Internet Security 2010

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Imate sve lepo objasnjeno u onoh temi dole, da se ja ne mucim da objasnjavam
http://www.mycity.rs/Uputstva/Kako-prepoznati-SmitFraud.html
Pojavljivao mi se Internet Security 2010, na desktopu mi se izbacivalo ono itd.
Skenirao sam sa MBAM, NOD32 i Spybot i svi ukupno su nasli, mislim, 26 pretnji. Dole su vam svi logovi:

MBAM
https://www.mycity.rs/must-login.png
===
NOD32
https://www.mycity.rs/must-login.png
===
Spybot
Nemam log, mogu samo da kazem da je pronasao Win32.Agent.chh i Doubleclick i jos nesto
===
DDS
DDS (Ver_09-12-01.01) - NTFSx86
Run by kole017 at 8:44:43.25 on Sat 02/01/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1918.1053 [GMT 1:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\kole017\Desktop\Ambulanta\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.rs/
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\kole017\application data\mozilla\firefox\profiles\8a028nhw.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AutoScreenRecorder 3.1 Free]
uRun: [Internet Security 2010] c:\program files\internetsecurity2010\IS2010.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [ScanRegistry] C:\W
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
mPolicies-explorer: StartMenuFavorites = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {BB8BD4B8-6E1A-4B6E-B6F7-A5235CB6D591} = 208.67.222.222,208.67.220.220
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\kole017\application data\mozilla\firefox\profiles\8a028nhw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=icqskins&q=
FF - component: c:\users\kole017\application data\mozilla\firefox\profiles\8a028nhw.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-12-9 15424]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-12-9 552064]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-12-8 279680]
S0 bphkk;bphkk; [x]
S3 FXDrv32;FXDrv32;\??\f:\fxdrv32.sys --> f:\FXDrv32.sys [?]

