Moguca infekcija

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:21, on 6.7.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AltBinz\altbinz.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\program files\mozilla firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\klaeosfewegg.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VistaFirewallControl] C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: altbinz - Shortcut.lnk = C:\Program Files\AltBinz\altbinz.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: VistaFirewallService - Sphinx Software - C:\Program Files\VistaFirewallControl\VistaFirewallService.exe

--
End of file - 7078 bytes

AVAST mi ceo dan zavija i upozorava na virus u system32 folderu i u rootkitu ima li ovde nesto sumnjivo?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Provericemo...

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-07-09.08 - phant0m 12.07.2009 3:40.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.3070.2087 [GMT 2:00]
Running from: c:\users\phant0m\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090711-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1335 [VPS 090711-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
C:\90210.exe
c:\windows\Installer\37f5f.msi
c:\windows\system32\ATIODCLI.exe
c:\windows\system32\ATIODE.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\hjgruilhddjfly.sys
c:\windows\system32\hjgruihofhydot.dat
c:\windows\system32\hjgruipkxjmhpw.dll
c:\windows\system32\hjgruiwdhudwco.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 )))))))))))))))))))))))))))))))
.

2009-07-12 01:47 . 2009-07-12 01:47 -------- d-----w- c:\users\phant0m\AppData\Local\temp
2009-07-11 16:15 . 2007-03-29 13:00 17024 ----a-w- c:\windows\system32\drivers\KMWDFilter.SYS
2009-07-11 16:15 . 2009-07-11 16:15 -------- d-----w- c:\program files\Trust
2009-07-11 16:14 . 2009-07-11 16:14 -------- d-----w- c:\programdata\{60727955-924B-4A9F-9506-5104848B6673}
2009-07-11 16:12 . 2009-07-11 16:12 -------- d-----w- c:\users\phant0m\AppData\Roaming\ATI
2009-07-11 16:12 . 2009-07-11 16:12 -------- d-----w- c:\users\phant0m\AppData\Local\ATI
2009-07-11 16:12 . 2009-07-11 16:12 -------- d-----w- c:\programdata\ATI
2009-07-11 16:11 . 2009-07-11 16:11 0 ----a-w- c:\windows\ativpsrm.bin
2009-07-11 16:08 . 2009-07-11 16:08 9158 ----a-r- c:\users\phant0m\AppData\Roaming\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-07-11 16:08 . 2009-07-11 16:08 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-07-11 16:08 . 2009-02-20 05:17 95760 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2009-07-11 16:08 . 2009-07-11 16:08 -------- d-----w- c:\windows\LastGood.Tmp
2009-07-11 16:08 . 2009-02-25 21:36 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-07-11 16:08 . 2009-07-11 16:08 10134 ----a-r- c:\users\phant0m\AppData\Roaming\Microsoft\Installer\{4ED10D4D-5381-D076-4277-0F3D7993B5CB}\ARPPRODUCTICON.exe
2009-07-11 16:08 . 2009-07-11 16:08 -------- d-----w- c:\program files\ATI
2009-07-11 16:05 . 2009-07-11 16:09 -------- d-----w- c:\program files\ATI Technologies
2009-07-11 16:04 . 2009-07-11 16:04 680 ----a-w- c:\users\phant0m\AppData\Local\d3d9caps.dat
2009-07-07 17:08 . 2009-07-07 17:08 -------- d-----w- c:\users\phant0m\AppData\Local\Activision
2009-07-07 16:16 . 2009-07-07 16:16 -------- d-sh--w- c:\windows\ftpcache
2009-07-07 04:07 . 2009-07-07 04:07 -------- d-----w- c:\users\phant0m\AppData\Local\PunkBuster
2009-07-07 04:02 . 2009-07-07 17:16 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-07 04:02 . 2009-07-07 16:39 22328 ----a-w- c:\users\phant0m\AppData\Roaming\PnkBstrK.sys
