problem sigurno...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:28, on 31.05.09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Premiertxt\Desktop\test vojin\TR3.exe..exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\Premiertxt\My Documents\vlada\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici]
O17 - HKLM\System\CCS\Services\Tcpip\..\{B48A2FC9-EBF9-4B6A-A94A-4C85B8D40361}: NameServer = 82.117.206.16
O20 - AppInit_DLLs:
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7421 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-05-30.04 - Premiertxt 31.05.09 16:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.301 [GMT 2:00]
Running from: c:\documents and settings\Premiertxt\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090530-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Norton2009Reset.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_.norton2009Reset


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-31 13:23 . 2009-05-31 13:23 -------- d-----w- c:\program files\AskBarDis
2009-05-31 13:22 . 2009-05-31 13:22 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-05-31 13:22 . 2009-02-15 22:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-05-31 13:22 . 2009-02-15 22:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-05-31 13:22 . 2009-02-15 22:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-05-31 13:22 . 2009-05-31 13:22 -------- d-----w- c:\windows\system32\ZoneLabs
2009-05-31 13:16 . 2009-05-31 13:16 -------- d-----w- c:\program files\Zone Labs
2009-05-31 13:15 . 2009-05-31 14:44 -------- d-----w- c:\windows\Internet Logs
2009-05-27 07:56 . 2003-07-02 02:42 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2009-05-27 07:55 . 2003-06-18 14:48 306688 ----a-w- c:\windows\IsUninst.exe
2009-05-27 07:55 . 2009-05-27 07:55 -------- d-----w- c:\documents and settings\Premiertxt\WINDOWS
2009-05-26 20:41 . 2009-05-26 20:41 -------- d-----w- c:\program files\C-Media 3D Audio
2009-05-26 20:41 . 2003-08-05 12:23 266240 ----a-w- c:\windows\CMIUninstall.exe
2009-05-26 20:41 . 2003-07-22 09:15 225280 ----a-w- c:\windows\CmiRmRedundDir.exe
2009-05-26 20:41 . 2002-10-18 13:56 28672 ----a-w- c:\windows\CMIRmDriver.dll
2009-05-26 20:09 . 2009-05-26 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers Headquarters
2009-05-26 20:07 . 2009-05-26 20:07 -------- d-----w- c:\documents and settings\Premiertxt\Local Settings\Application Data\Downloaded Installations
2009-05-26 19:56 . 2009-05-27 07:41 -------- d-----w- c:\program files\Driver Magician
2009-05-26 19:43 . 2007-09-21 17:24 43520 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2009-05-26 19:43 . 2006-10-27 14:26 69632 ----a-w- c:\windows\system32\vuins32.dll
2009-05-26 19:43 . 2009-05-26 19:43 -------- dc----w- c:\windows\system32\DRVSTORE
2009-05-26 19:27 . 2009-05-26 19:42 -------- d-----w- C:\driver
2009-05-21 08:10 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-05-21 08:10 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-05-21 08:10 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-21 08:10 . 2009-05-21 08:11 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-21 08:10 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-05-21 08:10 . 2009-05-21 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-05-08 13:46 . 2009-05-08 13:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 14:43 . 2008-12-22 12:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-31 14:39 . 2009-03-30 18:26 -------- d-----w- c:\documents and settings\Premiertxt\Application Data\Skype
2009-05-31 13:31 . 2008-12-18 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-30 13:27 . 2009-04-21 14:17 -------- d-----w- c:\program files\Spyware Doctor
2009-05-27 07:44 . 2008-09-24 12:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 07:44 . 2008-09-24 12:03 -------- d-----w- c:\program files\VIA
2009-05-26 20:41 . 2008-09-24 12:03 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-22 16:20 . 2008-10-21 12:13 -------- d-----w- c:\program files\The KMPlayer
2009-05-18 10:21 . 2008-09-25 13:36 -------- d-----w- c:\program files\TTStudio
2009-05-09 07:39 . 2008-09-25 13:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-27 11:49 . 2009-04-27 11:48 -------- d-----w- c:\program files\QuickTime
2009-04-27 11:48 . 2009-04-27 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-27 11:48 . 2009-04-27 11:48 -------- d-----w- c:\program files\Apple Software Update
2009-04-27 11:48 . 2009-04-27 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-04-21 14:21 . 2009-04-21 14:17 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-04-21 14:21 . 2009-04-21 14:17 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-04-21 14:21 . 2009-04-21 14:17 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-04-21 14:17 . 2009-04-21 14:17 -------- d-----w- c:\documents and settings\Premiertxt\Application Data\PC Tools
2009-04-13 10:34 . 2008-10-21 11:58 -------- d-----w- c:\program files\MV2Player
2009-04-02 08:47 . 2009-04-02 08:47 -------- d-----w- c:\program files\Common Files\NSV
2009-03-27 13:39 . 2009-03-27 13:39 152576 -c--a-w- c:\documents and settings\Premiertxt\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-18 11:14 . 2009-03-18 11:14 0 -c--a-w- c:\windows\nsreg.dat
2009-03-09 14:33 . 2009-03-09 14:33 152576 -c--a-w- c:\documents and settings\Premiertxt\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-09 04:19 . 2008-11-25 14:09 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2004-08-04 01:07 283648 ----a-w- c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 01:07 826368 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 16:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-14 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Premiertxt\\My Documents\\vlada\\realplayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [21.05.09 10:10 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27.03.09 15:45 114768]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [31.05.09 15:23 464264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.03.09 15:45 20560]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [21.04.09 16:17 348752]
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
TCP: {B48A2FC9-EBF9-4B6A-A94A-4C85B8D40361} = 82.117.206.16
FF - ProfilePath - c:\documents and settings\Premiertxt\Application Data\Mozilla\Firefox\Profiles\rupf2lpj.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\documents and settings\Premiertxt\My Documents\vlada\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Premiertxt\My Documents\vlada\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\documents and settings\Premiertxt\My Documents\vlada\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\documents and settings\Premiertxt\My Documents\vlada\realplayer\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-05-31 16:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):6d,a6,fb,d2,d2,28,14,db,0c,75,df,28,e6,bd,aa,50,9c,4f,cf,2a,32,
04,c9,60,a4,ea,ee,bd,7c,f3,55,21,a0,21,09,71,a8,62,ef,51,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffa91308-fc20-43d8-b82d-61ec75cc8019}]
@Denied: (Full) (Everyone)
"Model"=dword:00000141
"Therad"=dword:0000001c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1436)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-31 16:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-31 14:58

Pre-Run: 39.151.923.200 bytes free
Post-Run: 39.075.233.792 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

182 --- E O F --- 2009-05-20 07:34

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Stanje ?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

bolje,ali ne vidi zvucnu kartu,kao da ne postoji

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U logu nema vise znakova malware, problem sa zvucnom kartom je druge prirode pa ti zato predlazem da otvoris temu u Windows forumu gde ces dobiti pomoc. Mi smo sa ciscenjem zavrsili, ostaje samo da odradis sledece:

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.