Molom proveru-Verovatno zaraza

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

MBAM mi je izbacio ovo:

Malwarebytes' Anti-Malware 1.38
Verzija baze podataka: 2374
Windows 5.1.2600 Service Pack 3

7/5/2009 2:02:47 AM
mbam-log-2009-07-05 (02-02-44).txt

Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 96212
Proteklo vreme: 7 minute(s), 58 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 2
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 0

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani kljuèevi u registru:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> No action taken.

Inficirane vrednosti u registru:
(Maliciozne stavke nisu detektovane)

Inficirani podaci u registru:
(Maliciozne stavke nisu detektovane)

Inficirane fascikle:
(Maliciozne stavke nisu detektovane)

Inficirane datoteke:
(Maliciozne stavke nisu detektovane)



Evo i HT loga:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:32 AM, on 7/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Milan\Desktop\Pomoc\TR3.exe..exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB00982 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll
O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c98d25e3423983) (gupdate1c98d25e3423983) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9690 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zdravo,


Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-07-04.04 - Milan 07/05/2009 11:12.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.547 [GMT 2:00]
Running from: c:\documents and settings\Milan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1766a7.msp
c:\windows\Installer\1766bd.msp
c:\windows\Installer\1766d7.msp
c:\windows\Installer\1766ee.msp
c:\windows\Installer\176706.msp
c:\windows\Installer\17671c.msp
c:\windows\Installer\47011.msp
c:\windows\Installer\4703c.msp
c:\windows\Installer\47052.msp
c:\windows\Installer\4706a.msp
c:\windows\Installer\47085.msp
c:\windows\Installer\6ebaf.msp
c:\windows\Installer\6ebc6.msp

.
((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.

