[es] - Sistem restartuje DCOM+dodatak HitjackThis log file

skeri
marija knezevic
apsolvent
Oxford, Velika Britanija

Član broj: 237381
Poruke: 9
*.4-3.cable.virginmedia.com.

Sajt: hubpages.com/profile/sker..

Profil

Sistem restartuje DCOM+dodatak HitjackThis log file

^{26.10.2009. u 15:30 - pre 188 meseci}

Potrebna mi je pomoc sa novim Netbookom. U pitanju je HP Vivienne Tam Edition!!!

Prvi problem se pojavio pre 3-4 nedelje kada mu je sistem pao bez ikakvog razloga.... Zapravo, uvece sam ga pustila na save ShutDown i u medjuvremenu je radio updejtove koje inace uvek radi... Sutradan kada sam pokusala da ga upalim, konstantno se restartovao bez mogucnosti da podigne Windows. Nakon konsultovanja HP Supporta pronasla sam Roxio BackOnTrack i uradila Restore. Sa njim sam usela da povratim sistem da radi kao ranije. Posle manje od 7 dana poceli su prvi bagovi, da gubi wireless i trazi ponovan restore da bi se popravio i radio.. Nakon par dana opet isto... Onda je poceo da koci! Prvo kada pokusam da koristim vise od dva programa zajedno (npr. Google chrome i Skype i Outlook), a onda vise nije mogao ni jedan program da radi normalno! Sad kad pokusavam da skeniram sa Malwarebyte's programom u sred skeniranja DCOM restartuje kompjuter automatski, pokusala i sa Nod32 Antivirusom da skeniram, prvi put nista nije nasao, drugi put je DCOM opet ugasio kompjuter. Na kraju sam pokusavajuci da pronadjem resenje na drugom kompjuteru ostavila Netbook bez ikakvih otvorenih programa otvoren, i opet se nakon 30tak min pojavio prozor da DCOM shut down!!

Ovo je moj HitJackThis Log File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:28, on 26.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\idt\wdm\stacsv.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\wuauclt.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Virgin Broadband Wireless\wpa_supplicant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/...mp;bd=minipavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://renewalcenter.symantec....6-91be-11de-8495-00242bcbf864}
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\marija\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-GB\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: BOTService - Sonic Solutions - C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\stacsv.exe

--
End of file - 12000 bytes

HVALA HVALA PUNOOOOO!

Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta

+16 Profil

Re: Sistem restartuje DCOM+dodatak HitjackThis log file

^{26.10.2009. u 19:14 - pre 188 meseci}

Skini DDS Program na Desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Dvoklikom pokreni dds.scr

Kad zavrsi, DDS ce otvoriti dva loga:
1. DDS.txt
2. Attach.txt

Oba izvestaja sacuvaj na Desktop i prikaci ih uz poruku

_{[Ovu poruku je menjao magna86 dana 26.10.2009. u 20:24 GMT+1]}

http://www.itfix.biz/images/Malware.JPG

Odgovor na temu

skeri
marija knezevic
apsolvent
Oxford, Velika Britanija

Član broj: 237381
Poruke: 9
*.4-3.cable.virginmedia.com.

Sajt: hubpages.com/profile/sker..

Profil

Re: Sistem restartuje DCOM+dodatak HitjackThis log file

^{26.10.2009. u 20:19 - pre 188 meseci}

Ok uradiću to.
U medjuvremenu pokušala sam sa onim što znam da mogu da iskoristim i što sam pročitala na povezanim problemima ovde. Uspela sam da sprečim restart sistema tokom skeniranja sa Malwarebyte's programom i pokazao je sledeće fajlove kao moguću pretnju i/ili zaražene.

