Nepravilnosti u radu lap topa

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ja debil pobrisao. Viruse prvo smjesti u karantin, pa kako sam brisao karantin, tako usput obrisao i events.
Sto mi sada valja cinjeti, lise da skocim sa balkona? De..l

Dopuna: 26 Feb 2009 21:25

Ja debil pobrisao. Viruse prvo smjesti u karantin, pa kako sam brisao karantin, tako usput obrisao i events.
Sto mi sada valja cinjeti, lise da skocim sa balkona? Debil. Uh!!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Aj pokreni ponovo Combofix i postavi mi svez log.... Da se uverim da je sve u redu... posto mi nije jasno sta je to Avira mogla da detektuje...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok, sada su da ga pokrenem, pa postujem za jedno 15tak minuta.

Dopuna: 26 Feb 2009 21:35

ComboFix 09-02-25.01 - HP 530 2009-02-26 21:27:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3063.2462 [GMT 1:00]
Running from: c:\documents and settings\HP 530\Desktop\grbe.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 )))))))))))))))))))))))))))))))
.

2009-02-26 17:33 . 2009-02-26 17:33 458 --ah----- C:\aaw7boot.cmd
2009-02-26 11:29 . 2009-02-25 21:32 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-25 22:35 . 2009-02-25 22:35 23,635 --a------ c:\windows\system32\AAWService_2009_02_25_22_35_36.dmp
2009-02-25 22:06 . 2009-02-25 22:06 <DIR> d-------- c:\windows\Internet Logs
2009-02-25 21:58 . 2009-02-25 21:58 <DIR> d-------- c:\program files\Avira
2009-02-25 21:58 . 2009-02-25 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-02-25 21:33 . 2009-02-25 21:32 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-25 21:30 . 2009-02-25 21:30 <DIR> d-------- c:\program files\Lavasoft
2009-02-25 21:30 . 2009-02-25 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-25 21:30 . 2009-02-25 21:30 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-24 22:25 . 2009-02-24 22:49 <DIR> d-------- c:\windows\SxsCaPendDel
2009-02-24 10:58 . 2009-02-24 11:12 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-24 08:43 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-02-24 08:43 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-24 08:41 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-23 15:32 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-23 15:32 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-23 15:32 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-23 15:32 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-23 15:31 . 2008-12-21 00:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-02-23 15:31 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-23 15:31 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-23 15:31 . 2008-12-21 00:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-02-23 15:31 . 2008-12-21 00:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-23 15:31 . 2008-12-21 00:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-02-23 15:31 . 2008-12-21 00:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-02-23 15:31 . 2008-12-21 00:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-23 15:31 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-02-23 10:16 . 2009-02-25 17:56 5,504 --a------ c:\windows\system32\uacinit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 21:26 --------- d-----w c:\program files\Common Files\Adobe
2009-01-10 20:17 --------- d-----w c:\program files\DevalVR
2009-01-04 12:14 20,921,040 ----a-w c:\program files\AdbeRdr705_enu_full.exe
2009-01-03 22:37 --------- d-----w c:\documents and settings\HP 530\Application Data\Media Player Classic
2009-01-03 19:49 --------- d-----w c:\documents and settings\HP 530\Application Data\CyberLink
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2007-03-12 09:01 66,672 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-03-12 09:01 54,376 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-03-12 09:01 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-03-12 09:01 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-03-12 09:01 172,144 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-25_22.44.43.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-03 13:03:29 8,460,800 ----a-w c:\windows\$hf_mig$\KB967715\SP2QFE\shell32.dll
+ 2008-02-15 09:06:21 351,744 ----a-w c:\windows\$hf_mig$\KB967715\SP2QFE\xpsp3res.dll
+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\$hf_mig$\KB967715\SP3GDR\shell32.dll
+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
- 2004-08-04 12:00:00 8,384,000 -c--a-w c:\windows\system32\dllcache\shell32.dll
+ 2008-07-03 13:16:57 8,454,656 -c--a-w c:\windows\system32\dllcache\shell32.dll
- 2009-02-25 20:39:23 41,238 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-26 07:22:28 41,238 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-25 20:39:23 315,076 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-26 07:22:28 315,076 ----a-w c:\windows\system32\perfh009.dat
- 2004-08-04 12:00:00 8,384,000 ----a-w c:\windows\system32\shell32.dll
+ 2008-07-03 13:16:57 8,454,656 ----a-w c:\windows\system32\shell32.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-25 509784]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]

c:\documents and settings\HP 530\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-25 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
.
Contents of the 'Scheduled Tasks' folder

2009-02-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-25 21:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - hxxp://www.devalvr.com/instalacion/plugin/devalvrplugin.php
FF - ProfilePath - c:\documents and settings\HP 530\Application Data\Mozilla\Firefox\Profiles\re9tkq3y.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 21:27:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908-)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-02-26 21:28:47
ComboFix-quarantined-files.txt 2009-02-26 20:28:45
ComboFix2.txt 2009-02-25 21:45:27

Pre-Run: 140,392,812,544 bytes free
Post-Run: 140,389,101,568 bytes free

140 --- E O F --- 2009-02-26 07:03:17

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok... ovo je i dalje sve u redu....
Ako Avira detektuje nesto... Uslikaj tu detekciju i okaci ovde tu sliku pa onda posalji fajl u karantin... i nemoj brisati karantin jer ti fajl u karantinu nikako ne moze naskoditi radu sistema....

Uradi sledece :

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradio sve kako si rekao. Nije nasao nista. Evo i report.



Avira AntiVir Personal
Report file date: Thursday, February 26, 2009 22:14

Scanning for 1268015 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HP

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 20:59:35
ANTIVIR2.VDF : 7.1.2.55 248832 Bytes 2/20/2009 20:59:37
ANTIVIR3.VDF : 7.1.2.90 142336 Bytes 2/26/2009 20:58:51
Engineversion : 8.2.0.98
AEVDF.DLL : 8.1.1.0 106868 Bytes 2/25/2009 20:59:54
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 2/26/2009 20:59:00
AESCN.DLL : 8.1.1.7 127347 Bytes 2/25/2009 20:59:52
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 13:58:38
AEPACK.DLL : 8.1.3.8 397684 Bytes 2/25/2009 20:59:51
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/26/2009 20:58:59
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 2/26/2009 20:58:58
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/26/2009 20:58:53
AEGEN.DLL : 8.1.1.22 336245 Bytes 2/26/2009 20:58:52
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 10:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 2/25/2009 20:59:40
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, February 26, 2009 22:14

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '47' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!


End of the scan: Thursday, February 26, 2009 22:22
Used time: 08:33 Minute(s)

The scan has been done completely.

3084 Scanning directories
116041 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
116040 Files not concerned
1140 Archives were scanned
1 Warnings
0 Notes

Hvala ti puno. Spasio si me!