2009-07-05 09:07 . 2009-07-04 22:39 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-05 09:07 . 2009-07-04 22:39 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-05 09:07 . 2009-07-04 22:39 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-05 09:07 . 2009-07-04 22:39 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-05 09:07 . 2009-07-04 22:39 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-05 09:07 . 2009-07-04 22:39 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-05 09:07 . 2009-07-04 22:39 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-05 09:07 . 2009-07-04 22:38 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-05 09:07 . 2009-07-04 22:38 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-05 09:06 . 2009-07-04 22:35 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-05 09:06 . 2009-07-04 22:35 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-05 09:02 . 2009-07-05 09:02 -------- d-----w- c:\program files\Everstrike Software
2009-07-05 09:02 . 2009-07-05 09:02 -------- d-----w- c:\program files\Common Files\Everstrike Software
2009-07-04 22:40 . 2009-07-04 22:39 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-07-04 22:39 . 2009-06-14 14:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-04 22:39 . 2009-07-04 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-04 22:39 . 2009-07-04 22:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-20 13:08 . 2009-06-20 14:57 -------- d-----w- c:\documents and settings\Milan\Local Settings\Application Data\ant.com
2009-06-20 13:06 . 2009-06-20 13:06 -------- d-----w- c:\program files\Antbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 09:07 . 2008-12-02 18:47 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-05 00:02 . 2008-12-02 18:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 22:39 . 2008-12-02 18:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-04 22:39 . 2008-12-02 18:47 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-04 22:35 . 2009-02-12 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-27 23:52 . 2008-12-04 04:14 40 ----a-w- c:\windows\popcinfo.dat
2009-06-21 14:47 . 2009-02-27 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-21 14:23 . 2008-12-03 22:45 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 09:27 . 2008-12-02 18:48 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2008-12-02 18:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-13 12:03 . 2009-04-24 22:04 -------- d-----w- c:\program files\Look@LAN
2009-05-19 21:07 . 2009-02-12 15:21 -------- d-----w- c:\program files\Google
2009-05-13 09:03 . 2009-04-09 12:33 -------- d-----w- c:\documents and settings\Milan\Application Data\AdobeUM
2009-05-12 15:31 . 2009-02-24 20:40 -------- d-----w- c:\program files\AskBarDis
2009-05-10 21:16 . 2008-12-02 18:47 -------- d-----w- c:\documents and settings\Milan\Application Data\AVGTOOLBAR
2009-05-10 20:32 . 2009-05-10 20:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-05-10 20:32 . 2009-05-10 20:32 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-10 20:22 . 2009-05-10 20:20 -------- d-----w- c:\documents and settings\Milan\Application Data\Nokia
2009-05-10 20:22 . 2009-05-10 20:22 -------- d-----w- c:\documents and settings\Milan\Application Data\Nokia Multimedia Player
2009-05-10 20:20 . 2009-05-10 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-05-10 20:20 . 2009-05-10 20:20 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-10 20:20 . 2009-05-10 20:19 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-10 20:19 . 2009-05-10 20:19 -------- d-----w- c:\program files\Nokia
2009-05-10 20:19 . 2009-05-10 20:19 -------- d-----w- c:\program files\DIFX
2009-05-10 20:19 . 2009-05-10 20:19 -------- d-----w- c:\documents and settings\Milan\Application Data\PC Suite
2009-05-10 20:19 . 2009-05-10 20:19 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-10 20:18 . 2009-05-10 20:18 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstCCD.exe
2009-05-10 20:18 . 2009-05-10 20:18 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-10 20:18 . 2009-05-10 20:18 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCS.exe
2009-05-10 20:18 . 2009-05-10 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-05-10 17:34 . 2008-12-02 18:47 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-10 17:29 . 2009-05-10 09:51 -------- d-----w- c:\program files\Yahoo!
2009-05-10 09:51 . 2009-05-10 09:51 -------- d-----w- c:\documents and settings\Milan\Application Data\Yahoo!
2009-04-26 20:16 . 2009-01-17 16:01 5443 ----a-w- c:\program files\Yurecnik.ini
2009-04-24 22:37 . 2009-04-24 22:33 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-04-24 22:03 . 2009-04-24 22:04 720896 ----a-w- c:\windows\iun6002.exe
2009-04-12 22:42 . 2009-04-12 22:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-12 22:42 . 2009-04-12 22:42 152576 ----a-w- c:\documents and settings\Milan\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-01-17 16:03 . 2009-01-17 16:03 258 ----a-w- c:\program files\Mini-YuRecnik.ini
2009-01-17 15:59 . 2009-01-17 15:59 1998 ----a-w- c:\program files\uninstal.log
2009-01-17 15:59 . 1999-01-25 04:27 28702 ----a-w- c:\program files\Uninstal.exe
1999-08-02 09:47 . 1999-08-02 09:47 387072 ----a-w- c:\program files\YuRecnik.exe
1999-08-02 09:40 . 1999-08-02 09:40 219648 ----a-w- c:\program files\MiniYuRecnik.exe
1999-08-02 09:35 . 1999-08-02 09:35 9559 ----a-w- c:\program files\YURECNIK.HLP
1999-08-02 09:35 . 1999-08-02 09:35 57 ----a-w- c:\program files\Yurecnik.CNT
1999-07-29 09:43 . 1999-07-29 09:43 2447472 ----a-w- c:\program files\Reci.dat
1996-09-06 12:08 . 1996-09-06 12:08 30070 ----a-w- c:\program files\Fb_deflt.dic
1996-02-23 15:26 . 1996-02-23 15:26 469504 ----a-w- c:\program files\Fb_11k8.dll
1996-02-23 14:59 . 1996-02-23 14:59 34816 ----a-w- c:\program files\Fb_spch.dll
1996-02-23 14:48 . 1996-02-23 14:48 4608 ----a-w- c:\program files\Fb_timer.dll
1996-02-23 14:46 . 1996-02-23 14:46 29184 ----a-w- c:\program files\Fb_ngn.exe
1996-02-23 14:21 . 1996-02-23 14:21 16896 ----a-w- c:\program files\Uraspec.exe
1996-02-23 14:17 . 1996-02-23 14:17 18432 ----a-w- c:\program files\Dictmgr.exe
1993-11-29 08:32 . 1993-11-29 08:32 16896 ----a-w- c:\program files\Monologw.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 14:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-03-31 251264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-12 39408]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-04 1948440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-12 148888]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-03 16841216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-04 22:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58459:TCP"= 58459:TCP:Pando Media Booster
"58459:UDP"= 58459:UDP:Pando Media Booster

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/2/2008 8:47 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/2/2008 8:47 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/28/2008 4:28 PM 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/28/2008 4:28 PM 298776]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [11/19/2004 6:07 PM 101488]
S2 gupdate1c98d25e3423983;Google Update Service (gupdate1c98d25e3423983);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2009 5:23 PM 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LF30FS
.
Contents of the 'Scheduled Tasks' folder

2009-07-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-12 15:55]

2009-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 15:23]

2009-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 15:23]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-LFAgent - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uSearch Page = [Link mogu videti samo ulogovani korisnici]
uSearch Bar = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-07-05 11:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-05 11:18
ComboFix-quarantined-files.txt 2009-07-05 09:18

Pre-Run: 10,587,516,928 bytes free
Post-Run: 10,906,791,936 bytes free

199

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:


Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-

Folder::
c:\program files\Search Settings


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-07-04.05 - Milan 07/05/2009 11:48.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.413 [GMT 2:00]
Running from: c:\documents and settings\Milan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Milan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Milan\Application Data\.#
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.

