Komp ne funkcionise kako valja!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nije moj komp vec burazerov i ja ne znam da popravim ovo cudo! Ja sam instalirao jos davno SpyBot antispyware ali nisam AV!
Sada kad startujem komp, ponasa se kao da ima dva instalirana AV ali nema. Mora da je naleteo na neki virus!

Sta mi predlazete jer jedino iz safemoda mogu da udjem u komp!?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav.


Za početak isprati sledeće...


Skini program RSIT na Desktop:

[Link mogu videti samo ulogovani korisnici]


Pokreni ga dvoklikom a zatim klikni Continue.


Na kraju procesa će se otvoriti dva loga: prvi, log.txt će biti maksimizovan i njega je potrebno iskopirati u temu na forumu, te drugi, info.txt koji će biti minimizovan (koji nam za sada ne treba).


Postavi sadržaj file-a log.txt u iduću poruku (taj file će biti sačuvan kao C:\rsit\log.txt).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pisem sa burazerovog kompa, jedva je dosao k sebi.


Logfile of random's system information tool 1.07 (written by random/random)
Run by goga at 2010-06-01 18:11:03
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 145 GB (76%) free of 191 GB
Total RAM: 511 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:11:37, on 2010-06-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Winamp\winampa.exe
C:\Program\Delade filer\Ulead Systems\AutoDetector\monitor.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\uTorrent\uTorrent.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\goga\Skrivbord\RSIT.exe
C:\Program\trend micro\goga.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ACDDF090-7937-42AA-9F7C-1A50E14E452D} - c:\windows\system32\nlouqyd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program\Delade filer\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [SpybotDeletingA9060] command.com /c del "C:\Program\AntiMalware\antimalware.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3203] cmd.exe /c del "C:\Program\AntiMalware\antimalware.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2025429265-823518204-1801674531-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administratör')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportera till Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\Program\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici]
O21 - SSODL: GootkitSSO - {B8F823FC-E610-4FCC-8FAB-69FA4007ECBD} - C:\WINDOWS\System32\msxsltsso.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7839 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-04 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live inloggningshjälpen - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ACDDF090-7937-42AA-9F7C-1A50E14E452D}]
c:\windows\system32\nlouqyd.dll [2004-08-04 114176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program\Java\jre6\bin\jp2ssv.dll [2009-09-05 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-05 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program\Java\jre6\bin\jusched.exe [2009-09-05 148888]
"ATIPTA"=C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-30 344064]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-07-22 81920]
"TkBellExe"=C:\Program\Delade filer\Real\Update_OB\realsched.exe [2009-03-04 198160]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"WinampAgent"=C:\Program\Winamp\winampa.exe [2009-02-25 37888]
"Ulead AutoDetector v2"=C:\Program\Delade filer\Ulead Systems\AutoDetector\monitor.exe [2004-11-26 90112]
"HP Software Update"=C:\Program\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"QuickTime Task"=C:\Program\QuickTime\qttask.exe [2009-11-11 417792]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA9060"=command.com /c del C:\Program\AntiMalware\antimalware.exe []
"SpybotDeletingC3203"=cmd.exe /c del C:\Program\AntiMalware\antimalware.exe []
"Spybot - Search & Destroy"=C:\Program\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"uTorrent"=C:\Program\uTorrent\uTorrent.exe [2010-02-15 319280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-31 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
GootkitSSO - {B8F823FC-E610-4FCC-8FAB-69FA4007ECBD} - C:\WINDOWS\System32\msxsltsso.dll [2010-05-31 42496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Program\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\Program\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program\Messenger\msmsgs.exe"="C:\Program\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program\Windows Live\Messenger\msnmsgr.exe"="C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Program\uTorrent\uTorrent.exe"="C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program\Windows Live\Messenger\msnmsgr.exe"="C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb321be8-e4de-11de-a0bc-001485bcbed2}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb321bea-e4de-11de-a0bc-001485bcbed2}]
shell\AutoRun\command - E:\AutoRun.exe