Malwarebytes' Anti-Malware 1.41
Database version: 3033
Windows 5.1.2600 Service Pack 3

26.10.2009 17:33:51
mbam-log-2009-10-26 (17-33-44).txt

Scan type: Full Scan (C:\|)
Objects scanned: 278794
Time elapsed: 1 hour(s), 1 minute(s), 34 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 36

Memory Processes Infected:
C:\Program Files\Registry Easy\RegEasyCleaner.exe (Rogue.RegistryEasy) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\seneka (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\seneka (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Registry Easy\RegEasyCleaner.exe (Rogue.RegistryEasy) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.001\xlwohr.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.001\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00003a (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.001\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00003b (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.001\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00003c (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.001\Local Settings\Temp\a.exe (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.001\Local Settings\Temp\b .exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.001\Local Settings\Temp\c.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.001\Local Settings\Temp\rsyncini.exe (Trojan.Shutdowner) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.001\Local Settings\Temporary Internet Files\Content.IE5\DCIHWYLH\setup[1].exe (Trojan.Buzus) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.002\xlwohr.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.002\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00003c (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.002\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00003a (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.002\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00003b (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.002\Local Settings\Temp\a.exe (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.002\Local Settings\Temp\b .exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.002\Local Settings\Temp\c.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.002\Local Settings\Temp\rsyncini.exe (Trojan.Shutdowner) -> No action taken.
C:\Documents and Settings\marija\xlwohr.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\marija\Local Settings\Temp\a.exe (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\marija\Local Settings\Temp\b .exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\marija\Local Settings\Temp\c.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\marija\Local Settings\Temp\rsyncini.exe (Trojan.Shutdowner) -> No action taken.
C:\System Rollback Data\Restore\Archive\00000007\00000009\3\Target\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> No action taken.
C:\System Rollback Data\Restore\Archive\00000007\00000016\14\Target\WINDOWS\msa.exe (Trojan.Downloader) -> No action taken.
C:\System Rollback Data\Restore\Archive\00000007\00000016\14\Target\WINDOWS\system32\eventlog.dll (Trojan.Sirefef) -> No action taken.
C:\System Rollback Data\Restore\Archive\00000007\00000016\14\Target\WINDOWS\system32\gq0hvdrqvds9.exe (Trojan.Dropper) -> No action taken.
C:\System Rollback Data\Restore\Archive\00000007\00000016\14\Target\WINDOWS\system32\swp.dll (Trojan.Downloader) -> No action taken.
C:\System Rollback Data\Restore\Archive\00000007\00000016\14\Target\WINDOWS\system32\ydrcu.exe (Trojan.Dropper) -> No action taken.
C:\System Rollback Data\Restore\Current\43906\3\Target\DOCUMENTS AND SETTINGS\marija\MY DOCUMENTS\Downloads\noadware.exe (Rogue.NoAdware) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.001\Local Settings\Temp\ctv1369.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\HelpAssistant.MARIJA.002\Local Settings\Temp\ctv1369.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\marija\Local Settings\Temp\ctv1369.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\drivers\seneka.sys (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\drivers\senekasdpphbny.sys (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\drivers\senekatasmrnst.sys (Rootkit.TDSS) -> No action taken.

Obrisala sam ih sve!!!
Posle sam skenirala sa FixBlast - W32.Blaster.Worm has not been found on your computer.
Na kraju sam skenirala i sa Registry Easy programom i problem se desio u tome što kad sam otišla na Recover and/or Delete, obriše mi registry key za bluethoot i ne mogu posle da pokrenem bluethoot da radi normalno (to je jedino što sam primetila da ometa rad)... srećom pre nego što se radi recover ili brisanje pravi se backup file i uspela sam da ga vratim nazad da radi kao pre Registry Easy recover/delete. Opet sam skenirala i pronašao je sve isto rekla bih, ali sad detaljno pregledam i čitam da nadjem da otkažem recovery tog file-a!

Neću ništa da radim za sada, dok ne pogledaš ovo što ti šaljem. Zapravo ovo što si tražio!
Hvala još jednom na pomoći!

Ne znam kako da Attach ovde file, pa ću poslati kao rapidshare file! Izvinjavam se ako otežavam ili pravim neki prob.
http://rapidshare.com/files/298300004/DDS.txt.html
http://rapidshare.com/files/298300191/Attach.txt.html

Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta

+16 Profil

Re: Sistem restartuje DCOM+dodatak HitjackThis log file

^{26.10.2009. u 20:24 - pre 188 meseci}

Ok...nema problema ;)
Ponovo pokreni Malwarebytes AntiMalware.
Izaberi opciju Perform Quick Scan i klikni Scan.
Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a proveri da li su obelezene sve stavke
i klikni Remove Selected.

