Evo i loga od jutros. Nema vise Reboot.exe fajla ali se comp opet restartuje kada pokrenem skeniranje.
ComboFix 10-04-21.01 - opstina 04/22/2010 9:38.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.446.164 [GMT 2:00]
Running from: c:\documents and settings\opstina\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira FireWall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\LINKMAGIC.lnk
.
((((((((((((((((((((((((( Files Created from 2010-03-22 to 2010-04-22 )))))))))))))))))))))))))))))))
.
2010-04-21 12:50 . 2010-04-21 12:50 -------- d-----w- c:\documents and settings\opstina\Local Settings\Application Data\GHISLER
2010-04-21 12:41 . 2010-04-21 12:41 -------- d-----w- C:\totalcmd
2010-04-21 12:41 . 2010-04-21 12:41 -------- d-----w- c:\documents and settings\opstina\Application Data\GHISLER
2010-04-21 12:41 . 2009-09-24 05:50 545 ----a-w- c:\windows.1\UC.PIF
2010-04-21 12:41 . 2009-09-24 05:50 545 ----a-w- c:\windows.1\RAR.PIF
2010-04-21 12:41 . 2009-09-24 05:50 545 ----a-w- c:\windows.1\PKZIP.PIF
2010-04-21 12:41 . 2009-09-24 05:50 545 ----a-w- c:\windows.1\PKUNZIP.PIF
2010-04-21 12:41 . 2009-09-24 05:50 545 ----a-w- c:\windows.1\NOCLOSE.PIF
2010-04-21 12:41 . 2009-09-24 05:50 545 ----a-w- c:\windows.1\LHA.PIF
2010-04-21 12:41 . 2009-09-24 05:50 545 ----a-w- c:\windows.1\ARJ.PIF
2010-04-21 10:32 . 2010-04-21 10:32 -------- d-----w- C:\FBBM
2010-04-21 10:07 . 2010-04-21 12:21 -------- d-----w- c:\windows.1\BDOSCAN8
2010-04-21 06:13 . 2010-03-29 22:46 38224 ----a-w- c:\windows.1\system32\drivers\mbamswissarmy.sys
2010-04-21 06:13 . 2010-04-21 06:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 06:13 . 2010-03-29 22:45 20824 ----a-w- c:\windows.1\system32\drivers\mbam.sys
2010-04-19 12:46 . 2010-04-19 12:46 15944 ----a-w- c:\windows.1\system32\drivers\hitmanpro35.sys
2010-04-19 12:46 . 2010-04-19 12:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Hitman Pro
2010-04-19 12:46 . 2010-04-19 12:46 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-16 07:43 . 2010-04-16 08:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-16 07:43 . 2010-04-16 08:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Spybot - Search & Destroy
2010-04-16 07:17 . 2010-04-16 07:17 -------- d-----w- c:\documents and settings\Administrator.OPSTINA-CAD2D4F\Application Data\Malwarebytes
2010-04-14 12:48 . 2010-04-14 12:49 -------- d-----w- c:\windows.1\system32\NtmsData
2010-04-14 06:55 . 2010-04-14 06:55 -------- d-----w- c:\documents and settings\opstina\Local Settings\Application Data\Readon_Technology
2010-04-14 06:54 . 2010-04-14 06:54 -------- d-----w- c:\program files\Readon Technology
2010-04-13 05:41 . 2010-04-13 05:46 -------- d-----w- c:\program files\USBAntiVirus
2010-04-06 09:49 . 2010-04-06 09:49 439816 ----a-w- c:\documents and settings\opstina\Application Data\Real\Update\setup3.10\setup.exe
2010-04-06 09:40 . 2010-04-06 09:40 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-06 09:40 . 2010-04-06 09:40 -------- d-----w- c:\program files\Common Files\Real
2010-04-06 09:40 . 2010-04-06 09:40 -------- d-----w- c:\program files\Real
2010-04-01 10:41 . 2010-04-01 10:41 -------- d-----w- c:\documents and settings\opstina\Application Data\Avira
2010-04-01 05:13 . 2010-04-01 05:13 -------- d-----w- C:\found.000
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 07:25 . 2009-08-10 08:22 530 ----a-w- c:\windows.1\system32\SP701ASM.dat
2010-04-21 10:32 . 2008-11-05 13:06 -------- d-----w- c:\program files\LINKMAGIC
2010-04-15 11:25 . 2010-03-02 06:48 -------- d-----w- c:\documents and settings\opstina\Application Data\vlc
2010-04-14 10:19 . 2009-08-10 06:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft Help
2010-04-13 06:02 . 2009-12-14 10:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Zbshareware Lab
2010-04-01 11:01 . 2009-06-17 07:26 -------- d-----w- c:\program files\Opera
2010-03-26 07:00 . 2009-12-14 12:01 -------- d-----w- c:\program files\USB Disk Security
2010-03-24 12:42 . 2009-08-10 06:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Avira
2010-03-24 12:35 . 2009-11-05 10:56 79432 ----a-w- c:\windows.1\system32\drivers\avfwim.sys
2010-03-24 12:35 . 2009-11-05 10:56 124784 ----a-w- c:\windows.1\system32\drivers\avipbb.sys
2010-03-24 12:35 . 2009-11-05 10:56 102856 ----a-w- c:\windows.1\system32\drivers\avfwot.sys
2010-03-24 12:35 . 2009-06-17 05:45 60936 ----a-w- c:\windows.1\system32\drivers\avgntflt.sys
2010-03-22 06:19 . 2010-03-05 07:31 -------- d-----w- c:\program files\Download Direct
2010-03-16 07:41 . 2010-03-16 07:41 -------- d-----w- c:\program files\Telbo.com
2010-03-16 06:26 . 2010-03-16 06:26 -------- d-----w- c:\program files\Common Files\DirectX
2010-03-10 06:15 . 2008-04-14 02:42 420352 ----a-w- c:\windows.1\system32\vbscript.dll
2010-03-02 06:47 . 2010-03-02 06:47 -------- d-----w- c:\program files\VideoLAN
2010-02-25 06:24 . 2008-04-14 02:42 916480 ----a-w- c:\windows.1\system32\wininet.dll
2010-02-24 13:11 . 2008-04-13 21:47 455680 ----a-w- c:\windows.1\system32\drivers\mrxsmb.sys
2010-02-17 08:13 . 2009-08-10 06:03 69128 ----a-w- c:\documents and settings\opstina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-16 14:08 . 2008-04-13 21:54 2146304 ----a-w- c:\windows.1\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows.1\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 02:41 100864 ----a-w- c:\windows.1\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-13 21:30 226880 ----a-w- c:\windows.1\system32\drivers\tcpip6.sys
2010-01-25 13:56 . 2009-06-24 10:16 115712 ----a-w- c:\windows.1\system32\drivers\cxbu0wdm.sys
.