======List of files/folders created in the last 1 months======

2010-06-01 18:11:10 ----D---- C:\Program\trend micro
2010-06-01 18:11:03 ----D---- C:\rsit
2010-05-28 20:41:38 ----A---- C:\WINDOWS\system32\msxsltsso.dll
2010-05-28 20:37:13 ----D---- C:\Program\AntiMalware
2010-05-26 12:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-12 15:49:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$

======List of files/folders modified in the last 1 months======

2010-06-01 18:11:10 ----RD---- C:\Program
2010-06-01 18:10:54 ----D---- C:\WINDOWS\Temp
2010-06-01 18:08:49 ----D---- C:\Documents and Settings\goga\Application Data\uTorrent
2010-06-01 18:05:07 ----D---- C:\Program\Mozilla Firefox
2010-06-01 18:00:59 ----SHD---- C:\System Volume Information
2010-06-01 17:59:41 ----D---- C:\WINDOWS\system32\Restore
2010-05-31 10:19:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-31 09:06:34 ----D---- C:\WINDOWS
2010-05-31 08:02:15 ----D---- C:\WINDOWS\system32\drivers
2010-05-31 08:02:15 ----D---- C:\WINDOWS\system32
2010-05-31 07:07:54 ----HD---- C:\WINDOWS\inf
2010-05-31 07:07:51 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-31 07:07:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-31 07:00:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-30 12:43:48 ----D---- C:\Program\Spyware Terminator
2010-05-28 20:45:34 ----D---- C:\WINDOWS\Prefetch
2010-05-28 20:39:48 ----D---- C:\WINDOWS\system32\config
2010-05-28 20:38:50 ----D---- C:\WINDOWS\system32\wbem
2010-05-28 20:38:47 ----D---- C:\WINDOWS\Registration
2010-05-28 20:37:19 ----SHD---- C:\RECYCLER
2010-05-28 19:24:31 ----A---- C:\WINDOWS\win.ini
2010-05-28 19:24:31 ----A---- C:\WINDOWS\system.ini
2010-05-27 19:05:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-26 12:06:13 ----A---- C:\WINDOWS\imsins.BAK
2010-05-24 19:03:33 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-12 15:49:46 ----SHD---- C:\WINDOWS\Installer
2010-05-12 15:49:43 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-05-12 15:49:18 ----D---- C:\Program\Outlook Express
2010-05-12 09:54:01 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel-processordrivrutin; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-07-26 3644032]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-31 1333760]
R3 hidusb;Microsoft HID-klassdrivrutin; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;HID-drivrutin för mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB-skrivarklass; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-04-17 101376]
S3 s916bus;Sony Ericsson Device 916 driver (WDM); C:\WINDOWS\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-31 376832]
R2 gubtyyqf;Remote Access Auto Connection Support; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program\Java\jre6\bin\jqs.exe [2009-09-05 152984]
R2 MDM;Machine Debug Manager; C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SeaPort;SeaPort; C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-30 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 01 Jun 2010 19:15

kod mene ne postiji nista kako da deaktiviram program!
Citao sam upustvo za Comodo FW/IS ali se ne slaze! Na kompu kada klinkem desni klik kod mene ima opcije za open, ... copy i ono sa WinRaR!

Pokrenuo sam program ali sada samo pise AutoScan i prozor za plavom pozadinom..
Mozda nisam to trebao da pokrenem?

Dopuna: 01 Jun 2010 19:17

Zaustavio se i pise

''comboFix je detektovao rootkit i da mora da restartuje komp''

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da li je završio sa radom sam ili si ti nešto dirao?


Trebalo je da ti se prikaže izveštaj u Notepad-u.

Ako nije prikazao izveštaj idi na C: particiju i pronađi ComboFix.txt koji ćeš iskopirati ovde u poruci.

