MyCity » Ambulanta -> Arhiva Ambulante » Usporen racunar

Usporen racunar

Napisano na dan: 6.5.2009
2

Usporen racunar
Pagination Prethodna strana

Idi na vrh

Poslao: 06 Maj 2009 23:42
Idi na vrh
offline
  • Pridružio: 04 Mar 2008
  • Poruke: 147
  • Gde živiš: Leposavić

Napisano: 06 Maj 2009 23:30

nestor91028 ::koji tekst ne pise nista?
izvini nisam video pre, malo mi sporije otvorilo

Dopuna: 06 Maj 2009 23:42

ComboFix 09-05-05.05 - Nikola 06.05.2009 23:30.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.381.1033.18.511.85 [GMT 2:00]
Running from: c:\documents and settings\Nikola\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nikola\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.

2009-05-06 20:57 . 2009-05-06 20:57 -------- d-----w c:\program files\Common Files\xing shared
2009-05-06 17:07 . 2009-05-06 17:07 -------- d-----w c:\program files\CCleaner
2009-05-06 08:37 . 2009-05-06 16:28 -------- d--h--w C:\$AVG8.VAULT$
2009-05-06 08:26 . 2009-05-06 08:26 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-06 08:26 . 2009-05-06 08:26 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-06 08:25 . 2009-05-06 08:25 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-06 08:25 . 2009-05-06 15:44 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-06 08:25 . 2009-05-06 08:25 -------- d-----w c:\program files\AVG
2009-05-06 08:25 . 2009-05-06 08:25 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-05 20:02 . 2009-05-05 20:18 -------- d-----w c:\program files\Online TV Player 4
2009-05-05 20:02 . 2009-05-05 20:02 -------- d-----w c:\program files\Dexpot
2009-05-05 16:09 . 2009-05-05 16:09 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-05-04 14:15 . 2009-05-04 14:15 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-03 18:22 . 2003-02-28 16:26 139536 ----a-w c:\windows\system32\javaee.dll
2009-05-03 18:22 . 2003-02-28 16:26 171792 ----a-w c:\windows\system32\wjview.exe
2009-05-03 18:22 . 2003-02-28 16:26 172304 ----a-w c:\windows\system32\jview.exe
2009-05-03 18:22 . 2003-02-28 16:26 49424 ----a-w c:\windows\system32\clspack.exe
2009-05-02 19:41 . 2009-05-02 19:41 -------- d-----w c:\program files\YouTube Downloader
2009-05-02 05:45 . 2006-02-28 12:00 221184 ----a-w c:\windows\system32\wmpns.dll
2009-05-01 18:47 . 2009-05-06 18:13 -------- d-----w c:\documents and settings\Nikola\Application Data\Hamachi
2009-05-01 18:46 . 2009-05-01 18:46 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-05-01 18:46 . 2009-05-01 18:47 -------- d-----w c:\program files\Hamachi
2009-05-01 18:33 . 2009-02-06 10:29 2142720 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-01 18:33 . 2009-02-06 10:32 2186112 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-01 18:33 . 2009-02-06 09:49 2020864 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-01 18:33 . 2009-02-06 09:49 2062976 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-05-01 18:00 . 2009-05-01 18:00 -------- d-----w c:\program files\Windows Live Favorites
2009-05-01 17:56 . 2009-05-01 20:00 -------- d-----w c:\documents and settings\Nikola\Contacts
2009-05-01 17:52 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-05-01 17:52 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-01 17:51 . 2009-05-01 17:51 -------- d-----w c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2009-05-01 17:49 . 2009-05-01 18:00 -------- d-----w c:\program files\Windows Live Toolbar
2009-05-01 17:47 . 2009-05-01 17:47 -------- d-----w c:\program files\MSN Messenger
2009-04-30 22:14 . 2009-04-30 22:14 -------- d-----w c:\documents and settings\Nikola\Application Data\Deckadance
2009-04-30 22:08 . 2009-05-01 20:58 -------- d-----w c:\program files\Image-Line
2009-04-30 22:07 . 2009-04-30 22:07 -------- d-----w c:\program files\VstPlugins
2009-04-30 21:48 . 2009-05-01 18:49 -------- d-----w c:\documents and settings\Nikola\Application Data\MyRadioPlayer
2009-04-30 21:44 . 2009-05-01 18:49 -------- d-----w c:\program files\MyRadioPlayer
2009-04-30 21:44 . 2009-04-30 21:44 -------- d-----w c:\program files\AskSBar
2009-04-30 21:37 . 2009-04-30 21:37 -------- d-----w c:\documents and settings\Nikola\Local Settings\Application Data\Mozilla
2009-04-30 19:18 . 2009-04-30 19:18 -------- d-----w c:\windows\Sun
2009-04-30 18:27 . 2009-04-30 18:27 -------- d-----w c:\program files\GameTop.com
2009-04-30 17:10 . 2009-04-30 17:10 197120 ----a-w c:\windows\system32\New Golf GTI screensaver.scr
2009-04-30 17:10 . 2009-04-30 17:10 -------- d-----w c:\windows\system32\New Golf GTI screensaver dir
2009-04-22 22:09 . 2009-04-22 22:09 -------- d-----w c:\program files\INT=CHAR
2009-04-20 11:54 . 2009-05-01 20:38 -------- d-----w c:\program files\Valve
2009-04-18 20:43 . 2009-04-18 20:43 -------- d-----w c:\program files\Novel Games
2009-04-13 19:21 . 2009-04-13 19:21 -------- d-----w c:\documents and settings\Nikola\Application Data\Pioneer
2009-04-13 19:16 . 2009-04-13 19:16 -------- d-----w c:\windows\system32\ipp20