Po zavrsetku ciscenja zakaci MBAM log na forum kao i svez DDS log

PS:kad posaljes komentar imas uz poruku opciju Upload uz poruku
tako mi posalji DDS.txt log

http://www.itfix.biz/images/Malware.JPG

Odgovor na temu

skeri
marija knezevic
apsolvent
Oxford, Velika Britanija

Član broj: 237381
Poruke: 9
*.4-3.cable.virginmedia.com.

Sajt: hubpages.com/profile/sker..

Profil

Re: Sistem restartuje DCOM+dodatak HitjackThis log file

^{26.10.2009. u 21:48 - pre 188 meseci}

Evo uradjeno ono što si tražio.
:)

Prikačeni fajlovi

mbam-log-2009-10-26 (22-39-52).txt - 1.45k
DDS.txt

DDS.txt - 14.45k

Attach.txt - 12.24k

Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta

+16 Profil

Re: Sistem restartuje DCOM+dodatak HitjackThis log file

^{26.10.2009. u 22:30 - pre 188 meseci}

hm..u redu..idemo sad sa robusnijim alatom...

* Skini Combofix program
Poseti ovu stranicu za download linki Uputstvo za koriscenje Combofix programa:
http://www.elitesecurity.org/t...e-programa-HijackThis-ComboFix

* Privremeno iskljuci svoj AntiVirus program.
Poseti ovu stranicu za uputstvo:
http://www.bleepingcomputer.com/forums/topic114351.html

* Pokreni Combofix!
Kad alat zavrsi skeniranje otvorice notepad sa izvestajem (log).
Kopiraj taj izvestaj ovde. (tipicna lokacija loga: C:\ComboFix.txt)

http://www.itfix.biz/images/Malware.JPG

Odgovor na temu

skeri
marija knezevic
apsolvent
Oxford, Velika Britanija

Član broj: 237381
Poruke: 9
*.4-3.cable.virginmedia.com.

Sajt: hubpages.com/profile/sker..

Profil

Re: Sistem restartuje DCOM+dodatak HitjackThis log file

^{27.10.2009. u 01:26 - pre 188 meseci}

Ok malo kasnim sa ovim, ali trebalo mi je vremena da sve pripremim da mogu da odradim Combo Fix... imala sam i problem sa "duhom" - ostatkom nekog fajla Norton Security-a koji sam uninstalirala ali je negde u pozadini combo prepoznao da radi.. :S

Nakon uradjenog combo fix-a dobila sam sledeći log...

ComboFix 09-10-26.01 - marija 27.10.2009 1:41.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.381.1033.18.1015.665 [GMT 1:00]
Running from: c:\documents and settings\marija\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-1452673195-2193652651-1684103764-1003
c:\windows\system32\drivers\npf.sys
c:\windows\system32\oem1.inf
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\senekakbawvaxy.dat
c:\windows\system32\senekaysawkwff.dat
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 )))))))))))))))))))))))))))))))
.