=============== Created Last 30 ================

2010-01-02 06:52:14 0 d-----w- c:\windows\pss
2010-01-02 02:52:37 0 ----a-w- c:\windows\system32\18467.exe
2010-01-01 15:22:41 120 ----a-w- c:\windows\TileMaker.ini
2010-01-01 15:19:54 796672 ----a-w- c:\windows\GPInstall.exe
2010-01-01 09:46:27 460800 ----a-w- c:\windows\snap.dat
2009-12-31 20:48:10 0 d-----w- c:\program files\honestech
2009-12-31 20:47:54 45 ----a-w- c:\windows\Twacker.ini
2009-12-31 20:47:52 45 ----a-w- c:\windows\lifeview.ini
2009-12-31 20:47:51 0 d-----w- C:\VideoCAM Express V2
2009-12-31 20:43:16 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-12-31 20:43:12 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-12-31 20:43:10 16384 ----a-w- c:\windows\system32\ipsink.ax
2009-12-31 20:43:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-12-31 20:43:07 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-12-31 20:43:05 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-12-31 20:43:02 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-12-31 20:42:59 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-12-31 20:42:56 14336 ----a-r- c:\windows\system32\dshow508.ax
2009-12-31 20:42:54 119798 ----a-r- c:\windows\system32\drivers\SPCA561.SYS
2009-12-31 20:42:53 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-12-31 20:42:53 28672 ----a-w- c:\windows\system32\vidcap.ax
2009-12-31 20:42:52 90624 ----a-w- c:\windows\system32\kswdmcap.ax
2009-12-31 20:42:52 61952 ----a-w- c:\windows\system32\kstvtune.ax
2009-12-31 20:42:52 43008 ----a-w- c:\windows\system32\ksxbar.ax
2009-12-31 17:11:14 0 d-----w- c:\users\kole017\application data\BSplayer Pro
2009-12-31 17:08:23 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-31 17:08:15 0 d-----w- c:\program files\AoA Audio Extractor
2009-12-30 17:25:39 0 d-----w- c:\program files\Game_Maker7
2009-12-29 17:57:08 0 d-----w- C:\New Folder
2009-12-29 17:22:45 0 d-----w- C:\mat_bezbesi
2009-12-29 12:06:33 0 d-----w- c:\users\kole017\application data\Screaming Bee
2009-12-29 12:05:45 0 d-----w- c:\program files\Screaming Bee
2009-12-29 07:48:27 0 ---ha-w- c:\windows\SwSys2.bmp
2009-12-29 07:48:27 0 ---ha-w- c:\windows\SwSys1.bmp
2009-12-29 07:48:16 0 d-----w- c:\program files\Game_Maker8
2009-12-29 07:16:58 1156600 ----a-w- c:\windows\system\mfc90.dll
2009-12-28 17:40:40 0 d-----w- c:\program files\SomePDF
2009-12-28 12:02:19 0 d-----w- C:\PG
2009-12-26 18:06:53 487479 ----a-w- c:\windows\system32\SkinMagic.dll
2009-12-26 18:06:52 0 d-----w- c:\program files\Smallvideosoft
2009-12-26 10:46:25 0 d-----w- c:\users\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-26 10:46:25 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-26 10:38:09 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-26 07:11:02 0 d-----w- c:\program files\Audacity
2009-12-24 12:36:33 0 d-----w- c:\program files\Notepad2
2009-12-22 18:36:51 0 d-----w- c:\program files\common files\Macrovision Shared
2009-12-22 18:35:23 754 ----a-w- c:\windows\WORDPAD.INI
2009-12-21 15:58:11 0 d-----w- c:\program files\Real Alternative
2009-12-21 15:57:10 168448 ----a-w- c:\windows\system32\unrar.dll
2009-12-21 15:57:02 839680 ----a-w- c:\windows\system32\lameACM.acm
2009-12-21 15:57:02 414 ----a-w- c:\windows\system32\lame_acm.xml
2009-12-21 15:57:01 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-21 15:57:01 118784 ----a-w- c:\windows\system32\ac3acm.acm
2009-12-21 15:57:00 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-12-21 15:57:00 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-12-21 15:56:54 684032 ----a-w- c:\windows\system32\divx.dll
2009-12-21 15:56:52 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-21 15:56:52 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2009-12-21 15:56:50 0 d-----w- c:\program files\K-Lite Codec Pack
2009-12-21 15:56:33 0 d-----w- c:\program files\Ant Movie Catalog
2009-12-19 12:24:07 0 d-----w- C:\games
2009-12-19 07:14:26 0 d-----w- c:\users\kole017\application data\FireShot
2009-12-17 20:10:51 0 d-----w- c:\program files\WinHTTrack
2009-12-17 10:50:41 0 d-----w- c:\users\kole017\application data\Malwarebytes
2009-12-17 10:50:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 10:50:36 0 d-----w- c:\users\alluse~1\applic~1\Malwarebytes
2009-12-17 10:50:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 10:50:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-16 08:09:52 0 d-----w- c:\users\alluse~1\applic~1\Deskshare
2009-12-16 08:09:45 0 d-----w- c:\windows\XSxS
2009-12-16 08:09:45 0 d-----w- c:\program files\Xenocode
2009-12-16 08:09:35 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-16 08:09:33 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-15 21:42:58 0 d-----w- c:\program files\FreeTime
2009-12-15 18:37:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-15 18:35:15 0 d-----r- c:\program files\Skype
2009-12-14 19:38:33 69632 ----a-w- c:\windows\system32\DivXG400.ax
2009-12-14 19:38:33 0 d-----w- C:\DivXG400
2009-12-14 19:38:25 34816 ----a-w- c:\windows\system\mpgaudio.ax
2009-12-14 19:38:25 294912 ----a-w- c:\windows\system\iviaudio.ax
2009-12-14 19:38:14 0 d-----w- c:\program files\ffdshow
2009-12-12 05:19:09 1258 ----a-w- C:\Document.rtf
2009-12-12 04:37:27 0 d-----w- c:\users\alluse~1\applic~1\ICQ
2009-12-12 04:00:01 0 d-----w- c:\program files\YouTube Downloader
2009-12-11 09:34:03 0 d-----w- c:\users\kole017\dwhelper
2009-12-11 01:52:28 82 ----a-w- c:\users\kole017\default.pls
2009-12-10 01:23:11 0 d-----w- c:\windows\system32\Adobe
2009-12-10 00:04:57 0 d-----w- c:\users\kole017\application data\BSplayer
2009-12-10 00:04:48 0 d-----w- c:\program files\Webteh
2009-12-09 10:44:22 0 d-----w- c:\program files\URUSoft
2009-12-09 06:26:51 0 d-----w- c:\users\kole017\Tracing
2009-12-09 06:23:36 0 d-----w- c:\program files\Microsoft
2009-12-09 06:23:19 0 d-----w- c:\program files\Windows Live SkyDrive
2009-12-09 06:19:49 0 d-----w- c:\program files\common files\Windows Live
2009-12-09 06:11:45 0 d-----w- c:\users\kole017\Contacts
2009-12-09 06:01:10 268 ---ha-w- C:\sqmdata02.sqm
2009-12-09 06:01:10 244 ---ha-w- C:\sqmnoopt02.sqm
2009-12-09 05:59:56 268 ---ha-w- C:\sqmdata01.sqm
2009-12-09 05:59:56 244 ---ha-w- C:\sqmnoopt01.sqm
2009-12-09 03:06:48 268 ---ha-w- C:\sqmdata00.sqm
2009-12-09 03:06:48 244 ---ha-w- C:\sqmnoopt00.sqm
2009-12-09 02:57:30 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-12-09 02:57:30 298104 ----a-w- c:\windows\system32\imon.dll
2009-12-09 02:57:30 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-12-09 02:57:30 0 d-----w- c:\program files\Eset
2009-12-08 15:59:11 331184 ------w- c:\windows\system32\difxapi.dll
2009-12-08 15:59:11 0 d-----w- c:\program files\VIA
2009-12-08 13:53:09 0 d-----w- c:\program files\common files\ODBC
2009-12-08 13:53:07 0 d-----w- c:\program files\common files\SpeechEngines
2009-12-08 13:52:46 0 d-----r- c:\users\all users\Documents
2009-12-08 04:56:55 0 d-----w- c:\program files\CamStudio
2009-12-08 04:02:47 0 d-----w- c:\users\alluse~1\applic~1\Nero
2009-12-08 04:02:46 0 d-----w- c:\program files\Nero
2009-12-08 04:01:35 0 d-----w- c:\program files\JockerSoft
2009-12-08 04:01:33 0 d-----w- c:\program files\AVIcodec
2009-12-08 04:00:47 0 d-----w- c:\program files\Windows Media Connect 2
2009-12-08 03:58:59 0 d-----w- c:\program files\MSN Messenger
2009-12-08 03:58:07 0 d-----w- c:\program files\PDFCreator
2009-12-08 03:50:17 0 d-----w- c:\program files\Microsoft ActiveSync
2009-12-08 03:50:02 0 d-----w- c:\program files\Microsoft Office 2003
2009-12-08 03:48:51 0 d-----w- c:\program files\MicrosoftOfficeSetupFiles
2009-12-08 03:48:41 0 d-----w- c:\program files\Unlocker
2009-12-08 03:30:01 0 d-----w- c:\program files\CCleaner
2009-12-08 03:09:26 0 d-----w- c:\program files\MSXML 6.0
2009-12-08 03:09:23 0 d-----w- c:\program files\MSXML 4.0
2009-12-08 03:04:54 0 d-----w- c:\program files\Xvid
2009-12-08 03:00:33 0 d-sh--w- c:\users\all users\DRM
2009-12-08 03:00:17 0 d--h--w- c:\program files\WindowsUpdate
2009-12-08 03:00:14 0 d-----w- c:\program files\Online Services
2009-12-08 02:59:39 0 d-----w- c:\program files\common files\MSSoap
2009-12-08 02:58:09 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2009-12-08 02:58:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 04:48:52 499712 ----a-w- c:\windows\system32\msvcp71.dll

============= FINISH: 8:44:56.18 ===============


https://www.mycity.rs/must-login.png
===
RootRapeal (GMER mi je ukocio kompjuter)
https://www.mycity.rs/must-login.png

Da li je sada sve cisto

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 02 Jan 2010 9:36

Malo detaljnjije
Ukljucio sam kompjuter u Normal mode i odjednom se pojavise upozorenja. Ni jednu aplikaciju nisam mogao da pokrenem, stalno je izbacivalo te IS2010, Spyware Alert, Download latest updates itd. Pokrenuo sam kompjuterce u Safe mode gde su se isti ti prozori pojavili samo su mogli da se iskljuce. Iskljucio sam System Restore, skenirao sa MBAM, prebacio u Normal mode gde sam skenirao NOD32-om i Spybot-om.