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 20:57 . 2007-10-07 10:51 -------- d-----w c:\program files\Common Files\Real
2009-05-06 20:57 . 2007-10-07 10:50 -------- d-----w c:\program files\Real
2009-05-06 20:57 . 2003-03-18 19:14 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-06 20:55 . 2007-10-07 10:26 -------- d-----w c:\program files\Google
2009-05-06 20:09 . 2008-08-11 22:11 -------- d-----w c:\program files\FlashGet
2009-05-06 18:14 . 2008-07-23 10:11 -------- d-----w c:\program files\SysMetrix
2009-05-06 07:43 . 2007-09-28 21:12 -------- d-----w c:\program files\Kaspersky Lab
2009-05-04 14:17 . 2003-02-21 03:42 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-03 18:22 . 2009-05-03 18:22 2232 ----a-w c:\windows\java\Packages\Data\Z5BBJ797.DAT
2009-05-03 18:22 . 2009-05-03 18:22 155995 ----a-w c:\windows\java\Packages\X7LBNNDF.ZIP
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\6IRJTBXN.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\U857R17J.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\MPNBXNTF.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\8QT3BTBJ.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\B5RVNJPR.DAT
2009-05-02 19:42 . 2007-10-07 10:26 -------- d-----w c:\program files\DivX
2009-05-02 05:56 . 2007-03-15 20:57 -------- d-----w c:\program files\Microsoft SQL Server
2009-05-01 20:57 . 2009-01-12 19:29 -------- d-----w c:\program files\Counter Strike - SRPSKA CAST
2009-05-01 11:57 . 2007-08-08 11:09 134832 ----a-w c:\documents and settings\Nikola\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-01 08:16 . 2007-03-15 21:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-30 21:47 . 2009-01-28 13:17 -------- d-----w c:\program files\Java
2009-03-28 22:14 . 2008-07-17 21:45 -------- d-----w c:\program files\SpeedFan
2009-03-21 17:40 . 2008-05-06 19:56 -------- d-----w c:\program files\Common Files\Teleca Shared
2009-03-13 16:18 . 2008-07-21 18:56 -------- d-----w c:\program files\ImTOO
2009-03-12 13:17 . 2009-03-12 13:17 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-12 13:17 . 2009-03-12 13:17 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\Common Files\PCSuite
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\Common Files\Nokia
2009-03-12 13:14 . 2009-03-12 13:13 -------- d-----w c:\program files\Nokia
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\DIFX
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\PC Connectivity Solution
2009-03-06 14:00 . 2007-03-15 19:08 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:14 . 2007-03-15 19:08 1227776 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:14 . 2007-03-15 19:08 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2007-03-15 19:08 1847424 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2007-03-15 19:08 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2007-03-15 19:08 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2007-03-15 19:08 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2007-03-15 19:08 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-08 18:09 . 2009-02-08 18:08 107424 ----a-w c:\windows\hpqins11.dat
2009-02-08 18:08 . 2008-12-31 17:05 141021 ----a-w c:\windows\hpoins14.dat
2009-02-06 10:32 . 2007-03-15 19:08 2186112 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2007-03-15 19:08 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2007-03-15 19:08 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-03 22:59 2062976 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-12-20 13:11 . 2008-12-20 13:11 139 --sh--w c:\program files\desktop.ini
.