C:\ComboFix.txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 01 Jun 2010 19:35

Ne sam je zavrsio ali je imalo samo opcija ''OK'' tj. da se komp restartuje i evo, restartovao se i opet skenira...
Pise: Zavrsena faza 1,2,3 pod brojevima ali nadole!

Dopuna: 01 Jun 2010 19:48

ComboFix 10-06-01.01 - goga 2010-06-01 19:28:33.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.511.259 [GMT 2:00]
Körs från: c:\documents and settings\goga\Skrivbord\ComboFix.exe

VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !!
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\sysReserve.ini
c:\program\AntiMalware
c:\program\AntiMalware\amext.dll
c:\program\AntiMalware\help.ico
c:\windows\system32\abqexli.dll
c:\windows\system32\drivers\cxcabtkc.sys
c:\windows\system32\drivers\djfpsklc.sys
c:\windows\system32\msxsltsso.dll
c:\windows\system32\net.net
c:\windows\system32\nlouqyd.dll

Infekterad kopia av c:\windows\system32\drivers\ftdisk.sys hittades och desinficerades.
Återställd kopia från - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DJFPSKLC
-------\Legacy_GUBTYYQF
-------\Service_djfpsklc
-------\Service_gubtyyqf


(((((((((((((((((((((((( Filer Skapade från 2010-05-01 till 2010-06-01 ))))))))))))))))))))))))))))))
.

2010-06-01 16:11 . 2010-06-01 16:11 -------- d-----w- c:\program\trend micro
2010-06-01 16:11 . 2010-06-01 16:11 -------- d-----w- C:\rsit
2010-05-28 18:38 . 2010-05-28 18:38 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-27 17:05 . 2010-05-27 17:05 210816 -c--a-w- c:\windows\system32\dllcache\ndis.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-01 17:44 . 2010-06-01 17:44 42496 ----a-w- c:\windows\system32\msxsltsso.dll
2010-06-01 17:43 . 2010-02-14 16:51 -------- d-----w- c:\documents and settings\goga\Application Data\uTorrent
2010-06-01 17:26 . 2009-12-06 13:49 -------- d-----w- c:\program\Spybot - Search & Destroy
2010-06-01 17:00 . 2009-12-06 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-30 10:43 . 2009-12-09 16:38 -------- d-----w- c:\program\Spyware Terminator
2010-05-27 17:05 . 2004-08-04 12:00 210816 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-05-16 18:00 . 2010-03-19 13:35 439816 ----a-w- c:\documents and settings\goga\Application Data\Real\Update\setup3.10\setup.exe
2010-05-12 13:49 . 2009-03-04 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-28 08:43 . 2004-08-04 12:00 83974 ----a-w- c:\windows\system32\perfc01D.dat
2010-03-28 08:43 . 2004-08-04 12:00 445832 ----a-w- c:\windows\system32\perfh01D.dat
2010-03-11 16:52 . 2009-12-01 18:00 79488 ----a-w- c:\documents and settings\goga\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-11 12:37 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:37 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:37 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2006-10-11 08:04 . 2009-03-04 17:44 61036 ----a-w- c:\program\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2009-03-04 17:44 48742 ----a-w- c:\program\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2009-03-04 17:44 29313 ----a-w- c:\program\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2009-03-04 17:44 41082 ----a-w- c:\program\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2009-03-04 17:44 166510 ----a-w- c:\program\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

[-] 2010-05-27 17:05 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [------] . . c:\windows\system32\drivers\ndis.sys
[-] 2010-05-27 17:05 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [------] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 19:20 . !HASH: COULD NOT OPEN FILE !!!!! . 182656 . . [------] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2004-08-04 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 182912 . . [------] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program\uTorrent\uTorrent.exe" [2010-02-15 319280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-09-05 148888]
"ATIPTA"="c:\program\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 344064]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 81920]
"TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2009-03-04 198160]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program\Winamp\winampa.exe" [2009-02-25 37888]
"Ulead AutoDetector v2"="c:\program\Delade filer\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"GootkitSSO"= {9449C3A2-8FE8-4A9E-8685-F2F856D20A91} - c:\windows\System32\msxsltsso.dll [2010-06-01 42496]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program\\Messenger\\msmsgs.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"48202:TCP"= 48202:TCP:@xpsp2res.dll,-22009
"58701:TCP"= 58701:TCP:@xpsp2res.dll,-22009

