Poslao: 21 Feb 2011 18:45
|
offline
- radulovic
- Novi MyCity građanin
- Pridružio: 21 Feb 2011
- Poruke: 28
|
imam problem sa kompom,koci mi puno pa neznam jesu li virusi u pitanju ili nesto drugo,imam windows xp profesional service pack 2,Intel Celeron CPU 540 1.86 GHz 1,99gb RAM.OD ZASTITE KORISTIM avg antivirus i malwarebytes antymalware,pri skeniranju sam izbrisao nekoliko trojanaca ali ocigledno ne sve cim mi koci i dalje,imam pokrenuta 33 procesa i pf usage mi je velik oko 600 skoro stalno,nadam se da ce mi neko objasniti kako da rijesim problem,imam adsl konekciju,imam oko 40 filmova ina kompu ako to nesto zanci mada mi je dosta memorije prazno
DDS (Ver_10-12-12.02) - NTFSx86
Run by dzoni at 18:03:48,65 on pon 21.02.2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1254 [GMT 1:00]
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
============== Running Processes ===============
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\dzoni\My Documents\Downloads\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://start.facemoods.com
mSearchAssistant = hxxp://start.facemoods.com/?a=mnv&s={searchTerms}&f=4
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mWinlogon: UIHost=c:\windows\system32\logonui.exe
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java(tm) Plug-In 2 SSV Helper
TB: {EE9A4208-64EC-11DE-8440-204256D89593} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
TCP: {5C9E8E41-A12F-4AAE-A077-60447A35E9B5} = 195.66.189.137 195.66.189.138
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\dzoni\applic~1\mozilla\firefox\profiles\blmp8vnb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: AVG Security Toolbar em:version=5.008.027.003 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-8-16 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-8-16 5248]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2011-2-4 475736]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-2-18 93360]
R2 avgfws;AVG zaљtitni zid;c:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-11 363344]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-11 20952]
S2 AVP;AVP; [x]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-2-11 488776]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-8-3 36640]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys --> c:\windows\system32\drivers\ewusbdev.sys [?]
=============== Created Last 30 ================
2011-02-21 17:01:12 -------- d--h--w- c:\windows\PIF
2011-02-21 12:41:10 -------- d-----w- c:\docume~1\dzoni\applic~1\Uniblue
2011-02-20 19:44:44 -------- d-sh--w- c:\documents and settings\dzoni\IECompatCache
2011-02-18 13:24:11 -------- d-----w- c:\docume~1\dzoni\applic~1\PCTools
2011-02-18 13:14:18 -------- d-----w- c:\program files\common files\PC Tools
2011-02-18 12:17:40 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-17 21:42:02 -------- d-----w- c:\docume~1\dzoni\locals~1\applic~1\NPE
2011-02-17 21:23:50 -------- d-----w- c:\program files\CCleaner
2011-02-16 09:07:47 -------- d-----w- c:\program files\common files\ODBC
2011-02-16 09:05:24 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-02-14 17:33:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2011-02-14 17:31:43 -------- d-----w- c:\program files\LeeGT-Games
2011-02-11 17:03:08 -------- d-----w- c:\docume~1\dzoni\applic~1\Malwarebytes
2011-02-11 17:02:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 17:02:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-11 17:02:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-11 17:02:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-11 16:04:26 -------- d--h--w- C:\$AVG
2011-02-11 15:27:46 -------- d-----w- c:\docume~1\dzoni\locals~1\applic~1\AVG Security Toolbar
