Lap top: Isti problem.

Lap top: Isti problem.

offline
  • Pridružio: 20 Jul 2008
  • Poruke: 197

Ova tema mi je za lap top.
Ima isti problem kao kompjuter.

By the way, malo je ovde mozda tezi slucaj jer kad sam sad upalio lap top, avast je opet detektovao onaj virus, ovaj put u nekom llass.exe procesu (nije bas tacno tako pisalo, ali nesto slicno) iz c:\windows.

Opcija je bila delete.

Evo ostalih potrebstina:



DDS (Ver_10-11-08.01) - NTFSx86
Run by Alex at 18:24:03,03 on pon 08.11.2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.336 [GMT 1:00]

AV: avast! antivirus 4.8.1368 [VPS 101108-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
d:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\4shared Desktop\desktop.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Alex\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - d:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - d:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [<NO NAME>]
uRun: [AdobeBridge]
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3trayp.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [4shared Update] "d:\program files\4shared desktop\checkUpdate.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SMSERIAL] c:\windows\sm56hlpr.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Download All using 4shared Desktop - d:\program files\4shared desktop\down_all.htm
IE: &Download using 4shared Desktop - d:\program files\4shared desktop\down_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download video with Free Download Manager - file://d:\program files\free download manager\dlfvideo.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Preuzmi odabrano Free Download Manager-om - file://d:\program files\free download manager\dlselected.htm
IE: Preuzmi sa Free Download Managerom - file://d:\program files\free download manager\dllink.htm
IE: Preuzmi sve sa Free Download Manager-om - file://d:\program files\free download manager\dlall.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\atprksew.default\
FF - prefs.js: browser.search.selectedEngine - Вокабулар
FF - prefs.js: browser.startup.homepage - google.rs
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: d:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-22 207280]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [2010-7-29 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [2010-7-29 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-6-1 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-1 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-6-1 138680]
R2 Browser Defender Update Service;Browser Defender Update Service;d:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-10-22 112592]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-2 217600]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-6-1 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-6-1 352920]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2010-6-1 7808]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2010-5-31 659456]
S2 vhvwk;Config Update;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2010-8-20 32377]
S3 PsShutdownSvc;PsShutdown;c:\windows\PSSDNSVC.EXE [2010-6-12 87616]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\spyware doctor\pctsAuxs.exe [2010-10-22 358600]
S3 sdCoreService;PC Tools Security Service;d:\program files\spyware doctor\pctsSvc.exe [2010-10-22 1141200]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-5-31 141824]

=============== Created Last 30 ================

2010-11-05 19:01:15 1409 ----a-w- c:\windows\QTFont.for
2010-11-02 12:03:20 -------- d-----w- c:\docume~1\alex\locals~1\applic~1\WMTools Downloaded Files
2010-10-25 13:01:28 -------- d-----w- c:\docume~1\alex\locals~1\applic~1\WinZip
2010-10-22 09:29:58 -------- d-sh--r- C:\Win
2010-10-22 07:51:45 767952 ----a-w- c:\windows\BDTSupport.dll
2010-10-22 07:51:45 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-10-22 07:51:44 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-10-22 07:51:44 1636304 ----a-w- c:\windows\PCTBDCore.dll
2010-10-22 07:43:21 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-22 07:43:10 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-22 07:43:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-22 07:42:59 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-22 07:42:42 -------- d-----w- c:\program files\common files\PC Tools
2010-10-22 07:42:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-10-22 07:42:42 -------- d-----w- c:\docume~1\alex\applic~1\PC Tools
2010-10-18 19:51:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-10-15 17:10:21 -------- d-----w- c:\program files\VirtualDJ
2010-10-15 16:44:30 -------- d-----w- c:\docume~1\alex\applic~1\Sony Creative Software
2010-10-14 23:44:02 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-10-10 16:01:19 -------- d-----w- c:\docume~1\alex\locals~1\applic~1\Sony
2010-10-10 15:59:25 -------- d-----w- c:\program files\Sony Setup
2010-10-10 15:57:23 -------- d-----w- c:\program files\Sony
2010-10-10 14:17:59 -------- d-----w- c:\docume~1\alex\applic~1\TeamViewer

==================== Find3M ====================


============= FINISH: 18:24:48,54 ===============

mycity.rs/must-login.png

Krenuo sa GMER-om.
Postavilo je upit da li da se skenira ceo system ili tako nesto jer je kao primecen ROOTKIT.
Prateci uputstvo, ja sam kliknuo na NO.
Jos nesto, kod GMER1, jedna linija je u crveno obojena
Service ---------------- C:\Windows\system32\svchost.exe (***hidden***)


mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

PozZ Wink

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav.