2009-10-27 00:37 . 2008-04-14 00:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-26 15:19 . 2009-10-26 16:47 -------- d-----w- c:\program files\Registry Easy
2009-10-26 00:12 . 2009-10-26 00:12 -------- d-----w- c:\program files\Trend Micro
2009-10-25 22:54 . 2009-10-25 22:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-25 22:35 . 2008-03-03 17:21 568 ---ha-w- c:\windows\nod32fixtemdono.reg
2009-10-25 22:35 . 2008-03-03 13:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2009-10-25 22:33 . 2009-10-25 22:33 -------- d-----w- c:\program files\ESET
2009-10-25 22:13 . 2009-10-25 22:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-25 21:46 . 2009-10-25 21:46 -------- d-----w- c:\documents and settings\marija\Application Data\Malwarebytes
2009-10-25 21:46 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 21:46 . 2009-10-25 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-25 21:46 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 21:46 . 2009-10-25 21:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 21:27 . 2009-10-25 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-25 20:16 . 2009-10-27 00:58 -------- d-----w- c:\documents and settings\HelpAssistant.MARIJA.002
2009-10-25 18:53 . 2009-10-25 18:44 30208 ----a-w- c:\documents and settings\HelpAssistant.MARIJA.001\sttray.exe
2009-10-25 18:44 . 2009-10-25 18:44 30208 ----a-w- c:\documents and settings\marija\sttray.exe
2009-10-25 18:33 . 2009-10-25 18:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-25 18:16 . 2009-10-25 18:16 -------- d-----w- c:\documents and settings\marija\Local Settings\Application Data\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 00:37 . 2009-10-09 09:09 -------- d-----w- c:\documents and settings\marija\Application Data\Affinegy
2009-10-26 21:46 . 2009-09-09 19:49 -------- d-----w- c:\documents and settings\marija\Application Data\Skype
2009-10-26 17:57 . 2009-09-09 19:52 -------- d-----w- c:\documents and settings\marija\Application Data\skypePM
2009-10-25 22:54 . 2009-08-26 04:21 -------- d-----w- c:\program files\Java
2009-10-25 20:57 . 2009-08-26 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-25 18:44 . 2009-10-25 20:21 30208 ----a-w- c:\documents and settings\HelpAssistant.MARIJA.002\sttray.exe
2009-10-25 01:11 . 2009-10-24 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-10-25 00:39 . 2009-10-25 00:39 -------- d-----w- c:\documents and settings\marija\Application Data\ESET
2009-10-24 18:04 . 2009-09-29 11:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-24 15:02 . 2009-10-15 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-10-23 23:22 . 2009-08-26 04:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-23 14:11 . 2009-08-26 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-10-21 07:32 . 2009-10-01 11:08 -------- d-----w- c:\documents and settings\marija\Application Data\Paltalk
2009-10-19 16:20 . 2009-08-26 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-10-18 06:13 . 2009-08-25 21:06 -------- d-----w- c:\program files\Microsoft
2009-10-18 06:11 . 2009-08-26 04:21 -------- d-----w- c:\program files\Microsoft Works
2009-10-16 23:12 . 2009-10-01 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-16 23:12 . 2009-10-06 09:27 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-15 12:45 . 2009-10-15 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-10-09 09:07 . 2009-10-09 09:06 -------- d-----w- c:\program files\Virgin Broadband Wireless
2009-10-09 09:06 . 2009-10-09 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Affinegy
2009-10-06 10:04 . 2009-08-25 21:43 70448 ----a-w- c:\documents and settings\marija\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-06 09:39 . 2009-08-29 22:28 -------- d-----w- c:\program files\MSBuild
2009-10-06 09:33 . 2009-10-06 09:33 -------- d-----w- c:\program files\Microsoft.NET
2009-10-05 20:17 . 2009-10-05 20:17 -------- d-----w- c:\documents and settings\marija\Application Data\Template
2009-10-05 20:17 . 2009-10-05 20:17 0 ----a-w- c:\documents and settings\marija\Application Data\wklnhst.dat
2009-10-03 19:38 . 2009-09-27 19:04 -------- d-----w- c:\documents and settings\marija\Application Data\Windows Live Writer
2009-10-03 12:33 . 2009-09-09 14:12 -------- d-----w- c:\documents and settings\marija\Application Data\BSplayer
2009-09-30 22:11 . 2009-09-30 22:09 31 ----a-w- c:\windows\system32\drivers\adidsl.cfg
2009-09-30 22:09 . 2009-08-26 04:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-30 22:09 . 2009-09-30 22:09 -------- d-----w- c:\program files\SAGEM
2009-09-30 22:09 . 2009-08-26 04:21 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-30 09:27 . 2009-09-30 09:24 -------- d-----w- c:\documents and settings\marija\Application Data\Winamp
2009-09-30 09:26 . 2009-09-07 17:51 -------- d-----w- c:\program files\Winamp
2009-09-09 21:00 . 2009-09-09 20:59 -------- d-----w- c:\program files\Google
2009-09-09 20:58 . 2009-09-09 19:49 -------- d-----r- c:\program files\Skype
2009-09-09 20:58 . 2009-09-09 20:58 -------- d-----w- c:\program files\Common Files\Skype
2009-09-09 20:58 . 2009-09-09 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-09 19:52 . 2009-09-09 19:52 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-09 14:14 . 2009-09-09 14:14 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-09-09 14:13 . 2009-09-09 14:14 737280 ----a-w- c:\windows\iun6002.exe
2009-09-09 14:13 . 2009-09-09 14:13 -------- d-----w- c:\program files\BS_Player
2009-09-09 14:13 . 2009-09-09 14:13 -------- d-----w- c:\program files\Conduit
2009-09-09 14:12 . 2009-09-09 14:12 -------- d-----w- c:\documents and settings\marija\Application Data\BSplayer Pro
2009-09-09 14:12 . 2009-09-09 14:12 -------- d-----w- c:\program files\Webteh
2009-09-05 22:05 . 2009-09-05 22:04 -------- d-----w- c:\program files\CCleaner
2009-08-29 22:27 . 2009-08-29 22:27 -------- d-----w- c:\program files\Reference Assemblies
2009-08-25 21:42 . 2009-08-25 21:42 259584 --sha-r- C:\BCDEDIT.EXE
2009-08-25 21:42 . 2009-08-25 21:42 259584 ----a-w- c:\windows\system32\bcdedit.exe
2009-08-25 21:42 . 2009-08-25 21:42 102400 --sha-r- C:\bootsect.exe
2009-08-05 21:48 . 2009-08-25 21:12 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-08-05 09:01 . 2009-08-05 09:01 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2009-07-29 04:37 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2009-07-29 04:37 119808 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_P.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-09 39408]
"Google Update"="c:\documents and settings\marija\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-28 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-03 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2008-07-08 439600]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"IDTSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2008-09-11 446556]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-9-30 839680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [8.2.2009 3:36 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [8.2.2009 3:36 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [24.9.2008 23:09 103792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20.2.2008 11:11 33800]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [8.2.2009 3:36 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [11.12.2008 23:46 125424]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [25.12.2008 19:28 203248]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [20.2.2008 11:08 472320]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [25.8.2009 22:12 54752]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8.2.2009 3:20 112128]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [15.4.2008 5:00 3584]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 22:48 704864]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2008-12-25 18:28]

