Novi problem sa trojancima

Novi problem sa trojancima

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

Ni dve nedelje od prošle zaraze, opet problem.! Rekao bi neko da sam promiskuitetan, ali nisam. Jedva da sam seo za računar, samo sam skinuo par filmova sa rapid-a, malo mejla, malo fejsa i to je to, kad Avira prijavi:

Virus or unwanted program 'TR/FakeAV.CO.7356 [trojan]'
detected in file 'C:\WINDOWS\Itukob.exe.
Action performed: Move file to quarantine

i

Error detected in AntiVir Guard.
Error message: Action failed for file: C:\WINDOWS\Itukob.exe
Error code: [0x00000005 - Access is denied.].
pa:

Virus or unwanted program 'TR/FakeAV.CO.6998 [trojan]'
Virus or unwanted program 'TR/Agent.190464 [trojan]'

pokušavao karantin, brisanje... ništa i na kraju:

The file 'G:\FILMOVI\Prince of Persia The Sands of Time.avi'
contained a virus or unwanted program 'EXP/ASF.GetCodec.Gen' [exploit]
Action(s) taken:
An error has occurred and the file was not deleted. ErrorID: 26001.
Failed!
Attempting to perform action using the ARK library.
The file was moved to '4956b0f9.qua'!

Fajl tj. film kojeg nemam na računaru(obrisan).

Kao da me neko bombarduje sa ovim malwerima...
Pomažite ako imate kad..!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Darko at 0:34:49,75 on pon 22.03.2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.558 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\kxmixer.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
C:\WINDOWS\PixArt\PAP7501\PACTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Darko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darko\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\axcmd.exe" /automount
uRun: [WinFast Schedule] c:\program files\winfast\wfdtv\WFWIZ.exe
uRun: [Google Update] "c:\documents and settings\darko\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [TOY5KNQ8OC] c:\docume~1\darko\locals~1\temp\Icr.exe
uRun: [WEK9EMDHI9] c:\windows\Itukob.exe
mRun: [kX Mixer] kxmixer --startup
mRun: [USBFW] c:\program files\net studio\usb firewall\USB FireWall.exe
mRun: [WinFastDTV] c:\program files\winfast\wfdtv\DTVSchdl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [GUCI_AVS] c:\windows\pixart\pap7501\GUCI_AVS.exe
mRun: [PACTray] c:\windows\pixart\pap7501\PACTray.exe
mRun: [combofix] "c:\combofix\cf5264.cfxxe" /c "c:\combofix\C.bat"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\darko\startm~1\programs\startup\thoosj~1.lnk - c:\program files\thoosje vista sidebar\Thoosje Sidebar.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-12 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-12 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-12 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-12 56816]
R2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2010-1-12 1594944]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2004-2-16 571776]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [2008-12-25 433792]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-13 135664]
S3 DigiPnp;DigiPnp;c:\windows\system32\drivers\Digipnp.sys [2004-9-27 6146]
S3 DVcam;DVCam Capture;c:\windows\system32\drivers\DVcam.sys [2005-9-29 42511]
S3 G400RT2K;G400RT2K;c:\windows\system32\drivers\g400RT2Km.sys [2004-9-27 325627]
S3 GUCI_AVS;USB2.0 VGA Video Device;c:\windows\system32\drivers\GUCI_AVS.sys [2010-2-26 581120]
S3 MtxVxd;MtxVxd;c:\windows\system32\drivers\MTXVXD.SYS [2005-3-27 5604]
S3 Ndisusb;GeneLink Network Driver;c:\windows\system32\drivers\genelan.sys --> c:\windows\system32\drivers\genelan.sys [?]
S3 RTPP2K;RTPP2K;c:\windows\system32\drivers\rtpp2k.sys [2001-4-29 87374]
S3 USBHSB;GeneLink USB Driver;c:\windows\system32\drivers\glkusb.sys [2005-10-31 10752]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [2005-10-31 37616]
S3 VNic;ULan Network Driver Module;c:\windows\system32\drivers\vnic.sys --> c:\windows\system32\drivers\VNic.sys [?]
S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2007-5-28 275968]

