------- d-----w- c:\program files\ProgDVB 6.20.5
2009-10-14 12:00 . 2009-10-14 12:00 -------- d-----w- c:\windows\ProgDVB 6.20.5
2009-10-11 21:24 . 2009-10-11 21:24 -------- d-----w- c:\documents and settings\akiko\Local Settings\Application Data\ESET
2009-10-11 19:15 . 2009-10-11 19:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-10-09 17:50 . 2009-10-09 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ProgDVB
2009-10-09 15:09 . 2009-10-09 17:50 -------- d-----w- c:\documents and settings\akiko\Local Settings\Application Data\ProgDVB
2009-10-08 23:35 . 2009-10-08 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\CMUV
2009-10-08 23:33 . 2009-10-08 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Technisat
2009-10-08 23:33 . 2009-10-08 23:33 -------- d-----w- c:\program files\MainConcept
2009-10-08 23:32 . 2009-10-08 23:33 -------- d-----w- c:\program files\TechniSat DVB
2009-10-08 23:22 . 2009-09-11 05:47 507408 ----a-w- c:\windows\system32\drivers\SkyNET.sys
2009-10-06 18:02 . 2009-10-06 18:02 -------- d-----w- c:\windows\Sun
2009-10-04 23:25 . 2009-10-04 23:25 -------- d-----w- C:\Boot
2009-10-04 17:51 . 2009-10-04 17:51 -------- d-----w- c:\documents and settings\akiko\dwhelper
2009-10-04 15:47 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-10-04 15:46 . 2009-10-04 15:46 -------- d-----w- c:\program files\Microsoft Works
2009-10-04 15:46 . 2009-11-11 14:49 -------- d-----w- c:\program files\MSBuild
2009-10-04 15:45 . 2009-10-04 15:45 -------- d-----w- c:\program files\uTorrent
2009-10-04 15:44 . 2009-10-04 15:44 -------- d-----w- c:\program files\Microsoft.NET
2009-10-04 15:44 . 2009-12-15 17:53 -------- d-----w- c:\documents and settings\akiko\Application Data\uTorrent
2009-10-04 15:42 . 2009-10-04 15:42 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-04 15:42 . 2009-10-04 15:45 -------- d-----w- c:\windows\SHELLNEW
2009-10-04 15:41 . 2009-10-04 15:41 -------- d-----w- c:\documents and settings\akiko\Local Settings\Application Data\Microsoft Help
2009-10-04 15:41 . 2009-10-04 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-04 15:41 . 2009-10-18 10:37 -------- d-----r- C:\MSOCache
2009-10-04 12:43 . 2001-08-17 20:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-10-04 12:42 . 2001-08-17 12:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2009-10-04 12:41 . 2001-08-23 12:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2009-10-04 12:40 . 2001-08-17 20:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-10-04 12:39 . 2008-02-11 23:01 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2009-10-04 12:38 . 2001-08-17 10:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2009-10-04 12:38 . 2008-02-12 01:20 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2009-10-04 12:38 . 2001-08-17 11:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2009-10-04 12:38 . 2001-08-17 12:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2009-10-04 12:38 . 2008-02-12 01:15 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2009-10-04 12:38 . 2001-08-23 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-10-04 12:38 . 2001-08-17 12:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-10-04 12:38 . 2001-08-17 11:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-10-04 12:38 . 2008-02-12 01:20 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-10-04 12:38 . 2001-08-17 11:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-10-04 12:38 . 2008-02-12 01:20 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-10-04 12:38 . 2001-08-17 11:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-10-04 12:38 . 2001-08-17 11:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2009-10-04 12:36 . 2001-08-17 20:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2009-10-04 12:35 . 2001-08-17 11:28 907456 -c--a-w- c:\windows\system32\dllcache\hcf_msft.sys
2009-10-04 12:34 . 2001-08-23 12:00 514587 -c--a-w- c:\windows\system32\dllcache\edb500.dll
2009-10-04 12:33 . 2001-08-17 12:02 272640 -c--a-w- c:\windows\system32\dllcache\cinemclc.sys
2009-10-04 12:32 . 2001-08-17 10:49 10240 -c--a-w- c:\windows\system32\dllcache\atipcxxx.sys
2009-10-04 12:31 . 2001-08-23 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2009-10-04 12:31 . 2001-08-17 12:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-10-04 12:31 . 2008-02-12 02:00 2145280 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-04 12:31 . 2001-08-23 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-10-04 12:31 . 2001-08-23 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-10-04 12:31 . 2001-08-23 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2009-10-04 12:31 . 2001-08-23 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-10-04 12:31 . 2001-08-23 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-10-04 12:31 . 2001-08-23 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2009-10-04 12:29 . 2009-09-15 22:39 -------- d-----w- c:\windows\system32\CatRoot2
