Problem sa Avast-om koji nemoze da izbrise virus

1

Problem sa Avast-om koji nemoze da izbrise virus

offline
  • Pridružio: 28 Sep 2009
  • Poruke: 11
  • Gde živiš: Sarajevo

DDS (Ver_09-09-29.01) - NTFSx86
Run by ermin at 21:35:40,81 on pon 09/28/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.242 [GMT 2:00]

AV: avast! antivirus 4.8.1356 [VPS 090927-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\desfx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Atds.exe
C:\WINDOWS\system32\B7JH7Z9OUD\F001.exe
"C:\WINDOWS\system32\svchost.exe" 63683
C:\WINDOWS\System32\svchost.exe -k homelisten
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\nhg.exe
C:\WINDOWS\desfx.exe
C:\WINDOWS\Atds.exe
C:\WINDOWS\nhg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\desfx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ermin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://ok3.114graph.com/msn/163.htm
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
TCP: {6CAB2D5E-81F6-4A23-BA28-2E29DE6253DE} = 77.238.208.3 77.238.208.4
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ermin\applic~1\mozilla\firefox\profiles\t8akazwe.default\
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-27 114768]
R2 afex;faday;c:\windows\desfx.exe [2009-9-28 10368]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-27 20560]
R2 Atdx;Atg;c:\windows\Atds.exe [2009-9-28 10368]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-27 138680]
R2 ferst;ces;c:\windows\system32\b7jh7z9oud\F001.exe [2009-9-27 65536]
R2 HomeListen;Home Group Listener;c:\windows\system32\svchost.exe -k homelisten [2004-8-4 14336]
R2 n hj;fmgn;c:\windows\nhg.exe [2009-9-28 10368]
R2 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);c:\windows\system32\drivers\tcpz-x86d.sys [2009-9-27 12136]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-27 254040]
S2 ASPX;ASPX State Service;c:\windows\system32\aspx.exe [2009-9-28 19231]
S2 BitSrv;Bit Service;c:\windows\system32\BtSrv.exe [2009-9-27 430080]
S2 re;fsrd;c:\windows\system32\62o476l683\J001.exe [2009-9-28 65536]
S2 windswe;windswer;c:\windows\system32\windswe.exe [2009-9-27 22512]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-27 352920]

=============== Created Last 30 ================

2009-09-28 21:34 46 a------- C:\t.ini
2009-09-28 21:33 778,752 a------- c:\windows\system32\homlogsrv.dll
2009-09-28 21:33 <DIR> --d----- c:\windows\system32\GRUA4Z4HY7
2009-09-28 20:53 10,368 ---sh--- c:\windows\nhg.exe
2009-09-28 20:53 19,231 a------- c:\windows\system32\aspx.exe
2009-09-28 20:53 10,368 ---sh--- c:\windows\Atds.exe
2009-09-28 20:51 <DIR> --d----- c:\windows\system32\793HDI4IBE
2009-09-28 20:50 10,368 ---sh--- c:\windows\desfx.exe
2009-09-28 20:48 <DIR> --d----- c:\windows\system32\62O476L683
2009-09-28 20:48 41,984 ---sh--- c:\windows\system32\homrunsrv.dll
2009-09-28 20:48 <DIR> --d----- c:\windows\system32\6S8S2YN26Z
2009-09-28 20:47 778,752 a------- c:\windows\system32\wmplogsrv.dll
2009-09-28 19:55 <DIR> --d----- c:\docume~1\ermin\applic~1\Malwarebytes
2009-09-28 19:54 <DIR> --d----- c:\documents and settings\ermin
2009-09-28 19:49 103,424 ac------ c:\windows\system32\dllcache\uihelper.dll
2009-09-28 19:48 1,875,968 ac------ c:\windows\system32\dllcache\msir3jp.lex
2009-09-28 19:47 400,384 ac------ c:\windows\system32\dllcache\fxsxp32.dll
2009-09-28 19:46 5,632 ac------ c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-09-28 19:44 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-09-28 19:44 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-09-28 19:44 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-09-28 19:44 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-09-28 19:44 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-09-28 19:44 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-09-28 19:43 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-09-28 19:42 32,768 ac------ c:\windows\system32\dllcache\icwdl.dll
2009-09-28 19:42 214,528 ac------ c:\windows\system32\dllcache\icwconn1.exe
2009-09-28 19:42 86,016 ac------ c:\windows\system32\dllcache\icwconn2.exe
2009-09-28 19:42 20,480 ac------ c:\windows\system32\dllcache\inetwiz.exe
2009-09-28 19:28 13,753 a----r-- c:\windows\SET5B.tmp
2009-09-28 19:28 1,086,058 a----r-- c:\windows\SET4F.tmp
2009-09-28 19:28 1,042,903 a----r-- c:\windows\SET4C.tmp
2009-09-27 22:53 <DIR> --d----- c:\windows\system32\BVEY4KM2CY
2009-09-27 22:51 22,512 a------- c:\windows\system32\windswe.exe
2009-09-27 22:50 <DIR> --d----- c:\windows\system32\B7JH7Z9OUD
2009-09-27 22:12 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-27 22:12 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-27 22:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-27 22:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-27 21:37 48,640 a------- c:\windows\system32\dhcpqec.dll
2009-09-27 21:32 <DIR> --d----- c:\windows\ServicePackFiles
2009-09-27 21:26 19,569 a------- c:\windows\003139_.tmp
2009-09-27 21:25 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-09-27 16:04 12,136 a------- c:\windows\system32\drivers\tcpz-x86d.sys
2009-09-27 16:04 430,080 ---shr-- c:\windows\system32\BtSrv.exe
2009-09-27 16:04 40,960 a--sh--- c:\windows\system32\wmprunsrv.dll
2009-09-27 14:54 737,280 a------- c:\windows\iun6002.exe
2009-09-27 14:54 <DIR> --d----- c:\program files\Codec Pack - All In 1
2009-09-27 14:53 <DIR> --d----- c:\program files\Webteh
2009-09-27 14:47 376 a------- c:\windows\ODBC.INI
2009-09-27 14:46 17,920 a------- c:\windows\system32\mdimon.dll
2009-09-27 14:45 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-09-27 14:43 <DIR> --d-h--- c:\windows\ShellNew
2009-09-27 14:06 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-09-27 14:06 52,864 a------- c:\windows\system32\drivers\DMusic.sys
2009-09-27 14:05 130,048 a------- c:\windows\system32\ksproxy.ax
2009-09-27 14:05 4,096 a------- c:\windows\system32\ksuser.dll
2009-09-27 14:05 4,816 a------- c:\windows\system32\drivers\aeaudio.sys
2009-09-27 14:05 3,744 a------- c:\windows\system32\drivers\smsens.sys
2009-09-27 14:05 720,896 a------- c:\windows\system32\a3d.dll
2009-09-27 14:05 539,008 a------- c:\windows\system32\drivers\smwdm.sys
2009-09-27 14:05 45,056 a------- c:\windows\system32\CleanUp.exe
2009-09-27 14:05 36,864 a------- c:\windows\system32\DSndUp.exe
2009-09-27 14:05 <DIR> --d----- c:\program files\Analog Devices
2009-09-27 14:03 2,725 a----r-- c:\windows\system32\e1000325.din
2009-09-27 14:03 126,976 a------- c:\windows\system32\e1000msg.dll
2009-09-27 14:03 121,856 a------- c:\windows\system32\drivers\e1000325.sys
2009-09-27 14:03 118,784 a------- c:\windows\system32\Prounstl.exe
2009-09-27 14:03 24,064 a------- c:\windows\system32\IntelNic.dll
2009-09-27 14:03 <DIR> --d----- C:\drvrtmp
2009-09-27 14:01 18,688 a------- c:\windows\system32\drivers\omci.sys
2009-09-27 14:01 <DIR> --d----- c:\program files\Dell
2009-09-27 14:00 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-09-27 13:59 <DIR> --d----- C:\dell
2009-09-27 13:54 <DIR> --ds---- c:\windows\system32\Microsoft
2009-09-27 13:54 8,192 a------- c:\windows\REGLOCS.OLD
2009-09-27 13:50 618,605 ac------ c:\windows\system32\dllcache\fp4autl.dll
2009-09-27 13:47 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-09-27 13:47 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-09-27 13:47 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-09-27 13:47 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-09-27 13:47 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-09-27 13:47 <DIR> --d----- c:\windows\system32\DirectX
2009-09-27 13:46 <DIR> --d----- c:\program files\common files\MSSoap
2009-09-27 13:44 <DIR> --d----- c:\program files\Online Services
2009-09-27 13:44 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-09-27 13:43 <DIR> --d----- c:\program files\Messenger
2009-09-27 13:43 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-09-27 13:43 <DIR> --d----- c:\program files\Windows NT
2009-09-26 15:28 <DIR> --d----- c:\program files\common files\ODBC
2009-09-26 15:28 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-09-26 15:28 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-09-28 19:41 22,720 a------- c:\windows\system32\emptyregdb.dat
2009-09-27 21:41 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2004-08-17 20:00 76,288 ---sh--- c:\windows\system32\RmmltoC.dll
2004-08-17 20:00 76,288 ---sh--- c:\windows\system32\RnmutlC.dll
2004-08-17 20:00 76,288 ---sh--- c:\windows\system32\RpmitpC.dll
2004-08-17 20:00 76,288 a--sh--- c:\windows\system32\RvmutlC.dll