Dopuna: 02 Jan 2010 9:37

Nisam ti video post, sada cu sve da uradim sa ComboFix.

Dopuna: 02 Jan 2010 9:46

Here you are...
Recovery Console nisam prihvatio jer ko zna kada cu oboriti ovaj sistem.

ComboFix 10-01-01.01 - kole017 02/01/2010 9:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1918.1359 [GMT 1:00]
Running from: c:\users\kole017\Desktop\Ambulanta\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\18467.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
.

2010-01-01 15:19 . 2010-01-01 15:19 796672 ----a-w- c:\windows\GPInstall.exe
2010-01-01 09:46 . 2010-01-01 09:52 460800 ----a-w- c:\windows\snap.dat
2009-12-31 20:48 . 2009-12-31 20:48 -------- d-----w- c:\program files\honestech
2009-12-31 20:47 . 2009-12-31 20:47 -------- d-----w- C:\VideoCAM Express V2
2009-12-31 20:43 . 2004-08-03 21:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-12-31 20:43 . 2004-08-03 22:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-12-31 20:43 . 2004-08-03 22:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-12-31 20:43 . 2004-08-03 22:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-12-31 20:43 . 2004-08-03 22:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-12-31 20:43 . 2004-08-03 22:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-12-31 20:42 . 2004-08-03 22:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-12-31 20:42 . 2002-09-30 12:38 119798 ----a-r- c:\windows\system32\drivers\SPCA561.SYS
2009-12-31 20:42 . 2004-08-03 23:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-12-31 17:11 . 2009-12-31 17:11 -------- d-----w- c:\users\kole017\Application Data\BSplayer Pro
2009-12-31 17:08 . 2007-05-13 11:24 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-31 17:08 . 2009-12-31 17:09 -------- d-----w- c:\program files\AoA Audio Extractor
2009-12-31 14:48 . 2009-12-31 14:48 5061520 ----a-w- c:\users\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-30 17:25 . 2009-12-30 17:25 -------- d-----w- c:\program files\Game_Maker7
2009-12-30 10:59 . 2009-12-30 10:59 -------- d-----w- c:\program files\Recuva
2009-12-29 17:57 . 2009-12-29 17:58 -------- d-----w- C:\New Folder
2009-12-29 17:22 . 2009-12-29 17:59 -------- d-----w- C:\mat_bezbesi
2009-12-29 12:06 . 2009-12-29 12:06 -------- d-----w- c:\users\kole017\Application Data\Screaming Bee
2009-12-29 12:05 . 2009-12-29 12:05 -------- d-----w- c:\program files\Screaming Bee
2009-12-29 07:48 . 2009-12-29 07:48 -------- d-----w- c:\program files\Game_Maker8
2009-12-29 07:16 . 2009-11-27 08:17 1156600 ----a-w- c:\windows\system\mfc90.dll
2009-12-28 17:40 . 2009-12-28 17:40 -------- d-----w- c:\program files\SomePDF
2009-12-28 12:41 . 2009-12-28 12:42 -------- d-----w- c:\users\kole017\Application Data\Winamp
2009-12-28 12:02 . 2009-12-28 12:02 -------- d-----w- C:\PG
2009-12-26 22:00 . 2009-12-26 22:01 -------- d-----w- c:\users\mimi\Local Settings\Application Data\Adobe
2009-12-26 18:06 . 2006-10-17 21:29 487479 ----a-w- c:\windows\system32\SkinMagic.dll
2009-12-26 18:06 . 2009-12-26 18:06 -------- d-----w- c:\program files\Smallvideosoft
2009-12-26 11:50 . 2009-12-26 11:50 -------- d-----w- c:\users\Administrator\Application Data\Malwarebytes
2009-12-26 10:46 . 2009-12-26 11:14 -------- d-----w- c:\users\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 10:46 . 2009-12-26 10:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-26 10:38 . 2009-12-26 10:38 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-26 07:11 . 2009-12-26 07:11 -------- d-----w- c:\program files\Audacity
2009-12-24 12:36 . 2009-12-24 12:36 -------- d-----w- c:\program files\Notepad2
2009-12-22 18:53 . 2009-12-22 18:53 -------- d-----w- c:\users\All Users\Application Data\FLEXnet
2009-12-22 18:43 . 2009-12-22 18:43 -------- d-----w- c:\program files\Adobe Media Player
2009-12-22 18:41 . 2009-12-22 18:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-22 18:36 . 2009-12-22 18:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-21 15:58 . 2009-12-21 15:58 -------- d-----w- c:\program files\Real Alternative
2009-12-21 15:57 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-12-21 15:57 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-21 15:57 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-12-21 15:57 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-12-21 15:56 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll
2009-12-21 15:56 . 2008-12-08 11:53 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-21 15:56 . 2009-12-21 15:57 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-21 15:56 . 2009-12-21 15:56 -------- d-----w- c:\program files\Ant Movie Catalog
2009-12-19 12:29 . 2009-12-19 12:29 -------- d-----w- c:\users\All Users\Application Data\NVIDIA
2009-12-19 12:24 . 2009-12-19 12:24 -------- d-----w- C:\games
2009-12-19 10:03 . 2009-12-19 10:03 -------- d-----w- c:\users\mimi\Local Settings\Application Data\Mozilla
2009-12-19 07:14 . 2009-12-19 07:14 -------- d-----w- c:\users\kole017\Application Data\FireShot
2009-12-18 10:43 . 2009-10-08 09:31 3204096 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS-0.80.dll
2009-12-18 10:43 . 2009-10-07 17:06 106496 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.80.dll
2009-12-17 20:33 . 2009-12-17 20:33 -------- d-----w- c:\users\NetworkService\Local Settings\Application Data\Apple
2009-12-17 20:10 . 2009-12-17 20:10 -------- d-----w- c:\program files\WinHTTrack
2009-12-17 12:00 . 2009-12-17 12:00 -------- d-----w- c:\users\car017\Local Settings\Application Data\Google
2009-12-17 10:50 . 2009-12-17 10:50 -------- d-----w- c:\users\kole017\Application Data\Malwarebytes
2009-12-17 10:50 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 10:50 . 2009-12-17 10:50 -------- d-----w- c:\users\All Users\Application Data\Malwarebytes
2009-12-17 10:50 . 2009-12-31 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 10:50 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 10:05 . 2009-12-17 10:05 -------- d-----w- c:\users\mimi\Local Settings\Application Data\Google
2009-12-16 08:09 . 2009-12-16 08:09 -------- d-----w- c:\users\All Users\Application Data\Deskshare
2009-12-16 08:09 . 2009-12-16 08:09 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Xenocode
2009-12-16 08:09 . 2009-12-16 08:09 -------- d-----w- c:\windows\XSxS
2009-12-16 08:09 . 2009-12-16 08:09 -------- d-----w- c:\program files\Xenocode
2009-12-16 08:09 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-16 08:09 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-16 08:08 . 2006-10-11 05:03 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2009-12-16 08:07 . 2009-12-31 17:10 -------- d---a-w- c:\users\All Users\Application Data\TEMP
2009-12-15 21:42 . 2009-12-15 21:42 -------- d-----w- c:\program files\FreeTime
2009-12-15 21:25 . 2009-12-31 13:04 -------- d-----w- c:\users\kole017\Local Settings\Application Data\WMTools Downloaded Files
2009-12-15 18:37 . 2009-12-15 18:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-15 18:37 . 2010-01-02 08:08 -------- d-----w- c:\users\kole017\Application Data\skypePM
2009-12-15 18:35 . 2010-01-02 08:41 -------- d-----w- c:\users\kole017\Application Data\Skype
2009-12-15 18:35 . 2009-12-15 18:35 -------- d-----w- c:\program files\Common Files\Skype
2009-12-15 18:35 . 2009-12-16 08:17 -------- d-----r- c:\program files\Skype
2009-12-15 04:39 . 2009-12-15 04:39 -------- d-----w- c:\users\car017\Local Settings\Application Data\Apple Computer
2009-12-15 04:39 . 2009-12-15 04:39 -------- d-----w- c:\users\car017\Application Data\BSplayer