2009-10-04 11:48 . 2009-10-04 18:43 -------- d-----w- c:\documents and settings\akiko\Application Data\vlc
2009-10-04 11:16 . 2009-10-04 11:16 -------- d-----w- c:\program files\stardock
2009-10-04 11:16 . 2009-10-04 11:16 -------- d-----w- c:\documents and settings\akiko\Application Data\ViStart
2009-10-04 11:16 . 2009-10-04 11:16 -------- d-----w- c:\documents and settings\akiko\Application Data\ViSplore
2009-10-04 11:16 . 2009-10-06 15:49 -------- d-----w- c:\windows\system32\VIRepair
2009-10-04 11:16 . 2009-10-04 11:16 -------- d-----w- c:\documents and settings\akiko\Application Data\ViGlance
2009-10-04 11:15 . 2009-10-04 11:15 -------- d-----w- c:\program files\ViSplore
2009-10-04 11:15 . 2009-07-09 18:30 348797 ----a-w- c:\windows\system32\viwc.exe
2009-10-04 11:15 . 2009-10-04 11:15 -------- d-----w- c:\program files\TrueTransparency
2009-10-04 11:15 . 2009-09-15 22:26 -------- d-----w- c:\program files\WinFlip
2009-10-04 11:15 . 2009-10-08 07:57 -------- d-----w- c:\program files\ViGlance
2009-10-04 11:15 . 2009-09-15 22:26 -------- d-----w- c:\program files\ViStart
2009-10-04 11:15 . 2009-10-04 11:15 -------- d-----w- c:\program files\Vista Rainbar
2009-10-04 11:15 . 2009-10-04 11:15 -------- d-----w- c:\program files\Vista Drive Icon
2009-10-04 11:15 . 2009-03-18 06:46 6181376 ----a-w- c:\windows\system32\sevenui.exe
2009-10-04 11:12 . 2009-10-04 11:15 -------- d-----w- c:\windows\system32\VITrans
2009-10-04 11:12 . 2006-12-03 15:15 111104 ----a-w- c:\windows\system32\Uharc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-25 22:33 . 2009-11-25 22:33 1824 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-10 13:59 . 2009-10-03 17:36 -------- d-----w- c:\program files\The KMPlayer
2009-10-08 23:32 . 2009-10-03 17:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-03 17:54 . 2009-10-03 17:54 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-10-03 17:27 . 2009-10-03 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-10-03 17:27 . 2009-10-03 17:27 -------- d-----w- c:\documents and settings\akiko\Application Data\ATI
2009-10-03 17:24 . 2009-10-03 17:24 -------- d-----w- c:\program files\ATI Technologies
2009-10-03 17:23 . 2009-10-03 17:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-03 17:19 . 2009-10-03 17:19 -------- d-----w- c:\program files\DirectX9
2009-10-03 17:12 . 2009-10-03 17:12 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-10-03 17:12 . 2009-10-03 17:12 737280 ----a-w- c:\windows\iun6002.exe
2009-10-03 16:53 . 2009-10-03 16:53 -------- d-----w- c:\program files\microsoft frontpage
2009-10-03 16:49 . 2009-10-03 16:49 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-03 16:49 . 2009-10-03 16:48 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-15 22:38 . 2009-09-15 22:38 69232 ----a-w- c:\documents and settings\akiko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 05:26 . 2009-09-11 05:26 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-09-11 05:26 . 2009-09-11 05:26 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-09-11 05:23 . 2009-09-11 05:23 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-11 05:17 . 2009-09-11 05:17 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-06-19 07:10 . 2009-06-19 07:10 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-15_22.27.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-15 22:28 . 2009-09-15 22:28 16384 c:\windows\Temp\Perflib_Perfdata_bec.dat
+ 2001-08-23 12:00 . 2009-09-15 22:29 72152 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2009-12-15 22:42 72152 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2009-09-15 22:29 444528 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2009-12-15 22:42 444528 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vista Rainbar"="c:\program files\Vista Rainbar\launcher.exe" [2009-04-29 133851]
"ViStart"="c:\program files\ViStart\ViStart.exe" [2009-04-17 860160]
"ViGlance"="c:\program files\ViGlance\ViGlance.exe" [2009-07-08 438272]
"WinFlip"="c:\program files\WinFlip\WinFlip.exe" [2008-05-21 483328]
"ViSplore"="c:\program files\ViSplore\ViSplore.exe" [2009-02-04 389120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-01-20 77824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Server4PC.lnk - c:\program files\TechniSat DVB\bin\Server4PC.exe [2009-10-9 338448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):73,65,76,65,6e,75,69,2e,65,78,65,00

