Trazi da se resetuje windows

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 06 Sep 2009 11:18

Od jutros imam problem da mi sistem trazi cd za reset operativnog sistema windows service pack 3. inaci mi je i eset smart security 4 blokiran.Inace imam kablovski internet FLAT 2 mb/s.Molim za pomoc.
mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 06 Sep 2009 11:19

DDS (Ver_09-07-30.01) - NTFSx86
Run by Crni at 10:31:46.54 on Sun 09/06/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1449 [GMT 2:00]

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\713xRMTMon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Crni\Application Data\Transcend\SJelite3\SJelite3Launch.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\WINDOWS\713xRMT.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Crni\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.gamingharbor.com/
mWinlogon: Userinit=userinit.exe,,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {CDBFB47B-58A8-4111-BF95-06178DCE326D} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SJelite3Launch] c:\documents and settings\crni\application data\transcend\sjelite3\SJelite3Launch.exe
uRun: [Uniblue SpeedUpMyPC] c:\program files\uniblue\speedupmypc 3\SpeedUpMyPC.exe -s
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TV Card Remote Control Device Monitor] c:\windows\713xRMTMon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
StartupFolder: c:\docume~1\crni\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\schedu~1.lnk - c:\program files\honestech\honestech tvr\scheduleTV.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\di recnik\diie.htm
IE: Translate with Di dictionary -
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {CD759611-BC6B-4C08-86DA-12B4A6CA8414} = 89.216.45.193
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SSODL: PrvXbICXdTKsP - {0416AF99-AEBC-0533-0CA1-3D824BA15A9E} - c:\windows\system32\pzv.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\crni\applic~1\mozilla\firefox\profiles\d9988btl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-23 64160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [2009-5-23 279552]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-2-6 727720]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
R2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2009-5-23 25984]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\anti trojan elite\atepmon.sys --> c:\program files\anti trojan elite\ATEPMon.sys [?]

=============== Created Last 30 ================

2009-09-06 10:07 79 a------- c:\windows\system32\asr_zwojq
2009-09-01 20:11 <DIR> --d----- c:\program files\Sparkle
2009-09-01 20:06 <DIR> --d----- c:\program files\FunPause Atlantis
2009-09-01 20:04 4,096 a------- c:\windows\d3dx.dat
2009-09-01 20:03 <DIR> --d----- c:\docume~1\crni\applic~1\Wildfire

==================== Find3M ====================

2009-09-06 10:07 171,995 ---shr-- c:\windows\fonts\unwise_.exe
2009-06-21 19:33 32 a------- c:\docume~1\crni\applic~1\svighost.dll
2009-05-31 17:40 151 a------- c:\documents and settings\crni\check.bat

============= FINISH: 10:31:57.28 ===============

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav.

Prvo mi uploaduj sledeće file_ove:

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe

http://www.mycity.rs/ambulanta-upload.php

Onda isprati sledeće uputstvo.


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Primetio sam da mi je sve usporeno,a uspeo sam da deinstaliram eset
mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png


ComboFix 09-09-05.03 - Crni 09/06/2009 13:14.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1553 [GMT 2:00]
Running from: c:\documents and settings\Crni\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\b2k8o4l4q3z1.exe
c:\documents and settings\Crni\Local Settings\Application Data\DoubleD
c:\windows\Fonts\unwise_.exe
c:\windows\logfile32.txt

Infected copy of c:\windows\system32\lsass.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D1B66253-F4B9-47A1-B37A-0E1BF9924A1A}\RP122\A0040040.exe

Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D1B66253-F4B9-47A1-B37A-0E1BF9924A1A}\RP122\A0040038.exe

Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D1B66253-F4B9-47A1-B37A-0E1BF9924A1A}\RP122\A0040034.exe

Infected copy of c:\windows\system32\spoolsv.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D1B66253-F4B9-47A1-B37A-0E1BF9924A1A}\RP122\A0040042.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{D1B66253-F4B9-47A1-B37A-0E1BF9924A1A}\RP122\A0040044.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_HOSTS_CONTROLLER


((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.

