treba mi pomoc

1

treba mi pomoc

offline
  • Pridružio: 19 Avg 2011
  • Poruke: 5

evo o cemu se radi:od kada su isli oni virusi na facebook-u ne mogu da ucitam stranicu facebook.com.probala sam sve ali nista ne radi.
sve sam uradila kako ste napisali i sve vam saljem,nadam se da cete mi pomoci Smile
mycity.rs/must-login.png



.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_26
Run by MARIO at 22:02:46 on 2011-08-18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1367 [GMT 2:00]
.
AV: avast! antivirus 4.8.1296 [VPS 090924-0] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\advertomSys.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\advertomSys.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66016
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=66016
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=66016
uURLSearchHooks: &Crawler Toolbar Helper: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: &Crawler Toolbar Helper: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [advertomSys] c:\windows\system32\advertomSys.exe
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [tray_ico4]
mRun: [tray_ico3]
mRun: [tray_ico2]
mRun: [tray_ico1]
mRun: [tray_ico]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [advertomSys] c:\windows\system32\advertomSys.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\mario\startm~1\programs\startup\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\home.url
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\down_all.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.150.201
TCP: Interfaces\{9AADFB52-4C12-42A1-A970-787502D573EE} : DhcpNameServer = 192.168.150.201
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mario\application data\mozilla\firefox\profiles\lq7vjg1b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\mario\application data\mozilla\firefox\profiles\lq7vjg1b.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\mario\application data\mozilla\firefox\profiles\lq7vjg1b.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - component: c:\program files\crawler\firefox\components\xcomm.dll
FF - component: c:\program files\crawler\firefox\components\xshared.dll
FF - component: c:\program files\crawler\firefox\components\xsupport.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-5-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-5-18 55160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-25 366640]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2011-1-31 22016]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2011-1-31 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-25 22712]
S2 ekrn;ESET Service;"c:\program files\eset\eset smart security\ekrn.exe" --> c:\program files\eset\eset smart security\ekrn.exe [?]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2011-1-31 17536]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2011-6-29 223128]
.
=============== Created Last 30 ================
.
2011-08-18 19:51:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-08-13 13:55:18 -------- d-----w- c:\documents and settings\mario\local settings\application data\Opera
2011-08-11 22:42:51 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-08-11 22:42:51 785368 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-08-11 22:42:51 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-08-11 22:42:51 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-08-11 22:42:51 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-08-11 22:42:51 1846232 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-08-11 22:42:51 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-07-25 16:24:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-25 16:24:49 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-25 16:24:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-25 13:59:48 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-25 13:59:48 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-25 08:12:40 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-07-23 12:15:59 -------- d-----w- c:\windows\ufa
2011-07-23 12:15:59 -------- d-----w- c:\windows\phoenix
2011-07-23 11:38:40 -------- d--h--w- c:\windows\update.5.0
2011-07-23 11:28:54 -------- d--h--w- c:\windows\update.2
2011-07-23 11:28:12 246272 ----a-w- c:\windows\unrar.exe
2011-07-23 11:23:12 -------- d-----w- c:\windows\av_ico
2011-07-23 11:20:18 -------- d--h--w- c:\windows\update.1
2011-07-23 11:20:13 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-23 11:20:13 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-21 15:53:43 -------- d-----w- C:\Images
2011-07-21 15:47:45 -------- d-----w- C:\Audio
.
==================== Find3M ====================
.
2011-08-18 10:43:37 336 ----a-w- c:\windows\system32\msvcsv60.dll
2011-06-29 19:49:29 223128 ----a-w- c:\windows\system32\drivers\vaxscsi.sys
2011-06-29 19:13:23 121371 ----a-w- c:\windows\system32\d0567c94.exe
2011-06-23 08:52:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-29 20:15:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 22:02:54,53 ===============






mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav kuvananoga!











