Pomoc, trojan virus

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

moze li mi ko pomoci da izbrisem trojan virus iz kompjutera. imam AVG anti virus i nece da ga izbrise

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...

Nikada nemoj da pišeš u tuđoj temi, to je protiv pravilnika ovog foruma.

Postavi HijackThis log po ovom uputstvu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38, on 2008-11-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\SINIŠA\Desktop\123\TR3.exe..exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: OTS Software Toolbar - {e41b29e5-88b5-40b1-903e-080e0f2c4b65} - C:\Program Files\OTS_Software\tbOTS_.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {B6144256-6B52-4936-BECE-6AEA5BEDCDED} - C:\WINDOWS\system32\bitsprx.dll
O2 - BHO: OTS Software Toolbar - {e41b29e5-88b5-40b1-903e-080e0f2c4b65} - C:\Program Files\OTS_Software\tbOTS_.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: OTS Software Toolbar - {e41b29e5-88b5-40b1-903e-080e0f2c4b65} - C:\Program Files\OTS_Software\tbOTS_.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5C.....1310534671
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7326 bytes

Dopuna: 16 Nov 2008 11:56

trojan virus ni je napao komp, i nisam mogao da ga izbrisem. pokusao sam nesto sto je bilo na forumu i sad ga ne detektuje ali kad ukljucim AVG da trazi on mi odma izbaci plavi file

shell32.ll
i
hosts

sta to znaci i moze li se izbrisati?
unapred hvala.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

* Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana.
* Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

kad bih mogao ocekivati odgovor?