2009-09-06 08:43 . 2009-09-06 08:43 90112 --sh--r- c:\windows\system32\drivers\ati2evxx.exe
2009-09-06 08:43 . 2009-09-06 08:43 90112 ----a-w- c:\windows\system32\71.scr
2009-09-01 18:06 . 2009-09-06 09:53 -------- d-----w- c:\program files\FunPause Atlantis
2009-09-01 18:04 . 2009-09-01 18:04 4096 ----a-w- c:\windows\d3dx.dat
2009-09-01 18:03 . 2009-09-01 18:05 -------- d-----w- c:\documents and settings\Crni\Application Data\Wildfire
2009-08-21 17:45 . 2009-08-21 17:45 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 11:17 . 2009-05-23 13:43 -------- d-----w- c:\program files\DNA
2009-09-06 11:17 . 2009-05-23 13:43 -------- d-----w- c:\documents and settings\Crni\Application Data\DNA
2009-09-06 10:47 . 2009-07-31 12:29 -------- d-----w- c:\documents and settings\Crni\Application Data\SolSuite
2009-09-06 10:29 . 2009-05-23 20:54 -------- d-----w- c:\documents and settings\Crni\Application Data\uTorrent
2009-09-02 12:43 . 2009-05-24 16:17 -------- d-----w- c:\program files\Simple Port Forwarding
2009-09-01 18:03 . 2009-05-24 14:08 -------- d-----w- c:\program files\GameHouse
2009-08-24 13:49 . 2009-05-24 14:05 16 ----a-w- c:\windows\popcinfo.dat
2009-08-03 11:08 . 2009-08-03 11:08 -------- d-----w- c:\documents and settings\Crni\Application Data\Xilisoft Corporation
2009-08-03 11:08 . 2009-08-03 11:08 -------- d-----w- c:\program files\Xilisoft
2009-07-31 12:29 . 2009-07-31 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\TreeCardGames
2009-07-31 12:29 . 2009-07-31 12:29 -------- d-----w- c:\program files\SolSuite
2009-07-31 11:50 . 2009-07-31 11:40 -------- d-----w- c:\program files\Bit Che
2009-07-31 11:50 . 2009-07-31 11:50 -------- d-----w- c:\documents and settings\Crni\Application Data\Convivea
2009-07-28 19:55 . 2009-05-23 13:12 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-28 13:07 . 2009-07-28 13:07 -------- d-----w- c:\program files\EASEUS
2009-07-28 13:06 . 2009-05-23 13:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 10:38 . 2009-07-28 10:38 -------- d-----w- c:\documents and settings\Crni\Application Data\Thinstall
2009-07-20 17:35 . 2009-07-20 17:35 -------- d-----w- c:\program files\CCleaner
2009-07-19 05:56 . 2009-07-19 05:50 -------- d-----w- c:\program files\Ice Age 3
2009-07-18 17:21 . 2009-05-23 13:50 -------- d-----w- c:\program files\MSN Messenger
2009-07-14 11:02 . 2009-05-23 13:41 -------- d-----w- c:\program files\Mv2Player
2009-07-11 23:54 . 2009-07-10 11:21 -------- d-----w- c:\program files\Trojan Remover
2009-06-21 17:33 . 2009-06-21 17:33 32 ----a-w- c:\documents and settings\Crni\Application Data\svighost.dll
.

------- Sigcheck -------

[-] 195BC0B718B2B72B5EEAD5353E03188E [5.1.2600.5512 (xpsp.080413-2113)] c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-23 342848]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SJelite3Launch"="c:\documents and settings\Crni\Application Data\Transcend\SJelite3\SJelite3Launch.exe" [2008-06-23 176128]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2009-06-03 9495832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-28 86016]
"TV Card Remote Control Device Monitor"="c:\windows\713xRMTMon.exe" [2007-06-29 352256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-06 520024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"Microsoft Driver Setup"="c:\windows\system32\drivers\ati2evxx.exe" [2009-09-06 90112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-28 1626112]

c:\documents and settings\Crni\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Scheduler for OEM.lnk - c:\program files\honestech\honestech TVR\scheduleTV.exe [2009-5-23 307200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55223:TCP"= 55223:TCP:utorrent
"55223:UDP"= 55223:UDP:utorrent2
"9999:TCP"= 9999:TCP:PORT1
"9991:TCP"= 9991:TCP:PORT2
"1013:TCP"= 1013:TCP:BS
"10167:TCP"= 10167:TCP:FD

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/23/2009 4:00 PM 64160]
R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [5/23/2009 3:27 PM 279552]
R2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [5/23/2009 3:27 PM 25984]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 11:34 PM 1029456]
.
Contents of the 'Scheduled Tasks' folder

2009-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:05]
.
- - - - ORPHANS REMOVED - - - -

SSODL-PrvXbICXdTKsP-{0416AF99-AEBC-0533-0CA1-3D824BA15A9E} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.gamingharbor.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Translate with Di dictionary -
TCP: {CD759611-BC6B-4C08-86DA-12B4A6CA8414} = 89.216.45.193
FF - ProfilePath - c:\documents and settings\Crni\Application Data\Mozilla\Firefox\Profiles\d9988btl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-09-06 13:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = c:\windows\713xRMTMon.exe????|??????????T?a?XE5?x????????}??????????????x???????????????????x?5??????@5?????????????????x?5?a???`E5?????????T?a?x?5?m?a?x??????????????|0E5??|???????????????|???????????????????????????????????|??h????????????|??(????|????A????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\713xRMT.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-09-06 13:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-06 11:19

Pre-Run: 64,217,178,112 bytes free
Post-Run: 64,121,282,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

176

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:


File::
c:\windows\system32\drivers\ati2evxx.exe
c:\windows\system32\71.scr
c:\documents and settings\Crni\Application Data\svighost.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Driver Setup"=-

FCOPY::
c:\windows\system32\winlogon.tmp|c:\windows\system32\winlogon.exe


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-09-05.03 - Crni 09/06/2009 17:54.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1597 [GMT 2:00]
Running from: c:\documents and settings\Crni\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Crni\Desktop\CFScript.tht.txt

FILE ::
"c:\documents and settings\Crni\Application Data\svighost.dll"
"c:\windows\system32\71.scr"
"c:\windows\system32\drivers\ati2evxx.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\b2k8o4l4q3z1.exe
c:\documents and settings\Crni\Application Data\svighost.dll
c:\windows\logfile32.txt
c:\windows\system32\71.scr
c:\windows\system32\drivers\ati2evxx.exe

.
--------------- FCopy ---------------

c:\windows\system32\winlogon.tmp --> c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.