[HKLM\~\startupfolder\C:^Documents and Settings^akiko^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
path=c:\documents and settings\akiko\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/7/2009 11:39 PM 20744]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2/27/2009 4:40 PM 143467]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/11/2009 7:24 AM 735960]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/15/2009 8:21 PM 276816]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [11/17/2009 11:34 AM 1021256]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 12:44 PM 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 2:58 PM 26248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/15/2009 8:21 PM 19160]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10/14/2009 8:24 AM 10064]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1455F253-67B9-FCA4-FC97-0E8C97DB3490}]
c:\windows\system32\Bifrost\msnmsnggr.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{69FCBBD4-D9B4-B9CA-5147-52344E049905}]
c:\documents and settings\akiko\Application Data\jvava\UP\java.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7E5BAC99-8697-57DC-8761-1B7A1A77CDC7}]
c:\windows\system32\Restor\rsturi.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{83C69087-9E28-A81B-229C-F77C095E926E}]
c:\windows\system32\rstute\rstute.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E07B57CB-2D90-6F97-B038-FDD287A01760}]
c:\windows\system32\java\java.exe s
.
Contents of the 'Scheduled Tasks' folder

2009-09-15 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-17 09:40]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
TCP: {B6329914-D4B7-48E7-96B1-4C8B743C9E66} = 195.222.32.10 195.222.32.20
FF - ProfilePath - c:\documents and settings\akiko\Application Data\Mozilla\Firefox\Profiles\x9kxqofo.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 00:42
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3872)
c:\windows\system32\ieframe.dll
c:\windows\system32\dot3dlg.dll
c:\program files\ViStart\StartHook.dll
.
Completion time: 2009-09-15 0:43
ComboFix-quarantined-files.txt 2009-09-15 22:43
ComboFix2.txt 2009-09-15 22:28

Pre-Run: 13,306,683,392 bytes free
Post-Run: 13,284,397,056 bytes free

272
--------------------------------------------------------------------------------------------------------------------------------------------------

Napominjem samo da sam prilikom skeniranja ComboFixom vratio datum na septembar.

[ akiko1 @ 16.12.2009. 01:44 ] @

Kada sam htio da skinem s neta ComboFix pratio sam do
http://download.bleepingcomputer.com/sUBs/ComboFix.html
gdje mi umjesto download ispisuje:

Citat:

ComboFix is not available for download until an issue with the program has been resolved. Please be patient while the developer fixes the program and makes it available once again. As more information becomes available, we will update this page.

DO NOT attempt to download ComboFix from sites other than BleepingComputer.com and Forospyware.com!

Other sites hosting ComboFix are not authorized mirrors and are hosting outdated copies of ComboFix that contain a bug that may render some machines unbootable. Using unauthorized mirrors of ComboFix puts your computer at risk of not booting again. Please wait for the official version to be fixed and released again.

We will also announce when ComboFix is available on our Twitter and Facebook pages.

@magna86 pratio sam uputstvo o ComboFixu i postupio po svemu osim downloada ComboFixa zbog gore citiranog, pa sam koristio CobmoFix koji sam imao na compu i morao sam vratiti datum zbog

Citat:

Current date is 16/12/2009.
ComboFix has expired
Click 'Yes' to run in REDUCED FUNCTIONALITY mode
Click 'No' to exit"

Citat:

@magna: " ...koristio si sam CFScriptu...ko zna sta si jos petljao...srecno..."

?????

