Kakav je ovo virus ljudi moji?????????

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 10 Jul 2009 13:54

:( Pozdrav svima na forumu....Nova sam i kao neiskusna imam neka pitanja....
Setajuci po netu odjednom mi se na ekranu kompjutera umesto pozadine pojavi crni ekran sa velikim stampanim slovima------WARNING!!! i nesto kao zastitite se od virusa itd itd na engleskom jeziku.....
Pojavi mi se kao neki program ima ikonicu kao stit zlatno crne boje koji uopste nisam imala u kompjuteru i pocne da skenira i da skenira i na kraju skeniranja nadje 38 virusa,spywarea itd itd....Trazi da ih uklonim ali da prvo aktiviram program za 50 dolara....Nemam pojma o cemu se radi ali kod prijatelja sam zbog toga morala da obaram sistem i instaliram opet XP...
Kod mene sam uspela nekako da ga izbacim bez obaranja sistema i za sad je sve u redu,ali me interesuje sta je to i da li neko zna o cemu se radi ako kojim slucajem ponovo u[padne kod mene kako da ga sprecim da mi ne unisti ceo sistem.....POZZZZZZZ Hvala unapred!!!

jelena nis

Dopuna: 10 Jul 2009 14:00

1.Trojan horse SHeur2APSY

2. virus identified Win32/Cryptor
3.Trojan horse FakeAlert KW


Evo sad mi je scan u avg pronasao ova cuda ...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...


Želiš pomoć u rešavanju toga problema?

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala puno.....Pozdrav od jelene!!!!!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:20, on 10.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\ema\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\igre novo download\video\RealPlay.exe
C:\Documents and Settings\ema\Desktop\jeckicica\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.mywebsearch.com/mywebsearch/default......4xG78ErQKQ
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\igre novo download\video\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ema\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: ap
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm480YYRS
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\fles\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro......0.1.1.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ?????? Google Update (gupdate1c9c5cdafbdef50) (gupdate1c9c5cdafbdef50) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7296 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-07-09.08 - ema 11.07.2009 18:43.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.260 [GMT 2:00]
Running from: c:\documents and settings\ema\Desktop\jeckicica\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ema\Application Data\.#
c:\documents and settings\ema\Application Data\.#\MBX@1680@E24170.###
c:\documents and settings\ema\Application Data\.#\MBX@1680@E241A0.###
c:\documents and settings\ema\Application Data\.#\MBX@1680@E241D0.###
c:\documents and settings\ema\Application Data\.#\MBX@B8C@E24170.###
c:\documents and settings\ema\Application Data\.#\MBX@B8C@E241A0.###
c:\documents and settings\ema\Application Data\.#\MBX@B8C@E241D0.###
c:\documents and settings\ema\ema.exe
c:\documents and settings\NetworkService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\recycler\S-1-5-21-0243636035-3055115376-381863306-1556
c:\recycler\S-1-5-21-0478677222-7453283672-896644346-3885
c:\recycler\S-1-5-21-1004972446-3821707328-900188461-3639
c:\recycler\S-1-5-21-1754759534-0938950791-477306562-7307
c:\recycler\S-1-5-21-5825101084-3968375133-856263297-7897
c:\recycler\S-1-5-21-9695607551-1391447160-579186508-8838
c:\windows\Installer\1058b3.msi
c:\windows\Installer\29687.msi
c:\windows\system32\drivers\hjgruiosntmxdq.sys
c:\windows\system32\hjgruiikkfrhto.dat
c:\windows\system32\hjgruijbppurkw.dll
c:\windows\system32\hjgruilitetefv.dat
c:\windows\system32\hjgruimtaknsgm.dll
c:\windows\system32\drivers\d4982d70.sys . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruiuybwwxwh
-------\Legacy_ati64si
-------\Service_ati64si
-------\Service_d4982d70