2011-02-11 15:26:57 -------- d-----w- c:\docume~1\dzoni\applic~1\AVG10
2011-02-11 15:25:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2011-02-11 15:24:32 -------- d-----w- c:\windows\system32\drivers\AVG
2011-02-11 15:24:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-02-11 15:24:08 -------- d-----w- c:\program files\AVG
2011-02-11 13:18:26 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2011-02-11 13:18:26 22 --sha-w- c:\docume~1\dzoni\applic~1\Sys6925.Config Collection.sys
2011-02-07 16:33:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2011-02-06 20:05:48 -------- d-----w- c:\docume~1\dzoni\locals~1\applic~1\Microsoft Help
2011-02-04 15:55:23 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2011-02-04 15:55:23 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2011-02-04 15:00:12 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-02-04 15:00:05 -------- d-----w- c:\program files\common files\xing shared
2011-02-04 14:59:53 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-02-04 14:59:49 100864 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-02-02 21:28:29 -------- d-----w- c:\windows\_ISTMP1.DIR
2011-02-02 21:22:05 -------- d-----w- c:\docume~1\dzoni\locals~1\applic~1\Google
2011-02-02 18:28:18 18944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2011-02-02 18:28:18 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-02-02 14:47:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 14:47:12 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-29 22:05:58 -------- d-----w- c:\docume~1\dzoni\locals~1\applic~1\PackageAware
2011-01-27 16:45:10 -------- d-----w- c:\windows\SxsCaPendDel
2011-01-26 15:17:49 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-01-26 14:43:34 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-01-26 14:36:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-01-26 14:27:23 -------- d-----w- C:\tmpDownload
2011-01-26 13:52:15 -------- d-----w- c:\docume~1\dzoni\applic~1\PriceGong
==================== Find3M ====================
2011-02-04 14:59:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-04 14:59:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr
============= FINISH: 18:04:56,59 ===============
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
|
|
|
|
|
Poslao: 21 Feb 2011 23:48
|
offline
- radulovic
- Novi MyCity građanin
- Pridružio: 21 Feb 2011
- Poruke: 28
|
bolje te nasao,skenirao sam bio komp sa dr web u safe mode pa mi zakocio totalno zato ne vidjeh odgovor i sad ti odgovaram ,nasao mi je zarazen fajl,u c/windows/system32 win32.hllw.gavir.ini,i pitao me da li da izlijecim i ja pretisnih da i on ga izbrisa ,kad ga je izbrisao pise datoteka hosts je promijenjena i nece raditi ispravno i pitao me da restore tu datoteku i j pretusnuh da,sad neznam sta se desilo da li je izbrisan taj virus ili sam izbrisao neku komponentu windowsa pojma nemam,ISPISAH OVO CISTO DA STE U UPUCENI,odradio sam ovo sto si napisao izbrisao sam avg diseble sam malware i skenirao sam sa combofixom ,samo nije mi nasao nista od kasperskog ,a imao sam kasperski prije mjesec dana i izbrisao sam ga i kad sam pokusao da ga ponovo instaliram nije hjeto nego je pisaolo da je ostao neki dio a sad mi kaze sa ovim programom nema kas na comp,evo ovaj log i cekam nova upustva
ComboFix 11-02-20.03 - dzoni 21.02.2011 23:25:33.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1578 [GMT 1:00]
Running from: c:\documents and settings\dzoni\My Documents\Downloads\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\dzoni\Application Data\PriceGong
c:\windows\daemon.dll
.
((((((((((((((((((((((((( Files Created from 2011-01-21 to 2011-02-21 )))))))))))))))))))))))))))))))
.