------- Sigcheck -------

[7] 2004-09-29 18:27 656896 2C07195588D69A067C2AFDAA31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[7] 2005-01-27 17:08 657920 A8EAC5330876548E9966A7D13025D196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[7] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[7] 2005-03-10 07:43 657920 C8663B488996E89A84C3D17C1D12B79E c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[7] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[7] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[7] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[7] 2009-02-20 07:50 667648 711FEABED387B29FF7ED61BC6806A06C c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[7] 2006-02-28 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB834707$\wininet.dll
[7] 2004-09-29 18:47 656896 CBA65B573C66FE23F647FF96E3A10994 c:\windows\$NtUninstallKB867282$\wininet.dll
[7] 2005-01-27 17:13 656896 B5E043E440B210014E021B24CF0A72E3 c:\windows\$NtUninstallKB883939$\wininet.dll
[7] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB896688$\wininet.dll
[7] 2005-09-02 23:52 658432 AF61EBB1F550175EFF406D545D6AB086 c:\windows\$NtUninstallKB905915$\wininet.dll
[7] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912812$\wininet.dll
[7] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$NtUninstallKB916281$\wininet.dll
[7] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$NtUninstallKB918899$\wininet.dll
[7] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$NtUninstallKB925454$\wininet.dll
[7] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 14:05 1224704 F846FBB81B253FAF23036EEAD0455144 c:\windows\$NtUninstallKB963027$\wininet.dll
[7] 2009-02-20 08:14 668160 1EA0E6DD74199209D60991FD46CE8643 c:\windows\SoftwareDistribution\Download\38cc9246b0b2808f85d733169eec82d4\sp2qfe\wininet.dll
[7] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\SoftwareDistribution\Download\38cc9246b0b2808f85d733169eec82d4\sp3gdr\wininet.dll
[7] 2009-02-20 07:50 667648 711FEABED387B29FF7ED61BC6806A06C c:\windows\SoftwareDistribution\Download\38cc9246b0b2808f85d733169eec82d4\sp3qfe\wininet.dll
[-] 2009-02-20 08:14 1227776 A5B96F46650BEA35CCA41D14A1464160 c:\windows\system32\wininet.dll
[-] 2009-02-20 08:14 1227776 A5B96F46650BEA35CCA41D14A1464160 c:\windows\system32\dllcache\wininet.dll