=============== Created Last 30 ================

2010-03-13 23:12:19 1409 ----a-w- c:\windows\QTFont.for
2010-03-13 23:12:18 54156 ---ha-w- c:\windows\QTFont.qfn
2010-03-11 20:06:42 9913 ----a-w- c:\windows\system32\QuickTime.qtp
2010-03-11 20:06:33 0 d-----w- c:\windows\system32\QuickTime
2010-03-10 10:25:11 2 ----a-w- c:\windows\system32\Dvbpws.dll
2010-03-09 10:29:41 0 d-sha-r- C:\cmdcons
2010-03-05 11:28:52 0 d---a-r- C:\autorun.inf
2010-02-28 23:57:02 0 d-----w- c:\program files\common files\DivX Shared
2010-02-26 22:28:45 230436 ----a-w- C:\PAP7501.dat
2010-02-26 10:57:32 0 d-----w- c:\program files\Video Power
2010-02-26 10:49:28 7168 ----a-w- c:\windows\system32\COINST_080603.dll
2010-02-26 10:49:28 581120 ----a-w- c:\windows\system32\drivers\GUCI_AVS.sys
2010-02-26 10:49:23 2057 ----a-w- c:\windows\system32\GUCI_AVS.ini
2010-02-26 10:49:22 114688 ----a-w- c:\windows\system32\PixArt.ax
2010-02-26 10:49:19 0 d-----w- c:\windows\PixArt
2010-02-26 10:49:18 14336 ----a-w- c:\windows\system32\GUCI_AVS.dll
2010-02-26 10:49:17 165376 ----a-w- c:\windows\system32\GUCI_AVS.ax
2010-02-26 10:49:17 0 d-----w- c:\program files\common files\PAP7501
2010-02-26 10:48:50 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-02-26 10:48:50 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-02-26 10:43:32 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2010-02-26 10:43:32 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-02-26 10:43:26 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-02-26 10:43:26 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

==================== Find3M ====================

2010-01-15 01:59:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-14 10:32:57 499712 ----a-w- c:\windows\system32\msvcp71.dll
2004-11-26 14:21:58 8 -csh--r- c:\windows\system32\252C124488.sys
2005-02-07 12:11:19 152 -csh--r- c:\windows\system32\B415CD33AB.sys
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2006-12-29 16:52:44 10434 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 0:35:24,10 ===============



mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zdravo,

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

ComboFix 10-03-21.03 - Darko 22.03.2010 10:36:22.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.685 [GMT 1:00]
Running from: c:\documents and settings\Darko\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Dvbpws.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-02-22 to 2010-03-22 )))))))))))))))))))))))))))))))
.