((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-09 21:58 . 2009-07-09 22:00 -------- dc----w- c:\documents and settings\ema\Local Settings\Application Data\Adobe
2009-07-09 19:53 . 2009-07-09 19:53 -------- dc----w- c:\documents and settings\ema\Contacts
2009-07-09 13:30 . 2009-07-09 13:30 -------- dc----w- c:\documents and settings\ema\Local Settings\Application Data\Barbie Horse Adventures - Riding Camp
2009-07-09 13:05 . 2009-07-09 13:05 -------- dc----w- c:\program files\Common Files\SWF Studio
2009-07-09 13:05 . 2009-07-11 14:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-09 11:37 . 2009-07-09 11:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{295B3E4F-40A3-42AD-8806-DDD2B21E3C04}
2009-07-09 11:37 . 2008-03-04 22:08 2786540 -c--a-w- c:\documents and settings\All Users\Application Data\{295B3E4F-40A3-42AD-8806-DDD2B21E3C04}\KE v5.5 Setup.exe
2009-07-09 11:36 . 2009-07-09 11:36 -------- dc----w- c:\program files\Windows Live Messenger Khalid Edition v5.5
2009-07-09 11:19 . 2009-07-09 11:19 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-08 22:51 . 2009-07-08 22:51 -------- dc----w- c:\documents and settings\ema\Local Settings\Application Data\AVG Security Toolbar
2009-07-08 22:41 . 2009-07-08 22:41 -------- dc----w- c:\documents and settings\ema\Local Settings\Application Data\Mozilla
2009-07-08 21:54 . 2009-07-11 16:35 -------- dc----w- c:\windows\system32\config\systemprofile\Tracing
2009-07-08 18:13 . 2009-07-08 18:13 -------- dcs---w- c:\windows\system32\config\systemprofile\UserData
2009-07-08 18:05 . 2009-07-08 18:05 -------- dc----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-07-08 17:25 . 2009-07-08 17:50 2470 ----a-w- C:\furvsh.exe
2009-07-08 17:24 . 2009-07-11 16:51 0 -c--a-w- c:\windows\system32\drivers\d4982d70.sys
2009-07-08 17:24 . 2009-07-08 17:34 2470 ----a-w- C:\kqdopu.exe
2009-07-07 22:41 . 2009-07-08 18:06 -------- dc----w- c:\program files\InstallShield Installation Information
2009-07-07 22:33 . 2009-04-27 20:53 77312 -c--a-w- c:\windows\tbicd2hd.exe
2009-07-07 22:33 . 2008-10-04 14:49 18712 -c--a-w- c:\windows\system32\drivers\phylock.sys
2009-06-28 16:21 . 2009-06-28 16:21 -------- dcsh--w- c:\windows\ftpcache
2009-06-16 08:45 . 2009-06-16 08:45 -------- dc----w- c:\program files\Common Files\Vivendi Universal Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 16:47 . 2004-08-03 21:14 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-07-11 12:08 . 2009-04-20 23:04 -------- dc----w- c:\documents and settings\ema\Application Data\Skype
2009-07-10 10:00 . 2009-04-20 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-08 09:07 . 2009-04-20 23:00 335752 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-07 22:41 . 2009-04-22 15:04 -------- dc----w- c:\program files\Common Files\InstallShield
2009-07-02 20:34 . 2009-04-21 16:05 -------- dc----w- c:\program files\Lexmark 2500 Series
2009-06-30 09:52 . 2009-04-20 23:00 11952 -c--a-w- c:\windows\system32\avgrsstx.dll
2009-06-30 09:52 . 2009-04-20 23:00 27784 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-08 23:09 . 2009-04-21 16:14 -------- dc----w- c:\program files\Lx_cats
2009-05-26 08:49 . 2009-05-26 08:49 -------- dc----w- c:\program files\ReflexiveArcade
2009-05-19 13:45 . 2009-04-23 23:21 -------- dc----w- c:\program files\Common Files\Adobe
2009-05-14 10:39 . 2009-05-14 10:39 -------- dc----w- c:\program files\Microsoft Works
2009-05-14 10:37 . 2009-05-14 10:37 -------- dc----w- c:\program files\Microsoft.NET
2009-05-04 21:46 . 2009-04-20 23:00 108552 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-22 15:32 . 2009-04-22 15:32 4096 -c--a-w- c:\windows\d3dx.dat
2009-04-21 17:27 . 2009-04-20 16:22 86327 -c--a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 00:14 . 2009-04-21 00:15 410984 -c--a-w- c:\windows\system32\deploytk.dll
2009-04-20 23:41 . 2009-04-20 23:41 0 -c--a-w- c:\windows\nsreg.dat
2009-04-20 16:20 . 2009-04-20 16:20 21640 -c--a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-20 39408]
"Google Update"="c:\documents and settings\ema\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-01 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-30 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-21 148888]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-25 198160]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\documents and settings\ema\Start Menu\Programs\Startup\
ap [2009-7-8 165376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-30 09:52 11952 -c--a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"e:\\Program Files\\MagicWhiteboard\\MagicWhiteboard.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\igre novo download\\video\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1412:TCP"= 1412:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"2504:TCP"= 2504:TCP:Akamai NetSession Interface
"1561:TCP"= 1561:TCP:Akamai NetSession Interface
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
"2592:TCP"= 2592:TCP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 phylock;phylock;c:\windows\system32\drivers\phylock.sys [8.7.2009 0:33 18712]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21.4.2009 1:00 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21.4.2009 1:00 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [21.4.2009 1:00 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21.4.2009 1:00 298776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21.4.2009 1:55 55152]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [21.4.2009 18:12 99248]
R3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [21.4.2009 2:03 227200]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 18:08 533360]
.
Contents of the 'Scheduled Tasks' folder

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 17:45]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 17:45]

2009-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-436374069-1343024091-1003Core.job
- c:\documents and settings\ema\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-04 18:06]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-436374069-1343024091-1003UA.job
- c:\documents and settings\ema\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-04 18:06]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RegistryMechanic - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZRxdm480YYRS&ptb=fPXZmH9CIVNs4xG78ErQKQ
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm480YYRS
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\ema\Application Data\Mozilla\Firefox\Profiles\xl6a8skb.default\
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: e:\igre novo download\video\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: e:\igre novo download\video\Netscape6\nppl3260.dll
FF - plugin: e:\igre novo download\video\Netscape6\nprjplug.dll
FF - plugin: e:\igre novo download\video\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-11 18:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\84a9b76ccd4bbe0858c404942a060a84.sys 39936 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\84a9b76ccd4bbe0858c404942a060a84]
"ImagePath"="system32\84a9b76ccd4bbe0858c404942a060a84.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d4982d70]
"ImagePath"="\SystemRoot\System32\drivers\d4982d70.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3752)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-07-11 18:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-11 16:53

Pre-Run: 1.794.277.376 bytes free
Post-Run: 1.871.732.736 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

239




evo uradila sam sve onako kako ste rekli i evo rezultata sta sad da radim????
hvala puno!!!jeca

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:


File::
C:\furvsh.exe
C:\kqdopu.exe
c:\windows\system32\84a9b76ccd4bbe0858c404942a060a84.sys

FileLook::
c:\documents and settings\ema\Start Menu\Programs\Startup\ap

DDS::
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZRxdm480YYRS&ptb=fPXZmH9CIVNs4xG78ErQKQ
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm480YYRS


Driver::
84a9b76ccd4bbe0858c404942a060a84



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-07-09.08 - ema 12.07.2009 0:24.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.88 [GMT 2:00]
Running from: c:\documents and settings\ema\Desktop\jeckicica\ComboFix.exe
Command switches used :: c:\documents and settings\ema\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"C:\furvsh.exe"
"C:\kqdopu.exe"
"c:\windows\system32\84a9b76ccd4bbe0858c404942a060a84.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\furvsh.exe
C:\kqdopu.exe
c:\windows\system32\drivers\d4982d70.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_d4982d70


((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-11 22:27 . 2009-07-11 22:27 39936 -c--a-w- c:\windows\system32\_84a9b76ccd4bbe0858c404942a060a84.sys_.vir
2009-07-09 21:58 . 2009-07-09 22:00 -------- dc----w- c:\documents and settings\ema\Local Settings\Application Data\Adobe
2009-07-09 19:53 . 2009-07-09 19:53 -------- dc----w- c:\documents and settings\ema\Contacts
2009-07-09 13:30 . 2009-07-09 13:30 -------- dc----w- c:\documents and settings\ema\Local Settings\Application Data\Barbie Horse Adventures - Riding Camp
2009-07-09 13:05 . 2009-07-09 13:05 -------- dc----w- c:\program files\Common Files\SWF Studio
2009-07-09 13:05 . 2009-07-11 14:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-09 11:37 . 2009-07-09 11:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{295B3E4F-40A3-42AD-8806-DDD2B21E3C04}
2009-07-09 11:37 . 2008-03-04 22:08 2786540 -c--a-w- c:\documents and settings\All Users\Application Data\{295B3E4F-40A3-42AD-8806-DDD2B21E3C04}\KE v5.5 Setup.exe
2009-07-09 11:36 . 2009-07-09 11:36 -------- dc----w- c:\program files\Windows Live Messenger Khalid Edition v5.5
2009-07-09 11:19 . 2009-07-09 11:19 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-08 22:51 . 2009-07-08 22:51 -------- dc----w- c:\documents and settings\ema\Local Settings\Application Data\AVG Security Toolbar
2009-07-08 22:41 . 2009-07-08 22:41 -------- dc----w- c:\documents and settings\ema\Local Settings\Application Data\Mozilla
2009-07-08 21:54 . 2009-07-11 16:35 -------- dc----w- c:\windows\system32\config\systemprofile\Tracing
2009-07-08 18:13 . 2009-07-08 18:13 -------- dcs---w- c:\windows\system32\config\systemprofile\UserData
2009-07-08 18:05 . 2009-07-08 18:05 -------- dc----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-07-08 17:32 . 2009-07-11 22:24 39936 -c--a-w- c:\windows\system32\84a9b76ccd4bbe0858c404942a060a84.sys
2009-07-07 22:41 . 2009-07-08 18:06 -------- dc----w- c:\program files\InstallShield Installation Information
2009-07-07 22:33 . 2009-04-27 20:53 77312 -c--a-w- c:\windows\tbicd2hd.exe
2009-07-07 22:33 . 2008-10-04 14:49 18712 -c--a-w- c:\windows\system32\drivers\phylock.sys
2009-06-28 16:21 . 2009-06-28 16:21 -------- dcsh--w- c:\windows\ftpcache
2009-06-16 08:45 . 2009-06-16 08:45 -------- dc----w- c:\program files\Common Files\Vivendi Universal Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 22:19 . 2009-04-20 23:04 -------- dc----w- c:\documents and settings\ema\Application Data\Skype
2009-07-11 16:47 . 2004-08-03 21:14 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-07-10 10:00 . 2009-04-20 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-08 09:07 . 2009-04-20 23:00 335752 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-07 22:41 . 2009-04-22 15:04 -------- dc----w- c:\program files\Common Files\InstallShield
2009-07-02 20:34 . 2009-04-21 16:05 -------- dc----w- c:\program files\Lexmark 2500 Series
2009-06-30 09:52 . 2009-04-20 23:00 11952 -c--a-w- c:\windows\system32\avgrsstx.dll
2009-06-30 09:52 . 2009-04-20 23:00 27784 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-08 23:09 . 2009-04-21 16:14 -------- dc----w- c:\program files\Lx_cats
2009-05-26 08:49 . 2009-05-26 08:49 -------- dc----w- c:\program files\ReflexiveArcade
2009-05-19 13:45 . 2009-04-23 23:21 -------- dc----w- c:\program files\Common Files\Adobe
2009-05-14 10:39 . 2009-05-14 10:39 -------- dc----w- c:\program files\Microsoft Works
2009-05-14 10:37 . 2009-05-14 10:37 -------- dc----w- c:\program files\Microsoft.NET
2009-05-04 21:46 . 2009-04-20 23:00 108552 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-22 15:32 . 2009-04-22 15:32 4096 -c--a-w- c:\windows\d3dx.dat
2009-04-21 17:27 . 2009-04-20 16:22 86327 -c--a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 00:14 . 2009-04-21 00:15 410984 -c--a-w- c:\windows\system32\deploytk.dll
2009-04-20 23:41 . 2009-04-20 23:41 0 -c--a-w- c:\windows\nsreg.dat
2009-04-20 16:20 . 2009-04-20 16:20 21640 -c--a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-07-11_16.51.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:30 . 2009-07-11 22:30 16384 c:\windows\Temp\Perflib_Perfdata_748.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-20 39408]
"Google Update"="c:\documents and settings\ema\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-01 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-30 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-21 148888]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-25 198160]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-30 09:52 11952 -c--a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\c:^documents and settings^ema^start menu^programs^startup^ap]
path=c:\documents and settings\ema\Start Menu\Programs\Startup\ap
backup=c:\windows\pss\apStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"e:\\Program Files\\MagicWhiteboard\\MagicWhiteboard.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\igre novo download\\video\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1412:TCP"= 1412:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"2504:TCP"= 2504:TCP:Akamai NetSession Interface
"1561:TCP"= 1561:TCP:Akamai NetSession Interface
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
"2592:TCP"= 2592:TCP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 phylock;phylock;c:\windows\system32\drivers\phylock.sys [8.7.2009 0:33 18712]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21.4.2009 1:00 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21.4.2009 1:00 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [21.4.2009 1:00 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21.4.2009 1:00 298776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21.4.2009 1:55 55152]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [21.4.2009 18:12 99248]
R3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [21.4.2009 2:03 227200]
S0 84a9b76ccd4bbe0858c404942a060a84;84a9b76ccd4bbe0858c404942a060a84;c:\windows\system32\84a9b76ccd4bbe0858c404942a060a84.sys [8.7.2009 19:32 39936]
S2 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live Messenger Khalid Edition v5.5\usnsvc.exe [18.10.2007 10:31 98328]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 18:08 533360]
.
Contents of the 'Scheduled Tasks' folder

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 17:45]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 17:45]

2009-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-436374069-1343024091-1003Core.job
- c:\documents and settings\ema\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-04 18:06]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-436374069-1343024091-1003UA.job
- c:\documents and settings\ema\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-04 18:06]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\ema\Application Data\Mozilla\Firefox\Profiles\xl6a8skb.default\
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: e:\igre novo download\video\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: e:\igre novo download\video\Netscape6\nppl3260.dll
FF - plugin: e:\igre novo download\video\Netscape6\nprjplug.dll
FF - plugin: e:\igre novo download\video\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-12 00:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3864)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2009-07-11 0:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-11 22:34
ComboFix2.txt 2009-07-11 16:53

Pre-Run: 1.868.472.320 bytes free
Post-Run: 1.854.926.848 bytes free
207




U toku ovog procesa AVG mi je izbacio sledece

"Virus identified Win32/Rustock.M";"C:\Qoobox\Test\_d4982d70_";"Infected";"12.7.2009, 0:27:32";"file";"C:\ComboFix\grep.cfexe"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Antivirus mora biti isključen u toku postupka.



Otvoriti Notepad i iskopirati sledeci tekst:


File::
c:\windows\system32\_84a9b76ccd4bbe0858c404942a060a84.sys_.vir
c:\windows\system32\84a9b76ccd4bbe0858c404942a060a84.sys

Driver::
84a9b76ccd4bbe0858c404942a060a84

FileLook::
c:\windows\pss\apStartup



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.