E ovo sam uradio,skinuo sam taj malwarebytes antimalware,i on nista nije nasao,onda sam sa smitfraudfix,vundofix i combofix uradio scanove,i nista nisu nasli,zatim sam skinuo system cleaner i on mi je nasao jednu zarazu,evo sad se nadam da je sve uredu,evo ga combofix log:
ComboFix 08-08-09.03 - EJUB 2008-08-10 18:25:33.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.151 [GMT 2:00]
Running from: D:\programi\zastita\ComboFix.exe
[color=red]
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-10 18:21 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-10 18:21 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-10 18:21 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-10 18:21 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-10 18:21 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-10 18:21 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-10 17:26 . 2008-08-10 17:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 17:26 . 2008-08-10 17:26 <DIR> d-------- C:\Documents and Settings\EJUB\Application Data\Malwarebytes
2008-08-10 17:26 . 2008-08-10 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 17:26 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-10 17:26 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 17:19 . 2008-08-10 17:19 <DIR> d-------- C:\Program Files\uTorrent
2008-08-10 17:18 . 2008-08-10 18:21 <DIR> d-------- C:\Documents and Settings\EJUB\Application Data\uTorrent
2008-08-10 15:58 . 2008-08-10 16:00 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-10 15:54 . 2008-08-10 15:54 <DIR> dr-h----- C:\MSOCache
2008-08-10 15:47 . 2008-08-10 16:27 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-10 15:47 . 2008-08-10 16:27 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-10 15:45 . 2008-08-10 15:45 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-08-10 15:45 . 2008-08-10 15:45 <DIR> d-------- C:\Program Files\Common Files\YDP
2008-08-10 15:45 . 2008-08-10 15:45 <DIR> d-------- C:\Program Files\Common Files\GraphBoard 2.00
2008-08-10 15:45 . 2008-08-10 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-10 15:45 . 2060-08-18 18:02 2,023,424 --------- C:\WINDOWS\system32\Vcl50.bpl
2008-08-10 15:45 . 2060-08-18 18:02 1,496,064 --------- C:\WINDOWS\system32\Cc3250mt.dll
2008-08-10 15:45 . 2008-08-10 18:22 1,261,600 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-10 15:45 . 2060-08-18 18:02 248,832 --------- C:\WINDOWS\system32\Vclx50.bpl
2008-08-10 15:45 . 2000-01-24 04:01 101,888 --------- C:\WINDOWS\system32\vcljpg50.bpl
2008-08-10 15:45 . 2008-08-10 18:22 24,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-10 15:45 . 2008-08-10 18:22 21,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-10 15:45 . 2008-08-10 18:22 4,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-10 15:44 . 2008-08-10 15:44 <DIR> d-------- C:\Program Files\ViaVoice
2008-08-10 15:44 . 2008-08-10 15:48 <DIR> d-------- C:\Program Files\EuroPlus+ REWARD
2008-08-10 15:44 . 2008-08-10 15:44 <DIR> d-------- C:\Documents and Settings\EJUB\WINDOWS
2008-08-10 15:43 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-10 15:43 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-08-10 15:43 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-08-10 15:43 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-08-10 15:43 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-08-10 15:43 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-08-10 15:43 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-08-10 15:43 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-08-10 15:43 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-08-10 15:43 . 2008-08-10 15:43 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-08-10 15:43 . 2008-08-10 15:43 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-08-10 15:40 . 2008-08-10 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-10 15:39 . 2008-08-10 15:39 <DIR> d-------- C:\Program Files\AIMP2
2008-08-10 15:36 . 2006-03-08 11:16 282,624 --a------ C:\WINDOWS\UnInstall01.exe
2008-08-10 15:33 . 2008-08-10 15:39 <DIR> d-------- C:\Program Files\Veliki rjecnik
2008-08-10 15:31 . 2008-08-10 15:31 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-10 15:29 . 2008-08-10 15:29 <DIR> d-------- C:\WINDOWS\WinRAR
2008-08-10 15:27 . 2008-08-10 15:27 <DIR> d-------- C:\Program Files\Winamp
2008-08-10 15:27 . 2008-08-10 15:28 <DIR> d-------- C:\Documents and Settings\EJUB\Application Data\Winamp
2008-08-10 15:26 . 2008-08-10 15:26 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-10 15:26 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-08-10 15:25 . 2008-08-10 15:25 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-10 15:25 . 2008-08-10 15:25 <DIR> d-------- C:\Documents and Settings\EJUB\Application Data\TuneUp Software
2008-08-10 15:25 . 2008-08-10 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-10 15:24 . 2008-08-10 15:24 <DIR> d-------- C:\Program Files\totalcmd
2008-08-10 15:24 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-08-10 15:24 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-08-10 15:24 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-08-10 15:24 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-08-10 15:24 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-08-10 15:24 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-08-10 15:24 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-08-10 15:23 . 2008-08-10 15:24 338 --a------ C:\WINDOWS\WINCMD.INI