2009-12-14 22:17 . 2009-12-14 22:17 -------- d-----w- c:\users\car017\Application Data\Thunderbird
2009-12-14 22:17 . 2009-12-14 22:17 -------- d-----w- c:\users\car017\Local Settings\Application Data\Thunderbird
2009-12-14 19:41 . 2004-08-04 09:00 25600 ----a-w- c:\users\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-14 19:38 . 2009-12-14 19:38 -------- d-----w- C:\DivXG400
2009-12-14 19:38 . 2009-12-14 19:38 -------- d-----w- c:\program files\ffdshow
2009-12-14 19:28 . 2009-12-14 19:28 -------- d-----w- c:\users\car017\Application Data\Media Player Classic
2009-12-14 19:26 . 2009-12-14 19:26 -------- d-----w- c:\users\car017\Application Data\Apple Computer
2009-12-12 04:45 . 2009-10-08 09:31 3204096 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
2009-12-12 04:45 . 2009-10-07 17:06 106496 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
2009-12-12 04:45 . 2009-09-23 20:29 28672 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
2009-12-12 04:45 . 2009-03-19 22:57 40960 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
2009-12-12 04:37 . 2009-12-16 11:06 -------- d-----w- c:\users\All Users\Application Data\ICQ
2009-12-12 04:00 . 2009-12-21 20:46 -------- d-----w- c:\program files\YouTube Downloader
2009-12-11 09:34 . 2009-12-11 09:34 -------- d-----w- c:\users\kole017\dwhelper
2009-12-11 01:52 . 2009-12-11 01:52 -------- d-----w- c:\users\kole017\Application Data\Ahead
2009-12-11 01:52 . 2009-12-11 01:52 -------- d-----w- c:\users\kole017\Application Data\DivX
2009-12-10 02:24 . 2009-12-10 02:24 -------- d-----w- c:\users\kole017\Application Data\CyberLink
2009-12-10 01:23 . 2009-12-15 05:48 -------- d-----w- c:\windows\system32\Adobe
2009-12-10 00:04 . 2009-12-26 09:39 -------- d-----w- c:\users\kole017\Application Data\BSplayer
2009-12-10 00:04 . 2009-12-10 00:04 -------- d-----w- c:\program files\Webteh
2009-12-10 00:03 . 2009-12-10 00:04 -------- d-----w- c:\program files\QuickTime
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\users\All Users\Application Data\Apple Computer
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\program files\Common Files\Apple
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Apple
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\program files\Apple Software Update
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\users\All Users\Application Data\Apple
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Apple Computer
2009-12-09 11:00 . 2009-12-09 11:00 -------- d-----w- c:\users\car017\Local Settings\Application Data\Mozilla
2009-12-09 10:57 . 2009-12-09 10:58 -------- d-----w- c:\users\car017\Local Settings\Application Data\Adobe
2009-12-09 10:44 . 2009-12-29 10:59 -------- d-----w- c:\program files\URUSoft
2009-12-09 07:42 . 2009-12-09 07:42 -------- d-----w- c:\users\All Users\Application Data\CyberLink
2009-12-09 07:42 . 2009-12-09 07:42 -------- d-----w- c:\program files\CyberLink
2009-12-09 06:26 . 2010-01-02 08:08 -------- d-----w- c:\users\kole017\Tracing
2009-12-09 06:23 . 2009-12-09 06:23 -------- d-----w- c:\program files\Microsoft
2009-12-09 06:23 . 2009-12-09 06:23 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-09 06:22 . 2009-12-18 07:52 -------- d-----w- c:\program files\Windows Live
2009-12-09 06:22 . 2009-12-22 18:54 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Adobe
2009-12-09 06:21 . 2009-12-22 18:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-09 06:19 . 2009-12-09 06:19 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-09 06:19 . 2009-12-09 06:19 -------- d-----w- c:\windows\Sun
2009-12-09 06:11 . 2009-12-09 06:11 -------- d-----w- c:\users\kole017\Contacts
2009-12-09 06:04 . 2009-12-09 06:05 1925024 ----a-w- c:\users\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-12-09 06:04 . 2009-12-18 07:45 -------- d-----w- c:\users\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 12:42 . 2009-12-08 03:59 -------- d-----w- c:\program files\Winamp
2009-12-26 20:17 . 2009-12-08 04:56 -------- d-----w- c:\program files\CamStudio
2009-12-24 14:57 . 2009-12-09 10:56 295608 ----a-w- c:\users\car017\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-22 18:53 . 2009-12-08 04:32 295608 ----a-w- c:\users\kole017\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 09:48 . 2009-12-08 03:58 -------- d-----w- c:\program files\Google
2009-12-17 10:02 . 2009-12-08 03:58 -------- d-----w- c:\users\Administrator\Application Data\Skype
2009-12-16 08:09 . 2009-12-08 03:04 -------- d-----w- c:\program files\Xvid
2009-12-15 18:35 . 2009-12-08 03:58 -------- d-----w- c:\users\All Users\Application Data\Skype
2009-12-10 03:46 . 2009-12-08 03:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-09 23:24 . 2009-12-08 03:30 -------- d-----w- c:\program files\CCleaner
2009-12-09 07:41 . 2009-12-08 03:01 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-09 06:24 . 2009-12-08 03:58 -------- d-----w- c:\program files\MSN Messenger
2009-12-08 16:01 . 2009-12-08 15:59 -------- d-----w- c:\program files\VIA
2009-12-08 04:52 . 2009-12-08 03:48 -------- d-----w- c:\program files\Unlocker
2009-12-08 04:30 . 2009-12-08 04:30 -------- d-----w- c:\users\kole017\Application Data\Talkback
2009-12-08 04:30 . 2009-12-08 04:30 0 ----a-w- c:\windows\nsreg.dat
2009-12-08 04:04 . 2009-12-08 03:59 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-08 04:03 . 2009-12-08 04:03 -------- d-----w- c:\users\Administrator\Application Data\Ahead
2009-12-08 04:03 . 2009-12-08 04:02 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-08 04:02 . 2009-12-08 04:02 -------- d-----w- c:\users\All Users\Application Data\Nero
2009-12-08 04:02 . 2009-12-08 04:02 -------- d-----w- c:\program files\Nero
2009-12-08 04:01 . 2009-12-08 04:01 -------- d-----w- c:\program files\JockerSoft
2009-12-08 04:01 . 2009-12-08 04:01 -------- d-----w- c:\program files\AVIcodec
2009-12-08 04:00 . 2009-12-08 04:00 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-08 03:59 . 2009-12-08 03:59 -------- d-----w- c:\users\Administrator\Application Data\BSplayer Pro
2009-12-08 03:59 . 2009-12-08 03:59 -------- d-----w- c:\users\All Users\Application Data\Yahoo!
2009-12-08 03:58 . 2009-12-08 03:58 -------- d-----w- c:\program files\PDFCreator
2009-12-08 03:58 . 2009-12-08 03:58 -------- d-----w- c:\users\Administrator\Application Data\Notepad++
2009-12-08 03:50 . 2009-12-08 03:50 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-08 03:50 . 2009-12-08 03:50 -------- d-----w- c:\program files\Microsoft Office 2003
2009-12-08 03:50 . 2009-12-08 03:50 -------- d-----w- c:\program files\Microsoft.NET
2009-12-08 03:48 . 2009-12-08 03:48 -------- d-----w- c:\program files\MicrosoftOfficeSetupFiles
2009-12-08 03:48 . 2009-12-08 03:48 -------- d-----w- c:\program files\7-Zip
2009-12-08 03:29 . 2009-12-08 03:29 -------- d-----w- c:\program files\MSBuild
2009-12-08 03:29 . 2009-12-08 03:29 424696 ----a-w- c:\users\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-08 03:26 . 2009-12-08 03:26 -------- d-----w- c:\program files\Reference Assemblies
2009-12-08 03:09 . 2009-12-08 03:09 -------- d-----w- c:\program files\MSXML 6.0
2009-12-08 03:09 . 2009-12-08 03:09 -------- d-----w- c:\program files\MSXML 4.0
2009-12-08 03:04 . 2009-12-08 03:04 -------- d-----w- c:\program files\Java
2009-12-08 03:04 . 2009-12-08 03:04 -------- d-----w- c:\program files\Common Files\Java
2009-12-08 02:58 . 2009-12-08 02:58 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 04:48 . 2009-10-29 04:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