U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------



Arrow


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.









goran9888 (AMF Tim)

offline
  • Pridružio: 19 Avg 2011
  • Poruke: 5

Napisano: 22 Avg 2011 23:17

ComboFix 11-08-22.04 - MARIO 22.08.2011 23:07:57.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1529 [GMT 2:00]
Running from: c:\documents and settings\MARIO\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090924-0] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\MARIO\Application Data\PriceGong
c:\documents and settings\MARIO\Application Data\PriceGong\Data\1.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\a.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\b.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\c.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\d.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\e.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\f.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\g.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\h.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\i.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\J.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\k.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\l.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\m.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\n.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\o.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\p.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\q.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\r.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\s.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\t.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\u.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\v.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\w.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\x.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\y.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\z.xml
c:\documents and settings\MARIO\WINDOWS
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer.rar
c:\windows\system32\advertomSys.exe
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\msvcsv60.dll
c:\windows\systems.exe
c:\windows\UA000106.DLL
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS
.
.
((((((((((((((((((((((((( Files Created from 2011-07-22 to 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 21:05 . 2011-08-22 21:05 -------- d-----w- c:\windows\LastGood.Tmp
2011-08-18 19:51 . 2011-08-12 05:57 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-13 13:55 . 2011-08-13 13:55 -------- d-----w- c:\documents and settings\MARIO\Local Settings\Application Data\Opera
2011-08-13 13:55 . 2011-08-13 13:55 -------- d-----w- c:\program files\Opera
2011-08-11 22:42 . 2011-08-12 05:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-11 22:42 . 2011-08-12 05:57 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-11 22:42 . 2011-08-12 05:57 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-11 22:42 . 2011-08-12 05:57 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-11 22:42 . 2011-08-12 05:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-11 22:42 . 2011-08-12 03:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-11 22:42 . 2011-08-12 03:16 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-25 13:59 . 2011-08-15 06:09 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-25 13:59 . 2011-08-15 06:09 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-25 13:51 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-25 13:51 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-25 13:51 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-25 13:51 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2011-07-25 13:51 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-25 13:51 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 13:51 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-25 13:51 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-25 13:51 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-25 13:51 . 2004-01-09 08:13 380928 ----a-w- c:\windows\system32\actskin4.ocx
2011-07-25 08:15 . 2011-07-25 08:15 -------- d-----w- c:\documents and settings\MARIO\Application Data\Games
2011-07-25 08:12 . 2011-07-25 08:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-23 12:15 . 2011-07-23 11:28 246272 ----a-w- c:\windows\unrar.exe
2011-06-29 19:49 . 2011-06-29 19:49 223128 ----a-w- c:\windows\system32\drivers\vaxscsi.sys
2011-06-29 19:13 . 2011-06-29 19:13 121371 ----a-w- c:\windows\system32\d0567c94.exe
2011-06-23 08:52 . 2011-06-23 08:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-29 20:15 . 2011-05-29 20:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 05:57 . 2011-08-18 19:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-08-03 . 6B34C92AC4935E0BCF035FE78E3905A2 . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-03 . 6B34C92AC4935E0BCF035FE78E3905A2 . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
.
[-] 2004-08-03 . 3A5EE0514F56B1B775D7641CFBA5AD37 . 690176 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-03 . 3A5EE0514F56B1B775D7641CFBA5AD37 . 690176 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
.
[-] 2004-08-03 . A5C1F2CF7C31874E66478910B43D6513 . 974336 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-03 . A5C1F2CF7C31874E66478910B43D6513 . 974336 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2004-08-03 . 61F45E8000C6C5913D3D1DA451337364 . 224256 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[-] 2004-08-03 . 61F45E8000C6C5913D3D1DA451337364 . 224256 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2004-08-03 . 2D54D6321AE200903A363C5AC60D8A37 . 832512 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-02-19 1471728]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2011-04-22 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\MARIO\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
home.url [2009-9-10 130]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /installquiet
"UpdReg"=c:\windows\UpdReg.EXE
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [18.5.2007 21:53 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [18.5.2007 21:52 55160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.1.2011 22:45 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19.3.2009 12:44 107256]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [31.1.2011 12:48 22016]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [31.1.2011 14:54 33792]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" --> c:\program files\ESET\ESET Smart Security\ekrn.exe [?]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [31.1.2011 12:48 17536]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [29.6.2011 21:49 223128]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-20 08:39]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-20 08:39]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-329068152-839522115-1003Core.job
- c:\documents and settings\MARIO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-19 21:44]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-329068152-839522115-1003UA.job
- c:\documents and settings\MARIO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-19 21:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.150.201
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\MARIO\Application Data\Mozilla\Firefox\Profiles\lq7vjg1b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-advertomSys - c:\windows\system32\advertomSys.exe
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico - (no file)
HKLM-Run-advertomSys - c:\windows\system32\advertomSys.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-08-22 23:14
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2592)
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-08-22 23:16:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-22 21:16
.
Pre-Run: 876.871.680 bytes free
Post-Run: 884.666.368 bytes free
.
- - End Of File - - A06E707828E8915ED4A4098E3D6A79A4