2008-08-10 15:22 . 2008-08-10 15:22 <DIR> d-------- C:\Program Files\iolo
2008-08-10 15:22 . 2008-06-19 17:15 918,368 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-08-10 15:22 . 2008-08-10 15:22 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-08-10 15:22 . 2008-06-16 19:21 29,696 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-08-10 15:22 . 2008-06-06 16:55 8,704 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-08-10 15:21 . 2008-08-10 15:21 <DIR> d-------- C:\Documents and Settings\EJUB\Application Data\iolo
2008-08-10 15:21 . 2008-08-10 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-08-10 15:21 . 2005-09-01 11:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-08-10 15:21 . 2005-09-01 11:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-08-10 15:20 . 2008-08-10 15:20 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-08-10 15:20 . 2008-08-10 15:20 <DIR> d-------- C:\Program Files\Ahead
2008-08-10 15:20 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-08-10 15:20 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-08-10 15:20 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-08-10 15:20 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-08-10 15:20 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-08-10 15:20 . 2006-01-12 15:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-08-10 15:20 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-08-10 15:17 . 2008-08-10 15:17 <DIR> d-------- C:\Program Files\The KMPlayer
2008-08-10 15:17 . 2008-08-10 15:18 <DIR> d-------- C:\Program Files\MagicISO
2008-08-10 15:16 . 2008-08-10 15:16 <DIR> d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-08-10 15:13 . 2008-08-10 15:13 <DIR> d-------- C:\Program Files\Lavalys
2008-08-10 15:12 . 2008-08-10 15:12 <DIR> d-------- C:\Program Files\LimeWire
2008-08-10 15:12 . 2008-08-10 15:12 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-10 15:07 . 2008-08-10 15:07 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-10 15:07 . 2008-08-10 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-10 15:06 . 2008-08-10 15:06 <DIR> d-------- C:\Program Files\Sygate
2008-08-10 15:06 . 2008-08-10 15:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-10 15:06 . 2005-09-27 12:15 83,592 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-08-10 15:06 . 2005-09-27 11:43 61,008 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-08-10 15:06 . 2005-09-27 11:44 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-08-10 15:06 . 2005-09-27 12:16 14,944 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-08-10 15:06 . 2005-09-27 12:16 14,944 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-08-10 15:06 . 2005-09-27 12:16 14,944 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-08-10 15:06 . 2005-09-27 12:16 14,944 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-08-10 15:04 . 2003-08-10 02:32 14,336 -ra------ C:\WINDOWS\system32\drivers\NetMotCM.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2060-08-18 15:40 909,824 ------w C:\WINDOWS\system32\Cp3245mt.dll
2060-08-18 15:40 24,064 ------w C:\WINDOWS\system32\Borlndmm.dll
2008-08-10 14:27 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-08-10 14:00 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-10 14:00 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-10 13:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-10 12:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-10 12:57 --------- d-----w C:\Program Files\Broadcom
2008-08-10 12:56 --------- d-----w C:\Program Files\Java
2008-08-10 12:55 --------- d-----w C:\Program Files\Modem Helper
2008-08-10 12:55 --------- d-----w C:\Program Files\Common Files\Java
2008-08-10 12:53 --------- d-----w C:\Program Files\Analog Devices
2008-08-10 12:52 --------- d-----w C:\Program Files\Intel
2008-08-10 12:43 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-01-13 15:07 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-01-13 14:53 114688]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2005-09-27 12:16 2635472]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-11 10:57 2684280]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 14:00 158208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 17:16 37376 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"<NO NAME>"= :Windows Helper
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-10 15:26]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-08-10 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 14:24]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-UIUCU - C:\DOCUME~1\EJUB\LOCALS~1\Temp\UIUCU.EXE
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\EJUB\Application Data\Mozilla\Firefox\Profiles\ticgc50a.default\
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-08-10 18:27:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-08-10 18:28:54
ComboFix-quarantined-files.txt 2008-08-10 16:28:50
Pre-Run: 18,062,737,408 bytes free
Post-Run: 18,088,951,808 bytes free
196
TO JE TO,jedino ako zelite da vam postam hijack this log
Ubise me virusi,pomagaje