------- Sigcheck -------

[-] 2004-08-04 . BB4D3A8E6F7EB1D370BC4AD27AB23368 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"nwiz"="nwiz.exe" [2007-04-19 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-07-12 29896704]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-12-09 949376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"StartMenuFavorites"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\games\\CS 1.6 v42 FULL\\hl.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [9/12/2009 3:57 AM 15424]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6/04/2009 1:19 PM 23064]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/12/2009 5:01 PM 279680]
S0 bphkk;bphkk; [x]
S2 OMSCAN;OMSCAN;\SysvT --> \SysvT [?]
S3 FXDrv32;FXDrv32;\??\f:\fxdrv32.sys --> f:\FXDrv32.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {BB8BD4B8-6E1A-4B6E-B6F7-A5235CB6D591} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=icqskins&q=
FF - component: c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKCU-Run-AutoScreenRecorder 3.1 Free - (no file)
HKCU-Run-Internet Security 2010 - c:\program files\InternetSecurity2010\IS2010.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe
AddRemove-AcidSpunk2.14 - c:\program files\Winamp\plugins\Uninstall\uninstall.exe
AddRemove-Winamp - c:\program files\Winamp\UninstWA.exe
AddRemove-Winamp Essentials Pack - c:\program files\Winamp\UninstallWinampEssentials.exe
AddRemove-Wisdom-soft Set up ASR 3.1 Free - c:\progra~1\Wisdom-soft AutoScreenRecorder 3 Free\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 09:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(688-)
c:\windows\system32\imon.dll
.
Completion time: 2010-01-02 09:42:31
ComboFix-quarantined-files.txt 2010-01-02 08:42

Pre-Run: 91,423,985,664 bytes free
Post-Run: 91,868,307,456 bytes free

- - End Of File - - DB325014B3C0335AEDE2A2D891E3D70C

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\fjhdyfhsn.bat
C:\WINDOWS\system32\drivers\bphkk.sys

Driver::
bphkk

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 02 Jan 2010 15:07

ComboFix 10-01-01.02 - kole017 02/01/2010 14:56:18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1918.1470 [GMT 1:00]
Running from: c:\users\kole017\Desktop\Ambulanta\ComboFix.exe
Command switches used :: c:\users\kole017\Desktop\Ambulanta\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\drivers\bphkk.sys"
"c:\windows\system32\fjhdyfhsn.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BPHKK
-------\Service_bphkk


((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
.