Dopuna: 16 Nov 2008 13:34

ComboFix 08-11-14.01 - SINIŠA 2008-11-16 13:21:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.173 [GMT 1:00]
Running from: c:\documents and settings\SINIŠA\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bitsprx.dll . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-16 00:50 . 2008-11-16 00:50 <DIR> dr-h----- c:\documents and settings\SINIŠA\Recent
2008-11-16 00:50 . 2008-11-16 00:50 <DIR> dr-h----- c:\documents and settings\SINIŠA\Recent
2008-11-15 23:14 . 2008-11-15 23:15 250 --a------ c:\windows\gmer.ini
2008-11-14 19:16 . 2006-12-20 10:00 2,511,360 --a------ c:\windows\system32\haspds_windows.dll
2008-11-14 19:16 . 2002-07-26 17:02 153,088 --a------ c:\windows\system32\UNWISE.EXE
2008-11-13 18:54 . 2008-11-13 19:19 <DIR> d-------- c:\program files\CamStudio
2008-11-12 22:46 . 2008-11-12 22:49 <DIR> d-------- c:\program files\AutoCAD 2009
2008-11-12 22:42 . 2008-11-12 22:42 <DIR> d-------- c:\program files\MSBuild
2008-11-12 22:38 . 2008-11-12 22:38 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-12 22:36 . 2008-11-12 22:36 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-12 22:36 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-11-12 22:36 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-11-12 22:28 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-12 22:28 . 2004-08-04 00:56 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-11-12 22:28 . 2004-08-03 22:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-11-12 22:28 . 2004-08-03 22:58 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-11-10 13:10 . 2008-11-10 13:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\CanonIJPLM
2008-11-10 12:59 . 2008-11-10 12:59 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2008-11-10 12:59 . 2008-11-10 12:59 <DIR> d--h----- c:\program files\CanonBJ
2008-11-10 12:59 . 2008-11-10 12:59 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2008-11-10 12:59 . 2007-03-23 08:30 1,400,832 --a------ c:\windows\system32\CNC210C.DLL
2008-11-10 12:59 . 2007-03-19 02:16 200,704 --a------ c:\windows\system32\CNC210L.DLL
2008-11-10 12:59 . 2007-03-15 06:12 188,416 --a------ c:\windows\system32\CNC210O.DLL
2008-11-10 12:59 . 2007-03-23 08:29 98,304 --a------ c:\windows\system32\CNC210I.DLL
2008-10-29 23:11 . 2008-10-29 23:11 <DIR> d-------- c:\program files\A9Tech
2008-10-26 19:52 . 1998-10-21 18:43 328,704 --a------ c:\windows\IsUn0407.exe
2008-10-25 18:04 . 2008-10-25 18:04 <DIR> d-------- c:\documents and settings\SINIŠA\WINDOWS
2008-10-25 18:04 . 2008-10-25 18:04 <DIR> d-------- c:\documents and settings\SINIŠA\WINDOWS
2008-10-25 14:02 . 2008-11-01 18:10 43 --a------ c:\windows\settings.ini
2008-10-24 20:13 . 2008-11-12 18:57 104,704 --a------ c:\windows\system32\bitsprx.dll
2008-10-24 19:59 . 2008-10-24 19:59 <DIR> d-------- c:\windows\Scan2CAD v7
2008-10-24 19:55 . 1995-05-21 23:00 640,512 --a------ c:\windows\system32\oc30.dll
2008-10-24 19:55 . 1995-01-13 13:10 149,504 --a------ c:\windows\system32\MFCAns32.dll
2008-10-24 19:55 . 1995-12-06 08:54 83,968 --a------ c:\windows\system32\VSpell32.ocx
2008-10-24 19:55 . 1995-10-11 11:07 67,584 --a------ c:\windows\system32\VSpell32.dll
2008-10-24 19:55 . 1996-07-29 09:58 27,648 --a------ c:\windows\system32\rs32pp_.exe
2008-10-24 19:55 . 1995-10-11 11:07 380 --a------ c:\windows\system32\VS.lic
2008-10-23 13:45 . 2008-10-23 13:47 <DIR> d-------- c:\documents and settings\SINIŠA\Application Data\SmartDraw
2008-10-23 13:27 . 2008-10-23 13:49 <DIR> d-------- c:\program files\SmartDraw 2009
2008-10-23 11:50 . 2008-10-24 19:25 2,986 --a------ c:\windows\Easy32.INI
2008-10-23 11:49 . 2008-10-24 19:27 <DIR> d-------- c:\program files\EasyCut3
2008-10-22 20:38 . 2008-10-22 20:38 <DIR> d-------- c:\documents and settings\SINIŠA\Application Data\IGEMS Software
2008-10-22 18:57 . 2008-10-22 18:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\IGEMS Software
2008-10-22 18:55 . 2008-11-15 23:23 <DIR> d-------- c:\program files\IGEMS_R7
2008-10-22 14:34 . 2008-10-22 14:45 <DIR> d--hs---- c:\documents and settings\SINIŠA\Phone Browser
2008-10-22 14:34 . 2008-10-22 14:45 <DIR> d--hs---- c:\documents and settings\SINIŠA\Phone Browser
2008-10-22 14:32 . 2008-10-22 14:32 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-22 14:32 . 2008-10-22 14:32 1,409 --a------ c:\windows\QTFont.for
2008-10-22 14:29 . 2007-02-22 10:15 137,216 --a------ c:\windows\system32\drivers\nmwcd.sys
2008-10-22 14:29 . 2007-02-22 10:15 65,536 --a------ c:\windows\system32\nmwcdcocls.dll
2008-10-22 14:29 . 2007-02-22 10:15 12,288 --a------ c:\windows\system32\drivers\nmwcdcm.sys
2008-10-22 14:29 . 2007-02-22 10:15 12,288 --a------ c:\windows\system32\drivers\nmwcdcj.sys
2008-10-22 14:29 . 2007-02-22 10:15 8,320 --a------ c:\windows\system32\drivers\nmwcdc.sys
2008-10-19 13:01 . 2008-10-19 13:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy2
2008-10-19 12:56 . 2008-10-19 12:56 <DIR> d-------- c:\documents and settings\SINIŠA\Application Data\PlayFirst
2008-10-19 12:56 . 2008-10-19 12:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2008-10-19 12:55 . 2008-10-19 13:01 <DIR> d-------- c:\program files\Oberon Media
2008-10-19 12:55 . 2008-10-19 12:55 <DIR> d-------- c:\program files\Common Files\Oberon Media
2008-10-17 12:37 . 2004-08-23 16:51 109,472 --a------ c:\windows\system32\Sebran3_.ttf
2008-10-17 12:37 . 2003-11-12 22:38 31,732 --a------ c:\windows\system32\SEBRS___.TTF
2008-10-17 11:55 . 2008-10-17 14:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-10-17 11:40 . 2006-10-17 21:29 487,479 --a------ c:\windows\system32\SkinMagic.dll
2008-10-17 11:40 . 2007-02-16 06:10 60,273 --a------ c:\windows\system32\pthreadGC2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 12:23 9,961,472 ---ha-w c:\documents and settings\SINIŠA\NTUSER.DAT
2008-11-16 12:23 9,961,472 ---ha-w c:\documents and settings\SINIŠA\NTUSER.DAT
2008-11-16 10:51 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-11-15 22:20 3,764 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-11-15 21:35 --------- d-----w c:\program files\mIRC
2008-11-15 20:29 --------- d-----w c:\documents and settings\SINIŠA\Application Data\AVG7
2008-11-12 23:28 --------- d-----w c:\program files\Winamp
2008-11-12 23:17 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-11-12 23:17 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2008-11-12 21:46 --------- d-----w c:\documents and settings\SINIŠA\Application Data\Autodesk
2008-11-12 19:30 --------- d-----w c:\documents and settings\SINIŠA\Application Data\Skype
2008-11-11 18:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 16:59 --------- d-----w c:\documents and settings\SINIŠA\Application Data\Canon
2008-11-10 12:11 --------- d-----w c:\program files\Canon
2008-11-04 09:55 --------- d-----w c:\program files\Xilisoft
2008-10-25 14:32 --------- d-----w c:\program files\IncrediMail
2008-10-23 12:47 --------- d-----w c:\documents and settings\SINIŠA\Application Data\SmartDraw
2008-10-22 19:38 --------- d-----w c:\documents and settings\SINIŠA\Application Data\IGEMS Software
2008-10-19 20:07 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-19 11:56 --------- d-----w c:\documents and settings\SINIŠA\Application Data\PlayFirst
2008-10-13 19:55 --------- d-----w c:\documents and settings\SINIŠA\Application Data\Adobe
2008-10-13 17:09 --------- d-----w c:\program files\Conduit
2008-09-16 17:33 --------- d-----w c:\documents and settings\All Users\Application Data\IM
2008-09-16 17:32 --------- d-----w c:\documents and settings\All Users\Application Data\IncrediMail
2008-01-17 18:08 22,328 ----a-w c:\documents and settings\SINIŠA\Application Data\PnkBstrK.sys
2006-11-22 18:07 88 --sh--r c:\windows\system32\590D0E0B75.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-01-31 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6144256-6B52-4936-BECE-6AEA5BEDCDED}]
2008-11-12 18:57 104704 --a------ c:\windows\system32\bitsprx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-09-08 243072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-02-09 219136]