2010-03-11 23:00 . 2010-03-11 23:00 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-11 23:00 . 2010-03-11 23:00 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-11 23:00 . 2010-03-11 23:00 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-11 23:00 . 2010-03-11 23:00 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-11 23:00 . 2010-03-11 23:00 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-11 23:00 . 2010-03-11 23:00 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-11 23:00 . 2010-03-11 23:00 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-11 23:00 . 2010-03-11 23:00 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-11 22:51 . 2010-03-11 22:51 734728 ----a-w- c:\documents and settings\Darko\Application Data\Real\RealPlayer\setup\AU_setup12.exe
2010-03-11 20:06 . 2010-03-11 20:07 -------- d-----w- c:\program files\QuickTime
2010-03-11 20:06 . 2010-03-11 20:07 -------- d-----w- c:\windows\system32\QuickTime
2010-02-28 23:57 . 2010-02-28 23:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-26 22:28 . 2010-02-26 22:38 230436 ----a-w- C:\PAP7501.dat
2010-02-26 10:57 . 2010-02-26 10:57 -------- d-----w- c:\program files\Video Power
2010-02-26 10:49 . 2008-12-23 19:54 581120 ----a-w- c:\windows\system32\drivers\GUCI_AVS.sys
2010-02-26 10:49 . 2008-06-03 15:59 7168 ----a-w- c:\windows\system32\COINST_080603.dll
2010-02-26 10:49 . 2010-02-26 10:49 -------- d-----w- c:\windows\PixArt
2010-02-26 10:49 . 2006-10-12 10:57 14336 ----a-w- c:\windows\system32\GUCI_AVS.dll
2010-02-26 10:49 . 2010-02-26 10:49 -------- d-----w- c:\program files\Common Files\PAP7501
2010-02-26 10:48 . 2004-08-03 22:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-02-26 10:48 . 2004-08-03 22:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-02-26 10:43 . 2004-08-03 22:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-02-26 10:43 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 20:20 . 2010-01-13 09:30 -------- d-----w- c:\documents and settings\Darko\Application Data\Skype
2010-03-20 20:12 . 2010-01-13 09:36 -------- d-----w- c:\documents and settings\Darko\Application Data\skypePM
2010-03-20 00:21 . 2010-01-15 02:00 -------- d-----w- c:\program files\JDownloader
2010-03-11 23:00 . 2010-01-14 10:32 -------- d-----w- c:\program files\Common Files\Real
2010-03-11 22:59 . 2010-01-14 10:32 -------- d-----w- c:\program files\Real
2010-03-11 22:31 . 2010-01-08 14:20 -------- d-----w- c:\documents and settings\Darko\Application Data\ArcSoft
2010-03-11 22:31 . 2010-01-08 14:19 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-03-05 02:19 . 2010-01-15 01:56 -------- d-----w- c:\documents and settings\Darko\Application Data\Azureus
2010-03-05 02:11 . 2010-01-15 01:55 -------- d-----w- c:\program files\Vuze
2010-02-28 23:57 . 2005-01-23 15:54 -------- d-----w- c:\program files\DivX
2010-02-26 10:49 . 2004-09-27 20:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-18 20:46 . 2010-01-22 10:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-09 21:25 . 2010-02-09 21:24 -------- d-----w- c:\program files\LEGO Island
2010-02-05 10:10 . 2010-02-02 21:21 80896 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\LZMA.dll
2010-02-05 10:10 . 2010-02-02 21:21 5632 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\Swap.dll
2010-02-05 10:10 . 2010-02-02 21:21 5120 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\Copy.dll
2010-02-05 10:10 . 2010-02-02 21:21 32256 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\Aes.dll
2010-02-05 10:10 . 2010-02-02 21:21 18944 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\Branch.dll
2010-02-05 10:10 . 2010-02-02 21:21 13824 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\7zAes.dll
2010-02-05 10:10 . 2010-02-02 21:21 129024 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Formats\7z.dll
2010-02-02 21:21 . 2010-02-02 21:21 -------- d-----w- c:\documents and settings\Darko\Application Data\Seven Zip
2010-01-29 09:34 . 2010-01-13 00:08 -------- d-----w- c:\program files\Google
2010-01-29 01:36 . 2010-01-14 00:50 -------- d-----w- c:\program files\Thoosje Vista Sidebar
2010-01-25 23:10 . 2010-01-25 23:10 -------- d-----w- c:\program files\URUSoft
2010-01-25 12:32 . 2010-01-25 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure
2010-01-25 02:33 . 2010-01-25 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-01-25 02:24 . 2009-09-08 10:00 -------- d-----w- c:\program files\ATI Technologies
2010-01-21 10:30 . 2004-09-29 21:23 -------- d-----w- c:\program files\InterVideo
2010-01-21 09:59 . 2005-09-13 10:42 -------- d-----w- c:\program files\Common Files\InterVideo
2010-01-18 17:37 . 2010-01-18 17:37 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-15 01:59 . 2010-01-15 02:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-15 01:58 . 2010-01-15 01:58 152576 ----a-w- c:\documents and settings\Darko\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2010-01-14 10:32 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-13 20:07 . 2010-01-12 20:06 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-13 09:36 . 2010-01-13 09:36 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-11 19:49 . 2005-01-16 12:31 366320 -c--a-w- c:\documents and settings\Darko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-07 15:07 . 2009-09-09 10:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-09-09 10:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2004-11-26 14:21 . 2004-11-26 14:21 8 -csh--r- c:\windows\system32\252C124488.sys
2005-02-07 12:11 . 2004-12-17 20:10 152 -csh--r- c:\windows\system32\B415CD33AB.sys
2006-05-03 10:06 . 2010-01-20 18:25 163328 --sh--r- c:\windows\system32\flvDX.dll
2006-12-29 16:52 . 2004-12-17 20:10 10434 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 . 2010-01-20 18:25 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-20 18:25 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2009-02-23 203416]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 2912256]
"Google Update"="c:\documents and settings\Darko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-13 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kX Mixer"="kxmixer --startup" [X]
"USBFW"="c:\program files\Net Studio\USB FireWall\USB FireWall.exe" [2008-09-01 1330688]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-10-02 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
"PACTray"="c:\windows\PixArt\PAP7501\PACTray.exe" [2008-11-14 319488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-11 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-11 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)
"idsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Darko\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
"c:\\Program Files\\JDownloader\\JDownloader.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 52\\ACID.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.1.2010 21:05 108289]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12.1.2010 20:06 1594944]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [16.2.2004 23:19 571776]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [25.12.2008 8:56 433792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.1.2010 1:08 135664]
S3 DigiPnp;DigiPnp;c:\windows\system32\drivers\Digipnp.sys [27.9.2004 21:15 6146]
S3 DVcam;DVCam Capture;c:\windows\system32\drivers\DVcam.sys [29.9.2005 23:15 42511]
S3 G400RT2K;G400RT2K;c:\windows\system32\drivers\g400RT2Km.sys [27.9.2004 20:50 325627]
S3 GUCI_AVS;USB2.0 VGA Video Device;c:\windows\system32\drivers\GUCI_AVS.sys [26.2.2010 11:49 581120]
S3 MtxVxd;MtxVxd;c:\windows\system32\drivers\MTXVXD.SYS [27.3.2005 16:50 5604]
S3 Ndisusb;GeneLink Network Driver;c:\windows\system32\DRIVERS\genelan.sys --> c:\windows\system32\DRIVERS\genelan.sys [?]
S3 RTPP2K;RTPP2K;c:\windows\system32\drivers\rtpp2k.sys [29.4.2001 23:54 87374]
S3 USBHSB;GeneLink USB Driver;c:\windows\system32\drivers\glkusb.sys [31.10.2005 17:34 10752]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [31.10.2005 17:28 37616]
S3 VNic;ULan Network Driver Module;c:\windows\system32\DRIVERS\VNic.sys --> c:\windows\system32\DRIVERS\VNic.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.3.2009 18:24 717296]
.
Contents of the 'Scheduled Tasks' folder