[ magna86 @ 16.12.2009. 01:46 ] @

http://www.elitesecurity.org/t...e-programa-HijackThis-ComboFix

Start >> Run
Combofix /Uninstall

obrisi rucno:
c:\windows\system32\drivers\kgpcpy.cfg
shift+delete+ enter

http://www.bleepingcomputer.com/tutorials/tutorial62.html

[ akiko1 @ 16.12.2009. 10:10 ] @

Izbirasao sam onaj fajl sto si mi rekao i uklonio ComboFix i evo HijackLog koji sam sada dobio. Nadam se da ce biti od pomoci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:21 AM, on 12/16/2009
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\ViGlance\ViGlance.exe
C:\Program Files\WinFlip\WinFlip.exe
C:\Program Files\ViSplore\ViSplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\VISTAR~1\Rainbar.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\akiko\Desktop\HiJack\ESScan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\launcher.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViGlance] C:\Program Files\ViGlance\ViGlance.exe
O4 - HKCU\..\Run: [WinFlip] C:\Program Files\WinFlip\WinFlip.exe
O4 - HKCU\..\Run: [ViSplore] C:\Program Files\ViSplore\ViSplore.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6329914-D4B7-48E7-96B1-4C8B743C9E66}: NameServer = 195.222.32.10 195.222.32.20
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 6583 bytes

[ magna86 @ 16.12.2009. 12:49 ] @

Skini DDS Program na Desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Dvoklikom pokreni dds.scr

Kad zavrsi, DDS ce otvoriti dva loga:
1. DDS.txt
2. Attach.txt
Oba izvestaja sacuvaj na Desktop.

Kopiraj mi DDS.txt

[ akiko1 @ 16.12.2009. 13:50 ] @

Uradio sam kako si rekao i evo DDS.txt izvjestaja:

DDS (Ver_09-12-01.01) - NTFSx86
Run by akiko at 14:49:20.42 on Wed 12/16/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.525 [GMT 1:00]

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\ViGlance\ViGlance.exe
C:\Program Files\WinFlip\WinFlip.exe
C:\Program Files\ViSplore\ViSplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\PROGRA~1\VISTAR~1\Rainbar.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\akiko\Desktop\dds.scr
C:\WINDOWS\system32\imapi.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.com
mWinlogon: UIHost=sevenui.exe
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Vista Rainbar] c:\program files\vista rainbar\launcher.exe
uRun: [ViStart] c:\program files\vistart\ViStart.exe
uRun: [ViGlance] c:\program files\viglance\ViGlance.exe
uRun: [WinFlip] c:\program files\winflip\WinFlip.exe
uRun: [ViSplore] c:\program files\visplore\ViSplore.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\server~1.lnk - c:\program files\technisat dvb\bin\Server4PC.exe
IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
mASetup: {1455F253-67B9-FCA4-FC97-0E8C97DB3490} - c:\windows\system32\bifrost\msnmsnggr.exe s
mASetup: {69FCBBD4-D9B4-B9CA-5147-52344E049905} - c:\documents and settings\akiko\application data\jvava\up\java.exe s
mASetup: {7E5BAC99-8697-57DC-8761-1B7A1A77CDC7} - c:\windows\system32\restor\rsturi.exe s
mASetup: {83C69087-9E28-A81B-229C-F77C095E926E} - c:\windows\system32\rstute\rstute.exe s
mASetup: {E07B57CB-2D90-6F97-B038-FDD287A01760} - c:\windows\system32\java\java.exe s

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\akiko\applic~1\mozilla\firefox\profiles\x9kxqofo.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-15 276816]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-15 19160]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2009-10-9 507408]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S4 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2009-2-27 143467]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]