2009-07-05 09:40 . 2009-07-05 09:40 180224 ----a-w- c:\windows\system32\WinVd32.sys
2009-07-05 09:40 . 2009-07-05 09:40 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2009-07-05 09:40 . 2009-07-05 09:40 10752 ----a-w- c:\windows\system32\WinFLdrv.sys
2009-07-05 09:39 . 2009-07-05 09:39 -------- d-----w- c:\program files\Folder Lock 6
2009-07-05 09:07 . 2009-07-04 22:39 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-05 09:07 . 2009-07-04 22:39 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-05 09:07 . 2009-07-04 22:39 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-05 09:07 . 2009-07-04 22:39 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-05 09:07 . 2009-07-04 22:39 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-05 09:07 . 2009-07-04 22:39 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-05 09:07 . 2009-07-04 22:39 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-05 09:07 . 2009-07-04 22:38 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-05 09:07 . 2009-07-04 22:38 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-05 09:06 . 2009-07-04 22:35 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-05 09:06 . 2009-07-04 22:35 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-05 09:02 . 2009-07-05 09:38 -------- d-----w- c:\program files\Everstrike Software
2009-07-05 09:02 . 2009-07-05 09:02 -------- d-----w- c:\program files\Common Files\Everstrike Software
2009-07-04 22:40 . 2009-07-04 22:39 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-07-04 22:39 . 2009-06-14 14:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-04 22:39 . 2009-07-04 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-04 22:39 . 2009-07-04 22:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-20 13:08 . 2009-06-20 14:57 -------- d-----w- c:\documents and settings\Milan\Local Settings\Application Data\ant.com
2009-06-20 13:06 . 2009-06-20 13:06 -------- d-----w- c:\program files\Antbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 09:07 . 2008-12-02 18:47 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-05 00:02 . 2008-12-02 18:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 22:39 . 2008-12-02 18:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-04 22:39 . 2008-12-02 18:47 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-04 22:35 . 2009-02-12 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-27 23:52 . 2008-12-04 04:14 40 ----a-w- c:\windows\popcinfo.dat
2009-06-21 14:47 . 2009-02-27 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-21 14:23 . 2008-12-03 22:45 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 09:27 . 2008-12-02 18:48 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2008-12-02 18:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-13 12:03 . 2009-04-24 22:04 -------- d-----w- c:\program files\Look@LAN
2009-05-19 21:07 . 2009-02-12 15:21 -------- d-----w- c:\program files\Google
2009-05-13 09:03 . 2009-04-09 12:33 -------- d-----w- c:\documents and settings\Milan\Application Data\AdobeUM
2009-05-12 15:31 . 2009-02-24 20:40 -------- d-----w- c:\program files\AskBarDis
2009-05-10 21:16 . 2008-12-02 18:47 -------- d-----w- c:\documents and settings\Milan\Application Data\AVGTOOLBAR
2009-05-10 20:32 . 2009-05-10 20:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-05-10 20:32 . 2009-05-10 20:32 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-10 20:22 . 2009-05-10 20:20 -------- d-----w- c:\documents and settings\Milan\Application Data\Nokia
2009-05-10 20:22 . 2009-05-10 20:22 -------- d-----w- c:\documents and settings\Milan\Application Data\Nokia Multimedia Player
2009-05-10 20:20 . 2009-05-10 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-05-10 20:20 . 2009-05-10 20:20 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-10 20:20 . 2009-05-10 20:19 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-10 20:19 . 2009-05-10 20:19 -------- d-----w- c:\program files\Nokia
2009-05-10 20:19 . 2009-05-10 20:19 -------- d-----w- c:\program files\DIFX
2009-05-10 20:19 . 2009-05-10 20:19 -------- d-----w- c:\documents and settings\Milan\Application Data\PC Suite
2009-05-10 20:19 . 2009-05-10 20:19 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-10 20:18 . 2009-05-10 20:18 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstCCD.exe
2009-05-10 20:18 . 2009-05-10 20:18 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-10 20:18 . 2009-05-10 20:18 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCS.exe