2009-07-07 04:00 . 2009-07-07 17:16 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-07 04:00 . 2009-07-07 16:36 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-07 04:00 . 2009-07-07 04:00 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-06 18:41 . 2009-07-06 18:41 -------- d-----w- c:\program files\Trend Micro
2009-07-05 07:15 . 1997-01-22 19:26 565760 ------w- c:\windows\system32\MSVCP50.DLL
2009-07-05 07:03 . 2007-03-16 02:58 1099352 ------w- c:\programdata\HP\Installer\Temp\hpzscr01.exe
2009-07-05 07:03 . 2007-03-16 02:51 1140312 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2009-07-05 06:34 . 2009-07-05 07:03 -------- d-----w- c:\program files\Canon
2009-07-05 06:31 . 2009-07-05 06:31 -------- d-----w- c:\program files\Common Files\Canon
2009-07-04 21:25 . 2009-07-04 21:25 -------- d-----w- c:\program files\Sandboxie
2009-07-04 09:35 . 2009-07-04 09:35 -------- d--h--w- c:\program files\MSNmsngr
2009-07-04 09:34 . 2009-07-04 09:34 -------- d-----w- c:\users\phant0m\AppData\Local\Deployment
2009-07-04 09:34 . 2009-07-04 09:34 -------- d-----w- c:\users\phant0m\AppData\Local\Apps
2009-06-28 17:48 . 2009-06-28 18:08 -------- d-----w- c:\users\phant0m\AppData\Roaming\Winamp
2009-06-28 17:48 . 2009-06-28 17:49 -------- d-----w- c:\program files\Winamp
2009-06-21 20:50 . 2009-06-21 20:50 -------- d-----w- c:\windows\system32\QuickTime
2009-06-21 20:50 . 1997-08-21 12:44 345600 ----a-w- c:\windows\system32\Qtim32.dll
2009-06-21 20:50 . 1996-08-26 02:12 93696 ----a-w- c:\windows\system32\Qtole32.dll
2009-06-18 16:16 . 2009-06-18 16:16 25214 ----a-r- c:\users\phant0m\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-06-18 16:16 . 2009-06-18 16:16 25214 ----a-r- c:\users\phant0m\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-06-18 16:16 . 2009-06-18 16:16 25214 ----a-r- c:\users\phant0m\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-06-18 16:16 . 2009-06-18 16:16 25214 ----a-r- c:\users\phant0m\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-06-18 16:16 . 2009-06-18 16:16 25214 ----a-r- c:\users\phant0m\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-06-18 16:16 . 2009-06-18 16:16 25214 ----a-r- c:\users\phant0m\AppData\Roaming\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe
2009-06-17 22:11 . 2008-12-03 23:25 120832 ----a-w- c:\users\phant0m\AppData\Roaming\Mozilla\Firefox\Profiles\n22537p1.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 01:38 . 2009-04-03 16:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 00:22 . 2009-04-03 17:49 -------- d-----w- c:\programdata\DVD Shrink
2009-07-11 16:06 . 2009-04-04 05:38 -------- d-----w- c:\programdata\NVIDIA
2009-07-09 18:22 . 2009-04-03 19:07 -------- d-----w- c:\users\phant0m\AppData\Roaming\Thinstall
2009-07-07 18:07 . 2009-04-03 17:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-28 17:48 . 2009-04-11 06:30 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-27 09:17 . 2009-04-03 19:46 -------- d-----w- c:\programdata\Microsoft Help
2009-06-23 16:15 . 2009-04-03 16:38 100248 ----a-w- c:\users\phant0m\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-05 16:55 . 2009-06-05 16:51 -------- d-----w- c:\program files\Award Keylogger
2009-06-05 15:26 . 2009-06-05 15:26 -------- d-----w- c:\program files\Common Files\Autodata Limited Shared
2009-05-28 05:28 . 2009-04-03 17:56 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-23 06:42 . 2009-05-23 06:42 331776 ----a-r- c:\users\phant0m\AppData\Roaming\Microsoft\Installer\{41536D42-C529-4D14-8EE7-57B92C1EF9D7}\OneClickJoiner.exe1_41536D42C5294D148EE757B92C1EF9D7.exe
2009-05-23 06:42 . 2009-05-23 06:42 331776 ----a-r- c:\users\phant0m\AppData\Roaming\Microsoft\Installer\{41536D42-C529-4D14-8EE7-57B92C1EF9D7}\OneClickJoiner.exe_41536D42C5294D148EE757B92C1EF9D7.exe