[-] 2005-04-05 18:06 1880576 7848D851A023380C9702CC9D0C791113 c:\windows\explorer.exe
[7] 2006-02-28 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB898543$\explorer.exe
[-] 2005-04-05 18:06 1880576 7848D851A023380C9702CC9D0C791113 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2009-05-04 14:17 . 2009-05-04 14:17 5632 c:\windows\system32\pndx5032.dll
+ 2009-05-04 14:17 . 2009-05-06 20:57 5632 c:\windows\system32\pndx5032.dll
- 2009-05-04 14:17 . 2009-05-04 14:17 6656 c:\windows\system32\pndx5016.dll
+ 2009-05-04 14:17 . 2009-05-06 20:57 6656 c:\windows\system32\pndx5016.dll
- 2009-05-04 14:17 . 2009-05-04 14:17 185920 c:\windows\system32\rmoc3260.dll
+ 2009-05-06 20:57 . 2009-05-06 20:57 185920 c:\windows\system32\rmoc3260.dll
+ 2009-05-04 14:17 . 2009-05-06 20:57 278528 c:\windows\system32\pncrt.dll
- 2009-05-04 14:17 . 2009-05-04 14:17 278528 c:\windows\system32\pncrt.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe" [2005-06-02 1957888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [BU]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2006-02-25 2637824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"HService"="c:\windows\msservice.exe" [BU]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-06 1947928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-06 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-27 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-06 08:26 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
[BU]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll
"wave5"= serwvdrv.dll
"wave6"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /kVery Happy *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\INT=CHAR\\Na Kosovo Ravno\\hl.exe"=
"d:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1509:UDP"= 1509:UDP:Windows Media Format SDK (InternetTV.exe)
"1508:UDP"= 1508:UDP:Windows Media Format SDK (InternetTV.exe)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6.5.2009 10:25 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6.5.2009 10:26 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6.5.2009 10:25 298776]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [7.10.2007 11:35 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [7.10.2007 11:35 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [7.10.2007 11:35 8864]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24.11.2008 22:31 29263712]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [19.1.2007 12:54 97136]
S1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpiosys.sys --> c:\windows\system32\drivers\sdpiosys.sys [?]
S2 gupdate1c9ce8d46a6744;Услуга Google Update (gupdate1c9ce8d46a6744);c:\program files\Google\Update\GoogleUpdate.exe [6.5.2009 22:55 133104]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys --> c:\windows\system32\DRIVERS\Amps2prt.sys [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 GAGPDrv;GAGPDrv;c:\windows\system32\drivers\GAGPDrv.sys [31.5.2008 12:21 4764]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GUPDATE1C9CE8D46A6744

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contents of the 'Scheduled Tasks' folder

2009-05-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 15:39]

2009-05-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-06 20:55]
.
.
------- Supplementary Scan -------
.
uSearch Page = [Link mogu videti samo ulogovani korisnici]
uSearch Bar = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Settings,ProxyOverride = local.,
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Search - [Link mogu videti samo ulogovani korisnici]
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici]
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?0f1e5aafb10a45dcabb7c92063593335
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?0f1e5aafb10a45dcabb7c92063593335
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\a1lrct7c.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms}
FF - prefs.js: browser.search.selectedEngine - Searchme
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\a1lrct7c.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\a1lrct7c.default\extensions\{1755e943-b0af-431b-8ba7-3a74879720dd}\components\FFExternalAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-05-06 23:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2503863038-3716547860-1000463515-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
mod by bobby: izbacio sam OODefrag hex kljuc koji je bio toliko dugacak da je zeznuo prelom stranice na forumu.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3704)
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\msi.dll
.
Completion time: 2009-05-06 23:37
ComboFix-quarantined-files.txt 2009-05-06 21:36
ComboFix2.txt 2009-05-06 20:33

Pre-Run: 8.348.258.304 bytes free
Post-Run: 8.356.974.592 bytes free

309 --- E O F --- 2009-05-06 05:53



Poslao: 06 Maj 2009 23:44
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8630
  • Gde živiš: Novi Beograd

Pokreni HiJack This, skeniraj i cekiraj kvadratic ispred sledece linije:

O8 - Extra context menu item: &Search - [Link mogu videti samo ulogovani korisnici]

i klikni FIX CHECKED.