2009-05-10 20:18 . 2009-05-10 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-05-10 17:34 . 2008-12-02 18:47 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-10 17:29 . 2009-05-10 09:51 -------- d-----w- c:\program files\Yahoo!
2009-05-10 09:51 . 2009-05-10 09:51 -------- d-----w- c:\documents and settings\Milan\Application Data\Yahoo!
2009-04-26 20:16 . 2009-01-17 16:01 5443 ----a-w- c:\program files\Yurecnik.ini
2009-04-24 22:37 . 2009-04-24 22:33 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-04-24 22:03 . 2009-04-24 22:04 720896 ----a-w- c:\windows\iun6002.exe
2009-04-12 22:42 . 2009-04-12 22:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-12 22:42 . 2009-04-12 22:42 152576 ----a-w- c:\documents and settings\Milan\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-01-17 16:03 . 2009-01-17 16:03 258 ----a-w- c:\program files\Mini-YuRecnik.ini
2009-01-17 15:59 . 2009-01-17 15:59 1998 ----a-w- c:\program files\uninstal.log
2009-01-17 15:59 . 1999-01-25 04:27 28702 ----a-w- c:\program files\Uninstal.exe
1999-08-02 09:47 . 1999-08-02 09:47 387072 ----a-w- c:\program files\YuRecnik.exe
1999-08-02 09:40 . 1999-08-02 09:40 219648 ----a-w- c:\program files\MiniYuRecnik.exe
1999-08-02 09:35 . 1999-08-02 09:35 9559 ----a-w- c:\program files\YURECNIK.HLP
1999-08-02 09:35 . 1999-08-02 09:35 57 ----a-w- c:\program files\Yurecnik.CNT
1999-07-29 09:43 . 1999-07-29 09:43 2447472 ----a-w- c:\program files\Reci.dat
1996-09-06 12:08 . 1996-09-06 12:08 30070 ----a-w- c:\program files\Fb_deflt.dic
1996-02-23 15:26 . 1996-02-23 15:26 469504 ----a-w- c:\program files\Fb_11k8.dll
1996-02-23 14:59 . 1996-02-23 14:59 34816 ----a-w- c:\program files\Fb_spch.dll
1996-02-23 14:48 . 1996-02-23 14:48 4608 ----a-w- c:\program files\Fb_timer.dll
1996-02-23 14:46 . 1996-02-23 14:46 29184 ----a-w- c:\program files\Fb_ngn.exe
1996-02-23 14:21 . 1996-02-23 14:21 16896 ----a-w- c:\program files\Uraspec.exe
1996-02-23 14:17 . 1996-02-23 14:17 18432 ----a-w- c:\program files\Dictmgr.exe
1993-11-29 08:32 . 1993-11-29 08:32 16896 ----a-w- c:\program files\Monologw.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 14:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-03-31 251264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-12 39408]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-04 1948440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-12 148888]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-03 16841216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-04 22:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58459:TCP"= 58459:TCP:Pando Media Booster
"58459:UDP"= 58459:UDP:Pando Media Booster

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/2/2008 8:47 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/2/2008 8:47 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/28/2008 4:28 PM 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/28/2008 4:28 PM 298776]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [7/5/2009 11:40 AM 10752]
RUnknown LF30FS;LF30FS; [x]
S2 gupdate1c98d25e3423983;Google Update Service (gupdate1c98d25e3423983);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2009 5:23 PM 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LF30FS
*NewlyCreated* - WINFLDRV
*NewlyCreated* - WINVD32
.
Contents of the 'Scheduled Tasks' folder

2009-07-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-12 15:55]

2009-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 15:23]

2009-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 15:23]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uSearch Page = [Link mogu videti samo ulogovani korisnici]
uSearch Bar = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-07-05 11:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\sys_drv.dat 6024 bytes
c:\windows\system32\sys_drv_2.dat 5020 bytes
c:\documents and settings\Milan\Application Data\systemfl.$dk 990 bytes

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-05 11:52
ComboFix-quarantined-files.txt 2009-07-05 09:52
ComboFix2.txt 2009-07-05 09:18

Pre-Run: 10,898,538,496 bytes free
Post-Run: 10,884,243,456 bytes free

199

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ima li sada nekih problema?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sada je sve ok. Hvala puno.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.