Problemi sa Generic Host-om part2

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-02-06.02 - korisnik 2009-02-09 9:26:26.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.488 [GMT -8:00]
Running from: c:\documents and settings\korisnik\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\korisnik\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
C:\gg.exe
c:\windows\gg.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\gg.exe
c:\windows\gg.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-09 to 2009-02-09 )))))))))))))))))))))))))))))))
.

2009-02-06 12:27 . 2009-02-06 12:57 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-05 13:08 . 2009-02-05 13:08 <DIR> d-------- c:\program files\Trend Micro
2009-02-03 14:24 . 2009-02-03 14:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\IsolatedStorage
2009-02-03 14:23 . 2009-02-03 14:33 <DIR> d-------- c:\program files\Fakturiranje
2009-02-02 16:31 . 2009-02-02 16:31 <DIR> d-------- c:\documents and settings\korisnik\Application Data\Flock
2009-02-02 16:30 . 2009-02-06 16:34 <DIR> d-------- c:\program files\Flock
2009-01-26 09:55 . 2009-01-26 09:55 <DIR> d-------- c:\documents and settings\korisnik\Application Data\IndigoRose
2009-01-26 09:45 . 2009-01-26 09:55 <DIR> d-------- c:\program files\AutoPlay Media Studio 7.0 Trial
2009-01-26 09:45 . 2009-01-26 09:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-01-26 09:45 . 2009-01-26 09:45 0 --a------ c:\windows\ams70.INI
2009-01-26 09:44 . 2009-01-26 09:44 <DIR> d-------- c:\documents and settings\korisnik\Application Data\Downloaded Installations
2009-01-21 13:42 . 2009-02-07 19:36 2,516 --ahs---- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-01-21 13:42 . 2009-01-21 13:42 8 -r-hs---- c:\documents and settings\All Users\Application Data\CC04670A92.sys
2009-01-21 13:40 . 2009-01-21 13:40 <DIR> d-------- c:\program files\Common Files\Protexis
2009-01-21 13:40 . 2009-01-21 13:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-01-21 09:47 . 2009-01-21 14:15 <DIR> d-------- c:\program files\Corel
2009-01-21 09:47 . 2009-01-21 09:47 <DIR> d-------- c:\program files\Common Files\Corel
2009-01-20 16:56 . 2008-10-15 17:00 1,499,136 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-01-20 16:56 . 2008-10-15 17:00 666,112 -----c--- c:\windows\system32\dllcache\wininet.dll
2009-01-20 16:56 . 2008-10-15 17:00 619,520 -----c--- c:\windows\system32\dllcache\urlmon.dll
2009-01-20 16:56 . 2008-06-13 03:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-20 16:55 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-20 16:55 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-20 16:55 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-20 16:55 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-20 16:55 . 2008-09-15 04:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-20 16:55 . 2008-04-11 11:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-01-20 16:55 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-20 16:55 . 2008-10-15 08:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-01-20 16:55 . 2008-05-08 06:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-01-20 16:39 . 2009-01-20 16:39 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-20 16:33 . 2006-12-29 00:31 19,569 --a------ c:\windows\002621_.tmp
2009-01-20 16:29 . 2009-01-20 16:29 <DIR> d-------- c:\windows\EHome
2009-01-19 20:28 . 2006-02-28 04:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-19 17:32 . 2008-12-12 09:01 3,067,904 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-01-19 17:26 . 2008-12-11 02:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-19 17:15 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-19 17:15 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-17 16:54 . 2009-01-17 16:54 <DIR> d-------- c:\program files\ECR Tool
2009-01-14 16:09 . 2009-01-14 16:09 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-01-12 13:15 . 2009-01-21 15:14 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-12 13:15 . 2009-01-21 15:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-10 17:34 . 2009-01-10 17:34 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-10 17:30 . 2009-01-10 17:30 <DIR> d-------- c:\program files\Real
2009-01-10 17:30 . 2009-01-10 17:33 <DIR> d-------- c:\program files\Common Files\Real
2009-01-10 06:59 . 2009-01-10 07:01 <DIR> d-------- c:\windows\NKCCDViewerSetting