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 20 Jul 2008
  • Poruke: 197

Napisano: 08 Nov 2010 21:12

ComboFix 10-11-07.A2 - Alex 08.11.2010 20:51:33.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.503 [GMT 1:00]
Running from: d:\down\firefox\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 101108-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Synaptics\SynTP\Media\Desktop_.ini
c:\program files\VIA\Setup\viaagp\Desktop_.ini
c:\program files\VIA\Setup\viaagp\DRIVER\Desktop_.ini
c:\program files\VIA\Setup\viaagp\DRIVER\Svr2003\Desktop_.ini
c:\program files\VIA\Setup\viaagp\DRIVER\Win2000\Desktop_.ini
c:\program files\VIA\Setup\viaagp\DRIVER\Win95\Desktop_.ini
c:\program files\VIA\Setup\viaagp\DRIVER\Win98_Me\Desktop_.ini
c:\program files\VIA\Setup\viaagp\DRIVER\WinXP\Desktop_.ini
c:\program files\VIA\Setup\viaagp\DRIVER\X64\Desktop_.ini
c:\program files\VIA\VIAudioi\HDADeck\Desktop_.ini
C:\Win
c:\win\1.exe
c:\win\names.txt

.
((((((((((((((((((((((((( Files Created from 2010-10-08 to 2010-11-08 )))))))))))))))))))))))))))))))
.

2010-11-05 19:01 . 2010-11-05 19:01 1409 ----a-w- c:\windows\QTFont.for
2010-11-02 12:03 . 2010-11-02 12:03 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\WMTools Downloaded Files
2010-10-25 13:01 . 2010-10-25 13:01 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\WinZip
2010-10-25 13:00 . 2010-10-25 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-10-22 07:51 . 2009-10-08 09:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-10-22 07:51 . 2009-10-08 09:31 767952 ----a-w- c:\windows\BDTSupport.dll
2010-10-22 07:51 . 2009-10-08 09:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-10-22 07:51 . 2009-10-08 09:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2010-10-22 07:43 . 2009-09-24 06:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-22 07:43 . 2009-10-06 14:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-22 07:43 . 2009-09-23 14:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-22 07:42 . 2009-09-03 07:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-22 07:42 . 2010-10-22 07:52 -------- d-----w- c:\program files\Common Files\PC Tools
2010-10-22 07:42 . 2010-10-22 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-10-22 07:42 . 2010-10-22 07:42 -------- d-----w- c:\documents and settings\Alex\Application Data\PC Tools
2010-10-18 19:51 . 2010-10-18 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-15 17:10 . 2010-10-17 16:14 -------- d-----w- c:\program files\VirtualDJ
2010-10-15 16:44 . 2010-10-15 16:44 -------- d-----w- c:\documents and settings\Alex\Application Data\Sony Creative Software
2010-10-14 23:44 . 2010-10-14 23:44 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-10-10 21:34 . 2010-10-10 21:34 -------- d-----w- c:\program files\Common Files\Java
2010-10-10 17:47 . 2010-10-10 17:47 -------- d-----w- c:\documents and settings\Alex\Application Data\Publish Providers
2010-10-10 17:37 . 2010-10-10 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-10-10 16:01 . 2010-10-10 17:47 -------- d-----w- c:\documents and settings\Alex\Application Data\Sony
2010-10-10 16:01 . 2010-10-10 16:01 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\Sony
2010-10-10 15:59 . 2010-10-10 15:59 -------- d-----w- c:\program files\Sony Setup
2010-10-10 15:57 . 2010-10-10 15:59 -------- d-----w- c:\program files\Sony
2010-10-10 14:17 . 2010-10-10 14:32 -------- d-----w- c:\documents and settings\Alex\Application Data\TeamViewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-11 794714]
"VTTimer"="VTTimer.exe" [2006-08-03 53248]
"S3Trayp"="S3trayp.exe" [2006-07-11 176128]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-09-29 720896]
"4shared Update"="d:\program files\4shared Desktop\checkUpdate.exe" [2010-03-22 603136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2008-03-05 565248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-14 155648]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3708:TCP"= 3708:TCP:pltgizlx