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2009-05-13 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2009-05-13 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2009-05-13 109992]

--- Övriga tjänster/drivrutiner i minnet ---

*NewlyCreated* - DJFPSKLC
*Deregistered* - djfpsklc
.
Innehållet i mappen 'Schemalagda aktiviteter':

2010-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Extra genomsökning -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\goga\Application Data\Mozilla\Firefox\Profiles\ik3cbe6x.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\program\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program\Mozilla Firefox\extensions\{6dabbda0-1da5-4a2f-bc89-2ae084c572fa}\components\FFAlert.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

ShellIconOverlayIdentifiers-{ACDDF090-7937-42AA-9F7C-1A50E14E452D} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2010-06-01 19:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\msxsltsso.dll 42496 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [Link mogu videti samo ulogovani korisnici]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8236B0E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf86b8f28
\Driver\ACPI -> ACPI.sys @ 0xf853bcb8
\Driver\atapi -> atapi.sys @ 0xf84f3852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: SiS 900-Based PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0x82317b0a
PacketIndicateHandler -> NDIS.sys @ 0x82322a21
SendHandler -> NDIS.sys @ 0x82317949
user & kernel MBR OK
malicious code @ sector 0x1749ddc1 size 0x1a8 !

**************************************************************************
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6076)
c:\windows\System32\msxsltsso.dll
c:\program\DELADE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program\Java\jre6\bin\jqs.exe
c:\program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\windows\SOUNDMAN.EXE
c:\program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\program\Internet Explorer\IEXPLORE.EXE
c:\program\Windows Live\Toolbar\wltuser.exe
.
**************************************************************************
.
Sluttid: 2010-06-01 19:47:31 - datorn startades om.
ComboFix-quarantined-files.txt 2010-06-01 17:47

Före genomsökningen: 152 001 245 184 byte ledigt
Efter genomsökningen: 152 115 806 208 byte ledigt

- - End Of File - - 9FF7EF57256595615AC84BF784787B8E

Dopuna: 01 Jun 2010 19:50

Ovo je na svedskom, sto ti nije jasno pitaj oko prevoda!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Potrebno je instalirati Recovery console.


Idi na [Link mogu videti samo ulogovani korisnici]

Klikni na Download;

File koji si preuzeo prevuci na ikonicu ComboFix-a;







Izveštaj/log koji dobiješ iskopiraj ovde u poruci.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 10-06-02.04 - goga 2010-06-03 17:36:48.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.511.297 [GMT 2:00]
Körs från: c:\documents and settings\goga\Skrivbord\ComboFix.exe
Använda kommandoväxlar :: c:\documents and settings\goga\Skrivbord\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msxsltsso.dll

Infekterad kopia av c:\windows\system32\drivers\ndis.sys hittades och desinficerades.
Återställd kopia från - c:\windows\ServicePackFiles\i386\ndis.sys
.
(((((((((((((((((((((((( Filer Skapade från 2010-05-03 till 2010-06-03 ))))))))))))))))))))))))))))))
.