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 17:21 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-07 22:45 --------- d-----w c:\documents and settings\korisnik\Application Data\AdobeUM
2009-02-06 21:58 --------- d-----w c:\documents and settings\korisnik\Application Data\uTorrent
2009-02-06 16:49 --------- d-----w c:\documents and settings\korisnik\Application Data\U3
2009-02-02 22:30 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-31 19:54 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-29 15:35 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-29 15:35 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-29 15:35 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-21 21:42 --------- d-----w c:\documents and settings\korisnik\Application Data\Corel
2009-01-21 18:17 3,402 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-01-21 03:03 --------- d-----w c:\program files\Adsen FavIcon
2009-01-12 21:53 --------- d-----w c:\program files\Cliprex DVD Player Professional
2009-01-10 21:07 --------- d-----w c:\program files\RDS
2009-01-10 14:46 --------- d-----w c:\documents and settings\korisnik\Application Data\advantage
2009-01-05 20:18 --------- d-----w c:\documents and settings\korisnik\Application Data\Nero
2009-01-05 20:17 --------- d-----w c:\program files\Common Files\Nero
2009-01-05 20:15 --------- d-----w c:\program files\Nero
2009-01-05 20:15 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-30 00:00 --------- d-----w c:\program files\uTorrent
2008-12-29 23:29 --------- d-----w c:\program files\No-IP
2008-12-29 23:29 --------- d-----w c:\program files\EasyPHP1-8
2008-12-29 23:16 --------- d-----w c:\program files\ffdshow
2008-12-29 23:16 --------- d-----w c:\program files\advantage
2008-12-29 23:16 --------- d-----w c:\program files\AC3Filter
2008-12-29 19:43 --------- d-----w c:\program files\ABBYY FineReader 8.0 Professional Edition
2008-12-29 18:00 --------- d-----w c:\documents and settings\korisnik\Application Data\ABBYY
2008-12-27 21:33 --------- d-----w c:\program files\Photo!
2008-12-26 20:02 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-26 20:02 --------- d-----w c:\program files\Java
2008-12-25 21:41 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2008-12-25 21:16 --------- d-----w c:\documents and settings\korisnik\Application Data\OpenOffice.org
2008-12-25 21:12 --------- d-----w c:\program files\OpenOffice.org 3
2008-12-25 21:12 --------- d-----w c:\program files\JRE
2008-12-25 21:11 --------- d-----w c:\program files\Common Files\Java
2008-12-25 20:51 --------- d-----w c:\program files\OpenOffice.org_3.0_SDK
2008-12-25 20:46 --------- d-----w c:\documents and settings\All Users\Application Data\Hagel Technologies
2008-12-25 20:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 20:12 --------- d-----w c:\program files\Macromedia
2008-12-25 20:12 --------- d-----w c:\program files\Common Files\Macromedia Shared
2008-12-25 20:12 --------- d-----w c:\program files\Common Files\Macromedia
2008-12-22 16:17 --------- d-----w c:\documents and settings\korisnik\Application Data\Winamp
2008-12-19 22:24 118,784 ----a-w c:\windows\GREUninstall.exe
2008-12-17 00:12 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-11 23:29 --------- d-----w c:\documents and settings\korisnik\Application Data\Autodesk
2008-12-11 23:28 --------- d-----w c:\program files\AutoCAD 2007
2008-12-11 23:17 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-12-11 23:16 --------- d-----w c:\program files\AnswerWorks 4.0
2008-12-11 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2008-12-11 23:11 --------- d-----w c:\program files\Autodesk
2008-12-11 19:01 --------- d-----w c:\documents and settings\korisnik\Application Data\Thunderbird
2008-12-11 17:53 --------- d-----w c:\program files\Analog Devices
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 04:22 --------- d-----w c:\program files\MSXML 4.0
2008-12-10 18:55 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-10 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-12-10 17:31 --------- d-----w c:\program files\Common Files\Adobe
2008-12-10 17:25 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2008-12-10 17:25 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-10 15:55 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-12-10 03:39 --------- d-----w c:\program files\Winamp
2008-12-10 01:38 --------- d-----w c:\program files\MSBuild
2008-12-10 01:38 --------- d-----w c:\program files\Microsoft Works
2008-12-10 00:47 --------- d-----w c:\program files\Common Files\RDPrint
2008-12-10 00:47 --------- d-----w c:\program files\Common Files\Rdh Shared2
2008-12-10 00:11 --------- d-----w c:\program files\AVG
2008-12-09 22:30 --------- d-----w c:\program files\VIA Technologies, Inc
2008-12-09 20:36 --------- d-----w c:\program files\microsoft frontpage
2008-12-29 23:16 227,696 ----a-w c:\program files\mozilla firefox\components\AdVComponent.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-07_15.29.17.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 15:25:27 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_460.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"JobHisInit"="c:\program files\RDS\RMClient\JobHisInit.exe" [2007-08-30 229481]
"MplSetUp"="c:\program files\RDS\RMClient\MplSetUp.exe" [2007-08-30 49254]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-10 185896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"nwiz"="nwiz.exe" [2006-11-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\korisnik\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-29 07:35 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\RDS\\RView.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-09 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-09 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-31 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService --> c:\program files\DU Meter\DUMeterSvc.exe [?]
S3 Vsp;Vsp;\??\c:\windows\system32\drivers\Vsp.sys --> c:\windows\system32\drivers\Vsp.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86d16146-f46a-11dd-853c-040404040404}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ctfmon.exe - c:\windows\gg.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {49B0D46E-7FF8-48B0-8E8F-A51CEB1E5A60} = 192.168.1.1,212.200.191.166
FF - ProfilePath - c:\documents and settings\korisnik\Application Data\Mozilla\Firefox\Profiles\m6nmoggc.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\AdVComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-09 09:28:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
Completion time: 2009-02-09 9:29:46
ComboFix-quarantined-files.txt 2009-02-09 17:29:38
ComboFix2.txt 2009-02-07 23:30:07

Pre-Run: 12.747.902.976 bytes free
Post-Run: 12,722,786,304 bytes free

229 --- E O F --- 2009-01-22 17:31:41

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sad je nadam se u redu?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jeste. Ako imash neku preporuku oko bilo antivirusa ili nekog programchica kako se opet nebi zarazili (mnogo zarazenih fleshica dolazi) bio bih ti zahvalan. Hvala u svakom sluchaju.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Mozda da promenis Antivirus (ja ne smem da preporucujem koji).

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

Pozz