Onda mi postavi novi log HiJack Thisa.



Poslao: 06 Maj 2009 23:57
Idi na vrh
offline
  • Pridružio: 04 Mar 2008
  • Poruke: 147
  • Gde živiš: Leposavić

Napisano: 06 Maj 2009 23:55

nasao sam ga ali kad sam kliknuo na fix checked nije se pojavio log i posle je nestao, sad ga nema

Dopuna: 06 Maj 2009 23:57

sad sam shvatio sta trazis evo loga


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:27, on 6.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nikola\Desktop\Нова фасцикла\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HService] c:\WINDOWS\msservice.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program Files\Executive Software\Diskeeper\ESIRegister.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Need for Speed™ Undercover Registration.lnk = C:\Program Files\EA GAMES\Need for Speed Undercover\Support\EAregister.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici]
O8 - Extra context menu item: Backward Links - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?0f1e5aafb10a45dcabb7c92063593335
O8 - Extra context menu item: Open in new foreground tab - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?0f1e5aafb10a45dcabb7c92063593335
O8 - Extra context menu item: Similar Pages - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comtradegroup.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Услуга Google Update (gupdate1c9ce8d46a6744) (gupdate1c9ce8d46a6744) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - [Link mogu videti samo ulogovani korisnici]

--
End of file - 12362 bytes

Poslao: 07 Maj 2009 00:26
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8630
  • Gde živiš: Novi Beograd

Kakvo je sad stanje?

Poslao: 07 Maj 2009 00:32
Idi na vrh
offline
  • Pridružio: 04 Mar 2008
  • Poruke: 147
  • Gde živiš: Leposavić

mnogo bolje nego pre, ali je racunar dosta usporen u pocetku trbamu pet minuta da normalno profunkcionise.

Pozz......

Poslao: 07 Maj 2009 00:39
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8630
  • Gde živiš: Novi Beograd

OK.

Deinstalacija ComboFix-a:
Klikni START a zatim RUN.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.


Ako bude problema, a ti vici.

Poslao: 07 Maj 2009 16:55
Idi na vrh
offline
  • Pridružio: 04 Mar 2008
  • Poruke: 147
  • Gde živiš: Leposavić

Napisano: 07 Maj 2009 0:42

vazi, dodao sam te u kontakt za msn ako bude nesto iskrslo


Hvala na svemu i pOzzz...

Dopuna: 07 Maj 2009 16:55

MAlo se oduzilo ali evo loga





ComboFix 09-05-05.05 - Nikola 07.05.2009 16:39.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.381.1033.18.511.186 [GMT 2:00]
Running from: c:\downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-04-07 to 2009-05-07 )))))))))))))))))))))))))))))))
.