=============== Created Last 30 ================

2009-12-16 10:14:26 0 d-sh--w- C:\$RECYCLE.BIN
2009-12-16 09:17:36 389120 ----a-w- c:\windows\system32\CF7536.exe
2009-12-15 18:21:26 0 d-----w- c:\docume~1\akiko\applic~1\Malwarebytes
2009-12-15 18:21:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-15 18:21:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-15 18:21:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-15 18:21:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 18:17:16 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-15 18:17:14 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-15 18:16:45 0 d-----w- c:\program files\TuneUp Utilities 2010
2009-12-15 18:16:13 0 d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-15 13:37:31 0 d-----w- c:\windows\system32\NtmsData
2009-11-29 21:58:36 69 ----a-w- c:\windows\NeroDigital.ini
2009-11-29 11:49:20 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2009-11-29 11:49:20 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2009-11-26 08:01:22 0 ----a-w- c:\windows\system32\BSPRINT.INI
2009-11-26 08:01:15 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-25 22:41:27 0 d-----w- c:\windows\SxsCaPendDel
2009-11-16 23:29:54 0 d-----w- c:\program files\common files\Logitech
2009-11-16 23:29:26 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-11-16 23:29:26 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-11-16 23:27:50 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-11-16 23:27:50 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-11-16 23:27:32 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-11-16 23:27:32 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-11-16 23:27:31 16384 -c--a-w- c:\windows\system32\dllcache\ipsink.ax
2009-11-16 23:27:31 16384 ----a-w- c:\windows\system32\ipsink.ax
2009-11-16 23:27:12 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-11-16 23:27:12 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-11-16 23:26:53 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-11-16 23:26:53 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-11-16 23:26:34 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-11-16 23:26:34 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-11-16 23:26:17 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-11-16 23:26:17 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-11-16 23:25:31 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
2009-11-16 23:25:31 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2009-11-16 23:25:31 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax
2009-11-16 23:25:31 61952 ----a-w- c:\windows\system32\kstvtune.ax
2009-11-16 23:25:31 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-11-16 23:25:31 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-11-16 23:25:28 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax
2009-11-16 23:25:28 43008 ----a-w- c:\windows\system32\ksxbar.ax

==================== Find3M ====================

2009-10-04 00:35:16 249856 ------w- c:\windows\Setup1.exe
2009-10-04 00:35:15 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-10-03 17:12:03 737280 ----a-w- c:\windows\iun6002.exe
2009-10-03 16:49:27 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 14:49:42.39 ===============

[ magna86 @ 16.12.2009. 14:06 ] @

Ovde nema malware-a. Logovi su cisti. Kompjuter je cist.

Pokreni Tune Up i iskljuci da ti se svi ti silni programi ne dizu sa XP-om,i to ce doprineti preformansama.
Obrisi nepotrebne stvari....

[ akiko1 @ 16.12.2009. 14:29 ] @

Hvalla! Do neki dan je sve radilo brzo, ali evo od prije dva dana je sve usporilo!
Uradicu kako si rekao!

Hvala jos jednom!
Lijep pozdrav!

[ magna86 @ 16.12.2009. 15:16 ] @

c:\windows\system32\restor\rsturi.exe
c:\windows\system32\rstute\rstute.exe

hajde upload-uj ove fajlove na skeniranje na VirusTotal.com
http://www.virustotal.com/

javi rezultate ( link )

[ akiko1 @ 16.12.2009. 15:47 ] @

U c:\windows\system32\restor\ nema rsturi.exe
Za c:\windows\system32\restore\rsturi.exe

http://www.virustotal.com/rean...bffd0a9e0b02d53fe27-1260978254

http://www.virustotal.com/anal...bffd0a9e0b02d53fe27-1260977439

U ovom folderu c:\windows\system32\rstute\ nema rstute.exe

Ja ga ne mogu uploadovati jer ga nema. Uradio sam sve kao sto se trazi na:
http://www.bleepingcomputer.com/tutorials/tutorial62.html

[ magna86 @ 17.12.2009. 22:51 ] @

Ok...zeleo bih da odradis jos nesto...mislim da sam nasao nesto :S
Skini na Desktop RSIT sa ovog linka:
RSIT

pokreni RSIT.exe
idi na Continue i RSIT ce zapoceti skeniranje.
kad zavrsi otvorice dva loga: (ako ih kojim slucajem neotvori logovi se nalaze na %systemdrive%\rsit folder (obicno C:\rsit) )

kopiraj mi sadrzaj log.txt

.........

Skini catchme na Desktop
Link1
Link2

Dvoklikom pokreni catchme.exe i predi na Script tab.
U (beli) prozor programa iskopiraj tekst koji se nalazi unutar kod polja:

Citat:

files:
c:\windows\system32\restor\rsturi.exe
c:\windows\system32\rstute\rstute.exe
c:\windows\system32\bifrost\msnmsnggr.exe

Klikni na taster Run
Kada se pojavi poruka sa obavestenjem, klikni OK

Po zavrsetku procesa, na Desktop-u ce se nalaziti zipovan file catchme.zip

Molim te upload-uj mi taj zip / rar na rapidshare.com ili megaupload.com i link za download mi posalji na PP