2009-05-23 06:42 . 2009-05-23 06:42 292878 ----a-r- c:\users\phant0m\AppData\Roaming\Microsoft\Installer\{41536D42-C529-4D14-8EE7-57B92C1EF9D7}\ARPPRODUCTICON.exe
2009-05-23 06:42 . 2009-05-23 06:40 -------- d-----w- c:\program files\CheshireCat
2009-05-23 06:40 . 2009-05-23 06:40 331776 ----a-r- c:\users\phant0m\AppData\Roaming\Microsoft\Installer\{7DE8D718-5B0B-4C10-9B0B-A327A650209D}\NewShortcut11_7DE8D7185B0B4C109B0BA327A650209D.exe
2009-05-23 06:40 . 2009-05-23 06:40 331776 ----a-r- c:\users\phant0m\AppData\Roaming\Microsoft\Installer\{7DE8D718-5B0B-4C10-9B0B-A327A650209D}\NewShortcut1_7DE8D7185B0B4C109B0BA327A650209D.exe
2009-05-23 06:40 . 2009-05-23 06:40 292878 ----a-r- c:\users\phant0m\AppData\Roaming\Microsoft\Installer\{7DE8D718-5B0B-4C10-9B0B-A327A650209D}\ARPPRODUCTICON.exe
2009-05-22 08:33 . 2009-05-22 08:33 7680 ----a-w- c:\users\phant0m\AppData\Roaming\Thinstall\Video Editor\1000000700002i\hh.exe
2009-05-22 08:23 . 2009-05-22 08:23 7680 ----a-w- c:\users\phant0m\AppData\Roaming\Thinstall\Video Editor\4000002100003i\avc.exe
2009-05-22 08:21 . 2009-05-22 08:21 7680 ----a-w- c:\users\phant0m\AppData\Roaming\Thinstall\Video Editor\1000000e00002i\rundll32.exe
2009-05-22 07:53 . 2009-05-21 08:04 -------- d-----w- c:\users\phant0m\AppData\Roaming\Pegasys Inc
2009-05-21 08:04 . 2009-05-21 08:04 -------- d-----w- c:\users\phant0m\AppData\Roaming\Skype
2009-05-21 07:57 . 2009-05-21 07:57 -------- d-----w- c:\users\phant0m\AppData\Roaming\GlobalSCAPE
2009-05-18 06:12 . 2009-04-03 17:47 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-18 06:12 . 2009-05-18 06:12 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-18 06:11 . 2009-05-18 06:11 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-15 07:27 . 2009-05-15 07:27 -------- d-----w- c:\program files\DVDInfoPro
2009-05-13 17:35 . 2009-06-05 16:51 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2009-05-13 17:35 . 2009-06-05 16:51 28160 ----a-w- c:\windows\system32\anim.dll
2009-05-13 17:35 . 2009-06-05 16:51 258352 ----a-w- c:\windows\system32\unicows.dll
2009-05-13 05:14 . 2009-05-13 05:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-13 05:14 . 2009-05-13 05:14 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2009-05-13 05:14 . 2009-05-13 05:14 25600 ----a-w- c:\windows\system32\LangCleanupSysprepAction.dll
2009-05-13 05:14 . 2009-05-13 05:14 23552 ----a-w- c:\windows\system32\lpremove.exe
2009-05-13 05:14 . 2009-05-13 05:14 165888 ----a-w- c:\windows\system32\lpksetup.exe
2009-05-13 05:14 . 2009-05-13 05:14 1152000 ----a-w- c:\windows\system32\themecpl.dll
2009-05-13 05:14 . 2009-05-13 05:14 10240 ----a-w- c:\windows\system32\MUILanguageCleanup.dll
2009-05-13 05:14 . 2009-05-13 05:14 233888 ----a-w- c:\windows\system32\DreamScene.dll
2009-05-13 05:13 . 2009-05-13 05:13 84480 ----a-w- c:\windows\system32\INETRES.dll
2009-05-13 05:13 . 2009-05-13 05:13 737792 ----a-w- c:\windows\system32\inetcomm.dll
2009-05-12 16:28 . 2009-05-12 16:28 8192 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-12 16:28 . 2009-05-12 16:28 61440 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-12 16:28 . 2009-05-12 16:28 10240 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- c:\windows\system32\nvcod146.dll
2009-04-30 00:57 . 2009-04-30 00:57 103872 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2007-06-25 20:43 . 2006-11-22 14:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-02-21 4333568]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"VistaFirewallControl"="c:\program files\VistaFirewallControl\VistaFirewallControl.exe" [2008-07-11 716800]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-27 6281760]