Dopuna: 22 Avg 2011 23:18

hvala unapred,samo nije mi jasno kako mi izbacuje da imam avast kada ne mogu da ga nadjem,nadam se da sam dobro sve uradila i da cete mi pomoci

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Start -> Control Panel -> Add or Remove Programs -> potrazi Avast i ukoliko postoji deinstaliraj ga.

Nakon toga skini Avast-ov uninstall Utility, pokreni ga u Safe mode Windows-a i ukloni ostatke Avast-a. Ovde imas link za download sa uputstvom: http://www.avast.com/uninstall-utility

Takodje isto to odradi i sa ovim alatom jer se u izvestajima vide ostaci ESET Smart Security: http://kb.eset.com/esetkb/index?page=content&id=SOLN2289



Tek nakon sto to odradis, predji na sledeci korak ...




Arrow



- Start -> Control Panel -> Windows Firewall -> On



Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\unrar.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\home.url

Folder::
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk
c:\progra~1\Crawler

DDS::
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll

FireFox::
FF - ProfilePath - c:\documents and settings\MARIO\Application Data\Mozilla\Firefox\Profiles\lq7vjg1b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.








goran9888 (AMF Tim)

offline
  • Pridružio: 19 Avg 2011
  • Poruke: 5

ComboFix 11-08-22.04 - MARIO 23.08.2011 9:24.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1661 [GMT 2:00]
Running from: c:\documents and settings\MARIO\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MARIO\Desktop\CFScript.txt
.
FILE ::
"c:\documents and settings\All Users\Start Menu\Programs\Startup\home.url"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\home.url
c:\documents and settings\MARIO\Application Data\PriceGong
c:\documents and settings\MARIO\Application Data\PriceGong\Data\1.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\a.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\b.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\c.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\d.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\e.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\f.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\g.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\h.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\i.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\J.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\k.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\l.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\m.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\n.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\o.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\p.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\q.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\r.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\s.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\t.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\u.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\v.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\w.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\x.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\y.xml
c:\documents and settings\MARIO\Application Data\PriceGong\Data\z.xml
c:\progra~1\Crawler
c:\progra~1\Crawler\adrkeys.dat
c:\progra~1\Crawler\Cache\COMMON\CLEANUP_CHBMP.dat
c:\progra~1\Crawler\Cache\COMMON\CLEANUP_MENU.dat
c:\progra~1\Crawler\Cache\COMMON\DIRLIST_CHBMP.dat
c:\progra~1\Crawler\Cache\COMMON\DIRLIST_MENU.dat
c:\progra~1\Crawler\Cache\COMMON\ECARDS_CHBMP.dat
c:\progra~1\Crawler\Cache\COMMON\ECARDS_MENU.dat
c:\progra~1\Crawler\Cache\COMMON\EMAIL_CHBMP.dat
c:\progra~1\Crawler\Cache\COMMON\GAMES_CHBMP.dat
c:\progra~1\Crawler\Cache\COMMON\GAMES_MENU.dat
c:\progra~1\Crawler\Cache\COMMON\SHOP_CHBMP.dat
c:\progra~1\Crawler\Cache\COMMON\SPELL_CHBMP.dat
c:\progra~1\Crawler\Cache\COMMON\TRAVEL_CHBMP.dat
c:\progra~1\Crawler\Cache\COMMON\WAYBACK_CHBMP.dat
c:\progra~1\Crawler\Cache\COMMON\WP_CHBMP.dat
c:\progra~1\Crawler\Cache\COMMON\YP_CHBMP.dat
c:\progra~1\Crawler\COMMON_FF.dat
c:\progra~1\Crawler\confirm.dat
c:\progra~1\Crawler\ctbcomm.dll
c:\progra~1\Crawler\ctbr.dll
c:\progra~1\Crawler\CTConf.dat
c:\progra~1\Crawler\CTipsDef.dll
c:\progra~1\Crawler\CToolbar.exe
c:\progra~1\Crawler\CUpdate.exe
c:\progra~1\Crawler\firefox\chrome.manifest
c:\progra~1\Crawler\firefox\chrome\common.jar
c:\progra~1\Crawler\firefox\chrome\crawlertbr.jar
c:\progra~1\Crawler\firefox\components\xcomm.dll
c:\progra~1\Crawler\firefox\components\xplugin.xpt
c:\progra~1\Crawler\firefox\components\xshared.dll
c:\progra~1\Crawler\firefox\components\xshared.xpt
c:\progra~1\Crawler\firefox\components\xsupport.dll
c:\progra~1\Crawler\firefox\components\xsupport.xpt
c:\progra~1\Crawler\firefox\install.ini
c:\progra~1\Crawler\firefox\install.rdf
c:\progra~1\Crawler\Languages\TBR5_CS.cab
c:\progra~1\Crawler\Languages\TBR5_DA.cab
c:\progra~1\Crawler\Languages\TBR5_DE.cab
c:\progra~1\Crawler\Languages\TBR5_EN.cab
c:\progra~1\Crawler\Languages\TBR5_ES.cab
c:\progra~1\Crawler\Languages\TBR5_FR.cab
c:\progra~1\Crawler\Languages\TBR5_IT.cab
c:\progra~1\Crawler\Languages\TBR5_NL.cab
c:\progra~1\Crawler\Languages\TBR5_PL.cab