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [22.10.2010 8:43 207280]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [29.7.2010 12:31 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [29.7.2010 12:31 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.6.2010 14:53 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.6.2010 14:53 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;d:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [22.10.2010 8:51 112592]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [1.6.2010 18:03 7808]
S2 vhvwk;Config Update;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [20.8.2010 13:03 32377]
S3 PsShutdownSvc;PsShutdown;c:\windows\PSSDNSVC.EXE [12.6.2010 23:55 87616]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [22.10.2010 8:42 358600]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [31.5.2010 23:55 141824]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AGQDAAOD
*Deregistered* - agqdaaod

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vhvwk
.
Contents of the 'Scheduled Tasks' folder

2010-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 22:46]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 22:46]
.
.
------- Supplementary Scan -------
.
IE: &Download All using 4shared Desktop - d:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - d:\program files\4shared Desktop\down_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download video with Free Download Manager - file://d:\program files\Free Download Manager\dlfvideo.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Preuzmi odabrano Free Download Manager-om - file://d:\program files\Free Download Manager\dlselected.htm
IE: Preuzmi sa Free Download Managerom - file://d:\program files\Free Download Manager\dllink.htm
IE: Preuzmi sve sa Free Download Manager-om - file://d:\program files\Free Download Manager\dlall.htm
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\atprksew.default\
FF - prefs.js: browser.search.selectedEngine - Википедија (sr)
FF - prefs.js: browser.startup.homepage - google.rs
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: d:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-11-08 21:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vhvwk]
"ServiceDll"="c:\windows\system32\arhucf.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-11-08 21:03:14
ComboFix-quarantined-files.txt 2010-11-08 20:03

Pre-Run: 38.521.257.984 bytes free
Post-Run: 38.652.661.760 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 35769D0E3A05C54E1D7DD5ACD49E2DDD

Dopuna: 08 Nov 2010 21:13

Smem li da ukljucim AV sad?

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Nemoj jos da palis AV Smile


Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\arhucf.dll

Driver::
vhvwk

NetSvc::
vhvwk

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3708:TCP"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 20 Jul 2008
  • Poruke: 197

ComboFix 10-11-07.A2 - Alex 08.11.2010 22:07:04.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.443 [GMT 1:00]
Running from: d:\down\firefox\ComboFix.exe
Command switches used :: d:\down\firefox\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 101108-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\arhucf.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\arhucf.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VHVWK
-------\Service_vhvwk


((((((((((((((((((((((((( Files Created from 2010-10-08 to 2010-11-08 )))))))))))))))))))))))))))))))
.