2009-10-26 c:\windows\Tasks\GOOGLEUPDATETASKUSERS-1-5-21-1540596067-818211378-770439794-1006CORE.JOB
- c:\documents and settings\marija\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 15:18]

2009-10-27 c:\windows\Tasks\GOOGLEUPDATETASKUSERS-1-5-21-1540596067-818211378-770439794-1006UA.JOB
- c:\documents and settings\marija\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 15:18]

2009-10-27 c:\windows\Tasks\USER_FEED_SYNCHRONIZATION-{B1F49AD2-9F9C-4279-A3B5-B260CFC4E382}.JOB
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uInternet Connection Wizard,ShellNext = hxxp://renewalcenter.symantec.com/storefront/user/home.jsp?NOS=1wyb0bxAeCkXgA9JWACAhDxag0iDLTiujAFD3hluZoCDgYQGSgKCZEEIKDXVkR%2FC2NovGgJOugdC3CX68J2F7K8WV&SASSERVER=lcsitemain.symantec.com&TRANSID=%2F10097711%2FADWBkUD953994757D159B&GUID=DB42C63691BE11DE849500242BCBF864&SSLT=4096&oslang=iso:ENG&oslocale=iso:GBR&vendid=0&vendtag=&epid={db42c636-91be-11de-8495-00242bcbf864}
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 01:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\PerfStringBackup.TMP 527578 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2212)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\idt\wdm\stacsv.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
c:\combofix\CF3533.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-27 2:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-27 01:05

Pre-Run: 60.586.319.872 bytes free
Post-Run: 60.584.075.264 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - BEF412A4044935635D7191524A9DC539

Odgovor na temu