------- Sigcheck -------
[-] 2008-05-05 . 9F42478360E9B053A6703DEF39B4CE33 . 1614848 . . [5.1.2600.5512] . . c:\windows.1\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-04-19_10.06.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-05 13:44 . 2009-01-05 13:44 53248 c:\windows.1\bdoscandel.exe
+ 2010-04-21 10:07 . 2010-04-21 10:07 86016 c:\windows.1\BDOSCAN8\librtvr.dll
+ 2010-04-21 10:07 . 2010-04-21 10:07 27136 c:\windows.1\BDOSCAN8\avxt.dll
+ 2010-04-21 10:07 . 2010-04-21 10:07 10240 c:\windows.1\BDOSCAN8\avxs.dll
+ 2010-04-21 10:07 . 2010-04-21 10:07 45056 c:\windows.1\BDOSCAN8\avxdisk.dll
+ 2009-01-05 13:44 . 2009-01-05 13:44 741376 c:\windows.1\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 13:44 . 2010-04-21 10:07 142848 c:\windows.1\BDOSCAN8\libfn.dll
+ 2009-01-05 13:44 . 2009-01-05 13:44 741376 c:\windows.1\BDOSCAN8\ipsupd.dll
+ 2009-01-05 13:44 . 2010-04-21 10:28 107800 c:\windows.1\BDOSCAN8\bdcore.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-21 53248]
"S3Trayp"="S3trayp.exe" [2007-06-11 176128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-24 282792]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2010-03-26 819200]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-06-29 811008]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows.1\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^opstina^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\opstina\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows.1\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows.1\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PoivY]
2009-11-12 15:00 9189152 ----a-w- c:\program files\PoivY.com\PoivY\PoivY.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telbo]
2009-11-12 13:58 9094432 ----a-w- c:\program files\Telbo.com\Telbo\Telbo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-06 09:40 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
2009-10-15 11:25 106544 ----a-w- c:\windows.1\system32\TWEAKUI.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipZoom]
2009-11-11 11:18 9066800 ----a-w- c:\program files\VoipZoom.com\VoipZoom\VoipZoom.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"NMSAccessU"=2 (0x2)
"MBAMService"=2 (0x2)
"idsvc"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PoivY"="c:\program files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
"Telbo"="c:\program files\Telbo.com\Telbo\Telbo.exe" -nosplash -minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"vspdfprsrv.exe"=c:\program files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"MSConfig"=c:\windows.1\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe"=
"c:\\Program Files\\VoipZoom.com\\VoipZoom\\VoipZoom.exe"=
"c:\\Program Files\\Telbo.com\\Telbo\\Telbo.exe"=
R0 ViBus;ViBus;c:\windows.1\system32\drivers\ViBus.sys [8/10/2009 08:39 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows.1\system32\drivers\ViPrt.sys [8/10/2009 08:39 52224]
R1 avfwot;avfwot;c:\windows.1\system32\drivers\avfwot.sys [11/5/2009 12:56 102856]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [11/5/2009 12:55 536232]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [11/5/2009 12:55 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/5/2009 12:56 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [11/5/2009 12:55 405672]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/21/2010 08:13 303952]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows.1\system32\drivers\avfwim.sys [11/5/2009 12:56 79432]
R3 cxbu0wdm;OMNIKEY 3x21;c:\windows.1\system32\drivers\cxbu0wdm.sys [6/24/2009 12:16 115712]
R3 MBAMProtector;MBAMProtector;c:\windows.1\system32\drivers\mbam.sys [4/21/2010 08:13 20824]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-04-22 c:\windows.1\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-04-22 09:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-725345543-884357618-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*]
@Class="Shell"
[HKEY_USERS\S-1-5-21-725345543-884357618-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\OpenWithList]
@Class="Shell"
"a"="WINWORD.EXE"
"MRUList"="a"
[HKEY_LOCAL_MACHINE\software\zbshareware]
@DACL=(02 0000)
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1648)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2010-04-22 09:57:28
ComboFix-quarantined-files.txt 2010-04-22 07:57
ComboFix2.txt 2010-04-21 06:06
ComboFix3.txt 2010-04-19 10:11
Pre-Run: 6,529,613,824 bytes free
Post-Run: 6,615,310,336 bytes free
- - End Of File - - 4A6F8B827FD18CA8DAADC89D0D15FE0D