2010-11-05 19:01 . 2010-11-05 19:01 1409 ----a-w- c:\windows\QTFont.for
2010-11-02 12:03 . 2010-11-02 12:03 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\WMTools Downloaded Files
2010-10-25 13:01 . 2010-10-25 13:01 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\WinZip
2010-10-25 13:00 . 2010-10-25 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-10-22 07:51 . 2009-10-08 09:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-10-22 07:51 . 2009-10-08 09:31 767952 ----a-w- c:\windows\BDTSupport.dll
2010-10-22 07:51 . 2009-10-08 09:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-10-22 07:51 . 2009-10-08 09:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2010-10-22 07:43 . 2009-09-24 06:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-22 07:43 . 2009-10-06 14:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-22 07:43 . 2009-09-23 14:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-22 07:42 . 2009-09-03 07:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-22 07:42 . 2010-10-22 07:52 -------- d-----w- c:\program files\Common Files\PC Tools
2010-10-22 07:42 . 2010-10-22 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-10-22 07:42 . 2010-10-22 07:42 -------- d-----w- c:\documents and settings\Alex\Application Data\PC Tools
2010-10-18 19:51 . 2010-10-18 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-15 17:10 . 2010-10-17 16:14 -------- d-----w- c:\program files\VirtualDJ
2010-10-15 16:44 . 2010-10-15 16:44 -------- d-----w- c:\documents and settings\Alex\Application Data\Sony Creative Software
2010-10-14 23:44 . 2010-10-14 23:44 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-10-10 21:34 . 2010-10-10 21:34 -------- d-----w- c:\program files\Common Files\Java
2010-10-10 17:47 . 2010-10-10 17:47 -------- d-----w- c:\documents and settings\Alex\Application Data\Publish Providers
2010-10-10 17:37 . 2010-10-10 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-10-10 16:01 . 2010-10-10 17:47 -------- d-----w- c:\documents and settings\Alex\Application Data\Sony
2010-10-10 16:01 . 2010-10-10 16:01 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\Sony
2010-10-10 15:59 . 2010-10-10 15:59 -------- d-----w- c:\program files\Sony Setup
2010-10-10 15:57 . 2010-10-10 15:59 -------- d-----w- c:\program files\Sony
2010-10-10 14:17 . 2010-10-10 14:32 -------- d-----w- c:\documents and settings\Alex\Application Data\TeamViewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-11-08_20.00.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-08 21:14 . 2010-11-08 21:14 16384 c:\windows\Temp\Perflib_Perfdata_ea0.dat
+ 2010-11-08 21:12 . 2010-11-08 21:12 16384 c:\windows\Temp\Perflib_Perfdata_660.dat
+ 2010-11-08 21:13 . 2010-11-08 21:13 16384 c:\windows\Temp\Perflib_Perfdata_474.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-11 794714]
"VTTimer"="VTTimer.exe" [2006-08-03 53248]
"S3Trayp"="S3trayp.exe" [2006-07-11 176128]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-09-29 720896]
"4shared Update"="d:\program files\4shared Desktop\checkUpdate.exe" [2010-03-22 603136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2008-03-05 565248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-14 155648]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [22.10.2010 8:43 207280]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [29.7.2010 12:31 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [29.7.2010 12:31 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.6.2010 14:53 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.6.2010 14:53 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;d:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [22.10.2010 8:51 112592]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [1.6.2010 18:03 7808]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [20.8.2010 13:03 32377]
S3 PsShutdownSvc;PsShutdown;c:\windows\PSSDNSVC.EXE [12.6.2010 23:55 87616]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [22.10.2010 8:42 358600]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [31.5.2010 23:55 141824]
.
Contents of the 'Scheduled Tasks' folder

2010-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 22:46]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 22:46]
.
.
------- Supplementary Scan -------
.
IE: &Download All using 4shared Desktop - d:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - d:\program files\4shared Desktop\down_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download video with Free Download Manager - file://d:\program files\Free Download Manager\dlfvideo.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Preuzmi odabrano Free Download Manager-om - file://d:\program files\Free Download Manager\dlselected.htm
IE: Preuzmi sa Free Download Managerom - file://d:\program files\Free Download Manager\dllink.htm
IE: Preuzmi sve sa Free Download Manager-om - file://d:\program files\Free Download Manager\dlall.htm
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\atprksew.default\
FF - prefs.js: browser.search.selectedEngine - Википедија (sr)
FF - prefs.js: browser.startup.homepage - google.rs
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: d:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-11-08 22:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668-)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3260)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\S3trayp.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-11-08 22:20:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-08 21:20
ComboFix2.txt 2010-11-08 20:03

Pre-Run: 38.661.332.992 bytes free
Post-Run: 38.544.863.232 bytes free

- - End Of File - - 3D070761B40FB188CFC384B0633E94CA

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Stanje ?

offline
  • Pridružio: 20 Jul 2008
  • Poruke: 197

Veruj mi, ne znam dok mi se ne bude pojavilo nesto Wink

Cini mi se da je bolje jer na sistem reboot-u nije virus prikazan, mada je AV kasnije ukljucen.

Ti mi reci, kako ti se cini. Jesam li cist?

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Cist si, u logu nema vise tragova malware-a.

U drugoj temi koju si otvorio ces postaviti odgovarajuce logove, da ti Goran ocisti memorijske kartice, nisi valjda zaboravio na tu temu.



Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

offline
  • Pridružio: 20 Jul 2008
  • Poruke: 197

Hvala, puno.

To sam kompom ce verovatno moj brat sutra, a ja cu kamericu i telefon (tj. flash) odavde, takodje sutra.

Pre svega hvala na bezuslovnoj pomoci.
Vi od mog hvala nemate nista, ali bar znajte da meni puno znaci to sto radite.

Veliki pozdrav.

Ko je trenutno na forumu
 

Ukupno su 783 korisnika na forumu :: 24 registrovanih, 4 sakrivenih i 755 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., anta, bestguarder, Bluper, bojank, dankisha, darkangel, Denaya, DonRumataEstorski, flash12, HrcAk47, Kotarle, kunktator, ladro, mačković, Milos ZA, novator, Oscar, SlaKoj, Smiljke, Srle993, VJ, zdrebac