c:\progra~1\Crawler\Languages\TBR5_PT-BR.cab
c:\progra~1\Crawler\Languages\TBR5_PT.cab
c:\progra~1\Crawler\Languages\TBR5_RU.cab
c:\progra~1\Crawler\lookfor.dat
c:\progra~1\Crawler\majorse.dat
c:\progra~1\Crawler\rootmenu.dat
c:\progra~1\Crawler\services.dat
c:\progra~1\Crawler\TBR5LanguageAct\info.ini
c:\progra~1\Crawler\TBR5LanguageAct\language.ini
c:\windows\unrar.exe
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0
.
.
((((((((((((((((((((((((( Files Created from 2011-07-23 to 2011-08-23 )))))))))))))))))))))))))))))))
.
.
2011-08-18 19:51 . 2011-08-12 05:57 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-13 13:55 . 2011-08-13 13:55 -------- d-----w- c:\documents and settings\MARIO\Local Settings\Application Data\Opera
2011-08-13 13:55 . 2011-08-13 13:55 -------- d-----w- c:\program files\Opera
2011-08-11 22:42 . 2011-08-12 05:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-11 22:42 . 2011-08-12 05:57 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-11 22:42 . 2011-08-12 05:57 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-11 22:42 . 2011-08-12 05:57 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-11 22:42 . 2011-08-12 05:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-11 22:42 . 2011-08-12 03:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-11 22:42 . 2011-08-12 03:16 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-25 08:15 . 2011-07-25 08:15 -------- d-----w- c:\documents and settings\MARIO\Application Data\Games
2011-07-25 08:12 . 2011-07-25 08:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-29 19:49 . 2011-06-29 19:49 223128 ----a-w- c:\windows\system32\drivers\vaxscsi.sys
2011-06-29 19:13 . 2011-06-29 19:13 121371 ----a-w- c:\windows\system32\d0567c94.exe
2011-06-23 08:52 . 2011-06-23 08:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-29 20:15 . 2011-05-29 20:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 05:57 . 2011-08-18 19:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-08-03 . 6B34C92AC4935E0BCF035FE78E3905A2 . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-03 . 6B34C92AC4935E0BCF035FE78E3905A2 . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
.
[-] 2004-08-03 . 3A5EE0514F56B1B775D7641CFBA5AD37 . 690176 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-03 . 3A5EE0514F56B1B775D7641CFBA5AD37 . 690176 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
.
[-] 2004-08-03 . A5C1F2CF7C31874E66478910B43D6513 . 974336 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-03 . A5C1F2CF7C31874E66478910B43D6513 . 974336 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2004-08-03 . 61F45E8000C6C5913D3D1DA451337364 . 224256 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[-] 2004-08-03 . 61F45E8000C6C5913D3D1DA451337364 . 224256 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2004-08-03 . 2D54D6321AE200903A363C5AC60D8A37 . 832512 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-08-22_21.13.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-23 07:18 . 2011-08-23 07:18 16384 c:\windows\Temp\Perflib_Perfdata_4f4.dat
+ 2011-08-23 07:07 . 2011-08-23 07:07 262144 c:\windows\system32\config\systemprofile\NtUser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-02-19 1471728]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2011-04-22 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\MARIO\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /installquiet
"UpdReg"=c:\windows\UpdReg.EXE
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [18.5.2007 21:53 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [18.5.2007 21:52 55160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.1.2011 22:45 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19.3.2009 12:44 107256]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [31.1.2011 12:48 22016]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [31.1.2011 14:54 33792]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" --> c:\program files\ESET\ESET Smart Security\ekrn.exe [?]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [31.1.2011 12:48 17536]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [29.6.2011 21:49 223128]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-20 08:39]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-20 08:39]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-329068152-839522115-1003Core.job
- c:\documents and settings\MARIO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-19 21:44]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-329068152-839522115-1003UA.job
- c:\documents and settings\MARIO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-19 21:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.150.201
FF - ProfilePath - c:\documents and settings\MARIO\Application Data\Mozilla\Firefox\Profiles\lq7vjg1b.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-CToolbar_UNINSTALL - c:\progra~1\Crawler\CToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-08-23 09:29
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-08-23 09:30:36
ComboFix-quarantined-files.txt 2011-08-23 07:30
ComboFix2.txt 2011-08-22 21:16
.
Pre-Run: 873.664.512 bytes free
Post-Run: 854.048.768 bytes free
.
- - End Of File - - 55E6B2BD242D550E0C8F765BB1FF4BC1