2009-05-06 20:57 . 2009-05-06 20:57 -------- d-----w c:\program files\Common Files\xing shared
2009-05-06 17:07 . 2009-05-06 17:07 -------- d-----w c:\program files\CCleaner
2009-05-06 08:37 . 2009-05-07 12:57 -------- d--h--w C:\$AVG8.VAULT$
2009-05-06 08:26 . 2009-05-06 08:26 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-06 08:26 . 2009-05-06 08:26 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-06 08:25 . 2009-05-06 08:25 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-06 08:25 . 2009-05-07 11:45 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-06 08:25 . 2009-05-06 08:25 -------- d-----w c:\program files\AVG
2009-05-06 08:25 . 2009-05-06 08:25 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-05 20:02 . 2009-05-05 20:18 -------- d-----w c:\program files\Online TV Player 4
2009-05-05 20:02 . 2009-05-05 20:02 -------- d-----w c:\program files\Dexpot
2009-05-05 16:09 . 2009-05-05 16:09 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-05-04 14:15 . 2009-05-04 14:15 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-03 18:22 . 2003-02-28 16:26 139536 ----a-w c:\windows\system32\javaee.dll
2009-05-03 18:22 . 2003-02-28 16:26 171792 ----a-w c:\windows\system32\wjview.exe
2009-05-03 18:22 . 2003-02-28 16:26 172304 ----a-w c:\windows\system32\jview.exe
2009-05-03 18:22 . 2003-02-28 16:26 49424 ----a-w c:\windows\system32\clspack.exe
2009-05-02 19:41 . 2009-05-02 19:41 -------- d-----w c:\program files\YouTube Downloader
2009-05-02 05:45 . 2006-02-28 12:00 221184 ----a-w c:\windows\system32\wmpns.dll
2009-05-01 18:47 . 2009-05-07 11:42 -------- d-----w c:\documents and settings\Nikola\Application Data\Hamachi
2009-05-01 18:46 . 2009-05-01 18:46 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-05-01 18:33 . 2009-02-06 10:29 2142720 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-01 18:33 . 2009-02-06 10:32 2186112 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-01 18:33 . 2009-02-06 09:49 2020864 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-01 18:33 . 2009-02-06 09:49 2062976 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-05-01 18:00 . 2009-05-01 18:00 -------- d-----w c:\program files\Windows Live Favorites
2009-05-01 17:56 . 2009-05-01 20:00 -------- d-----w c:\documents and settings\Nikola\Contacts
2009-05-01 17:52 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-05-01 17:52 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-01 17:51 . 2009-05-01 17:51 -------- d-----w c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2009-05-01 17:49 . 2009-05-01 18:00 -------- d-----w c:\program files\Windows Live Toolbar
2009-05-01 17:47 . 2009-05-01 17:47 -------- d-----w c:\program files\MSN Messenger
2009-04-30 22:14 . 2009-04-30 22:14 -------- d-----w c:\documents and settings\Nikola\Application Data\Deckadance
2009-04-30 22:08 . 2009-05-01 20:58 -------- d-----w c:\program files\Image-Line
2009-04-30 22:07 . 2009-04-30 22:07 -------- d-----w c:\program files\VstPlugins
2009-04-30 21:48 . 2009-05-01 18:49 -------- d-----w c:\documents and settings\Nikola\Application Data\MyRadioPlayer
2009-04-30 21:44 . 2009-05-01 18:49 -------- d-----w c:\program files\MyRadioPlayer
2009-04-30 21:44 . 2009-04-30 21:44 -------- d-----w c:\program files\AskSBar
2009-04-30 21:37 . 2009-04-30 21:37 -------- d-----w c:\documents and settings\Nikola\Local Settings\Application Data\Mozilla
2009-04-30 19:18 . 2009-04-30 19:18 -------- d-----w c:\windows\Sun
2009-04-30 18:27 . 2009-04-30 18:27 -------- d-----w c:\program files\GameTop.com
2009-04-30 17:10 . 2009-04-30 17:10 197120 ----a-w c:\windows\system32\New Golf GTI screensaver.scr
2009-04-30 17:10 . 2009-04-30 17:10 -------- d-----w c:\windows\system32\New Golf GTI screensaver dir
2009-04-22 22:09 . 2009-04-22 22:09 -------- d-----w c:\program files\INT=CHAR
2009-04-20 11:54 . 2009-05-01 20:38 -------- d-----w c:\program files\Valve
2009-04-18 20:43 . 2009-04-18 20:43 -------- d-----w c:\program files\Novel Games
2009-04-13 19:21 . 2009-04-13 19:21 -------- d-----w c:\documents and settings\Nikola\Application Data\Pioneer
2009-04-13 19:16 . 2009-04-13 19:16 -------- d-----w c:\windows\system32\ipp20