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 00:08]

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 00:08]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-651377827-682003330-1003Core.job
- c:\documents and settings\Darko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-13 00:08]

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-651377827-682003330-1003UA.job
- c:\documents and settings\Darko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-13 00:08]

2010-03-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-651377827-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-651377827-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WEK9EMDHI9 - c:\windows\Itukob.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-03-22 10:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-651377827-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]
@DACL=
"CTE_32 Name"="459544:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2453773:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{9616EE07-4AAF-494D-0789-CBC01BCBF7B6}\Version 1.1]
@DACL=
"dat"="806585365:{D518752D-0C5B-3B8A-43F0-199D3C970E8B}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2453794:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{3A118380-006B-D9D7-2CA8-D0A784756F32}*\Install*Loc\xga-1\dat]
@DACL=
"default"="516232500:{AA5E4DB0-32A9-5792-6C08-AC4B692DCFE1}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{9616EE07-4AAF-494D-0789-CBC01BCBF7B6}\Version 3.x]
@DACL=
"dat"="1767914624:{8E3D43F3-1ADB-A105-6F38-F1686A8DA622}"

[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver]
@DACL=
"KnownSvcs"="923714507:{6A539712-46C7-4E56-B112-C5268FCDD102}"

[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{57E5ADC1-B6F2-E550-86DB-E6F1E0F8A300}\xga-1\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234521119:{54115072-223B-3D3D-71C9-06759296E623}"

[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="9:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\kxmixer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-03-22 10:53:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-22 09:53
ComboFix2.txt 2010-03-09 22:30

Pre-Run: 5.030.039.552 bytes free
Post-Run: 4.969.500.672 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E663C78C819007280CD572661D0DCAB6

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Ima li sada problema?

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

Deluje da je sve OK. Avira ništa ne detektuje, sve radi kako treba.

Veliko Hvala.!

Btw.
Ima li nekog znaka kako je to stiglo do mene, jer kako rekoh, jedva da sam koristio računar ovih dana.(imam eksterni hard koji posreduje filmove među nekoliko računara, ali i tamo imam AV i ništa nije detektovano)

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Stvarno ne znam kako je stiglo do tebe, ja za razliku od tebe koji kazes da jedva koristis kompjuter, na netu blejim 10 sati, idem svugde, jurim viruse, idem na fejs i citam mail poruke pa nista nikad ne zakacim. Razz

Stvarno ne znam kako. Smile

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

Rešeno. Hvala još jednom.

Ko je trenutno na forumu
 

Ukupno su 855 korisnika na forumu :: 1 registrovan, 0 sakrivenih i 854 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: branko7