2010-01-02 08:50 . 2010-01-02 08:50 -------- d-----w- c:\windows\system32\wbem\snmp
2010-01-02 08:50 . 2010-01-02 08:50 -------- d-----w- c:\windows\system32\xircom
2010-01-02 08:50 . 2010-01-02 08:50 -------- d-----w- c:\program files\microsoft frontpage
2010-01-01 15:19 . 2010-01-01 15:19 796672 ----a-w- c:\windows\GPInstall.exe
2010-01-01 09:46 . 2010-01-01 09:52 460800 ----a-w- c:\windows\snap.dat
2009-12-31 20:48 . 2009-12-31 20:48 -------- d-----w- c:\program files\honestech
2009-12-31 20:47 . 2009-12-31 20:47 -------- d-----w- C:\VideoCAM Express V2
2009-12-31 20:43 . 2004-08-03 21:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-12-31 20:43 . 2004-08-03 22:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-12-31 20:43 . 2004-08-03 22:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-12-31 20:43 . 2004-08-03 22:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-12-31 20:43 . 2004-08-03 22:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-12-31 20:43 . 2004-08-03 22:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-12-31 20:42 . 2004-08-03 22:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-12-31 20:42 . 2002-09-30 12:38 119798 ----a-r- c:\windows\system32\drivers\SPCA561.SYS
2009-12-31 20:42 . 2004-08-03 23:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-12-31 17:11 . 2009-12-31 17:11 -------- d-----w- c:\users\kole017\Application Data\BSplayer Pro
2009-12-31 17:08 . 2007-05-13 11:24 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-31 17:08 . 2009-12-31 17:09 -------- d-----w- c:\program files\AoA Audio Extractor
2009-12-31 14:48 . 2009-12-31 14:48 5061520 ----a-w- c:\users\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-30 17:25 . 2009-12-30 17:25 -------- d-----w- c:\program files\Game_Maker7
2009-12-30 10:59 . 2009-12-30 10:59 -------- d-----w- c:\program files\Recuva
2009-12-29 17:57 . 2009-12-29 17:58 -------- d-----w- C:\New Folder
2009-12-29 17:22 . 2009-12-29 17:59 -------- d-----w- C:\mat_bezbesi
2009-12-29 12:06 . 2009-12-29 12:06 -------- d-----w- c:\users\kole017\Application Data\Screaming Bee
2009-12-29 12:05 . 2009-12-29 12:05 -------- d-----w- c:\program files\Screaming Bee
2009-12-29 07:48 . 2009-12-29 07:48 -------- d-----w- c:\program files\Game_Maker8
2009-12-29 07:16 . 2009-11-27 08:17 1156600 ----a-w- c:\windows\system\mfc90.dll
2009-12-28 17:40 . 2009-12-28 17:40 -------- d-----w- c:\program files\SomePDF
2009-12-28 12:41 . 2009-12-28 12:42 -------- d-----w- c:\users\kole017\Application Data\Winamp
2009-12-28 12:02 . 2009-12-28 12:02 -------- d-----w- C:\PG
2009-12-26 22:00 . 2009-12-26 22:01 -------- d-----w- c:\users\mimi\Local Settings\Application Data\Adobe
2009-12-26 18:06 . 2006-10-17 21:29 487479 ----a-w- c:\windows\system32\SkinMagic.dll
2009-12-26 18:06 . 2009-12-26 18:06 -------- d-----w- c:\program files\Smallvideosoft
2009-12-26 11:50 . 2009-12-26 11:50 -------- d-----w- c:\users\Administrator\Application Data\Malwarebytes
2009-12-26 10:46 . 2009-12-26 11:14 -------- d-----w- c:\users\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 10:46 . 2009-12-26 10:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-26 07:11 . 2009-12-26 07:11 -------- d-----w- c:\program files\Audacity
2009-12-24 12:36 . 2009-12-24 12:36 -------- d-----w- c:\program files\Notepad2
2009-12-22 18:53 . 2009-12-22 18:53 -------- d-----w- c:\users\All Users\Application Data\FLEXnet
2009-12-22 18:43 . 2009-12-22 18:43 -------- d-----w- c:\program files\Adobe Media Player
2009-12-22 18:41 . 2009-12-22 18:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-22 18:36 . 2009-12-22 18:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-21 15:58 . 2009-12-21 15:58 -------- d-----w- c:\program files\Real Alternative
2009-12-21 15:57 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-12-21 15:57 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-21 15:57 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-12-21 15:57 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-12-21 15:56 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll
2009-12-21 15:56 . 2008-12-08 11:53 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-21 15:56 . 2009-12-21 15:57 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-21 15:56 . 2009-12-21 15:56 -------- d-----w- c:\program files\Ant Movie Catalog
2009-12-19 12:29 . 2009-12-19 12:29 -------- d-----w- c:\users\All Users\Application Data\NVIDIA
2009-12-19 12:24 . 2009-12-19 12:24 -------- d-----w- C:\games
2009-12-19 10:03 . 2009-12-19 10:03 -------- d-----w- c:\users\mimi\Local Settings\Application Data\Mozilla
2009-12-19 07:14 . 2009-12-19 07:14 -------- d-----w- c:\users\kole017\Application Data\FireShot
2009-12-18 10:43 . 2009-10-08 09:31 3204096 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS-0.80.dll
2009-12-18 10:43 . 2009-10-07 17:06 106496 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.80.dll
2009-12-17 20:33 . 2009-12-17 20:33 -------- d-----w- c:\users\NetworkService\Local Settings\Application Data\Apple
2009-12-17 20:10 . 2009-12-17 20:10 -------- d-----w- c:\program files\WinHTTrack
2009-12-17 12:00 . 2009-12-17 12:00 -------- d-----w- c:\users\car017\Local Settings\Application Data\Google
2009-12-17 10:50 . 2009-12-17 10:50 -------- d-----w- c:\users\kole017\Application Data\Malwarebytes
2009-12-17 10:50 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 10:50 . 2009-12-17 10:50 -------- d-----w- c:\users\All Users\Application Data\Malwarebytes
2009-12-17 10:50 . 2009-12-31 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 10:50 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 10:05 . 2009-12-17 10:05 -------- d-----w- c:\users\mimi\Local Settings\Application Data\Google
2009-12-16 08:09 . 2009-12-16 08:09 -------- d-----w- c:\users\All Users\Application Data\Deskshare
2009-12-16 08:09 . 2009-12-16 08:09 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Xenocode
2009-12-16 08:09 . 2009-12-16 08:09 -------- d-----w- c:\windows\XSxS
2009-12-16 08:09 . 2009-12-16 08:09 -------- d-----w- c:\program files\Xenocode
2009-12-16 08:09 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-16 08:09 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-16 08:08 . 2006-10-11 05:03 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2009-12-16 08:07 . 2009-12-31 17:10 -------- d---a-w- c:\users\All Users\Application Data\TEMP
2009-12-15 21:42 . 2009-12-15 21:42 -------- d-----w- c:\program files\FreeTime
2009-12-15 21:25 . 2009-12-31 13:04 -------- d-----w- c:\users\kole017\Local Settings\Application Data\WMTools Downloaded Files
2009-12-15 18:37 . 2009-12-15 18:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-15 18:37 . 2010-01-02 08:08 -------- d-----w- c:\users\kole017\Application Data\skypePM
2009-12-15 18:35 . 2010-01-02 13:59 -------- d-----w- c:\users\kole017\Application Data\Skype
2009-12-15 18:35 . 2009-12-15 18:35 -------- d-----w- c:\program files\Common Files\Skype
2009-12-15 18:35 . 2009-12-16 08:17 -------- d-----r- c:\program files\Skype
2009-12-15 04:39 . 2009-12-15 04:39 -------- d-----w- c:\users\car017\Local Settings\Application Data\Apple Computer
2009-12-15 04:39 . 2009-12-15 04:39 -------- d-----w- c:\users\car017\Application Data\BSplayer
2009-12-14 22:17 . 2009-12-14 22:17 -------- d-----w- c:\users\car017\Application Data\Thunderbird