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 12:13 . 2008-08-11 22:11 -------- d-----w c:\program files\FlashGet
2009-05-07 12:13 . 2009-02-19 19:15 -------- d-----w c:\program files\Winamp
2009-05-07 12:05 . 2007-10-07 10:26 -------- d-----w c:\program files\Google
2009-05-07 11:41 . 2008-07-23 10:11 -------- d-----w c:\program files\SysMetrix
2009-05-06 20:57 . 2007-10-07 10:51 -------- d-----w c:\program files\Common Files\Real
2009-05-06 20:57 . 2007-10-07 10:50 -------- d-----w c:\program files\Real
2009-05-06 20:57 . 2003-03-18 19:14 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-06 07:43 . 2007-09-28 21:12 -------- d-----w c:\program files\Kaspersky Lab
2009-05-04 14:17 . 2003-02-21 03:42 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-03 18:22 . 2009-05-03 18:22 2232 ----a-w c:\windows\java\Packages\Data\Z5BBJ797.DAT
2009-05-03 18:22 . 2009-05-03 18:22 155995 ----a-w c:\windows\java\Packages\X7LBNNDF.ZIP
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\6IRJTBXN.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\U857R17J.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\MPNBXNTF.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\8QT3BTBJ.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\B5RVNJPR.DAT
2009-05-02 19:42 . 2007-10-07 10:26 -------- d-----w c:\program files\DivX
2009-05-02 05:56 . 2007-03-15 20:57 -------- d-----w c:\program files\Microsoft SQL Server
2009-05-01 20:57 . 2009-01-12 19:29 -------- d-----w c:\program files\Counter Strike - SRPSKA CAST
2009-05-01 11:57 . 2007-08-08 11:09 134832 ----a-w c:\documents and settings\Nikola\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-01 08:16 . 2007-03-15 21:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-30 21:47 . 2009-01-28 13:17 -------- d-----w c:\program files\Java
2009-03-28 22:14 . 2008-07-17 21:45 -------- d-----w c:\program files\SpeedFan
2009-03-21 17:40 . 2008-05-06 19:56 -------- d-----w c:\program files\Common Files\Teleca Shared
2009-03-13 16:18 . 2008-07-21 18:56 -------- d-----w c:\program files\ImTOO
2009-03-12 13:17 . 2009-03-12 13:17 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-12 13:17 . 2009-03-12 13:17 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\Common Files\PCSuite
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\Common Files\Nokia
2009-03-12 13:14 . 2009-03-12 13:13 -------- d-----w c:\program files\Nokia
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\DIFX
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\PC Connectivity Solution
2009-03-06 14:00 . 2007-03-15 19:08 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:14 . 2007-03-15 19:08 1227776 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:14 . 2007-03-15 19:08 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2007-03-15 19:08 1847424 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2007-03-15 19:08 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2007-03-15 19:08 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2007-03-15 19:08 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2007-03-15 19:08 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-08 18:09 . 2009-02-08 18:08 107424 ----a-w c:\windows\hpqins11.dat
2009-02-08 18:08 . 2008-12-31 17:05 141021 ----a-w c:\windows\hpoins14.dat
2008-12-20 13:11 . 2008-12-20 13:11 139 --sh--w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe" [2005-06-02 1957888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 68856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2006-02-25 2637824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-06 1947928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-06 198160]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2005-09-27 169984]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-27 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-06 08:26 11952 ----a-w c:\windows\system32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll
"wave5"= serwvdrv.dll
"wave6"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /kVery Happy *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nikola^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\Nikola\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nikola^Start Menu^Programs^Startup^Need for Speed™ Undercover Registration.lnk]
path=c:\documents and settings\Nikola\Start Menu\Programs\Startup\Need for Speed™ Undercover Registration.lnk
backup=c:\windows\pss\Need for Speed™ Undercover Registration.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\INT=CHAR\\Na Kosovo Ravno\\hl.exe"=
"d:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1509:UDP"= 1509:UDP:Windows Media Format SDK (InternetTV.exe)
"1508:UDP"= 1508:UDP:Windows Media Format SDK (InternetTV.exe)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6.5.2009 10:25 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6.5.2009 10:26 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6.5.2009 10:25 298776]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [7.10.2007 11:35 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [7.10.2007 11:35 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [7.10.2007 11:35 8864]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24.11.2008 22:31 29263712]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [19.1.2007 12:54 97136]
S1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpiosys.sys --> c:\windows\system32\drivers\sdpiosys.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys --> c:\windows\system32\DRIVERS\Amps2prt.sys [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 GAGPDrv;GAGPDrv;c:\windows\system32\drivers\GAGPDrv.sys [31.5.2008 12:21 4764]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contents of the 'Scheduled Tasks' folder