2009-09-01 18:06 . 2009-09-06 09:53 -------- d-----w- c:\program files\FunPause Atlantis
2009-09-01 18:04 . 2009-09-01 18:04 4096 ----a-w- c:\windows\d3dx.dat
2009-09-01 18:03 . 2009-09-01 18:05 -------- d-----w- c:\documents and settings\Crni\Application Data\Wildfire
2009-08-21 17:45 . 2009-08-21 17:45 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 15:52 . 2009-05-23 13:43 -------- d-----w- c:\program files\DNA
2009-09-06 15:52 . 2009-05-23 13:43 -------- d-----w- c:\documents and settings\Crni\Application Data\DNA
2009-09-06 15:46 . 2009-05-23 20:54 -------- d-----w- c:\documents and settings\Crni\Application Data\uTorrent
2009-09-06 10:47 . 2009-07-31 12:29 -------- d-----w- c:\documents and settings\Crni\Application Data\SolSuite
2009-09-02 12:43 . 2009-05-24 16:17 -------- d-----w- c:\program files\Simple Port Forwarding
2009-09-01 18:03 . 2009-05-24 14:08 -------- d-----w- c:\program files\GameHouse
2009-08-24 13:49 . 2009-05-24 14:05 16 ----a-w- c:\windows\popcinfo.dat
2009-08-03 11:08 . 2009-08-03 11:08 -------- d-----w- c:\documents and settings\Crni\Application Data\Xilisoft Corporation
2009-08-03 11:08 . 2009-08-03 11:08 -------- d-----w- c:\program files\Xilisoft
2009-07-31 12:29 . 2009-07-31 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\TreeCardGames
2009-07-31 12:29 . 2009-07-31 12:29 -------- d-----w- c:\program files\SolSuite
2009-07-31 11:50 . 2009-07-31 11:40 -------- d-----w- c:\program files\Bit Che
2009-07-31 11:50 . 2009-07-31 11:50 -------- d-----w- c:\documents and settings\Crni\Application Data\Convivea
2009-07-28 19:55 . 2009-05-23 13:12 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-28 13:07 . 2009-07-28 13:07 -------- d-----w- c:\program files\EASEUS
2009-07-28 13:06 . 2009-05-23 13:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 10:38 . 2009-07-28 10:38 -------- d-----w- c:\documents and settings\Crni\Application Data\Thinstall
2009-07-20 17:35 . 2009-07-20 17:35 -------- d-----w- c:\program files\CCleaner
2009-07-19 05:56 . 2009-07-19 05:50 -------- d-----w- c:\program files\Ice Age 3
2009-07-18 17:21 . 2009-05-23 13:50 -------- d-----w- c:\program files\MSN Messenger
2009-07-14 11:02 . 2009-05-23 13:41 -------- d-----w- c:\program files\Mv2Player
2009-07-11 23:54 . 2009-07-10 11:21 -------- d-----w- c:\program files\Trojan Remover
.

((((((((((((((((((((((((((((( SnapShot@2009-09-06_11.18.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 11:42 . 2008-04-14 03:42 507904 c:\windows\system32\dllcache\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-23 342848]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SJelite3Launch"="c:\documents and settings\Crni\Application Data\Transcend\SJelite3\SJelite3Launch.exe" [2008-06-23 176128]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2009-06-03 9495832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-28 86016]
"TV Card Remote Control Device Monitor"="c:\windows\713xRMTMon.exe" [2007-06-29 352256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-06 520024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-28 1626112]

c:\documents and settings\Crni\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Scheduler for OEM.lnk - c:\program files\honestech\honestech TVR\scheduleTV.exe [2009-5-23 307200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55223:TCP"= 55223:TCP:utorrent
"55223:UDP"= 55223:UDP:utorrent2
"9999:TCP"= 9999:TCP:PORT1
"9991:TCP"= 9991:TCP:PORT2
"1013:TCP"= 1013:TCP:BS
"10167:TCP"= 10167:TCP:FD

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/23/2009 4:00 PM 64160]
R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [5/23/2009 3:27 PM 279552]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 11:34 PM 1029456]
R2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [5/23/2009 3:27 PM 25984]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.gamingharbor.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Translate with Di dictionary -
TCP: {CD759611-BC6B-4C08-86DA-12B4A6CA8414} = 89.216.45.193
FF - ProfilePath - c:\documents and settings\Crni\Application Data\Mozilla\Firefox\Profiles\d9988btl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-09-06 17:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = c:\windows\713xRMTMon.exe????|??????????T?a?XE5?x????????}??????????????x???????????????????x?5??????@5?????????????????x?5?a???`E5?????????T?a?x?5?m?a?x??????????????|0E5??|???????????????|???????????????????????????????????|??h????????????|??(????|????A????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-09-06 17:56
ComboFix-quarantined-files.txt 2009-09-06 15:56
ComboFix2.txt 2009-09-06 11:19

Pre-Run: 64,136,298,496 bytes free
Post-Run: 64,105,496,576 bytes free

150

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Za sada je zadovoljavajuce.brzi je i konekcija je zasada stabilna hvala

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Isprati još sledeće uputstvo...


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

uradjeno.Hvala puno