2009-12-14 22:17 . 2009-12-14 22:17 -------- d-----w- c:\users\car017\Local Settings\Application Data\Thunderbird
2009-12-14 19:41 . 2004-08-04 09:00 25600 ----a-w- c:\users\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-14 19:38 . 2009-12-14 19:38 -------- d-----w- C:\DivXG400
2009-12-14 19:38 . 2009-12-14 19:38 -------- d-----w- c:\program files\ffdshow
2009-12-14 19:28 . 2009-12-14 19:28 -------- d-----w- c:\users\car017\Application Data\Media Player Classic
2009-12-14 19:26 . 2009-12-14 19:26 -------- d-----w- c:\users\car017\Application Data\Apple Computer
2009-12-12 04:45 . 2009-10-08 09:31 3204096 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
2009-12-12 04:45 . 2009-10-07 17:06 106496 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
2009-12-12 04:45 . 2009-09-23 20:29 28672 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
2009-12-12 04:45 . 2009-03-19 22:57 40960 ----a-w- c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
2009-12-12 04:37 . 2009-12-16 11:06 -------- d-----w- c:\users\All Users\Application Data\ICQ
2009-12-12 04:00 . 2009-12-21 20:46 -------- d-----w- c:\program files\YouTube Downloader
2009-12-11 09:34 . 2009-12-11 09:34 -------- d-----w- c:\users\kole017\dwhelper
2009-12-11 01:52 . 2009-12-11 01:52 -------- d-----w- c:\users\kole017\Application Data\Ahead
2009-12-11 01:52 . 2009-12-11 01:52 -------- d-----w- c:\users\kole017\Application Data\DivX
2009-12-10 02:24 . 2009-12-10 02:24 -------- d-----w- c:\users\kole017\Application Data\CyberLink
2009-12-10 01:23 . 2009-12-15 05:48 -------- d-----w- c:\windows\system32\Adobe
2009-12-10 00:04 . 2009-12-26 09:39 -------- d-----w- c:\users\kole017\Application Data\BSplayer
2009-12-10 00:04 . 2009-12-10 00:04 -------- d-----w- c:\program files\Webteh
2009-12-10 00:03 . 2009-12-10 00:04 -------- d-----w- c:\program files\QuickTime
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\users\All Users\Application Data\Apple Computer
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\program files\Common Files\Apple
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Apple
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\program files\Apple Software Update
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\users\All Users\Application Data\Apple
2009-12-10 00:03 . 2009-12-10 00:03 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Apple Computer
2009-12-09 11:00 . 2009-12-09 11:00 -------- d-----w- c:\users\car017\Local Settings\Application Data\Mozilla
2009-12-09 10:57 . 2009-12-09 10:58 -------- d-----w- c:\users\car017\Local Settings\Application Data\Adobe
2009-12-09 10:44 . 2009-12-29 10:59 -------- d-----w- c:\program files\URUSoft
2009-12-09 07:42 . 2009-12-09 07:42 -------- d-----w- c:\users\All Users\Application Data\CyberLink
2009-12-09 07:42 . 2009-12-09 07:42 -------- d-----w- c:\program files\CyberLink
2009-12-09 06:26 . 2010-01-02 14:00 -------- d-----w- c:\users\kole017\Tracing
2009-12-09 06:23 . 2009-12-09 06:23 -------- d-----w- c:\program files\Microsoft
2009-12-09 06:23 . 2009-12-09 06:23 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-09 06:22 . 2009-12-18 07:52 -------- d-----w- c:\program files\Windows Live
2009-12-09 06:22 . 2009-12-22 18:54 -------- d-----w- c:\users\kole017\Local Settings\Application Data\Adobe
2009-12-09 06:21 . 2009-12-22 18:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-09 06:19 . 2009-12-09 06:19 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-09 06:19 . 2009-12-09 06:19 -------- d-----w- c:\windows\Sun
2009-12-09 06:11 . 2009-12-09 06:11 -------- d-----w- c:\users\kole017\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 12:42 . 2009-12-08 03:59 -------- d-----w- c:\program files\Winamp
2009-12-26 20:17 . 2009-12-08 04:56 -------- d-----w- c:\program files\CamStudio
2009-12-24 14:57 . 2009-12-09 10:56 295608 ----a-w- c:\users\car017\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-22 18:53 . 2009-12-08 04:32 295608 ----a-w- c:\users\kole017\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 09:48 . 2009-12-08 03:58 -------- d-----w- c:\program files\Google
2009-12-17 10:02 . 2009-12-08 03:58 -------- d-----w- c:\users\Administrator\Application Data\Skype
2009-12-16 08:09 . 2009-12-08 03:04 -------- d-----w- c:\program files\Xvid
2009-12-15 18:35 . 2009-12-08 03:58 -------- d-----w- c:\users\All Users\Application Data\Skype
2009-12-10 03:46 . 2009-12-08 03:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-09 23:24 . 2009-12-08 03:30 -------- d-----w- c:\program files\CCleaner
2009-12-09 07:41 . 2009-12-08 03:01 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-09 06:24 . 2009-12-08 03:58 -------- d-----w- c:\program files\MSN Messenger
2009-12-08 16:01 . 2009-12-08 15:59 -------- d-----w- c:\program files\VIA
2009-12-08 04:52 . 2009-12-08 03:48 -------- d-----w- c:\program files\Unlocker
2009-12-08 04:30 . 2009-12-08 04:30 -------- d-----w- c:\users\kole017\Application Data\Talkback
2009-12-08 04:30 . 2009-12-08 04:30 0 ----a-w- c:\windows\nsreg.dat
2009-12-08 04:04 . 2009-12-08 03:59 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-08 04:03 . 2009-12-08 04:03 -------- d-----w- c:\users\Administrator\Application Data\Ahead
2009-12-08 04:03 . 2009-12-08 04:02 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-08 04:02 . 2009-12-08 04:02 -------- d-----w- c:\users\All Users\Application Data\Nero
2009-12-08 04:02 . 2009-12-08 04:02 -------- d-----w- c:\program files\Nero
2009-12-08 04:01 . 2009-12-08 04:01 -------- d-----w- c:\program files\JockerSoft
2009-12-08 04:01 . 2009-12-08 04:01 -------- d-----w- c:\program files\AVIcodec
2009-12-08 04:00 . 2009-12-08 04:00 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-08 03:59 . 2009-12-08 03:59 -------- d-----w- c:\users\Administrator\Application Data\BSplayer Pro
2009-12-08 03:59 . 2009-12-08 03:59 -------- d-----w- c:\users\All Users\Application Data\Yahoo!
2009-12-08 03:58 . 2009-12-08 03:58 -------- d-----w- c:\program files\PDFCreator
2009-12-08 03:58 . 2009-12-08 03:58 -------- d-----w- c:\users\Administrator\Application Data\Notepad++
2009-12-08 03:50 . 2009-12-08 03:50 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-08 03:50 . 2009-12-08 03:50 -------- d-----w- c:\program files\Microsoft Office 2003
2009-12-08 03:50 . 2009-12-08 03:50 -------- d-----w- c:\program files\Microsoft.NET
2009-12-08 03:48 . 2009-12-08 03:48 -------- d-----w- c:\program files\MicrosoftOfficeSetupFiles
2009-12-08 03:48 . 2009-12-08 03:48 -------- d-----w- c:\program files\7-Zip
2009-12-08 03:29 . 2009-12-08 03:29 -------- d-----w- c:\program files\MSBuild
2009-12-08 03:29 . 2009-12-08 03:29 424696 ----a-w- c:\users\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-08 03:26 . 2009-12-08 03:26 -------- d-----w- c:\program files\Reference Assemblies
2009-12-08 03:09 . 2009-12-08 03:09 -------- d-----w- c:\program files\MSXML 6.0
2009-12-08 03:09 . 2009-12-08 03:09 -------- d-----w- c:\program files\MSXML 4.0
2009-12-08 03:04 . 2009-12-08 03:04 -------- d-----w- c:\program files\Java
2009-12-08 03:04 . 2009-12-08 03:04 -------- d-----w- c:\program files\Common Files\Java
2009-12-08 02:58 . 2009-12-08 02:58 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 04:48 . 2009-10-29 04:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