2011-02-21 20:43 . 2011-02-21 20:43 -------- d-----w- c:\documents and settings\dzoni\DoctorWeb
2011-02-21 20:36 . 2011-02-21 20:36 139768 ----a-w- c:\windows\system32\drivers\dwprot.sys
2011-02-21 19:41 . 2011-02-21 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-21 18:22 . 2011-02-21 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-02-21 17:01 . 2011-02-21 17:01 -------- d--h--w- c:\windows\PIF
2011-02-21 12:41 . 2011-02-21 12:41 -------- d-----w- c:\documents and settings\dzoni\Application Data\Uniblue
2011-02-20 19:44 . 2011-02-20 19:44 -------- d-sh--w- c:\documents and settings\dzoni\IECompatCache
2011-02-18 13:24 . 2011-02-18 13:24 -------- d-----w- c:\documents and settings\dzoni\Application Data\PCTools
2011-02-18 13:14 . 2011-02-18 13:48 -------- d-----w- c:\program files\Common Files\PC Tools
2011-02-18 12:17 . 2011-02-18 12:17 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-18 12:09 . 2011-02-18 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-02-18 11:39 . 2011-02-18 11:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-02-17 23:32 . 2011-02-17 23:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-17 21:42 . 2011-02-18 10:19 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\NPE
2011-02-17 21:23 . 2011-02-17 21:23 -------- d-----w- c:\program files\CCleaner
2011-02-16 09:05 . 2011-02-16 09:05 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-02-15 09:28 . 2011-02-15 09:28 -------- d-----w- c:\documents and settings\Administrator
2011-02-14 17:33 . 2011-02-14 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2011-02-13 01:23 . 2011-02-18 13:48 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-11 17:03 . 2011-02-11 17:03 -------- d-----w- c:\documents and settings\dzoni\Application Data\Malwarebytes
2011-02-11 17:02 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 17:02 . 2011-02-11 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-11 17:02 . 2011-02-18 13:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-11 17:02 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-11 16:04 . 2011-02-11 16:04 -------- d-----w- C:\$AVG
2011-02-11 15:27 . 2011-02-11 15:27 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\AVG Security Toolbar
2011-02-11 15:26 . 2011-02-11 15:26 -------- d-----w- c:\documents and settings\dzoni\Application Data\AVG10
2011-02-11 15:24 . 2011-02-21 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-02-11 15:24 . 2011-02-11 15:24 -------- d-----w- c:\program files\AVG
2011-02-11 13:18 . 2011-02-11 13:18 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2011-02-11 13:18 . 2011-02-11 13:18 22 --sha-w- c:\documents and settings\dzoni\Application Data\Sys6925.Config Collection.sys
2011-02-07 16:33 . 2011-02-09 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-02-06 23:17 . 2011-02-06 23:17 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-02-06 20:05 . 2011-02-06 20:05 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\Microsoft Help
2011-02-06 20:05 . 2011-02-11 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-02-06 19:58 . 2011-02-06 19:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-02-04 17:50 . 2011-02-04 17:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\TuneUp Software
2011-02-04 15:55 . 2011-02-11 12:20 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2011-02-04 15:55 . 2011-02-11 12:20 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2011-02-04 15:00 . 2011-02-04 15:00 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-02-04 15:00 . 2011-02-04 15:00 -------- d-----w- c:\program files\Common Files\xing shared
2011-02-04 14:59 . 2011-02-04 14:59 150712 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-02-04 14:59 . 2011-02-04 14:59 100864 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-02-04 14:59 . 2011-02-04 15:00 -------- d-----w- c:\program files\Real
2011-02-02 21:28 . 2011-02-02 21:28 -------- d-----w- c:\windows\_ISTMP1.DIR
2011-02-02 21:22 . 2011-02-02 21:24 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\Google
2011-02-02 21:21 . 2011-02-02 21:22 -------- d-----w- c:\program files\Google
2011-02-02 18:28 . 2003-06-18 23:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-02-02 18:28 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-02-02 14:47 . 2011-02-02 14:47 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-02 14:47 . 2011-02-02 14:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-29 22:05 . 2011-01-29 22:05 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\PackageAware
2011-01-27 16:45 . 2011-01-27 16:54 -------- d-----w- c:\windows\SxsCaPendDel
2011-01-26 15:17 . 2011-01-26 15:17 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-01-26 14:43 . 2011-02-11 16:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-26 14:36 . 2011-01-26 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-26 14:27 . 2011-01-26 14:27 -------- d-----w- C:\tmpDownload