2009-05-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 15:39]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HService - c:\windows\msservice.exe
Notify-avldr - (no file)


.
------- Supplementary Scan -------
.
uSearch Page = [Link mogu videti samo ulogovani korisnici]
uSearch Bar = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Settings,ProxyOverride = local.,
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici]
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?0f1e5aafb10a45dcabb7c92063593335
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?0f1e5aafb10a45dcabb7c92063593335
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\a1lrct7c.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms}
FF - prefs.js: browser.search.selectedEngine - Searchme
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\a1lrct7c.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\a1lrct7c.default\extensions\{1755e943-b0af-431b-8ba7-3a74879720dd}\components\FFExternalAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-05-07 16:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2503863038-3716547860-1000463515-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="D03B48AD5044A22
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(140)
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\AskSBar\bar\1.bin\ASKSBAR.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2009-05-07 16:50
ComboFix-quarantined-files.txt 2009-05-07 14:48
ComboFix2.txt 2009-05-06 21:37

Pre-Run: 10.872.872.960 bytes free
Post-Run: 10.861.998.080 bytes free

263 --- E O F --- 2009-05-06 22:48

Poslao: 07 Maj 2009 17:15
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8630
  • Gde živiš: Novi Beograd

Ugasi AV.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\msservice.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HService"=-

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

MyCity » Ambulanta -> Arhiva Ambulante » Usporen racunar

Ko je trenutno na forumu
 

Ukupno su 1659 korisnika na forumu :: 133 registrovanih, 15 sakrivenih i 1511 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, ajo baba, Aleksandar Tomić, alternator, annon, AOE, Armadillo, Asteker, batana, Bb16, boj.an, bojcistv, CCCP, ccoogg123, Chainsaw, Cicumile, cifra, Cirkon, comi, Crazzer, crnitrn, cvele130, DalmatinacMF, Darko Jovanovic, Darko8, Dekster, dendrit86, Dimitrije Paunovic, dnevnasoba, draganl, Dragon Order, eighty-one, Electron, Fabius, Foxdie, g_g, galerija, Giskard, Gogi_avio, goxin, GT, ILGromovnik, Jan, Jona71, JOntra, Jose, Kajzer Soze, Kajzer_Soze, Kalem, Kamov, Kenanjoz, kibihrchak, Klecaviks, kokodakalo, Konda, kovacicbozo, Kredit, luka35, mackenzie, Mahovljani, Mali Rambo, mat, MB120mm, mean_machine, mercedesamg, Mercury, mexo, mikrimaus, milanpb, milenko crazy north, MiljanXD, mrzimregistraciju, Musklfiber, Naum T, nedeljkovici, nelezele, Nemanja.M, Nole, Orc, ozzy, paja69, Panter, Papadubi, pavle_pzs, Pekman, Pero, pfc74, ping15, Podljub, precan, PrincipL, raf87, raketaš, raptorsi, Ray1973, redstar72, repac, Resnica, ruma, Samo gledam, Sanda, Sančo, Savantije, septembar, Simon simonović, Sir Budimir, skylab1111, Smd, Srna, stagezin, stegonosa, strn, tajvankanasta, tesa, theNedjeljko, Tila Painen, trutcina, uruk, vathra, Vatreni Zmaj, vojnik švejk, vukajlo71, vukovi, yrraf, zdrebac, Zec, zemljanin, zil10, zivojin32, zombicar153, zubri, Zvone, Žabar