------- Sigcheck -------

[-] 2004-08-04 . BB4D3A8E6F7EB1D370BC4AD27AB23368 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-02_08.41.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-02 14:01 . 2010-01-02 14:01 16384 c:\windows\temp\Perflib_Perfdata_c24.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"nwiz"="nwiz.exe" [2007-04-19 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-07-12 29896704]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-12-09 949376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"StartMenuFavorites"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\games\\CS 1.6 v42 FULL\\hl.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [9/12/2009 3:57 AM 15424]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [6/04/2009 1:19 PM 23064]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/12/2009 5:01 PM 279680]
S3 FXDrv32;FXDrv32;\??\f:\fxdrv32.sys --> f:\FXDrv32.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {BB8BD4B8-6E1A-4B6E-B6F7-A5235CB6D591} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=icqskins&q=
FF - component: c:\users\kole017\Application Data\Mozilla\Firefox\Profiles\8a028nhw.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 15:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(2184)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\imapi.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-02 15:02:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-02 14:02
ComboFix2.txt 2010-01-02 08:42

Pre-Run: 91,783,405,568 bytes free
Post-Run: 91,689,246,720 bytes free

- - End Of File - - 19CE81FBD371E9E80D27A9FA67F62110

Dopuna: 02 Jan 2010 15:12

Ne mogu vise da pristupim podesavanju AMON u Nod32 da ga ukljucim. Nema ga.

Dopuna: 02 Jan 2010 15:16

Tacnije ne mogu da otkrijem to sto se nalazi u Threat Protection Modules:


Dopuna: 02 Jan 2010 16:15

restartovao sam kompjuter i sada mogu da podesim. Cekam dalja uputstva.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakva je situacija sada, trebalo bi da je ok.
Preporuka da instaliras novu verziju Nod-a.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sada je sve dobro. Sto se tice Noda, ostaje ova verzija. Pozz... I srecna Nova Godina

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala, srecna i tebi.

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradio sam. Pozz...