c:\users\phant0m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
altbinz - Shortcut.lnk - c:\program files\AltBinz\altbinz.exe [2007-9-27 1069568]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-4-3 3450608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AlwaysShowClassicMenu"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\phant0m\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" -H

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UACDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{B43A1370-2AD0-44BC-BA24-C2F93D8B7449}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{FCF71D6A-2C71-4801-9FCB-B3DDCB84706B}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"{17878458-B4C4-4032-B422-13D085CD9279}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0ABB3B5A-0785-43FE-9983-5DE413F1461F}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{001DF203-93CD-4723-9BDA-95A32C1756FD}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A0D1A13F-492C-4BE3-98EA-D4C3DD008C63}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [3.4.2009 18:59 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [3.4.2009 18:59 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [3.4.2009 18:59 51792]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3.4.2009 19:29 179856]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [18.5.2009 8:12 603904]
R2 VistaFirewallService;VistaFirewallService;c:\program files\VistaFirewallControl\VistaFirewallService.exe [3.4.2009 19:16 286720]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [11.7.2009 18:08 95760]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [3.4.2009 19:15 15504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [3.4.2009 19:19 1153368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1778562809-2072162824-3854181116-1000Core.job
- c:\users\phant0m\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-18 16:13]

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1778562809-2072162824-3854181116-1000UA.job
- c:\users\phant0m\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-18 16:13]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\users\phant0m\AppData\Roaming\Mozilla\Firefox\Profiles\n22537p1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\phant0m\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-12 03:47
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1778562809-2072162824-3854181116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-1778562809-2072162824-3854181116-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-1778562809-2072162824-3854181116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"

[HKEY_USERS\S-1-5-21-1778562809-2072162824-3854181116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"

[HKEY_USERS\S-1-5-21-1778562809-2072162824-3854181116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-1778562809-2072162824-3854181116-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-1778562809-2072162824-3854181116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"

[HKEY_USERS\S-1-5-21-1778562809-2072162824-3854181116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-1778562809-2072162824-3854181116-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-1778562809-2072162824-3854181116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-1778562809-2072162824-3854181116-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-1778562809-2072162824-3854181116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1778562809-2072162824-3854181116-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-1778562809-2072162824-3854181116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-1778562809-2072162824-3854181116-1000)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\PicasaPhotoViewer.exe"

[HKEY_USERS\S-1-5-21-1778562809-2072162824-3854181116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"

[HKEY_USERS\S-1-5-21-1778562809-2072162824-3854181116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-1778562809-2072162824-3854181116-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"

[HKEY_USERS\S-1-5-21-1778562809-2072162824-3854181116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-1778562809-2072162824-3854181116-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"

[HKEY_USERS\S-1-5-21-1778562809-2072162824-3854181116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"

[HKEY_USERS\S-1-5-21-1778562809-2072162824-3854181116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"

[HKEY_USERS\S-1-5-21-1778562809-2072162824-3854181116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"

[HKEY_USERS\S-1-5-21-1778562809-2072162824-3854181116-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{37708EEE-2788-E35C-FF17-AF8541BA5490}*]
"jajgbkopojkjjklkabhh"=hex:62,61,63,6d,00,00
"iajhjglgnjambocgmc"=hex:6b,61,65,6d,6b,64,6f,6e,69,62,69,63,66,67,65,70,66,68,
66,61,69,66,00,00
.
Completion time: 2009-07-12 3:48
ComboFix-quarantined-files.txt 2009-07-12 01:48

Pre-Run: 1.402.343.424 bytes free
Post-Run: 1.629.822.976 bytes free

337 --- E O F --- 2009-05-13 05:14

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav, posto helen1 nije tu, ja cu preuzeti slucaj.

Posalji sledeca dva fajla na upload

C:\Qoobox\Quarantine\C\WINDOWS\system32\ATIODE.exe.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\ATIODCLI.exe.vir

Preko ovog linka http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poslato
Imam u tom folderu jos 3 neka fajla isto sa ovim .vir na kraju
Jel treba i njih da posaljem?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

DEQUARANTINE::
C:\Qoobox\Quarantine\C\WINDOWS\system32\ATIODE.exe.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\ATIODCLI.exe.vir
QUIT::

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Treba li da iskljucim antivirus?
Pitam zbog ovoga:

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da, iskljuci.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo:

C:\Qoobox\Quarantine\C\WINDOWS\system32\ATIODCLI.exe.vir -> C:\WINDOWS\system32\ATIODCLI.exe ( 45056 bytes )
C:\Qoobox\Quarantine\C\WINDOWS\system32\ATIODE.exe.vir -> C:\WINDOWS\system32\ATIODE.exe ( 81920 bytes )

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kazi mi kakvo je sada stanje ?