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\AxCmd.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ecszvpiw;ecszvpiw;c:\windows\system32\drivers\ecszvpiw.sys [2001-08-23 23424]
R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2008-04-20 13696]
R2 IJPLMSVC;PIXMA Extended Survey Program;c:\program files\Canon\IJPLM\IJPLMSVC.EXE [2008-11-10 101528]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\SINIA~1\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys []
S3 SmartKeyDriver;SmartKeyDriver;\??\c:\program files\MSI\SmartKey\Smemory.sys [2006-12-30 8676]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dab1839d-da45-11dc-aed1-0013d361acad}]
\Shell\AutoRun\command - F:\ev60a2.cmd
\Shell\explore\Command - F:\ev60a2.cmd
\Shell\open\Command - F:\ev60a2.cmd
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{e41b29e5-88b5-40b1-903e-080e0f2c4b65} - c:\program files\OTS_Software\tbOTS_.dll
BHO-{e41b29e5-88b5-40b1-903e-080e0f2c4b65} - c:\program files\OTS_Software\tbOTS_.dll
Toolbar-{e41b29e5-88b5-40b1-903e-080e0f2c4b65} - c:\program files\OTS_Software\tbOTS_.dll
WebBrowser-{E41B29E5-88B5-40B1-903E-080E0F2C4B65} - c:\program files\OTS_Software\tbOTS_.dll


.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 13:24:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

c:\program files\iolo\Common\Lib\ioloDMVSvc.exe [544] 0x821CDBE0

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\program files\iolo\Common\Lib\ioloHL.dll

PROCESS: c:\windows\system32\lsass.exe
-> c:\program files\iolo\Common\Lib\ioloHL.dll

PROCESS: c:\windows\explorer.exe
-> c:\program files\iolo\Common\Lib\ioloHL.dll

PROCESS: c:\windows\system32\csrss.exe
-> c:\program files\iolo\Common\Lib\ioloHL.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2008-11-16 13:31:16 - machine was rebooted [SINIŠA]
ComboFix-quarantined-files.txt 2008-11-16 12:31:05

Pre-Run: 22,162,628,608 bytes free
Post-Run: 22,153,203,712 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

227 --- E O F --- 2008-01-08 22:24:15

Dopuna: 16 Nov 2008 13:37

jeli to to?
jesam li dobro odradio? sta dalje?

Dopuna: 16 Nov 2008 13:52

ima li sta dajle?

Dopuna: 16 Nov 2008 14:20

ima li koga?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ima, nisi zaboravljen...

Da te ne bih davio nekim objašnjenjima (šta i kako funkcioniše kod nas), biću direktan ->
Odgovor ćeš dobiti najkasnije do večeras.

Strpi se malo...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

dobro. cekacu

Dopuna: 16 Nov 2008 15:12

ukljucen mi je kompjuter i sad mi je oped detektovao virus trojan. ocu li posle morati ponovo sve da radim.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokaži samo malo više strpljenja.
Dobićeš precizna uputstva...

Dopuna: 16 Nov 2008 16:21

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\drivers\ecszvpiw.sys

Driver::
ecszvpiw

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6144256-6B52-4936-BECE-6AEA5BEDCDED}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dab1839d-da45-11dc-aed1-0013d361acad}]

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-11-14.01 - SINIŠA 2008-11-16 18:01:16.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.181 [GMT 1:00]
Running from: c:\documents and settings\SINIŠA\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\SINIŠA\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\drivers\ecszvpiw.sys
.
The following files were disabled during the run:
c:\program files\iolo\Common\Lib\ioloHL.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bitsprx.dll
c:\windows\system32\drivers\ecszvpiw.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ECSZVPIW
-------\Service_ecszvpiw


((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-16 00:50 . 2008-11-16 17:59 <DIR> dr-h----- c:\documents and settings\SINIŠA\Recent
2008-11-16 00:50 . 2008-11-16 17:59 <DIR> dr-h----- c:\documents and settings\SINIŠA\Recent
2008-11-15 23:14 . 2008-11-15 23:15 250 --a------ c:\windows\gmer.ini
2008-11-14 19:16 . 2006-12-20 10:00 2,511,360 --a------ c:\windows\system32\haspds_windows.dll
2008-11-14 19:16 . 2002-07-26 17:02 153,088 --a------ c:\windows\system32\UNWISE.EXE
2008-11-13 18:54 . 2008-11-13 19:19 <DIR> d-------- c:\program files\CamStudio
2008-11-12 22:46 . 2008-11-12 22:49 <DIR> d-------- c:\program files\AutoCAD 2009
2008-11-12 22:42 . 2008-11-12 22:42 <DIR> d-------- c:\program files\MSBuild
2008-11-12 22:38 . 2008-11-12 22:38 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-12 22:36 . 2008-11-12 22:36 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-12 22:36 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-11-12 22:36 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-11-12 22:28 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-12 22:28 . 2004-08-04 00:56 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-11-12 22:28 . 2004-08-03 22:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-11-12 22:28 . 2004-08-03 22:58 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-11-10 13:10 . 2008-11-10 13:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\CanonIJPLM
2008-11-10 12:59 . 2008-11-10 12:59 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2008-11-10 12:59 . 2008-11-10 12:59 <DIR> d--h----- c:\program files\CanonBJ
2008-11-10 12:59 . 2008-11-10 12:59 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2008-11-10 12:59 . 2007-03-23 08:30 1,400,832 --a------ c:\windows\system32\CNC210C.DLL
2008-11-10 12:59 . 2007-03-19 02:16 200,704 --a------ c:\windows\system32\CNC210L.DLL
2008-11-10 12:59 . 2007-03-15 06:12 188,416 --a------ c:\windows\system32\CNC210O.DLL
2008-11-10 12:59 . 2007-03-23 08:29 98,304 --a------ c:\windows\system32\CNC210I.DLL
2008-10-29 23:11 . 2008-10-29 23:11 <DIR> d-------- c:\program files\A9Tech
2008-10-26 19:52 . 1998-10-21 18:43 328,704 --a------ c:\windows\IsUn0407.exe
2008-10-25 18:04 . 2008-10-25 18:04 <DIR> d-------- c:\documents and settings\SINIŠA\WINDOWS
2008-10-25 18:04 . 2008-10-25 18:04 <DIR> d-------- c:\documents and settings\SINIŠA\WINDOWS
2008-10-25 14:02 . 2008-11-01 18:10 43 --a------ c:\windows\settings.ini
2008-10-24 19:59 . 2008-10-24 19:59 <DIR> d-------- c:\windows\Scan2CAD v7
2008-10-24 19:55 . 1995-05-21 23:00 640,512 --a------ c:\windows\system32\oc30.dll
2008-10-24 19:55 . 1995-01-13 13:10 149,504 --a------ c:\windows\system32\MFCAns32.dll
2008-10-24 19:55 . 1995-12-06 08:54 83,968 --a------ c:\windows\system32\VSpell32.ocx
2008-10-24 19:55 . 1995-10-11 11:07 67,584 --a------ c:\windows\system32\VSpell32.dll
2008-10-24 19:55 . 1996-07-29 09:58 27,648 --a------ c:\windows\system32\rs32pp_.exe
2008-10-24 19:55 . 1995-10-11 11:07 380 --a------ c:\windows\system32\VS.lic
2008-10-23 13:45 . 2008-10-23 13:47 <DIR> d-------- c:\documents and settings\SINIŠA\Application Data\SmartDraw
2008-10-23 13:27 . 2008-10-23 13:49 <DIR> d-------- c:\program files\SmartDraw 2009
2008-10-23 11:50 . 2008-10-24 19:25 2,986 --a------ c:\windows\Easy32.INI
2008-10-23 11:49 . 2008-10-24 19:27 <DIR> d-------- c:\program files\EasyCut3
2008-10-22 20:38 . 2008-10-22 20:38 <DIR> d-------- c:\documents and settings\SINIŠA\Application Data\IGEMS Software
2008-10-22 18:57 . 2008-10-22 18:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\IGEMS Software
2008-10-22 18:55 . 2008-11-15 23:23 <DIR> d-------- c:\program files\IGEMS_R7
2008-10-22 14:34 . 2008-10-22 14:45 <DIR> d--hs---- c:\documents and settings\SINIŠA\Phone Browser
2008-10-22 14:34 . 2008-10-22 14:45 <DIR> d--hs---- c:\documents and settings\SINIŠA\Phone Browser
2008-10-22 14:32 . 2008-10-22 14:32 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-22 14:32 . 2008-10-22 14:32 1,409 --a------ c:\windows\QTFont.for
2008-10-22 14:29 . 2007-02-22 10:15 137,216 --a------ c:\windows\system32\drivers\nmwcd.sys
2008-10-22 14:29 . 2007-02-22 10:15 65,536 --a------ c:\windows\system32\nmwcdcocls.dll
2008-10-22 14:29 . 2007-02-22 10:15 12,288 --a------ c:\windows\system32\drivers\nmwcdcm.sys
2008-10-22 14:29 . 2007-02-22 10:15 12,288 --a------ c:\windows\system32\drivers\nmwcdcj.sys
2008-10-22 14:29 . 2007-02-22 10:15 8,320 --a------ c:\windows\system32\drivers\nmwcdc.sys
2008-10-19 13:01 . 2008-10-19 13:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy2
2008-10-19 12:56 . 2008-10-19 12:56 <DIR> d-------- c:\documents and settings\SINIŠA\Application Data\PlayFirst
2008-10-19 12:56 . 2008-10-19 12:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2008-10-19 12:55 . 2008-10-19 13:01 <DIR> d-------- c:\program files\Oberon Media
2008-10-19 12:55 . 2008-10-19 12:55 <DIR> d-------- c:\program files\Common Files\Oberon Media
2008-10-17 12:37 . 2004-08-23 16:51 109,472 --a------ c:\windows\system32\Sebran3_.ttf
2008-10-17 12:37 . 2003-11-12 22:38 31,732 --a------ c:\windows\system32\SEBRS___.TTF
2008-10-17 11:55 . 2008-10-17 14:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-10-17 11:40 . 2006-10-17 21:29 487,479 --a------ c:\windows\system32\SkinMagic.dll
2008-10-17 11:40 . 2007-02-16 06:10 60,273 --a------ c:\windows\system32\pthreadGC2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 17:04 9,961,472 ---ha-w c:\documents and settings\SINIŠA\NTUSER.DAT
2008-11-16 17:04 9,961,472 ---ha-w c:\documents and settings\SINIŠA\NTUSER.DAT
2008-11-16 14:15 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-11-15 22:20 3,764 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-11-15 21:35 --------- d-----w c:\program files\mIRC
2008-11-15 20:29 --------- d-----w c:\documents and settings\SINIŠA\Application Data\AVG7
2008-11-12 23:28 --------- d-----w c:\program files\Winamp
2008-11-12 23:17 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-11-12 23:17 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2008-11-12 21:46 --------- d-----w c:\documents and settings\SINIŠA\Application Data\Autodesk
2008-11-12 19:30 --------- d-----w c:\documents and settings\SINIŠA\Application Data\Skype
2008-11-11 18:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 16:59 --------- d-----w c:\documents and settings\SINIŠA\Application Data\Canon
2008-11-10 12:11 --------- d-----w c:\program files\Canon
2008-11-04 09:55 --------- d-----w c:\program files\Xilisoft
2008-10-25 14:32 --------- d-----w c:\program files\IncrediMail
2008-10-23 12:47 --------- d-----w c:\documents and settings\SINIŠA\Application Data\SmartDraw
2008-10-22 19:38 --------- d-----w c:\documents and settings\SINIŠA\Application Data\IGEMS Software
2008-10-19 20:07 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-19 11:56 --------- d-----w c:\documents and settings\SINIŠA\Application Data\PlayFirst
2008-10-13 19:55 --------- d-----w c:\documents and settings\SINIŠA\Application Data\Adobe
2008-10-13 17:09 --------- d-----w c:\program files\Conduit
2008-09-16 17:33 --------- d-----w c:\documents and settings\All Users\Application Data\IM
2008-09-16 17:32 --------- d-----w c:\documents and settings\All Users\Application Data\IncrediMail
2008-01-17 18:08 22,328 ----a-w c:\documents and settings\SINIŠA\Application Data\PnkBstrK.sys
2006-11-22 18:07 88 --sh--r c:\windows\system32\590D0E0B75.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-01-31 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-09-08 243072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-02-09 219136]

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\AxCmd.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2008-04-20 13696]
R2 IJPLMSVC;PIXMA Extended Survey Program;c:\program files\Canon\IJPLM\IJPLMSVC.EXE [2008-11-10 101528]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\SINIA~1\LOCALS~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys []
S3 SmartKeyDriver;SmartKeyDriver;\??\c:\program files\MSI\SmartKey\Smemory.sys [2006-12-30 8676]

*Newly Created Service* - ECSZVPIW
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 18:05:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

c:\program files\iolo\Common\Lib\ioloDMVSvc.exe [1312] 0x82047A38

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\program files\iolo\Common\Lib\ioloHL.dll

PROCESS: c:\windows\system32\lsass.exe
-> c:\program files\iolo\Common\Lib\ioloHL.dll

PROCESS: c:\windows\system32\csrss.exe
-> c:\program files\iolo\Common\Lib\ioloHL.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
.
**************************************************************************
.
Completion time: 2008-11-16 18:13:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-16 17:13:43
ComboFix2.txt 2008-11-16 12:31:19

Pre-Run: 22,142,476,288 bytes free
Post-Run: 22,130,319,360 bytes free

209 --- E O F --- 2008-01-08 22:24:15

Dopuna: 16 Nov 2008 18:34

sta dalje?

Dopuna: 16 Nov 2008 19:06

ima li koga.... :-)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kako je sada?
Ima li još uvek nekih simptoma?