============= FINISH: 21:36:05,93 ===============

Instalirao sam novi sistem XP 32 bitni koji, cim sam pokusao da se konektujem na net je zablokirao. Tacnije Avast me poceo upozoravati na malware koji mi ometa rad i zbog kojeg sam primoran prilikom startanja kompijutera brzo ugasiti kako bi od Vas zatrazio pomoc. Hvala Vam unaprijed za pomoc! Veliki pozdrav!
mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 28 Sep 2009
  • Poruke: 11
  • Gde živiš: Sarajevo

Iskreno se nadam da je to to sto sam trebao kopirati.



ComboFix 09-09-27.05 - ermin 09/28/2009 23:03:28.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.234 [GMT 2:00]
Running from: C:\Documents and Settings\ermin\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 090928-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\aspx.exe
C:\WINDOWS\system32\e1000msg.dll
c:\windows\system32\homrunsrv.dll
C:\WINDOWS\system32\wmprunsrv.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASPX
-------\Service_ASPX
-------\Legacy_HomeListen
-------\Service_HomeListen


((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.

2009-09-28 20:20:58 . 2009-09-28 20:23:04 0 d-----w- C:\WINDOWS\system32\QYQITKFMSF
2009-09-28 20:00:21 . 2009-09-28 20:01:18 0 d-----w- C:\WINDOWS\system32\MA73PJIGWB
2009-09-28 19:53:50 . 2009-09-28 19:53:50 0 d-----w- C:\WINDOWS\system32\K
2009-09-28 19:33:06 . 2009-09-28 19:35:25 0 d-----w- C:\WINDOWS\system32\GRUA4Z4HY7
2009-09-28 18:53:48 . 2009-09-28 18:53:48 10368 --sh--w- C:\WINDOWS\nhg.exe
2009-09-28 18:53:34 . 2009-09-28 18:53:34 10368 --sh--w- C:\WINDOWS\Atds.exe
2009-09-28 18:51:15 . 2009-09-28 18:53:50 0 d-----w- C:\WINDOWS\system32\793HDI4IBE
2009-09-28 18:50:02 . 2009-09-28 18:50:02 10368 --sh--w- C:\WINDOWS\desfx.exe
2009-09-28 18:48:42 . 2009-09-28 18:50:36 0 d-----w- C:\WINDOWS\system32\62O476L683
2009-09-28 18:48:32 . 2009-09-28 18:48:45 0 d-----w- C:\WINDOWS\system32\6S8S2YN26Z
2009-09-28 18:47:40 . 2009-09-28 18:48:30 778752 ----a-w- C:\WINDOWS\system32\wmplogsrv.dll
2009-09-28 18:16:23 . 2009-09-28 18:16:23 0 d-----w- C:\Documents and Settings\ermin\Local Settings\Application Data\Mozilla
2009-09-28 18:04:32 . 2009-09-28 18:04:32 42944 ----a-w- C:\Documents and Settings\ermin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-28 17:55:12 . 2009-09-28 17:55:13 0 d-----w- C:\Documents and Settings\ermin\Application Data\Malwarebytes
2009-09-28 17:49:59 . 2004-08-03 23:56:48 103424 -c--a-w- C:\WINDOWS\system32\dllcache\uihelper.dll
2009-09-28 17:48:55 . 2001-08-23 12:00:00 98304 -c--a-w- C:\WINDOWS\system32\dllcache\msir3jp.dll
2009-09-28 17:47:58 . 2004-08-03 23:56:44 400384 -c--a-w- C:\WINDOWS\system32\dllcache\fxsxp32.dll
2009-09-28 17:46:59 . 2001-08-17 20:36:10 5632 -c--a-w- C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
2009-09-28 17:43:21 . 2001-08-23 12:00:00 16384 -c--a-w- C:\WINDOWS\system32\dllcache\isignup.exe
2009-09-28 17:42:38 . 2004-08-03 23:56:44 32768 -c--a-w- C:\WINDOWS\system32\dllcache\icwdl.dll
2009-09-28 17:42:37 . 2004-08-03 23:56:52 86016 -c--a-w- C:\WINDOWS\system32\dllcache\icwconn2.exe
2009-09-28 17:42:37 . 2004-08-03 23:56:52 214528 -c--a-w- C:\WINDOWS\system32\dllcache\icwconn1.exe
2009-09-28 17:42:37 . 2004-08-03 23:56:52 20480 -c--a-w- C:\WINDOWS\system32\dllcache\inetwiz.exe
2009-09-28 17:29:38 . 2001-08-23 12:00:00 13312 -c--a-w- C:\WINDOWS\system32\dllcache\irclass.dll
2009-09-28 17:29:38 . 2001-08-23 12:00:00 13312 ----a-w- C:\WINDOWS\system32\irclass.dll
2009-09-28 17:29:37 . 2001-08-23 12:00:00 24661 -c--a-w- C:\WINDOWS\system32\dllcache\spxcoins.dll
2009-09-28 17:29:37 . 2001-08-23 12:00:00 24661 ----a-w- C:\WINDOWS\system32\spxcoins.dll
2009-09-27 20:53:03 . 2009-09-27 20:53:30 0 d-----w- C:\WINDOWS\system32\BVEY4KM2CY
2009-09-27 20:51:15 . 2009-09-28 19:35:19 22512 ----a-w- C:\WINDOWS\system32\windswe.exe
2009-09-27 20:50:52 . 2009-09-27 20:51:57 0 d-----w- C:\WINDOWS\system32\B7JH7Z9OUD
2009-09-27 20:12:45 . 2009-09-27 20:12:45 0 d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-09-27 20:12:38 . 2009-09-10 12:54:06 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-09-27 20:12:36 . 2009-09-27 20:12:43 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-27 20:12:36 . 2009-09-27 20:12:36 0 d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-27 20:12:36 . 2009-09-10 12:53:50 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-09-27 19:38:11 . 2008-04-13 22:13:34 9728 ----a-w- C:\WINDOWS\system32\comsdupd.exe
2009-09-27 19:38:11 . 2004-08-03 21:08:34 40832 ----a-w- C:\WINDOWS\system32\drivers\irbus.sys
2009-09-27 19:38:10 . 2004-08-03 23:56:46 9728 -c--a-w- C:\WINDOWS\system32\dllcache\rwnh.dll
2009-09-27 19:38:10 . 2004-08-03 23:56:46 9728 ----a-w- C:\WINDOWS\system32\rwnh.dll
2009-09-27 19:38:10 . 2004-08-03 23:56:46 10752 -c--a-w- C:\WINDOWS\system32\dllcache\smtpapi.dll
2009-09-27 19:38:10 . 2004-08-03 23:56:46 10752 ----a-w- C:\WINDOWS\system32\smtpapi.dll
2009-09-27 19:38:09 . 2004-08-03 23:56:46 221696 -c--a-w- C:\WINDOWS\system32\dllcache\seo.dll
2009-09-27 19:38:09 . 2004-08-03 23:56:46 2134528 -c--a-w- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2009-09-27 19:38:09 . 2004-08-03 23:56:46 189440 -c--a-w- C:\WINDOWS\system32\dllcache\smtpadm.dll
2009-09-27 19:38:01 . 2004-08-03 22:56:42 377984 ----a-w- C:\WINDOWS\system32\ati2dvaa.dll
2009-09-27 19:38:00 . 2008-04-14 03:41:52 233472 ----a-w- C:\WINDOWS\system32\azroles.dll
2009-09-27 19:38:00 . 2004-08-03 22:56:42 32768 ----a-w- C:\WINDOWS\system32\ativtmxx.dll
2009-09-27 19:32:43 . 2009-09-27 19:38:26 0 d-----w- C:\WINDOWS\ServicePackFiles
2009-09-27 19:25:58 . 2007-08-10 18:46:18 26488 ----a-w- C:\WINDOWS\system32\spupdsvc.exe
2009-09-27 14:04:33 . 2009-09-28 18:48:40 12136 ----a-w- C:\WINDOWS\system32\drivers\tcpz-x86d.sys
2009-09-27 14:04:32 . 2009-09-27 14:04:32 430080 --sh--r- C:\WINDOWS\system32\BtSrv.exe
2009-09-27 12:54:52 . 2009-09-27 12:54:05 737280 ----a-w- C:\WINDOWS\iun6002.exe
2009-09-27 12:54:45 . 2009-09-27 12:54:52 0 d-----w- C:\Program Files\Codec Pack - All In 1
2009-09-27 12:53:35 . 2009-09-27 12:53:35 0 d-----w- C:\Program Files\Webteh
2009-09-27 12:52:51 . 2009-09-27 12:52:51 0 ----a-w- C:\WINDOWS\nsreg.dat
2009-09-27 12:50:39 . 2009-09-27 12:50:46 0 d-----w- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-09-27 12:50:36 . 2009-09-27 12:50:40 0 d-----w- C:\Program Files\Google
2009-09-27 12:49:38 . 2009-09-27 12:49:38 0 d-----w- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2009-09-27 12:46:53 . 2003-06-18 15:31:48 17920 ----a-w- C:\WINDOWS\system32\mdimon.dll
2009-09-27 12:45:30 . 2009-09-27 12:45:30 0 d-----w- C:\Program Files\Microsoft.NET
2009-09-27 12:45:17 . 2009-09-27 12:45:17 0 d-----w- C:\Program Files\Microsoft ActiveSync
2009-09-27 12:43:58 . 2009-09-27 12:45:26 0 d--h--w- C:\WINDOWS\ShellNew
2009-09-27 12:36:10 . 2009-09-27 12:36:10 0 d-----w- C:\Program Files\Common Files\Adobe
2009-09-27 12:06:15 . 2006-06-14 08:50:20 6272 ----a-w- C:\WINDOWS\system32\drivers\splitter.sys
2009-09-27 12:06:11 . 2004-08-03 21:07:40 52864 ----a-w- C:\WINDOWS\system32\drivers\DMusic.sys
2009-09-27 12:05:53 . 2004-08-03 22:56:44 4096 ----a-w- C:\WINDOWS\system32\ksuser.dll
2009-09-27 12:05:49 . 2002-10-28 09:26:04 3744 ----a-w- C:\WINDOWS\system32\drivers\smsens.sys
2009-09-27 12:05:49 . 2002-04-01 11:15:00 4816 ----a-w- C:\WINDOWS\system32\drivers\aeaudio.sys
2009-09-27 12:05:48 . 2009-09-27 12:05:48 0 d-----w- C:\Program Files\Analog Devices
2009-09-27 12:05:48 . 2002-12-19 15:48:48 539008 ----a-w- C:\WINDOWS\system32\drivers\smwdm.sys
2009-09-27 12:05:48 . 2002-12-17 13:11:10 36864 ----a-w- C:\WINDOWS\system32\DSndUp.exe
2009-09-27 12:05:48 . 2002-04-17 13:05:32 45056 ----a-w- C:\WINDOWS\system32\CleanUp.exe
2009-09-27 12:05:48 . 2001-09-19 11:32:26 720896 ----a-w- C:\WINDOWS\system32\a3d.dll
2009-09-27 12:03:49 . 2009-09-27 12:04:22 0 d-----w- C:\drvrtmp
2009-09-27 12:03:49 . 2003-07-11 10:15:48 118784 ----a-w- C:\WINDOWS\system32\Prounstl.exe
2009-09-27 12:03:49 . 2003-07-11 08:58:42 121856 ----a-w- C:\WINDOWS\system32\drivers\e1000325.sys
2009-09-27 12:03:49 . 2002-12-29 03:00:02 24064 ----a-w- C:\WINDOWS\system32\IntelNic.dll
2009-09-27 12:01:45 . 2009-09-27 12:07:10 0 d-----w- C:\Program Files\Dell
2009-09-27 12:01:45 . 2005-11-23 09:43:56 18688 ----a-w- C:\WINDOWS\system32\drivers\omci.sys
2009-09-27 12:01:00 . 2009-09-27 12:01:00 0 d-----w- C:\Program Files\Intel
2009-09-27 12:00:25 . 2009-09-27 12:07:11 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-09-27 12:00:10 . 2009-09-27 12:00:11 0 d-----w- C:\Program Files\Common Files\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 17:41:18 . 2009-09-27 11:44:47 22720 ----a-w- C:\WINDOWS\system32\emptyregdb.dat
2009-09-28 17:40:41 . 2009-09-27 11:44:01 0 d-----w- C:\Program Files\Windows Media Connect 2
2009-09-27 12:12:00 . 2009-09-27 12:12:00 0 d-----w- C:\Program Files\Alwil Software
2009-09-27 11:49:52 . 2009-09-27 11:49:52 0 d-----w- C:\Program Files\microsoft frontpage
2009-09-15 10:59:36 . 2009-09-27 12:12:02 1279968 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2009-09-15 10:56:21 . 2009-09-27 12:12:25 93424 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2009-09-15 10:56:14 . 2009-09-27 12:12:25 94160 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2009-09-15 10:55:30 . 2009-09-27 12:12:25 114768 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2009-09-15 10:55:19 . 2009-09-27 12:12:25 20560 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2009-09-15 10:54:30 . 2009-09-27 12:12:27 52368 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2009-09-15 10:54:21 . 2009-09-27 12:12:27 23152 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2009-09-15 10:53:24 . 2009-09-27 12:12:26 27408 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2009-09-15 10:53:01 . 2009-09-27 12:12:25 97480 ----a-w- C:\WINDOWS\system32\AvastSS.scr
2004-08-17 18:00:00 . 2004-08-17 18:00:00 76288 --sh--w- C:\WINDOWS\system32\RmmltoC.dll
2004-08-17 18:00:00 . 2004-08-17 18:00:00 76288 --sh--w- C:\WINDOWS\system32\RnmutlC.dll
2004-08-17 18:00:00 . 2004-08-17 18:00:00 76288 --sh--w- C:\WINDOWS\system32\RpmitpC.dll
2004-08-17 18:00:00 . 2004-08-17 18:00:00 76288 --sh--w- C:\WINDOWS\system32\RrmstlC.dll
2004-08-17 18:00:00 . 2004-08-17 18:00:00 76288 --sha-w- C:\WINDOWS\system32\RvmutlC.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 10:56:48 81000]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 12:53:56 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56:50 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 21:59:28 44544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

2;2 afex;faday;C:\WINDOWS\desfx.exe [x]
2;2 n hj;fmgn;C:\WINDOWS\nhg.exe [x]
R2 Atdx;Atg;C:\WINDOWS\Atds.exe [2009-09-28 18:53:34 10368]
R2 re;fsrd;C:\WINDOWS\system32\62O476L683\J001.exe [2009-09-28 18:50:36 65536]
R2 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);C:\WINDOWS\system32\drivers\tcpz-x86d.sys [2009-09-28 18:48:40 12136]
R2 windswe;windswer;C:\WINDOWS\system32\windswe.exe [2009-09-28 19:35:19 22512]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 10:55:19 20560]
S2 BitSrv;Bit Service;C:\WINDOWS\System32\BtSrv.exe [2009-09-27 14:04:32 430080]
S2 ferst;ces;C:\WINDOWS\system32\B7JH7Z9OUD\F001.exe [2009-09-27 20:51:11 65536]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
wmpnetwk REG_MULTI_SZ WmpNetwk Wind
homelisten REG_MULTI_SZ HomeListen Home
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 C:\WINDOWS\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-27 12:50:36 . 2009-09-27 12:50:36]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ok3.114graph.com/msn/163.htm
FF - ProfilePath - C:\Documents and Settings\ermin\Application Data\Mozilla\Firefox\Profiles\t8akazwe.default\
FF - plugin: C:\Program Files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-09-28 23:09:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1408-)
C:\WINDOWS\system32\wpdshserviceobj.dll
C:\WINDOWS\system32\portabledevicetypes.dll
C:\WINDOWS\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Completion time: 2009-09-28 23:11:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-28 21:11:24

Pre-Run: 11.926.560.768 bytes free
Post-Run: 11.910.008.832 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
204

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,

izvini sto cekas, ali je slucaj malo komplikovaniji.

Windows XP
Klikni Start taster (u levom donjem uglu).
Izaberi My Computer.
Selektuj Tools meni i klikni na Folder Options.
Selektuj View na vrhu, unutar Hidden files and folders grupe selektuj Show hidden files and folders.
Skini kvačicu sa Hide file extensions for known types.
Skini kvačicu sa Hide protected operating system files (recommended).
Klikni YES.
Klikni OK.


probaj da nadjes sledeci fajl i da mi ga posaljes:

C:\WINDOWS\system32\RvmutlC.dll

preko ovog linka:

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 28 Sep 2009
  • Poruke: 11
  • Gde živiš: Sarajevo

Izvini ti sto si cekala, evo tek sad sam dosao s posla Smile Nakon upustava predhodnih koje si mi nalozila da uradim upalio se Avast i izbrisao more virusa tako da sam sad uspijesno upalio komp bez, sad zasad, ikakvih problema i kao sto i sama vidis cak i konektovao na net. Iskreno se nadam da sam, to jest TI, uspjesno popravila ovu moju kantu! Smile Fajl C:\WINDOWS\system32\RvmutlC.dll nemogu da pronadzem na kompu.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Kanta nije jos popravljena skroz. Smile

Potrebno je da opet skeniras programom ComboFix.

offline
  • Pridružio: 28 Sep 2009
  • Poruke: 11
  • Gde živiš: Sarajevo

Sad Bas sam se ponadao. Obavio sam ono sto si mi rekla i evo saljem ti izvijestaj.


ComboFix 09-09-27.05 - ermin 09/30/2009 18:02.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.323 [GMT 2:00]
Running from: c:\documents and settings\ermin\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 090929-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\aspx.exe
c:\windows\system32\e1000msg.dll
c:\windows\system32\homrunsrv.dll
c:\windows\system32\wmprunsrv.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASPX
-------\Service_ASPX
-------\Legacy_HomeListen
-------\Service_HomeListen


((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.

2009-09-28 20:20 . 2009-09-28 20:23 -------- d-----w- c:\windows\system32\QYQITKFMSF
2009-09-28 20:00 . 2009-09-28 20:01 -------- d-----w- c:\windows\system32\MA73PJIGWB
2009-09-28 19:53 . 2009-09-28 19:53 -------- d-----w- c:\windows\system32\K
2009-09-28 19:33 . 2009-09-28 22:04 -------- d-----w- c:\windows\system32\GRUA4Z4HY7
2009-09-28 18:53 . 2009-09-28 18:53 10368 --sh--w- c:\windows\Atds.exe
2009-09-28 18:51 . 2009-09-28 22:01 -------- d-----w- c:\windows\system32\793HDI4IBE
2009-09-28 18:50 . 2009-09-28 18:50 10368 --sh--w- c:\windows\desfx.exe
2009-09-28 18:48 . 2009-09-28 22:01 -------- d-----w- c:\windows\system32\62O476L683
2009-09-28 18:48 . 2009-09-28 18:48 -------- d-----w- c:\windows\system32\6S8S2YN26Z
2009-09-28 18:16 . 2009-09-28 18:16 -------- d-----w- c:\documents and settings\ermin\Local Settings\Application Data\Mozilla
2009-09-28 18:04 . 2009-09-28 18:04 42944 ----a-w- c:\documents and settings\ermin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-28 17:55 . 2009-09-28 17:55 -------- d-----w- c:\documents and settings\ermin\Application Data\Malwarebytes
2009-09-28 17:49 . 2004-08-03 23:56 103424 -c--a-w- c:\windows\system32\dllcache\uihelper.dll
2009-09-28 17:48 . 2001-08-23 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-09-28 17:47 . 2004-08-03 23:56 400384 -c--a-w- c:\windows\system32\dllcache\fxsxp32.dll
2009-09-28 17:46 . 2001-08-17 20:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-09-28 17:43 . 2001-08-23 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-09-28 17:42 . 2004-08-03 23:56 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2009-09-28 17:42 . 2004-08-03 23:56 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2009-09-28 17:42 . 2004-08-03 23:56 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2009-09-28 17:42 . 2004-08-03 23:56 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2009-09-28 17:29 . 2001-08-23 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-09-28 17:29 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-09-28 17:29 . 2001-08-23 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-09-28 17:29 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-09-27 20:53 . 2009-09-27 20:53 -------- d-----w- c:\windows\system32\BVEY4KM2CY
2009-09-27 20:50 . 2009-09-28 22:01 -------- d-----w- c:\windows\system32\B7JH7Z9OUD
2009-09-27 20:12 . 2009-09-27 20:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-27 20:12 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-27 20:12 . 2009-09-27 20:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-27 20:12 . 2009-09-27 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-27 20:12 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-27 19:38 . 2008-04-13 22:13 9728 ----a-w- c:\windows\system32\comsdupd.exe
2009-09-27 19:38 . 2004-08-03 21:08 40832 ----a-w- c:\windows\system32\drivers\irbus.sys
2009-09-27 19:38 . 2004-08-03 23:56 9728 -c--a-w- c:\windows\system32\dllcache\rwnh.dll
2009-09-27 19:38 . 2004-08-03 23:56 9728 ----a-w- c:\windows\system32\rwnh.dll
2009-09-27 19:38 . 2004-08-03 23:56 10752 -c--a-w- c:\windows\system32\dllcache\smtpapi.dll
2009-09-27 19:38 . 2004-08-03 23:56 10752 ----a-w- c:\windows\system32\smtpapi.dll
2009-09-27 19:38 . 2004-08-03 23:56 221696 -c--a-w- c:\windows\system32\dllcache\seo.dll
2009-09-27 19:38 . 2004-08-03 23:56 2134528 -c--a-w- c:\windows\system32\dllcache\smtpsnap.dll
2009-09-27 19:38 . 2004-08-03 23:56 189440 -c--a-w- c:\windows\system32\dllcache\smtpadm.dll
2009-09-27 19:38 . 2004-08-03 22:56 377984 ----a-w- c:\windows\system32\ati2dvaa.dll
2009-09-27 19:38 . 2008-04-14 03:41 233472 ----a-w- c:\windows\system32\azroles.dll
2009-09-27 19:38 . 2004-08-03 22:56 32768 ----a-w- c:\windows\system32\ativtmxx.dll
2009-09-27 19:32 . 2009-09-27 19:38 -------- d-----w- c:\windows\ServicePackFiles
2009-09-27 19:25 . 2007-08-10 18:46 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-09-27 14:04 . 2009-09-28 18:48 12136 ----a-w- c:\windows\system32\drivers\tcpz-x86d.sys
2009-09-27 14:04 . 2009-09-27 14:04 430080 --sh--r- c:\windows\system32\BtSrv.exe
2009-09-27 12:54 . 2009-09-27 12:54 737280 ----a-w- c:\windows\iun6002.exe
2009-09-27 12:54 . 2009-09-27 12:54 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-09-27 12:53 . 2009-09-27 12:53 -------- d-----w- c:\program files\Webteh
2009-09-27 12:52 . 2009-09-27 12:52 0 ----a-w- c:\windows\nsreg.dat
2009-09-27 12:50 . 2009-09-27 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-27 12:50 . 2009-09-27 12:50 -------- d-----w- c:\program files\Google
2009-09-27 12:49 . 2009-09-27 12:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-09-27 12:46 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-09-27 12:45 . 2009-09-27 12:45 -------- d-----w- c:\program files\Microsoft.NET
2009-09-27 12:45 . 2009-09-27 12:45 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-27 12:43 . 2009-09-27 12:45 -------- d--h--w- c:\windows\ShellNew
2009-09-27 12:36 . 2009-09-27 12:36 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-27 12:06 . 2006-06-14 08:50 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-09-27 12:06 . 2004-08-03 21:07 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-09-27 12:05 . 2004-08-03 22:56 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-09-27 12:05 . 2002-10-28 09:26 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2009-09-27 12:05 . 2002-04-01 11:15 4816 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2009-09-27 12:05 . 2009-09-27 12:05 -------- d-----w- c:\program files\Analog Devices
2009-09-27 12:05 . 2002-12-19 15:48 539008 ----a-w- c:\windows\system32\drivers\smwdm.sys
2009-09-27 12:05 . 2002-12-17 13:11 36864 ----a-w- c:\windows\system32\DSndUp.exe
2009-09-27 12:05 . 2002-04-17 13:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2009-09-27 12:05 . 2001-09-19 11:32 720896 ----a-w- c:\windows\system32\a3d.dll
2009-09-27 12:03 . 2009-09-27 12:04 -------- d-----w- C:\drvrtmp
2009-09-27 12:03 . 2003-07-11 10:15 118784 ----a-w- c:\windows\system32\Prounstl.exe
2009-09-27 12:03 . 2003-07-11 08:58 121856 ----a-w- c:\windows\system32\drivers\e1000325.sys
2009-09-27 12:03 . 2002-12-29 03:00 24064 ----a-w- c:\windows\system32\IntelNic.dll
2009-09-27 12:01 . 2009-09-27 12:07 -------- d-----w- c:\program files\Dell
2009-09-27 12:01 . 2005-11-23 09:43 18688 ----a-w- c:\windows\system32\drivers\omci.sys
2009-09-27 12:01 . 2009-09-27 12:01 -------- d-----w- c:\program files\Intel
2009-09-27 12:00 . 2009-09-27 12:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-27 12:00 . 2009-09-27 12:00 -------- d-----w- c:\program files\Common Files\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 17:41 . 2009-09-27 11:44 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-28 17:40 . 2009-09-27 11:44 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-27 12:12 . 2009-09-27 12:12 -------- d-----w- c:\program files\Alwil Software
2009-09-27 11:49 . 2009-09-27 11:49 -------- d-----w- c:\program files\microsoft frontpage
2009-09-15 10:59 . 2009-09-27 12:12 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-09-27 12:12 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-09-27 12:12 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-09-27 12:12 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-09-27 12:12 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-09-27 12:12 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-09-27 12:12 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-09-27 12:12 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-09-27 12:12 97480 ----a-w- c:\windows\system32\AvastSS.scr
.

((((((((((((((((((((((((((((( SnapShot@2009-09-28_21.09.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-30 15:56 . 2009-09-30 15:56 16384 c:\windows\Temp\Perflib_Perfdata_5e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/27/2009 14:12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/27/2009 14:12 20560]
R2 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);c:\windows\system32\drivers\tcpz-x86d.sys [9/27/2009 16:04 12136]
S2 afex;faday;c:\windows\desfx.exe [9/28/2009 20:50 10368]
S2 Atdx;Atg;c:\windows\Atds.exe [9/28/2009 20:53 10368]
S2 BitSrv;Bit Service;c:\windows\system32\BtSrv.exe [9/27/2009 16:04 430080]
S2 ferst;ces;c:\windows\system32\B7JH7Z9OUD\F001.exe [9/27/2009 22:51 65536]
S2 re;fsrd;c:\windows\system32\62O476L683\J001.exe [9/28/2009 20:50 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
wmpnetwk REG_MULTI_SZ WmpNetwk Wind
homelisten REG_MULTI_SZ HomeListen Home
.
Contents of the 'Scheduled Tasks' folder

2009-09-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-27 12:50]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ok3.114graph.com/msn/163.htm
FF - ProfilePath - c:\documents and settings\ermin\Application Data\Mozilla\Firefox\Profiles\t8akazwe.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-09-30 18:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(124)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2009-09-30 18:09
ComboFix-quarantined-files.txt 2009-09-30 16:09

Pre-Run: 11.858.993.152 bytes free
Post-Run: 11.830.804.480 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
187

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
C:\WINDOWS\system32\QYQITKFMSF
C:\WINDOWS\system32\MA73PJIGWB
C:\WINDOWS\system32\K
C:\WINDOWS\system32\GRUA4Z4HY7
C:\WINDOWS\system32\62O476L683
C:\WINDOWS\system32\6S8S2YN26Z
C:\WINDOWS\system32\BVEY4KM2CY
C:\WINDOWS\system32\B7JH7Z9OUD
C:\WINDOWS\system32\793HDI4IBE

File::
C:\WINDOWS\nhg.exe
C:\WINDOWS\desfx.exe
C:\WINDOWS\Atds.exe
C:\WINDOWS\system32\wmplogsrv.dll
C:\WINDOWS\system32\B7JH7Z9OUD\F001.exe
C:\WINDOWS\System32\BtSrv.exe
C:\WINDOWS\system32\62O476L683\J001.exe
c:\windows\system32\wmprunsrv.dll
c:\windows\system32\drivers\tcpz-x86d.sys

Driver::
ferst
BitSrv
re
Atdx
TCPZ
afex


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 28 Sep 2009
  • Poruke: 11
  • Gde živiš: Sarajevo

Evo ga, gotovo.

ComboFix 09-09-29.04 - ermin 09/30/2009 18:29.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.300 [GMT 2:00]
Running from: c:\documents and settings\ermin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ermin\Desktop\CFScript
AV: avast! antivirus 4.8.1356 [VPS 090929-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point

FILE ::
"c:\windows\Atds.exe"
"c:\windows\desfx.exe"
"c:\windows\nhg.exe"
"c:\windows\system32\62O476L683\J001.exe"
"c:\windows\system32\B7JH7Z9OUD\F001.exe"
"c:\windows\System32\BtSrv.exe"
"c:\windows\system32\drivers\tcpz-x86d.sys"
"c:\windows\system32\wmplogsrv.dll"
"c:\windows\system32\wmprunsrv.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Atds.exe
c:\windows\desfx.exe
c:\windows\system32\62O476L683
c:\windows\system32\62O476L683\A8800.exe
c:\windows\system32\62O476L683\J001.exe
c:\windows\system32\62O476L683\J002.exe
c:\windows\system32\6S8S2YN26Z
c:\windows\system32\793HDI4IBE
c:\windows\system32\793HDI4IBE\A8800.exe
c:\windows\system32\793HDI4IBE\J001.exe
c:\windows\system32\B7JH7Z9OUD
c:\windows\system32\B7JH7Z9OUD\F001.exe
c:\windows\system32\B7JH7Z9OUD\J001.exe
c:\windows\System32\BtSrv.exe
c:\windows\system32\BVEY4KM2CY
c:\windows\system32\BVEY4KM2CY\F001.exe
c:\windows\system32\BVEY4KM2CY\J001.exe
c:\windows\system32\drivers\tcpz-x86d.sys
c:\windows\system32\GRUA4Z4HY7
c:\windows\system32\GRUA4Z4HY7\A8800.exe
c:\windows\system32\GRUA4Z4HY7\J001.exe
c:\windows\system32\K
c:\windows\system32\MA73PJIGWB
c:\windows\system32\QYQITKFMSF
c:\windows\system32\QYQITKFMSF\A8800.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFEX
-------\Legacy_ATDX
-------\Legacy_BITSRV
-------\Legacy_FERST
-------\Legacy_RE
-------\Legacy_TCPZ
-------\Service_afex
-------\Service_Atdx
-------\Service_BitSrv
-------\Service_ferst
-------\Service_re
-------\Service_TCPZ


((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.