2010-06-02 10:34 . 2010-06-03 15:26 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2010-06-02 06:35 . 2010-06-02 06:35 503808 ----a-w- c:\documents and settings\goga\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-259cfb04-n\msvcp71.dll
2010-06-02 06:35 . 2010-06-02 06:35 499712 ----a-w- c:\documents and settings\goga\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-259cfb04-n\jmc.dll
2010-06-02 06:35 . 2010-06-02 06:35 348160 ----a-w- c:\documents and settings\goga\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-259cfb04-n\msvcr71.dll
2010-06-01 16:11 . 2010-06-01 16:11 -------- d-----w- c:\program\trend micro
2010-06-01 16:11 . 2010-06-01 16:11 -------- d-----w- C:\rsit
2010-05-28 18:38 . 2010-05-28 18:38 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-03 15:45 . 2010-02-14 16:51 -------- d-----w- c:\documents and settings\goga\Application Data\uTorrent
2010-06-01 17:26 . 2009-12-06 13:49 -------- d-----w- c:\program\Spybot - Search & Destroy
2010-06-01 17:00 . 2009-12-06 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-30 10:43 . 2009-12-09 16:38 -------- d-----w- c:\program\Spyware Terminator
2010-05-16 18:00 . 2010-03-19 13:35 439816 ----a-w- c:\documents and settings\goga\Application Data\Real\Update\setup3.10\setup.exe
2010-05-12 13:49 . 2009-03-04 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-28 08:43 . 2004-08-04 12:00 83974 ----a-w- c:\windows\system32\perfc01D.dat
2010-03-28 08:43 . 2004-08-04 12:00 445832 ----a-w- c:\windows\system32\perfh01D.dat
2010-03-11 16:52 . 2009-12-01 18:00 79488 ----a-w- c:\documents and settings\goga\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-11 12:37 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:37 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:37 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2006-10-11 08:04 . 2009-03-04 17:44 61036 ----a-w- c:\program\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2009-03-04 17:44 48742 ----a-w- c:\program\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2009-03-04 17:44 29313 ----a-w- c:\program\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2009-03-04 17:44 41082 ----a-w- c:\program\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2009-03-04 17:44 166510 ----a-w- c:\program\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-03 15:45 . 2010-06-03 15:45 16384 c:\windows\Temp\Perflib_Perfdata_158.dat
+ 2010-06-02 09:11 . 2010-06-02 13:08 32768 c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\MSHist012010060220100603\index.dat
+ 2009-03-03 21:15 . 2010-06-03 15:26 65536 c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat
+ 2009-03-03 21:15 . 2010-06-03 15:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-03 21:15 . 2010-06-01 17:44 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-04 12:00 . 2008-04-13 19:20 182656 c:\windows\system32\drivers\ndis.sys
+ 2004-08-04 12:00 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\ndis.sys
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program\uTorrent\uTorrent.exe" [2010-02-15 319280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-09-05 148888]
"ATIPTA"="c:\program\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 344064]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 81920]
"TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2009-03-04 198160]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program\Winamp\winampa.exe" [2009-02-25 37888]
"Ulead AutoDetector v2"="c:\program\Delade filer\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program\\Messenger\\msmsgs.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"48202:TCP"= 48202:TCP:@xpsp2res.dll,-22009
"58701:TCP"= 58701:TCP:@xpsp2res.dll,-22009

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2009-05-13 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2009-05-13 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2009-05-13 109992]
.
Innehållet i mappen 'Schemalagda aktiviteter':

2010-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Extra genomsökning -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\goga\Application Data\Mozilla\Firefox\Profiles\ik3cbe6x.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\program\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program\Mozilla Firefox\extensions\{6dabbda0-1da5-4a2f-bc89-2ae084c572fa}\components\FFAlert.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

SSODL-GootkitSSO-{FF894987-3BD2-46B4-9341-339C3720939F} - c:\windows\System32\msxsltsso.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2010-06-03 17:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program\Java\jre6\bin\jqs.exe
c:\program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Sluttid: 2010-06-03 17:49:37 - datorn startades om.
ComboFix-quarantined-files.txt 2010-06-03 15:49
ComboFix2.txt 2010-06-01 17:47

Före genomsökningen: 158 450 720 768 byte ledigt
Efter genomsökningen: 158 465 826 816 byte ledigt

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F21F7BD904649DD2AE62A6DBFE4226B5

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje?