MyCity » Ambulanta -> Arhiva Ambulante » Trojan horse Packed.Protector.C

Trojan horse Packed.Protector.C

Napisano na dan: 10.12.2009
1

Trojan horse Packed.Protector.C
Sledeća strana Pagination

Idi na vrh

Poslao: 10 Dec 2009 14:44
Idi na vrh
offline
  • Pridružio: 03 Mar 2004
  • Poruke: 27

Molim vas za pomoc oko sledeceg. AVG mi je izbacio da je pronasao :Trojan horse Packed.Protector.C

AVG ne moze da ga ocisti ,kao ni Ad-Aware , Spybot - Search & Destroy,Malwarebytes' Anti-Malware,a-squared Free.

Ja sam svoje znanje ispucao pa bih molio za pomoc. Jako cesto se pojavljuju prozorcici koji konstatujuci virus,ne primecujem promene u radu racunara.
Imam kablovski internet brzine 512Kbs.Sa modema se prenosi bezicnim ruterom TP-Link.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Dusan at 11:11:36.79 on Thu 12/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2585 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\sentryPM\TokenManager\spmTMSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\windows\explorer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WFXSVC.EXE
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\TP-LINK\TP-LINK Draft N Wireless Client Utility\11NWCU.exe
C:\WINDOWS\system32\SafeSignCertReg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\sentryPM\TokenManager\spmTMcertManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\sentryPM\TokenManager\spmTMStatusMonitor.exe
C:\Documents and Settings\Dusan\Desktop\Karantin\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = [Link mogu videti samo ulogovani korisnici]
uSearchMigratedDefaultURL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = [Link mogu videti samo ulogovani korisnici]
uInternet Settings,ProxyServer = ftp=91.185.96.74:8080;http=91.185.96.74:8080;https=91.185.96.74:8080
uSearchAssistant = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
mSearchAssistant = [Link mogu videti samo ulogovani korisnici]
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mWinlogon: Shell=c:\windows\explorer.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WinAlarm] c:\program files\winalarm\WinAlarm.exe
mRun: [11NWCU] "c:\program files\tp-link\tp-link draft n wireless client utility\11NWCU.exe" -nogui
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [CertificateRegistration] SafeSignCertReg.exe
mRun: [jswtrayutil] "c:\program files\tp-link\tp-link wireless n client utility\jswtrayutil.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
StartupFolder: c:\documents and settings\dusan\start menu\programs\startup\siszyd32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\certif~1.lnk - c:\program files\sentrypm\tokenmanager\spmTMcertManager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tokenm~1.lnk - c:\windows\installer\{b4b92b76-0da6-4113-81f1-7b9b03cf9c3d}\_832A49388BF5A28D13058D.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [Link mogu videti samo ulogovani korisnici]
DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - [Link mogu videti samo ulogovani korisnici]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [Link mogu videti samo ulogovani korisnici]
DPF: {7136C6F0-DE59-4AD5-B4A3-CA8B779D035E} - [Link mogu videti samo ulogovani korisnici]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [Link mogu videti samo ulogovani korisnici]
DPF: {DC01983E-2FD5-4200-9C3A-755E86413172} - [Link mogu videti samo ulogovani korisnici]
TCP: {1A714912-79C7-4574-AE86-B877A6279F70} = 91.185.96.85
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: jkkHWmmM - jkkHWmmM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\symantec\winfax\WfxSeh32.Dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\pmnkJbXr
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dusan\applic~1\mozilla\firefox\profiles\z6maowk0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]|http://www.kurir-info.rs/
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\dusan\application data\mozilla\firefox\profiles\z6maowk0.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-9 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-23 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-7-28 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-23 108552]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-12-5 1858144]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-6 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-23 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2007-10-12 686592]
R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [2009-6-24 114304]
R3 ham50;Intel HaM Data Fax Voice;c:\windows\system32\drivers\ham50.sys [2007-11-7 365853]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-2-8 57344]
S2 gupdate1c998eff6a73ef2;Google Update Service (gupdate1c998eff6a73ef2);c:\program files\google\update\GoogleUpdate.exe [2009-2-27 133104]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Alivcwutfl;Alivcwutfl; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-7 1684736]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\tp-link\tp-link wireless n client utility\jswpsapi.exe [2009-2-8 352338]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2002-8-2 32512]
S3 S1dddac;S1dddac; [x]

=============== Created Last 30 ================

2009-12-09 20:25:41 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-07 20:25:07 358944 ----a-w- c:\windows\vncutil.exe
2009-12-07 20:25:04 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-12-07 20:25:04 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-12-07 20:25:03 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-12-07 20:25:03 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2009-12-07 20:17:21 0 d-----w- c:\docume~1\dusan\applic~1\Desktopicon
2009-12-07 19:00:12 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-05 19:23:58 0 d-----w- c:\program files\a-squared Free
2009-12-05 19:06:44 0 d-----w- c:\docume~1\dusan\applic~1\Malwarebytes
2009-12-05 19:06:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 19:06:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-05 19:06:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-05 19:06:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-03 17:22:52 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-03 17:22:45 4 ----a-w- c:\docume~1\dusan\applic~1\avdrn.dat
2009-11-20 13:45:16 0 d-----w- c:\program files\RAR Password Recovery Magic
2009-11-19 21:01:15 0 d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-11-11 08:38:17 23392 ----a-w- c:\windows\system32\nscompat.tlb
2009-11-11 08:38:17 16832 ----a-w- c:\windows\system32\amcompat.tlb
2009-11-10 17:28:36 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-10 17:28:36 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-10 17:28:28 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-11-10 17:28:28 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

==================== Find3M ====================

2009-12-09 20:36:36 185856 ----a-w- c:\windows\system32\wbem\framedyn.dll
2009-12-09 06:07:34 148768 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-01 11:10:14 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-20 16:00:38 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-11-17 19:27:14 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-11-17 19:27:14 1833504 ----a-w- c:\windows\SkyTel.exe
2009-11-17 19:27:08 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-11-17 19:27:08 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-11-17 19:27:02 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-11-17 19:26:56 2177568 ----a-w- c:\windows\MicCal.exe
2009-11-17 19:26:50 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-11-17 19:26:50 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-11-17 18:51:38 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-05 06:15:53 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-05 06:15:45 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-02 12:48:02 831488 ----a-w- c:\windows\RtlExUpd.dll
2006-03-20 13:37:52 5689344 ----a-w- c:\program files\mplayerc.exe
2009-01-07 22:10:18 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010720090108\index.dat

============= FINISH: 11:11:58.73 ===============


[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[url=http://www.mycity.rs/slika.php?slika=1175_45016165_untitled.JPG][img]http://www.mycity.rs/thumbs/1175_tmb_45016165_untitled.JPG[/img][/url]



Poslao: 10 Dec 2009 15:04
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8653
  • Gde živiš: Novi Beograd

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.



Poslao: 10 Dec 2009 17:28
Idi na vrh
offline
  • Pridružio: 03 Mar 2004
  • Poruke: 27

Upravo je skeniran sa ComboFix-om a dole je log.


ComboFix 09-12-09.04 - Dusan 12/10/2009 16:23:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2883 [GMT 1:00]
Running from: c:\documents and settings\Dusan\Desktop\Karantin\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dusan\Application Data\Desktopicon
c:\documents and settings\Dusan\Start Menu\Programs\Startup\siszyd32.exe
c:\program files\WinPCap
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\Uninstall.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\config\systemprofile\av_md.exe
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\drivers\atmapi.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wdjeylse.ini
c:\windows\system32\wpcap.dll
D:\AUTORUN.INF

Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 )))))))))))))))))))))))))))))))
.

2009-12-09 20:25 . 2009-12-09 20:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-07 20:25 . 2009-11-17 19:27 358944 ----a-w- c:\windows\vncutil.exe
2009-12-07 20:25 . 2009-11-17 19:27 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-12-07 20:25 . 2009-11-17 19:27 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-12-07 20:25 . 2008-08-05 19:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-12-07 20:25 . 2006-01-04 14:41 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2009-12-07 19:00 . 2009-12-07 19:00 -------- d-----w- c:\program files\Reference Assemblies
2009-12-07 19:00 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-07 17:55 . 2009-12-07 17:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-05 19:23 . 2009-12-07 14:14 -------- d-----w- c:\program files\a-squared Free
2009-12-05 19:06 . 2009-12-05 19:06 -------- d-----w- c:\documents and settings\Dusan\Application Data\Malwarebytes
2009-12-05 19:06 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 19:06 . 2009-12-05 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-05 19:06 . 2009-12-05 19:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 19:06 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-05 16:17 . 2009-12-05 16:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-03 17:22 . 2009-12-04 06:47 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-11-22 19:14 . 2009-11-22 19:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\TuneUp Software
2009-11-20 13:45 . 2009-11-23 18:00 -------- d-----w- c:\program files\RAR Password Recovery Magic
2009-11-19 21:01 . 2009-11-19 21:01 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-11-10 17:28 . 2008-04-13 23:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-10 17:28 . 2008-04-13 23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-10 17:28 . 2008-04-13 23:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-11-10 17:28 . 2008-04-13 23:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 15:10 . 2007-07-27 17:34 313936 -c--a-w- c:\documents and settings\Dusan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-09 20:36 . 2007-07-27 15:18 185856 ----a-w- c:\windows\system32\wbem\framedyn.dll
2009-12-09 20:34 . 2007-09-07 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-07 20:25 . 2007-07-27 15:34 -------- d-----w- c:\program files\Realtek
2009-12-07 19:08 . 2009-10-24 06:58 -------- d-----w- c:\program files\nLite
2009-12-07 18:18 . 2007-11-23 05:49 72686909 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-12-07 16:43 . 2008-05-22 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-05 18:15 . 2009-12-04 06:47 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-03 17:22 . 2009-12-03 17:22 4 ----a-w- c:\documents and settings\Dusan\Application Data\avdrn.dat
2009-12-01 18:31 . 2007-07-27 17:41 -------- d-----w- c:\program files\Google
2009-12-01 11:10 . 2007-07-28 17:08 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-29 13:48 . 2007-11-07 19:41 -------- d-----w- c:\program files\Symantec
2009-11-28 09:00 . 2007-08-03 23:28 -------- d-----w- c:\documents and settings\Dusan\Application Data\Skype
2009-11-28 08:57 . 2008-01-26 14:46 -------- d-----w- c:\documents and settings\Dusan\Application Data\skypePM
2009-11-25 21:03 . 2009-03-31 20:40 -------- d-----w- c:\program files\Magic Video Converter
2009-11-25 20:55 . 2009-06-22 19:54 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-11-25 20:55 . 2009-06-26 12:31 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-11-25 20:55 . 2009-06-26 12:31 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-11-25 20:55 . 2009-11-05 06:15 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\aawapi.dll
2009-11-25 20:55 . 2009-06-26 12:31 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-11-25 20:55 . 2009-06-01 19:48 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-11-25 20:55 . 2009-06-22 19:54 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Savapibridge.dll
2009-11-25 20:54 . 2009-06-01 19:44 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-11-25 20:54 . 2009-06-01 19:44 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-11-25 20:54 . 2009-06-26 12:31 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-11-25 20:54 . 2009-09-21 19:42 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2009-11-25 20:54 . 2009-06-26 12:31 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-11-25 20:54 . 2009-06-26 12:30 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-11-25 20:54 . 2009-06-22 19:50 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-11-25 20:54 . 2009-06-22 19:45 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-11-25 20:53 . 2009-06-22 19:44 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-11-20 16:00 . 2008-11-28 16:15 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-11-20 15:45 . 2007-07-27 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-11-17 21:37 . 2008-11-23 22:57 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-11-17 19:27 . 2007-07-27 15:34 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-11-17 19:27 . 2007-07-27 15:34 1833504 ----a-w- c:\windows\SkyTel.exe
2009-11-17 19:27 . 2007-07-27 15:34 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-11-17 19:27 . 2007-07-27 15:34 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-11-17 19:27 . 2007-07-27 15:34 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-11-17 19:26 . 2007-07-27 15:34 2177568 ----a-w- c:\windows\MicCal.exe
2009-11-17 19:26 . 2007-07-27 15:34 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-11-17 19:26 . 2007-07-27 15:34 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-11-17 18:51 . 2007-07-27 15:34 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-17 13:36 . 2008-02-22 12:42 80 -c-ha-r- c:\windows\ssystda.dat
2009-11-11 08:37 . 2007-07-29 12:02 -------- d-----w- c:\program files\DivX
2009-11-11 08:36 . 2009-11-06 15:17 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-11 08:28 . 2007-09-25 18:52 -------- d-----w- c:\program files\ElcomSoft
2009-11-05 06:15 . 2009-11-05 06:15 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-05 06:15 . 2009-11-05 06:15 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\SBREDrv.sys
2009-11-05 06:15 . 2009-11-05 06:15 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\sbap.dll
2009-11-05 06:15 . 2009-06-01 19:49 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-11-05 06:15 . 2009-02-09 21:41 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-05 06:15 . 2009-11-05 06:15 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\VipreBridge.dll
2009-11-05 06:15 . 2009-11-05 06:15 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Vipre.dll
2009-11-05 06:15 . 2009-11-05 06:15 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\SBTE.dll
2009-11-05 06:15 . 2009-11-05 06:15 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\SBRE.dll
2009-11-05 06:14 . 2009-06-26 12:31 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-11-04 20:45 . 2009-11-04 20:45 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-04 15:49 . 2008-05-29 20:47 313936 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-02 12:48 . 2007-07-27 15:33 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-10-25 16:11 . 2007-09-30 23:57 10 ----a-w- c:\windows\popcinfo.dat
2009-10-08 21:44 . 2009-10-08 21:44 177024 ----a-w- c:\documents and settings\Dusan\Application Data\Mozilla\Firefox\Profiles\z6maowk0.default\FlashGot.exe
2009-10-03 08:15 . 2009-11-04 20:45 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-09-23 12:55 . 2009-02-09 20:41 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-21 19:42 . 2009-09-21 19:42 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\WSCUpdate.dll
2009-09-21 19:42 . 2009-03-05 14:29 68640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\64\lbd.sys
2009-09-21 19:42 . 2009-03-05 14:28 303976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\64\AAWDriverTool.exe
2009-09-21 19:42 . 2009-06-22 19:47 640760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2006-03-20 13:37 . 2007-07-28 08:04 5689344 ----a-w- c:\program files\mplayerc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 08:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe -start" [X]
"11NWCU"="c:\program files\TP-LINK\TP-LINK Draft N Wireless Client Utility\11NWCU.exe -nogui" [X]
"snpstd"="c:\windows\vsnpstd.exe" [2006-08-23 339968]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-25 2029336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"WinAlarm"="c:\program files\WinAlarm\WinAlarm.exe" [2007-12-26 353280]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-25 788880]
"CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 28672]
"jswtrayutil"="c:\program files\TP-LINK\TP-LINK Wireless N Client Utility\jswtrayutil.exe" [2008-01-11 41045]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Certificate Manager.lnk - c:\program files\sentryPM\TokenManager\spmTMcertManager.exe [2005-9-24 45056]
Token Manager.lnk - c:\windows\Installer\{B4B92B76-0DA6-4113-81F1-7B9B03CF9C3D}\_832A49388BF5A28D13058D.exe [2009-7-25 26694]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-31 09:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHWmmM]
2004-08-04 01:07 24576 ----a-w- c:\windows\system32\jkkhwmmm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"WinFaxAppPortStarter"=wfxsnt40.exe
"FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/9/2009 21:41 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/21/2008 6:35 642560]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2008 0:13 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2008 0:13 108552]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [12/5/2009 20:23 1858144]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/6/2008 22:27 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/23/2008 0:13 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 12:17 1184912]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [10/12/2007 18:30 686592]
R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [6/24/2009 10:16 114304]
R3 ham50;Intel HaM Data Fax Voice;c:\windows\system32\drivers\ham50.sys [11/7/2007 20:22 365853]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2/8/2009 12:56 57344]
S2 gupdate1c998eff6a73ef2;Google Update Service (gupdate1c998eff6a73ef2);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2009 16:27 133104]
S3 Alivcwutfl;Alivcwutfl; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/7/2009 21:25 1684736]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\TP-LINK\TP-LINK Wireless N Client Utility\jswpsapi.exe [2/8/2009 12:56 352338]
S3 S1dddac;S1dddac; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = ftp=91.185.96.74:8080;http=91.185.96.74:8080;https=91.185.96.74:8080
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {1A714912-79C7-4574-AE86-B877A6279F70} = 91.185.96.85
DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - [Link mogu videti samo ulogovani korisnici]
DPF: {7136C6F0-DE59-4AD5-B4A3-CA8B779D035E} - [Link mogu videti samo ulogovani korisnici]
DPF: {DC01983E-2FD5-4200-9C3A-755E86413172} - [Link mogu videti samo ulogovani korisnici]
FF - ProfilePath - c:\documents and settings\Dusan\Application Data\Mozilla\Firefox\Profiles\z6maowk0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]|http://www.kurir-info.rs/
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Dusan\Application Data\Mozilla\Firefox\Profiles\z6maowk0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-12-10 16:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [Link mogu videti samo ulogovani korisnici]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8B03D5D0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8b03d5d0
\Driver\ACPI -> ACPI.sys @ 0xba677cb8
\Driver\atapi -> atapi.sys @ 0xba60cb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: TP-LINK Draft N Wireless Adapter -> SendCompleteHandler -> NDIS.sys @ 0xba4e4bd4
PacketIndicateHandler -> NDIS.sys @ 0xba4f0a21
SendHandler -> NDIS.sys @ 0xba4e4d44
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-926492609-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\4&31ad995d&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(Cool:01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1420)
c:\windows\system32\jkkHWmmM.dll
c:\windows\system32\spmcsp32.dll
c:\windows\system32\spmtkpin.dll
c:\windows\system32\spmp1132.dll
c:\windows\system32\spmTMlang.dll

- - - - - - - > 'explorer.exe'(2120)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\windows\system32\acs.exe
c:\program files\sentryPM\TokenManager\spmTMSvc.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\windows\system32\crypserv.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\WFXSVC.EXE
c:\program files\Symantec\WinFax\WFXMOD32.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\CNAB4RPK.EXE
c:\windows\system32\SafeSignCertReg.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-10 16:31:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-10 15:31

Pre-Run: 12,303,507,456 bytes free
Post-Run: 12,188,545,024 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - E21735ED38FBE5991354A8BAF829CFAD

Poslao: 11 Dec 2009 00:21
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8653
  • Gde živiš: Novi Beograd

Uploaduj mi:

c:\windows\system32\spmcsp32.dll

preko sledeceg linka:

[Link mogu videti samo ulogovani korisnici]

Poslao: 11 Dec 2009 13:26
Idi na vrh
offline
  • Pridružio: 03 Mar 2004
  • Poruke: 27

Sve je u redu fajl je otisao.

Poslao: 11 Dec 2009 13:39
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8653
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\fjhdyfhsn.bat
c:\documents and settings\NetworkService\Application Data\fvgqad.dat
c:\documents and settings\Dusan\Application Data\avdrn.dat
c:\windows\system32\jkkhwmmm.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHWmmM]

Driver::
Alivcwutfl
S1dddac




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 12 Dec 2009 08:07
Idi na vrh
offline
  • Pridružio: 03 Mar 2004
  • Poruke: 27

ComboFix 09-12-11.01 - Dusan 12/12/2009 0:37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2847 [GMT 1:00]
Running from: c:\documents and settings\Dusan\Desktop\Karantin\ComboFix.exe
Command switches used :: c:\documents and settings\Dusan\Desktop\Karantin\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Dusan\Application Data\avdrn.dat"
"c:\documents and settings\NetworkService\Application Data\fvgqad.dat"
"c:\windows\system32\fjhdyfhsn.bat"
"c:\windows\system32\jkkhwmmm.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dusan\Application Data\avdrn.dat
c:\documents and settings\NetworkService\Application Data\fvgqad.dat
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\jkkhwmmm.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALIVCWUTFL
-------\Service_Alivcwutfl
-------\Service_S1dddac


((((((((((((((((((((((((( Files Created from 2009-11-12 to 2009-12-12 )))))))))))))))))))))))))))))))
.

2009-12-09 20:25 . 2009-12-09 20:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-07 20:25 . 2009-11-17 19:27 358944 ----a-w- c:\windows\vncutil.exe
2009-12-07 20:25 . 2009-11-17 19:27 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-12-07 20:25 . 2009-11-17 19:27 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-12-07 20:25 . 2008-08-05 19:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-12-07 20:25 . 2006-01-04 14:41 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2009-12-07 19:00 . 2009-12-07 19:00 -------- d-----w- c:\program files\Reference Assemblies
2009-12-07 19:00 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-07 17:55 . 2009-12-07 17:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-05 19:23 . 2009-12-07 14:14 -------- d-----w- c:\program files\a-squared Free
2009-12-05 19:06 . 2009-12-05 19:06 -------- d-----w- c:\documents and settings\Dusan\Application Data\Malwarebytes
2009-12-05 19:06 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 19:06 . 2009-12-05 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-05 19:06 . 2009-12-05 19:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 19:06 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-05 16:17 . 2009-12-05 16:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-22 19:14 . 2009-11-22 19:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\TuneUp Software
2009-11-20 13:45 . 2009-11-23 18:00 -------- d-----w- c:\program files\RAR Password Recovery Magic
2009-11-19 21:01 . 2009-11-19 21:01 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 18:50 . 2008-05-22 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-10 15:10 . 2007-07-27 17:34 313936 -c--a-w- c:\documents and settings\Dusan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-09 20:36 . 2007-07-27 15:18 185856 ----a-w- c:\windows\system32\wbem\framedyn.dll
2009-12-09 20:34 . 2007-09-07 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-07 20:25 . 2007-07-27 15:34 -------- d-----w- c:\program files\Realtek
2009-12-07 19:08 . 2009-10-24 06:58 -------- d-----w- c:\program files\nLite
2009-12-07 18:18 . 2007-11-23 05:49 72686909 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-12-01 18:31 . 2007-07-27 17:41 -------- d-----w- c:\program files\Google
2009-12-01 11:10 . 2007-07-28 17:08 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-29 13:48 . 2007-11-07 19:41 -------- d-----w- c:\program files\Symantec
2009-11-28 09:00 . 2007-08-03 23:28 -------- d-----w- c:\documents and settings\Dusan\Application Data\Skype
2009-11-28 08:57 . 2008-01-26 14:46 -------- d-----w- c:\documents and settings\Dusan\Application Data\skypePM
2009-11-25 21:03 . 2009-03-31 20:40 -------- d-----w- c:\program files\Magic Video Converter
2009-11-25 20:55 . 2009-06-22 19:54 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-11-25 20:55 . 2009-06-26 12:31 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-11-25 20:55 . 2009-06-26 12:31 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-11-25 20:55 . 2009-11-05 06:15 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\aawapi.dll
2009-11-25 20:55 . 2009-06-26 12:31 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-11-25 20:55 . 2009-06-01 19:48 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-11-25 20:55 . 2009-06-22 19:54 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Savapibridge.dll
2009-11-25 20:54 . 2009-06-01 19:44 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-11-25 20:54 . 2009-06-01 19:44 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-11-25 20:54 . 2009-06-26 12:31 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-11-25 20:54 . 2009-09-21 19:42 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2009-11-25 20:54 . 2009-06-26 12:31 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-11-25 20:54 . 2009-06-26 12:30 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-11-25 20:54 . 2009-06-22 19:50 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-11-25 20:54 . 2009-06-22 19:45 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-11-25 20:53 . 2009-06-22 19:44 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-11-20 16:00 . 2008-11-28 16:15 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-11-20 15:45 . 2007-07-27 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-11-17 21:37 . 2008-11-23 22:57 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-11-17 19:27 . 2007-07-27 15:34 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-11-17 19:27 . 2007-07-27 15:34 1833504 ----a-w- c:\windows\SkyTel.exe
2009-11-17 19:27 . 2007-07-27 15:34 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-11-17 19:27 . 2007-07-27 15:34 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-11-17 19:27 . 2007-07-27 15:34 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-11-17 19:26 . 2007-07-27 15:34 2177568 ----a-w- c:\windows\MicCal.exe
2009-11-17 19:26 . 2007-07-27 15:34 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-11-17 19:26 . 2007-07-27 15:34 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-11-17 18:51 . 2007-07-27 15:34 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-17 13:36 . 2008-02-22 12:42 80 -c-ha-r- c:\windows\ssystda.dat
2009-11-11 08:37 . 2007-07-29 12:02 -------- d-----w- c:\program files\DivX
2009-11-11 08:36 . 2009-11-06 15:17 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-11 08:28 . 2007-09-25 18:52 -------- d-----w- c:\program files\ElcomSoft
2009-11-05 06:15 . 2009-11-05 06:15 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-05 06:15 . 2009-11-05 06:15 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\SBREDrv.sys
2009-11-05 06:15 . 2009-11-05 06:15 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\sbap.dll
2009-11-05 06:15 . 2009-06-01 19:49 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-11-05 06:15 . 2009-02-09 21:41 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-05 06:15 . 2009-11-05 06:15 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\VipreBridge.dll
2009-11-05 06:15 . 2009-11-05 06:15 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Vipre.dll
2009-11-05 06:15 . 2009-11-05 06:15 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\SBTE.dll
2009-11-05 06:15 . 2009-11-05 06:15 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\SBRE.dll
2009-11-05 06:14 . 2009-06-26 12:31 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-11-04 20:45 . 2009-11-04 20:45 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-04 15:49 . 2008-05-29 20:47 313936 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-02 12:48 . 2007-07-27 15:33 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-10-25 16:11 . 2007-09-30 23:57 10 ----a-w- c:\windows\popcinfo.dat
2009-10-08 21:44 . 2009-10-08 21:44 177024 ----a-w- c:\documents and settings\Dusan\Application Data\Mozilla\Firefox\Profiles\z6maowk0.default\FlashGot.exe
2009-10-03 08:15 . 2009-11-04 20:45 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-09-23 12:55 . 2009-02-09 20:41 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-21 19:42 . 2009-09-21 19:42 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\WSCUpdate.dll
2009-09-21 19:42 . 2009-03-05 14:29 68640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\64\lbd.sys
2009-09-21 19:42 . 2009-03-05 14:28 303976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\64\AAWDriverTool.exe
2009-09-21 19:42 . 2009-06-22 19:47 640760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2006-03-20 13:37 . 2007-07-28 08:04 5689344 ----a-w- c:\program files\mplayerc.exe
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-11 23:43 . 2009-12-11 23:43 16384 c:\windows\Temp\Perflib_Perfdata_42c.dat
+ 2007-08-18 09:23 . 2009-12-11 06:35 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2007-08-18 09:23 . 2009-08-27 09:03 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-07-27 15:20 . 2009-08-06 18:23 209624 c:\windows\system32\wuweb.dll
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-07-27 15:20 . 2009-08-06 18:23 209624 c:\windows\system32\dllcache\wuweb.dll
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 08:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"snpstd"="c:\windows\vsnpstd.exe" [2006-08-23 339968]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-25 2029336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"WinAlarm"="c:\program files\WinAlarm\WinAlarm.exe" [2007-12-26 353280]
"11NWCU"="c:\program files\TP-LINK\TP-LINK Draft N Wireless Client Utility\11NWCU.exe" [2007-08-21 499852]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-25 788880]
"CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 28672]
"jswtrayutil"="c:\program files\TP-LINK\TP-LINK Wireless N Client Utility\jswtrayutil.exe" [2008-01-11 41045]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Certificate Manager.lnk - c:\program files\sentryPM\TokenManager\spmTMcertManager.exe [2005-9-24 45056]
Token Manager.lnk - c:\windows\Installer\{B4B92B76-0DA6-4113-81F1-7B9B03CF9C3D}\_832A49388BF5A28D13058D.exe [2009-7-25 26694]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-31 09:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"WinFaxAppPortStarter"=wfxsnt40.exe
"FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/9/2009 21:41 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/21/2008 6:35 642560]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2008 0:13 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2008 0:13 108552]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [12/5/2009 20:23 1858144]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/6/2008 22:27 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/23/2008 0:13 297752]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [10/12/2007 18:30 686592]
R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [6/24/2009 10:16 114304]
R3 ham50;Intel HaM Data Fax Voice;c:\windows\system32\drivers\ham50.sys [11/7/2007 20:22 365853]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2/8/2009 12:56 57344]
S2 gupdate1c998eff6a73ef2;Google Update Service (gupdate1c998eff6a73ef2);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2009 16:27 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 12:17 1184912]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/7/2009 21:25 1684736]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\TP-LINK\TP-LINK Wireless N Client Utility\jswpsapi.exe [2/8/2009 12:56 352338]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = ftp=91.185.96.74:8080;http=91.185.96.74:8080;https=91.185.96.74:8080
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {1A714912-79C7-4574-AE86-B877A6279F70} = 91.185.96.85
DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - [Link mogu videti samo ulogovani korisnici]
DPF: {7136C6F0-DE59-4AD5-B4A3-CA8B779D035E} - [Link mogu videti samo ulogovani korisnici]
DPF: {DC01983E-2FD5-4200-9C3A-755E86413172} - [Link mogu videti samo ulogovani korisnici]
FF - ProfilePath - c:\documents and settings\Dusan\Application Data\Mozilla\Firefox\Profiles\z6maowk0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]|http://www.kurir-info.rs/
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Dusan\Application Data\Mozilla\Firefox\Profiles\z6maowk0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-12-12 07:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [Link mogu videti samo ulogovani korisnici]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8B03D5D0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8b03d5d0
\Driver\ACPI -> ACPI.sys @ 0xba677cb8
\Driver\atapi -> atapi.sys @ 0xba60cb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: TP-LINK Draft N Wireless Adapter -> SendCompleteHandler -> NDIS.sys @ 0xba4e4bd4
PacketIndicateHandler -> NDIS.sys @ 0xba4f0a21
SendHandler -> NDIS.sys @ 0xba4e4d44
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-926492609-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\4&31ad995d&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(Cool:01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1420)
c:\windows\system32\l3codeca.acm
c:\windows\system32\divxa32.acm
c:\windows\system32\vorbis.acm
c:\windows\system32\lameACM.acm
c:\windows\system32\IEFRAME.dll

- - - - - - - > 'explorer.exe'(3956)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\windows\system32\crypserv.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\WFXSVC.EXE
c:\program files\Symantec\WinFax\WFXMOD32.EXE
c:\windows\system32\CNAB4RPK.EXE
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\SafeSignCertReg.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2009-12-12 08:00:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-12 07:00
ComboFix2.txt 2009-12-10 15:31

Pre-Run: 12,164,079,616 bytes free
Post-Run: 13,083,648,000 bytes free

- - End Of File - - 263C183AD4E6E2D662FF736878BDB123

Poslao: 12 Dec 2009 09:56
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8653
  • Gde živiš: Novi Beograd

Kakvo je sad stanje?

Poslao: 12 Dec 2009 12:55
Idi na vrh
offline
  • Pridružio: 03 Mar 2004
  • Poruke: 27

Upravo sam procesljao AVG-om C:\WINDOWS folder i nista nje pronadjeno.
Hvala. Predpostavljam da mogu da sklonim folder sa log.-ovima i sam ComboFix. Procitao sam na ovom forumu da ga ne treba koristiti samostalno pa se pridrzavam preporuke.
Najlepse hvala na trudu, vremenu i pomoci.
Pozdrav

Poslao: 12 Dec 2009 13:02
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8653
  • Gde živiš: Novi Beograd

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

MyCity » Ambulanta -> Arhiva Ambulante » Trojan horse Packed.Protector.C

Ko je trenutno na forumu
 

Ukupno su 2295 korisnika na forumu :: 40 registrovanih, 7 sakrivenih i 2248 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 10x10.9, abramac, aramis s, Avalon015, Banovo Brdo, bbogdan, Bubi, Crazzer, Darth Wader, dejno, ds69, Ir, Jablan, Jaz, Jeremiah, Jonbonjovi, ladro, Lance Guest, ljuba.b, luka35, M74AB3, Marko1238, metallac777, mile33, miso2709, operniki, Orc, paja69, RecA, Sass Drake, ShtagodShtagod, slowhand, Tafocus, Troja, Trpe Grozni, Veless, Velizar Laro, x011, Zoran1959, zvomar