2009-09-28 18:16 . 2009-09-28 18:16 -------- d-----w- c:\documents and settings\ermin\Local Settings\Application Data\Mozilla
2009-09-28 18:04 . 2009-09-28 18:04 42944 ----a-w- c:\documents and settings\ermin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-28 17:55 . 2009-09-28 17:55 -------- d-----w- c:\documents and settings\ermin\Application Data\Malwarebytes
2009-09-28 17:49 . 2004-08-03 23:56 103424 -c--a-w- c:\windows\system32\dllcache\uihelper.dll
2009-09-28 17:48 . 2001-08-23 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-09-28 17:47 . 2004-08-03 23:56 400384 -c--a-w- c:\windows\system32\dllcache\fxsxp32.dll
2009-09-28 17:46 . 2001-08-17 20:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-09-28 17:43 . 2001-08-23 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-09-28 17:42 . 2004-08-03 23:56 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2009-09-28 17:42 . 2004-08-03 23:56 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2009-09-28 17:42 . 2004-08-03 23:56 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2009-09-28 17:42 . 2004-08-03 23:56 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2009-09-28 17:29 . 2001-08-23 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-09-28 17:29 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-09-28 17:29 . 2001-08-23 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-09-28 17:29 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-09-27 20:12 . 2009-09-27 20:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-27 20:12 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-27 20:12 . 2009-09-27 20:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-27 20:12 . 2009-09-27 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-27 20:12 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-27 19:38 . 2008-04-13 22:13 9728 ----a-w- c:\windows\system32\comsdupd.exe
2009-09-27 19:38 . 2004-08-03 21:08 40832 ----a-w- c:\windows\system32\drivers\irbus.sys
2009-09-27 19:38 . 2004-08-03 23:56 9728 -c--a-w- c:\windows\system32\dllcache\rwnh.dll
2009-09-27 19:38 . 2004-08-03 23:56 9728 ----a-w- c:\windows\system32\rwnh.dll
2009-09-27 19:38 . 2004-08-03 23:56 10752 -c--a-w- c:\windows\system32\dllcache\smtpapi.dll
2009-09-27 19:38 . 2004-08-03 23:56 10752 ----a-w- c:\windows\system32\smtpapi.dll
2009-09-27 19:38 . 2004-08-03 23:56 221696 -c--a-w- c:\windows\system32\dllcache\seo.dll
2009-09-27 19:38 . 2004-08-03 23:56 2134528 -c--a-w- c:\windows\system32\dllcache\smtpsnap.dll
2009-09-27 19:38 . 2004-08-03 23:56 189440 -c--a-w- c:\windows\system32\dllcache\smtpadm.dll
2009-09-27 19:38 . 2004-08-03 22:56 377984 ----a-w- c:\windows\system32\ati2dvaa.dll
2009-09-27 19:38 . 2008-04-14 03:41 233472 ----a-w- c:\windows\system32\azroles.dll
2009-09-27 19:38 . 2004-08-03 22:56 32768 ----a-w- c:\windows\system32\ativtmxx.dll
2009-09-27 19:32 . 2009-09-27 19:38 -------- d-----w- c:\windows\ServicePackFiles
2009-09-27 19:25 . 2007-08-10 18:46 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-09-27 12:54 . 2009-09-27 12:54 737280 ----a-w- c:\windows\iun6002.exe
2009-09-27 12:54 . 2009-09-27 12:54 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-09-27 12:53 . 2009-09-27 12:53 -------- d-----w- c:\program files\Webteh
2009-09-27 12:52 . 2009-09-27 12:52 0 ----a-w- c:\windows\nsreg.dat
2009-09-27 12:50 . 2009-09-27 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-27 12:50 . 2009-09-27 12:50 -------- d-----w- c:\program files\Google
2009-09-27 12:49 . 2009-09-27 12:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-09-27 12:46 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-09-27 12:45 . 2009-09-27 12:45 -------- d-----w- c:\program files\Microsoft.NET
2009-09-27 12:45 . 2009-09-27 12:45 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-27 12:43 . 2009-09-27 12:45 -------- d--h--w- c:\windows\ShellNew
2009-09-27 12:36 . 2009-09-27 12:36 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-27 12:06 . 2006-06-14 08:50 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-09-27 12:06 . 2004-08-03 21:07 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-09-27 12:05 . 2004-08-03 22:56 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-09-27 12:05 . 2002-10-28 09:26 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2009-09-27 12:05 . 2002-04-01 11:15 4816 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2009-09-27 12:05 . 2009-09-27 12:05 -------- d-----w- c:\program files\Analog Devices
2009-09-27 12:05 . 2002-12-19 15:48 539008 ----a-w- c:\windows\system32\drivers\smwdm.sys
2009-09-27 12:05 . 2002-12-17 13:11 36864 ----a-w- c:\windows\system32\DSndUp.exe
2009-09-27 12:05 . 2002-04-17 13:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2009-09-27 12:05 . 2001-09-19 11:32 720896 ----a-w- c:\windows\system32\a3d.dll
2009-09-27 12:03 . 2009-09-27 12:04 -------- d-----w- C:\drvrtmp
2009-09-27 12:03 . 2003-07-11 10:15 118784 ----a-w- c:\windows\system32\Prounstl.exe
2009-09-27 12:03 . 2003-07-11 08:58 121856 ----a-w- c:\windows\system32\drivers\e1000325.sys
2009-09-27 12:03 . 2002-12-29 03:00 24064 ----a-w- c:\windows\system32\IntelNic.dll
2009-09-27 12:01 . 2009-09-27 12:07 -------- d-----w- c:\program files\Dell
2009-09-27 12:01 . 2005-11-23 09:43 18688 ----a-w- c:\windows\system32\drivers\omci.sys
2009-09-27 12:01 . 2009-09-27 12:01 -------- d-----w- c:\program files\Intel
2009-09-27 12:00 . 2009-09-27 12:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-27 12:00 . 2009-09-27 12:00 -------- d-----w- c:\program files\Common Files\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 17:41 . 2009-09-27 11:44 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-28 17:40 . 2009-09-27 11:44 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-27 12:12 . 2009-09-27 12:12 -------- d-----w- c:\program files\Alwil Software
2009-09-27 11:49 . 2009-09-27 11:49 -------- d-----w- c:\program files\microsoft frontpage
2009-09-15 10:59 . 2009-09-27 12:12 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-09-27 12:12 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-09-27 12:12 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-09-27 12:12 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-09-27 12:12 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-09-27 12:12 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-09-27 12:12 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-09-27 12:12 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-09-27 12:12 97480 ----a-w- c:\windows\system32\AvastSS.scr
.

((((((((((((((((((((((((((((( SnapShot@2009-09-28_21.09.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-30 16:34 . 2009-09-30 16:34 16384 c:\windows\Temp\Perflib_Perfdata_680.dat
+ 2009-09-30 15:56 . 2009-09-30 15:56 16384 c:\windows\Temp\Perflib_Perfdata_5e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/27/2009 14:12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/27/2009 14:12 20560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
wmpnetwk REG_MULTI_SZ WmpNetwk Wind
homelisten REG_MULTI_SZ HomeListen Home
.
Contents of the 'Scheduled Tasks' folder

2009-09-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-27 12:50]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ok3.114graph.com/msn/163.htm
FF - ProfilePath - c:\documents and settings\ermin\Application Data\Mozilla\Firefox\Profiles\t8akazwe.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-09-30 18:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3928-)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Completion time: 2009-09-30 18:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-30 16:37
ComboFix2.txt 2009-09-30 16:09

Pre-Run: 11.808.436.224 bytes free
Post-Run: 11.777.490.944 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
219

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Interesuje me gde si nasao prvi ComboFix log koji si mi ovde kopirao? Da ga nisi nasao u C:\ComboFix\

Ko je trenutno na forumu
 

Ukupno su 1396 korisnika na forumu :: 31 registrovanih, 3 sakrivenih i 1362 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: babaroga, bojank, ccoogg123, darkangel, Dimitrise93, DonRumataEstorski, dragoljub11987, Fabius, galijot, Goran 0000, hyla, ikan, jackreacher011011, Kruger, Leonov, Mcdado, Mercury, Milometer, milutin134, minmatar34957, mnn2, nenad81, NoOneEver Dreams, raptorsi, sasa87, Srle993, Trpe Grozni, vlad the impaler, Vlada1389, VP6919, yufighter