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 14:59 . 2009-05-04 08:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-04 14:59 . 2009-05-04 08:37 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facemoods
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-10 13:17 166424 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-10 13:17 141848 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-04-16 09:22 970752 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-04-16 09:24 819200 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-10 13:17 137752 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-10-25 09:57 16855552 ----a-w- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-02-04 14:59 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [16.8.2010 23:34 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [16.8.2010 23:34 5248]
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [21.2.2011 21:36 139768]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [18.2.2011 13:17 93360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11.2.2011 18:02 363344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.2.2011 18:02 20952]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3.8.2010 13:09 36640]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2011-02-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-789336058-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
2011-02-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-789336058-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\dzoni\Application Data\Mozilla\Firefox\Profiles\blmp8vnb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-a-squared - c:\program files\EMSISOFT ANTI-MALWARE\a2guard.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-02-21 23:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2011-02-21 23:34:49
ComboFix-quarantined-files.txt 2011-02-21 22:34
Pre-Run: 32.458.719.232 bytes free
Post-Run: 32.473.808.896 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 572198605DA9E04AE927AF29E30D8FDF
|
|
|
|
|
Poslao: 22 Feb 2011 11:07
|
offline
- radulovic
- Novi MyCity građanin
- Pridružio: 21 Feb 2011
- Poruke: 28
|
evo care odradio sam ovo sto si mi rekao,avg je odradio onda odoh u safe mode ali ni tamo nije nasao kasperski ovaj remover pise not detected kas on comp,neznam u cemu je problem,evo ti ovaj log sa comba sto sam odradio,cekam dalja upustva,e jos nesto trazio mi je na pocetku combo da li da ga update i ja sam pretisnuo da i onda je odradio ovo
ComboFix 11-02-21.02 - dzoni 22.02.2011 10:53:07.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1568 [GMT 1:00]
Running from: c:\documents and settings\dzoni\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\dzoni\Desktop\CFScript.txt.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
.
2011-02-21 20:43 . 2011-02-21 20:43 -------- d-----w- c:\documents and settings\dzoni\DoctorWeb
2011-02-21 20:36 . 2011-02-21 20:36 139768 ----a-w- c:\windows\system32\drivers\dwprot.sys
2011-02-21 17:01 . 2011-02-21 17:01 -------- d--h--w- c:\windows\PIF
2011-02-20 19:44 . 2011-02-20 19:44 -------- d-sh--w- c:\documents and settings\dzoni\IECompatCache
2011-02-18 12:17 . 2011-02-18 12:17 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-18 11:39 . 2011-02-18 11:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-02-17 23:32 . 2011-02-17 23:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-17 21:42 . 2011-02-18 10:19 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\NPE
2011-02-17 21:23 . 2011-02-17 21:23 -------- d-----w- c:\program files\CCleaner
2011-02-16 09:05 . 2011-02-16 09:05 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-02-15 09:28 . 2011-02-15 09:28 -------- d-----w- c:\documents and settings\Administrator
2011-02-14 17:33 . 2011-02-14 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2011-02-11 17:03 . 2011-02-11 17:03 -------- d-----w- c:\documents and settings\dzoni\Application Data\Malwarebytes
2011-02-11 17:02 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 17:02 . 2011-02-11 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-11 17:02 . 2011-02-18 13:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-11 17:02 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-11 13:18 . 2011-02-11 13:18 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2011-02-11 13:18 . 2011-02-11 13:18 22 --sha-w- c:\documents and settings\dzoni\Application Data\Sys6925.Config Collection.sys
2011-02-07 16:33 . 2011-02-09 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-02-06 23:17 . 2011-02-06 23:17 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-02-06 20:05 . 2011-02-06 20:05 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\Microsoft Help
2011-02-06 20:05 . 2011-02-11 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-02-06 19:58 . 2011-02-06 19:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-02-04 17:50 . 2011-02-04 17:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\TuneUp Software