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Jesi li pokretao ESET Uninstaller u Safe mode-u kao sto sam napisao?







Potrebno je da instaliras Anti-Virus na sistem. Moj predlog ti je da koristis besplatan Anti-Virus ukoliko nemas licencu za komercijalnu verziju AV-a. Besplatni Anti-Virusi su: Avast, Avira, AVG, Panda Cloud, MSE, itd ... Odluci se za jedan.

Tema koja ti moze biti od pomoci je: Izbor besplatnog antivirusa





Arrow



Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).












Kakvo je sada stanje sistema?






goran9888 (AMF Tim)

offline
  • Pridružio: 19 Avg 2011
  • Poruke: 5

uradila sam sve sto si napisao...jel sada da skinem i antivirus i malwerbytes?

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

kuvananoga ::uradila sam sve sto si napisao...jel sada da skinem i antivirus i malwerbytes?



Da.


Malwarebytes nije (klasican) Anti-Virus. Postavi mi njegov izvestaj nakon skeniranja da pogledam. Takodje, obavesti me koji si AV instalirala.







goran9888 (AMF Tim)

offline
  • Pridružio: 19 Avg 2011
  • Poruke: 5

uradila sam sve i uspela sam da pokrenem fb ali mi je jako spor net,malwer mi je nasao 3 trojanca poslacu ti veceras izvestaj restartovli su mi komp Sad

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

kuvananoga ::uradila sam sve i uspela sam da pokrenem fb ali mi je jako spor net,malwer mi je nasao 3 trojanca poslacu ti veceras izvestaj restartovli su mi komp Sad


Ok. Ocekujem izvestaj, da pogledam.

Ko je trenutno na forumu
 

Ukupno su 1126 korisnika na forumu :: 38 registrovanih, 4 sakrivenih i 1084 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Arahne, ArchaBasha, Bane san, bestguarder, bojankrstc, bufanje, Denaya, Dogma21, ds69, Dukelander, dule10savic, FileFinder, gomago, ILGromovnik, kib, Kozi-RS, Kubovac, kuntalo, ladro, laki_bb, Marko Marković, Metanoja, mgolub, milenko crazy north, milimoj, Milometer, mkukoleca, nebojsag, nemkea71, Oscar, pein, procesor, raketaš, repac, Sirius, suton, Vlad000, šumar bk2