2011-02-04 15:55 . 2011-02-11 12:20 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2011-02-04 15:55 . 2011-02-11 12:20 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2011-02-04 14:59 . 2011-02-21 23:27 -------- d-----w- c:\program files\Real
2011-02-02 21:28 . 2011-02-02 21:28 -------- d-----w- c:\windows\_ISTMP1.DIR
2011-02-02 21:22 . 2011-02-02 21:24 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\Google
2011-02-02 21:21 . 2011-02-02 21:22 -------- d-----w- c:\program files\Google
2011-02-02 18:28 . 2003-06-18 23:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-02-02 18:28 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-02-02 14:47 . 2011-02-02 14:47 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-02 14:47 . 2011-02-02 14:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-29 22:05 . 2011-01-29 22:05 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\PackageAware
2011-01-27 16:45 . 2011-01-27 16:54 -------- d-----w- c:\windows\SxsCaPendDel
2011-01-26 15:17 . 2011-01-26 15:17 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-01-26 14:43 . 2011-02-11 16:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-26 14:36 . 2011-01-26 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-26 14:27 . 2011-01-26 14:27 -------- d-----w- C:\tmpDownload
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 14:59 . 2009-05-04 08:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-04 14:59 . 2009-05-04 08:37 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} ----
2011-01-26 15:17 . 2011-01-26 15:17 18200064 ----a-w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-10 13:17 166424 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-10 13:17 141848 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-04-16 09:22 970752 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-04-16 09:24 819200 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-10 13:17 137752 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-10-25 09:57 16855552 ----a-w- c:\windows\RTHDCPL.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [16.8.2010 23:34 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [16.8.2010 23:34 5248]
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [21.2.2011 21:36 139768]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [18.2.2011 13:17 93360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11.2.2011 18:02 363344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.2.2011 18:02 20952]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3.8.2010 13:09 36640]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
TCP: {5C9E8E41-A12F-4AAE-A077-60447A35E9B5} = 195.66.189.137 195.66.189.138
FF - ProfilePath - c:\documents and settings\dzoni\Application Data\Mozilla\Firefox\Profiles\blmp8vnb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-TkBellExe - c:\program files\Real\RealPlayer\update\realsched.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-02-22 10:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3108-)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-22 11:01:49
ComboFix-quarantined-files.txt 2011-02-22 10:01
ComboFix2.txt 2011-02-21 22:34
Pre-Run: 32.572.157.952 bytes free
Post-Run: 32.563.023.872 bytes free
- - End Of File - - 3E44273D11855713A7B3922760F5B78A
|
|
|
|
|
Poslao: 22 Feb 2011 12:20
|
offline
- radulovic
- Novi MyCity građanin
- Pridružio: 21 Feb 2011
- Poruke: 28
|
Napisano: 22 Feb 2011 11:39
cini mi se da je bolje,ustvari ne koci kao juce ali on mi tako neki put proradi pa odjednom zakoci,evo ti novi log
ComboFix 11-02-21.02 - dzoni 22.02.2011 11:28:29.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1547 [GMT 1:00]
Running from: c:\documents and settings\dzoni\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\dzoni\Desktop\CFScript.txt.txt
.
((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
.
2011-02-21 20:43 . 2011-02-21 20:43 -------- d-----w- c:\documents and settings\dzoni\DoctorWeb
2011-02-21 20:36 . 2011-02-21 20:36 139768 ----a-w- c:\windows\system32\drivers\dwprot.sys
2011-02-21 17:01 . 2011-02-21 17:01 -------- d--h--w- c:\windows\PIF
2011-02-20 19:44 . 2011-02-20 19:44 -------- d-sh--w- c:\documents and settings\dzoni\IECompatCache
2011-02-18 12:17 . 2011-02-18 12:17 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-18 11:39 . 2011-02-18 11:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-02-17 23:32 . 2011-02-17 23:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-17 21:42 . 2011-02-18 10:19 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\NPE
2011-02-17 21:23 . 2011-02-17 21:23 -------- d-----w- c:\program files\CCleaner
2011-02-16 09:05 . 2011-02-16 09:05 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-02-15 09:28 . 2011-02-15 09:28 -------- d-----w- c:\documents and settings\Administrator
2011-02-14 17:33 . 2011-02-14 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2011-02-11 17:03 . 2011-02-11 17:03 -------- d-----w- c:\documents and settings\dzoni\Application Data\Malwarebytes
2011-02-11 17:02 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 17:02 . 2011-02-11 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-11 17:02 . 2011-02-18 13:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-11 17:02 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-11 13:18 . 2011-02-11 13:18 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2011-02-11 13:18 . 2011-02-11 13:18 22 --sha-w- c:\documents and settings\dzoni\Application Data\Sys6925.Config Collection.sys
2011-02-07 16:33 . 2011-02-09 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-02-06 23:17 . 2011-02-06 23:17 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-02-06 20:05 . 2011-02-06 20:05 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\Microsoft Help
2011-02-06 20:05 . 2011-02-11 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-02-06 19:58 . 2011-02-06 19:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-02-04 17:50 . 2011-02-04 17:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\TuneUp Software
2011-02-04 15:55 . 2011-02-11 12:20 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2011-02-04 15:55 . 2011-02-11 12:20 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2011-02-04 14:59 . 2011-02-21 23:27 -------- d-----w- c:\program files\Real
2011-02-02 21:28 . 2011-02-02 21:28 -------- d-----w- c:\windows\_ISTMP1.DIR
2011-02-02 21:22 . 2011-02-02 21:24 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\Google
2011-02-02 21:21 . 2011-02-02 21:22 -------- d-----w- c:\program files\Google
2011-02-02 18:28 . 2003-06-18 23:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-02-02 18:28 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-02-02 14:47 . 2011-02-02 14:47 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-02 14:47 . 2011-02-02 14:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-29 22:05 . 2011-01-29 22:05 -------- d-----w- c:\documents and settings\dzoni\Local Settings\Application Data\PackageAware
2011-01-27 16:45 . 2011-01-27 16:54 -------- d-----w- c:\windows\SxsCaPendDel
2011-01-26 15:17 . 2011-01-26 15:17 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-01-26 14:43 . 2011-02-11 16:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-26 14:36 . 2011-01-26 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-26 14:27 . 2011-01-26 14:27 -------- d-----w- C:\tmpDownload
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 14:59 . 2009-05-04 08:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-04 14:59 . 2009-05-04 08:37 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-10 13:17 166424 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-10 13:17 141848 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-04-16 09:22 970752 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-04-16 09:24 819200 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-10 13:17 137752 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-10-25 09:57 16855552 ----a-w- c:\windows\RTHDCPL.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [16.8.2010 23:34 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [16.8.2010 23:34 5248]
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [21.2.2011 21:36 139768]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [18.2.2011 13:17 93360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11.2.2011 18:02 363344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.2.2011 18:02 20952]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3.8.2010 13:09 36640]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\dzoni\Application Data\Mozilla\Firefox\Profiles\blmp8vnb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-02-22 11:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2316)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-22 11:36:56
ComboFix-quarantined-files.txt 2011-02-22 10:36
ComboFix2.txt 2011-02-22 10:01
ComboFix3.txt 2011-02-21 22:34
Pre-Run: 32.625.287.168 bytes free
Post-Run: 32.616.263.680 bytes free
- - End Of File - - 3F86C1D1FB5638E4400232046F15238A
Dopuna: 22 Feb 2011 12:20
care ja sam totalno zaboravio da disable malwarebytes ,jer sam ga posle prvog pokrecanja comba kad se zavrsio skeniranje vratio na enable i jutros ga nisam vracao na disable,ocu li ga ponovo skenirati ova dva puta sa iskucenom zastitom?oprosti ako te mucim puno ,ne sjetih se jutros da ga iskljucim ,
|
|
|
|
|
Poslao: 22 Feb 2011 12:43
|
offline
- radulovic
- Novi MyCity građanin
- Pridružio: 21 Feb 2011
- Poruke: 28
|
ok care hvala ti ,da li mogu nekome da se obratim sto se tice ubrzanja kompa ili ciscenja nepotrebnim fajlova i da vidim koji mi procesi trebaju koji ne da ih maknem itd,u svakom slucaj ti hvala,pozzzzz
|
|
|
|
Poslao: 22 Feb 2011 12:46
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Mozes slobodno da otvoris temu u Windows forumu, vec ce ti neko preporuciti alate za sredjivanje kompa.
Pozdrav.
|
|
|
|